diff --git a/.editorconfig b/.editorconfig
index f5df33889e6b88eccf3d4f5a5f6eb95bdb8210f7..f272739f240aa6043227de71c3fe259f8e7b40c9 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,8 +13,8 @@ charset = utf-8
# see https://nixos.org/nixpkgs/manual/#chap-conventions
-# Match nix/ruby files, set indent to spaces with width of two
-[*.{nix,rb}]
+# Match nix/ruby/docbook files, set indent to spaces with width of two
+[*.{nix,rb,xml}]
indent_style = space
indent_size = 2
@@ -26,7 +26,3 @@ indent_size = 4
# Match diffs, avoid to trim trailing whitespace
[*.{diff,patch}]
trim_trailing_whitespace = false
-
-# https://github.com/NixOS/nixpkgs/pull/39336#discussion_r183387754
-[.version]
-insert_final_newline = false
diff --git a/.version b/.version
index c1b80a502792607f5461c80fe469fedee6c2f679..770bde1f44b3d407b56396ef4614d70990bd08a1 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-18.09
\ No newline at end of file
+18.09
diff --git a/doc/Makefile b/doc/Makefile
index 0ddae8631f3cade387c96617d37a0633046226b7..8a4612e95f193b75a13db91ebafdb8d8c23ebe5e 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -1,12 +1,17 @@
MD_TARGETS=$(addsuffix .xml, $(basename $(wildcard ./*.md ./**/*.md)))
.PHONY: all
-all: validate out/html/index.html out/epub/manual.epub
+all: validate format out/html/index.html out/epub/manual.epub
.PHONY: debug
debug:
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"
+.PHONY: format
+format:
+ find . -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
+ xmlformat --config-file "$$XMLFORMAT_CONFIG" -i {}
+
.PHONY: clean
clean:
rm -f ${MD_TARGETS} .version manual-full.xml
@@ -64,7 +69,7 @@ manual-full.xml: ${MD_TARGETS} .version *.xml
.version:
nix-instantiate --eval \
- -E '(import ../lib).nixpkgsVersion' > .version
+ -E '(import ../lib).version' > .version
%.section.xml: %.section.md
pandoc $^ -w docbook+smart \
diff --git a/doc/coding-conventions.xml b/doc/coding-conventions.xml
index d556c7ebe1ed40908b9a7032f0d839593d583cf2..f244c11d4f204e9ee5f044b9c389527ffad41ca1 100644
--- a/doc/coding-conventions.xml
+++ b/doc/coding-conventions.xml
@@ -1,56 +1,59 @@
-
-Coding conventions
-
-
-Syntax
-
-
-
- Use 2 spaces of indentation per indentation level in
- Nix expressions, 4 spaces in shell scripts.
-
- Do not use tab characters, i.e. configure your
- editor to use soft tabs. For instance, use (setq-default
- indent-tabs-mode nil) in Emacs. Everybody has different
- tab settings so it’s asking for trouble.
-
- Use lowerCamelCase for variable
- names, not UpperCamelCase. Note, this rule does
- not apply to package attribute names, which instead follow the rules
- in .
-
- Function calls with attribute set arguments are
- written as
-
+ Coding conventions
+
+ Syntax
+
+
+
+
+ Use 2 spaces of indentation per indentation level in Nix expressions, 4
+ spaces in shell scripts.
+
+
+
+
+ Do not use tab characters, i.e. configure your editor to use soft tabs.
+ For instance, use (setq-default indent-tabs-mode nil)
+ in Emacs. Everybody has different tab settings so it’s asking for
+ trouble.
+
+
+
+
+ Use lowerCamelCase for variable names, not
+ UpperCamelCase. Note, this rule does not apply to
+ package attribute names, which instead follow the rules in
+ .
+
+
+
+
+ Function calls with attribute set arguments are written as
foo {
arg = ...;
}
-
- not
-
+ not
foo
{
arg = ...;
}
-
- Also fine is
-
+ Also fine is
foo { arg = ...; }
-
- if it's a short call.
-
- In attribute sets or lists that span multiple lines,
- the attribute names or list elements should be aligned:
-
+ if it's a short call.
+
+
+
+
+ In attribute sets or lists that span multiple lines, the attribute names
+ or list elements should be aligned:
# A long list.
list =
@@ -73,12 +76,11 @@ attrs = {
if true then big_expr else big_expr;
};
-
-
-
- Short lists or attribute sets can be written on one
- line:
-
+
+
+
+
+ Short lists or attribute sets can be written on one line:
# A short list.
list = [ elem1 elem2 elem3 ];
@@ -86,66 +88,58 @@ list = [ elem1 elem2 elem3 ];
# A short set.
attrs = { x = 1280; y = 1024; };
-
-
-
- Breaking in the middle of a function argument can
- give hard-to-read code, like
-
+
+
+
+
+ Breaking in the middle of a function argument can give hard-to-read code,
+ like
someFunction { x = 1280;
y = 1024; } otherArg
yetAnotherArg
-
- (especially if the argument is very large, spanning multiple
- lines).
-
- Better:
-
+ (especially if the argument is very large, spanning multiple lines).
+
+
+ Better:
someFunction
{ x = 1280; y = 1024; }
otherArg
yetAnotherArg
-
- or
-
+ or
let res = { x = 1280; y = 1024; };
in someFunction res otherArg yetAnotherArg
-
-
-
- The bodies of functions, asserts, and withs are not
- indented to prevent a lot of superfluous indentation levels, i.e.
-
+
+
+
+
+ The bodies of functions, asserts, and withs are not indented to prevent a
+ lot of superfluous indentation levels, i.e.
{ arg1, arg2 }:
assert system == "i686-linux";
stdenv.mkDerivation { ...
-
- not
-
+ not
{ arg1, arg2 }:
assert system == "i686-linux";
stdenv.mkDerivation { ...
-
-
-
- Function formal arguments are written as:
-
+
+
+
+
+ Function formal arguments are written as:
{ arg1, arg2, arg3 }:
-
- but if they don't fit on one line they're written as:
-
+ but if they don't fit on one line they're written as:
{ arg1, arg2, arg3
, arg4, ...
@@ -153,35 +147,28 @@ stdenv.mkDerivation { ...
argN
}:
-
-
-
- Functions should list their expected arguments as
- precisely as possible. That is, write
-
+
+
+
+
+ Functions should list their expected arguments as precisely as possible.
+ That is, write
{ stdenv, fetchurl, perl }: ...
-
- instead of
-
+ instead of
args: with args; ...
-
- or
-
+ or
{ stdenv, fetchurl, perl, ... }: ...
-
-
-
- For functions that are truly generic in the number of
- arguments (such as wrappers around mkDerivation)
- that have some required arguments, you should write them using an
- @-pattern:
-
+
+
+ For functions that are truly generic in the number of arguments (such as
+ wrappers around mkDerivation) that have some required
+ arguments, you should write them using an @-pattern:
{ stdenv, doCoverageAnalysis ? false, ... } @ args:
@@ -189,9 +176,7 @@ stdenv.mkDerivation (args // {
... if doCoverageAnalysis then "bla" else "" ...
})
-
- instead of
-
+ instead of
args:
@@ -199,432 +184,557 @@ args.stdenv.mkDerivation (args // {
... if args ? doCoverageAnalysis && args.doCoverageAnalysis then "bla" else "" ...
})
+
+
+
+
+
+ Package naming
-
-
-
-
-
-
-
-Package naming
-
-In Nixpkgs, there are generally three different names associated with a package:
-
-
-
- The name attribute of the
- derivation (excluding the version part). This is what most users
- see, in particular when using
- nix-env.
-
- The variable name used for the instantiated package
- in all-packages.nix, and when passing it as a
- dependency to other functions. Typically this is called the
- package attribute name. This is what Nix
- expression authors see. It can also be used when installing using
- nix-env -iA.
-
- The filename for (the directory containing) the Nix
- expression.
-
-
-
-Most of the time, these are the same. For instance, the package
-e2fsprogs has a name attribute
-"e2fsprogs-version", is
-bound to the variable name e2fsprogs in
-all-packages.nix, and the Nix expression is in
-pkgs/os-specific/linux/e2fsprogs/default.nix.
-
-
-There are a few naming guidelines:
-
-
-
- Generally, try to stick to the upstream package
- name.
-
- Don’t use uppercase letters in the
- name attribute — e.g.,
- "mplayer-1.0rc2" instead of
- "MPlayer-1.0rc2".
-
- The version part of the name
- attribute must start with a digit (following a
- dash) — e.g., "hello-0.3.1rc2".
-
- If a package is not a release but a commit from a repository, then
- the version part of the name must be the date of that
- (fetched) commit. The date must be in "YYYY-MM-DD" format.
- Also append "unstable" to the name - e.g.,
- "pkgname-unstable-2014-09-23".
-
- Dashes in the package name should be preserved in
- new variable names, rather than converted to underscores or camel
- cased — e.g., http-parser instead of
- http_parser or httpParser. The
- hyphenated style is preferred in all three package
- names.
-
- If there are multiple versions of a package, this
- should be reflected in the variable names in
- all-packages.nix,
- e.g. json-c-0-9 and json-c-0-11.
- If there is an obvious “default” version, make an attribute like
- json-c = json-c-0-9;.
- See also
-
-
-
-
-
-
-
-
-File naming and organisation
-
-Names of files and directories should be in lowercase, with
-dashes between words — not in camel case. For instance, it should be
-all-packages.nix, not
-allPackages.nix or
-AllPackages.nix.
-
-Hierarchy
-
-Each package should be stored in its own directory somewhere in
-the pkgs/ tree, i.e. in
-pkgs/category/subcategory/.../pkgname.
-Below are some rules for picking the right category for a package.
-Many packages fall under several categories; what matters is the
-primary purpose of a package. For example, the
-libxml2 package builds both a library and some
-tools; but it’s a library foremost, so it goes under
-pkgs/development/libraries.
-
-When in doubt, consider refactoring the
-pkgs/ tree, e.g. creating new categories or
-splitting up an existing category.
-
-
-
- If it’s used to support software development:
+
+ In Nixpkgs, there are generally three different names associated with a
+ package:
+
-
-
- If it’s a library used by other packages:
-
- development/libraries (e.g. libxml2)
-
-
-
- If it’s a compiler:
-
- development/compilers (e.g. gcc)
-
-
-
- If it’s an interpreter:
-
- development/interpreters (e.g. guile)
-
-
-
- If it’s a (set of) development tool(s):
-
-
-
- If it’s a parser generator (including lexers):
-
- development/tools/parsing (e.g. bison, flex)
-
-
-
- If it’s a build manager:
-
- development/tools/build-managers (e.g. gnumake)
-
-
-
- Else:
-
- development/tools/misc (e.g. binutils)
-
-
-
-
-
-
- Else:
-
- development/misc
-
-
-
+
+ The name attribute of the derivation (excluding the
+ version part). This is what most users see, in particular when using
+ nix-env.
+
-
-
- If it’s a (set of) tool(s):
- (A tool is a relatively small program, especially one intended
- to be used non-interactively.)
-
-
- If it’s for networking:
-
- tools/networking (e.g. wget)
-
-
-
- If it’s for text processing:
-
- tools/text (e.g. diffutils)
-
-
-
- If it’s a system utility, i.e.,
- something related or essential to the operation of a
- system:
-
- tools/system (e.g. cron)
-
-
-
- If it’s an archiver (which may
- include a compression function):
-
- tools/archivers (e.g. zip, tar)
-
-
-
- If it’s a compression program:
-
- tools/compression (e.g. gzip, bzip2)
-
-
-
- If it’s a security-related program:
-
- tools/security (e.g. nmap, gnupg)
-
-
-
- Else:
-
- tools/misc
-
-
-
+
+ The variable name used for the instantiated package in
+ all-packages.nix, and when passing it as a
+ dependency to other functions. Typically this is called the
+ package attribute name. This is what Nix expression
+ authors see. It can also be used when installing using nix-env
+ -iA.
+
-
-
- If it’s a shell:
- shells (e.g. bash)
+
+ The filename for (the directory containing) the Nix expression.
+
-
-
- If it’s a server:
+
+ Most of the time, these are the same. For instance, the package
+ e2fsprogs has a name attribute
+ "e2fsprogs-version", is bound
+ to the variable name e2fsprogs in
+ all-packages.nix, and the Nix expression is in
+ pkgs/os-specific/linux/e2fsprogs/default.nix.
+
+
+
+ There are a few naming guidelines:
+
-
-
- If it’s a web server:
-
- servers/http (e.g. apache-httpd)
-
-
-
- If it’s an implementation of the X Windowing System:
-
- servers/x11 (e.g. xorg — this includes the client libraries and programs)
-
-
-
- Else:
-
- servers/misc
-
-
-
+
+ Generally, try to stick to the upstream package name.
+
-
-
- If it’s a desktop environment:
- desktops (e.g. kde, gnome, enlightenment)
+
+ Don’t use uppercase letters in the name attribute
+ — e.g., "mplayer-1.0rc2" instead of
+ "MPlayer-1.0rc2".
+
-
-
- If it’s a window manager:
- applications/window-managers (e.g. awesome, stumpwm)
+
+ The version part of the name attribute
+ must start with a digit (following a dash) — e.g.,
+ "hello-0.3.1rc2".
+
-
-
- If it’s an application:
- A (typically large) program with a distinct user
- interface, primarily used interactively.
-
-
- If it’s a version management system:
-
- applications/version-management (e.g. subversion)
-
-
-
- If it’s for video playback / editing:
-
- applications/video (e.g. vlc)
-
-
-
- If it’s for graphics viewing / editing:
-
- applications/graphics (e.g. gimp)
-
-
-
- If it’s for networking:
-
-
-
- If it’s a mailreader:
-
- applications/networking/mailreaders (e.g. thunderbird)
-
-
-
- If it’s a newsreader:
-
- applications/networking/newsreaders (e.g. pan)
-
-
-
- If it’s a web browser:
-
- applications/networking/browsers (e.g. firefox)
-
-
-
- Else:
-
- applications/networking/misc
-
-
-
-
-
-
- Else:
-
- applications/misc
-
-
-
+
+ If a package is not a release but a commit from a repository, then the
+ version part of the name must be the date of that
+ (fetched) commit. The date must be in "YYYY-MM-DD"
+ format. Also append "unstable" to the name - e.g.,
+ "pkgname-unstable-2014-09-23".
+
-
-
- If it’s data (i.e., does not have a
- straight-forward executable semantics):
-
-
- If it’s a font:
-
- data/fonts
-
-
-
- If it’s related to SGML/XML processing:
-
-
-
- If it’s an XML DTD:
-
- data/sgml+xml/schemas/xml-dtd (e.g. docbook)
-
-
-
- If it’s an XSLT stylesheet:
-
- (Okay, these are executable...)
- data/sgml+xml/stylesheets/xslt (e.g. docbook-xsl)
-
-
-
-
-
-
+
+ Dashes in the package name should be preserved in new variable names,
+ rather than converted to underscores or camel cased — e.g.,
+ http-parser instead of http_parser
+ or httpParser. The hyphenated style is preferred in
+ all three package names.
+
-
-
- If it’s a game:
- games
+
+ If there are multiple versions of a package, this should be reflected in
+ the variable names in all-packages.nix, e.g.
+ json-c-0-9 and json-c-0-11. If
+ there is an obvious “default” version, make an attribute like
+ json-c = json-c-0-9;. See also
+
+
-
-
- Else:
-
- misc
-
-
-
-
-
-
-Versioning
-
-Because every version of a package in Nixpkgs creates a
-potential maintenance burden, old versions of a package should not be
-kept unless there is a good reason to do so. For instance, Nixpkgs
-contains several versions of GCC because other packages don’t build
-with the latest version of GCC. Other examples are having both the
-latest stable and latest pre-release version of a package, or to keep
-several major releases of an application that differ significantly in
-functionality.
-
-If there is only one version of a package, its Nix expression
-should be named e2fsprogs/default.nix. If there
-are multiple versions, this should be reflected in the filename,
-e.g. e2fsprogs/1.41.8.nix and
-e2fsprogs/1.41.9.nix. The version in the
-filename should leave out unnecessary detail. For instance, if we
-keep the latest Firefox 2.0.x and 3.5.x versions in Nixpkgs, they
-should be named firefox/2.0.nix and
-firefox/3.5.nix, respectively (which, at a given
-point, might contain versions 2.0.0.20 and
-3.5.4). If a version requires many auxiliary
-files, you can use a subdirectory for each version,
-e.g. firefox/2.0/default.nix and
-firefox/3.5/default.nix.
+
+
+
+
+ File naming and organisation
-All versions of a package must be included
-in all-packages.nix to make sure that they
-evaluate correctly.
+
+ Names of files and directories should be in lowercase, with dashes between
+ words — not in camel case. For instance, it should be
+ all-packages.nix, not
+ allPackages.nix or
+ AllPackages.nix.
+
-
+
+ Hierarchy
+
+
+ Each package should be stored in its own directory somewhere in the
+ pkgs/ tree, i.e. in
+ pkgs/category/subcategory/.../pkgname.
+ Below are some rules for picking the right category for a package. Many
+ packages fall under several categories; what matters is the
+ primary purpose of a package. For example, the
+ libxml2 package builds both a library and some tools;
+ but it’s a library foremost, so it goes under
+ pkgs/development/libraries.
+
+
+
+ When in doubt, consider refactoring the pkgs/ tree,
+ e.g. creating new categories or splitting up an existing category.
+
+
+
+
+ If it’s used to support software development:
+
+
+
+ If it’s a library used by other packages:
+
+
+ development/libraries (e.g.
+ libxml2)
+
+
+
+
+ If it’s a compiler:
+
+
+ development/compilers (e.g.
+ gcc)
+
+
+
+
+ If it’s an interpreter:
+
+
+ development/interpreters (e.g.
+ guile)
+
+
+
+
+ If it’s a (set of) development tool(s):
+
+
+
+ If it’s a parser generator (including lexers):
+
+
+ development/tools/parsing (e.g.
+ bison, flex)
+
+
+
+
+ If it’s a build manager:
+
+
+ development/tools/build-managers (e.g.
+ gnumake)
+
+
+
+
+ Else:
+
+
+ development/tools/misc (e.g.
+ binutils)
+
+
+
+
+
+
+
+ Else:
+
+
+ development/misc
+
+
+
+
+
+
+
+ If it’s a (set of) tool(s):
+
+
+ (A tool is a relatively small program, especially one intended to be
+ used non-interactively.)
+
+
+
+ If it’s for networking:
+
+
+ tools/networking (e.g.
+ wget)
+
+
+
+
+ If it’s for text processing:
+
+
+ tools/text (e.g. diffutils)
+
+
+
+
+ If it’s a system utility, i.e.,
+ something related or essential to the operation of a
+ system:
+
+
+ tools/system (e.g. cron)
+
+
+
+
+ If it’s an archiver (which may
+ include a compression function):
+
+
+ tools/archivers (e.g. zip,
+ tar)
+
+
+
+
+ If it’s a compression program:
+
+
+ tools/compression (e.g.
+ gzip, bzip2)
+
+
+
+
+ If it’s a security-related program:
+
+
+ tools/security (e.g. nmap,
+ gnupg)
+
+
+
+
+ Else:
+
+
+ tools/misc
+
+
+
+
+
+
+
+ If it’s a shell:
+
+
+ shells (e.g. bash)
+
+
+
+
+ If it’s a server:
+
+
+
+ If it’s a web server:
+
+
+ servers/http (e.g.
+ apache-httpd)
+
+
+
+
+ If it’s an implementation of the X Windowing System:
+
+
+ servers/x11 (e.g. xorg —
+ this includes the client libraries and programs)
+
+
+
+
+ Else:
+
+
+ servers/misc
+
+
+
+
+
+
+
+ If it’s a desktop environment:
+
+
+ desktops (e.g. kde,
+ gnome, enlightenment)
+
+
+
+
+ If it’s a window manager:
+
+
+ applications/window-managers (e.g.
+ awesome, stumpwm)
+
+
+
+
+ If it’s an application:
+
+
+ A (typically large) program with a distinct user interface, primarily
+ used interactively.
+
+
+
+ If it’s a version management system:
+
+
+ applications/version-management (e.g.
+ subversion)
+
+
+
+
+ If it’s for video playback / editing:
+
+
+ applications/video (e.g.
+ vlc)
+
+
+
+
+ If it’s for graphics viewing / editing:
+
+
+ applications/graphics (e.g.
+ gimp)
+
+
+
+
+ If it’s for networking:
+
+
+
+ If it’s a mailreader:
+
+
+ applications/networking/mailreaders (e.g.
+ thunderbird)
+
+
+
+
+ If it’s a newsreader:
+
+
+ applications/networking/newsreaders (e.g.
+ pan)
+
+
+
+
+ If it’s a web browser:
+
+
+ applications/networking/browsers (e.g.
+ firefox)
+
+
+
+
+ Else:
+
+
+ applications/networking/misc
+
+
+
+
+
+
+
+ Else:
+
+
+ applications/misc
+
+
+
+
+
+
+
+ If it’s data (i.e., does not have a
+ straight-forward executable semantics):
+
+
+
+ If it’s a font:
+
+
+ data/fonts
+
+
+
+
+ If it’s related to SGML/XML processing:
+
+
+
+ If it’s an XML DTD:
+
+
+ data/sgml+xml/schemas/xml-dtd (e.g.
+ docbook)
+
+
+
+
+ If it’s an XSLT stylesheet:
+
+
+ (Okay, these are executable...)
+
+
+ data/sgml+xml/stylesheets/xslt (e.g.
+ docbook-xsl)
+
+
+
+
+
+
+
+
+
+
+ If it’s a game:
+
+
+ games
+
+
+
+
+ Else:
+
+
+ misc
+
+
+
+
+
+
+
+ Versioning
+
+
+ Because every version of a package in Nixpkgs creates a potential
+ maintenance burden, old versions of a package should not be kept unless
+ there is a good reason to do so. For instance, Nixpkgs contains several
+ versions of GCC because other packages don’t build with the latest
+ version of GCC. Other examples are having both the latest stable and latest
+ pre-release version of a package, or to keep several major releases of an
+ application that differ significantly in functionality.
+
+
+
+ If there is only one version of a package, its Nix expression should be
+ named e2fsprogs/default.nix. If there are multiple
+ versions, this should be reflected in the filename, e.g.
+ e2fsprogs/1.41.8.nix and
+ e2fsprogs/1.41.9.nix. The version in the filename
+ should leave out unnecessary detail. For instance, if we keep the latest
+ Firefox 2.0.x and 3.5.x versions in Nixpkgs, they should be named
+ firefox/2.0.nix and
+ firefox/3.5.nix, respectively (which, at a given
+ point, might contain versions 2.0.0.20 and
+ 3.5.4). If a version requires many auxiliary files, you
+ can use a subdirectory for each version, e.g.
+ firefox/2.0/default.nix and
+ firefox/3.5/default.nix.
+
+
+
+ All versions of a package must be included in
+ all-packages.nix to make sure that they evaluate
+ correctly.
+
+
+
+
+ Fetching Sources
-
-Fetching Sources
- There are multiple ways to fetch a package source in nixpkgs. The
- general guideline is that you should package sources with a high degree of
- availability. Right now there is only one fetcher which has mirroring
- support and that is fetchurl. Note that you should also
- prefer protocols which have a corresponding proxy environment variable.
+
+ There are multiple ways to fetch a package source in nixpkgs. The general
+ guideline is that you should package sources with a high degree of
+ availability. Right now there is only one fetcher which has mirroring
+ support and that is fetchurl. Note that you should also
+ prefer protocols which have a corresponding proxy environment variable.
- You can find many source fetch helpers in pkgs/build-support/fetch*.
+
+
+ You can find many source fetch helpers in
+ pkgs/build-support/fetch*.
- In the file pkgs/top-level/all-packages.nix you can
- find fetch helpers, these have names on the form
- fetchFrom*. The intention of these are to provide
- snapshot fetches but using the same api as some of the version controlled
- fetchers from pkgs/build-support/. As an example going
- from bad to good:
-
-
- Bad: Uses git:// which won't be proxied.
+
+
+ In the file pkgs/top-level/all-packages.nix you can find
+ fetch helpers, these have names on the form fetchFrom*.
+ The intention of these are to provide snapshot fetches but using the same
+ api as some of the version controlled fetchers from
+ pkgs/build-support/. As an example going from bad to
+ good:
+
+
+
+ Bad: Uses git:// which won't be proxied.
src = fetchgit {
url = "git://github.com/NixOS/nix.git";
@@ -632,10 +742,11 @@ src = fetchgit {
sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg";
}
-
-
-
- Better: This is ok, but an archive fetch will still be faster.
+
+
+
+
+ Better: This is ok, but an archive fetch will still be faster.
src = fetchgit {
url = "https://github.com/NixOS/nix.git";
@@ -643,10 +754,11 @@ src = fetchgit {
sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg";
}
-
-
-
- Best: Fetches a snapshot archive and you get the rev you want.
+
+
+
+
+ Best: Fetches a snapshot archive and you get the rev you want.
src = fetchFromGitHub {
owner = "NixOS";
@@ -655,15 +767,19 @@ src = fetchFromGitHub {
sha256 = "04yri911rj9j19qqqn6m82266fl05pz98inasni0vxr1cf1gdgv9";
}
-
-
-
+
+
+
+
+
+
+ Patches
+
+
+ Patches available online should be retrieved using
+ fetchpatch.
-
-Patches
- Patches available online should be retrieved using
- fetchpatch.
patches = [
@@ -675,30 +791,54 @@ patches = [
];
- Otherwise, you can add a .patch file to the
- nixpkgs repository. In the interest of keeping our
- maintenance burden to a minimum, only patches that are unique
- to nixpkgs should be added in this way.
-
+
+
+ Otherwise, you can add a .patch file to the
+ nixpkgs repository. In the interest of keeping our
+ maintenance burden to a minimum, only patches that are unique to
+ nixpkgs should be added in this way.
+
+
+
+
patches = [ ./0001-changes.patch ];
-
- If you do need to do create this sort of patch file,
- one way to do so is with git:
-
- Move to the root directory of the source code
- you're patching.
-$ cd the/program/source
- If a git repository is not already present,
- create one and stage all of the source files.
+
+
+
+
+ If you do need to do create this sort of patch file, one way to do so is
+ with git:
+
+
+
+ Move to the root directory of the source code you're patching.
+
+$ cd the/program/source
+
+
+
+
+ If a git repository is not already present, create one and stage all of
+ the source files.
+
$ git init
-$ git add .
- Edit some files to make whatever changes need
- to be included in the patch.
- Use git to create a diff, and pipe the output
- to a patch file:
+$ git add .
+
+
+
+
+ Edit some files to make whatever changes need to be included in the
+ patch.
+
+
+
+
+ Use git to create a diff, and pipe the output to a patch file:
+
$ git diff > nixpkgs/pkgs/the/package/0001-changes.patch
-
-
-
-
+
+
+
+
+
diff --git a/doc/configuration.xml b/doc/configuration.xml
index 5370265c53ad8703d6892de3bcb58e48a4c2706a..4411b4844e999f01b7379c8375b8c376ed39a09d 100644
--- a/doc/configuration.xml
+++ b/doc/configuration.xml
@@ -1,42 +1,51 @@
-
-Global configuration
-
-Nix comes with certain defaults about what packages can and
-cannot be installed, based on a package's metadata. By default, Nix
-will prevent installation if any of the following criteria are
-true:
-
-
- The package is thought to be broken, and has had
- its meta.broken set to
- true.
-
- The package isn't intended to run on the given system, as none of its meta.platforms match the given system.
-
- The package's meta.license is set
- to a license which is considered to be unfree.
-
- The package has known security vulnerabilities but
- has not or can not be updated for some reason, and a list of issues
- has been entered in to the package's
- meta.knownVulnerabilities.
-
-
-Note that all this is checked during evaluation already,
-and the check includes any package that is evaluated.
-In particular, all build-time dependencies are checked.
-nix-env -qa will (attempt to) hide any packages
-that would be refused.
-
-
-Each of these criteria can be altered in the nixpkgs
-configuration.
-
-The nixpkgs configuration for a NixOS system is set in the
-configuration.nix, as in the following example:
+ Global configuration
+
+ Nix comes with certain defaults about what packages can and cannot be
+ installed, based on a package's metadata. By default, Nix will prevent
+ installation if any of the following criteria are true:
+
+
+
+
+ The package is thought to be broken, and has had its
+ meta.broken set to true.
+
+
+
+
+ The package isn't intended to run on the given system, as none of its
+ meta.platforms match the given system.
+
+
+
+
+ The package's meta.license is set to a license which is
+ considered to be unfree.
+
+
+
+
+ The package has known security vulnerabilities but has not or can not be
+ updated for some reason, and a list of issues has been entered in to the
+ package's meta.knownVulnerabilities.
+
+
+
+
+ Note that all this is checked during evaluation already, and the check
+ includes any package that is evaluated. In particular, all build-time
+ dependencies are checked. nix-env -qa will (attempt to)
+ hide any packages that would be refused.
+
+
+ Each of these criteria can be altered in the nixpkgs configuration.
+
+
+ The nixpkgs configuration for a NixOS system is set in the
+ configuration.nix, as in the following example:
{
nixpkgs.config = {
@@ -44,187 +53,197 @@ configuration.
};
}
-However, this does not allow unfree software for individual users.
-Their configurations are managed separately.
-
-A user's of nixpkgs configuration is stored in a user-specific
-configuration file located at
-~/.config/nixpkgs/config.nix. For example:
+ However, this does not allow unfree software for individual users. Their
+ configurations are managed separately.
+
+
+ A user's of nixpkgs configuration is stored in a user-specific configuration
+ file located at ~/.config/nixpkgs/config.nix. For
+ example:
{
allowUnfree = true;
}
-
-
-Note that we are not able to test or build unfree software on Hydra
-due to policy. Most unfree licenses prohibit us from either executing or
-distributing the software.
-
-
+
+
+ Note that we are not able to test or build unfree software on Hydra due to
+ policy. Most unfree licenses prohibit us from either executing or
+ distributing the software.
+
+ Installing broken packages
-
- There are two ways to try compiling a package which has been
- marked as broken.
+
+ There are two ways to try compiling a package which has been marked as
+ broken.
+
-
- For allowing the build of a broken package once, you can use an
- environment variable for a single invocation of the nix tools:
-
- $ export NIXPKGS_ALLOW_BROKEN=1
-
-
-
- For permanently allowing broken packages to be built, you may
- add allowBroken = true; to your user's
- configuration file, like this:
-
+
+
+ For allowing the build of a broken package once, you can use an
+ environment variable for a single invocation of the nix tools:
+$ export NIXPKGS_ALLOW_BROKEN=1
+
+
+
+
+ For permanently allowing broken packages to be built, you may add
+ allowBroken = true; to your user's configuration file,
+ like this:
{
allowBroken = true;
}
-
+
+
-
-
-
+
+ Installing packages on unsupported systems
-
- There are also two ways to try compiling a package which has been marked as unsuported for the given system.
+ There are also two ways to try compiling a package which has been marked as
+ unsuported for the given system.
-
- For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
-
- $ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1
-
-
-
-
- For permanently allowing broken packages to be built, you may add allowUnsupportedSystem = true; to your user's configuration file, like this:
-
+
+
+ For allowing the build of a broken package once, you can use an
+ environment variable for a single invocation of the nix tools:
+$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1
+
+
+
+
+ For permanently allowing broken packages to be built, you may add
+ allowUnsupportedSystem = true; to your user's
+ configuration file, like this:
{
allowUnsupportedSystem = true;
}
-
-
+
+
- The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
- If a program ought to work on a certain platform, but doesn't, the platform should be included in meta.platforms, but marked as broken with e.g. meta.broken = !hostPlatform.isWindows.
- Of course, this begs the question of what "ought" means exactly.
- That is left to the package maintainer.
+ The difference between an a package being unsupported on some system and
+ being broken is admittedly a bit fuzzy. If a program
+ ought to work on a certain platform, but doesn't, the
+ platform should be included in meta.platforms, but marked
+ as broken with e.g. meta.broken =
+ !hostPlatform.isWindows. Of course, this begs the question of what
+ "ought" means exactly. That is left to the package maintainer.
-
-
-
+
+ Installing unfree packages
- There are several ways to tweak how Nix handles a package
- which has been marked as unfree.
+
+ There are several ways to tweak how Nix handles a package which has been
+ marked as unfree.
+
-
- To temporarily allow all unfree packages, you can use an
- environment variable for a single invocation of the nix tools:
-
- $ export NIXPKGS_ALLOW_UNFREE=1
-
-
-
- It is possible to permanently allow individual unfree packages,
- while still blocking unfree packages by default using the
- allowUnfreePredicate configuration
- option in the user configuration file.
-
- This option is a function which accepts a package as a
- parameter, and returns a boolean. The following example
- configuration accepts a package and always returns false:
+
+
+ To temporarily allow all unfree packages, you can use an environment
+ variable for a single invocation of the nix tools:
+$ export NIXPKGS_ALLOW_UNFREE=1
+
+
+
+
+ It is possible to permanently allow individual unfree packages, while
+ still blocking unfree packages by default using the
+ allowUnfreePredicate configuration option in the user
+ configuration file.
+
+
+ This option is a function which accepts a package as a parameter, and
+ returns a boolean. The following example configuration accepts a package
+ and always returns false:
{
allowUnfreePredicate = (pkg: false);
}
-
-
- A more useful example, the following configuration allows
- only allows flash player and visual studio code:
-
+
+
+ A more useful example, the following configuration allows only allows
+ flash player and visual studio code:
{
allowUnfreePredicate = (pkg: elem (builtins.parseDrvName pkg.name).name [ "flashplayer" "vscode" ]);
}
-
-
-
- It is also possible to whitelist and blacklist licenses
- that are specifically acceptable or not acceptable, using
- whitelistedLicenses and
- blacklistedLicenses, respectively.
-
-
- The following example configuration whitelists the
- licenses amd and wtfpl:
-
+
+
+
+
+ It is also possible to whitelist and blacklist licenses that are
+ specifically acceptable or not acceptable, using
+ whitelistedLicenses and
+ blacklistedLicenses, respectively.
+
+
+ The following example configuration whitelists the licenses
+ amd and wtfpl:
{
whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
}
-
-
- The following example configuration blacklists the
- gpl3 and agpl3 licenses:
-
+
+
+ The following example configuration blacklists the gpl3
+ and agpl3 licenses:
{
blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
}
-
-
+
+
- A complete list of licenses can be found in the file
- lib/licenses.nix of the nixpkgs tree.
-
-
-
-
-
- Installing insecure packages
-
+
+ A complete list of licenses can be found in the file
+ lib/licenses.nix of the nixpkgs tree.
+
+
+
+ Installing insecure packages
- There are several ways to tweak how Nix handles a package
- which has been marked as insecure.
+
+ There are several ways to tweak how Nix handles a package which has been
+ marked as insecure.
+
-
- To temporarily allow all insecure packages, you can use an
- environment variable for a single invocation of the nix tools:
-
- $ export NIXPKGS_ALLOW_INSECURE=1
-
-
-
- It is possible to permanently allow individual insecure
- packages, while still blocking other insecure packages by
- default using the permittedInsecurePackages
- configuration option in the user configuration file.
-
- The following example configuration permits the
- installation of the hypothetically insecure package
- hello, version 1.2.3:
+
+
+ To temporarily allow all insecure packages, you can use an environment
+ variable for a single invocation of the nix tools:
+$ export NIXPKGS_ALLOW_INSECURE=1
+
+
+
+
+ It is possible to permanently allow individual insecure packages, while
+ still blocking other insecure packages by default using the
+ permittedInsecurePackages configuration option in the
+ user configuration file.
+
+
+ The following example configuration permits the installation of the
+ hypothetically insecure package hello, version
+ 1.2.3:
{
permittedInsecurePackages = [
@@ -232,47 +251,44 @@ distributing the software.
];
}
-
-
-
-
- It is also possible to create a custom policy around which
- insecure packages to allow and deny, by overriding the
- allowInsecurePredicate configuration
- option.
-
- The allowInsecurePredicate option is a
- function which accepts a package and returns a boolean, much
- like allowUnfreePredicate.
-
- The following configuration example only allows insecure
- packages with very short names:
-
+
+
+
+
+ It is also possible to create a custom policy around which insecure
+ packages to allow and deny, by overriding the
+ allowInsecurePredicate configuration option.
+
+
+ The allowInsecurePredicate option is a function which
+ accepts a package and returns a boolean, much like
+ allowUnfreePredicate.
+
+
+ The following configuration example only allows insecure packages with
+ very short names:
{
allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) <= 5);
}
-
-
- Note that permittedInsecurePackages is
- only checked if allowInsecurePredicate is not
- specified.
-
+
+
+ Note that permittedInsecurePackages is only checked if
+ allowInsecurePredicate is not specified.
+
+
-
-
+
+
+ Modify packages via <literal>packageOverrides</literal>
-Modify
-packages via <literal>packageOverrides</literal>
-
-You can define a function called
-packageOverrides in your local
-~/.config/nixpkgs/config.nix to override nix packages. It
-must be a function that takes pkgs as an argument and return modified
-set of packages.
-
+
+ You can define a function called packageOverrides in your
+ local ~/.config/nixpkgs/config.nix to override nix
+ packages. It must be a function that takes pkgs as an argument and return
+ modified set of packages.
{
packageOverrides = pkgs: rec {
@@ -280,30 +296,27 @@ set of packages.
};
}
-
-
-
-
-
-
+
+
+ Declarative Package Management
- Build an environment
-
-
- Using packageOverrides, it is possible to manage
- packages declaratively. This means that we can list all of our desired
- packages within a declarative Nix expression. For example, to have
- aspell, bc,
- ffmpeg, coreutils,
- gdb, nixUnstable,
- emscripten, jq,
- nox, and silver-searcher, we could
- use the following in ~/.config/nixpkgs/config.nix:
-
-
-
+ Build an environment
+
+
+ Using packageOverrides, it is possible to manage
+ packages declaratively. This means that we can list all of our desired
+ packages within a declarative Nix expression. For example, to have
+ aspell, bc,
+ ffmpeg, coreutils,
+ gdb, nixUnstable,
+ emscripten, jq,
+ nox, and silver-searcher, we could
+ use the following in ~/.config/nixpkgs/config.nix:
+
+
+
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
@@ -314,17 +327,17 @@ set of packages.
}
-
- To install it into our environment, you can just run nix-env -iA
- nixpkgs.myPackages. If you want to load the packages to be built
- from a working copy of nixpkgs you just run
- nix-env -f. -iA myPackages. To explore what's been
- installed, just look through ~/.nix-profile/. You can
- see that a lot of stuff has been installed. Some of this stuff is useful
- some of it isn't. Let's tell Nixpkgs to only link the stuff that we want:
-
-
-
+
+ To install it into our environment, you can just run nix-env -iA
+ nixpkgs.myPackages. If you want to load the packages to be built
+ from a working copy of nixpkgs you just run
+ nix-env -f. -iA myPackages. To explore what's been
+ installed, just look through ~/.nix-profile/. You can
+ see that a lot of stuff has been installed. Some of this stuff is useful
+ some of it isn't. Let's tell Nixpkgs to only link the stuff that we want:
+
+
+
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
@@ -336,31 +349,30 @@ set of packages.
}
-
- pathsToLink tells Nixpkgs to only link the paths listed
- which gets rid of the extra stuff in the profile.
- /bin and /share are good
- defaults for a user environment, getting rid of the clutter. If you are
- running on Nix on MacOS, you may want to add another path as well,
- /Applications, that makes GUI apps available.
-
-
+
+ pathsToLink tells Nixpkgs to only link the paths listed
+ which gets rid of the extra stuff in the profile. /bin
+ and /share are good defaults for a user environment,
+ getting rid of the clutter. If you are running on Nix on MacOS, you may
+ want to add another path as well, /Applications, that
+ makes GUI apps available.
+
- Getting documentation
-
-
- After building that new environment, look through
- ~/.nix-profile to make sure everything is there that
- we wanted. Discerning readers will note that some files are missing. Look
- inside ~/.nix-profile/share/man/man1/ to verify this.
- There are no man pages for any of the Nix tools! This is because some
- packages like Nix have multiple outputs for things like documentation (see
- section 4). Let's make Nix install those as well.
-
-
-
+ Getting documentation
+
+
+ After building that new environment, look through
+ ~/.nix-profile to make sure everything is there that
+ we wanted. Discerning readers will note that some files are missing. Look
+ inside ~/.nix-profile/share/man/man1/ to verify this.
+ There are no man pages for any of the Nix tools! This is because some
+ packages like Nix have multiple outputs for things like documentation (see
+ section 4). Let's make Nix install those as well.
+
+
+
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
@@ -373,14 +385,13 @@ set of packages.
}
-
- This provides us with some useful documentation for using our packages.
- However, if we actually want those manpages to be detected by man, we need
- to set up our environment. This can also be managed within Nix
- expressions.
-
+
+ This provides us with some useful documentation for using our packages.
+ However, if we actually want those manpages to be detected by man, we need
+ to set up our environment. This can also be managed within Nix expressions.
+
-
+
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
@@ -412,13 +423,13 @@ cp ${myProfile} $out/etc/profile.d/my-profile.sh
}
-
- For this to work fully, you must also have this script sourced when you
- are logged in. Try adding something like this to your
- ~/.profile file:
-
+
+ For this to work fully, you must also have this script sourced when you are
+ logged in. Try adding something like this to your
+ ~/.profile file:
+
-
+
#!/bin/sh
if [ -d $HOME/.nix-profile/etc/profile.d ]; then
for i in $HOME/.nix-profile/etc/profile.d/*.sh; do
@@ -429,23 +440,22 @@ if [ -d $HOME/.nix-profile/etc/profile.d ]; then
fi
-
- Now just run source $HOME/.profile and you can starting
- loading man pages from your environent.
-
-
+
+ Now just run source $HOME/.profile and you can starting
+ loading man pages from your environent.
+
- GNU info setup
+ GNU info setup
-
- Configuring GNU info is a little bit trickier than man pages. To work
- correctly, info needs a database to be generated. This can be done with
- some small modifications to our environment scripts.
-
+
+ Configuring GNU info is a little bit trickier than man pages. To work
+ correctly, info needs a database to be generated. This can be done with
+ some small modifications to our environment scripts.
+
-
+
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
@@ -487,16 +497,13 @@ cp ${myProfile} $out/etc/profile.d/my-profile.sh
}
-
- postBuild tells Nixpkgs to run a command after building
- the environment. In this case, install-info adds the
- installed info pages to dir which is GNU info's default
- root node. Note that texinfoInteractive is added to the
- environment to give the install-info command.
-
-
+
+ postBuild tells Nixpkgs to run a command after building
+ the environment. In this case, install-info adds the
+ installed info pages to dir which is GNU info's default
+ root node. Note that texinfoInteractive is added to the
+ environment to give the install-info command.
+
-
-
-
+
diff --git a/doc/contributing.xml b/doc/contributing.xml
index 7aa0df271ff499fd0d3a35452f215356b9261f93..d28442b7a2c6ab6c12e03edcc2a038bbc102462d 100644
--- a/doc/contributing.xml
+++ b/doc/contributing.xml
@@ -1,35 +1,35 @@
-
-Contributing to this documentation
-
-The DocBook sources of the Nixpkgs manual are in the Contributing to this documentation
+
+ The DocBook sources of the Nixpkgs manual are in the
+ doc
-subdirectory of the Nixpkgs repository.
-
-You can quickly check your edits with make:
-
+ subdirectory of the Nixpkgs repository.
+
+
+ You can quickly check your edits with make:
+
$ cd /path/to/nixpkgs/doc
$ nix-shell
[nix-shell]$ make
-
-If you experience problems, run make debug
-to help understand the docbook errors.
-
-After making modifications to the manual, it's important to
-build it before committing. You can do that as follows:
-
+
+ If you experience problems, run make debug to help
+ understand the docbook errors.
+
+
+ After making modifications to the manual, it's important to build it before
+ committing. You can do that as follows:
$ cd /path/to/nixpkgs/doc
$ nix-shell
[nix-shell]$ make clean
[nix-shell]$ nix-build .
-
-If the build succeeds, the manual will be in
-./result/share/doc/nixpkgs/manual.html.
-
+ If the build succeeds, the manual will be in
+ ./result/share/doc/nixpkgs/manual.html.
+
diff --git a/doc/cross-compilation.xml b/doc/cross-compilation.xml
index 0b2b85aeeef61118726cf01bdabfd7d805bd33ac..fe0e0d88d30ea4177abd1b3aac140993481724e7 100644
--- a/doc/cross-compilation.xml
+++ b/doc/cross-compilation.xml
@@ -1,308 +1,469 @@
-
-Cross-compilation
-
-
+ Cross-compilation
+ Introduction
+
- "Cross-compilation" means compiling a program on one machine for another type of machine.
- For example, a typical use of cross compilation is to compile programs for embedded devices.
- These devices often don't have the computing power and memory to compile their own programs.
- One might think that cross-compilation is a fairly niche concern, but there are advantages to being rigorous about distinguishing build-time vs run-time environments even when one is developing and deploying on the same machine.
- Nixpkgs is increasingly adopting the opinion that packages should be written with cross-compilation in mind, and nixpkgs should evaluate in a similar way (by minimizing cross-compilation-specific special cases) whether or not one is cross-compiling.
+ "Cross-compilation" means compiling a program on one machine for another
+ type of machine. For example, a typical use of cross compilation is to
+ compile programs for embedded devices. These devices often don't have the
+ computing power and memory to compile their own programs. One might think
+ that cross-compilation is a fairly niche concern, but there are advantages
+ to being rigorous about distinguishing build-time vs run-time environments
+ even when one is developing and deploying on the same machine. Nixpkgs is
+ increasingly adopting the opinion that packages should be written with
+ cross-compilation in mind, and nixpkgs should evaluate in a similar way (by
+ minimizing cross-compilation-specific special cases) whether or not one is
+ cross-compiling.
- This chapter will be organized in three parts.
- First, it will describe the basics of how to package software in a way that supports cross-compilation.
- Second, it will describe how to use Nixpkgs when cross-compiling.
- Third, it will describe the internal infrastructure supporting cross-compilation.
+ This chapter will be organized in three parts. First, it will describe the
+ basics of how to package software in a way that supports cross-compilation.
+ Second, it will describe how to use Nixpkgs when cross-compiling. Third, it
+ will describe the internal infrastructure supporting cross-compilation.
-
-
+
-
-
+ Packaging in a cross-friendly manner
- Platform parameters
-
- Nixpkgs follows the common historical convention of GNU autoconf of distinguishing between 3 types of platform: build, host, and target.
+ Platform parameters
- In summary, build is the platform on which a package is being built, host is the platform on which it is to run. The third attribute, target, is relevant only for certain specific compilers and build tools.
-
+
+ Nixpkgs follows the
+ common
+ historical convention of GNU autoconf of distinguishing between 3
+ types of platform: build,
+ host, and target. In
+ summary, build is the platform on which a package
+ is being built, host is the platform on which it
+ is to run. The third attribute, target, is
+ relevant only for certain specific compilers and build tools.
+
-
- In Nixpkgs, these three platforms are defined as attribute sets under the names buildPlatform, hostPlatform, and targetPlatform.
- All three are always defined as attributes in the standard environment, and at the top level. That means one can get at them just like a dependency in a function that is imported with callPackage:
- { stdenv, buildPlatform, hostPlatform, fooDep, barDep, .. }: ...buildPlatform..., or just off stdenv:
- { stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform....
-
-
-
- buildPlatform
-
- The "build platform" is the platform on which a package is built.
- Once someone has a built package, or pre-built binary package, the build platform should not matter and be safe to ignore.
-
-
-
- hostPlatform
-
- The "host platform" is the platform on which a package will be run.
- This is the simplest platform to understand, but also the one with the worst name.
-
-
-
- targetPlatform
-
-
- The "target platform" attribute is, unlike the other two attributes, not actually fundamental to the process of building software.
- Instead, it is only relevant for compatibility with building certain specific compilers and build tools.
- It can be safely ignored for all other packages.
-
-
- The build process of certain compilers is written in such a way that the compiler resulting from a single build can itself only produce binaries for a single platform.
- The task specifying this single "target platform" is thus pushed to build time of the compiler.
- The root cause of this mistake is often that the compiler (which will be run on the host) and the the standard library/runtime (which will be run on the target) are built by a single build process.
-
-
- There is no fundamental need to think about a single target ahead of time like this.
- If the tool supports modular or pluggable backends, both the need to specify the target at build time and the constraint of having only a single target disappear.
- An example of such a tool is LLVM.
-
-
- Although the existence of a "target platfom" is arguably a historical mistake, it is a common one: examples of tools that suffer from it are GCC, Binutils, GHC and Autoconf.
- Nixpkgs tries to avoid sharing in the mistake where possible.
- Still, because the concept of a target platform is so ingrained, it is best to support it as is.
-
-
-
-
-
- The exact schema these fields follow is a bit ill-defined due to a long and convoluted evolution, but this is slowly being cleaned up.
- You can see examples of ones used in practice in lib.systems.examples; note how they are not all very consistent.
- For now, here are few fields can count on them containing:
-
-
-
- system
-
-
- This is a two-component shorthand for the platform.
- Examples of this would be "x86_64-darwin" and "i686-linux"; see lib.systems.doubles for more.
- This format isn't very standard, but has built-in support in Nix, such as the builtins.currentSystem impure string.
-
-
-
-
- config
-
-
- This is a 3- or 4- component shorthand for the platform.
- Examples of this would be "x86_64-unknown-linux-gnu" and "aarch64-apple-darwin14".
- This is a standard format called the "LLVM target triple", as they are pioneered by LLVM and traditionally just used for the targetPlatform.
- This format is strictly more informative than the "Nix host double", as the previous format could analogously be termed.
- This needs a better name than config!
-
-
-
-
- parsed
-
-
- This is a nix representation of a parsed LLVM target triple with white-listed components.
- This can be specified directly, or actually parsed from the config.
- [Technically, only one need be specified and the others can be inferred, though the precision of inference may not be very good.]
- See lib.systems.parse for the exact representation.
-
-
-
-
- libc
-
-
- This is a string identifying the standard C library used.
- Valid identifiers include "glibc" for GNU libc, "libSystem" for Darwin's Libsystem, and "uclibc" for µClibc.
- It should probably be refactored to use the module system, like parse.
-
-
-
-
- is*
-
-
- These predicates are defined in lib.systems.inspect, and slapped on every platform.
- They are superior to the ones in stdenv as they force the user to be explicit about which platform they are inspecting.
- Please use these instead of those.
-
-
-
-
- platform
-
-
- This is, quite frankly, a dumping ground of ad-hoc settings (it's an attribute set).
- See lib.systems.platforms for examples—there's hopefully one in there that will work verbatim for each platform that is working.
- Please help us triage these flags and give them better homes!
-
-
-
-
+
+ In Nixpkgs, these three platforms are defined as attribute sets under the
+ names buildPlatform, hostPlatform,
+ and targetPlatform. All three are always defined as
+ attributes in the standard environment, and at the top level. That means
+ one can get at them just like a dependency in a function that is imported
+ with callPackage:
+{ stdenv, buildPlatform, hostPlatform, fooDep, barDep, .. }: ...buildPlatform...
+ , or just off stdenv:
+{ stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform...
+ .
+
+
+
+
+ buildPlatform
+
+
+
+ The "build platform" is the platform on which a package is built. Once
+ someone has a built package, or pre-built binary package, the build
+ platform should not matter and be safe to ignore.
+
+
+
+
+ hostPlatform
+
+
+
+ The "host platform" is the platform on which a package will be run. This
+ is the simplest platform to understand, but also the one with the worst
+ name.
+
+
+
+
+ targetPlatform
+
+
+
+ The "target platform" attribute is, unlike the other two attributes, not
+ actually fundamental to the process of building software. Instead, it is
+ only relevant for compatibility with building certain specific compilers
+ and build tools. It can be safely ignored for all other packages.
+
+
+ The build process of certain compilers is written in such a way that the
+ compiler resulting from a single build can itself only produce binaries
+ for a single platform. The task specifying this single "target platform"
+ is thus pushed to build time of the compiler. The root cause of this
+ mistake is often that the compiler (which will be run on the host) and
+ the the standard library/runtime (which will be run on the target) are
+ built by a single build process.
+
+
+ There is no fundamental need to think about a single target ahead of
+ time like this. If the tool supports modular or pluggable backends, both
+ the need to specify the target at build time and the constraint of
+ having only a single target disappear. An example of such a tool is
+ LLVM.
+
+
+ Although the existence of a "target platfom" is arguably a historical
+ mistake, it is a common one: examples of tools that suffer from it are
+ GCC, Binutils, GHC and Autoconf. Nixpkgs tries to avoid sharing in the
+ mistake where possible. Still, because the concept of a target platform
+ is so ingrained, it is best to support it as is.
+
+
+
+
+
+
+ The exact schema these fields follow is a bit ill-defined due to a long and
+ convoluted evolution, but this is slowly being cleaned up. You can see
+ examples of ones used in practice in
+ lib.systems.examples; note how they are not all very
+ consistent. For now, here are few fields can count on them containing:
+
+
+
+
+ system
+
+
+
+ This is a two-component shorthand for the platform. Examples of this
+ would be "x86_64-darwin" and "i686-linux"; see
+ lib.systems.doubles for more. This format isn't very
+ standard, but has built-in support in Nix, such as the
+ builtins.currentSystem impure string.
+
+
+
+
+ config
+
+
+
+ This is a 3- or 4- component shorthand for the platform. Examples of
+ this would be "x86_64-unknown-linux-gnu" and "aarch64-apple-darwin14".
+ This is a standard format called the "LLVM target triple", as they are
+ pioneered by LLVM and traditionally just used for the
+ targetPlatform. This format is strictly more
+ informative than the "Nix host double", as the previous format could
+ analogously be termed. This needs a better name than
+ config!
+
+
+
+
+ parsed
+
+
+
+ This is a nix representation of a parsed LLVM target triple with
+ white-listed components. This can be specified directly, or actually
+ parsed from the config. [Technically, only one need
+ be specified and the others can be inferred, though the precision of
+ inference may not be very good.] See
+ lib.systems.parse for the exact representation.
+
+
+
+
+ libc
+
+
+
+ This is a string identifying the standard C library used. Valid
+ identifiers include "glibc" for GNU libc, "libSystem" for Darwin's
+ Libsystem, and "uclibc" for µClibc. It should probably be refactored to
+ use the module system, like parse.
+
+
+
+
+ is*
+
+
+
+ These predicates are defined in lib.systems.inspect,
+ and slapped on every platform. They are superior to the ones in
+ stdenv as they force the user to be explicit about
+ which platform they are inspecting. Please use these instead of those.
+
+
+
+
+ platform
+
+
+
+ This is, quite frankly, a dumping ground of ad-hoc settings (it's an
+ attribute set). See lib.systems.platforms for
+ examples—there's hopefully one in there that will work verbatim for
+ each platform that is working. Please help us triage these flags and
+ give them better homes!
+
+
+
+
- Specifying Dependencies
-
- In this section we explore the relationship between both runtime and buildtime dependencies and the 3 Autoconf platforms.
-
-
- A runtime dependency between 2 packages implies that between them both the host and target platforms match.
- This is directly implied by the meaning of "host platform" and "runtime dependency":
- The package dependency exists while both packages are running on a single host platform.
-
-
- A build time dependency, however, implies a shift in platforms between the depending package and the depended-on package.
- The meaning of a build time dependency is that to build the depending package we need to be able to run the depended-on's package.
- The depending package's build platform is therefore equal to the depended-on package's host platform.
- Analogously, the depending package's host platform is equal to the depended-on package's target platform.
-
-
- In this manner, given the 3 platforms for one package, we can determine the three platforms for all its transitive dependencies.
- This is the most important guiding principle behind cross-compilation with Nixpkgs, and will be called the sliding window principle.
-
+ Specifying Dependencies
+
+
+ In this section we explore the relationship between both runtime and
+ buildtime dependencies and the 3 Autoconf platforms.
+
+
+
+ A runtime dependency between 2 packages implies that between them both the
+ host and target platforms match. This is directly implied by the meaning of
+ "host platform" and "runtime dependency": The package dependency exists
+ while both packages are running on a single host platform.
+
+
+
+ A build time dependency, however, implies a shift in platforms between the
+ depending package and the depended-on package. The meaning of a build time
+ dependency is that to build the depending package we need to be able to run
+ the depended-on's package. The depending package's build platform is
+ therefore equal to the depended-on package's host platform. Analogously,
+ the depending package's host platform is equal to the depended-on package's
+ target platform.
+
+
+
+ In this manner, given the 3 platforms for one package, we can determine the
+ three platforms for all its transitive dependencies. This is the most
+ important guiding principle behind cross-compilation with Nixpkgs, and will
+ be called the sliding window principle.
+
+
+
+ Some examples will probably make this clearer. If a package is being built
+ with a (build, host, target) platform triple of
+ (foo, bar, bar), then its build-time dependencies would
+ have a triple of (foo, foo, bar), and those
+ packages' build-time dependencies would have triple of
+ (foo, foo, foo). In other words, it should take two
+ "rounds" of following build-time dependency edges before one reaches a
+ fixed point where, by the sliding window principle, the platform triple no
+ longer changes. Indeed, this happens with cross compilation, where only
+ rounds of native dependencies starting with the second necessarily coincide
+ with native packages.
+
+
+
- Some examples will probably make this clearer.
- If a package is being built with a (build, host, target) platform triple of (foo, bar, bar), then its build-time dependencies would have a triple of (foo, foo, bar), and those packages' build-time dependencies would have triple of (foo, foo, foo).
- In other words, it should take two "rounds" of following build-time dependency edges before one reaches a fixed point where, by the sliding window principle, the platform triple no longer changes.
- Indeed, this happens with cross compilation, where only rounds of native dependencies starting with the second necessarily coincide with native packages.
+ The depending package's target platform is unconstrained by the sliding
+ window principle, which makes sense in that one can in principle build
+ cross compilers targeting arbitrary platforms.
-
- The depending package's target platform is unconstrained by the sliding window principle, which makes sense in that one can in principle build cross compilers targeting arbitrary platforms.
-
+
+
+
+ How does this work in practice? Nixpkgs is now structured so that
+ build-time dependencies are taken from buildPackages,
+ whereas run-time dependencies are taken from the top level attribute set.
+ For example, buildPackages.gcc should be used at build
+ time, while gcc should be used at run time. Now, for
+ most of Nixpkgs's history, there was no buildPackages,
+ and most packages have not been refactored to use it explicitly. Instead,
+ one can use the six (gasp) attributes used for
+ specifying dependencies as documented in
+ . We "splice" together the
+ run-time and build-time package sets with callPackage,
+ and then mkDerivation for each of four attributes pulls
+ the right derivation out. This splicing can be skipped when not cross
+ compiling as the package sets are the same, but is a bit slow for cross
+ compiling. Because of this, a best-of-both-worlds solution is in the works
+ with no splicing or explicit access of buildPackages
+ needed. For now, feel free to use either method.
+
+
+
- How does this work in practice? Nixpkgs is now structured so that build-time dependencies are taken from buildPackages, whereas run-time dependencies are taken from the top level attribute set.
- For example, buildPackages.gcc should be used at build time, while gcc should be used at run time.
- Now, for most of Nixpkgs's history, there was no buildPackages, and most packages have not been refactored to use it explicitly.
- Instead, one can use the six (gasp) attributes used for specifying dependencies as documented in .
- We "splice" together the run-time and build-time package sets with callPackage, and then mkDerivation for each of four attributes pulls the right derivation out.
- This splicing can be skipped when not cross compiling as the package sets are the same, but is a bit slow for cross compiling.
- Because of this, a best-of-both-worlds solution is in the works with no splicing or explicit access of buildPackages needed.
- For now, feel free to use either method.
+ There is also a "backlink" targetPackages, yielding a
+ package set whose buildPackages is the current package
+ set. This is a hack, though, to accommodate compilers with lousy build
+ systems. Please do not use this unless you are absolutely sure you are
+ packaging such a compiler and there is no other way.
-
- There is also a "backlink" targetPackages, yielding a package set whose buildPackages is the current package set.
- This is a hack, though, to accommodate compilers with lousy build systems.
- Please do not use this unless you are absolutely sure you are packaging such a compiler and there is no other way.
-
+
- Cross packagaing cookbook
-
- Some frequently problems when packaging for cross compilation are good to just spell and answer.
- Ideally the information above is exhaustive, so this section cannot provide any new information,
- but its ludicrous and cruel to expect everyone to spend effort working through the interaction of many features just to figure out the same answer to the same common problem.
- Feel free to add to this list!
-
-
-
-
- What if my package's build system needs to build a C program to be run under the build environment?
-
-
- depsBuildBuild = [ buildPackages.stdenv.cc ];
- Add it to your mkDerivation invocation.
-
-
-
-
- My package fails to find ar.
-
-
- Many packages assume that an unprefixed ar is available, but Nix doesn't provide one.
- It only provides a prefixed one, just as it only does for all the other binutils programs.
- It may be necessary to patch the package to fix the build system to use a prefixed `ar`.
-
-
-
-
- My package's testsuite needs to run host platform code.
-
-
- doCheck = stdenv.hostPlatform != stdenv.buildPlatfrom;
- Add it to your mkDerivation invocation.
-
-
-
-
-
+ Cross packagaing cookbook
-
+
+ Some frequently problems when packaging for cross compilation are good to
+ just spell and answer. Ideally the information above is exhaustive, so this
+ section cannot provide any new information, but its ludicrous and cruel to
+ expect everyone to spend effort working through the interaction of many
+ features just to figure out the same answer to the same common problem.
+ Feel free to add to this list!
+
-
+
+
+
+
+ What if my package's build system needs to build a C program to be run
+ under the build environment?
+
+
+
+
+depsBuildBuild = [ buildPackages.stdenv.cc ];
+ Add it to your mkDerivation invocation.
+
+
+
+
+
+
+ My package fails to find ar.
+
+
+
+
+ Many packages assume that an unprefixed ar is
+ available, but Nix doesn't provide one. It only provides a prefixed one,
+ just as it only does for all the other binutils programs. It may be
+ necessary to patch the package to fix the build system to use a prefixed
+ `ar`.
+
+
+
+
+
+
+ My package's testsuite needs to run host platform code.
+
+
+
+
+doCheck = stdenv.hostPlatform != stdenv.buildPlatfrom;
+ Add it to your mkDerivation invocation.
+
+
+
+
+
+
+
+ Cross-building packages
-
- More information needs to moved from the old wiki, especially , for this section.
-
+
+
+
+ More information needs to moved from the old wiki, especially
+ , for this
+ section.
+
+
+
- Nixpkgs can be instantiated with localSystem alone, in which case there is no cross compiling and everything is built by and for that system,
- or also with crossSystem, in which case packages run on the latter, but all building happens on the former.
- Both parameters take the same schema as the 3 (build, host, and target) platforms defined in the previous section.
- As mentioned above, lib.systems.examples has some platforms which are used as arguments for these parameters in practice.
- You can use them programmatically, or on the command line:
+ Nixpkgs can be instantiated with localSystem alone, in
+ which case there is no cross compiling and everything is built by and for
+ that system, or also with crossSystem, in which case
+ packages run on the latter, but all building happens on the former. Both
+ parameters take the same schema as the 3 (build, host, and target) platforms
+ defined in the previous section. As mentioned above,
+ lib.systems.examples has some platforms which are used as
+ arguments for these parameters in practice. You can use them
+ programmatically, or on the command line:
+
nix-build <nixpkgs> --arg crossSystem '(import <nixpkgs/lib>).systems.examples.fooBarBaz' -A whatever
+
-
- Eventually we would like to make these platform examples an unnecessary convenience so that
+
+ Eventually we would like to make these platform examples an unnecessary
+ convenience so that
+
nix-build <nixpkgs> --arg crossSystem.config '<arch>-<os>-<vendor>-<abi>' -A whatever
- works in the vast majority of cases.
- The problem today is dependencies on other sorts of configuration which aren't given proper defaults.
- We rely on the examples to crudely to set those configuration parameters in some vaguely sane manner on the users behalf.
- Issue #34274 tracks this inconvenience along with its root cause in crufty configuration options.
-
+ works in the vast majority of cases. The problem today is dependencies on
+ other sorts of configuration which aren't given proper defaults. We rely on
+ the examples to crudely to set those configuration parameters in some
+ vaguely sane manner on the users behalf. Issue
+ #34274
+ tracks this inconvenience along with its root cause in crufty configuration
+ options.
+
+
- While one is free to pass both parameters in full, there's a lot of logic to fill in missing fields.
- As discussed in the previous section, only one of system, config, and parsed is needed to infer the other two.
- Additionally, libc will be inferred from parse.
- Finally, localSystem.system is also impurely inferred based on the platform evaluation occurs.
- This means it is often not necessary to pass localSystem at all, as in the command-line example in the previous paragraph.
+ While one is free to pass both parameters in full, there's a lot of logic to
+ fill in missing fields. As discussed in the previous section, only one of
+ system, config, and
+ parsed is needed to infer the other two. Additionally,
+ libc will be inferred from parse.
+ Finally, localSystem.system is also
+ impurely inferred based on the platform evaluation
+ occurs. This means it is often not necessary to pass
+ localSystem at all, as in the command-line example in the
+ previous paragraph.
+
-
- Many sources (manual, wiki, etc) probably mention passing system, platform, along with the optional crossSystem to nixpkgs:
- import <nixpkgs> { system = ..; platform = ..; crossSystem = ..; }.
- Passing those two instead of localSystem is still supported for compatibility, but is discouraged.
- Indeed, much of the inference we do for these parameters is motivated by compatibility as much as convenience.
-
+
+ Many sources (manual, wiki, etc) probably mention passing
+ system, platform, along with the
+ optional crossSystem to nixpkgs: import
+ <nixpkgs> { system = ..; platform = ..; crossSystem = ..;
+ }. Passing those two instead of localSystem is
+ still supported for compatibility, but is discouraged. Indeed, much of the
+ inference we do for these parameters is motivated by compatibility as much
+ as convenience.
+
+
- One would think that localSystem and crossSystem overlap horribly with the three *Platforms (buildPlatform, hostPlatform, and targetPlatform; see stage.nix or the manual).
- Actually, those identifiers are purposefully not used here to draw a subtle but important distinction:
- While the granularity of having 3 platforms is necessary to properly *build* packages, it is overkill for specifying the user's *intent* when making a build plan or package set.
- A simple "build vs deploy" dichotomy is adequate: the sliding window principle described in the previous section shows how to interpolate between the these two "end points" to get the 3 platform triple for each bootstrapping stage.
- That means for any package a given package set, even those not bound on the top level but only reachable via dependencies or buildPackages, the three platforms will be defined as one of localSystem or crossSystem, with the former replacing the latter as one traverses build-time dependencies.
- A last simple difference then is crossSystem should be null when one doesn't want to cross-compile, while the *Platforms are always non-null.
- localSystem is always non-null.
+ One would think that localSystem and
+ crossSystem overlap horribly with the three
+ *Platforms (buildPlatform,
+ hostPlatform, and targetPlatform; see
+ stage.nix or the manual). Actually, those identifiers are
+ purposefully not used here to draw a subtle but important distinction: While
+ the granularity of having 3 platforms is necessary to properly *build*
+ packages, it is overkill for specifying the user's *intent* when making a
+ build plan or package set. A simple "build vs deploy" dichotomy is adequate:
+ the sliding window principle described in the previous section shows how to
+ interpolate between the these two "end points" to get the 3 platform triple
+ for each bootstrapping stage. That means for any package a given package
+ set, even those not bound on the top level but only reachable via
+ dependencies or buildPackages, the three platforms will
+ be defined as one of localSystem or
+ crossSystem, with the former replacing the latter as one
+ traverses build-time dependencies. A last simple difference then is
+ crossSystem should be null when one doesn't want to
+ cross-compile, while the *Platforms are always non-null.
+ localSystem is always non-null.
-
-
+
-
-
+ Cross-compilation infrastructure
- To be written.
-
- If one explores nixpkgs, they will see derivations with names like gccCross.
- Such *Cross derivations is a holdover from before we properly distinguished between the host and target platforms
- —the derivation with "Cross" in the name covered the build = host != target case, while the other covered the host = target, with build platform the same or not based on whether one was using its .nativeDrv or .crossDrv.
- This ugliness will disappear soon.
-
-
+
+ To be written.
+
+
+
+
+ If one explores nixpkgs, they will see derivations with names like
+ gccCross. Such *Cross derivations is
+ a holdover from before we properly distinguished between the host and
+ target platforms —the derivation with "Cross" in the name covered the
+ build = host != target case, while the other covered the
+ host = target, with build platform the same or not based
+ on whether one was using its .nativeDrv or
+ .crossDrv. This ugliness will disappear soon.
+
+
+
diff --git a/doc/default.nix b/doc/default.nix
index 8abde58bb1141176c9f56a32bd730b104be7b8d3..0d95d3f045737947f0b3372f3505bebf701a2172 100644
--- a/doc/default.nix
+++ b/doc/default.nix
@@ -7,7 +7,7 @@ in
pkgs.stdenv.mkDerivation {
name = "nixpkgs-manual";
- buildInputs = with pkgs; [ pandoc libxml2 libxslt zip jing ];
+ buildInputs = with pkgs; [ pandoc libxml2 libxslt zip jing xmlformat ];
src = ./.;
@@ -18,6 +18,7 @@ pkgs.stdenv.mkDerivation {
HIGHLIGHTJS = pkgs.documentation-highlighter;
XSL = "${pkgs.docbook5_xsl}/xml/xsl";
RNG = "${pkgs.docbook5}/xml/rng/docbook/docbook.rng";
+ XMLFORMAT_CONFIG = ../nixos/doc/xmlformat.conf;
xsltFlags = lib.concatStringsSep " " [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
@@ -30,7 +31,7 @@ pkgs.stdenv.mkDerivation {
];
postPatch = ''
- echo ${lib.nixpkgsVersion} > .version
+ echo ${lib.version} > .version
'';
installPhase = ''
diff --git a/doc/functions.xml b/doc/functions.xml
index b2e450972947f120baaa84627ce2c8c96630574a..cdae96703f1342f2894c408019a9601d8d094f9b 100644
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -1,144 +1,139 @@
-
-Functions reference
-
-
- The nixpkgs repository has several utility functions to manipulate Nix expressions.
-
-
-
+ Functions reference
+
+ The nixpkgs repository has several utility functions to manipulate Nix
+ expressions.
+
+ Overriding
- Sometimes one wants to override parts of
- nixpkgs, e.g. derivation attributes, the results of
- derivations or even the whole package set.
+ Sometimes one wants to override parts of nixpkgs, e.g.
+ derivation attributes, the results of derivations or even the whole package
+ set.
- <pkg>.override
+ <pkg>.override
-
- The function override is usually available for all the
- derivations in the nixpkgs expression (pkgs).
-
-
- It is used to override the arguments passed to a function.
-
-
- Example usages:
+
+ The function override is usually available for all the
+ derivations in the nixpkgs expression (pkgs).
+
+
+
+ It is used to override the arguments passed to a function.
+
- pkgs.foo.override { arg1 = val1; arg2 = val2; ... }
- import pkgs.path { overlays = [ (self: super: {
+
+ Example usages:
+pkgs.foo.override { arg1 = val1; arg2 = val2; ... }
+import pkgs.path { overlays = [ (self: super: {
foo = super.foo.override { barSupport = true ; };
})]};
- mypkg = pkgs.callPackage ./mypkg.nix {
+mypkg = pkgs.callPackage ./mypkg.nix {
mydep = pkgs.mydep.override { ... };
}
-
-
-
- In the first example, pkgs.foo is the result of a function call
- with some default arguments, usually a derivation.
- Using pkgs.foo.override will call the same function with
- the given new arguments.
-
-
+
+
+
+ In the first example, pkgs.foo is the result of a
+ function call with some default arguments, usually a derivation. Using
+ pkgs.foo.override will call the same function with the
+ given new arguments.
+
- <pkg>.overrideAttrs
-
-
- The function overrideAttrs allows overriding the
- attribute set passed to a stdenv.mkDerivation call,
- producing a new derivation based on the original one.
- This function is available on all derivations produced by the
- stdenv.mkDerivation function, which is most packages
- in the nixpkgs expression pkgs.
-
-
-
- Example usage:
-
- helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec {
+ <pkg>.overrideAttrs
+
+
+ The function overrideAttrs allows overriding the
+ attribute set passed to a stdenv.mkDerivation call,
+ producing a new derivation based on the original one. This function is
+ available on all derivations produced by the
+ stdenv.mkDerivation function, which is most packages in
+ the nixpkgs expression pkgs.
+
+
+
+ Example usage:
+helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec {
separateDebugInfo = true;
});
-
+
-
- In the above example, the separateDebugInfo attribute is
- overridden to be true, thus building debug info for
- helloWithDebug, while all other attributes will be
- retained from the original hello package.
-
+
+ In the above example, the separateDebugInfo attribute is
+ overridden to be true, thus building debug info for
+ helloWithDebug, while all other attributes will be
+ retained from the original hello package.
+
+
+
+ The argument oldAttrs is conventionally used to refer to
+ the attr set originally passed to stdenv.mkDerivation.
+
+
- The argument oldAttrs is conventionally used to refer to
- the attr set originally passed to stdenv.mkDerivation.
+ Note that separateDebugInfo is processed only by the
+ stdenv.mkDerivation function, not the generated, raw
+ Nix derivation. Thus, using overrideDerivation will not
+ work in this case, as it overrides only the attributes of the final
+ derivation. It is for this reason that overrideAttrs
+ should be preferred in (almost) all cases to
+ overrideDerivation, i.e. to allow using
+ sdenv.mkDerivation to process input arguments, as well
+ as the fact that it is easier to use (you can use the same attribute names
+ you see in your Nix code, instead of the ones generated (e.g.
+ buildInputs vs nativeBuildInputs,
+ and involves less typing.
-
-
-
- Note that separateDebugInfo is processed only by the
- stdenv.mkDerivation function, not the generated, raw
- Nix derivation. Thus, using overrideDerivation will
- not work in this case, as it overrides only the attributes of the final
- derivation. It is for this reason that overrideAttrs
- should be preferred in (almost) all cases to
- overrideDerivation, i.e. to allow using
- sdenv.mkDerivation to process input arguments, as well
- as the fact that it is easier to use (you can use the same attribute
- names you see in your Nix code, instead of the ones generated (e.g.
- buildInputs vs nativeBuildInputs,
- and involves less typing.
-
-
-
+
-
- <pkg>.overrideDerivation
-
-
- You should prefer overrideAttrs in almost all
- cases, see its documentation for the reasons why.
- overrideDerivation is not deprecated and will continue
- to work, but is less nice to use and does not have as many abilities as
- overrideAttrs.
-
-
-
-
- Do not use this function in Nixpkgs as it evaluates a Derivation
- before modifying it, which breaks package abstraction and removes
- error-checking of function arguments. In addition, this
- evaluation-per-function application incurs a performance penalty,
- which can become a problem if many overrides are used.
- It is only intended for ad-hoc customisation, such as in
- ~/.config/nixpkgs/config.nix.
-
-
+ <pkg>.overrideDerivation
+
- The function overrideDerivation creates a new derivation
- based on an existing one by overriding the original's attributes with
- the attribute set produced by the specified function.
- This function is available on all
- derivations defined using the makeOverridable function.
- Most standard derivation-producing functions, such as
- stdenv.mkDerivation, are defined using this
- function, which means most packages in the nixpkgs expression,
- pkgs, have this function.
+ You should prefer overrideAttrs in almost all cases,
+ see its documentation for the reasons why.
+ overrideDerivation is not deprecated and will continue
+ to work, but is less nice to use and does not have as many abilities as
+ overrideAttrs.
+
+
- Example usage:
-
- mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
+ Do not use this function in Nixpkgs as it evaluates a Derivation before
+ modifying it, which breaks package abstraction and removes error-checking
+ of function arguments. In addition, this evaluation-per-function
+ application incurs a performance penalty, which can become a problem if
+ many overrides are used. It is only intended for ad-hoc customisation,
+ such as in ~/.config/nixpkgs/config.nix.
+
+
+
+
+ The function overrideDerivation creates a new derivation
+ based on an existing one by overriding the original's attributes with the
+ attribute set produced by the specified function. This function is
+ available on all derivations defined using the
+ makeOverridable function. Most standard
+ derivation-producing functions, such as
+ stdenv.mkDerivation, are defined using this function,
+ which means most packages in the nixpkgs expression,
+ pkgs, have this function.
+
+
+
+ Example usage:
+mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
name = "sed-4.2.2-pre";
src = fetchurl {
url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
@@ -146,98 +141,90 @@
};
patches = [];
});
-
+
-
- In the above example, the name, src,
- and patches of the derivation will be overridden, while
- all other attributes will be retained from the original derivation.
-
+
+ In the above example, the name, src,
+ and patches of the derivation will be overridden, while
+ all other attributes will be retained from the original derivation.
+
+
+ The argument oldAttrs is used to refer to the attribute
+ set of the original derivation.
+
+
+
- The argument oldAttrs is used to refer to the attribute set of
- the original derivation.
+ A package's attributes are evaluated *before* being modified by the
+ overrideDerivation function. For example, the
+ name attribute reference in url =
+ "mirror://gnu/hello/${name}.tar.gz"; is filled-in *before* the
+ overrideDerivation function modifies the attribute set.
+ This means that overriding the name attribute, in this
+ example, *will not* change the value of the url
+ attribute. Instead, we need to override both the name
+ *and* url attributes.
-
-
-
- A package's attributes are evaluated *before* being modified by
- the overrideDerivation function.
- For example, the name attribute reference
- in url = "mirror://gnu/hello/${name}.tar.gz";
- is filled-in *before* the overrideDerivation function
- modifies the attribute set. This means that overriding the
- name attribute, in this example, *will not* change the
- value of the url attribute. Instead, we need to override
- both the name *and* url attributes.
-
-
-
+
- lib.makeOverridable
+ lib.makeOverridable
-
- The function lib.makeOverridable is used to make the result
- of a function easily customizable. This utility only makes sense for functions
- that accept an argument set and return an attribute set.
-
-
-
- Example usage:
+
+ The function lib.makeOverridable is used to make the
+ result of a function easily customizable. This utility only makes sense for
+ functions that accept an argument set and return an attribute set.
+
- f = { a, b }: { result = a+b; }
+
+ Example usage:
+f = { a, b }: { result = a+b; }
c = lib.makeOverridable f { a = 1; b = 2; }
-
-
-
-
- The variable c is the value of the f function
- applied with some default arguments. Hence the value of c.result
- is 3, in this example.
-
-
-
- The variable c however also has some additional functions, like
- c.override which can be used to
- override the default arguments. In this example the value of
- (c.override { a = 4; }).result is 6.
-
-
+
+
+
+ The variable c is the value of the f
+ function applied with some default arguments. Hence the value of
+ c.result is 3, in this example.
+
+
+
+ The variable c however also has some additional
+ functions, like c.override which
+ can be used to override the default arguments. In this example the value of
+ (c.override { a = 4; }).result is 6.
+
-
-
-
-
+
+ Generators
- Generators are functions that create file formats from nix
- data structures, e. g. for configuration files.
- There are generators available for: INI,
- JSON and YAML
+ Generators are functions that create file formats from nix data structures,
+ e. g. for configuration files. There are generators available for:
+ INI, JSON and YAML
- All generators follow a similar call interface: generatorName
- configFunctions data, where configFunctions is
- an attrset of user-defined functions that format nested parts of the
- content.
- They each have common defaults, so often they do not need to be set
- manually. An example is mkSectionName ? (name: libStr.escape [ "[" "]"
- ] name) from the INI generator. It receives the
- name of a section and sanitizes it. The default
- mkSectionName escapes [ and
- ] with a backslash.
+ All generators follow a similar call interface: generatorName
+ configFunctions data, where configFunctions is an
+ attrset of user-defined functions that format nested parts of the content.
+ They each have common defaults, so often they do not need to be set
+ manually. An example is mkSectionName ? (name: libStr.escape [ "[" "]"
+ ] name) from the INI generator. It receives the
+ name of a section and sanitizes it. The default
+ mkSectionName escapes [ and
+ ] with a backslash.
- Generators can be fine-tuned to produce exactly the file format required
- by your application/service. One example is an INI-file format which uses
- : as separator, the strings
- "yes"/"no" as boolean values
- and requires all string values to be quoted:
+ Generators can be fine-tuned to produce exactly the file format required by
+ your application/service. One example is an INI-file format which uses
+ : as separator, the strings
+ "yes"/"no" as boolean values and
+ requires all string values to be quoted:
@@ -270,7 +257,9 @@ in customToINI {
}
- This will produce the following INI file as nix string:
+
+ This will produce the following INI file as nix string:
+
[main]
@@ -284,111 +273,138 @@ str\:ange:"very::strange"
merge:"diff3"
- Nix store paths can be converted to strings by enclosing a
- derivation attribute like so: "${drv}".
+
+
+ Nix store paths can be converted to strings by enclosing a derivation
+ attribute like so: "${drv}".
+
+
- Detailed documentation for each generator can be found in
- lib/generators.nix.
+ Detailed documentation for each generator can be found in
+ lib/generators.nix.
-
-
-
-
+
+ Debugging Nix Expressions
- Nix is a unityped, dynamic language, this means every value can
- potentially appear anywhere. Since it is also non-strict, evaluation order
- and what ultimately is evaluated might surprise you. Therefore it is important
- to be able to debug nix expressions.
-
-
- In the lib/debug.nix file you will find a number of
- functions that help (pretty-)printing values while evaluation is runnnig. You
- can even specify how deep these values should be printed recursively, and
- transform them on the fly. Please consult the docstrings in
- lib/debug.nix for usage information.
-
-
+
+ Nix is a unityped, dynamic language, this means every value can potentially
+ appear anywhere. Since it is also non-strict, evaluation order and what
+ ultimately is evaluated might surprise you. Therefore it is important to be
+ able to debug nix expressions.
+
-
+
+ In the lib/debug.nix file you will find a number of
+ functions that help (pretty-)printing values while evaluation is runnnig.
+ You can even specify how deep these values should be printed recursively,
+ and transform them on the fly. Please consult the docstrings in
+ lib/debug.nix for usage information.
+
+
+ buildFHSUserEnv
- buildFHSUserEnv provides a way to build and run
- FHS-compatible lightweight sandboxes. It creates an isolated root with
- bound /nix/store, so its footprint in terms of disk
- space needed is quite small. This allows one to run software which is hard or
- unfeasible to patch for NixOS -- 3rd-party source trees with FHS assumptions,
- games distributed as tarballs, software with integrity checking and/or external
- self-updated binaries. It uses Linux namespaces feature to create
- temporary lightweight environments which are destroyed after all child
- processes exit, without root user rights requirement. Accepted arguments are:
+ buildFHSUserEnv provides a way to build and run
+ FHS-compatible lightweight sandboxes. It creates an isolated root with bound
+ /nix/store, so its footprint in terms of disk space
+ needed is quite small. This allows one to run software which is hard or
+ unfeasible to patch for NixOS -- 3rd-party source trees with FHS
+ assumptions, games distributed as tarballs, software with integrity checking
+ and/or external self-updated binaries. It uses Linux namespaces feature to
+ create temporary lightweight environments which are destroyed after all
+ child processes exit, without root user rights requirement. Accepted
+ arguments are:
-
- name
-
- Environment name.
-
-
-
- targetPkgs
-
- Packages to be installed for the main host's architecture
- (i.e. x86_64 on x86_64 installations). Along with libraries binaries are also
- installed.
-
-
-
- multiPkgs
-
- Packages to be installed for all architectures supported by
- a host (i.e. i686 and x86_64 on x86_64 installations). Only libraries are
- installed by default.
-
-
-
- extraBuildCommands
-
- Additional commands to be executed for finalizing the
- directory structure.
-
-
-
- extraBuildCommandsMulti
-
- Like extraBuildCommands, but
- executed only on multilib architectures.
-
-
-
- extraOutputsToInstall
-
- Additional derivation outputs to be linked for both
- target and multi-architecture packages.
-
-
-
- extraInstallCommands
-
- Additional commands to be executed for finalizing the
- derivation with runner script.
-
-
-
- runScript
-
- A command that would be executed inside the sandbox and
- passed all the command line arguments. It defaults to
- bash.
-
+
+ name
+
+
+
+ Environment name.
+
+
+
+
+ targetPkgs
+
+
+
+ Packages to be installed for the main host's architecture (i.e. x86_64 on
+ x86_64 installations). Along with libraries binaries are also installed.
+
+
+
+
+ multiPkgs
+
+
+
+ Packages to be installed for all architectures supported by a host (i.e.
+ i686 and x86_64 on x86_64 installations). Only libraries are installed by
+ default.
+
+
+
+
+ extraBuildCommands
+
+
+
+ Additional commands to be executed for finalizing the directory
+ structure.
+
+
+
+
+ extraBuildCommandsMulti
+
+
+
+ Like extraBuildCommands, but executed only on multilib
+ architectures.
+
+
+
+
+ extraOutputsToInstall
+
+
+
+ Additional derivation outputs to be linked for both target and
+ multi-architecture packages.
+
+
+
+
+ extraInstallCommands
+
+
+
+ Additional commands to be executed for finalizing the derivation with
+ runner script.
+
+
+
+
+ runScript
+
+
+
+ A command that would be executed inside the sandbox and passed all the
+ command line arguments. It defaults to bash.
+
+
+
- One can create a simple environment using a shell.nix
- like that:
+ One can create a simple environment using a shell.nix
+ like that:
- Running nix-shell would then drop you into a shell with
- these libraries and binaries available. You can use this to run
- closed-source applications which expect FHS structure without hassles:
- simply change runScript to the application path,
- e.g. ./bin/start.sh -- relative paths are supported.
+ Running nix-shell would then drop you into a shell with
+ these libraries and binaries available. You can use this to run
+ closed-source applications which expect FHS structure without hassles:
+ simply change runScript to the application path, e.g.
+ ./bin/start.sh -- relative paths are supported.
-
-
-
-pkgs.dockerTools
+
+
+ pkgs.dockerTools
-
- pkgs.dockerTools is a set of functions for creating and
- manipulating Docker images according to the
-
- Docker Image Specification v1.2.0
- . Docker itself is not used to perform any of the operations done by these
- functions.
-
-
-
- The dockerTools API is unstable and may be subject to
- backwards-incompatible changes in the future.
+ pkgs.dockerTools is a set of functions for creating and
+ manipulating Docker images according to the
+
+ Docker Image Specification v1.2.0 . Docker itself is not used to
+ perform any of the operations done by these functions.
-
-
-
- buildImage
-
- This function is analogous to the docker build command,
- in that can used to build a Docker-compatible repository tarball containing
- a single image with one or multiple layers. As such, the result
- is suitable for being loaded in Docker with docker load.
-
-
-
- The parameters of buildImage with relative example values are
- described below:
-
-
- Docker build
-
+
+
+ The dockerTools API is unstable and may be subject to
+ backwards-incompatible changes in the future.
+
+
+
+
+ buildImage
+
+
+ This function is analogous to the docker build command,
+ in that can used to build a Docker-compatible repository tarball containing
+ a single image with one or multiple layers. As such, the result is suitable
+ for being loaded in Docker with docker load.
+
+
+
+ The parameters of buildImage with relative example
+ values are described below:
+
+
+
+ Docker build
+
buildImage {
name = "redis";
tag = "latest";
@@ -480,238 +495,217 @@ merge:"diff3"
};
}
-
-
- The above example will build a Docker image redis/latest
- from the given base image. Loading and running this image in Docker results in
- redis-server being started automatically.
-
-
-
-
+
+
+
+ The above example will build a Docker image redis/latest
+ from the given base image. Loading and running this image in Docker results
+ in redis-server being started automatically.
+
+
+
+
+
+ name specifies the name of the resulting image. This
+ is the only required argument for buildImage.
+
+
+
+
+ tag specifies the tag of the resulting image. By
+ default it's latest.
+
+
+
+
+ fromImage is the repository tarball containing the
+ base image. It must be a valid Docker image, such as exported by
+ docker save. By default it's null,
+ which can be seen as equivalent to FROM scratch of a
+ Dockerfile.
+
+
+
+
+ fromImageName can be used to further specify the base
+ image within the repository, in case it contains multiple images. By
+ default it's null, in which case
+ buildImage will peek the first image available in the
+ repository.
+
+
+
+
+ fromImageTag can be used to further specify the tag of
+ the base image within the repository, in case an image contains multiple
+ tags. By default it's null, in which case
+ buildImage will peek the first tag available for the
+ base image.
+
+
+
+
+ contents is a derivation that will be copied in the
+ new layer of the resulting image. This can be similarly seen as
+ ADD contents/ / in a Dockerfile.
+ By default it's null.
+
+
+
+
+ runAsRoot is a bash script that will run as root in an
+ environment that overlays the existing layers of the base image with the
+ new resulting layer, including the previously copied
+ contents derivation. This can be similarly seen as
+ RUN ... in a Dockerfile.
+
+
+ Using this parameter requires the kvm device to be
+ available.
+
+
+
+
+
+
+ config is used to specify the configuration of the
+ containers that will be started off the built image in Docker. The
+ available options are listed in the
+
+ Docker Image Specification v1.2.0 .
+
+
+
+
+
+ After the new layer has been created, its closure (to which
+ contents, config and
+ runAsRoot contribute) will be copied in the layer
+ itself. Only new dependencies that are not already in the existing layers
+ will be copied.
+
+
+
+ At the end of the process, only one new single layer will be produced and
+ added to the resulting image.
+
+
+
+ The resulting repository will only list the single image
+ image/tag. In the case of
+ it would be
+ redis/latest.
+
+
+
+ It is possible to inspect the arguments with which an image was built using
+ its buildArgs attribute.
+
+
+
- name specifies the name of the resulting image.
- This is the only required argument for buildImage.
+ If you see errors similar to getProtocolByName: does not exist
+ (no such protocol name: tcp) you may need to add
+ pkgs.iana-etc to contents.
-
+
-
+
- tag specifies the tag of the resulting image.
- By default it's latest.
+ If you see errors similar to Error_Protocol ("certificate has
+ unknown CA",True,UnknownCa) you may need to add
+ pkgs.cacert to contents.
-
-
-
-
- fromImage is the repository tarball containing the base image.
- It must be a valid Docker image, such as exported by docker save.
- By default it's null, which can be seen as equivalent
- to FROM scratch of a Dockerfile.
-
-
-
-
-
- fromImageName can be used to further specify
- the base image within the repository, in case it contains multiple images.
- By default it's null, in which case
- buildImage will peek the first image available
- in the repository.
-
-
-
-
-
- fromImageTag can be used to further specify the tag
- of the base image within the repository, in case an image contains multiple tags.
- By default it's null, in which case
- buildImage will peek the first tag available for the base image.
-
-
-
-
-
- contents is a derivation that will be copied in the new
- layer of the resulting image. This can be similarly seen as
- ADD contents/ / in a Dockerfile.
- By default it's null.
-
-
-
-
-
- runAsRoot is a bash script that will run as root
- in an environment that overlays the existing layers of the base image with
- the new resulting layer, including the previously copied
- contents derivation.
- This can be similarly seen as
- RUN ... in a Dockerfile.
-
-
-
- Using this parameter requires the kvm
- device to be available.
-
-
-
-
-
-
-
- config is used to specify the configuration of the
- containers that will be started off the built image in Docker.
- The available options are listed in the
-
- Docker Image Specification v1.2.0
- .
-
-
-
-
-
-
- After the new layer has been created, its closure
- (to which contents, config and
- runAsRoot contribute) will be copied in the layer itself.
- Only new dependencies that are not already in the existing layers will be copied.
-
-
-
- At the end of the process, only one new single layer will be produced and
- added to the resulting image.
-
-
-
- The resulting repository will only list the single image
- image/tag. In the case of
- it would be redis/latest.
-
-
-
- It is possible to inspect the arguments with which an image was built
- using its buildArgs attribute.
-
-
-
-
-
-
- If you see errors similar to getProtocolByName: does not exist (no such protocol name: tcp)
- you may need to add pkgs.iana-etc to contents.
-
-
-
-
-
- If you see errors similar to Error_Protocol ("certificate has unknown CA",True,UnknownCa)
- you may need to add pkgs.cacert to contents.
-
-
-
-
+
+
-
- pullImage
+
+ pullImage
-
- This function is analogous to the docker pull command,
- in that can be used to fetch a Docker image from a Docker registry.
- Currently only registry v1 is supported.
- By default Docker Hub
- is used to pull images.
-
+
+ This function is analogous to the docker pull command,
+ in that can be used to pull a Docker image from a Docker registry.
+ By default Docker Hub
+ is used to pull images.
+
-
- Its parameters are described in the example below:
-
+
+ Its parameters are described in the example below:
+
- Docker pull
-
+
+ Docker pull
+
pullImage {
- imageName = "debian";
- imageTag = "jessie";
- imageId = null;
- sha256 = "1bhw5hkz6chrnrih0ymjbmn69hyfriza2lr550xyvpdrnbzr4gk2";
-
- indexUrl = "https://index.docker.io";
- registryVersion = "v1";
+ imageName = "nixos/nix";
+ imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b";
+ finalImageTag = "1.11";
+ sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8";
}
-
-
-
-
-
- imageName specifies the name of the image to be downloaded,
- which can also include the registry namespace (e.g. library/debian).
- This argument is required.
-
-
-
-
-
- imageTag specifies the tag of the image to be downloaded.
- By default it's latest.
-
-
-
-
-
- imageId, if specified this exact image will be fetched, instead
- of imageName/imageTag. However, the resulting repository
- will still be named imageName/imageTag.
- By default it's null.
-
-
-
-
-
- sha256 is the checksum of the whole fetched image.
- This argument is required.
-
+
+
+
+
+
+ imageName specifies the name of the image to be downloaded,
+ which can also include the registry namespace (e.g. nixos).
+ This argument is required.
+
+
+
+
+ imageDigest specifies the digest of the image
+ to be downloaded. Skopeo can be used to get the digest of an image
+
+ $ skopeo inspect docker://docker.io/nixos/nix:1.11 | jq -r '.Digest'
+ sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b
+
+ This argument is required.
+
+
+
+
+ finalImageTag, if specified, this is the tag of
+ the image to be created. Note it is never used to fetch the image
+ since we prefer to rely on the immutable digest ID. By default
+ it's latest.
+
+
+
+
+ sha256 is the checksum of the whole fetched image.
+ This argument is required.
+
+
+
+
-
- The checksum is computed on the unpacked directory, not on the final tarball.
-
+
+ exportImage
-
+
+ This function is analogous to the docker export command,
+ in that can used to flatten a Docker image that contains multiple layers.
+ It is in fact the result of the merge of all the layers of the image. As
+ such, the result is suitable for being imported in Docker with
+ docker import.
+
-
+
- In the above example the default values are shown for the variables
- indexUrl and registryVersion.
- Hence by default the Docker.io registry is used to pull the images.
+ Using this function requires the kvm device to be
+ available.
-
-
-
-
-
-
- exportImage
-
-
- This function is analogous to the docker export command,
- in that can used to flatten a Docker image that contains multiple layers.
- It is in fact the result of the merge of all the layers of the image.
- As such, the result is suitable for being imported in Docker
- with docker import.
-
-
-
-
- Using this function requires the kvm
- device to be available.
-
-
+
-
- The parameters of exportImage are the following:
-
+
+ The parameters of exportImage are the following:
+
- Docker export
-
+
+ Docker export
+
exportImage {
fromImage = someLayeredImage;
fromImageName = null;
@@ -720,33 +714,35 @@ merge:"diff3"
name = someLayeredImage.name;
}
-
-
-
- The parameters relative to the base image have the same synopsis as
- described in , except that
- fromImage is the only required argument in this case.
-
-
-
- The name argument is the name of the derivation output,
- which defaults to fromImage.name.
-
-
+
+
+
+ The parameters relative to the base image have the same synopsis as
+ described in , except
+ that fromImage is the only required argument in this
+ case.
+
+
+
+ The name argument is the name of the derivation output,
+ which defaults to fromImage.name.
+
+
-
- shadowSetup
+
+ shadowSetup
-
- This constant string is a helper for setting up the base files for managing
- users and groups, only if such files don't exist already.
- It is suitable for being used in a
- runAsRoot script for cases like
- in the example below:
-
+
+ This constant string is a helper for setting up the base files for managing
+ users and groups, only if such files don't exist already. It is suitable
+ for being used in a runAsRoot
+ script for cases like
+ in the example below:
+
- Shadow base files
-
+
+ Shadow base files
+
buildImage {
name = "shadow-basic";
@@ -760,16 +756,13 @@ merge:"diff3"
'';
}
-
-
-
- Creating base files like /etc/passwd or
- /etc/login.defs are necessary for shadow-utils to
- manipulate users and groups.
-
-
-
-
-
+
+
+ Creating base files like /etc/passwd or
+ /etc/login.defs are necessary for shadow-utils to
+ manipulate users and groups.
+
+
+
diff --git a/doc/languages-frameworks/beam.xml b/doc/languages-frameworks/beam.xml
index 1a18ed27237c23f44b4c0b67cfea573572000d5b..ac7a83ed426508d59fb26861568829451699f914 100644
--- a/doc/languages-frameworks/beam.xml
+++ b/doc/languages-frameworks/beam.xml
@@ -1,124 +1,137 @@
+ BEAM Languages (Erlang, Elixir & LFE)
- BEAM Languages (Erlang, Elixir & LFE)
-
- Introduction
-
- In this document and related Nix expressions, we use the term,
- BEAM, to describe the environment. BEAM is the name
- of the Erlang Virtual Machine and, as far as we're concerned, from a
- packaging perspective, all languages that run on the BEAM are
- interchangeable. That which varies, like the build system, is transparent
- to users of any given BEAM package, so we make no distinction.
-
-
-
- Structure
-
- All BEAM-related expressions are available via the top-level
- beam attribute, which includes:
-
-
-
-
- interpreters: a set of compilers running on the
- BEAM, including multiple Erlang/OTP versions
- (beam.interpreters.erlangR19, etc), Elixir
- (beam.interpreters.elixir) and LFE
- (beam.interpreters.lfe).
-
-
-
-
- packages: a set of package sets, each compiled with
- a specific Erlang/OTP version, e.g.
- beam.packages.erlangR19.
-
-
-
-
- The default Erlang compiler, defined by
- beam.interpreters.erlang, is aliased as
- erlang. The default BEAM package set is defined by
- beam.packages.erlang and aliased at the top level as
- beamPackages.
-
+
+ Introduction
+
+
+ In this document and related Nix expressions, we use the term,
+ BEAM, to describe the environment. BEAM is the name of
+ the Erlang Virtual Machine and, as far as we're concerned, from a packaging
+ perspective, all languages that run on the BEAM are interchangeable. That
+ which varies, like the build system, is transparent to users of any given
+ BEAM package, so we make no distinction.
+
+
+
+
+ Structure
+
+
+ All BEAM-related expressions are available via the top-level
+ beam attribute, which includes:
+
+
+
+
- To create a package set built with a custom Erlang version, use the
- lambda, beam.packagesWith, which accepts an Erlang/OTP
- derivation and produces a package set similar to
- beam.packages.erlang.
+ interpreters: a set of compilers running on the BEAM,
+ including multiple Erlang/OTP versions
+ (beam.interpreters.erlangR19, etc), Elixir
+ (beam.interpreters.elixir) and LFE
+ (beam.interpreters.lfe).
+
+
- Many Erlang/OTP distributions available in
- beam.interpreters have versions with ODBC and/or Java
- enabled. For example, there's
- beam.interpreters.erlangR19_odbc_javac, which
- corresponds to beam.interpreters.erlangR19.
+ packages: a set of package sets, each compiled with a
+ specific Erlang/OTP version, e.g.
+ beam.packages.erlangR19.
-
- We also provide the lambda,
- beam.packages.erlang.callPackage, which simplifies
- writing BEAM package definitions by injecting all packages from
- beam.packages.erlang into the top-level context.
-
-
-
+
+
+
+
+ The default Erlang compiler, defined by
+ beam.interpreters.erlang, is aliased as
+ erlang. The default BEAM package set is defined by
+ beam.packages.erlang and aliased at the top level as
+ beamPackages.
+
+
+
+ To create a package set built with a custom Erlang version, use the lambda,
+ beam.packagesWith, which accepts an Erlang/OTP derivation
+ and produces a package set similar to
+ beam.packages.erlang.
+
+
+
+ Many Erlang/OTP distributions available in
+ beam.interpreters have versions with ODBC and/or Java
+ enabled. For example, there's
+ beam.interpreters.erlangR19_odbc_javac, which corresponds
+ to beam.interpreters.erlangR19.
+
+
+
+ We also provide the lambda,
+ beam.packages.erlang.callPackage, which simplifies
+ writing BEAM package definitions by injecting all packages from
+ beam.packages.erlang into the top-level context.
+
+
+
+ Build Tools
+
- Rebar3
-
- By default, Rebar3 wants to manage its own dependencies. This is perfectly
- acceptable in the normal, non-Nix setup, but in the Nix world, it is not.
- To rectify this, we provide two versions of Rebar3:
-
-
-
- rebar3: patched to remove the ability to download
- anything. When not running it via nix-shell or
- nix-build, it's probably not going to work as
- desired.
-
-
-
-
- rebar3-open: the normal, unmodified Rebar3. It
- should work exactly as would any other version of Rebar3. Any Erlang
- package should rely on rebar3 instead. See Rebar3
+
+
+ By default, Rebar3 wants to manage its own dependencies. This is perfectly
+ acceptable in the normal, non-Nix setup, but in the Nix world, it is not.
+ To rectify this, we provide two versions of Rebar3:
+
+
+
+ rebar3: patched to remove the ability to download
+ anything. When not running it via nix-shell or
+ nix-build, it's probably not going to work as
+ desired.
+
+
+
+
+ rebar3-open: the normal, unmodified Rebar3. It should
+ work exactly as would any other version of Rebar3. Any Erlang package
+ should rely on rebar3 instead. See
+ .
-
-
-
-
+
+
+
+
+
- Mix & Erlang.mk
-
- Both Mix and Erlang.mk work exactly as expected. There is a bootstrap
- process that needs to be run for both, however, which is supported by the
- buildMix and buildErlangMk
- derivations, respectively.
-
+ Mix & Erlang.mk
+
+
+ Both Mix and Erlang.mk work exactly as expected. There is a bootstrap
+ process that needs to be run for both, however, which is supported by the
+ buildMix and buildErlangMk
+ derivations, respectively.
+
-
+
-
+ How to Install BEAM Packages
+
- BEAM packages are not registered at the top level, simply because they are
- not relevant to the vast majority of Nix users. They are installable using
- the beam.packages.erlang attribute set (aliased as
- beamPackages), which points to packages built by the
- default Erlang/OTP version in Nixpkgs, as defined by
- beam.interpreters.erlang.
-
- To list the available packages in
- beamPackages, use the following command:
+ BEAM packages are not registered at the top level, simply because they are
+ not relevant to the vast majority of Nix users. They are installable using
+ the beam.packages.erlang attribute set (aliased as
+ beamPackages), which points to packages built by the
+ default Erlang/OTP version in Nixpkgs, as defined by
+ beam.interpreters.erlang. To list the available packages
+ in beamPackages, use the following command:
-
+
$ nix-env -f "<nixpkgs>" -qaP -A beamPackages
beamPackages.esqlite esqlite-0.2.1
beamPackages.goldrush goldrush-0.1.7
@@ -128,34 +141,43 @@ beamPackages.lager lager-3.0.2
beamPackages.meck meck-0.8.3
beamPackages.rebar3-pc pc-1.1.0
+
- To install any of those packages into your profile, refer to them by their
- attribute path (first column):
+ To install any of those packages into your profile, refer to them by their
+ attribute path (first column):
-
+
+
$ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
+
- The attribute path of any BEAM package corresponds to the name of that
- particular package in Hex or its
- OTP Application/Release name.
+ The attribute path of any BEAM package corresponds to the name of that
+ particular package in Hex or its
+ OTP Application/Release name.
-
-
+
+
+ Packaging BEAM Applications
+
- Erlang Applications
-
- Rebar3 Packages
-
- The Nix function, buildRebar3, defined in
- beam.packages.erlang.buildRebar3 and aliased at the
- top level, can be used to build a derivation that understands how to
- build a Rebar3 project. For example, we can build hex2nix as
- follows:
-
-
+ Erlang Applications
+
+
+ Rebar3 Packages
+
+
+ The Nix function, buildRebar3, defined in
+ beam.packages.erlang.buildRebar3 and aliased at the top
+ level, can be used to build a derivation that understands how to build a
+ Rebar3 project. For example, we can build
+ hex2nix
+ as follows:
+
+
+
{ stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
@@ -172,33 +194,40 @@ $ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
beamDeps = [ ibrowse jsx erlware_commons ];
}
-
- Such derivations are callable with
- beam.packages.erlang.callPackage (see ). To call this package using the normal
- callPackage, refer to dependency packages via
- beamPackages, e.g.
- beamPackages.ibrowse.
-
-
- Notably, buildRebar3 includes
- beamDeps, while
- stdenv.mkDerivation does not. BEAM dependencies added
- there will be correctly handled by the system.
-
-
- If a package needs to compile native code via Rebar3's port compilation
- mechanism, add compilePort = true; to the derivation.
-
-
-
- Erlang.mk Packages
-
- Erlang.mk functions similarly to Rebar3, except we use
- buildErlangMk instead of
- buildRebar3.
-
-
+
+
+ Such derivations are callable with
+ beam.packages.erlang.callPackage (see
+ ). To call this package using
+ the normal callPackage, refer to dependency packages
+ via beamPackages, e.g.
+ beamPackages.ibrowse.
+
+
+
+ Notably, buildRebar3 includes
+ beamDeps, while stdenv.mkDerivation
+ does not. BEAM dependencies added there will be correctly handled by the
+ system.
+
+
+
+ If a package needs to compile native code via Rebar3's port compilation
+ mechanism, add compilePort = true; to the derivation.
+
+
+
+
+ Erlang.mk Packages
+
+
+ Erlang.mk functions similarly to Rebar3, except we use
+ buildErlangMk instead of
+ buildRebar3.
+
+
+
{ buildErlangMk, fetchHex, cowlib, ranch }:
buildErlangMk {
@@ -222,14 +251,17 @@ $ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
};
}
-
-
- Mix Packages
-
- Mix functions similarly to Rebar3, except we use
- buildMix instead of buildRebar3.
-
-
+
+
+
+ Mix Packages
+
+
+ Mix functions similarly to Rebar3, except we use
+ buildMix instead of buildRebar3.
+
+
+
{ buildMix, fetchHex, plug, absinthe }:
buildMix {
@@ -253,10 +285,12 @@ $ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
};
}
-
- Alternatively, we can use buildHex as a shortcut:
-
-
+
+
+ Alternatively, we can use buildHex as a shortcut:
+
+
+
{ buildHex, buildMix, plug, absinthe }:
buildHex {
@@ -278,21 +312,25 @@ $ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
};
}
-
+
-
-
+
+
+ How to Develop
+
- Accessing an Environment
-
- Often, we simply want to access a valid environment that contains a
- specific package and its dependencies. We can accomplish that with the
- env attribute of a derivation. For example, let's say
- we want to access an Erlang REPL with ibrowse loaded
- up. We could do the following:
-
-
+ Accessing an Environment
+
+
+ Often, we simply want to access a valid environment that contains a
+ specific package and its dependencies. We can accomplish that with the
+ env attribute of a derivation. For example, let's say we
+ want to access an Erlang REPL with ibrowse loaded up. We
+ could do the following:
+
+
+
$ nix-shell -A beamPackages.ibrowse.env --run "erl"
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
@@ -333,22 +371,25 @@ $ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
ok
2>
-
- Notice the -A beamPackages.ibrowse.env. That is the key
- to this functionality.
-
+
+
+ Notice the -A beamPackages.ibrowse.env. That is the key
+ to this functionality.
+
+
- Creating a Shell
-
- Getting access to an environment often isn't enough to do real
- development. Usually, we need to create a shell.nix
- file and do our development inside of the environment specified therein.
- This file looks a lot like the packaging described above, except that
- src points to the project root and we call the package
- directly.
-
-
+ Creating a Shell
+
+
+ Getting access to an environment often isn't enough to do real development.
+ Usually, we need to create a shell.nix file and do our
+ development inside of the environment specified therein. This file looks a
+ lot like the packaging described above, except that src
+ points to the project root and we call the package directly.
+
+
+
{ pkgs ? import "<nixpkgs"> {} }:
with pkgs;
@@ -368,13 +409,16 @@ in
drv
-
+
+ Building in a Shell (for Mix Projects)
+
- We can leverage the support of the derivation, irrespective of the build
- derivation, by calling the commands themselves.
+ We can leverage the support of the derivation, irrespective of the build
+ derivation, by calling the commands themselves.
-
+
+
# =============================================================================
# Variables
# =============================================================================
@@ -431,44 +475,54 @@ analyze: build plt
$(NIX_SHELL) --run "mix dialyzer --no-compile"
+
- Using a shell.nix as described (see shell.nix as described (see
+ ) should just work. Aside from
- test, plt, and
- analyze, the Make targets work just fine for all of the
- build derivations.
+ test, plt, and
+ analyze, the Make targets work just fine for all of the
+ build derivations.
+
-
-
-
+
+
+ Generating Packages from Hex with <literal>hex2nix</literal>
+
- Updating the Hex package set
- requires hex2nix. Given the
- path to the Erlang modules (usually
- pkgs/development/erlang-modules), it will dump a file
- called hex-packages.nix, containing all the packages that
- use a recognized build system in Hex. It can't be determined, however,
- whether every package is buildable.
-
-
- To make life easier for our users, try to build every Hex package and remove those that fail.
- To do that, simply run the following command in the root of your
- nixpkgs repository:
-
-
+ Updating the Hex package set
+ requires
+ hex2nix.
+ Given the path to the Erlang modules (usually
+ pkgs/development/erlang-modules), it will dump a file
+ called hex-packages.nix, containing all the packages that
+ use a recognized build system in
+ Hex. It can't be determined,
+ however, whether every package is buildable.
+
+
+
+ To make life easier for our users, try to build every
+ Hex package and remove those
+ that fail. To do that, simply run the following command in the root of your
+ nixpkgs repository:
+
+
+
$ nix-build -A beamPackages
-
- That will attempt to build every package in
- beamPackages. Then manually remove those that fail.
- Hopefully, someone will improve hex2nix in the
- future to automate the process.
-
-
+
+
+ That will attempt to build every package in beamPackages.
+ Then manually remove those that fail. Hopefully, someone will improve
+ hex2nix
+ in the future to automate the process.
+
+
diff --git a/doc/languages-frameworks/bower.xml b/doc/languages-frameworks/bower.xml
index 742d3c2e9fe5790e01b0ea6ecf10bb128fa818ca..db7536cdc14e32f0a5f9e47597322878c24c1033 100644
--- a/doc/languages-frameworks/bower.xml
+++ b/doc/languages-frameworks/bower.xml
@@ -1,40 +1,37 @@
-
-Bower
-
-
- Bower is a package manager
- for web site front-end components. Bower packages (comprising of
- build artefacts and sometimes sources) are stored in
- git repositories, typically on Github. The
- package registry is run by the Bower team with package metadata
- coming from the bower.json file within each
- package.
-
-
-
- The end result of running Bower is a
- bower_components directory which can be included
- in the web app's build process.
-
-
-
+ Bower
+
+
+ Bower is a package manager for web
+ site front-end components. Bower packages (comprising of build artefacts and
+ sometimes sources) are stored in git repositories,
+ typically on Github. The package registry is run by the Bower team with
+ package metadata coming from the bower.json file within
+ each package.
+
+
+
+ The end result of running Bower is a bower_components
+ directory which can be included in the web app's build process.
+
+
+
Bower can be run interactively, by installing
nodePackages.bower. More interestingly, the Bower
components can be declared in a Nix derivation, with the help of
nodePackages.bower2nix.
-
+
-
+ <command>bower2nix</command> usage
-
- Suppose you have a bower.json with the following contents:
-
-
-<filename>bower.json</filename>
+
+ Suppose you have a bower.json with the following
+ contents:
+
+ <filename>bower.json</filename>
-
-
-
-
-
- Running bower2nix will produce something like the
- following output:
+
+
+
+ Running bower2nix will produce something like the
+ following output:
-
-
+
-
- Using the bower2nix command line arguments, the
- output can be redirected to a file. A name like
- bower-packages.nix would be fine.
-
+
+ Using the bower2nix command line arguments, the output
+ can be redirected to a file. A name like
+ bower-packages.nix would be fine.
+
-
- The resulting derivation is a union of all the downloaded Bower
- packages (and their dependencies). To use it, they still need to be
- linked together by Bower, which is where
- buildBowerComponents is useful.
-
-
+
+ The resulting derivation is a union of all the downloaded Bower packages
+ (and their dependencies). To use it, they still need to be linked together
+ by Bower, which is where buildBowerComponents is useful.
+
+
-<varname>buildBowerComponents</varname> function
+
+ <varname>buildBowerComponents</varname> function
- The function is implemented in
- pkgs/development/bower-modules/generic/default.nix.
- Example usage:
-
-buildBowerComponents
+ The function is implemented in
+
+ pkgs/development/bower-modules/generic/default.nix.
+ Example usage:
+
+ buildBowerComponents
bowerComponents = buildBowerComponents {
name = "my-web-app";
@@ -92,42 +87,42 @@ bowerComponents = buildBowerComponents {
src = myWebApp;
};
-
+
-
-In , the following arguments
-are of special significance to the function:
-
-
-
-
- generated specifies the file which was created by bower2nix.
-
-
-
-
-
- src is your project's sources. It needs to
- contain a bower.json file.
-
-
-
-
-
-
- buildBowerComponents will run Bower to link
- together the output of bower2nix, resulting in a
- bower_components directory which can be used.
-
-
-
- Here is an example of a web frontend build process using
- gulp. You might use grunt, or
- anything else.
-
-
-Example build script (<filename>gulpfile.js</filename>)
+
+ In , the following arguments are
+ of special significance to the function:
+
+
+
+ generated specifies the file which was created by
+ bower2nix.
+
+
+
+
+ src is your project's sources. It needs to contain a
+ bower.json file.
+
+
+
+
+
+
+ buildBowerComponents will run Bower to link together the
+ output of bower2nix, resulting in a
+ bower_components directory which can be used.
+
+
+
+ Here is an example of a web frontend build process using
+ gulp. You might use grunt, or anything
+ else.
+
+
+
+ Example build script (<filename>gulpfile.js</filename>)
-
+
-
- Full example — <filename>default.nix</filename>
+
+ Full example — <filename>default.nix</filename>
{ myWebApp ? { outPath = ./.; name = "myWebApp"; }
, pkgs ? import <nixpkgs> {}
@@ -172,73 +167,63 @@ pkgs.stdenv.mkDerivation {
installPhase = "mv gulpdist $out";
}
-
-
-
-A few notes about :
-
-
-
-
- The result of buildBowerComponents is an
- input to the frontend build.
-
-
-
-
-
- Whether to symlink or copy the
- bower_components directory depends on the
- build tool in use. In this case a copy is used to avoid
- gulp silliness with permissions.
-
-
-
-
-
- gulp requires HOME to
- refer to a writeable directory.
-
-
-
-
-
+
+
+
+ A few notes about :
+
+
+
+ The result of buildBowerComponents is an input to the
+ frontend build.
+
+
+
+
+ Whether to symlink or copy the bower_components
+ directory depends on the build tool in use. In this case a copy is used
+ to avoid gulp silliness with permissions.
+
+
+
+
+ gulp requires HOME to refer to a
+ writeable directory.
+
+
+
+
The actual build command. Other tools could be used.
-
-
-
-
-
+
+
+
+
+
-
+ Troubleshooting
-
-
-
-
- ENOCACHE errors from
+
+
+ ENOCACHE errors from
buildBowerComponents
-
- This means that Bower was looking for a package version which
- doesn't exist in the generated
- bower-packages.nix.
-
-
- If bower.json has been updated, then run
- bower2nix again.
-
-
- It could also be a bug in bower2nix or
- fetchbower. If possible, try reformulating
- the version specification in bower.json.
-
+
+ This means that Bower was looking for a package version which doesn't
+ exist in the generated bower-packages.nix.
+
+
+ If bower.json has been updated, then run
+ bower2nix again.
+
+
+ It could also be a bug in bower2nix or
+ fetchbower. If possible, try reformulating the version
+ specification in bower.json.
+
-
-
-
-
-
+
+
+
diff --git a/doc/languages-frameworks/coq.xml b/doc/languages-frameworks/coq.xml
index 0ce1abd6194c8db12713e66155c3b51adf40f159..d5f2574039f22e8b75d607e498c672d8c7dd688b 100644
--- a/doc/languages-frameworks/coq.xml
+++ b/doc/languages-frameworks/coq.xml
@@ -1,36 +1,38 @@
+ Coq
-Coq
-
- Coq libraries should be installed in
- $(out)/lib/coq/${coq.coq-version}/user-contrib/.
- Such directories are automatically added to the
- $COQPATH environment variable by the hook defined
- in the Coq derivation.
-
-
- Some libraries require OCaml and sometimes also Camlp5 or findlib.
- The exact versions that were used to build Coq are saved in the
- coq.ocaml and coq.camlp5
- and coq.findlib attributes.
-
-
- Coq libraries may be compatible with some specific versions of Coq only.
- The compatibleCoqVersions attribute is used to
- precisely select those versions of Coq that are compatible with this
- derivation.
-
-
- Here is a simple package example. It is a pure Coq library, thus it
- depends on Coq. It builds on the Mathematical Components library, thus it
- also takes mathcomp as buildInputs.
- Its Makefile has been generated using
- coq_makefile so we only have to
- set the $COQLIB variable at install time.
-
-
+
+ Coq libraries should be installed in
+ $(out)/lib/coq/${coq.coq-version}/user-contrib/. Such
+ directories are automatically added to the $COQPATH
+ environment variable by the hook defined in the Coq derivation.
+
+
+
+ Some libraries require OCaml and sometimes also Camlp5 or findlib. The exact
+ versions that were used to build Coq are saved in the
+ coq.ocaml and coq.camlp5 and
+ coq.findlib attributes.
+
+
+
+ Coq libraries may be compatible with some specific versions of Coq only. The
+ compatibleCoqVersions attribute is used to precisely
+ select those versions of Coq that are compatible with this derivation.
+
+
+
+ Here is a simple package example. It is a pure Coq library, thus it depends
+ on Coq. It builds on the Mathematical Components library, thus it also takes
+ mathcomp as buildInputs. Its
+ Makefile has been generated using
+ coq_makefile so we only have to set the
+ $COQLIB variable at install time.
+
+
+
{ stdenv, fetchFromGitHub, coq, mathcomp }:
stdenv.mkDerivation rec {
diff --git a/doc/languages-frameworks/go.xml b/doc/languages-frameworks/go.xml
index 54ea60c902129269502729a8aa49483f575c377a..ab4c9f0f7c8857f6d527b2dcbdc0e8e37c678f45 100644
--- a/doc/languages-frameworks/go.xml
+++ b/doc/languages-frameworks/go.xml
@@ -1,14 +1,14 @@
+ Go
-Go
+
+ The function buildGoPackage builds standard Go programs.
+
-The function buildGoPackage builds
-standard Go programs.
-
-
-buildGoPackage
+
+ buildGoPackage
deis = buildGoPackage rec {
name = "deis-${version}";
@@ -29,55 +29,56 @@ deis = buildGoPackage rec {
buildFlags = "--tags release";
}
-
-
- is an example expression using buildGoPackage,
-the following arguments are of special significance to the function:
-
-
-
-
+
+
+
+ is an example expression using
+ buildGoPackage, the following arguments are of special significance to the
+ function:
+
+
- goPackagePath specifies the package's canonical Go import path.
+ goPackagePath specifies the package's canonical Go
+ import path.
-
-
-
+
+
- subPackages limits the builder from building child packages that
- have not been listed. If subPackages is not specified, all child
- packages will be built.
+ subPackages limits the builder from building child
+ packages that have not been listed. If subPackages is
+ not specified, all child packages will be built.
- In this example only github.com/deis/deis/client will be built.
+ In this example only github.com/deis/deis/client will
+ be built.
-
-
-
+
+
- goDeps is where the Go dependencies of a Go program are listed
- as a list of package source identified by Go import path.
- It could be imported as a separate deps.nix file for
- readability. The dependency data structure is described below.
+ goDeps is where the Go dependencies of a Go program are
+ listed as a list of package source identified by Go import path. It could
+ be imported as a separate deps.nix file for
+ readability. The dependency data structure is described below.
-
-
-
+
+
- buildFlags is a list of flags passed to the go build command.
+ buildFlags is a list of flags passed to the go build
+ command.
-
-
-
-
-
-
-The goDeps attribute can be imported from a separate
- nix file that defines which Go libraries are needed and should
- be included in GOPATH for buildPhase.
-
-
-deps.nix
+
+
+
+
+
+ The goDeps attribute can be imported from a separate
+ nix file that defines which Go libraries are needed and
+ should be included in GOPATH for
+ buildPhase.
+
+
+
+ deps.nix
[
{
@@ -100,67 +101,60 @@ the following arguments are of special significance to the function:
}
]
-
+
-
-
-
-
-
+
+
+
- goDeps is a list of Go dependencies.
+ goDeps is a list of Go dependencies.
-
-
-
+
+
- goPackagePath specifies Go package import path.
+ goPackagePath specifies Go package import path.
-
-
-
+
+
- fetch type that needs to be used to get package source. If git
- is used there should be url, rev and sha256
- defined next to it.
+ fetch type that needs to be used to get package source.
+ If git is used there should be url,
+ rev and sha256 defined next to it.
-
-
-
-
-
-
-To extract dependency information from a Go package in automated way use go2nix.
- It can produce complete derivation and goDeps file for Go programs.
-
-
- buildGoPackage produces
- where bin includes program binaries. You can test build a Go binary as follows:
-
-
+
+
+
+
+
+ To extract dependency information from a Go package in automated way use
+ go2nix. It can
+ produce complete derivation and goDeps file for Go
+ programs.
+
+
+
+ buildGoPackage produces
+ where
+ bin includes program binaries. You can test build a Go
+ binary as follows:
+
$ nix-build -A deis.bin
-
or build all outputs with:
-
-
+
$ nix-build -A deis.all
+ bin output will be installed by default with
+ nix-env -i or systemPackages.
+
- bin output will be installed by default with nix-env -i
- or systemPackages.
-
-
-
-
-You may use Go packages installed into the active Nix profiles by adding
-the following to your ~/.bashrc:
-
+
+ You may use Go packages installed into the active Nix profiles by adding the
+ following to your ~/.bashrc:
for p in $NIX_PROFILES; do
GOPATH="$p/share/go:$GOPATH"
done
-
-
+
diff --git a/doc/languages-frameworks/index.xml b/doc/languages-frameworks/index.xml
index a1c265f674845693ec06d3d3c3bf7f702a3b898b..f22984cb56b0aba028488f843539982ba6bb1d78 100644
--- a/doc/languages-frameworks/index.xml
+++ b/doc/languages-frameworks/index.xml
@@ -1,36 +1,31 @@
-
-Support for specific programming languages and frameworks
-
-The standard build
-environment makes it easy to build typical Autotools-based
-packages with very little code. Any other kind of package can be
-accomodated by overriding the appropriate phases of
-stdenv. However, there are specialised functions
-in Nixpkgs to easily build packages for other programming languages,
-such as Perl or Haskell. These are described in this chapter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ Support for specific programming languages and frameworks
+
+ The standard build environment makes it
+ easy to build typical Autotools-based packages with very little code. Any
+ other kind of package can be accomodated by overriding the appropriate phases
+ of stdenv. However, there are specialised functions in
+ Nixpkgs to easily build packages for other programming languages, such as
+ Perl or Haskell. These are described in this chapter.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/languages-frameworks/java.xml b/doc/languages-frameworks/java.xml
index 2507cc2c469ad7e30f0a0f6c0ecef5428e46798a..dcf4d17fa57d86dd185a4f05e162f48c75caf3f0 100644
--- a/doc/languages-frameworks/java.xml
+++ b/doc/languages-frameworks/java.xml
@@ -1,11 +1,10 @@
+ Java
-Java
-
-Ant-based Java packages are typically built from source as follows:
-
+
+ Ant-based Java packages are typically built from source as follows:
stdenv.mkDerivation {
name = "...";
@@ -16,33 +15,33 @@ stdenv.mkDerivation {
buildPhase = "ant";
}
-
-Note that jdk is an alias for the OpenJDK.
-
-JAR files that are intended to be used by other packages should
-be installed in $out/share/java. The OpenJDK has
-a stdenv setup hook that adds any JARs in the
-share/java directories of the build inputs to the
-CLASSPATH environment variable. For instance, if the
-package libfoo installs a JAR named
-foo.jar in its share/java
-directory, and another package declares the attribute
-
+ Note that jdk is an alias for the OpenJDK.
+
+
+
+ JAR files that are intended to be used by other packages should be installed
+ in $out/share/java. The OpenJDK has a stdenv setup hook
+ that adds any JARs in the share/java directories of the
+ build inputs to the CLASSPATH environment variable. For
+ instance, if the package libfoo installs a JAR named
+ foo.jar in its share/java
+ directory, and another package declares the attribute
buildInputs = [ jdk libfoo ];
-
-then CLASSPATH will be set to
-/nix/store/...-libfoo/share/java/foo.jar.
-
-Private JARs
-should be installed in a location like
-$out/share/package-name.
-
-If your Java package provides a program, you need to generate a
-wrapper script to run it using the OpenJRE. You can use
-makeWrapper for this:
-
+ then CLASSPATH will be set to
+ /nix/store/...-libfoo/share/java/foo.jar.
+
+
+
+ Private JARs should be installed in a location like
+ $out/share/package-name.
+
+
+
+ If your Java package provides a program, you need to generate a wrapper
+ script to run it using the OpenJRE. You can use
+ makeWrapper for this:
buildInputs = [ makeWrapper ];
@@ -53,23 +52,20 @@ installPhase =
--add-flags "-cp $out/share/java/foo.jar org.foo.Main"
'';
-
-Note the use of jre, which is the part of the
-OpenJDK package that contains the Java Runtime Environment. By using
-${jre}/bin/java instead of
-${jdk}/bin/java, you prevent your package from
-depending on the JDK at runtime.
-
-It is possible to use a different Java compiler than
-javac from the OpenJDK. For instance, to use the
-GNU Java Compiler:
-
+ Note the use of jre, which is the part of the OpenJDK
+ package that contains the Java Runtime Environment. By using
+ ${jre}/bin/java instead of
+ ${jdk}/bin/java, you prevent your package from depending
+ on the JDK at runtime.
+
+
+
+ It is possible to use a different Java compiler than javac
+ from the OpenJDK. For instance, to use the GNU Java Compiler:
buildInputs = [ gcj ant ];
-
-Here, Ant will automatically use gij (the GNU Java
-Runtime) instead of the OpenJRE.
-
+ Here, Ant will automatically use gij (the GNU Java
+ Runtime) instead of the OpenJRE.
+
-
diff --git a/doc/languages-frameworks/lua.xml b/doc/languages-frameworks/lua.xml
index 39b086af4cb13c95abbea7f8819e8ae84db143f1..2101402999607e5df56493728912f0f34e8a2e68 100644
--- a/doc/languages-frameworks/lua.xml
+++ b/doc/languages-frameworks/lua.xml
@@ -1,24 +1,22 @@
+ Lua
-Lua
-
-
- Lua packages are built by the buildLuaPackage function. This function is
- implemented
- in
+
+ Lua packages are built by the buildLuaPackage function.
+ This function is implemented in
+
pkgs/development/lua-modules/generic/default.nix
and works similarly to buildPerlPackage. (See
for details.)
-
+
-
- Lua packages are defined
- in pkgs/top-level/lua-packages.nix.
+
+ Lua packages are defined in
+ pkgs/top-level/lua-packages.nix.
Most of them are simple. For example:
-
-
+
fileSystem = buildLuaPackage {
name = "filesystem-1.6.2";
src = fetchurl {
@@ -32,20 +30,19 @@ fileSystem = buildLuaPackage {
};
};
-
+
-
+
Though, more complicated package should be placed in a seperate file in
pkgs/development/lua-modules.
-
-
- Lua packages accept additional parameter disabled, which defines
- the condition of disabling package from luaPackages. For example, if package has
- disabled assigned to lua.luaversion != "5.1",
- it will not be included in any luaPackages except lua51Packages, making it
- only be built for lua 5.1.
-
+
+
+ Lua packages accept additional parameter disabled, which
+ defines the condition of disabling package from luaPackages. For example, if
+ package has disabled assigned to lua.luaversion
+ != "5.1", it will not be included in any luaPackages except
+ lua51Packages, making it only be built for lua 5.1.
+
-
diff --git a/doc/languages-frameworks/perl.xml b/doc/languages-frameworks/perl.xml
index 149fcb275a0954376cc00a6d0d282accb1004044..2fe64999e1392de170c7e3614dc52f77c33aee35 100644
--- a/doc/languages-frameworks/perl.xml
+++ b/doc/languages-frameworks/perl.xml
@@ -1,24 +1,27 @@
-
-Perl
-
-Nixpkgs provides a function buildPerlPackage,
-a generic package builder function for any Perl package that has a
-standard Makefile.PL. It’s implemented in pkgs/development/perl-modules/generic.
-
-Perl packages from CPAN are defined in Perl
+
+
+ Nixpkgs provides a function buildPerlPackage, a generic
+ package builder function for any Perl package that has a standard
+ Makefile.PL. It’s implemented in
+ pkgs/development/perl-modules/generic.
+
+
+
+ Perl packages from CPAN are defined in
+ pkgs/top-level/perl-packages.nix,
-rather than pkgs/all-packages.nix. Most Perl
-packages are so straight-forward to build that they are defined here
-directly, rather than having a separate function for each package
-called from perl-packages.nix. However, more
-complicated packages should be put in a separate file, typically in
-pkgs/development/perl-modules. Here is an
-example of the former:
-
+ rather than pkgs/all-packages.nix. Most Perl packages
+ are so straight-forward to build that they are defined here directly, rather
+ than having a separate function for each package called from
+ perl-packages.nix. However, more complicated packages
+ should be put in a separate file, typically in
+ pkgs/development/perl-modules. Here is an example of the
+ former:
ClassC3 = buildPerlPackage rec {
name = "Class-C3-0.21";
@@ -28,74 +31,72 @@ ClassC3 = buildPerlPackage rec {
};
};
-
-Note the use of mirror://cpan/, and the
-${name} in the URL definition to ensure that the
-name attribute is consistent with the source that we’re actually
-downloading. Perl packages are made available in
-all-packages.nix through the variable
-perlPackages. For instance, if you have a package
-that needs ClassC3, you would typically write
-
+ Note the use of mirror://cpan/, and the
+ ${name} in the URL definition to ensure that the name
+ attribute is consistent with the source that we’re actually downloading.
+ Perl packages are made available in all-packages.nix
+ through the variable perlPackages. For instance, if you
+ have a package that needs ClassC3, you would typically
+ write
foo = import ../path/to/foo.nix {
inherit stdenv fetchurl ...;
inherit (perlPackages) ClassC3;
};
-
-in all-packages.nix. You can test building a
-Perl package as follows:
-
+ in all-packages.nix. You can test building a Perl
+ package as follows:
$ nix-build -A perlPackages.ClassC3
-
-buildPerlPackage adds perl- to
-the start of the name attribute, so the package above is actually
-called perl-Class-C3-0.21. So to install it, you
-can say:
-
+ buildPerlPackage adds perl- to the
+ start of the name attribute, so the package above is actually called
+ perl-Class-C3-0.21. So to install it, you can say:
$ nix-env -i perl-Class-C3
-
-(Of course you can also install using the attribute name:
-nix-env -i -A perlPackages.ClassC3.)
-
-So what does buildPerlPackage do? It does
-the following:
-
-
-
- In the configure phase, it calls perl
- Makefile.PL to generate a Makefile. You can set the
- variable makeMakerFlags to pass flags to
- Makefile.PL
-
- It adds the contents of the PERL5LIB
- environment variable to #! .../bin/perl line of
- Perl scripts as -Idir
- flags. This ensures that a script can find its
- dependencies.
-
- In the fixup phase, it writes the propagated build
- inputs (propagatedBuildInputs) to the file
- $out/nix-support/propagated-user-env-packages.
- nix-env recursively installs all packages listed
- in this file when you install a package that has it. This ensures
- that a Perl package can find its dependencies.
-
-
-
-
-
-buildPerlPackage is built on top of
-stdenv, so everything can be customised in the
-usual way. For instance, the BerkeleyDB module has
-a preConfigure hook to generate a configuration
-file used by Makefile.PL:
-
+ (Of course you can also install using the attribute name: nix-env -i
+ -A perlPackages.ClassC3.)
+
+
+
+ So what does buildPerlPackage do? It does the following:
+
+
+
+ In the configure phase, it calls perl Makefile.PL to
+ generate a Makefile. You can set the variable
+ makeMakerFlags to pass flags to
+ Makefile.PL
+
+
+
+
+ It adds the contents of the PERL5LIB environment variable
+ to #! .../bin/perl line of Perl scripts as
+ -Idir flags. This ensures
+ that a script can find its dependencies.
+
+
+
+
+ In the fixup phase, it writes the propagated build inputs
+ (propagatedBuildInputs) to the file
+ $out/nix-support/propagated-user-env-packages.
+ nix-env recursively installs all packages listed in
+ this file when you install a package that has it. This ensures that a Perl
+ package can find its dependencies.
+
+
+
+
+
+
+ buildPerlPackage is built on top of
+ stdenv, so everything can be customised in the usual way.
+ For instance, the BerkeleyDB module has a
+ preConfigure hook to generate a configuration file used by
+ Makefile.PL:
{ buildPerlPackage, fetchurl, db }:
@@ -113,18 +114,15 @@ buildPerlPackage rec {
'';
}
-
-
-
-Dependencies on other Perl packages can be specified in the
-buildInputs and
-propagatedBuildInputs attributes. If something is
-exclusively a build-time dependency, use
-buildInputs; if it’s (also) a runtime dependency,
-use propagatedBuildInputs. For instance, this
-builds a Perl module that has runtime dependencies on a bunch of other
-modules:
-
+
+
+
+ Dependencies on other Perl packages can be specified in the
+ buildInputs and propagatedBuildInputs
+ attributes. If something is exclusively a build-time dependency, use
+ buildInputs; if it’s (also) a runtime dependency, use
+ propagatedBuildInputs. For instance, this builds a Perl
+ module that has runtime dependencies on a bunch of other modules:
ClassC3Componentised = buildPerlPackage rec {
name = "Class-C3-Componentised-1.0004";
@@ -137,24 +135,26 @@ ClassC3Componentised = buildPerlPackage rec {
];
};
+
-
-
-Generation from CPAN
+
+ Generation from CPAN
-Nix expressions for Perl packages can be generated (almost)
-automatically from CPAN. This is done by the program
-nix-generate-from-cpan, which can be installed
-as follows:
+
+ Nix expressions for Perl packages can be generated (almost) automatically
+ from CPAN. This is done by the program
+ nix-generate-from-cpan, which can be installed as
+ follows:
+
$ nix-env -i nix-generate-from-cpan
-This program takes a Perl module name, looks it up on CPAN,
-fetches and unpacks the corresponding package, and prints a Nix
-expression on standard output. For example:
-
+
+ This program takes a Perl module name, looks it up on CPAN, fetches and
+ unpacks the corresponding package, and prints a Nix expression on standard
+ output. For example:
$ nix-generate-from-cpan XML::Simple
XMLSimple = buildPerlPackage rec {
@@ -170,26 +170,23 @@ $ nix-generate-from-cpan XML::Simple
};
};
-
-The output can be pasted into
-pkgs/top-level/perl-packages.nix or wherever else
-you need it.
-
-
-
-Cross-compiling modules
-
-Nixpkgs has experimental support for cross-compiling Perl
-modules. In many cases, it will just work out of the box, even for
-modules with native extensions. Sometimes, however, the Makefile.PL
-for a module may (indirectly) import a native module. In that case,
-you will need to make a stub for that module that will satisfy the
-Makefile.PL and install it into
-lib/perl5/site_perl/cross_perl/${perl.version}.
-See the postInstall for DBI for
-an example.
-
-
-
+ The output can be pasted into
+ pkgs/top-level/perl-packages.nix or wherever else you
+ need it.
+
+
+
+
+ Cross-compiling modules
+
+
+ Nixpkgs has experimental support for cross-compiling Perl modules. In many
+ cases, it will just work out of the box, even for modules with native
+ extensions. Sometimes, however, the Makefile.PL for a module may
+ (indirectly) import a native module. In that case, you will need to make a
+ stub for that module that will satisfy the Makefile.PL and install it into
+ lib/perl5/site_perl/cross_perl/${perl.version}. See the
+ postInstall for DBI for an example.
+
+
-
diff --git a/doc/languages-frameworks/qt.xml b/doc/languages-frameworks/qt.xml
index 1dbbb5341ba3827881699428ef82166623eb583a..b9b605b81da1284dbb6749365a75fad6f4dfe3fb 100644
--- a/doc/languages-frameworks/qt.xml
+++ b/doc/languages-frameworks/qt.xml
@@ -1,58 +1,74 @@
+ Qt
-Qt
-
-
-Qt is a comprehensive desktop and mobile application development toolkit for C++.
-Legacy support is available for Qt 3 and Qt 4, but all current development uses Qt 5.
-The Qt 5 packages in Nixpkgs are updated frequently to take advantage of new features,
-but older versions are typically retained until their support window ends.
-The most important consideration in packaging Qt-based software is ensuring that each package and all its dependencies use the same version of Qt 5;
-this consideration motivates most of the tools described below.
-
-
-Packaging Libraries for Nixpkgs
-
-
-Whenever possible, libraries that use Qt 5 should be built with each available version.
-Packages providing libraries should be added to the top-level function mkLibsForQt5,
-which is used to build a set of libraries for every Qt 5 version.
-A special callPackage function is used in this scope to ensure that the entire dependency tree uses the same Qt 5 version.
-Import dependencies unqualified, i.e., qtbase not qt5.qtbase.
-Do not import a package set such as qt5 or libsForQt5.
-
-
-
-If a library does not support a particular version of Qt 5, it is best to mark it as broken by setting its meta.broken attribute.
-A package may be marked broken for certain versions by testing the qtbase.version attribute, which will always give the current Qt 5 version.
-
+
+ Qt is a comprehensive desktop and mobile application development toolkit for
+ C++. Legacy support is available for Qt 3 and Qt 4, but all current
+ development uses Qt 5. The Qt 5 packages in Nixpkgs are updated frequently to
+ take advantage of new features, but older versions are typically retained
+ until their support window ends. The most important consideration in
+ packaging Qt-based software is ensuring that each package and all its
+ dependencies use the same version of Qt 5; this consideration motivates most
+ of the tools described below.
+
-
+
+ Packaging Libraries for Nixpkgs
-Packaging Applications for Nixpkgs
+
+ Whenever possible, libraries that use Qt 5 should be built with each
+ available version. Packages providing libraries should be added to the
+ top-level function mkLibsForQt5, which is used to build a
+ set of libraries for every Qt 5 version. A special
+ callPackage function is used in this scope to ensure that
+ the entire dependency tree uses the same Qt 5 version. Import dependencies
+ unqualified, i.e., qtbase not
+ qt5.qtbase. Do not import a package
+ set such as qt5 or libsForQt5.
+
-
-Call your application expression using libsForQt5.callPackage instead of callPackage.
-Import dependencies unqualified, i.e., qtbase not qt5.qtbase.
-Do not import a package set such as qt5 or libsForQt5.
-
+
+ If a library does not support a particular version of Qt 5, it is best to
+ mark it as broken by setting its meta.broken attribute. A
+ package may be marked broken for certain versions by testing the
+ qtbase.version attribute, which will always give the
+ current Qt 5 version.
+
+
-
-Qt 5 maintains strict backward compatibility, so it is generally best to build an application package against the latest version using the libsForQt5 library set.
-In case a package does not build with the latest Qt version, it is possible to pick a set pinned to a particular version, e.g. libsForQt55 for Qt 5.5, if that is the latest version the package supports.
-If a package must be pinned to an older Qt version, be sure to file a bug upstream;
-because Qt is strictly backwards-compatible, any incompatibility is by definition a bug in the application.
-
+
+ Packaging Applications for Nixpkgs
-
-When testing applications in Nixpkgs, it is a common practice to build the package with nix-build and run it using the created symbolic link.
-This will not work with Qt applications, however, because they have many hard runtime requirements that can only be guaranteed if the package is actually installed.
-To test a Qt application, install it with nix-env or run it inside nix-shell.
-
+
+ Call your application expression using
+ libsForQt5.callPackage instead of
+ callPackage. Import dependencies unqualified, i.e.,
+ qtbase not qt5.qtbase. Do
+ not import a package set such as qt5 or
+ libsForQt5.
+
-
+
+ Qt 5 maintains strict backward compatibility, so it is generally best to
+ build an application package against the latest version using the
+ libsForQt5 library set. In case a package does not build
+ with the latest Qt version, it is possible to pick a set pinned to a
+ particular version, e.g. libsForQt55 for Qt 5.5, if that
+ is the latest version the package supports. If a package must be pinned to
+ an older Qt version, be sure to file a bug upstream; because Qt is strictly
+ backwards-compatible, any incompatibility is by definition a bug in the
+ application.
+
+
+ When testing applications in Nixpkgs, it is a common practice to build the
+ package with nix-build and run it using the created
+ symbolic link. This will not work with Qt applications, however, because
+ they have many hard runtime requirements that can only be guaranteed if the
+ package is actually installed. To test a Qt application, install it with
+ nix-env or run it inside nix-shell.
+
+
-
diff --git a/doc/languages-frameworks/ruby.xml b/doc/languages-frameworks/ruby.xml
index 6bb809192f894c6393ae2741a014e1faecd857c2..c52a72a3df4a746757d844ce94a3385d4b8cffad 100644
--- a/doc/languages-frameworks/ruby.xml
+++ b/doc/languages-frameworks/ruby.xml
@@ -1,17 +1,19 @@
+ Ruby
-Ruby
+
+ There currently is support to bundle applications that are packaged as Ruby
+ gems. The utility "bundix" allows you to write a
+ Gemfile, let bundler create a
+ Gemfile.lock, and then convert this into a nix
+ expression that contains all Gem dependencies automatically.
+
-There currently is support to bundle applications that are packaged as
-Ruby gems. The utility "bundix" allows you to write a
-Gemfile, let bundler create a
-Gemfile.lock, and then convert this into a nix
-expression that contains all Gem dependencies automatically.
-
-
-For example, to package sensu, we did:
+
+ For example, to package sensu, we did:
+
-Please check in the Gemfile,
-Gemfile.lock and the
-gemset.nix so future updates can be run easily.
-
+
+ Please check in the Gemfile,
+ Gemfile.lock and the gemset.nix so
+ future updates can be run easily.
+
-For tools written in Ruby - i.e. where the desire is to install
-a package and then execute e.g. rake at the command
-line, there is an alternative builder called bundlerApp.
-Set up the gemset.nix the same way, and then, for
-example:
-
+
+ For tools written in Ruby - i.e. where the desire is to install a package and
+ then execute e.g. rake at the command line, there is an
+ alternative builder called bundlerApp. Set up the
+ gemset.nix the same way, and then, for example:
+
-The chief advantage of bundlerApp over
-bundlerEnv is the executables introduced in the
-environment are precisely those selected in the exes
-list, as opposed to bundlerEnv which adds all the
-executables made available by gems in the gemset, which can mean e.g.
-rspec or rake in unpredictable
-versions available from various packages.
-
-
-Resulting derivations for both builders also have two helpful
-attributes, env and wrappedRuby.
-The first one allows one to quickly drop into
-nix-shell with the specified environment present.
-E.g. nix-shell -A sensu.env would give you an
-environment with Ruby preset so it has all the libraries necessary
-for sensu in its paths. The second one can be
-used to make derivations from custom Ruby scripts which have
-Gemfiles with their dependencies specified. It is
-a derivation with ruby wrapped so it can find all
-the needed dependencies. For example, to make a derivation
-my-script for a my-script.rb
-(which should be placed in bin) you should run
-bundix as specified above and then use
-bundlerEnv like this:
-
+
+ The chief advantage of bundlerApp over
+ bundlerEnv is the executables introduced in the
+ environment are precisely those selected in the exes list,
+ as opposed to bundlerEnv which adds all the executables
+ made available by gems in the gemset, which can mean e.g.
+ rspec or rake in unpredictable versions
+ available from various packages.
+
+
+
+ Resulting derivations for both builders also have two helpful attributes,
+ env and wrappedRuby. The first one
+ allows one to quickly drop into nix-shell with the
+ specified environment present. E.g. nix-shell -A sensu.env
+ would give you an environment with Ruby preset so it has all the libraries
+ necessary for sensu in its paths. The second one can be
+ used to make derivations from custom Ruby scripts which have
+ Gemfiles with their dependencies specified. It is a
+ derivation with ruby wrapped so it can find all the needed
+ dependencies. For example, to make a derivation my-script
+ for a my-script.rb (which should be placed in
+ bin) you should run bundix as
+ specified above and then use bundlerEnv like this:
+
-
diff --git a/doc/languages-frameworks/texlive.xml b/doc/languages-frameworks/texlive.xml
index 4515e17ec09e3a9ae9adca8b156461f6fdfbe905..af0b07166e3ec70b8cea0dd795989c48aafa9877 100644
--- a/doc/languages-frameworks/texlive.xml
+++ b/doc/languages-frameworks/texlive.xml
@@ -1,27 +1,42 @@
+ TeX Live
-TeX Live
+
+ Since release 15.09 there is a new TeX Live packaging that lives entirely
+ under attribute texlive.
+
+
+
+ User's guide
-Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute texlive.
-User's guide
-
- For basic usage just pull texlive.combined.scheme-basic for an environment with basic LaTeX support.
-
- It typically won't work to use separately installed packages together.
- Instead, you can build a custom set of packages like this:
-
+
+
+ For basic usage just pull texlive.combined.scheme-basic
+ for an environment with basic LaTeX support.
+
+
+
+
+ It typically won't work to use separately installed packages together.
+ Instead, you can build a custom set of packages like this:
+
texlive.combine {
inherit (texlive) scheme-small collection-langkorean algorithms cm-super;
}
- There are all the schemes, collections and a few thousand packages, as defined upstream (perhaps with tiny differences).
-
-
- By default you only get executables and files needed during runtime, and a little documentation for the core packages. To change that, you need to add pkgFilter function to combine.
-
+ There are all the schemes, collections and a few thousand packages, as
+ defined upstream (perhaps with tiny differences).
+
+
+
+
+ By default you only get executables and files needed during runtime, and a
+ little documentation for the core packages. To change that, you need to
+ add pkgFilter function to combine.
+
texlive.combine {
# inherit (texlive) whatever-you-want;
pkgFilter = pkg:
@@ -30,34 +45,55 @@ texlive.combine {
# there are also other attributes: version, name
}
-
-
- You can list packages e.g. by nix-repl.
-
+
+
+
+
+ You can list packages e.g. by nix-repl.
+
$ nix-repl
nix-repl> :l <nixpkgs>
nix-repl> texlive.collection-<TAB>
-
-
- Note that the wrapper assumes that the result has a chance to be useful. For example, the core executables should be present, as well as some core data files. The supported way of ensuring this is by including some scheme, for example scheme-basic, into the combination.
-
+
+
+
+
+ Note that the wrapper assumes that the result has a chance to be useful.
+ For example, the core executables should be present, as well as some core
+ data files. The supported way of ensuring this is by including some
+ scheme, for example scheme-basic, into the combination.
+
+
-
+
+
+
+ Known problems
-Known problems
-
- Some tools are still missing, e.g. luajittex;
-
- some apps aren't packaged/tested yet (asymptote, biber, etc.);
-
- feature/bug: when a package is rejected by pkgFilter, its dependencies are still propagated;
-
- in case of any bugs or feature requests, file a github issue or better a pull request and /cc @vcunat.
+
+
+ Some tools are still missing, e.g. luajittex;
+
+
+
+
+ some apps aren't packaged/tested yet (asymptote, biber, etc.);
+
+
+
+
+ feature/bug: when a package is rejected by pkgFilter,
+ its dependencies are still propagated;
+
+
+
+
+ in case of any bugs or feature requests, file a github issue or better a
+ pull request and /cc @vcunat.
+
+
+
-
-
-
-
diff --git a/doc/manual.xml b/doc/manual.xml
index 385079eb5785efd3ba65dbd77b37155b815c930b..f31897aed039add2365f5ea718c5ae210913f287 100644
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -1,29 +1,24 @@
-
-
-
- Nixpkgs Contributors Guide
-
- Version
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+ Nixpkgs Contributors Guide
+ Version
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/meta.xml b/doc/meta.xml
index 5dbe810810d14492c51466740a43c9d3ab22a102..ad16e7683f5806e6d54c8959d4ebaef5e0ee814a 100644
--- a/doc/meta.xml
+++ b/doc/meta.xml
@@ -1,14 +1,12 @@
-
-Meta-attributes
-
-Nix packages can declare meta-attributes
-that contain information about a package such as a description, its
-homepage, its license, and so on. For instance, the GNU Hello package
-has a meta declaration like this:
-
+ Meta-attributes
+
+ Nix packages can declare meta-attributes that contain
+ information about a package such as a description, its homepage, its license,
+ and so on. For instance, the GNU Hello package has a meta
+ declaration like this:
meta = {
description = "A program that produces a familiar, friendly greeting";
@@ -22,16 +20,15 @@ meta = {
platforms = stdenv.lib.platforms.all;
};
-
-
-
-Meta-attributes are not passed to the builder of the package.
-Thus, a change to a meta-attribute doesn’t trigger a recompilation of
-the package. The value of a meta-attribute must be a string.
-
-The meta-attributes of a package can be queried from the
-command-line using nix-env:
-
+
+
+ Meta-attributes are not passed to the builder of the package. Thus, a change
+ to a meta-attribute doesn’t trigger a recompilation of the package. The
+ value of a meta-attribute must be a string.
+
+
+ The meta-attributes of a package can be queried from the command-line using
+ nix-env:
$ nix-env -qa hello --json
{
@@ -70,252 +67,299 @@ $ nix-env -qa hello --json
-
-nix-env knows about the
-description field specifically:
-
+ nix-env knows about the description
+ field specifically:
$ nix-env -qa hello --description
hello-2.3 A program that produces a familiar, friendly greeting
-
-
-
-
-Standard
-meta-attributes
-
-It is expected that each meta-attribute is one of the following:
-
-
-
-
- description
- A short (one-line) description of the package.
- This is shown by nix-env -q --description and
- also on the Nixpkgs release pages.
-
- Don’t include a period at the end. Don’t include newline
- characters. Capitalise the first character. For brevity, don’t
- repeat the name of package — just describe what it does.
-
- Wrong: "libpng is a library that allows you to decode PNG images."
-
- Right: "A library for decoding PNG images"
-
+
+
+ Standard meta-attributes
+
+
+ It is expected that each meta-attribute is one of the following:
+
+
+
+
+ description
+
+
+
+ A short (one-line) description of the package. This is shown by
+ nix-env -q --description and also on the Nixpkgs
+ release pages.
+
+
+ Don’t include a period at the end. Don’t include newline characters.
+ Capitalise the first character. For brevity, don’t repeat the name of
+ package — just describe what it does.
+
+
+ Wrong: "libpng is a library that allows you to decode PNG
+ images."
+
+
+ Right: "A library for decoding PNG images"
+
-
-
-
- longDescription
- An arbitrarily long description of the
- package.
-
-
-
- branch
- Release branch. Used to specify that a package is not
- going to receive updates that are not in this branch; for example, Linux
- kernel 3.0 is supposed to be updated to 3.0.X, not 3.1.
-
-
-
- homepage
- The package’s homepage. Example:
- http://www.gnu.org/software/hello/manual/
-
-
-
- downloadPage
- The page where a link to the current version can be found. Example:
- http://ftp.gnu.org/gnu/hello/
-
-
-
- license
+
+
+ longDescription
+
-
- The license, or licenses, for the package. One from the attribute set
- defined in
+ An arbitrarily long description of the package.
+
+
+
+
+ branch
+
+
+
+ Release branch. Used to specify that a package is not going to receive
+ updates that are not in this branch; for example, Linux kernel 3.0 is
+ supposed to be updated to 3.0.X, not 3.1.
+
+
+
+
+ homepage
+
+
+
+ The package’s homepage. Example:
+ http://www.gnu.org/software/hello/manual/
+
+
+
+
+ downloadPage
+
+
+
+ The page where a link to the current version can be found. Example:
+ http://ftp.gnu.org/gnu/hello/
+
+
+
+
+ license
+
+
+
+ The license, or licenses, for the package. One from the attribute set
+ defined in
+
- nixpkgs/lib/licenses.nix. At this moment
- using both a list of licenses and a single license is valid. If the
- license field is in the form of a list representation, then it means
- that parts of the package are licensed differently. Each license
- should preferably be referenced by their attribute. The non-list
- attribute value can also be a space delimited string representation of
- the contained attribute shortNames or spdxIds. The following are all valid
- examples:
-
- Single license referenced by attribute (preferred)
- stdenv.lib.licenses.gpl3.
-
- Single license referenced by its attribute shortName (frowned upon)
- "gpl3".
-
- Single license referenced by its attribute spdxId (frowned upon)
- "GPL-3.0".
-
- Multiple licenses referenced by attribute (preferred)
- with stdenv.lib.licenses; [ asl20 free ofl ].
-
- Multiple licenses referenced as a space delimited string of attribute shortNames (frowned upon)
- "asl20 free ofl".
-
-
- For details, see .
-
+ nixpkgs/lib/licenses.nix. At this moment
+ using both a list of licenses and a single license is valid. If the
+ license field is in the form of a list representation, then it means that
+ parts of the package are licensed differently. Each license should
+ preferably be referenced by their attribute. The non-list attribute value
+ can also be a space delimited string representation of the contained
+ attribute shortNames or spdxIds. The following are all valid examples:
+
+
+
+ Single license referenced by attribute (preferred)
+ stdenv.lib.licenses.gpl3.
+
+
+
+
+ Single license referenced by its attribute shortName (frowned upon)
+ "gpl3".
+
+
+
+
+ Single license referenced by its attribute spdxId (frowned upon)
+ "GPL-3.0".
+
+
+
+
+ Multiple licenses referenced by attribute (preferred) with
+ stdenv.lib.licenses; [ asl20 free ofl ].
+
+
+
+
+ Multiple licenses referenced as a space delimited string of attribute
+ shortNames (frowned upon) "asl20 free ofl".
+
+
+
+ For details, see .
+
-
-
-
- maintainers
- A list of names and e-mail addresses of the
- maintainers of this Nix expression. If
- you would like to be a maintainer of a package, you may want to add
- yourself to
+
+ maintainers
+
+
+
+ A list of names and e-mail addresses of the maintainers of this Nix
+ expression. If you would like to be a maintainer of a package, you may
+ want to add yourself to
+ nixpkgs/maintainers/maintainer-list.nix
- and write something like [ stdenv.lib.maintainers.alice
- stdenv.lib.maintainers.bob ].
-
-
-
- priority
- The priority of the package,
- used by nix-env to resolve file name conflicts
- between packages. See the Nix manual page for
- nix-env for details. Example:
- "10" (a low-priority
- package).
-
-
-
- platforms
- The list of Nix platform types on which the
- package is supported. Hydra builds packages according to the
- platform specified. If no platform is specified, the package does
- not have prebuilt binaries. An example is:
-
+ and write something like [ stdenv.lib.maintainers.alice
+ stdenv.lib.maintainers.bob ].
+
+
+
+
+ priority
+
+
+
+ The priority of the package, used by
+ nix-env to resolve file name conflicts between
+ packages. See the Nix manual page for nix-env for
+ details. Example: "10" (a low-priority package).
+
+
+
+
+ platforms
+
+
+
+ The list of Nix platform types on which the package is supported. Hydra
+ builds packages according to the platform specified. If no platform is
+ specified, the package does not have prebuilt binaries. An example is:
meta.platforms = stdenv.lib.platforms.linux;
-
- Attribute Set stdenv.lib.platforms defines
-
- various common lists of platforms types.
-
-
-
- hydraPlatforms
- The list of Nix platform types for which the Hydra
- instance at hydra.nixos.org will build the
- package. (Hydra is the Nix-based continuous build system.) It
- defaults to the value of meta.platforms. Thus,
- the only reason to set meta.hydraPlatforms is
- if you want hydra.nixos.org to build the
- package on a subset of meta.platforms, or not
- at all, e.g.
-
+ Attribute Set stdenv.lib.platforms defines
+
+ various common lists of platforms types.
+
+
+
+
+ hydraPlatforms
+
+
+
+ The list of Nix platform types for which the Hydra instance at
+ hydra.nixos.org will build the package. (Hydra is the
+ Nix-based continuous build system.) It defaults to the value of
+ meta.platforms. Thus, the only reason to set
+ meta.hydraPlatforms is if you want
+ hydra.nixos.org to build the package on a subset of
+ meta.platforms, or not at all, e.g.
meta.platforms = stdenv.lib.platforms.linux;
meta.hydraPlatforms = [];
-
-
-
-
-
- broken
- If set to true, the package is
- marked as “broken”, meaning that it won’t show up in
- nix-env -qa, and cannot be built or installed.
- Such packages should be removed from Nixpkgs eventually unless
- they are fixed.
-
-
-
- updateWalker
- If set to true, the package is
- tested to be updated correctly by the update-walker.sh
- script without additional settings. Such packages have
- meta.version set and their homepage (or
- the page specified by meta.downloadPage) contains
- a direct link to the package tarball.
-
-
-
-
-
-
-
-
-Licenses
-
-The meta.license attribute should preferrably contain
-a value from stdenv.lib.licenses defined in
-
-nixpkgs/lib/licenses.nix,
-or in-place license description of the same format if the license is
-unlikely to be useful in another expression.
-
-Although it's typically better to indicate the specific license,
-a few generic options are available:
-
-
-
-
- stdenv.lib.licenses.free,
- "free"
-
- Catch-all for free software licenses not listed
- above.
-
-
-
- stdenv.lib.licenses.unfreeRedistributable,
- "unfree-redistributable"
-
- Unfree package that can be redistributed in binary
- form. That is, it’s legal to redistribute the
- output of the derivation. This means that
- the package can be included in the Nixpkgs
- channel.
-
- Sometimes proprietary software can only be redistributed
- unmodified. Make sure the builder doesn’t actually modify the
- original binaries; otherwise we’re breaking the license. For
- instance, the NVIDIA X11 drivers can be redistributed unmodified,
- but our builder applies patchelf to make them
- work. Thus, its license is "unfree" and it
- cannot be included in the Nixpkgs channel.
-
-
-
- stdenv.lib.licenses.unfree,
- "unfree"
-
- Unfree package that cannot be redistributed. You
- can build it yourself, but you cannot redistribute the output of
- the derivation. Thus it cannot be included in the Nixpkgs
- channel.
-
-
-
- stdenv.lib.licenses.unfreeRedistributableFirmware,
- "unfree-redistributable-firmware"
-
- This package supplies unfree, redistributable
- firmware. This is a separate value from
- unfree-redistributable because not everybody
- cares whether firmware is free.
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+ broken
+
+
+
+ If set to true, the package is marked as “broken”,
+ meaning that it won’t show up in nix-env -qa, and
+ cannot be built or installed. Such packages should be removed from
+ Nixpkgs eventually unless they are fixed.
+
+
+
+
+ updateWalker
+
+
+
+ If set to true, the package is tested to be updated
+ correctly by the update-walker.sh script without
+ additional settings. Such packages have meta.version
+ set and their homepage (or the page specified by
+ meta.downloadPage) contains a direct link to the
+ package tarball.
+
+
+
+
+
+
+ Licenses
+
+
+ The meta.license attribute should preferrably contain a
+ value from stdenv.lib.licenses defined in
+
+ nixpkgs/lib/licenses.nix, or in-place license
+ description of the same format if the license is unlikely to be useful in
+ another expression.
+
+
+
+ Although it's typically better to indicate the specific license, a few
+ generic options are available:
+
+
+ stdenv.lib.licenses.free,
+ "free"
+
+
+
+ Catch-all for free software licenses not listed above.
+
+
+
+
+ stdenv.lib.licenses.unfreeRedistributable,
+ "unfree-redistributable"
+
+
+
+ Unfree package that can be redistributed in binary form. That is, it’s
+ legal to redistribute the output of the derivation.
+ This means that the package can be included in the Nixpkgs channel.
+
+
+ Sometimes proprietary software can only be redistributed unmodified.
+ Make sure the builder doesn’t actually modify the original binaries;
+ otherwise we’re breaking the license. For instance, the NVIDIA X11
+ drivers can be redistributed unmodified, but our builder applies
+ patchelf to make them work. Thus, its license is
+ "unfree" and it cannot be included in the Nixpkgs
+ channel.
+
+
+
+
+ stdenv.lib.licenses.unfree,
+ "unfree"
+
+
+
+ Unfree package that cannot be redistributed. You can build it yourself,
+ but you cannot redistribute the output of the derivation. Thus it cannot
+ be included in the Nixpkgs channel.
+
+
+
+
+ stdenv.lib.licenses.unfreeRedistributableFirmware,
+ "unfree-redistributable-firmware"
+
+
+
+ This package supplies unfree, redistributable firmware. This is a
+ separate value from unfree-redistributable because
+ not everybody cares whether firmware is free.
+
+
+
+
+
+
diff --git a/doc/multiple-output.xml b/doc/multiple-output.xml
index 277d3d8141368b397c07c6dbc2b8368d0e8de8fa..040c12c9291382a84f1138f534838893f2c276b7 100644
--- a/doc/multiple-output.xml
+++ b/doc/multiple-output.xml
@@ -5,105 +5,319 @@
+ Multiple-output packages
+
+ Introduction
-Multiple-output packages
+
+ The Nix language allows a derivation to produce multiple outputs, which is
+ similar to what is utilized by other Linux distribution packaging systems.
+ The outputs reside in separate nix store paths, so they can be mostly
+ handled independently of each other, including passing to build inputs,
+ garbage collection or binary substitution. The exception is that building
+ from source always produces all the outputs.
+
-Introduction
- The Nix language allows a derivation to produce multiple outputs, which is similar to what is utilized by other Linux distribution packaging systems. The outputs reside in separate nix store paths, so they can be mostly handled independently of each other, including passing to build inputs, garbage collection or binary substitution. The exception is that building from source always produces all the outputs.
- The main motivation is to save disk space by reducing runtime closure sizes; consequently also sizes of substituted binaries get reduced. Splitting can be used to have more granular runtime dependencies, for example the typical reduction is to split away development-only files, as those are typically not needed during runtime. As a result, closure sizes of many packages can get reduced to a half or even much less.
- The reduction effects could be instead achieved by building the parts in completely separate derivations. That would often additionally reduce build-time closures, but it tends to be much harder to write such derivations, as build systems typically assume all parts are being built at once. This compromise approach of single source package producing multiple binary packages is also utilized often by rpm and deb.
-
+
+ The main motivation is to save disk space by reducing runtime closure sizes;
+ consequently also sizes of substituted binaries get reduced. Splitting can
+ be used to have more granular runtime dependencies, for example the typical
+ reduction is to split away development-only files, as those are typically
+ not needed during runtime. As a result, closure sizes of many packages can
+ get reduced to a half or even much less.
+
+
+
+
+ The reduction effects could be instead achieved by building the parts in
+ completely separate derivations. That would often additionally reduce
+ build-time closures, but it tends to be much harder to write such
+ derivations, as build systems typically assume all parts are being built at
+ once. This compromise approach of single source package producing multiple
+ binary packages is also utilized often by rpm and deb.
+
+
+
+
+ Installing a split package
+
+
+ When installing a package via systemPackages or
+ nix-env you have several options:
+
-Installing a split package
- When installing a package via systemPackages or nix-env you have several options:
- You can install particular outputs explicitly, as each is available in the Nix language as an attribute of the package. The outputs attribute contains a list of output names.
- You can let it use the default outputs. These are handled by meta.outputsToInstall attribute that contains a list of output names.
- TODO: more about tweaking the attribute, etc.
- NixOS provides configuration option environment.extraOutputsToInstall that allows adding extra outputs of environment.systemPackages atop the default ones. It's mainly meant for documentation and debug symbols, and it's also modified by specific options.
- At this moment there is no similar configurability for packages installed by nix-env. You can still use approach from to override meta.outputsToInstall attributes, but that's a rather inconvenient way.
-
+
+
+ You can install particular outputs explicitly, as each is available in the
+ Nix language as an attribute of the package. The
+ outputs attribute contains a list of output names.
+
+
+
+
+ You can let it use the default outputs. These are handled by
+ meta.outputsToInstall attribute that contains a list of
+ output names.
+
+
+ TODO: more about tweaking the attribute, etc.
+
+
+
+
+ NixOS provides configuration option
+ environment.extraOutputsToInstall that allows adding
+ extra outputs of environment.systemPackages atop the
+ default ones. It's mainly meant for documentation and debug symbols, and
+ it's also modified by specific options.
+
+
+
+ At this moment there is no similar configurability for packages installed
+ by nix-env. You can still use approach from
+ to override
+ meta.outputsToInstall attributes, but that's a rather
+ inconvenient way.
+
+
+
-
+
+
+ Using a split package
+
+
+ In the Nix language the individual outputs can be reached explicitly as
+ attributes, e.g. coreutils.info, but the typical case is
+ just using packages as build inputs.
+
+
+
+ When a multiple-output derivation gets into a build input of another
+ derivation, the dev output is added if it exists,
+ otherwise the first output is added. In addition to that,
+ propagatedBuildOutputs of that package which by default
+ contain $outputBin and $outputLib are
+ also added. (See .)
+
+
+
+ Writing a split derivation
-Using a split package
- In the Nix language the individual outputs can be reached explicitly as attributes, e.g. coreutils.info, but the typical case is just using packages as build inputs.
- When a multiple-output derivation gets into a build input of another derivation, the dev output is added if it exists, otherwise the first output is added. In addition to that, propagatedBuildOutputs of that package which by default contain $outputBin and $outputLib are also added. (See .)
-
+
+ Here you find how to write a derivation that produces multiple outputs.
+
+
+ In nixpkgs there is a framework supporting multiple-output derivations. It
+ tries to cover most cases by default behavior. You can find the source
+ separated in
+ <nixpkgs/pkgs/build-support/setup-hooks/multiple-outputs.sh>;
+ it's relatively well-readable. The whole machinery is triggered by defining
+ the outputs attribute to contain the list of desired
+ output names (strings).
+
-Writing a split derivation
- Here you find how to write a derivation that produces multiple outputs.
- In nixpkgs there is a framework supporting multiple-output derivations. It tries to cover most cases by default behavior. You can find the source separated in <nixpkgs/pkgs/build-support/setup-hooks/multiple-outputs.sh>; it's relatively well-readable. The whole machinery is triggered by defining the outputs attribute to contain the list of desired output names (strings).
- outputs = [ "bin" "dev" "out" "doc" ];
- Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. Typically you also want to have the main out output, as it catches any files that didn't get elsewhere.
- There is a special handling of the debug output, described at .
+outputs = [ "bin" "dev" "out" "doc" ];
+
+
+ Often such a single line is enough. For each output an equally named
+ environment variable is passed to the builder and contains the path in nix
+ store for that output. Typically you also want to have the main
+ out output, as it catches any files that didn't get
+ elsewhere.
+
+
+
+
+ There is a special handling of the debug output,
+ described at .
+
+
- <quote>Binaries first</quote>
- A commonly adopted convention in nixpkgs is that executables provided by the package are contained within its first output. This convention allows the dependent packages to reference the executables provided by packages in a uniform manner. For instance, provided with the knowledge that the perl package contains a perl executable it can be referenced as ${pkgs.perl}/bin/perl within a Nix derivation that needs to execute a Perl script.
- The glibc package is a deliberate single exception to the binaries first convention. The glibc has libs as its first output allowing the libraries provided by glibc to be referenced directly (e.g. ${stdenv.glibc}/lib/ld-linux-x86-64.so.2). The executables provided by glibc can be accessed via its bin attribute (e.g. ${stdenv.glibc.bin}/bin/ldd).
- The reason for why glibc deviates from the convention is because referencing a library provided by glibc is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of glibc libraries from Nix packages (please see the documentation on patchelf for more details).
+ <quote>Binaries first</quote>
+
+
+ A commonly adopted convention in nixpkgs is that
+ executables provided by the package are contained within its first output.
+ This convention allows the dependent packages to reference the executables
+ provided by packages in a uniform manner. For instance, provided with the
+ knowledge that the perl package contains a
+ perl executable it can be referenced as
+ ${pkgs.perl}/bin/perl within a Nix derivation that needs
+ to execute a Perl script.
+
+
+
+ The glibc package is a deliberate single exception to
+ the binaries first convention. The glibc
+ has libs as its first output allowing the libraries
+ provided by glibc to be referenced directly (e.g.
+ ${stdenv.glibc}/lib/ld-linux-x86-64.so.2). The
+ executables provided by glibc can be accessed via its
+ bin attribute (e.g.
+ ${stdenv.glibc.bin}/bin/ldd).
+
+
+
+ The reason for why glibc deviates from the convention is
+ because referencing a library provided by glibc is a
+ very common operation among Nix packages. For instance, third-party
+ executables packaged by Nix are typically patched and relinked with the
+ relevant version of glibc libraries from Nix packages
+ (please see the documentation on
+ patchelf for more
+ details).
+
- File type groups
- The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase. Each group of file types has an outputFoo variable specifying the output name where they should go. If that variable isn't defined by the derivation writer, it is guessed – a default output name is defined, falling back to other possibilities if the output isn't defined.
-
-
-
- $outputDev
- is for development-only files. These include C(++) headers, pkg-config, cmake and aclocal files. They go to dev or out by default.
-
-
-
-
- $outputBin
- is meant for user-facing binaries, typically residing in bin/. They go to bin or out by default.
-
-
-
- $outputLib
- is meant for libraries, typically residing in lib/ and libexec/. They go to lib or out by default.
-
-
-
- $outputDoc
- is for user documentation, typically residing in share/doc/. It goes to doc or out by default.
-
-
-
- $outputDevdoc
- is for developer documentation. Currently we count gtk-doc and devhelp books in there. It goes to devdoc or is removed (!) by default. This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
-
-
-
- $outputMan
- is for man pages (except for section 3). They go to man or $outputBin by default.
-
-
-
- $outputDevman
- is for section 3 man pages. They go to devman or $outputMan by default.
-
-
-
- $outputInfo
- is for info pages. They go to info or $outputBin by default.
-
-
-
-
+ File type groups
- Common caveats
-
- Some configure scripts don't like some of the parameters passed by default by the framework, e.g. --docdir=/foo/bar. You can disable this by setting setOutputFlags = false;.
- The outputs of a single derivation can retain references to each other, but note that circular references are not allowed. (And each strongly-connected component would act as a single output anyway.)
- Most of split packages contain their core functionality in libraries. These libraries tend to refer to various kind of data that typically gets into out, e.g. locale strings, so there is often no advantage in separating the libraries into lib, as keeping them in out is easier.
- Some packages have hidden assumptions on install paths, which complicates splitting.
-
+
+ The support code currently recognizes some particular kinds of outputs and
+ either instructs the build system of the package to put files into their
+ desired outputs or it moves the files during the fixup phase. Each group of
+ file types has an outputFoo variable specifying the
+ output name where they should go. If that variable isn't defined by the
+ derivation writer, it is guessed – a default output name is defined,
+ falling back to other possibilities if the output isn't defined.
+
+
+
+
+
+ $outputDev
+
+
+
+ is for development-only files. These include C(++) headers, pkg-config,
+ cmake and aclocal files. They go to dev or
+ out by default.
+
+
+
+
+
+ $outputBin
+
+
+
+ is meant for user-facing binaries, typically residing in bin/. They go
+ to bin or out by default.
+
+
+
+
+
+ $outputLib
+
+
+
+ is meant for libraries, typically residing in lib/
+ and libexec/. They go to lib or
+ out by default.
+
+
+
+
+
+ $outputDoc
+
+
+
+ is for user documentation, typically residing in
+ share/doc/. It goes to doc or
+ out by default.
+
+
+
+
+
+ $outputDevdoc
+
+
+
+ is for developer documentation. Currently we count
+ gtk-doc and devhelp books in there. It goes to devdoc
+ or is removed (!) by default. This is because e.g. gtk-doc tends to be
+ rather large and completely unused by nixpkgs users.
+
+
+
+
+
+ $outputMan
+
+
+
+ is for man pages (except for section 3). They go to
+ man or $outputBin by default.
+
+
+
+
+
+ $outputDevman
+
+
+
+ is for section 3 man pages. They go to devman or
+ $outputMan by default.
+
+
+
+
+
+ $outputInfo
+
+
+
+ is for info pages. They go to info or
+ $outputBin by default.
+
+
+
+
-
+
+ Common caveats
+
+
+
+ Some configure scripts don't like some of the parameters passed by
+ default by the framework, e.g. --docdir=/foo/bar. You
+ can disable this by setting setOutputFlags = false;.
+
+
+
+
+ The outputs of a single derivation can retain references to each other,
+ but note that circular references are not allowed. (And each
+ strongly-connected component would act as a single output anyway.)
+
+
+
+
+ Most of split packages contain their core functionality in libraries.
+ These libraries tend to refer to various kind of data that typically gets
+ into out, e.g. locale strings, so there is often no
+ advantage in separating the libraries into lib, as
+ keeping them in out is easier.
+
+
+
+
+ Some packages have hidden assumptions on install paths, which complicates
+ splitting.
+
+
+
+
+
+
diff --git a/doc/overlays.xml b/doc/overlays.xml
index cc0aef447d2d63e39c631d4a4285adf9934aec1e..2decf9febe809f7b0962036e832056593aa68547 100644
--- a/doc/overlays.xml
+++ b/doc/overlays.xml
@@ -1,95 +1,117 @@
-
-Overlays
-
-This chapter describes how to extend and change Nixpkgs packages using
-overlays. Overlays are used to add layers in the fix-point used by Nixpkgs
-to compose the set of all packages.
-
-Nixpkgs can be configured with a list of overlays, which are
-applied in order. This means that the order of the overlays can be significant
-if multiple layers override the same package.
-
+ Overlays
+
+ This chapter describes how to extend and change Nixpkgs packages using
+ overlays. Overlays are used to add layers in the fix-point used by Nixpkgs to
+ compose the set of all packages.
+
+
+ Nixpkgs can be configured with a list of overlays, which are applied in
+ order. This means that the order of the overlays can be significant if
+ multiple layers override the same package.
+
-
-
-Installing overlays
-
-The list of overlays is determined as follows.
-
-If the overlays argument is not provided explicitly, we look for overlays in a path. The path
-is determined as follows:
-
-
-
-
- First, if an overlays argument to the nixpkgs function itself is given,
- then that is used.
-
- This can be passed explicitly when importing nipxkgs, for example
- import <nixpkgs> { overlays = [ overlay1 overlay2 ]; }.
-
-
-
- Otherwise, if the Nix path entry <nixpkgs-overlays> exists, we look for overlays
- at that path, as described below.
-
- See the section on NIX_PATH in the Nix manual for more details on how to
- set a value for <nixpkgs-overlays>.
-
-
-
- If one of ~/.config/nixpkgs/overlays.nix and
- ~/.config/nixpkgs/overlays/ exists, then we look for overlays at that path, as
- described below. It is an error if both exist.
-
-
-
-
-
-If we are looking for overlays at a path, then there are two cases:
-
-
- If the path is a file, then the file is imported as a Nix expression and used as the list of
- overlays.
-
-
-
- If the path is a directory, then we take the content of the directory, order it
- lexicographically, and attempt to interpret each as an overlay by:
-
-
- Importing the file, if it is a .nix file.
-
-
- Importing a top-level default.nix file, if it is a directory.
-
-
-
-
-
-
-
-On a NixOS system the value of the nixpkgs.overlays option, if present,
-is passed to the system Nixpkgs directly as an argument. Note that this does not affect the overlays for
-non-NixOS operations (e.g. nix-env), which are looked up independently.
-
-The overlays.nix option therefore provides a convenient way to use the same
-overlays for a NixOS system configuration and user configuration: the same file can be used
-as overlays.nix and imported as the value of nixpkgs.overlays.
-
-
-
+
+ Installing overlays
+
+
+ The list of overlays is determined as follows.
+
+
+
+ If the overlays argument is not provided explicitly, we
+ look for overlays in a path. The path is determined as follows:
+
+
+
+ First, if an overlays argument to the nixpkgs function
+ itself is given, then that is used.
+
+
+ This can be passed explicitly when importing nipxkgs, for example
+ import <nixpkgs> { overlays = [ overlay1 overlay2 ];
+ }.
+
+
+
+
+ Otherwise, if the Nix path entry <nixpkgs-overlays>
+ exists, we look for overlays at that path, as described below.
+
+
+ See the section on NIX_PATH in the Nix manual for more
+ details on how to set a value for
+ <nixpkgs-overlays>.
+
+
+
+
+ If one of ~/.config/nixpkgs/overlays.nix and
+ ~/.config/nixpkgs/overlays/ exists, then we look for
+ overlays at that path, as described below. It is an error if both exist.
+
+
+
+
+
+
+ If we are looking for overlays at a path, then there are two cases:
+
+
+
+ If the path is a file, then the file is imported as a Nix expression and
+ used as the list of overlays.
+
+
+
+
+ If the path is a directory, then we take the content of the directory,
+ order it lexicographically, and attempt to interpret each as an overlay
+ by:
+
+
+
+ Importing the file, if it is a .nix file.
+
+
+
+
+ Importing a top-level default.nix file, if it is
+ a directory.
+
+
+
+
+
+
+
+
+
+ On a NixOS system the value of the nixpkgs.overlays
+ option, if present, is passed to the system Nixpkgs directly as an argument.
+ Note that this does not affect the overlays for non-NixOS operations (e.g.
+ nix-env), which are looked up independently.
+
+
+
+ The overlays.nix option therefore provides a convenient
+ way to use the same overlays for a NixOS system configuration and user
+ configuration: the same file can be used as
+ overlays.nix and imported as the value of
+ nixpkgs.overlays.
+
+
+
+ Defining overlays
-
-Defining overlays
-
-Overlays are Nix functions which accept two arguments,
-conventionally called self and super,
-and return a set of packages. For example, the following is a valid overlay.
+
+ Overlays are Nix functions which accept two arguments, conventionally called
+ self and super, and return a set of
+ packages. For example, the following is a valid overlay.
+
self: super:
@@ -104,31 +126,39 @@ self: super:
}
-The first argument (self) corresponds to the final package
-set. You should use this set for the dependencies of all packages specified in your
-overlay. For example, all the dependencies of rr in the example above come
-from self, as well as the overridden dependencies used in the
-boost override.
-
-The second argument (super)
-corresponds to the result of the evaluation of the previous stages of
-Nixpkgs. It does not contain any of the packages added by the current
-overlay, nor any of the following overlays. This set should be used either
-to refer to packages you wish to override, or to access functions defined
-in Nixpkgs. For example, the original recipe of boost
-in the above example, comes from super, as well as the
-callPackage function.
-
-The value returned by this function should be a set similar to
-pkgs/top-level/all-packages.nix, containing
-overridden and/or new packages.
-
-Overlays are similar to other methods for customizing Nixpkgs, in particular
-the packageOverrides attribute described in .
-Indeed, packageOverrides acts as an overlay with only the
-super argument. It is therefore appropriate for basic use,
-but overlays are more powerful and easier to distribute.
-
-
-
+
+ The first argument (self) corresponds to the final
+ package set. You should use this set for the dependencies of all packages
+ specified in your overlay. For example, all the dependencies of
+ rr in the example above come from
+ self, as well as the overridden dependencies used in the
+ boost override.
+
+
+
+ The second argument (super) corresponds to the result of
+ the evaluation of the previous stages of Nixpkgs. It does not contain any of
+ the packages added by the current overlay, nor any of the following
+ overlays. This set should be used either to refer to packages you wish to
+ override, or to access functions defined in Nixpkgs. For example, the
+ original recipe of boost in the above example, comes from
+ super, as well as the callPackage
+ function.
+
+
+
+ The value returned by this function should be a set similar to
+ pkgs/top-level/all-packages.nix, containing overridden
+ and/or new packages.
+
+
+
+ Overlays are similar to other methods for customizing Nixpkgs, in particular
+ the packageOverrides attribute described in
+ . Indeed,
+ packageOverrides acts as an overlay with only the
+ super argument. It is therefore appropriate for basic
+ use, but overlays are more powerful and easier to distribute.
+
+
diff --git a/doc/package-notes.xml b/doc/package-notes.xml
index 1fccfd5d329d28e033284dd339ce8b4f31eb5bff..f16826ae6806ffaf42f0d2326bca0b872945c2fd 100644
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@@ -1,206 +1,185 @@
-
-Package Notes
-
-This chapter contains information about how to use and maintain
-the Nix expressions for a number of specific packages, such as the
-Linux kernel or X.org.
-
-
+ Package Notes
+
+ This chapter contains information about how to use and maintain the Nix
+ expressions for a number of specific packages, such as the Linux kernel or
+ X.org.
+
+
+ Linux kernel
-
-
-Linux kernel
-
-The Nix expressions to build the Linux kernel are in pkgs/os-specific/linux/kernel.
-
-The function that builds the kernel has an argument
-kernelPatches which should be a list of
-{name, patch, extraConfig} attribute sets, where
-name is the name of the patch (which is included in
-the kernel’s meta.description attribute),
-patch is the patch itself (possibly compressed),
-and extraConfig (optional) is a string specifying
-extra options to be concatenated to the kernel configuration file
-(.config).
+
+ The Nix expressions to build the Linux kernel are in
+ pkgs/os-specific/linux/kernel.
+
-The kernel derivation exports an attribute
-features specifying whether optional functionality
-is or isn’t enabled. This is used in NixOS to implement
-kernel-specific behaviour. For instance, if the kernel has the
-iwlwifi feature (i.e. has built-in support for
-Intel wireless chipsets), then NixOS doesn’t have to build the
-external iwlwifi package:
+
+ The function that builds the kernel has an argument
+ kernelPatches which should be a list of {name,
+ patch, extraConfig} attribute sets, where name
+ is the name of the patch (which is included in the kernel’s
+ meta.description attribute), patch is
+ the patch itself (possibly compressed), and extraConfig
+ (optional) is a string specifying extra options to be concatenated to the
+ kernel configuration file (.config).
+
+
+ The kernel derivation exports an attribute features
+ specifying whether optional functionality is or isn’t enabled. This is
+ used in NixOS to implement kernel-specific behaviour. For instance, if the
+ kernel has the iwlwifi feature (i.e. has built-in support
+ for Intel wireless chipsets), then NixOS doesn’t have to build the
+ external iwlwifi package:
modulesTree = [kernel]
++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
++ ...;
+
-
-
-How to add a new (major) version of the Linux kernel to Nixpkgs:
-
-
-
-
- Copy the old Nix expression
- (e.g. linux-2.6.21.nix) to the new one
- (e.g. linux-2.6.22.nix) and update it.
-
-
-
- Add the new kernel to all-packages.nix
- (e.g., create an attribute
- kernel_2_6_22).
-
-
-
- Now we’re going to update the kernel configuration. First
- unpack the kernel. Then for each supported platform
- (i686, x86_64,
- uml) do the following:
-
+
+ How to add a new (major) version of the Linux kernel to Nixpkgs:
+
+
+
+ Copy the old Nix expression (e.g. linux-2.6.21.nix)
+ to the new one (e.g. linux-2.6.22.nix) and update
+ it.
+
+
+
+
+ Add the new kernel to all-packages.nix (e.g., create
+ an attribute kernel_2_6_22).
+
+
+
+
+ Now we’re going to update the kernel configuration. First unpack the
+ kernel. Then for each supported platform (i686,
+ x86_64, uml) do the following:
-
-
- Make an copy from the old
- config (e.g. config-2.6.21-i686-smp) to
- the new one
- (e.g. config-2.6.22-i686-smp).
-
-
-
- Copy the config file for this platform
- (e.g. config-2.6.22-i686-smp) to
- .config in the kernel source tree.
-
-
-
-
- Run make oldconfig
- ARCH={i386,x86_64,um}
- and answer all questions. (For the uml configuration, also
- add SHELL=bash.) Make sure to keep the
- configuration consistent between platforms (i.e. don’t
- enable some feature on i686 and disable
- it on x86_64).
-
-
-
-
- If needed you can also run make
- menuconfig:
-
-
+
+
+ Make an copy from the old config (e.g.
+ config-2.6.21-i686-smp) to the new one (e.g.
+ config-2.6.22-i686-smp).
+
+
+
+
+ Copy the config file for this platform (e.g.
+ config-2.6.22-i686-smp) to
+ .config in the kernel source tree.
+
+
+
+
+ Run make oldconfig
+ ARCH={i386,x86_64,um} and answer
+ all questions. (For the uml configuration, also add
+ SHELL=bash.) Make sure to keep the configuration
+ consistent between platforms (i.e. don’t enable some feature on
+ i686 and disable it on x86_64).
+
+
+
+
+ If needed you can also run make menuconfig:
+
$ nix-env -i ncurses
$ export NIX_CFLAGS_LINK=-lncurses
$ make menuconfig ARCH=arch
-
-
-
-
-
- Copy .config over the new config
- file (e.g. config-2.6.22-i686-smp).
-
-
+
+
+
+
+ Copy .config over the new config file (e.g.
+ config-2.6.22-i686-smp).
+
+
-
-
-
-
-
-
- Test building the kernel: nix-build -A
- kernel_2_6_22. If it compiles, ship it! For extra
- credit, try booting NixOS with it.
-
-
-
- It may be that the new kernel requires updating the external
- kernel modules and kernel-dependent packages listed in the
- linuxPackagesFor function in
- all-packages.nix (such as the NVIDIA drivers,
- AUFS, etc.). If the updated packages aren’t backwards compatible
- with older kernels, you may need to keep the older versions
- around.
-
-
-
-
-
-
-
-
-
+
+
+
+
+ Test building the kernel: nix-build -A kernel_2_6_22.
+ If it compiles, ship it! For extra credit, try booting NixOS with it.
+
+
+
+
+ It may be that the new kernel requires updating the external kernel
+ modules and kernel-dependent packages listed in the
+ linuxPackagesFor function in
+ all-packages.nix (such as the NVIDIA drivers, AUFS,
+ etc.). If the updated packages aren’t backwards compatible with older
+ kernels, you may need to keep the older versions around.
+
+
+
+
+
+
+ X.org
-
-
-X.org
-
-The Nix expressions for the X.org packages reside in
-pkgs/servers/x11/xorg/default.nix. This file is
-automatically generated from lists of tarballs in an X.org release.
-As such it should not be modified directly; rather, you should modify
-the lists, the generator script or the file
-pkgs/servers/x11/xorg/overrides.nix, in which you
-can override or add to the derivations produced by the
-generator.
-
-The generator is invoked as follows:
+
+ The Nix expressions for the X.org packages reside in
+ pkgs/servers/x11/xorg/default.nix. This file is
+ automatically generated from lists of tarballs in an X.org release. As such
+ it should not be modified directly; rather, you should modify the lists, the
+ generator script or the file
+ pkgs/servers/x11/xorg/overrides.nix, in which you can
+ override or add to the derivations produced by the generator.
+
+
+ The generator is invoked as follows:
$ cd pkgs/servers/x11/xorg
$ cat tarballs-7.5.list extra.list old.list \
| perl ./generate-expr-from-tarballs.pl
+ For each of the tarballs in the .list files, the script
+ downloads it, unpacks it, and searches its configure.ac
+ and *.pc.in files for dependencies. This information is
+ used to generate default.nix. The generator caches
+ downloaded tarballs between runs. Pay close attention to the NOT
+ FOUND: name messages at the end of the
+ run, since they may indicate missing dependencies. (Some might be optional
+ dependencies, however.)
+
-For each of the tarballs in the .list files, the
-script downloads it, unpacks it, and searches its
-configure.ac and *.pc.in
-files for dependencies. This information is used to generate
-default.nix. The generator caches downloaded
-tarballs between runs. Pay close attention to the NOT FOUND:
-name messages at the end of the
-run, since they may indicate missing dependencies. (Some might be
-optional dependencies, however.)
-
-A file like tarballs-7.5.list contains all
-tarballs in a X.org release. It can be generated like this:
-
+
+ A file like tarballs-7.5.list contains all tarballs in
+ a X.org release. It can be generated like this:
$ export i="mirror://xorg/X11R7.4/src/everything/"
$ cat $(PRINT_PATH=1 nix-prefetch-url $i | tail -n 1) \
| perl -e 'while (<>) { if (/(href|HREF)="([^"]*.bz2)"/) { print "$ENV{'i'}$2\n"; }; }' \
| sort > tarballs-7.4.list
+ extra.list contains libraries that aren’t part of
+ X.org proper, but are closely related to it, such as
+ libxcb. old.list contains some
+ packages that were removed from X.org, but are still needed by some people
+ or by other packages (such as imake).
+
-extra.list contains libraries that aren’t part of
-X.org proper, but are closely related to it, such as
-libxcb. old.list contains
-some packages that were removed from X.org, but are still needed by
-some people or by other packages (such as
-imake).
-
-If the expression for a package requires derivation attributes
-that the generator cannot figure out automatically (say,
-patches or a postInstall hook),
-you should modify
-pkgs/servers/x11/xorg/overrides.nix.
-
-
-
-
-
+
+ If the expression for a package requires derivation attributes that the
+ generator cannot figure out automatically (say, patches
+ or a postInstall hook), you should modify
+ pkgs/servers/x11/xorg/overrides.nix.
+
+
-
-
-
-
-
-
-
-
+ Eclipse
- The Nix expressions related to the Eclipse platform and IDE are in
- pkgs/applications/editors/eclipse.
+ The Nix expressions related to the Eclipse platform and IDE are in
+ pkgs/applications/editors/eclipse.
- Nixpkgs provides a number of packages that will install Eclipse in
- its various forms, these range from the bare-bones Eclipse
- Platform to the more fully featured Eclipse SDK or Scala-IDE
- packages and multiple version are often available. It is possible
- to list available Eclipse packages by issuing the command:
-
+ Nixpkgs provides a number of packages that will install Eclipse in its
+ various forms, these range from the bare-bones Eclipse Platform to the more
+ fully featured Eclipse SDK or Scala-IDE packages and multiple version are
+ often available. It is possible to list available Eclipse packages by
+ issuing the command:
$ nix-env -f '<nixpkgs>' -qaP -A eclipses --description
-
- Once an Eclipse variant is installed it can be run using the
- eclipse command, as expected. From within
- Eclipse it is then possible to install plugins in the usual manner
- by either manually specifying an Eclipse update site or by
- installing the Marketplace Client plugin and using it to discover
- and install other plugins. This installation method provides an
- Eclipse installation that closely resemble a manually installed
- Eclipse.
+ Once an Eclipse variant is installed it can be run using the
+ eclipse command, as expected. From within Eclipse it is
+ then possible to install plugins in the usual manner by either manually
+ specifying an Eclipse update site or by installing the Marketplace Client
+ plugin and using it to discover and install other plugins. This installation
+ method provides an Eclipse installation that closely resemble a manually
+ installed Eclipse.
- If you prefer to install plugins in a more declarative manner then
- Nixpkgs also offer a number of Eclipse plugins that can be
- installed in an Eclipse environment. This
- type of environment is created using the function
- eclipseWithPlugins found inside the
- nixpkgs.eclipses attribute set. This function
- takes as argument { eclipse, plugins ? [], jvmArgs ? []
- } where eclipse is a one of the
- Eclipse packages described above, plugins is a
- list of plugin derivations, and jvmArgs is a
- list of arguments given to the JVM running the Eclipse. For
- example, say you wish to install the latest Eclipse Platform with
- the popular Eclipse Color Theme plugin and also allow Eclipse to
- use more RAM. You could then add
-
+ If you prefer to install plugins in a more declarative manner then Nixpkgs
+ also offer a number of Eclipse plugins that can be installed in an
+ Eclipse environment. This type of environment is
+ created using the function eclipseWithPlugins found
+ inside the nixpkgs.eclipses attribute set. This function
+ takes as argument { eclipse, plugins ? [], jvmArgs ? [] }
+ where eclipse is a one of the Eclipse packages described
+ above, plugins is a list of plugin derivations, and
+ jvmArgs is a list of arguments given to the JVM running
+ the Eclipse. For example, say you wish to install the latest Eclipse
+ Platform with the popular Eclipse Color Theme plugin and also allow Eclipse
+ to use more RAM. You could then add
packageOverrides = pkgs: {
myEclipse = with pkgs.eclipses; eclipseWithPlugins {
@@ -276,42 +243,38 @@ packageOverrides = pkgs: {
};
}
-
- to your Nixpkgs configuration
- (~/.config/nixpkgs/config.nix) and install it by
- running nix-env -f '<nixpkgs>' -iA
- myEclipse and afterward run Eclipse as usual. It is
- possible to find out which plugins are available for installation
- using eclipseWithPlugins by running
-
+ to your Nixpkgs configuration
+ (~/.config/nixpkgs/config.nix) and install it by
+ running nix-env -f '<nixpkgs>' -iA myEclipse and
+ afterward run Eclipse as usual. It is possible to find out which plugins are
+ available for installation using eclipseWithPlugins by
+ running
$ nix-env -f '<nixpkgs>' -qaP -A eclipses.plugins --description
- If there is a need to install plugins that are not available in
- Nixpkgs then it may be possible to define these plugins outside
- Nixpkgs using the buildEclipseUpdateSite and
- buildEclipsePlugin functions found in the
- nixpkgs.eclipses.plugins attribute set. Use the
- buildEclipseUpdateSite function to install a
- plugin distributed as an Eclipse update site. This function takes
- { name, src } as argument where
- src indicates the Eclipse update site archive.
- All Eclipse features and plugins within the downloaded update site
- will be installed. When an update site archive is not available
- then the buildEclipsePlugin function can be
- used to install a plugin that consists of a pair of feature and
- plugin JARs. This function takes an argument { name,
- srcFeature, srcPlugin } where
- srcFeature and srcPlugin are
- the feature and plugin JARs, respectively.
+ If there is a need to install plugins that are not available in Nixpkgs then
+ it may be possible to define these plugins outside Nixpkgs using the
+ buildEclipseUpdateSite and
+ buildEclipsePlugin functions found in the
+ nixpkgs.eclipses.plugins attribute set. Use the
+ buildEclipseUpdateSite function to install a plugin
+ distributed as an Eclipse update site. This function takes { name,
+ src } as argument where src indicates the
+ Eclipse update site archive. All Eclipse features and plugins within the
+ downloaded update site will be installed. When an update site archive is not
+ available then the buildEclipsePlugin function can be
+ used to install a plugin that consists of a pair of feature and plugin JARs.
+ This function takes an argument { name, srcFeature, srcPlugin
+ } where srcFeature and
+ srcPlugin are the feature and plugin JARs, respectively.
- Expanding the previous example with two plugins using the above
- functions we have
+ Expanding the previous example with two plugins using the above functions we
+ have
packageOverrides = pkgs: {
myEclipse = with pkgs.eclipses; eclipseWithPlugins {
@@ -343,210 +306,214 @@ packageOverrides = pkgs: {
}
+
+
+ Elm
-
-
-
-
-Elm
-
-
-The Nix expressions for Elm reside in
-pkgs/development/compilers/elm. They are generated
-automatically by update-elm.rb script. One should
-specify versions of Elm packages inside the script, clear the
-packages directory and run the script from inside it.
-elm-reactor is special because it also has Elm package
-dependencies. The process is not automated very much for now -- you should
-get the elm-reactor source tree (e.g. with
-nix-shell) and run elm2nix.rb inside
-it. Place the resulting package.nix file into
-packages/elm-reactor-elm.nix.
-
-
-
-
-
-
-Interactive shell helpers
-
-
- Some packages provide the shell integration to be more useful. But
- unlike other systems, nix doesn't have a standard share directory
- location. This is why a bunch PACKAGE-share
- scripts are shipped that print the location of the corresponding
- shared folder.
-
- Current list of such packages is as following:
+
+ The Nix expressions for Elm reside in
+ pkgs/development/compilers/elm. They are generated
+ automatically by update-elm.rb script. One should specify
+ versions of Elm packages inside the script, clear the
+ packages directory and run the script from inside it.
+ elm-reactor is special because it also has Elm package
+ dependencies. The process is not automated very much for now -- you should
+ get the elm-reactor source tree (e.g. with
+ nix-shell) and run elm2nix.rb inside
+ it. Place the resulting package.nix file into
+ packages/elm-reactor-elm.nix.
+
+
+
+ Interactive shell helpers
-
+
+ Some packages provide the shell integration to be more useful. But unlike
+ other systems, nix doesn't have a standard share directory location. This is
+ why a bunch PACKAGE-share scripts are shipped that print
+ the location of the corresponding shared folder. Current list of such
+ packages is as following:
+
-
- autojump: autojump-share
-
+
+ autojump: autojump-share
+
-
- fzf: fzf-share
-
+
+ fzf: fzf-share
+
-
-
- E.g. autojump can then used in the .bashrc like this:
+
+ E.g. autojump can then used in the .bashrc like this:
source "$(autojump-share)/autojump.bash"
-
-
-
-
-
-
-Steam
-
-
-
-Steam in Nix
-
-
- Steam is distributed as a .deb file, for now only
- as an i686 package (the amd64 package only has documentation).
- When unpacked, it has a script called steam that
- in ubuntu (their target distro) would go to /usr/bin
- . When run for the first time, this script copies some
- files to the user's home, which include another script that is the
- ultimate responsible for launching the steam binary, which is also
- in $HOME.
-
-
- Nix problems and constraints:
-
- We don't have /bin/bash and many
- scripts point there. Similarly for /usr/bin/python
- .
- We don't have the dynamic loader in /lib
- .
- The steam.sh script in $HOME can
- not be patched, as it is checked and rewritten by steam.
- The steam binary cannot be patched, it's also checked.
-
-
-
- The current approach to deploy Steam in NixOS is composing a FHS-compatible
- chroot environment, as documented
- here.
- This allows us to have binaries in the expected paths without disrupting the system,
- and to avoid patching them to work in a non FHS environment.
-
-
-
-
-
-
-How to play
-
-
- For 64-bit systems it's important to have
- hardware.opengl.driSupport32Bit = true;
- in your /etc/nixos/configuration.nix. You'll also need
- hardware.pulseaudio.support32Bit = true;
- if you are using PulseAudio - this will enable 32bit ALSA apps integration.
- To use the Steam controller, you need to add
- services.udev.extraRules = ''
+
+
+
+ Steam
+
+
+ Steam in Nix
+
+
+ Steam is distributed as a .deb file, for now only as
+ an i686 package (the amd64 package only has documentation). When unpacked,
+ it has a script called steam that in ubuntu (their
+ target distro) would go to /usr/bin . When run for the
+ first time, this script copies some files to the user's home, which include
+ another script that is the ultimate responsible for launching the steam
+ binary, which is also in $HOME.
+
+
+
+ Nix problems and constraints:
+
+
+
+ We don't have /bin/bash and many scripts point
+ there. Similarly for /usr/bin/python .
+
+
+
+
+ We don't have the dynamic loader in /lib .
+
+
+
+
+ The steam.sh script in $HOME can not be patched, as
+ it is checked and rewritten by steam.
+
+
+
+
+ The steam binary cannot be patched, it's also checked.
+
+
+
+
+
+
+ The current approach to deploy Steam in NixOS is composing a FHS-compatible
+ chroot environment, as documented
+ here.
+ This allows us to have binaries in the expected paths without disrupting
+ the system, and to avoid patching them to work in a non FHS environment.
+
+
+
+
+ How to play
+
+
+ For 64-bit systems it's important to have
+hardware.opengl.driSupport32Bit = true;
+ in your /etc/nixos/configuration.nix. You'll also need
+hardware.pulseaudio.support32Bit = true;
+ if you are using PulseAudio - this will enable 32bit ALSA apps integration.
+ To use the Steam controller, you need to add
+services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
'';
- to your configuration.
-
-
-
-
-
-
-Troubleshooting
-
-
-
-
-
- Steam fails to start. What do I do?
- Try to run
- strace steam
- to see what is causing steam to fail.
-
-
-
- Using the FOSS Radeon or nouveau (nvidia) drivers
-
- The newStdcpp parameter
- was removed since NixOS 17.09 and should not be needed anymore.
-
-
-
- Steam ships statically linked with a version of libcrypto that
- conflics with the one dynamically loaded by radeonsi_dri.so.
- If you get the error
- steam.sh: line 713: 7842 Segmentation fault (core dumped)
- have a look at this pull request.
-
-
-
-
-
- Java
-
-
- There is no java in steam chrootenv by default. If you get a message like
- /home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found
- You need to add
- steam.override { withJava = true; };
- to your configuration.
-
-
-
-
-
-
-
-
-
-
-steam-run
-
-The FHS-compatible chroot used for steam can also be used to run
-other linux games that expect a FHS environment.
-To do it, add
+ to your configuration.
+
+
+
+
+ Troubleshooting
+
+
+
+
+ Steam fails to start. What do I do?
+
+
+ Try to run
+strace steam
+ to see what is causing steam to fail.
+
+
+
+
+ Using the FOSS Radeon or nouveau (nvidia) drivers
+
+
+
+
+ The newStdcpp parameter was removed since NixOS
+ 17.09 and should not be needed anymore.
+
+
+
+
+ Steam ships statically linked with a version of libcrypto that
+ conflics with the one dynamically loaded by radeonsi_dri.so. If you
+ get the error
+steam.sh: line 713: 7842 Segmentation fault (core dumped)
+ have a look at
+ this
+ pull request.
+
+
+
+
+
+
+ Java
+
+
+
+
+ There is no java in steam chrootenv by default. If you get a message
+ like
+/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found
+ You need to add
+ steam.override { withJava = true; };
+ to your configuration.
+
+
+
+
+
+
+
+
+
+
+ steam-run
+
+
+ The FHS-compatible chroot used for steam can also be used to run other
+ linux games that expect a FHS environment. To do it, add
pkgs.(steam.override {
nativeOnly = true;
newStdcpp = true;
}).run
-to your configuration, rebuild, and run the game with
+ to your configuration, rebuild, and run the game with
steam-run ./foo
-
-
-
-
-
-
-
-
-Emacs
-
-
-
-Configuring Emacs
-
-
- The Emacs package comes with some extra helpers to make it easier to
- configure. emacsWithPackages allows you to manage
- packages from ELPA. This means that you will not have to install
- that packages from within Emacs. For instance, if you wanted to use
- company, counsel,
- flycheck, ivy,
- magit, projectile, and
- use-package you could use this as a
- ~/.config/nixpkgs/config.nix override:
-
+
+
+
+
+ Emacs
+
+
+ Configuring Emacs
+
+
+ The Emacs package comes with some extra helpers to make it easier to
+ configure. emacsWithPackages allows you to manage
+ packages from ELPA. This means that you will not have to install that
+ packages from within Emacs. For instance, if you wanted to use
+ company, counsel,
+ flycheck, ivy,
+ magit, projectile, and
+ use-package you could use this as a
+ ~/.config/nixpkgs/config.nix override:
+
{
@@ -564,17 +531,17 @@ to your configuration, rebuild, and run the game with
}
-
- You can install it like any other packages via nix-env -iA
- myEmacs. However, this will only install those packages.
- It will not configure them for us. To do this, we
- need to provide a configuration file. Luckily, it is possible to do
- this from within Nix! By modifying the above example, we can make
- Emacs load a custom config file. The key is to create a package that
- provide a default.el file in
- /share/emacs/site-start/. Emacs knows to load
- this file automatically when it starts.
-
+
+ You can install it like any other packages via nix-env -iA
+ myEmacs. However, this will only install those packages. It will
+ not configure them for us. To do this, we need to
+ provide a configuration file. Luckily, it is possible to do this from
+ within Nix! By modifying the above example, we can make Emacs load a custom
+ config file. The key is to create a package that provide a
+ default.el file in
+ /share/emacs/site-start/. Emacs knows to load this
+ file automatically when it starts.
+
{
@@ -654,25 +621,24 @@ cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
}
-
- This provides a fairly full Emacs start file. It will load in
- addition to the user's presonal config. You can always disable it by
- passing -q to the Emacs command.
-
-
-
- Sometimes emacsWithPackages is not enough, as
- this package set has some priorities imposed on packages (with
- the lowest priority assigned to Melpa Unstable, and the highest for
- packages manually defined in
- pkgs/top-level/emacs-packages.nix). But you
- can't control this priorities when some package is installed as a
- dependency. You can override it on per-package-basis, providing all
- the required dependencies manually - but it's tedious and there is
- always a possibility that an unwanted dependency will sneak in
- through some other package. To completely override such a package
- you can use overrideScope.
-
+
+ This provides a fairly full Emacs start file. It will load in addition to
+ the user's presonal config. You can always disable it by passing
+ -q to the Emacs command.
+
+
+
+ Sometimes emacsWithPackages is not enough, as this
+ package set has some priorities imposed on packages (with the lowest
+ priority assigned to Melpa Unstable, and the highest for packages manually
+ defined in pkgs/top-level/emacs-packages.nix). But you
+ can't control this priorities when some package is installed as a
+ dependency. You can override it on per-package-basis, providing all the
+ required dependencies manually - but it's tedious and there is always a
+ possibility that an unwanted dependency will sneak in through some other
+ package. To completely override such a package you can use
+ overrideScope.
+
overrides = super: self: rec {
@@ -685,34 +651,34 @@ overrides = super: self: rec {
dante
])
+
+
+
+ Weechat
-
-
-
-
-
-Weechat
-
-Weechat can be configured to include your choice of plugins, reducing its
-closure size from the default configuration which includes all available
-plugins. To make use of this functionality, install an expression that
-overrides its configuration such as
+
+ Weechat can be configured to include your choice of plugins, reducing its
+ closure size from the default configuration which includes all available
+ plugins. To make use of this functionality, install an expression that
+ overrides its configuration such as
weechat.override {configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [ python perl ];
}
}
-
-
-The plugins currently available are python,
-perl, ruby, guile,
-tcl and lua.
-
-
-The python plugin allows the addition of extra libraries. For instance,
-the inotify.py script in weechat-scripts requires
-D-Bus or libnotify, and the fish.py script requires
-pycrypto. To use these scripts, use the python
-plugin's withPackages attribute:
+
+
+
+ The plugins currently available are python,
+ perl, ruby, guile,
+ tcl and lua.
+
+
+
+ The python plugin allows the addition of extra libraries. For instance, the
+ inotify.py script in weechat-scripts requires D-Bus or
+ libnotify, and the fish.py script requires pycrypto. To
+ use these scripts, use the python plugin's
+ withPackages attribute:
weechat.override { configure = {availablePlugins, ...}: {
plugins = with availablePlugins; [
(python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
@@ -720,16 +686,17 @@ plugin's withPackages attribute:
}
}
-
-
-In order to also keep all default plugins installed, it is possible to use
-the following method:
+
+
+
+ In order to also keep all default plugins installed, it is possible to use
+ the following method:
weechat.override { configure = { availablePlugins, ... }: {
plugins = builtins.attrValues (availablePlugins // {
python = availablePlugins.python.withPackages (ps: with ps; [ pycrypto python-dbus ]);
});
}; }
-
-
+
+
diff --git a/doc/platform-notes.xml b/doc/platform-notes.xml
index f4f6ec60029412882179bbd9647163af7fcbc9c7..b2c20c2d35c09f5fea4f6334df944c9e7ee01e29 100644
--- a/doc/platform-notes.xml
+++ b/doc/platform-notes.xml
@@ -1,27 +1,25 @@
+ Platform Notes
+
+ Darwin (macOS)
-Platform Notes
+
+ Some common issues when packaging software for darwin:
+
-
-
-Darwin (macOS)
-Some common issues when packaging software for darwin:
-
-
-
-
+
+
- The darwin stdenv uses clang instead of gcc.
- When referring to the compiler $CC or cc
- will work in both cases. Some builds hardcode gcc/g++ in their
- build scripts, that can usually be fixed with using something
- like makeFlags = [ "CC=cc" ]; or by patching
- the build scripts.
+ The darwin stdenv uses clang instead of gcc. When
+ referring to the compiler $CC or cc
+ will work in both cases. Some builds hardcode gcc/g++ in their build
+ scripts, that can usually be fixed with using something like
+ makeFlags = [ "CC=cc" ]; or by patching the build
+ scripts.
-
-
+
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
@@ -30,36 +28,33 @@
'';
}
-
-
-
+
+
- On darwin libraries are linked using absolute paths, libraries
- are resolved by their install_name at link
- time. Sometimes packages won't set this correctly causing the
- library lookups to fail at runtime. This can be fixed by adding
- extra linker flags or by running install_name_tool -id
- during the fixupPhase.
+ On darwin libraries are linked using absolute paths, libraries are
+ resolved by their install_name at link time. Sometimes
+ packages won't set this correctly causing the library lookups to fail at
+ runtime. This can be fixed by adding extra linker flags or by running
+ install_name_tool -id during the
+ fixupPhase.
-
-
+
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = stdenv.lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
-
-
-
+
+
- Some packages assume xcode is available and use xcrun
- to resolve build tools like clang, etc.
- This causes errors like xcode-select: error: no developer tools were found at '/Applications/Xcode.app'
- while the build doesn't actually depend on xcode.
+ Some packages assume xcode is available and use xcrun
+ to resolve build tools like clang, etc. This causes
+ errors like xcode-select: error: no developer tools were found at
+ '/Applications/Xcode.app' while the build doesn't actually depend
+ on xcode.
-
-
+
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
@@ -69,15 +64,12 @@
'';
}
-
- The package xcbuild can be used to build projects
- that really depend on Xcode, however projects that build some kind of
- graphical interface won't work without using Xcode in an impure way.
+ The package xcbuild can be used to build projects that
+ really depend on Xcode, however projects that build some kind of graphical
+ interface won't work without using Xcode in an impure way.
-
-
-
-
-
+
+
+
diff --git a/doc/quick-start.xml b/doc/quick-start.xml
index ca86e6c9519b61dda39ffd8e9cbe749281f93c8b..0cba3a4769c44766e752cc654e0df96377ca62ae 100644
--- a/doc/quick-start.xml
+++ b/doc/quick-start.xml
@@ -1,223 +1,219 @@
-
-Quick Start to Adding a Package
-
-To add a package to Nixpkgs:
-
-
-
-
- Checkout the Nixpkgs source tree:
-
+ Quick Start to Adding a Package
+
+ To add a package to Nixpkgs:
+
+
+
+ Checkout the Nixpkgs source tree:
$ git clone git://github.com/NixOS/nixpkgs.git
$ cd nixpkgs
-
-
-
-
- Find a good place in the Nixpkgs tree to add the Nix
- expression for your package. For instance, a library package
- typically goes into
- pkgs/development/libraries/pkgname,
- while a web browser goes into
- pkgs/applications/networking/browsers/pkgname.
- See for some hints on the tree
- organisation. Create a directory for your package, e.g.
-
+
+
+
+ Find a good place in the Nixpkgs tree to add the Nix expression for your
+ package. For instance, a library package typically goes into
+ pkgs/development/libraries/pkgname,
+ while a web browser goes into
+ pkgs/applications/networking/browsers/pkgname.
+ See for some hints on the tree
+ organisation. Create a directory for your package, e.g.
$ mkdir pkgs/development/libraries/libfoo
-
-
-
-
- In the package directory, create a Nix expression — a piece
- of code that describes how to build the package. In this case, it
- should be a function that is called with the
- package dependencies as arguments, and returns a build of the
- package in the Nix store. The expression should usually be called
- default.nix.
-
+
+
+
+ In the package directory, create a Nix expression — a piece of code that
+ describes how to build the package. In this case, it should be a
+ function that is called with the package dependencies
+ as arguments, and returns a build of the package in the Nix store. The
+ expression should usually be called default.nix.
$ emacs pkgs/development/libraries/libfoo/default.nix
$ git add pkgs/development/libraries/libfoo/default.nix
-
-
- You can have a look at the existing Nix expressions under
- pkgs/ to see how it’s done. Here are some
- good ones:
-
-
-
-
- GNU Hello:
+ You can have a look at the existing Nix expressions under
+ pkgs/ to see how it’s done. Here are some good
+ ones:
+
+
+
+ GNU Hello:
+ pkgs/applications/misc/hello/default.nix.
- Trivial package, which specifies some meta
- attributes which is good practice.
-
-
-
- GNU cpio: meta
+ attributes which is good practice.
+
+
+
+
+ GNU cpio:
+ pkgs/tools/archivers/cpio/default.nix.
- Also a simple package. The generic builder in
- stdenv does everything for you. It has
- no dependencies beyond stdenv.
-
-
-
- GNU Multiple Precision arithmetic library (GMP): stdenv
+ does everything for you. It has no dependencies beyond
+ stdenv.
+
+
+
+
+ GNU Multiple Precision arithmetic library (GMP):
+ pkgs/development/libraries/gmp/5.1.x.nix.
- Also done by the generic builder, but has a dependency on
- m4.
-
-
-
- Pan, a GTK-based newsreader: m4.
+
+
+
+
+ Pan, a GTK-based newsreader:
+ pkgs/applications/networking/newsreaders/pan/default.nix.
- Has an optional dependency on gtkspell,
- which is only built if spellCheck is
- true.
-
-
-
- Apache HTTPD: gtkspell, which is
+ only built if spellCheck is true.
+
+
+
+
+ Apache HTTPD:
+ pkgs/servers/http/apache-httpd/2.4.nix.
- A bunch of optional features, variable substitutions in the
- configure flags, a post-install hook, and miscellaneous
- hackery.
-
-
-
- Thunderbird:
+
+
+
+ Thunderbird:
+ pkgs/applications/networking/mailreaders/thunderbird/default.nix.
- Lots of dependencies.
-
-
-
- JDiskReport, a Java utility:
+
+
+
+ JDiskReport, a Java utility:
+ pkgs/tools/misc/jdiskreport/default.nix
- (and the builder).
- Nixpkgs doesn’t have a decent stdenv for
- Java yet so this is pretty ad-hoc.
-
-
-
- XML::Simple, a Perl module: stdenv for Java yet
+ so this is pretty ad-hoc.
+
+
+
+
+ XML::Simple, a Perl module:
+ pkgs/top-level/perl-packages.nix
- (search for the XMLSimple attribute).
- Most Perl modules are so simple to build that they are
- defined directly in perl-packages.nix;
- no need to make a separate file for them.
-
-
-
- Adobe Reader: XMLSimple attribute). Most Perl
+ modules are so simple to build that they are defined directly in
+ perl-packages.nix; no need to make a separate file
+ for them.
+
+
+
+
+ Adobe Reader:
+ pkgs/applications/misc/adobe-reader/default.nix.
- Shows how binary-only packages can be supported. In
- particular the builder
- uses patchelf to set the RUNPATH and ELF
- interpreter of the executables so that the right libraries
- are found at runtime.
-
-
-
-
+ uses patchelf to set the RUNPATH and ELF interpreter
+ of the executables so that the right libraries are found at runtime.
+
+
+
-
- Some notes:
-
-
-
-
- All meta
- attributes are optional, but it’s still a good idea to
- provide at least the description,
- homepage and license.
-
-
-
- You can use nix-prefetch-url (or similar nix-prefetch-git, etc)
- url to get the SHA-256 hash of
- source distributions. There are similar commands as nix-prefetch-git and
- nix-prefetch-hg available in nix-prefetch-scripts package.
-
-
-
- A list of schemes for mirror://
- URLs can be found in pkgs/build-support/fetchurl/mirrors.nix.
-
-
-
-
+
+ Some notes:
+
+
+
+ All meta attributes are
+ optional, but it’s still a good idea to provide at least the
+ description, homepage and
+ license.
+
+
+
+
+ You can use nix-prefetch-url (or similar
+ nix-prefetch-git, etc) url to get the
+ SHA-256 hash of source distributions. There are similar commands as
+ nix-prefetch-git and
+ nix-prefetch-hg available in
+ nix-prefetch-scripts package.
+
+
+
+
+ A list of schemes for mirror:// URLs can be found in
+ pkgs/build-support/fetchurl/mirrors.nix.
+
+
+
-
- The exact syntax and semantics of the Nix expression
- language, including the built-in function, are described in the
- Nix manual in the
+ The exact syntax and semantics of the Nix expression language, including
+ the built-in function, are described in the Nix manual in the
+ chapter
- on writing Nix expressions.
-
-
-
-
- Add a call to the function defined in the previous step to
- .
+
+
+
+
+ Add a call to the function defined in the previous step to
+ pkgs/top-level/all-packages.nix
- with some descriptive name for the variable,
- e.g. libfoo.
-
-
+ with some descriptive name for the variable, e.g.
+ libfoo.
+
$ emacs pkgs/top-level/all-packages.nix
-
-
- The attributes in that file are sorted by category (like
- “Development / Libraries”) that more-or-less correspond to the
- directory structure of Nixpkgs, and then by attribute name.
-
-
-
- To test whether the package builds, run the following command
- from the root of the nixpkgs source tree:
-
-
+
+ The attributes in that file are sorted by category (like “Development /
+ Libraries”) that more-or-less correspond to the directory structure of
+ Nixpkgs, and then by attribute name.
+
+
+
+
+ To test whether the package builds, run the following command from the
+ root of the nixpkgs source tree:
+
$ nix-build -A libfoo
-
- where libfoo should be the variable name
- defined in the previous step. You may want to add the flag
- to keep the temporary build directory in case
- something fails. If the build succeeds, a symlink
- ./result to the package in the Nix store is
- created.
-
-
-
- If you want to install the package into your profile
- (optional), do
-
-
+ where libfoo should be the variable name defined in the
+ previous step. You may want to add the flag to keep
+ the temporary build directory in case something fails. If the build
+ succeeds, a symlink ./result to the package in the
+ Nix store is created.
+
+
+
+
+ If you want to install the package into your profile (optional), do
+
$ nix-env -f . -iA libfoo
-
-
-
-
- Optionally commit the new package and open a pull request, or send a patch to
- https://groups.google.com/forum/#!forum/nix-devel.
-
-
-
-
-
-
-
+
+
+
+ Optionally commit the new package and open a pull request, or send a patch
+ to https://groups.google.com/forum/#!forum/nix-devel.
+
+
+
+
diff --git a/doc/release-notes.xml b/doc/release-notes.xml
index a50ee877acdda7a3b8c6b9c574f8dd1a21412569..6dae6ae5620e3ac7a0ff7468312f5438b57df540 100644
--- a/doc/release-notes.xml
+++ b/doc/release-notes.xml
@@ -1,164 +1,177 @@
+ Nixpkgs Release Notes
+
+ Release 0.14 (June 4, 2012)
+
+
+ In preparation for the switch from Subversion to Git, this release is mainly
+ the prevent the Nixpkgs version number from going backwards. (This would
+ happen because prerelease version numbers produced for the Git repository
+ are lower than those for the Subversion repository.)
+
-Nixpkgs Release Notes
-
-
-Release 0.14 (June 4, 2012)
-
-In preparation for the switch from Subversion to Git, this
-release is mainly the prevent the Nixpkgs version number from going
-backwards. (This would happen because prerelease version numbers
-produced for the Git repository are lower than those for the
-Subversion repository.)
-
-Since the last release, there have been thousands of changes and
-new packages by numerous contributors. For details, see the commit
-logs.
-
-
-
-
-Release 0.13 (February 5, 2010)
-
-As always, there are many changes. Some of the most important
-updates are:
-
-
-
- Glibc 2.9.
-
- GCC 4.3.3.
-
- Linux 2.6.32.
-
- X.org 7.5.
-
- KDE 4.3.4.
-
-
-
-
-
-
-
-
-
-Release 0.12 (April 24, 2009)
-
-There are way too many additions to Nixpkgs since the last
-release to list here: for example, the number of packages on Linux has
-increased from 1002 to 2159. However, some specific improvements are
-worth listing:
-
-
-
- Nixpkgs now has a manual. In particular, it
- describes the standard build environment in
- detail.
-
- Major new packages:
-
-
-
- KDE 4.
-
- TeXLive.
-
- VirtualBox.
-
-
-
- … and many others.
-
-
-
- Important updates:
-
-
-
- Glibc 2.7.
-
- GCC 4.2.4.
-
- Linux 2.6.25 — 2.6.28.
-
- Firefox 3.
-
- X.org 7.3.
-
-
-
-
-
- Support for building derivations in a virtual
- machine, including RPM and Debian builds in automatically generated
- VM images. See
- pkgs/build-support/vm/default.nix for
- details.
-
- Improved support for building Haskell
- packages.
-
-
-
-
-
-The following people contributed to this release:
-
-Andres Löh,
-Arie Middelkoop,
-Armijn Hemel,
-Eelco Dolstra,
-Lluís Batlle,
-Ludovic Courtès,
-Marc Weber,
-Mart Kolthof,
-Martin Bravenboer,
-Michael Raskin,
-Nicolas Pierron,
-Peter Simons,
-Pjotr Prins,
-Rob Vermaas,
-Sander van der Burg,
-Tobias Hammerschmidt,
-Valentin David,
-Wouter den Breejen and
-Yury G. Kudryashov.
-
-In addition, several people contributed patches on the
-nix-dev mailing list.
-
-
-
-
-Release 0.11 (September 11, 2007)
-
-This release has the following improvements:
-
-
-
-
- The standard build environment
- (stdenv) is now pure on the
- x86_64-linux and powerpc-linux
- platforms, just as on i686-linux. (Purity means
- that building and using the standard environment has no dependencies
- outside of the Nix store. For instance, it doesn’t require an
- external C compiler such as /usr/bin/gcc.)
- Also, the statically linked binaries used in the bootstrap process
- are now automatically reproducible, making it easy to update the
- bootstrap tools and to add support for other Linux platforms. See
- pkgs/stdenv/linux/make-bootstrap-tools.nix for
- details.
-
-
- Hook variables in the generic builder are now
- executed using the eval shell command. This
- has a major advantage: you can write hooks directly in Nix
- expressions. For instance, rather than writing a builder like this:
+
+ Since the last release, there have been thousands of changes and new
+ packages by numerous contributors. For details, see the commit logs.
+
+
+
+ Release 0.13 (February 5, 2010)
+
+
+ As always, there are many changes. Some of the most important updates are:
+
+
+
+ Glibc 2.9.
+
+
+
+
+ GCC 4.3.3.
+
+
+
+
+ Linux 2.6.32.
+
+
+
+
+ X.org 7.5.
+
+
+
+
+ KDE 4.3.4.
+
+
+
+
+
+
+ Release 0.12 (April 24, 2009)
+
+
+ There are way too many additions to Nixpkgs since the last release to list
+ here: for example, the number of packages on Linux has increased from 1002
+ to 2159. However, some specific improvements are worth listing:
+
+
+
+ Nixpkgs now has a manual. In particular, it describes the standard build
+ environment in detail.
+
+
+
+
+ Major new packages:
+
+
+
+ KDE 4.
+
+
+
+
+ TeXLive.
+
+
+
+
+ VirtualBox.
+
+
+
+ … and many others.
+
+
+
+
+ Important updates:
+
+
+
+ Glibc 2.7.
+
+
+
+
+ GCC 4.2.4.
+
+
+
+
+ Linux 2.6.25 — 2.6.28.
+
+
+
+
+ Firefox 3.
+
+
+
+
+ X.org 7.3.
+
+
+
+
+
+
+
+ Support for building derivations in a virtual machine, including RPM and
+ Debian builds in automatically generated VM images. See
+ pkgs/build-support/vm/default.nix for details.
+
+
+
+
+ Improved support for building Haskell packages.
+
+
+
+
+
+ The following people contributed to this release: Andres Löh, Arie
+ Middelkoop, Armijn Hemel, Eelco Dolstra, Lluís Batlle, Ludovic Courtès,
+ Marc Weber, Mart Kolthof, Martin Bravenboer, Michael Raskin, Nicolas
+ Pierron, Peter Simons, Pjotr Prins, Rob Vermaas, Sander van der Burg, Tobias
+ Hammerschmidt, Valentin David, Wouter den Breejen and Yury G. Kudryashov. In
+ addition, several people contributed patches on the
+ nix-dev mailing list.
+
+
+
+ Release 0.11 (September 11, 2007)
+
+
+ This release has the following improvements:
+
+
+
+ The standard build environment (stdenv) is now pure on
+ the x86_64-linux and powerpc-linux
+ platforms, just as on i686-linux. (Purity means that
+ building and using the standard environment has no dependencies outside
+ of the Nix store. For instance, it doesn’t require an external C
+ compiler such as /usr/bin/gcc.) Also, the statically
+ linked binaries used in the bootstrap process are now automatically
+ reproducible, making it easy to update the bootstrap tools and to add
+ support for other Linux platforms. See
+ pkgs/stdenv/linux/make-bootstrap-tools.nix for
+ details.
+
+
+
+
+ Hook variables in the generic builder are now executed using the
+ eval shell command. This has a major advantage: you
+ can write hooks directly in Nix expressions. For instance, rather than
+ writing a builder like this:
source $stdenv/setup
@@ -169,290 +182,311 @@ postInstall() {
}
genericBuild
-
- (the gzip builder), you can just add this
- attribute to the derivation:
-
+ (the gzip builder), you can just add this attribute to
+ the derivation:
postInstall = "ln -sf gzip $out/bin/gunzip; ln -sf gzip $out/bin/zcat";
-
- and so a separate build script becomes unnecessary. This should
- allow us to get rid of most builders in Nixpkgs.
-
-
- It is now possible to have the generic builder pass
- arguments to configure and
- make that contain whitespace. Previously, for
- example, you could say in a builder,
-
+ and so a separate build script becomes unnecessary. This should allow us
+ to get rid of most builders in Nixpkgs.
+
+
+
+
+ It is now possible to have the generic builder pass arguments to
+ configure and make that contain
+ whitespace. Previously, for example, you could say in a builder,
configureFlags="CFLAGS=-O0"
-
- but not
-
+ but not
configureFlags="CFLAGS=-O0 -g"
-
- since the -g would be interpreted as a separate
- argument to configure. Now you can say
-
+ since the -g would be interpreted as a separate
+ argument to configure. Now you can say
configureFlagsArray=("CFLAGS=-O0 -g")
-
- or similarly
-
+ or similarly
configureFlagsArray=("CFLAGS=-O0 -g" "LDFLAGS=-L/foo -L/bar")
-
- which does the right thing. Idem for makeFlags,
- installFlags, checkFlags and
- distFlags.
-
- Unfortunately you can't pass arrays to Bash through the
- environment, so you can't put the array above in a Nix expression,
- e.g.,
-
+ which does the right thing. Idem for makeFlags,
+ installFlags, checkFlags and
+ distFlags.
+
+
+ Unfortunately you can't pass arrays to Bash through the environment, so
+ you can't put the array above in a Nix expression, e.g.,
configureFlagsArray = ["CFLAGS=-O0 -g"];
-
- since it would just be flattened to a since string. However, you
- can use the inline hooks described above:
-
+ since it would just be flattened to a since string. However, you
+ can use the inline hooks described above:
preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")";
-
-
-
-
- The function fetchurl now has
- support for two different kinds of mirroring of files. First, it
- has support for content-addressable mirrors.
- For example, given the fetchurl call
-
+
+
+
+
+ The function fetchurl now has support for two
+ different kinds of mirroring of files. First, it has support for
+ content-addressable mirrors. For example, given the
+ fetchurl call
fetchurl {
url = http://releases.mozilla.org/.../firefox-2.0.0.6-source.tar.bz2;
sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082";
}
-
- fetchurl will first try to download this file
- from fetchurl will first try to download this file from
+ .
- If that file doesn’t exist, it will try the original URL. In
- general, the “content-addressed” location is
- mirror/hash-type/hash.
- There is currently only one content-addressable mirror (mirror/hash-type/hash.
+ There is currently only one content-addressable mirror
+ (), but more can be
- specified in the hashedMirrors attribute in
- pkgs/build-support/fetchurl/mirrors.nix, or by
- setting the NIX_HASHED_MIRRORS environment variable
- to a whitespace-separated list of URLs.
-
- Second, fetchurl has support for
- widely-mirrored distribution sites such as SourceForge or the Linux
- kernel archives. Given a URL of the form
- mirror://site/path,
- it will try to download path from a
- configurable list of mirrors for site.
- (This idea was borrowed from Gentoo Linux.) Example:
+ specified in the hashedMirrors attribute in
+ pkgs/build-support/fetchurl/mirrors.nix, or by
+ setting the NIX_HASHED_MIRRORS environment variable to a
+ whitespace-separated list of URLs.
+
+
+ Second, fetchurl has support for widely-mirrored
+ distribution sites such as SourceForge or the Linux kernel archives.
+ Given a URL of the form
+ mirror://site/path,
+ it will try to download path from a
+ configurable list of mirrors for site. (This
+ idea was borrowed from Gentoo Linux.) Example:
fetchurl {
url = mirror://gnu/gcc/gcc-4.2.0/gcc-core-4.2.0.tar.bz2;
sha256 = "0ykhzxhr8857dr97z0j9wyybfz1kjr71xk457cfapfw5fjas4ny1";
}
- Currently site can be
- sourceforge, gnu and
- kernel. The list of mirrors is defined in
- pkgs/build-support/fetchurl/mirrors.nix. You
- can override the list of mirrors for a particular site by setting
- the environment variable
- NIX_MIRRORS_site, e.g.
+ Currently site can be
+ sourceforge, gnu and
+ kernel. The list of mirrors is defined in
+ pkgs/build-support/fetchurl/mirrors.nix. You can
+ override the list of mirrors for a particular site by setting the
+ environment variable
+ NIX_MIRRORS_site, e.g.
export NIX_MIRRORS_sourceforge=http://osdn.dl.sourceforge.net/sourceforge/
+
+
+
+
+ Important updates:
+
+
+
+ Glibc 2.5.
+
+
+
+
+ GCC 4.1.2.
+
+
+
+
+ Gnome 2.16.3.
+
+
+
+
+ X11R7.2.
+
+
+
+
+ Linux 2.6.21.7 and 2.6.22.6.
+
+
+
+
+ Emacs 22.1.
+
+
+
+
+
+
+
+ Major new packages:
+
+
+
+ KDE 3.5.6 Base.
+
+
+
+
+ Wine 0.9.43.
+
+
+
+
+ OpenOffice 2.2.1.
+
+
+
+
+ Many Linux system packages to support NixOS.
+
+
+
+
+
+
-
-
-
- Important updates:
-
-
-
- Glibc 2.5.
-
- GCC 4.1.2.
-
- Gnome 2.16.3.
-
- X11R7.2.
-
- Linux 2.6.21.7 and 2.6.22.6.
-
- Emacs 22.1.
-
-
-
-
-
-
- Major new packages:
-
-
-
- KDE 3.5.6 Base.
-
- Wine 0.9.43.
-
- OpenOffice 2.2.1.
-
- Many Linux system packages to support
- NixOS.
-
-
-
-
-
-
-
-
-
-The following people contributed to this release:
-
- Andres Löh,
- Arie Middelkoop,
- Armijn Hemel,
- Eelco Dolstra,
- Marc Weber,
- Mart Kolthof,
- Martin Bravenboer,
- Michael Raskin,
- Wouter den Breejen and
- Yury G. Kudryashov.
-
-
-
-
-
-
-Release 0.10 (October 12, 2006)
-
-This release of Nixpkgs requires Nix
-0.10 or higher.
-
-This release has the following improvements:
-
-
-
- pkgs/system/all-packages-generic.nix
- is gone, we now just have
- pkgs/top-level/all-packages.nix that contains
- all available packages. This should cause much less confusion with
- users. all-packages.nix is a function that by
- default returns packages for the current platform, but you can
- override this by specifying a different system
- argument.
-
- Certain packages in Nixpkgs are now
- user-configurable through a configuration file, i.e., without having
- to edit the Nix expressions in Nixpkgs. For instance, the Firefox
- provided in the Nixpkgs channel is built without the RealPlayer
- plugin (for legal reasons). Previously, you could easily enable
- RealPlayer support by editing the call to the Firefox function in
- all-packages.nix, but such changes are not
- respected when Firefox is subsequently updated through the Nixpkgs
- channel.
-
- The Nixpkgs configuration file (found in
- ~/.nixpkgs/config.nix or through the
- NIXPKGS_CONFIG environment variable) is an attribute
- set that contains configuration options that
- all-packages.nix reads and uses for certain
- packages. For instance, the following configuration file:
+
+ The following people contributed to this release: Andres Löh, Arie
+ Middelkoop, Armijn Hemel, Eelco Dolstra, Marc Weber, Mart Kolthof, Martin
+ Bravenboer, Michael Raskin, Wouter den Breejen and Yury G. Kudryashov.
+
+
+
+ Release 0.10 (October 12, 2006)
+
+
+
+ This release of Nixpkgs requires
+ Nix 0.10
+ or higher.
+
+
+
+
+ This release has the following improvements:
+
+
+
+
+ pkgs/system/all-packages-generic.nix is gone, we now
+ just have pkgs/top-level/all-packages.nix that
+ contains all available packages. This should cause much less confusion
+ with users. all-packages.nix is a function that by
+ default returns packages for the current platform, but you can override
+ this by specifying a different system argument.
+
+
+
+
+ Certain packages in Nixpkgs are now user-configurable through a
+ configuration file, i.e., without having to edit the Nix expressions in
+ Nixpkgs. For instance, the Firefox provided in the Nixpkgs channel is
+ built without the RealPlayer plugin (for legal reasons). Previously, you
+ could easily enable RealPlayer support by editing the call to the Firefox
+ function in all-packages.nix, but such changes are
+ not respected when Firefox is subsequently updated through the Nixpkgs
+ channel.
+
+
+ The Nixpkgs configuration file (found in
+ ~/.nixpkgs/config.nix or through the
+ NIXPKGS_CONFIG environment variable) is an attribute set
+ that contains configuration options that
+ all-packages.nix reads and uses for certain packages.
+ For instance, the following configuration file:
{
firefox = {
enableRealPlayer = true;
};
}
-
- persistently enables RealPlayer support in the Firefox
- build.
-
- (Actually, firefox.enableRealPlayer is the
- only configuration option currently available,
- but more are sure to be added.)
-
- Support for new platforms:
-
-
-
- i686-cygwin, i.e., Windows
- (using Cygwin).
- The standard environment on i686-cygwin by
- default builds binaries for the Cygwin environment (i.e., it
- uses Cygwin tools and produces executables that use the Cygwin
- library). However, there is also a standard environment that
- produces binaries that use MinGW. You can use it
- by calling all-package.nix with the
- stdenvType argument set to
- "i686-mingw".
-
- i686-darwin, i.e., Mac OS X
- on Intel CPUs.
-
- powerpc-linux.
-
- x86_64-linux, i.e., Linux on
- 64-bit AMD/Intel CPUs. Unlike i686-linux,
- this platform doesn’t have a pure stdenv
- yet.
-
-
-
+ persistently enables RealPlayer support in the Firefox build.
-
-
-
- The default compiler is now GCC 4.1.1.
-
- X11 updated to X.org’s X11R7.1.
-
- Notable new packages:
-
-
-
- Opera.
-
- Microsoft Visual C++ 2005 Express Edition and
- the Windows SDK.
-
-
-
- In total there are now around 809 packages in Nixpkgs.
-
-
-
-
- It is now much easier to
- override the default C compiler and other tools in
- stdenv for specific packages.
- all-packages.nix provides two utility
- functions for this purpose: overrideGCC and
- overrideInStdenv. Both take a
- stdenv and return an augmented
- stdenv; the formed changes the C compiler, and
- the latter adds additional packages to the front of
- stdenv’s initial PATH, allowing
- tools to be overridden.
-
- For instance, the package strategoxt
- doesn’t build with the GNU Make in stdenv
- (version 3.81), so we call it with an augmented
- stdenv that uses GNU Make 3.80:
-
+
+ (Actually, firefox.enableRealPlayer is the
+ only configuration option currently available, but
+ more are sure to be added.)
+
+
+
+
+ Support for new platforms:
+
+
+
+ i686-cygwin, i.e., Windows (using
+ Cygwin). The standard
+ environment on i686-cygwin by default builds
+ binaries for the Cygwin environment (i.e., it uses Cygwin tools and
+ produces executables that use the Cygwin library). However, there is
+ also a standard environment that produces binaries that use
+ MinGW. You can
+ use it by calling all-package.nix with the
+ stdenvType argument set to
+ "i686-mingw".
+
+
+
+
+ i686-darwin, i.e., Mac OS X on Intel CPUs.
+
+
+
+
+ powerpc-linux.
+
+
+
+
+ x86_64-linux, i.e., Linux on 64-bit AMD/Intel CPUs.
+ Unlike i686-linux, this platform doesn’t have a
+ pure stdenv yet.
+
+
+
+
+
+
+
+ The default compiler is now GCC 4.1.1.
+
+
+
+
+ X11 updated to X.org’s X11R7.1.
+
+
+
+
+ Notable new packages:
+
+
+
+ Opera.
+
+
+
+
+ Microsoft Visual C++ 2005 Express Edition and the Windows SDK.
+
+
+
+ In total there are now around 809 packages in Nixpkgs.
+
+
+
+
+ It is now much easier to override the default C
+ compiler and other tools in stdenv for specific
+ packages. all-packages.nix provides two utility
+ functions for this purpose: overrideGCC and
+ overrideInStdenv. Both take a
+ stdenv and return an augmented
+ stdenv; the formed changes the C compiler, and the
+ latter adds additional packages to the front of
+ stdenv’s initial PATH, allowing tools
+ to be overridden.
+
+
+ For instance, the package strategoxt doesn’t build
+ with the GNU Make in stdenv (version 3.81), so we call
+ it with an augmented stdenv that uses GNU Make 3.80:
strategoxt = (import ../development/compilers/strategoxt) {
inherit fetchurl pkgconfig sdf aterm;
@@ -460,44 +494,37 @@ strategoxt = (import ../development/compilers/strategoxt) {
};
gnumake380 = ...;
-
- Likewise, there are many packages that don’t compile with the
- default GCC (4.1.1), but that’s easily fixed:
-
+ Likewise, there are many packages that don’t compile with the default
+ GCC (4.1.1), but that’s easily fixed:
exult = import ../games/exult {
inherit fetchurl SDL SDL_mixer zlib libpng unzip;
stdenv = overrideGCC stdenv gcc34;
};
-
-
-
-
- It has also become much easier to experiment with
- changes to the stdenv setup script (which notably
- contains the generic builder). Since edits to
- pkgs/stdenv/generic/setup.sh trigger a rebuild
- of everything, this was formerly quite painful.
- But now stdenv contains a function to
- “regenerate” stdenv with a different setup
- script, allowing the use of a different setup script for specific
- packages:
-
+
+
+
+
+ It has also become much easier to experiment with changes to the
+ stdenv setup script (which notably contains the generic
+ builder). Since edits to pkgs/stdenv/generic/setup.sh
+ trigger a rebuild of everything, this was formerly
+ quite painful. But now stdenv contains a function to
+ “regenerate” stdenv with a different setup script,
+ allowing the use of a different setup script for specific packages:
pkg = import ... {
stdenv = stdenv.regenerate ./my-setup.sh;
...
}
-
-
-
-
- Packages can now have a human-readable
- description field. Package descriptions are
- shown by nix-env -qa --description. In addition,
- they’re shown on the Nixpkgs release page. A description can be
- added to a package as follows:
-
+
+
+
+
+ Packages can now have a human-readable description
+ field. Package descriptions are shown by nix-env -qa
+ --description. In addition, they’re shown on the Nixpkgs
+ release page. A description can be added to a package as follows:
stdenv.mkDerivation {
name = "exult-1.2";
@@ -506,228 +533,268 @@ stdenv.mkDerivation {
description = "A reimplementation of the Ultima VII game engine";
};
}
-
- The meta attribute is not passed to the builder,
- so changes to the description do not trigger a rebuild. Additional
- meta attributes may be defined in the future
- (such as the URL of the package’s homepage, the license,
- etc.).
-
-
-
-
-The following people contributed to this release:
-
- Andres Löh,
- Armijn Hemel,
- Christof Douma,
- Eelco Dolstra,
- Eelco Visser,
- Mart Kolthof,
- Martin Bravenboer,
- Merijn de Jonge,
- Rob Vermaas and
- Roy van den Broek.
-
-
-
-
-
-
-Release 0.9 (January 31, 2006)
-
-There have been zillions of changes since the last release of
-Nixpkgs. Many packages have been added or updated. The following are
-some of the more notable changes:
-
-
-
- Distribution files have been moved to .
-
- The C library on Linux, Glibc, has been updated to
- version 2.3.6.
-
- The default compiler is now GCC 3.4.5. GCC 4.0.2 is
- also available.
-
- The old, unofficial Xlibs has been replaced by the
- official modularised X11 distribution from X.org, i.e., X11R7.0.
- X11R7.0 consists of 287 (!) packages, all of which are in Nixpkgs
- though not all have been tested. It is now possible to build a
- working X server (previously we only had X client libraries). We
- use a fully Nixified X server on NixOS.
-
- The Sun JDK 5 has been purified, i.e., it doesn’t
- require any non-Nix components such as
- /lib/ld-linux.so.2. This means that Java
- applications such as Eclipse and Azureus can run on
- NixOS.
-
- Hardware-accelerated OpenGL support, used by games
- like Quake 3 (which is now built from source).
-
- Improved support for FreeBSD on
- x86.
-
- Improved Haskell support; e.g., the GHC build is now
- pure.
-
- Some support for cross-compilation: cross-compiling
- builds of GCC and Binutils, and cross-compiled builds of the C
- library uClibc.
-
- Notable new packages:
-
-
-
- teTeX, including support for building LaTeX
- documents using Nix (with automatic dependency
- determination).
-
- Ruby.
-
- System-level packages to support NixOS,
- e.g. Grub, GNU parted and so
- on.
-
- ecj, the Eclipse Compiler for
- Java, so we finally have a freely distributable compiler that
- supports Java 5.0.
-
- php.
-
- The GIMP.
-
- Inkscape.
-
- GAIM.
-
- kdelibs. This allows us to
- add KDE-based packages (such as
- kcachegrind).
-
-
-
-
-
-
-
-The following people contributed to this release:
-
- Andres Löh,
- Armijn Hemel,
- Bogdan Dumitriu,
- Christof Douma,
- Eelco Dolstra,
- Eelco Visser,
- Mart Kolthof,
- Martin Bravenboer,
- Rob Vermaas and
- Roy van den Broek.
-
-
-
-
-
-
-Release 0.8 (April 11, 2005)
-
-This release is mostly to remain synchronised with the changed
-hashing scheme in Nix 0.8.
-
-Notable updates:
-
-
-
- Adobe Reader 7.0
-
- Various security updates (zlib 1.2.2, etc.)
-
-
-
-
-
-
-
-
-Release 0.7 (March 14, 2005)
-
-
-
-
-
- The bootstrap process for the standard build
- environment on Linux (stdenv-linux) has been improved. It is no
- longer dependent in its initial bootstrap stages on the system
- Glibc, GCC, and other tools. Rather, Nixpkgs contains a statically
- linked bash and curl, and uses that to download other statically
- linked tools. These are then used to build a Glibc and dynamically
- linked versions of all other tools.
-
- This change also makes the bootstrap process faster. For
- instance, GCC is built only once instead of three times.
-
- (Contributed by Armijn Hemel.)
-
-
-
-
-
- Tarballs used by Nixpkgs are now obtained from the same server
- that hosts Nixpkgs (). This reduces the
- risk of packages being unbuildable due to moved or deleted files on
- various servers.
-
-
-
-
-
- There now is a generic mechanism for building Perl modules.
- See the various Perl modules defined in
- pkgs/system/all-packages-generic.nix.
-
-
-
-
-
- Notable new packages:
-
-
-
- Qt 3
- MySQL
- MythTV
- Mono
- MonoDevelop (alpha)
- Xine
-
+ The meta attribute is not passed to the builder, so
+ changes to the description do not trigger a rebuild. Additional
+ meta attributes may be defined in the future (such as
+ the URL of the package’s homepage, the license, etc.).
+
+
+
+ The following people contributed to this release: Andres Löh, Armijn Hemel,
+ Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof, Martin
+ Bravenboer, Merijn de Jonge, Rob Vermaas and Roy van den Broek.
+
+
+
+ Release 0.9 (January 31, 2006)
+
+
+ There have been zillions of changes since the last release of Nixpkgs. Many
+ packages have been added or updated. The following are some of the more
+ notable changes:
-
-
-
-
-
- Notable updates:
-
- GCC 3.4.3
- Glibc 2.3.4
- GTK 2.6
-
+
+
+ Distribution files have been moved to
+ .
+
+
+
+
+ The C library on Linux, Glibc, has been updated to version 2.3.6.
+
+
+
+
+ The default compiler is now GCC 3.4.5. GCC 4.0.2 is also available.
+
+
+
+
+ The old, unofficial Xlibs has been replaced by the official modularised
+ X11 distribution from X.org, i.e., X11R7.0. X11R7.0 consists of 287 (!)
+ packages, all of which are in Nixpkgs though not all have been tested. It
+ is now possible to build a working X server (previously we only had X
+ client libraries). We use a fully Nixified X server on NixOS.
+
+
+
+
+ The Sun JDK 5 has been purified, i.e., it doesn’t require any non-Nix
+ components such as /lib/ld-linux.so.2. This means
+ that Java applications such as Eclipse and Azureus can run on NixOS.
+
+
+
+
+ Hardware-accelerated OpenGL support, used by games like Quake 3 (which is
+ now built from source).
+
+
+
+
+ Improved support for FreeBSD on x86.
+
+
+
+
+ Improved Haskell support; e.g., the GHC build is now pure.
+
+
+
+
+ Some support for cross-compilation: cross-compiling builds of GCC and
+ Binutils, and cross-compiled builds of the C library uClibc.
+
+
+
+
+ Notable new packages:
+
+
+
+ teTeX, including support for building LaTeX documents using Nix (with
+ automatic dependency determination).
+
+
+
+
+ Ruby.
+
+
+
+
+ System-level packages to support NixOS, e.g. Grub, GNU
+ parted and so on.
+
+
+
+
+ ecj, the Eclipse Compiler for Java, so we finally
+ have a freely distributable compiler that supports Java 5.0.
+
+
+
+
+ php.
+
+
+
+
+ The GIMP.
+
+
+
+
+ Inkscape.
+
+
+
+
+ GAIM.
+
+
+
+
+ kdelibs. This allows us to add KDE-based packages
+ (such as kcachegrind).
+
+
+
+
+
+
+ The following people contributed to this release: Andres Löh, Armijn Hemel,
+ Bogdan Dumitriu, Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof,
+ Martin Bravenboer, Rob Vermaas and Roy van den Broek.
+
+
+ Release 0.8 (April 11, 2005)
-
-
-
+
+ This release is mostly to remain synchronised with the changed hashing
+ scheme in Nix 0.8.
+
-
+
+ Notable updates:
+
+
+
+ Adobe Reader 7.0
+
+
+
+
+ Various security updates (zlib 1.2.2, etc.)
+
+
+
+
+
+
+ Release 0.7 (March 14, 2005)
-
+
+
+
+ The bootstrap process for the standard build environment on Linux
+ (stdenv-linux) has been improved. It is no longer dependent in its initial
+ bootstrap stages on the system Glibc, GCC, and other tools. Rather,
+ Nixpkgs contains a statically linked bash and curl, and uses that to
+ download other statically linked tools. These are then used to build a
+ Glibc and dynamically linked versions of all other tools.
+
+
+ This change also makes the bootstrap process faster. For instance, GCC is
+ built only once instead of three times.
+
+
+ (Contributed by Armijn Hemel.)
+
+
+
+
+ Tarballs used by Nixpkgs are now obtained from the same server that hosts
+ Nixpkgs (). This
+ reduces the risk of packages being unbuildable due to moved or deleted
+ files on various servers.
+
+
+
+
+ There now is a generic mechanism for building Perl modules. See the
+ various Perl modules defined in pkgs/system/all-packages-generic.nix.
+
+
+
+
+ Notable new packages:
+
+
+
+ Qt 3
+
+
+
+
+ MySQL
+
+
+
+
+ MythTV
+
+
+
+
+ Mono
+
+
+
+
+ MonoDevelop (alpha)
+
+
+
+
+ Xine
+
+
+
+
+
+
+
+ Notable updates:
+
+
+
+ GCC 3.4.3
+
+
+
+
+ Glibc 2.3.4
+
+
+
+
+ GTK 2.6
+
+
+
+
+
+
+
diff --git a/doc/reviewing-contributions.xml b/doc/reviewing-contributions.xml
index 7b017f0a8cc44a14f075c28159d5acd2cf269084..b648691183b87fc1bc038f3113ea57c6406ee34e 100644
--- a/doc/reviewing-contributions.xml
+++ b/doc/reviewing-contributions.xml
@@ -3,95 +3,148 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-reviewing-contributions">
-
-Reviewing contributions
-
-
- The following section is a draft and reviewing policy is still being
- discussed.
-
-
-The nixpkgs projects receives a fairly high number of contributions via
- GitHub pull-requests. Reviewing and approving these is an important task and a
- way to contribute to the project.
-
-The high change rate of nixpkgs make any pull request that is open for
- long enough subject to conflicts that will require extra work from the
- submitter or the merger. Reviewing pull requests in a timely manner and being
+ Reviewing contributions
+
+
+ The following section is a draft and reviewing policy is still being
+ discussed.
+
+
+
+ The nixpkgs projects receives a fairly high number of contributions via
+ GitHub pull-requests. Reviewing and approving these is an important task and
+ a way to contribute to the project.
+
+
+ The high change rate of nixpkgs make any pull request that is open for long
+ enough subject to conflicts that will require extra work from the submitter
+ or the merger. Reviewing pull requests in a timely manner and being
responsive to the comments is the key to avoid these. GitHub provides sort
- filters that can be used to see the most
- recently and the and the
+ least
- recently updated pull-requests.
- We highly encourage looking at
- this list of ready to merge, unreviewed pull requests.
-
-When reviewing a pull request, please always be nice and polite.
+ recently updated pull-requests. We highly encourage looking at
+
+ this list of ready to merge, unreviewed pull requests.
+
+
+ When reviewing a pull request, please always be nice and polite.
Controversial changes can lead to controversial opinions, but it is important
- to respect every community members and their work.
-
-GitHub provides reactions, they are a simple and quick way to provide
+ to respect every community members and their work.
+
+
+ GitHub provides reactions, they are a simple and quick way to provide
feedback to pull-requests or any comments. The thumb-down reaction should be
used with care and if possible accompanied with some explanations so the
- submitter has directions to improve his contribution.
-
-Pull-requests reviews should include a list of what has been reviewed in a
- comment, so other reviewers and mergers can know the state of the
- review.
-
-All the review template samples provided in this section are generic and
+ submitter has directions to improve his contribution.
+
+
+ Pull-requests reviews should include a list of what has been reviewed in a
+ comment, so other reviewers and mergers can know the state of the review.
+
+
+ All the review template samples provided in this section are generic and
meant as examples. Their usage is optional and the reviewer is free to adapt
- them to his liking.
-
-Package updates
-
-A package update is the most trivial and common type of pull-request.
- These pull-requests mainly consist in updating the version part of the package
- name and the source hash.
-It can happen that non trivial updates include patches or more complex
- changes.
-
-Reviewing process:
-
-
- Add labels to the pull-request. (Requires commit
- rights)
+ them to his liking.
+
+
+ Package updates
+
+
+ A package update is the most trivial and common type of pull-request. These
+ pull-requests mainly consist in updating the version part of the package
+ name and the source hash.
+
+
+
+ It can happen that non trivial updates include patches or more complex
+ changes.
+
+
+
+ Reviewing process:
+
+
+
+
+
+ Add labels to the pull-request. (Requires commit rights)
+
- 8.has: package (update) and any topic
- label that fit the updated package.
+
+
+ 8.has: package (update) and any topic label that fit
+ the updated package.
+
+
-
- Ensure that the package versioning is fitting the
- guidelines.
- Ensure that the commit text is fitting the
- guidelines.
- Ensure that the package maintainers are notified.
+
+
+
+ Ensure that the package versioning is fitting the guidelines.
+
+
+
+
+ Ensure that the commit text is fitting the guidelines.
+
+
+
+
+ Ensure that the package maintainers are notified.
+
- mention-bot usually notify GitHub users based on the
- submitted changes, but it can happen that it misses some of the
- package maintainers.
+
+
+ mention-bot usually notify GitHub users based on the submitted changes,
+ but it can happen that it misses some of the package maintainers.
+
+
-
- Ensure that the meta field contains correct
- information.
+
+
+
+ Ensure that the meta field contains correct information.
+
- License can change with version updates, so it should be
- checked to be fitting upstream license.
- If the package has no maintainer, a maintainer must be
- set. This can be the update submitter or a community member that
- accepts to take maintainership of the package.
+
+
+ License can change with version updates, so it should be checked to be
+ fitting upstream license.
+
+
+
+
+ If the package has no maintainer, a maintainer must be set. This can be
+ the update submitter or a community member that accepts to take
+ maintainership of the package.
+
+
-
- Ensure that the code contains no typos.
- Building the package locally.
+
+
+
+ Ensure that the code contains no typos.
+
+
+
+
+ Building the package locally.
+
- Pull-requests are often targeted to the master or staging
- branch so building the pull-request locally as it is submitted can
- trigger a large amount of source builds.
- It is possible to rebase the changes on nixos-unstable or
- nixpkgs-unstable for easier review by running the following commands
- from a nixpkgs clone.
+
+
+ Pull-requests are often targeted to the master or staging branch so
+ building the pull-request locally as it is submitted can trigger a large
+ amount of source builds.
+
+
+ It is possible to rebase the changes on nixos-unstable or
+ nixpkgs-unstable for easier review by running the following commands
+ from a nixpkgs clone.
$ git remote add channels https://github.com/NixOS/nixpkgs-channels.git
@@ -100,43 +153,56 @@ $ git fetch origin pull/PRNUMBER/head
$ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD
-
-
- This should be done only once to be able to fetch channel
- branches from the nixpkgs-channels repository.
-
-
- Fetching the nixos-unstable branch.
-
-
- Fetching the pull-request changes, PRNUMBER
- is the number at the end of the pull-request title and
- BASEBRANCH the base branch of the
- pull-request.
-
-
- Rebasing the pull-request changes to the nixos-unstable
- branch.
-
-
-
-
-
- The nox
- tool can be used to review a pull-request content in a single command.
- It doesn't rebase on a channel branch so it might trigger multiple
- source builds. PRNUMBER should be replaced by the
- number at the end of the pull-request title.
+
+
+
+ This should be done only once to be able to fetch channel branches
+ from the nixpkgs-channels repository.
+
+
+
+
+ Fetching the nixos-unstable branch.
+
+
+
+
+ Fetching the pull-request changes, PRNUMBER is the
+ number at the end of the pull-request title and
+ BASEBRANCH the base branch of the pull-request.
+
+
+
+
+ Rebasing the pull-request changes to the nixos-unstable branch.
+
+
+
+
+
+
+
+ The nox tool can
+ be used to review a pull-request content in a single command. It doesn't
+ rebase on a channel branch so it might trigger multiple source builds.
+ PRNUMBER should be replaced by the number at the end
+ of the pull-request title.
+
$ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
-
+
-
- Running every binary.
-
-
-Sample template for a package update review
+
+
+
+ Running every binary.
+
+
+
+
+
+ Sample template for a package update review
##### Reviewed points
@@ -150,55 +216,105 @@ $ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
##### Comments
-
-
-
-New packages
-
-New packages are a common type of pull-requests. These pull requests
- consists in adding a new nix-expression for a package.
-
-Reviewing process:
-
-
- Add labels to the pull-request. (Requires commit
- rights)
+
+
+
+
+ New packages
+
+
+ New packages are a common type of pull-requests. These pull requests
+ consists in adding a new nix-expression for a package.
+
+
+
+ Reviewing process:
+
+
+
+
+
+ Add labels to the pull-request. (Requires commit rights)
+
- 8.has: package (new) and any topic
- label that fit the new package.
+
+
+ 8.has: package (new) and any topic label that fit the
+ new package.
+
+
-
- Ensure that the package versioning is fitting the
- guidelines.
- Ensure that the commit name is fitting the
- guidelines.
- Ensure that the meta field contains correct
- information.
+
+
+
+ Ensure that the package versioning is fitting the guidelines.
+
+
+
+
+ Ensure that the commit name is fitting the guidelines.
+
+
+
+
+ Ensure that the meta field contains correct information.
+
- License must be checked to be fitting upstream
- license.
- Platforms should be set or the package will not get binary
- substitutes.
- A maintainer must be set, this can be the package
- submitter or a community member that accepts to take maintainership of
- the package.
+
+
+ License must be checked to be fitting upstream license.
+
+
+
+
+ Platforms should be set or the package will not get binary substitutes.
+
+
+
+
+ A maintainer must be set, this can be the package submitter or a
+ community member that accepts to take maintainership of the package.
+
+
-
- Ensure that the code contains no typos.
- Ensure the package source.
+
+
+
+ Ensure that the code contains no typos.
+
+
+
+
+ Ensure the package source.
+
- Mirrors urls should be used when
- available.
- The most appropriate function should be used (e.g.
- packages from GitHub should use
- fetchFromGitHub).
+
+
+ Mirrors urls should be used when available.
+
+
+
+
+ The most appropriate function should be used (e.g. packages from GitHub
+ should use fetchFromGitHub).
+
+
-
- Building the package locally.
- Running every binary.
-
-
-Sample template for a new package review
+
+
+
+ Building the package locally.
+
+
+
+
+ Running every binary.
+
+
+
+
+
+ Sample template for a new package review
##### Reviewed points
@@ -220,58 +336,107 @@ $ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
##### Comments
-
-
-
-Module updates
-
-Module updates are submissions changing modules in some ways. These often
- contains changes to the options or introduce new options.
-
-Reviewing process
-
-
- Add labels to the pull-request. (Requires commit
- rights)
+
+
+
+
+ Module updates
+
+
+ Module updates are submissions changing modules in some ways. These often
+ contains changes to the options or introduce new options.
+
+
+
+ Reviewing process
+
+
+
+
+
+ Add labels to the pull-request. (Requires commit rights)
+
- 8.has: module (update) and any topic
- label that fit the module.
+
+
+ 8.has: module (update) and any topic label that fit
+ the module.
+
+
-
- Ensure that the module maintainers are notified.
+
+
+
+ Ensure that the module maintainers are notified.
+
- Mention-bot notify GitHub users based on the submitted
- changes, but it can happen that it miss some of the package
- maintainers.
+
+
+ Mention-bot notify GitHub users based on the submitted changes, but it
+ can happen that it miss some of the package maintainers.
+
+
-
- Ensure that the module tests, if any, are
- succeeding.
- Ensure that the introduced options are correct.
+
+
+
+ Ensure that the module tests, if any, are succeeding.
+
+
+
+
+ Ensure that the introduced options are correct.
+
- Type should be appropriate (string related types differs
- in their merging capabilities, optionSet and
- string types are deprecated).
- Description, default and example should be
- provided.
+
+
+ Type should be appropriate (string related types differs in their
+ merging capabilities, optionSet and
+ string types are deprecated).
+
+
+
+
+ Description, default and example should be provided.
+
+
-
- Ensure that option changes are backward compatible.
+
+
+
+ Ensure that option changes are backward compatible.
+
- mkRenamedOptionModule and
- mkAliasOptionModule functions provide way to make
- option changes backward compatible.
+
+
+ mkRenamedOptionModule and
+ mkAliasOptionModule functions provide way to make
+ option changes backward compatible.
+
+
-
- Ensure that removed options are declared with
- mkRemovedOptionModule
- Ensure that changes that are not backward compatible are
- mentioned in release notes.
- Ensure that documentations affected by the change is
- updated.
-
-
-Sample template for a module update review
+
+
+
+ Ensure that removed options are declared with
+ mkRemovedOptionModule
+
+
+
+
+ Ensure that changes that are not backward compatible are mentioned in
+ release notes.
+
+
+
+
+ Ensure that documentations affected by the change is updated.
+
+
+
+
+
+ Sample template for a module update review
##### Reviewed points
@@ -288,51 +453,89 @@ $ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
##### Comments
-
-
-
-New modules
-
-New modules submissions introduce a new module to NixOS.
-
-
- Add labels to the pull-request. (Requires commit
- rights)
+
+
+
+
+ New modules
+
+
+ New modules submissions introduce a new module to NixOS.
+
+
+
+
+
+ Add labels to the pull-request. (Requires commit rights)
+
- 8.has: module (new) and any topic label
- that fit the module.
+
+
+ 8.has: module (new) and any topic label that fit the
+ module.
+
+
-
- Ensure that the module tests, if any, are
- succeeding.
- Ensure that the introduced options are correct.
+
+
+
+ Ensure that the module tests, if any, are succeeding.
+
+
+
+
+ Ensure that the introduced options are correct.
+
- Type should be appropriate (string related types differs
- in their merging capabilities, optionSet and
- string types are deprecated).
- Description, default and example should be
- provided.
+
+
+ Type should be appropriate (string related types differs in their
+ merging capabilities, optionSet and
+ string types are deprecated).
+
+
+
+
+ Description, default and example should be provided.
+
+
-
- Ensure that module meta field is
- present
+
+
+
+ Ensure that module meta field is present
+
- Maintainers should be declared in
- meta.maintainers.
- Module documentation should be declared with
- meta.doc.
+
+
+ Maintainers should be declared in meta.maintainers.
+
+
+
+
+ Module documentation should be declared with
+ meta.doc.
+
+
-
- Ensure that the module respect other modules
- functionality.
+
+
+
+ Ensure that the module respect other modules functionality.
+
- For example, enabling a module should not open firewall
- ports by default.
+
+
+ For example, enabling a module should not open firewall ports by
+ default.
+
+
-
-
+
+
-Sample template for a new module review
+
+ Sample template for a new module review
##### Reviewed points
@@ -350,32 +553,41 @@ $ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
##### Comments
-
-
-
-Other submissions
-
-Other type of submissions requires different reviewing steps.
-
-If you consider having enough knowledge and experience in a topic and
- would like to be a long-term reviewer for related submissions, please contact
- the current reviewers for that topic. They will give you information about the
- reviewing process.
-The main reviewers for a topic can be hard to find as there is no list, but
-checking past pull-requests to see who reviewed or git-blaming the code to see
-who committed to that topic can give some hints.
-
-Container system, boot system and library changes are some examples of the
- pull requests fitting this category.
-
-
-
-Merging pull-requests
-
-It is possible for community members that have enough knowledge and
- experience on a special topic to contribute by merging pull requests.
-
-TODO: add the procedure to request merging rights.
+
+
+
+
+ Other submissions
+
+
+ Other type of submissions requires different reviewing steps.
+
+
+
+ If you consider having enough knowledge and experience in a topic and would
+ like to be a long-term reviewer for related submissions, please contact the
+ current reviewers for that topic. They will give you information about the
+ reviewing process. The main reviewers for a topic can be hard to find as
+ there is no list, but checking past pull-requests to see who reviewed or
+ git-blaming the code to see who committed to that topic can give some hints.
+
+
+
+ Container system, boot system and library changes are some examples of the
+ pull requests fitting this category.
+
+
+
+ Merging pull-requests
+
+
+ It is possible for community members that have enough knowledge and
+ experience on a special topic to contribute by merging pull requests.
+
+
+
+ TODO: add the procedure to request merging rights.
+
-In a case a contributor leaves definitively the Nix community, he should
- create an issue or notify the mailing list with references of packages and
- modules he maintains so the maintainership can be taken over by other
- contributors.
-
-
+
+ In a case a contributor leaves definitively the Nix community, he should
+ create an issue or notify the mailing list with references of packages and
+ modules he maintains so the maintainership can be taken over by other
+ contributors.
+
+
diff --git a/doc/shell.nix b/doc/shell.nix
index 22590142ee1ad0801d128f1289ff2c6658d9335e..e8da2eaf16bea6c506c8bf9aa6b27017c9eff641 100644
--- a/doc/shell.nix
+++ b/doc/shell.nix
@@ -1,4 +1,5 @@
{ pkgs ? import ../. {} }:
(import ./default.nix).overrideAttrs (x: {
buildInputs = x.buildInputs ++ [ pkgs.xmloscopy ];
+
})
diff --git a/doc/stdenv.xml b/doc/stdenv.xml
index 2a3316b8d01835460bee7af40cc2e993999cf64f..d5028c51cd51bf1eb33faa727fd7c86ff936f896 100644
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -1,27 +1,24 @@
-
-The Standard Environment
-
-
-The standard build environment in the Nix Packages collection
-provides an environment for building Unix packages that does a lot of
-common build tasks automatically. In fact, for Unix packages that use
-the standard ./configure; make; make install build
-interface, you don’t need to write a build script at all; the standard
-environment does everything automatically. If
-stdenv doesn’t do what you need automatically, you
-can easily customise or override the various build phases.
-
-
-Using
-<literal>stdenv</literal>
-
-To build a package with the standard environment, you use the
-function stdenv.mkDerivation, instead of the
-primitive built-in function derivation, e.g.
-
+ The Standard Environment
+
+ The standard build environment in the Nix Packages collection provides an
+ environment for building Unix packages that does a lot of common build tasks
+ automatically. In fact, for Unix packages that use the standard
+ ./configure; make; make install build interface, you
+ don’t need to write a build script at all; the standard environment does
+ everything automatically. If stdenv doesn’t do what you
+ need automatically, you can easily customise or override the various build
+ phases.
+
+
+ Using <literal>stdenv</literal>
+
+
+ To build a package with the standard environment, you use the function
+ stdenv.mkDerivation, instead of the primitive built-in
+ function derivation, e.g.
stdenv.mkDerivation {
name = "libfoo-1.2.3";
@@ -30,39 +27,35 @@ stdenv.mkDerivation {
sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m";
};
}
-
-(stdenv needs to be in scope, so if you write this
-in a separate Nix expression from
-pkgs/all-packages.nix, you need to pass it as a
-function argument.) Specifying a name and a
-src is the absolute minimum you need to do. Many
-packages have dependencies that are not provided in the standard
-environment. It’s usually sufficient to specify those dependencies in
-the buildInputs attribute:
-
+ (stdenv needs to be in scope, so if you write this in a
+ separate Nix expression from pkgs/all-packages.nix, you
+ need to pass it as a function argument.) Specifying a
+ name and a src is the absolute minimum
+ you need to do. Many packages have dependencies that are not provided in the
+ standard environment. It’s usually sufficient to specify those
+ dependencies in the buildInputs attribute:
stdenv.mkDerivation {
name = "libfoo-1.2.3";
...
buildInputs = [libbar perl ncurses];
}
-
-This attribute ensures that the bin
-subdirectories of these packages appear in the PATH
-environment variable during the build, that their
-include subdirectories are searched by the C
-compiler, and so on. (See for
-details.)
-
-Often it is necessary to override or modify some aspect of the
-build. To make this easier, the standard environment breaks the
-package build into a number of phases, all of
-which can be overridden or modified individually: unpacking the
-sources, applying patches, configuring, building, and installing.
-(There are some others; see .)
-For instance, a package that doesn’t supply a makefile but instead has
-to be compiled “manually” could be handled like this:
-
+ This attribute ensures that the bin subdirectories of
+ these packages appear in the PATH environment variable during
+ the build, that their include subdirectories are
+ searched by the C compiler, and so on. (See
+ for details.)
+
+
+
+ Often it is necessary to override or modify some aspect of the build. To
+ make this easier, the standard environment breaks the package build into a
+ number of phases, all of which can be overridden or
+ modified individually: unpacking the sources, applying patches, configuring,
+ building, and installing. (There are some others; see
+ .) For instance, a package that doesn’t
+ supply a makefile but instead has to be compiled “manually” could be
+ handled like this:
stdenv.mkDerivation {
name = "fnord-4.5";
@@ -75,35 +68,33 @@ stdenv.mkDerivation {
cp foo $out/bin
'';
}
-
-(Note the use of ''-style string literals, which
-are very convenient for large multi-line script fragments because they
-don’t need escaping of " and \,
-and because indentation is intelligently removed.)
-
-There are many other attributes to customise the build. These
-are listed in .
-
-While the standard environment provides a generic builder, you
-can still supply your own build script:
-
+ (Note the use of ''-style string literals, which are very
+ convenient for large multi-line script fragments because they don’t need
+ escaping of " and \, and because
+ indentation is intelligently removed.)
+
+
+
+ There are many other attributes to customise the build. These are listed in
+ .
+
+
+
+ While the standard environment provides a generic builder, you can still
+ supply your own build script:
stdenv.mkDerivation {
name = "libfoo-1.2.3";
...
builder = ./builder.sh;
}
-
-where the builder can do anything it wants, but typically starts with
-
+ where the builder can do anything it wants, but typically starts with
source $stdenv/setup
-
-to let stdenv set up the environment (e.g., process
-the buildInputs). If you want, you can still use
-stdenv’s generic builder:
-
+ to let stdenv set up the environment (e.g., process the
+ buildInputs). If you want, you can still use
+ stdenv’s generic builder:
source $stdenv/setup
@@ -119,116 +110,186 @@ installPhase() {
genericBuild
-
-
-
-
-
-
-Tools provided by
-<literal>stdenv</literal>
-
-The standard environment provides the following packages:
-
-
-
- The GNU C Compiler, configured with C and C++
- support.
-
- GNU coreutils (contains a few dozen standard Unix
- commands).
-
- GNU findutils (contains
- find).
-
- GNU diffutils (contains diff,
- cmp).
-
- GNU sed.
-
- GNU grep.
-
- GNU awk.
-
- GNU tar.
-
- gzip, bzip2
- and xz.
-
- GNU Make. It has been patched to provide
- nested output that can be fed into the
- nix-log2xml command and
- log2html stylesheet to create a structured,
- readable output of the build steps performed by
- Make.
-
- Bash. This is the shell used for all builders in
- the Nix Packages collection. Not using /bin/sh
- removes a large source of portability problems.
-
- The patch
- command.
-
-
-
-
-
-On Linux, stdenv also includes the
-patchelf utility.
-
-
-
-
-Specifying dependencies
-
-
- As described in the Nix manual, almost any *.drv store path in a derivation's attribute set will induce a dependency on that derivation.
- mkDerivation, however, takes a few attributes intended to, between them, include all the dependencies of a package.
- This is done both for structure and consistency, but also so that certain other setup can take place.
- For example, certain dependencies need their bin directories added to the PATH.
- That is built-in, but other setup is done via a pluggable mechanism that works in conjunction with these dependency attributes.
- See for details.
-
-
- Dependencies can be broken down along three axes: their host and target platforms relative to the new derivation's, and whether they are propagated.
- The platform distinctions are motivated by cross compilation; see for exactly what each platform means.
-
- The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency:
- As a general programming principle, dependencies are always specified as interfaces, not concrete implementation.
-
- But even if one is not cross compiling, the platforms imply whether or not the dependency is needed at run-time or build-time, a concept that makes perfect sense outside of cross compilation.
- For now, the run-time/build-time distinction is just a hint for mental clarity, but in the future it perhaps could be enforced.
-
-
- The extension of PATH with dependencies, alluded to above, proceeds according to the relative platforms alone.
- The process is carried out only for dependencies whose host platform matches the new derivation's build platform–i.e. which run on the platform where the new derivation will be built.
-
- Currently, that means for native builds all dependencies are put on the PATH.
- But in the future that may not be the case for sake of matching cross:
- the platforms would be assumed to be unique for native and cross builds alike, so only the depsBuild* and nativeBuildDependencies dependencies would affect the PATH.
-
- For each dependency dep of those dependencies, dep/bin, if present, is added to the PATH environment variable.
-
-
- The dependency is propagated when it forces some of its other-transitive (non-immediate) downstream dependencies to also take it on as an immediate dependency.
- Nix itself already takes a package's transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency.
-
-
- It is important to note dependencies are not necessary propagated as the same sort of dependency that they were before, but rather as the corresponding sort so that the platform rules still line up.
- The exact rules for dependency propagation can be given by assigning each sort of dependency two integers based one how it's host and target platforms are offset from the depending derivation's platforms.
- Those offsets are given are given below in the descriptions of each dependency list attribute.
- Algorithmically, we traverse propagated inputs, accumulating every propagated dep's propagated deps and adjusting them to account for the "shift in perspective" described by the current dep's platform offsets.
- This results in sort a transitive closure of the dependency relation, with the offsets being approximately summed when two dependency links are combined.
- We also prune transitive deps whose combined offsets go out-of-bounds, which can be viewed as a filter over that transitive closure removing dependencies that are blatantly absurd.
-
-
- We can define the process precisely with Natural Deduction using the inference rules.
- This probably seems a bit obtuse, but so is the bash code that actually implements it!
-
- The findInputs function, currently residing in pkgs/stdenv/generic/setup.sh, implements the propagation logic.
-
- They're confusing in very different ways so...hopefully if something doesn't make sense in one presentation, it does in the other!
-
+
+
+
+ Tools provided by <literal>stdenv</literal>
+
+
+ The standard environment provides the following packages:
+
+
+
+ The GNU C Compiler, configured with C and C++ support.
+
+
+
+
+ GNU coreutils (contains a few dozen standard Unix commands).
+
+
+
+
+ GNU findutils (contains find).
+
+
+
+
+ GNU diffutils (contains diff, cmp).
+
+
+
+
+ GNU sed.
+
+
+
+
+ GNU grep.
+
+
+
+
+ GNU awk.
+
+
+
+
+ GNU tar.
+
+
+
+
+ gzip, bzip2 and
+ xz.
+
+
+
+
+ GNU Make. It has been patched to provide nested output
+ that can be fed into the nix-log2xml command and
+ log2html stylesheet to create a structured, readable
+ output of the build steps performed by Make.
+
+
+
+
+ Bash. This is the shell used for all builders in the Nix Packages
+ collection. Not using /bin/sh removes a large source
+ of portability problems.
+
+
+
+
+ The patch command.
+
+
+
+
+
+
+ On Linux, stdenv also includes the
+ patchelf utility.
+
+
+
+ Specifying dependencies
+
+
+ As described in the Nix manual, almost any *.drv store
+ path in a derivation's attribute set will induce a dependency on that
+ derivation. mkDerivation, however, takes a few attributes
+ intended to, between them, include all the dependencies of a package. This
+ is done both for structure and consistency, but also so that certain other
+ setup can take place. For example, certain dependencies need their bin
+ directories added to the PATH. That is built-in, but other
+ setup is done via a pluggable mechanism that works in conjunction with these
+ dependency attributes. See for details.
+
+
+
+ Dependencies can be broken down along three axes: their host and target
+ platforms relative to the new derivation's, and whether they are propagated.
+ The platform distinctions are motivated by cross compilation; see
+ for exactly what each platform means.
+
+
+ The build platform is ignored because it is a mere implementation detail
+ of the package satisfying the dependency: As a general programming
+ principle, dependencies are always specified as
+ interfaces, not concrete implementation.
+
+
+ But even if one is not cross compiling, the platforms imply whether or not
+ the dependency is needed at run-time or build-time, a concept that makes
+ perfect sense outside of cross compilation. For now, the run-time/build-time
+ distinction is just a hint for mental clarity, but in the future it perhaps
+ could be enforced.
+
+
+
+ The extension of PATH with dependencies, alluded to above,
+ proceeds according to the relative platforms alone. The process is carried
+ out only for dependencies whose host platform matches the new derivation's
+ build platform–i.e. which run on the platform where the new derivation
+ will be built.
+
+
+ Currently, that means for native builds all dependencies are put on the
+ PATH. But in the future that may not be the case for sake
+ of matching cross: the platforms would be assumed to be unique for native
+ and cross builds alike, so only the depsBuild* and
+ nativeBuildDependencies dependencies would affect the
+ PATH.
+
+
+ For each dependency dep of those dependencies,
+ dep/bin, if present, is
+ added to the PATH environment variable.
+
+
+
+ The dependency is propagated when it forces some of its other-transitive
+ (non-immediate) downstream dependencies to also take it on as an immediate
+ dependency. Nix itself already takes a package's transitive dependencies
+ into account, but this propagation ensures nixpkgs-specific infrastructure
+ like setup hooks (mentioned above) also are run as if the propagated
+ dependency.
+
+
+
+ It is important to note dependencies are not necessary propagated as the
+ same sort of dependency that they were before, but rather as the
+ corresponding sort so that the platform rules still line up. The exact rules
+ for dependency propagation can be given by assigning each sort of dependency
+ two integers based one how it's host and target platforms are offset from
+ the depending derivation's platforms. Those offsets are given are given
+ below in the descriptions of each dependency list attribute.
+ Algorithmically, we traverse propagated inputs, accumulating every
+ propagated dep's propagated deps and adjusting them to account for the
+ "shift in perspective" described by the current dep's platform offsets. This
+ results in sort a transitive closure of the dependency relation, with the
+ offsets being approximately summed when two dependency links are combined.
+ We also prune transitive deps whose combined offsets go out-of-bounds, which
+ can be viewed as a filter over that transitive closure removing dependencies
+ that are blatantly absurd.
+
+
+
+ We can define the process precisely with
+ Natural
+ Deduction using the inference rules. This probably seems a bit
+ obtuse, but so is the bash code that actually implements it!
+
+
+ The findInputs function, currently residing in
+ pkgs/stdenv/generic/setup.sh, implements the
+ propagation logic.
+
+
+ They're confusing in very different ways so...hopefully if something doesn't
+ make sense in one presentation, it does in the other!
+
let mapOffset(h, t, i) = i + (if i <= 0 then h else t - 1)
propagated-dep(h0, t0, A, B)
@@ -239,7 +300,7 @@ h0 + t1 in {-1, 0, 1}
propagated-dep(mapOffset(h0, t0, h1),
mapOffset(h0, t0, t1),
A, C)
-
+
let mapOffset(h, t, i) = i + (if i <= 0 then h else t - 1)
dep(h0, _, A, B)
@@ -250,1139 +311,1450 @@ h0 + t1 in {-1, 0, -1}
propagated-dep(mapOffset(h0, t0, h1),
mapOffset(h0, t0, t1),
A, C)
-
+
propagated-dep(h, t, A, B)
-------------------------------------- Propagated deps count as deps
dep(h, t, A, B)
- Some explanation of this monstrosity is in order.
- In the common case, the target offset of a dependency is the successor to the target offset: t = h + 1.
- That means that:
-
+ Some explanation of this monstrosity is in order. In the common case, the
+ target offset of a dependency is the successor to the target offset:
+ t = h + 1. That means that:
+
let f(h, t, i) = i + (if i <= 0 then h else t - 1)
let f(h, h + 1, i) = i + (if i <= 0 then h else (h + 1) - 1)
let f(h, h + 1, i) = i + (if i <= 0 then h else h)
let f(h, h + 1, i) = i + h
- This is where the "sum-like" comes from above:
- We can just sum all the host offset to get the host offset of the transitive dependency.
- The target offset is the transitive dep is simply the host offset + 1, just as it was with the dependencies composed to make this transitive one;
- it can be ignored as it doesn't add any new information.
-
-
- Because of the bounds checks, the uncommon cases are h = t and h + 2 = t.
- In the former case, the motivation for mapOffset is that since its host and target platforms are the same, no transitive dep of it should be able to "discover" an offset greater than its reduced target offsets.
- mapOffset effectively "squashes" all its transitive dependencies' offsets so that none will ever be greater than the target offset of the original h = t package.
- In the other case, h + 1 is skipped over between the host and target offsets.
- Instead of squashing the offsets, we need to "rip" them apart so no transitive dependencies' offset is that one.
-
-
-Overall, the unifying theme here is that propagation shouldn't be introducing transitive dependencies involving platforms the needing package is unaware of.
-The offset bounds checking and definition of mapOffset together ensure that this is the case.
-Discovering a new offset is discovering a new platform, and since those platforms weren't in the derivation "spec" of the needing package, they cannot be relevant.
-From a capability perspective, we can imagine that the host and target platforms of a package are the capabilities a package requires, and the depending package must provide the capability to the dependency.
-
-
-
- Variables specifying dependencies
-
+ This is where the "sum-like" comes from above: We can just sum all the host
+ offset to get the host offset of the transitive dependency. The target
+ offset is the transitive dep is simply the host offset + 1, just as it was
+ with the dependencies composed to make this transitive one; it can be
+ ignored as it doesn't add any new information.
+
+
+
+ Because of the bounds checks, the uncommon cases are h =
+ t and h + 2 = t. In the former case, the
+ motivation for mapOffset is that since its host and
+ target platforms are the same, no transitive dep of it should be able to
+ "discover" an offset greater than its reduced target offsets.
+ mapOffset effectively "squashes" all its transitive
+ dependencies' offsets so that none will ever be greater than the target
+ offset of the original h = t package. In the other case,
+ h + 1 is skipped over between the host and target
+ offsets. Instead of squashing the offsets, we need to "rip" them apart so no
+ transitive dependencies' offset is that one.
+
+
+
+ Overall, the unifying theme here is that propagation shouldn't be
+ introducing transitive dependencies involving platforms the needing package
+ is unaware of. The offset bounds checking and definition of
+ mapOffset together ensure that this is the case.
+ Discovering a new offset is discovering a new platform, and since those
+ platforms weren't in the derivation "spec" of the needing package, they
+ cannot be relevant. From a capability perspective, we can imagine that the
+ host and target platforms of a package are the capabilities a package
+ requires, and the depending package must provide the capability to the
+ dependency.
+
+
+
+ Variables specifying dependencies
- depsBuildBuild
-
-
- A list of dependencies whose host and target platforms are the new derivation's build platform.
- This means a -1 host and -1 target offset from the new derivation's platforms.
- They are programs/libraries used at build time that furthermore produce programs/libraries also used at build time.
- If the dependency doesn't care about the target platform (i.e. isn't a compiler or similar tool), put it in nativeBuildInputsinstead.
- The most common use for this buildPackages.stdenv.cc, the default C compiler for this role.
- That example crops up more than one might think in old commonly used C libraries.
-
-
- Since these packages are able to be run at build time, that are always added to the PATH, as described above.
- But since these packages are only guaranteed to be able to run then, they shouldn't persist as run-time dependencies.
- This isn't currently enforced, but could be in the future.
-
-
-
-
-
- nativeBuildInputs
+ depsBuildBuild
+
-
- A list of dependencies whose host platform is the new derivation's build platform, and target platform is the new derivation's host platform.
- This means a -1 host offset and 0 target offset from the new derivation's platforms.
- They are programs/libraries used at build time that, if they are a compiler or similar tool, produce code to run at run time—i.e. tools used to build the new derivation.
- If the dependency doesn't care about the target platform (i.e. isn't a compiler or similar tool), put it here, rather than in depsBuildBuild or depsBuildTarget.
- This would be called depsBuildHost but for historical continuity.
-
-
- Since these packages are able to be run at build time, that are added to the PATH, as described above.
- But since these packages only are guaranteed to be able to run then, they shouldn't persist as run-time dependencies.
- This isn't currently enforced, but could be in the future.
-
+
+ A list of dependencies whose host and target platforms are the new
+ derivation's build platform. This means a -1 host and
+ -1 target offset from the new derivation's platforms.
+ They are programs/libraries used at build time that furthermore produce
+ programs/libraries also used at build time. If the dependency doesn't
+ care about the target platform (i.e. isn't a compiler or similar tool),
+ put it in nativeBuildInputsinstead. The most common
+ use for this buildPackages.stdenv.cc, the default C
+ compiler for this role. That example crops up more than one might think
+ in old commonly used C libraries.
+
+
+ Since these packages are able to be run at build time, that are always
+ added to the PATH, as described above. But since these
+ packages are only guaranteed to be able to run then, they shouldn't
+ persist as run-time dependencies. This isn't currently enforced, but
+ could be in the future.
+
-
-
-
- depsBuildTarget
+
+
+ nativeBuildInputs
+
-
- A list of dependencies whose host platform is the new derivation's build platform, and target platform is the new derivation's target platform.
- This means a -1 host offset and 1 target offset from the new derivation's platforms.
- They are programs used at build time that produce code to run at run with code produced by the depending package.
- Most commonly, these would tools used to build the runtime or standard library the currently-being-built compiler will inject into any code it compiles.
- In many cases, the currently-being built compiler is itself employed for that task, but when that compiler won't run (i.e. its build and host platform differ) this is not possible.
- Other times, the compiler relies on some other tool, like binutils, that is always built separately so the dependency is unconditional.
-
-
- This is a somewhat confusing dependency to wrap ones head around, and for good reason.
- As the only one where the platform offsets are not adjacent integers, it requires thinking of a bootstrapping stage two away from the current one.
- It and it's use-case go hand in hand and are both considered poor form:
- try not to need this sort dependency, and try not avoid building standard libraries / runtimes in the same derivation as the compiler produces code using them.
- Instead strive to build those like a normal library, using the newly-built compiler just as a normal library would.
- In short, do not use this attribute unless you are packaging a compiler and are sure it is needed.
+
+ A list of dependencies whose host platform is the new derivation's build
+ platform, and target platform is the new derivation's host platform. This
+ means a -1 host offset and 0 target
+ offset from the new derivation's platforms. They are programs/libraries
+ used at build time that, if they are a compiler or similar tool, produce
+ code to run at run time—i.e. tools used to build the new derivation. If
+ the dependency doesn't care about the target platform (i.e. isn't a
+ compiler or similar tool), put it here, rather than in
+ depsBuildBuild or depsBuildTarget.
+ This would be called depsBuildHost but for historical
+ continuity.
- Since these packages are able to be run at build time, that are added to the PATH, as described above.
- But since these packages only are guaranteed to be able to run then, they shouldn't persist as run-time dependencies.
- This isn't currently enforced, but could be in the future.
+ Since these packages are able to be run at build time, that are added to
+ the PATH, as described above. But since these packages
+ only are guaranteed to be able to run then, they shouldn't persist as
+ run-time dependencies. This isn't currently enforced, but could be in the
+ future.
-
-
-
- depsHostHost
-
- A list of dependencies whose host and target platforms match the new derivation's host platform.
- This means a both 0 host offset and 0 target offset from the new derivation's host platform.
- These are packages used at run-time to generate code also used at run-time.
- In practice, that would usually be tools used by compilers for metaprogramming/macro systems, or libraries used by the macros/metaprogramming code itself.
- It's always preferable to use a depsBuildBuild dependency in the derivation being built than a depsHostHost on the tool doing the building for this purpose.
-
-
-
-
- buildInputs
+
+
+ depsBuildTarget
+
-
- A list of dependencies whose host platform and target platform match the new derivation's.
- This means a 0 host offset and 1 target offset from the new derivation's host platform.
- This would be called depsHostTarget but for historical continuity.
- If the dependency doesn't care about the target platform (i.e. isn't a compiler or similar tool), put it here, rather than in depsBuildBuild.
-
-
- These often are programs/libraries used by the new derivation at run-time, but that isn't always the case.
- For example, the machine code in a statically linked library is only used at run time, but the derivation containing the library is only needed at build time.
- Even in the dynamic case, the library may also be needed at build time to appease the linker.
-
+
+ A list of dependencies whose host platform is the new derivation's build
+ platform, and target platform is the new derivation's target platform.
+ This means a -1 host offset and 1
+ target offset from the new derivation's platforms. They are programs used
+ at build time that produce code to run at run with code produced by the
+ depending package. Most commonly, these would tools used to build the
+ runtime or standard library the currently-being-built compiler will
+ inject into any code it compiles. In many cases, the currently-being
+ built compiler is itself employed for that task, but when that compiler
+ won't run (i.e. its build and host platform differ) this is not possible.
+ Other times, the compiler relies on some other tool, like binutils, that
+ is always built separately so the dependency is unconditional.
+
+
+ This is a somewhat confusing dependency to wrap ones head around, and for
+ good reason. As the only one where the platform offsets are not adjacent
+ integers, it requires thinking of a bootstrapping stage
+ two away from the current one. It and it's use-case
+ go hand in hand and are both considered poor form: try not to need this
+ sort dependency, and try not avoid building standard libraries / runtimes
+ in the same derivation as the compiler produces code using them. Instead
+ strive to build those like a normal library, using the newly-built
+ compiler just as a normal library would. In short, do not use this
+ attribute unless you are packaging a compiler and are sure it is needed.
+
+
+ Since these packages are able to be run at build time, that are added to
+ the PATH, as described above. But since these packages
+ only are guaranteed to be able to run then, they shouldn't persist as
+ run-time dependencies. This isn't currently enforced, but could be in the
+ future.
+
-
-
-
- depsTargetTarget
-
- A list of dependencies whose host platform matches the new derivation's target platform.
- This means a 1 offset from the new derivation's platforms.
- These are packages that run on the target platform, e.g. the standard library or run-time deps of standard library that a compiler insists on knowing about.
- It's poor form in almost all cases for a package to depend on another from a future stage [future stage corresponding to positive offset].
- Do not use this attribute unless you are packaging a compiler and are sure it is needed.
-
-
-
-
- depsBuildBuildPropagated
-
- The propagated equivalent of depsBuildBuild.
- This perhaps never ought to be used, but it is included for consistency [see below for the others].
-
-
-
-
- propagatedNativeBuildInputs
-
- The propagated equivalent of nativeBuildInputs.
- This would be called depsBuildHostPropagated but for historical continuity.
- For example, if package Y has propagatedNativeBuildInputs = [X], and package Z has buildInputs = [Y], then package Z will be built as if it included package X in its nativeBuildInputs.
- If instead, package Z has nativeBuildInputs = [Y], then Z will be built as if it included X in the depsBuildBuild of package Z, because of the sum of the two -1 host offsets.
-
-
-
-
- depsBuildTargetPropagated
-
- The propagated equivalent of depsBuildTarget.
- This is prefixed for the same reason of alerting potential users.
-
-
-
-
- depsHostHostPropagated
-
- The propagated equivalent of depsHostHost.
-
-
-
-
- propagatedBuildInputs
-
- The propagated equivalent of buildInputs.
- This would be called depsHostTargetPropagated but for historical continuity.
-
-
-
-
- depsTargetTarget
-
- The propagated equivalent of depsTargetTarget.
- This is prefixed for the same reason of alerting potential users.
-
-
-
-
-
-
-
-
-Attributes
-
-
- Variables affecting <literal>stdenv</literal>
- initialisation
-
-
- NIX_DEBUG
-
- A natural number indicating how much information to log.
- If set to 1 or higher, stdenv will print moderate debug information during the build.
- In particular, the gcc and ld wrapper scripts will print out the complete command line passed to the wrapped tools.
- If set to 6 or higher, the stdenv setup script will be run with set -x tracing.
- If set to 7 or higher, the gcc and ld wrapper scripts will also be run with set -x tracing.
-
-
-
-
-
-
- Variables affecting build properties
-
-
- enableParallelBuilding
+
+
+ depsHostHost
+
- If set to true, stdenv will
- pass specific flags to make and other build tools to
- enable parallel building with up to build-cores
- workers.
-
- Unless set to false, some build systems with good
- support for parallel building including cmake,
- meson, and qmake will set it to
- true.
+
+ A list of dependencies whose host and target platforms match the new
+ derivation's host platform. This means a both 0 host
+ offset and 0 target offset from the new derivation's
+ host platform. These are packages used at run-time to generate code also
+ used at run-time. In practice, that would usually be tools used by
+ compilers for metaprogramming/macro systems, or libraries used by the
+ macros/metaprogramming code itself. It's always preferable to use a
+ depsBuildBuild dependency in the derivation being
+ built than a depsHostHost on the tool doing the
+ building for this purpose.
+
-
-
-
- preferLocalBuild
- If set, specifies that the package is so lightweight
- in terms of build operations (e.g. write a text file from a Nix string
- to the store) that there's no need to look for it in binary caches --
- it's faster to just build it locally. It also tells Hydra and other
- facilities that this package doesn't need to be exported in binary
- caches (noone would use it, after all).
-
-
-
-
-
- Special variables
-
-
- passthru
- This is an attribute set which can be filled with arbitrary
- values. For example:
-
-
-passthru = {
- foo = "bar";
- baz = {
- value1 = 4;
- value2 = 5;
- };
-}
-
-
-
-
- Values inside it are not passed to the builder, so you can change
- them without triggering a rebuild. However, they can be accessed outside of a
- derivation directly, as if they were set inside a derivation itself, e.g.
- hello.baz.value1. We don't specify any usage or
- schema of passthru - it is meant for values that would be
- useful outside the derivation in other parts of a Nix expression (e.g. in other
- derivations). An example would be to convey some specific dependency of your
- derivation which contains a program with plugins support. Later, others who
- make derivations with plugins can use passed-through dependency to ensure that
- their plugin would be binary-compatible with built program.
-
-
-
-
-
-
-
-Phases
-
-The generic builder has a number of phases.
-Package builds are split into phases to make it easier to override
-specific parts of the build (e.g., unpacking the sources or installing
-the binaries). Furthermore, it allows a nicer presentation of build
-logs in the Nix build farm.
-
-Each phase can be overridden in its entirety either by setting
-the environment variable
-namePhase to a string
-containing some shell commands to be executed, or by redefining the
-shell function
-namePhase. The former
-is convenient to override a phase from the derivation, while the
-latter is convenient from a build script.
-
-However, typically one only wants to add some
-commands to a phase, e.g. by defining postInstall
-or preFixup, as skipping some of the default actions
-may have unexpected consequences.
-
-
-
-Controlling
-phases
-
-There are a number of variables that control what phases are
-executed and in what order:
-
-
- Variables affecting phase control
-
-
- phases
+
+
+ buildInputs
+
- Specifies the phases. You can change the order in which
- phases are executed, or add new phases, by setting this
- variable. If it’s not set, the default value is used, which is
- $prePhases unpackPhase patchPhase $preConfigurePhases
- configurePhase $preBuildPhases buildPhase checkPhase
- $preInstallPhases installPhase fixupPhase $preDistPhases
- distPhase $postPhases.
-
-
- Usually, if you just want to add a few phases, it’s more
- convenient to set one of the variables below (such as
- preInstallPhases), as you then don’t specify
- all the normal phases.
+
+ A list of dependencies whose host platform and target platform match the
+ new derivation's. This means a 0 host offset and
+ 1 target offset from the new derivation's host
+ platform. This would be called depsHostTarget but for
+ historical continuity. If the dependency doesn't care about the target
+ platform (i.e. isn't a compiler or similar tool), put it here, rather
+ than in depsBuildBuild.
+
+
+ These often are programs/libraries used by the new derivation at
+ run-time, but that isn't always the case. For
+ example, the machine code in a statically linked library is only used at
+ run time, but the derivation containing the library is only needed at
+ build time. Even in the dynamic case, the library may also be needed at
+ build time to appease the linker.
+
-
-
-
- prePhases
+
+
+ depsTargetTarget
+
- Additional phases executed before any of the default phases.
+
+ A list of dependencies whose host platform matches the new derivation's
+ target platform. This means a 1 offset from the new
+ derivation's platforms. These are packages that run on the target
+ platform, e.g. the standard library or run-time deps of standard library
+ that a compiler insists on knowing about. It's poor form in almost all
+ cases for a package to depend on another from a future stage [future
+ stage corresponding to positive offset]. Do not use this attribute unless
+ you are packaging a compiler and are sure it is needed.
+
-
-
-
- preConfigurePhases
+
+
+ depsBuildBuildPropagated
+
- Additional phases executed just before the configure phase.
+
+ The propagated equivalent of depsBuildBuild. This
+ perhaps never ought to be used, but it is included for consistency [see
+ below for the others].
+
-
-
-
- preBuildPhases
+
+
+ propagatedNativeBuildInputs
+
- Additional phases executed just before the build phase.
+
+ The propagated equivalent of nativeBuildInputs. This
+ would be called depsBuildHostPropagated but for
+ historical continuity. For example, if package Y has
+ propagatedNativeBuildInputs = [X], and package
+ Z has buildInputs = [Y], then
+ package Z will be built as if it included package
+ X in its nativeBuildInputs. If
+ instead, package Z has nativeBuildInputs =
+ [Y], then Z will be built as if it included
+ X in the depsBuildBuild of package
+ Z, because of the sum of the two -1
+ host offsets.
+
-
-
-
- preInstallPhases
+
+
+ depsBuildTargetPropagated
+
- Additional phases executed just before the install phase.
+
+ The propagated equivalent of depsBuildTarget. This is
+ prefixed for the same reason of alerting potential users.
+
-
-
-
- preFixupPhases
+
+
+ depsHostHostPropagated
+
- Additional phases executed just before the fixup phase.
+
+ The propagated equivalent of depsHostHost.
+
-
-
-
- preDistPhases
+
+
+ propagatedBuildInputs
+
- Additional phases executed just before the distribution phase.
+
+ The propagated equivalent of buildInputs. This would
+ be called depsHostTargetPropagated but for historical
+ continuity.
+
-
-
-
- postPhases
+
+
+ depsTargetTarget
+
- Additional phases executed after any of the default
- phases.
+
+ The propagated equivalent of depsTargetTarget. This is
+ prefixed for the same reason of alerting potential users.
+
-
-
-
-
-
-
-
-
-
-The unpack phase
-
-The unpack phase is responsible for unpacking the source code of
-the package. The default implementation of
-unpackPhase unpacks the source files listed in
-the src environment variable to the current directory.
-It supports the following files by default:
-
-
-
-
- Tar files
- These can optionally be compressed using
- gzip (.tar.gz,
- .tgz or .tar.Z),
- bzip2 (.tar.bz2 or
- .tbz2) or xz
- (.tar.xz or
- .tar.lzma).
-
-
-
- Zip files
- Zip files are unpacked using
- unzip. However, unzip is
- not in the standard environment, so you should add it to
- buildInputs yourself.
-
-
-
- Directories in the Nix store
- These are simply copied to the current directory.
- The hash part of the file name is stripped,
- e.g. /nix/store/1wydxgby13cz...-my-sources
- would be copied to
- my-sources.
-
-
-
-
-Additional file types can be supported by setting the
-unpackCmd variable (see below).
-
-
-
-
- Variables controlling the unpack phase
-
-
- srcs / src
- The list of source files or directories to be
- unpacked or copied. One of these must be set.
-
-
-
- sourceRoot
- After running unpackPhase,
- the generic builder changes the current directory to the directory
- created by unpacking the sources. If there are multiple source
- directories, you should set sourceRoot to the
- name of the intended directory.
-
-
-
- setSourceRoot
- Alternatively to setting
- sourceRoot, you can set
- setSourceRoot to a shell command to be
- evaluated by the unpack phase after the sources have been
- unpacked. This command must set
- sourceRoot.
-
-
-
- preUnpack
- Hook executed at the start of the unpack
- phase.
-
-
-
- postUnpack
- Hook executed at the end of the unpack
- phase.
-
-
-
- dontMakeSourcesWritable
- If set to 1, the unpacked
- sources are not made
- writable. By default, they are made writable to prevent problems
- with read-only sources. For example, copied store directories
- would be read-only without this.
-
-
-
- unpackCmd
- The unpack phase evaluates the string
- $unpackCmd for any unrecognised file. The path
- to the current source file is contained in the
- curSrc variable.
-
-
-
-
-
-
-
-The patch phase
-
-The patch phase applies the list of patches defined in the
-patches variable.
-
-
- Variables controlling the patch phase
-
-
- patches
- The list of patches. They must be in the format
- accepted by the patch command, and may
- optionally be compressed using gzip
- (.gz), bzip2
- (.bz2) or xz
- (.xz).
-
-
-
- patchFlags
- Flags to be passed to patch.
- If not set, the argument is used, which
- causes the leading directory component to be stripped from the
- file names in each patch.
-
-
-
- prePatch
- Hook executed at the start of the patch
- phase.
-
-
-
- postPatch
- Hook executed at the end of the patch
- phase.
-
-
-
-
-
-
-
-The configure phase
-
-The configure phase prepares the source tree for building. The
-default configurePhase runs
-./configure (typically an Autoconf-generated
-script) if it exists.
-
-
- Variables controlling the configure phase
-
-
- configureScript
- The name of the configure script. It defaults to
- ./configure if it exists; otherwise, the
- configure phase is skipped. This can actually be a command (like
- perl ./Configure.pl).
-
-
-
- configureFlags
- A list of strings passed as additional arguments to the
- configure script.
-
-
-
- configureFlagsArray
- A shell array containing additional arguments
- passed to the configure script. You must use this instead of
- configureFlags if the arguments contain
- spaces.
-
-
-
- dontAddPrefix
- By default, the flag
- --prefix=$prefix is added to the configure
- flags. If this is undesirable, set this variable to
- true.
-
-
-
- prefix
- The prefix under which the package must be
- installed, passed via the option to the
- configure script. It defaults to
- .
-
-
-
- dontAddDisableDepTrack
- By default, the flag
- --disable-dependency-tracking is added to the
- configure flags to speed up Automake-based builds. If this is
- undesirable, set this variable to true.
-
-
-
- dontFixLibtool
- By default, the configure phase applies some
- special hackery to all files called ltmain.sh
- before running the configure script in order to improve the purity
- of Libtool-based packagesIt clears the
- sys_lib_*search_path
- variables in the Libtool script to prevent Libtool from using
- libraries in /usr/lib and
- such.. If this is undesirable, set this
- variable to true.
-
-
-
- dontDisableStatic
- By default, when the configure script has
- , the option
- is added to the configure flags.
- If this is undesirable, set this variable to
- true.
-
-
-
- configurePlatforms
-
- By default, when cross compiling, the configure script has and passed.
- Packages can instead pass [ "build" "host" "target" ] or a subset to control exactly which platform flags are passed.
- Compilers and other tools should use this to also pass the target platform, for example.
- Eventually these will be passed when in native builds too, to improve determinism: build-time guessing, as is done today, is a risk of impurity.
-
-
-
-
- preConfigure
- Hook executed at the start of the configure
- phase.
-
-
-
- postConfigure
- Hook executed at the end of the configure
- phase.
-
-
-
-
-
-
-
-
-The build phase
-
-The build phase is responsible for actually building the package
-(e.g. compiling it). The default buildPhase
-simply calls make if a file named
-Makefile, makefile or
-GNUmakefile exists in the current directory (or
-the makefile is explicitly set); otherwise it does
-nothing.
-
-
- Variables controlling the build phase
-
-
- dontBuild
- Set to true to skip the build phase.
-
-
-
- makefile
- The file name of the Makefile.
-
-
-
- makeFlags
- A list of strings passed as additional flags to
- make. These flags are also used by the default
- install and check phase. For setting make flags specific to the
- build phase, use buildFlags (see below).
-
-
-makeFlags = [ "PREFIX=$(out)" ];
-
-
- The flags are quoted in bash, but environment variables can
- be specified by using the make syntax.
-
-
-
- makeFlagsArray
- A shell array containing additional arguments
- passed to make. You must use this instead of
- makeFlags if the arguments contain
- spaces, e.g.
-
-
-makeFlagsArray=(CFLAGS="-O0 -g" LDFLAGS="-lfoo -lbar")
-
-
- Note that shell arrays cannot be passed through environment
- variables, so you cannot set makeFlagsArray in
- a derivation attribute (because those are passed through
- environment variables): you have to define them in shell
- code.
-
-
-
- buildFlags / buildFlagsArray
- A list of strings passed as additional flags to
- make. Like makeFlags and
- makeFlagsArray, but only used by the build
- phase.
-
-
-
- preBuild
- Hook executed at the start of the build
- phase.
-
-
-
- postBuild
- Hook executed at the end of the build
- phase.
-
-
-
-
-
-
-You can set flags for make through the
-makeFlags variable.
-
-Before and after running make, the hooks
-preBuild and postBuild are
-called, respectively.
-
-
-
-
-The check phase
-
-The check phase checks whether the package was built correctly
-by running its test suite. The default
-checkPhase calls make check,
-but only if the doCheck variable is enabled.
-
-
- Variables controlling the check phase
-
-
- doCheck
-
- Controls whether the check phase is executed.
- By default it is skipped, but if doCheck is set to true, the check phase is usually executed.
- Thus you should set doCheck = true; in the derivation to enable checks.
- The exception is cross compilation.
- Cross compiled builds never run tests, no matter how doCheck is set,
- as the newly-built program won't run on the platform used to build it.
-
-
-
-
- makeFlags /
- makeFlagsArray /
- makefile
- See the build phase for details.
-
-
-
- checkTarget
- The make target that runs the tests. Defaults to
- check.
-
-
-
- checkFlags / checkFlagsArray
- A list of strings passed as additional flags to
- make. Like makeFlags and
- makeFlagsArray, but only used by the check
- phase.
-
-
-
- preCheck
- Hook executed at the start of the check
- phase.
-
-
-
- postCheck
- Hook executed at the end of the check
- phase.
-
-
-
-
-
-
-
-
-The install phase
-
-The install phase is responsible for installing the package in
-the Nix store under out. The default
-installPhase creates the directory
-$out and calls make
-install.
-
-
- Variables controlling the install phase
-
-
- makeFlags /
- makeFlagsArray /
- makefile
- See the build phase for details.
-
-
-
- installTargets
- The make targets that perform the installation.
- Defaults to install. Example:
-
-
-installTargets = "install-bin install-doc";
+
+
+
+
+ Attributes
+
+
+ Variables affecting <literal>stdenv</literal> initialisation
+
+ NIX_DEBUG
+
+
+
+ A natural number indicating how much information to log. If set to 1 or
+ higher, stdenv will print moderate debug information
+ during the build. In particular, the gcc and
+ ld wrapper scripts will print out the complete command
+ line passed to the wrapped tools. If set to 6 or higher, the
+ stdenv setup script will be run with set
+ -x tracing. If set to 7 or higher, the gcc
+ and ld wrapper scripts will also be run with
+ set -x tracing.
+
+
+
+
-
-
-
-
- installFlags / installFlagsArray
- A list of strings passed as additional flags to
- make. Like makeFlags and
- makeFlagsArray, but only used by the install
- phase.
-
-
-
- preInstall
- Hook executed at the start of the install
- phase.
-
-
-
- postInstall
- Hook executed at the end of the install
- phase.
-
-
-
-
-
-
-
-
-The fixup phase
-
-The fixup phase performs some (Nix-specific) post-processing
-actions on the files installed under $out by the
-install phase. The default fixupPhase does the
-following:
-
-
-
- It moves the man/,
- doc/ and info/
- subdirectories of $out to
- share/.
-
- It strips libraries and executables of debug
- information.
-
- On Linux, it applies the patchelf
- command to ELF executables and libraries to remove unused
- directories from the RPATH in order to prevent
- unnecessary runtime dependencies.
-
- It rewrites the interpreter paths of shell scripts
- to paths found in PATH. E.g.,
- /usr/bin/perl will be rewritten to
- /nix/store/some-perl/bin/perl
- found in PATH.
-
-
-
-
-
-
- Variables controlling the fixup phase
-
-
- dontStrip
- If set, libraries and executables are not
- stripped. By default, they are.
-
-
- dontStripHost
-
- Like dontStripHost, but only affects the strip command targetting the package's host platform.
- Useful when supporting cross compilation, but otherwise feel free to ignore.
-
-
-
- dontStripTarget
-
- Like dontStripHost, but only affects the strip command targetting the packages' target platform.
- Useful when supporting cross compilation, but otherwise feel free to ignore.
-
-
-
-
- dontMoveSbin
- If set, files in $out/sbin are not moved
- to $out/bin. By default, they are.
-
-
-
- stripAllList
- List of directories to search for libraries and
- executables from which all symbols should be
- stripped. By default, it’s empty. Stripping all symbols is
- risky, since it may remove not just debug symbols but also ELF
- information necessary for normal execution.
-
-
-
- stripAllFlags
- Flags passed to the strip
- command applied to the files in the directories listed in
- stripAllList. Defaults to
- (i.e. ).
-
-
-
- stripDebugList
- List of directories to search for libraries and
- executables from which only debugging-related symbols should be
- stripped. It defaults to lib bin
- sbin.
-
-
-
- stripDebugFlags
- Flags passed to the strip
- command applied to the files in the directories listed in
- stripDebugList. Defaults to
-
- (i.e. ).
-
-
-
- dontPatchELF
- If set, the patchelf command is
- not used to remove unnecessary RPATH entries.
- Only applies to Linux.
-
-
-
- dontPatchShebangs
- If set, scripts starting with
- #! do not have their interpreter paths
- rewritten to paths in the Nix store.
-
-
-
- forceShare
- The list of directories that must be moved from
- $out to $out/share.
- Defaults to man doc info.
-
-
-
- setupHook
- A package can export a setup hook by setting this
- variable. The setup hook, if defined, is copied to
- $out/nix-support/setup-hook. Environment
- variables are then substituted in it using substituteAll.
-
-
-
- preFixup
- Hook executed at the start of the fixup
- phase.
-
-
-
- postFixup
- Hook executed at the end of the fixup
- phase.
-
-
-
- separateDebugInfo
- If set to true, the standard
- environment will enable debug information in C/C++ builds. After
- installation, the debug information will be separated from the
- executables and stored in the output named
- debug. (This output is enabled automatically;
- you don’t need to set the outputs attribute
- explicitly.) To be precise, the debug information is stored in
- debug/lib/debug/.build-id/XX/YYYY…,
- where XXYYYY… is the build
- ID of the binary — a SHA-1 hash of the contents of
- the binary. Debuggers like GDB use the build ID to look up the
- separated debug information.
-
- For example, with GDB, you can add
+
+ Variables affecting build properties
+
+ enableParallelBuilding
+
+
+
+ If set to true, stdenv will pass
+ specific flags to make and other build tools to enable
+ parallel building with up to build-cores workers.
+
+
+ Unless set to false, some build systems with good
+ support for parallel building including cmake,
+ meson, and qmake will set it to
+ true.
+
+
+
+
+ preferLocalBuild
+
+
+
+ If set, specifies that the package is so lightweight in terms of build
+ operations (e.g. write a text file from a Nix string to the store) that
+ there's no need to look for it in binary caches -- it's faster to just
+ build it locally. It also tells Hydra and other facilities that this
+ package doesn't need to be exported in binary caches (noone would use it,
+ after all).
+
+
+
+
+
+ Special variables
+
+ passthru
+
+
+
+ This is an attribute set which can be filled with arbitrary values. For
+ example:
-set debug-file-directory ~/.nix-profile/lib/debug
+passthru = {
+ foo = "bar";
+ baz = {
+ value1 = 4;
+ value2 = 5;
+ };
+}
-
- to ~/.gdbinit. GDB will then be able to find
- debug information installed via nix-env
- -i.
-
+
+
+ Values inside it are not passed to the builder, so you can change them
+ without triggering a rebuild. However, they can be accessed outside of a
+ derivation directly, as if they were set inside a derivation itself, e.g.
+ hello.baz.value1. We don't specify any usage or schema
+ of passthru - it is meant for values that would be
+ useful outside the derivation in other parts of a Nix expression (e.g. in
+ other derivations). An example would be to convey some specific
+ dependency of your derivation which contains a program with plugins
+ support. Later, others who make derivations with plugins can use
+ passed-through dependency to ensure that their plugin would be
+ binary-compatible with built program.
+
-
-
-
-
-
-
-The installCheck phase
-
-The installCheck phase checks whether the package was installed
-correctly by running its test suite against the installed directories.
-The default installCheck calls make
-installcheck.
-
-
- Variables controlling the installCheck phase
-
-
- doInstallCheck
-
- Controls whether the installCheck phase is executed.
- By default it is skipped, but if doInstallCheck is set to true, the installCheck phase is usually executed.
- Thus you should set doInstallCheck = true; in the derivation to enable install checks.
- The exception is cross compilation.
- Cross compiled builds never run tests, no matter how doInstallCheck is set,
- as the newly-built program won't run on the platform used to build it.
-
-
-
-
- preInstallCheck
- Hook executed at the start of the installCheck
- phase.
-
-
-
- postInstallCheck
- Hook executed at the end of the installCheck
- phase.
-
-
-
-
-
-
-The distribution
-phase
-
-The distribution phase is intended to produce a source
-distribution of the package. The default
-distPhase first calls make
-dist, then it copies the resulting source tarballs to
-$out/tarballs/. This phase is only executed if
-the attribute doDist is set.
-
-
- Variables controlling the distribution phase
-
-
- distTarget
- The make target that produces the distribution.
- Defaults to dist.
-
-
-
- distFlags / distFlagsArray
- Additional flags passed to
- make.
-
-
-
- tarballs
- The names of the source distribution files to be
- copied to $out/tarballs/. It can contain
- shell wildcards. The default is
- *.tar.gz.
-
-
-
- dontCopyDist
- If set, no files are copied to
- $out/tarballs/.
-
-
-
- preDist
- Hook executed at the start of the distribution
- phase.
-
-
-
- postDist
- Hook executed at the end of the distribution
- phase.
-
-
-
-
-
-
-
-
-
-
-
-Shell functions
-
-The standard environment provides a number of useful
-functions.
-
-
-
-
-
- makeWrapper
- executable
- wrapperfile
- args
- Constructs a wrapper for a program with various
- possible arguments. For example:
-
+
+
+
+
+ Phases
+
+
+ The generic builder has a number of phases. Package
+ builds are split into phases to make it easier to override specific parts of
+ the build (e.g., unpacking the sources or installing the binaries).
+ Furthermore, it allows a nicer presentation of build logs in the Nix build
+ farm.
+
+
+
+ Each phase can be overridden in its entirety either by setting the
+ environment variable namePhase
+ to a string containing some shell commands to be executed, or by redefining
+ the shell function namePhase.
+ The former is convenient to override a phase from the derivation, while the
+ latter is convenient from a build script. However, typically one only wants
+ to add some commands to a phase, e.g. by defining
+ postInstall or preFixup, as skipping
+ some of the default actions may have unexpected consequences.
+
+
+
+ Controlling phases
+
+
+ There are a number of variables that control what phases are executed and
+ in what order:
+
+ Variables affecting phase control
+
+ phases
+
+
+
+ Specifies the phases. You can change the order in which phases are
+ executed, or add new phases, by setting this variable. If it’s not
+ set, the default value is used, which is $prePhases
+ unpackPhase patchPhase $preConfigurePhases configurePhase
+ $preBuildPhases buildPhase checkPhase $preInstallPhases installPhase
+ fixupPhase $preDistPhases distPhase $postPhases.
+
+
+ Usually, if you just want to add a few phases, it’s more convenient
+ to set one of the variables below (such as
+ preInstallPhases), as you then don’t specify all
+ the normal phases.
+
+
+
+
+ prePhases
+
+
+
+ Additional phases executed before any of the default phases.
+
+
+
+
+ preConfigurePhases
+
+
+
+ Additional phases executed just before the configure phase.
+
+
+
+
+ preBuildPhases
+
+
+
+ Additional phases executed just before the build phase.
+
+
+
+
+ preInstallPhases
+
+
+
+ Additional phases executed just before the install phase.
+
+
+
+
+ preFixupPhases
+
+
+
+ Additional phases executed just before the fixup phase.
+
+
+
+
+ preDistPhases
+
+
+
+ Additional phases executed just before the distribution phase.
+
+
+
+
+ postPhases
+
+
+
+ Additional phases executed after any of the default phases.
+
+
+
+
+
+
+
+
+ The unpack phase
+
+
+ The unpack phase is responsible for unpacking the source code of the
+ package. The default implementation of unpackPhase
+ unpacks the source files listed in the src environment
+ variable to the current directory. It supports the following files by
+ default:
+
+
+ Tar files
+
+
+ These can optionally be compressed using gzip
+ (.tar.gz, .tgz or
+ .tar.Z), bzip2
+ (.tar.bz2 or .tbz2) or
+ xz (.tar.xz or
+ .tar.lzma).
+
+
+
+
+ Zip files
+
+
+ Zip files are unpacked using unzip. However,
+ unzip is not in the standard environment, so you
+ should add it to buildInputs yourself.
+
+
+
+
+ Directories in the Nix store
+
+
+ These are simply copied to the current directory. The hash part of the
+ file name is stripped, e.g.
+ /nix/store/1wydxgby13cz...-my-sources would be
+ copied to my-sources.
+
+
+
+
+ Additional file types can be supported by setting the
+ unpackCmd variable (see below).
+
+
+
+
+
+ Variables controlling the unpack phase
+
+ srcs / src
+
+
+
+ The list of source files or directories to be unpacked or copied. One of
+ these must be set.
+
+
+
+
+ sourceRoot
+
+
+
+ After running unpackPhase, the generic builder
+ changes the current directory to the directory created by unpacking the
+ sources. If there are multiple source directories, you should set
+ sourceRoot to the name of the intended directory.
+
+
+
+
+ setSourceRoot
+
+
+
+ Alternatively to setting sourceRoot, you can set
+ setSourceRoot to a shell command to be evaluated by
+ the unpack phase after the sources have been unpacked. This command must
+ set sourceRoot.
+
+
+
+
+ preUnpack
+
+
+
+ Hook executed at the start of the unpack phase.
+
+
+
+
+ postUnpack
+
+
+
+ Hook executed at the end of the unpack phase.
+
+
+
+
+ dontMakeSourcesWritable
+
+
+
+ If set to 1, the unpacked sources are
+ not made writable. By default, they are made
+ writable to prevent problems with read-only sources. For example, copied
+ store directories would be read-only without this.
+
+
+
+
+ unpackCmd
+
+
+
+ The unpack phase evaluates the string $unpackCmd for
+ any unrecognised file. The path to the current source file is contained
+ in the curSrc variable.
+
+
+
+
+
+
+
+ The patch phase
+
+
+ The patch phase applies the list of patches defined in the
+ patches variable.
+
+
+
+ Variables controlling the patch phase
+
+ patches
+
+
+
+ The list of patches. They must be in the format accepted by the
+ patch command, and may optionally be compressed using
+ gzip (.gz),
+ bzip2 (.bz2) or
+ xz (.xz).
+
+
+
+
+ patchFlags
+
+
+
+ Flags to be passed to patch. If not set, the argument
+ is used, which causes the leading directory
+ component to be stripped from the file names in each patch.
+
+
+
+
+ prePatch
+
+
+
+ Hook executed at the start of the patch phase.
+
+
+
+
+ postPatch
+
+
+
+ Hook executed at the end of the patch phase.
+
+
+
+
+
+
+
+ The configure phase
+
+
+ The configure phase prepares the source tree for building. The default
+ configurePhase runs ./configure
+ (typically an Autoconf-generated script) if it exists.
+
+
+
+ Variables controlling the configure phase
+
+ configureScript
+
+
+
+ The name of the configure script. It defaults to
+ ./configure if it exists; otherwise, the configure
+ phase is skipped. This can actually be a command (like perl
+ ./Configure.pl).
+
+
+
+
+ configureFlags
+
+
+
+ A list of strings passed as additional arguments to the configure
+ script.
+
+
+
+
+ configureFlagsArray
+
+
+
+ A shell array containing additional arguments passed to the configure
+ script. You must use this instead of configureFlags
+ if the arguments contain spaces.
+
+
+
+
+ dontAddPrefix
+
+
+
+ By default, the flag --prefix=$prefix is added to the
+ configure flags. If this is undesirable, set this variable to true.
+
+
+
+
+ prefix
+
+
+
+ The prefix under which the package must be installed, passed via the
+ option to the configure script. It defaults to
+ .
+
+
+
+
+ dontAddDisableDepTrack
+
+
+
+ By default, the flag --disable-dependency-tracking is
+ added to the configure flags to speed up Automake-based builds. If this
+ is undesirable, set this variable to true.
+
+
+
+
+ dontFixLibtool
+
+
+
+ By default, the configure phase applies some special hackery to all
+ files called ltmain.sh before running the configure
+ script in order to improve the purity of Libtool-based packages
+
+
+ It clears the
+ sys_lib_*search_path
+ variables in the Libtool script to prevent Libtool from using
+ libraries in /usr/lib and such.
+
+
+ . If this is undesirable, set this variable to true.
+
+
+
+
+ dontDisableStatic
+
+
+
+ By default, when the configure script has
+ , the option
+ is added to the configure flags.
+
+
+ If this is undesirable, set this variable to true.
+
+
+
+
+ configurePlatforms
+
+
+
+ By default, when cross compiling, the configure script has
+ and passed.
+ Packages can instead pass [ "build" "host" "target" ]
+ or a subset to control exactly which platform flags are passed.
+ Compilers and other tools should use this to also pass the target
+ platform, for example.
+
+
+ Eventually these will be passed when in native builds too, to improve
+ determinism: build-time guessing, as is done today, is a risk of
+ impurity.
+
+
+
+
+
+
+ preConfigure
+
+
+
+ Hook executed at the start of the configure phase.
+
+
+
+
+ postConfigure
+
+
+
+ Hook executed at the end of the configure phase.
+
+
+
+
+
+
+
+ The build phase
+
+
+ The build phase is responsible for actually building the package (e.g.
+ compiling it). The default buildPhase simply calls
+ make if a file named Makefile,
+ makefile or GNUmakefile exists in
+ the current directory (or the makefile is explicitly
+ set); otherwise it does nothing.
+
+
+
+ Variables controlling the build phase
+
+ dontBuild
+
+
+
+ Set to true to skip the build phase.
+
+
+
+
+ makefile
+
+
+
+ The file name of the Makefile.
+
+
+
+
+ makeFlags
+
+
+
+ A list of strings passed as additional flags to make.
+ These flags are also used by the default install and check phase. For
+ setting make flags specific to the build phase, use
+ buildFlags (see below).
+
+makeFlags = [ "PREFIX=$(out)" ];
+
+
+
+ The flags are quoted in bash, but environment variables can be
+ specified by using the make syntax.
+
+
+
+
+
+
+ makeFlagsArray
+
+
+
+ A shell array containing additional arguments passed to
+ make. You must use this instead of
+ makeFlags if the arguments contain spaces, e.g.
+
+makeFlagsArray=(CFLAGS="-O0 -g" LDFLAGS="-lfoo -lbar")
+
+ Note that shell arrays cannot be passed through environment variables,
+ so you cannot set makeFlagsArray in a derivation
+ attribute (because those are passed through environment variables): you
+ have to define them in shell code.
+
+
+
+
+ buildFlags / buildFlagsArray
+
+
+
+ A list of strings passed as additional flags to make.
+ Like makeFlags and makeFlagsArray,
+ but only used by the build phase.
+
+
+
+
+ preBuild
+
+
+
+ Hook executed at the start of the build phase.
+
+
+
+
+ postBuild
+
+
+
+ Hook executed at the end of the build phase.
+
+
+
+
+
+
+ You can set flags for make through the
+ makeFlags variable.
+
+
+
+ Before and after running make, the hooks
+ preBuild and postBuild are called,
+ respectively.
+
+
+
+
+ The check phase
+
+
+ The check phase checks whether the package was built correctly by running
+ its test suite. The default checkPhase calls
+ make check, but only if the doCheck
+ variable is enabled.
+
+
+
+ Variables controlling the check phase
+
+ doCheck
+
+
+
+ Controls whether the check phase is executed. By default it is skipped,
+ but if doCheck is set to true, the check phase is
+ usually executed. Thus you should set
+doCheck = true;
+ in the derivation to enable checks. The exception is cross compilation.
+ Cross compiled builds never run tests, no matter how
+ doCheck is set, as the newly-built program won't run
+ on the platform used to build it.
+
+
+
+
+ makeFlags /
+ makeFlagsArray /
+ makefile
+
+
+
+ See the build phase for details.
+
+
+
+
+ checkTarget
+
+
+
+ The make target that runs the tests. Defaults to
+ check.
+
+
+
+
+ checkFlags / checkFlagsArray
+
+
+
+ A list of strings passed as additional flags to make.
+ Like makeFlags and makeFlagsArray,
+ but only used by the check phase.
+
+
+
+
+ preCheck
+
+
+
+ Hook executed at the start of the check phase.
+
+
+
+
+ postCheck
+
+
+
+ Hook executed at the end of the check phase.
+
+
+
+
+
+
+
+ The install phase
+
+
+ The install phase is responsible for installing the package in the Nix
+ store under out. The default
+ installPhase creates the directory
+ $out and calls make install.
+
+
+
+ Variables controlling the install phase
+
+ makeFlags /
+ makeFlagsArray /
+ makefile
+
+
+
+ See the build phase for details.
+
+
+
+
+ installTargets
+
+
+
+ The make targets that perform the installation. Defaults to
+ install. Example:
+
+installTargets = "install-bin install-doc";
+
+
+
+
+ installFlags / installFlagsArray
+
+
+
+ A list of strings passed as additional flags to make.
+ Like makeFlags and makeFlagsArray,
+ but only used by the install phase.
+
+
+
+
+ preInstall
+
+
+
+ Hook executed at the start of the install phase.
+
+
+
+
+ postInstall
+
+
+
+ Hook executed at the end of the install phase.
+
+
+
+
+
+
+
+ The fixup phase
+
+
+ The fixup phase performs some (Nix-specific) post-processing actions on the
+ files installed under $out by the install phase. The
+ default fixupPhase does the following:
+
+
+
+ It moves the man/, doc/ and
+ info/ subdirectories of $out to
+ share/.
+
+
+
+
+ It strips libraries and executables of debug information.
+
+
+
+
+ On Linux, it applies the patchelf command to ELF
+ executables and libraries to remove unused directories from the
+ RPATH in order to prevent unnecessary runtime
+ dependencies.
+
+
+
+
+ It rewrites the interpreter paths of shell scripts to paths found in
+ PATH. E.g., /usr/bin/perl will be
+ rewritten to
+ /nix/store/some-perl/bin/perl
+ found in PATH.
+
+
+
+
+
+
+ Variables controlling the fixup phase
+
+ dontStrip
+
+
+
+ If set, libraries and executables are not stripped. By default, they
+ are.
+
+
+
+
+ dontStripHost
+
+
+
+ Like dontStripHost, but only affects the
+ strip command targetting the package's host platform.
+ Useful when supporting cross compilation, but otherwise feel free to
+ ignore.
+
+
+
+
+ dontStripTarget
+
+
+
+ Like dontStripHost, but only affects the
+ strip command targetting the packages' target
+ platform. Useful when supporting cross compilation, but otherwise feel
+ free to ignore.
+
+
+
+
+ dontMoveSbin
+
+
+
+ If set, files in $out/sbin are not moved to
+ $out/bin. By default, they are.
+
+
+
+
+ stripAllList
+
+
+
+ List of directories to search for libraries and executables from which
+ all symbols should be stripped. By default, it’s
+ empty. Stripping all symbols is risky, since it may remove not just
+ debug symbols but also ELF information necessary for normal execution.
+
+
+
+
+ stripAllFlags
+
+
+
+ Flags passed to the strip command applied to the
+ files in the directories listed in stripAllList.
+ Defaults to (i.e. ).
+
+
+
+
+ stripDebugList
+
+
+
+ List of directories to search for libraries and executables from which
+ only debugging-related symbols should be stripped. It defaults to
+ lib bin sbin.
+
+
+
+
+ stripDebugFlags
+
+
+
+ Flags passed to the strip command applied to the
+ files in the directories listed in stripDebugList.
+ Defaults to (i.e. ).
+
+
+
+
+ dontPatchELF
+
+
+
+ If set, the patchelf command is not used to remove
+ unnecessary RPATH entries. Only applies to Linux.
+
+
+
+
+ dontPatchShebangs
+
+
+
+ If set, scripts starting with #! do not have their
+ interpreter paths rewritten to paths in the Nix store.
+
+
+
+
+ forceShare
+
+
+
+ The list of directories that must be moved from
+ $out to $out/share. Defaults
+ to man doc info.
+
+
+
+
+ setupHook
+
+
+
+ A package can export a setup
+ hook by setting this variable. The setup hook, if defined, is
+ copied to $out/nix-support/setup-hook. Environment
+ variables are then substituted in it using
+ substituteAll.
+
+
+
+
+ preFixup
+
+
+
+ Hook executed at the start of the fixup phase.
+
+
+
+
+ postFixup
+
+
+
+ Hook executed at the end of the fixup phase.
+
+
+
+
+ separateDebugInfo
+
+
+
+ If set to true, the standard environment will enable
+ debug information in C/C++ builds. After installation, the debug
+ information will be separated from the executables and stored in the
+ output named debug. (This output is enabled
+ automatically; you don’t need to set the outputs
+ attribute explicitly.) To be precise, the debug information is stored in
+ debug/lib/debug/.build-id/XX/YYYY…,
+ where XXYYYY… is the build
+ ID of the binary — a SHA-1 hash of the contents of the
+ binary. Debuggers like GDB use the build ID to look up the separated
+ debug information.
+
+
+ For example, with GDB, you can add
+
+set debug-file-directory ~/.nix-profile/lib/debug
+
+ to ~/.gdbinit. GDB will then be able to find debug
+ information installed via nix-env -i.
+
+
+
+
+
+
+
+ The installCheck phase
+
+
+ The installCheck phase checks whether the package was installed correctly
+ by running its test suite against the installed directories. The default
+ installCheck calls make
+ installcheck.
+
+
+
+ Variables controlling the installCheck phase
+
+ doInstallCheck
+
+
+
+ Controls whether the installCheck phase is executed. By default it is
+ skipped, but if doInstallCheck is set to true, the
+ installCheck phase is usually executed. Thus you should set
+doInstallCheck = true;
+ in the derivation to enable install checks. The exception is cross
+ compilation. Cross compiled builds never run tests, no matter how
+ doInstallCheck is set, as the newly-built program
+ won't run on the platform used to build it.
+
+
+
+
+ preInstallCheck
+
+
+
+ Hook executed at the start of the installCheck phase.
+
+
+
+
+ postInstallCheck
+
+
+
+ Hook executed at the end of the installCheck phase.
+
+
+
+
+
+
+
+ The distribution phase
+
+
+ The distribution phase is intended to produce a source distribution of the
+ package. The default distPhase first calls
+ make dist, then it copies the resulting source tarballs
+ to $out/tarballs/. This phase is only executed if the
+ attribute doDist is set.
+
+
+
+ Variables controlling the distribution phase
+
+ distTarget
+
+
+
+ The make target that produces the distribution. Defaults to
+ dist.
+
+
+
+
+ distFlags / distFlagsArray
+
+
+
+ Additional flags passed to make.
+
+
+
+
+ tarballs
+
+
+
+ The names of the source distribution files to be copied to
+ $out/tarballs/. It can contain shell wildcards. The
+ default is *.tar.gz.
+
+
+
+
+ dontCopyDist
+
+
+
+ If set, no files are copied to $out/tarballs/.
+
+
+
+
+ preDist
+
+
+
+ Hook executed at the start of the distribution phase.
+
+
+
+
+ postDist
+
+
+
+ Hook executed at the end of the distribution phase.
+
+
+
+
+
+
+
+ Shell functions
+
+
+ The standard environment provides a number of useful functions.
+
+
+
+
+ makeWrapperexecutablewrapperfileargs
+
+
+
+ Constructs a wrapper for a program with various possible arguments. For
+ example:
# adds `FOOBAR=baz` to `$out/bin/foo`’s environment
makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
@@ -1392,662 +1764,763 @@ makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
# (via string replacements or in `configurePhase`).
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
-
- There’s many more kinds of arguments, they are documented in
- nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh.
-
- wrapProgram is a convenience function you probably
- want to use most of the time.
-
+ There’s many more kinds of arguments, they are documented in
+ nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh.
+
+
+ wrapProgram is a convenience function you probably
+ want to use most of the time.
+
-
-
-
-
- substitute
- infile
- outfile
- subs
-
+
+
+ substituteinfileoutfilesubs
+
- Performs string substitution on the contents of
+
+ Performs string substitution on the contents of
infile, writing the result to
- outfile. The substitutions in
+ outfile. The substitutions in
subs are of the following form:
-
-
-
-
- s1
- s2
- Replace every occurrence of the string
- s1 by
- s2.
-
-
-
-
- varName
- Replace every occurrence of
- @varName@ by
- the contents of the environment variable
- varName. This is useful for
- generating files from templates, using
- @...@ in the
- template as placeholders.
-
-
-
-
- varName
- s
- Replace every occurrence of
- @varName@ by
- the string s.
-
-
-
-
-
-
- Example:
-
+
+
+ s1s2
+
+
+
+ Replace every occurrence of the string s1
+ by s2.
+
+
+
+
+ varName
+
+
+
+ Replace every occurrence of
+ @varName@ by the
+ contents of the environment variable
+ varName. This is useful for generating
+ files from templates, using
+ @...@ in the template
+ as placeholders.
+
+
+
+
+ varNames
+
+
+
+ Replace every occurrence of
+ @varName@ by the string
+ s.
+
+
+
+
+
+
+ Example:
substitute ./foo.in ./foo.out \
--replace /usr/bin/bar $bar/bin/bar \
--replace "a string containing spaces" "some other text" \
--subst-var someVar
-
-
-
- substitute is implemented using the
+
+
+ substitute is implemented using the
replace
- command. Unlike with the sed command, you
- don’t have to worry about escaping special characters. It
- supports performing substitutions on binary files (such as
- executables), though there you’ll probably want to make sure
- that the replacement string is as long as the replaced
- string.
-
+ command. Unlike with the sed command, you don’t have
+ to worry about escaping special characters. It supports performing
+ substitutions on binary files (such as executables), though there
+ you’ll probably want to make sure that the replacement string is as
+ long as the replaced string.
+
-
-
-
-
- substituteInPlace
- file
- subs
- Like substitute, but performs
- the substitutions in place on the file
- file.
-
-
-
-
- substituteAll
- infile
- outfile
- Replaces every occurrence of
- @varName@, where
- varName is any environment variable, in
- infile, writing the result to
- outfile. For instance, if
- infile has the contents
-
+
+
+ substituteInPlacefilesubs
+
+
+
+ Like substitute, but performs the substitutions in
+ place on the file file.
+
+
+
+
+ substituteAllinfileoutfile
+
+
+
+ Replaces every occurrence of
+ @varName@, where
+ varName is any environment variable, in
+ infile, writing the result to
+ outfile. For instance, if
+ infile has the contents
#! @bash@/bin/sh
PATH=@coreutils@/bin
echo @foo@
-
- and the environment contains
- bash=/nix/store/bmwp0q28cf21...-bash-3.2-p39
- and
- coreutils=/nix/store/68afga4khv0w...-coreutils-6.12,
- but does not contain the variable foo, then the
- output will be
-
+ and the environment contains
+ bash=/nix/store/bmwp0q28cf21...-bash-3.2-p39 and
+ coreutils=/nix/store/68afga4khv0w...-coreutils-6.12,
+ but does not contain the variable foo, then the output
+ will be
#! /nix/store/bmwp0q28cf21...-bash-3.2-p39/bin/sh
PATH=/nix/store/68afga4khv0w...-coreutils-6.12/bin
echo @foo@
-
- That is, no substitution is performed for undefined variables.
-
- Environment variables that start with an uppercase letter or an
- underscore are filtered out,
- to prevent global variables (like HOME) or private
- variables (like __ETC_PROFILE_DONE) from accidentally
- getting substituted.
- The variables also have to be valid bash “names”, as
- defined in the bash manpage (alphanumeric or _,
- must not start with a number).
-
-
-
-
-
- substituteAllInPlace
- file
- Like substituteAll, but performs
- the substitutions in place on the file
- file.
-
-
-
-
- stripHash
- path
- Strips the directory and hash part of a store
- path, outputting the name part to stdout.
- For example:
-
+ That is, no substitution is performed for undefined variables.
+
+
+ Environment variables that start with an uppercase letter or an
+ underscore are filtered out, to prevent global variables (like
+ HOME) or private variables (like
+ __ETC_PROFILE_DONE) from accidentally getting
+ substituted. The variables also have to be valid bash “names”, as
+ defined in the bash manpage (alphanumeric or _, must
+ not start with a number).
+
+
+
+
+ substituteAllInPlacefile
+
+
+
+ Like substituteAll, but performs the substitutions
+ in place on the file file.
+
+
+
+
+ stripHashpath
+
+
+
+ Strips the directory and hash part of a store path, outputting the name
+ part to stdout. For example:
# prints coreutils-8.24
stripHash "/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
-
- If you wish to store the result in another variable, then the
- following idiom may be useful:
-
+ If you wish to store the result in another variable, then the following
+ idiom may be useful:
name="/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
someVar=$(stripHash $name)
-
-
-
-
-
-
- wrapProgram
- executable
- makeWrapperArgs
- Convenience function for makeWrapper
- that automatically creates a sane wrapper file
-
- It takes all the same arguments as makeWrapper,
- except for --argv0.
-
- It cannot be applied multiple times, since it will overwrite the wrapper
- file.
+
+
+
+
+ wrapProgramexecutablemakeWrapperArgs
+
+
+
+ Convenience function for makeWrapper that
+ automatically creates a sane wrapper file It takes all the same arguments
+ as makeWrapper, except for --argv0.
+
+
+ It cannot be applied multiple times, since it will overwrite the wrapper
+ file.
+
-
-
-
-
-
-
-
-
-Package setup hooks
-
-
- Nix itself considers a build-time dependency merely something that should previously be built and accessible at build time—packages themselves are on their own to perform any additional setup.
- In most cases, that is fine, and the downstream derivation can deal with it's own dependencies.
- But for a few common tasks, that would result in almost every package doing the same sort of setup work---depending not on the package itself, but entirely on which dependencies were used.
-
-
- In order to alleviate this burden, the setup hook>mechanism was written, where any package can include a shell script that [by convention rather than enforcement by Nix], any downstream reverse-dependency will source as part of its build process.
- That allows the downstream dependency to merely specify its dependencies, and lets those dependencies effectively initialize themselves.
- No boilerplate mirroring the list of dependencies is needed.
-
-
- The Setup hook mechanism is a bit of a sledgehammer though: a powerful feature with a broad and indiscriminate area of effect.
- The combination of its power and implicit use may be expedient, but isn't without costs.
- Nix itself is unchanged, but the spirit of adding dependencies being effect-free is violated even if the letter isn't.
- For example, if a derivation path is mentioned more than once, Nix itself doesn't care and simply makes sure the dependency derivation is already built just the same—depending is just needing something to exist, and needing is idempotent.
- However, a dependency specified twice will have its setup hook run twice, and that could easily change the build environment (though a well-written setup hook will therefore strive to be idempotent so this is in fact not observable).
- More broadly, setup hooks are anti-modular in that multiple dependencies, whether the same or different, should not interfere and yet their setup hooks may well do so.
-
-
- The most typical use of the setup hook is actually to add other hooks which are then run (i.e. after all the setup hooks) on each dependency.
- For example, the C compiler wrapper's setup hook feeds itself flags for each dependency that contains relevant libaries and headers.
- This is done by defining a bash function, and appending its name to one of
- envBuildBuildHooks`,
- envBuildHostHooks`,
- envBuildTargetHooks`,
- envHostHostHooks`,
- envHostTargetHooks`, or
- envTargetTargetHooks`.
- These 6 bash variables correspond to the 6 sorts of dependencies by platform (there's 12 total but we ignore the propagated/non-propagated axis).
-
-
- Packages adding a hook should not hard code a specific hook, but rather choose a variable relative to how they are included.
- Returning to the C compiler wrapper example, if it itself is an n dependency, then it only wants to accumulate flags from n + 1 dependencies, as only those ones match the compiler's target platform.
- The hostOffset variable is defined with the current dependency's host offset targetOffset with its target offset, before it's setup hook is sourced.
- Additionally, since most environment hooks don't care about the target platform,
- That means the setup hook can append to the right bash array by doing something like
-
+
+
+
+
+ Package setup hooks
+
+
+ Nix itself considers a build-time dependency merely something that should
+ previously be built and accessible at build time—packages themselves are
+ on their own to perform any additional setup. In most cases, that is fine,
+ and the downstream derivation can deal with it's own dependencies. But for a
+ few common tasks, that would result in almost every package doing the same
+ sort of setup work---depending not on the package itself, but entirely on
+ which dependencies were used.
+
+
+
+ In order to alleviate this burden, the setup
+ hook>mechanism was written, where any package can include a
+ shell script that [by convention rather than enforcement by Nix], any
+ downstream reverse-dependency will source as part of its build process. That
+ allows the downstream dependency to merely specify its dependencies, and
+ lets those dependencies effectively initialize themselves. No boilerplate
+ mirroring the list of dependencies is needed.
+
+
+
+ The Setup hook mechanism is a bit of a sledgehammer though: a powerful
+ feature with a broad and indiscriminate area of effect. The combination of
+ its power and implicit use may be expedient, but isn't without costs. Nix
+ itself is unchanged, but the spirit of adding dependencies being effect-free
+ is violated even if the letter isn't. For example, if a derivation path is
+ mentioned more than once, Nix itself doesn't care and simply makes sure the
+ dependency derivation is already built just the same—depending is just
+ needing something to exist, and needing is idempotent. However, a dependency
+ specified twice will have its setup hook run twice, and that could easily
+ change the build environment (though a well-written setup hook will
+ therefore strive to be idempotent so this is in fact not observable). More
+ broadly, setup hooks are anti-modular in that multiple dependencies, whether
+ the same or different, should not interfere and yet their setup hooks may
+ well do so.
+
+
+
+ The most typical use of the setup hook is actually to add other hooks which
+ are then run (i.e. after all the setup hooks) on each dependency. For
+ example, the C compiler wrapper's setup hook feeds itself flags for each
+ dependency that contains relevant libaries and headers. This is done by
+ defining a bash function, and appending its name to one of
+ envBuildBuildHooks`, envBuildHostHooks`,
+ envBuildTargetHooks`, envHostHostHooks`,
+ envHostTargetHooks`, or envTargetTargetHooks`.
+ These 6 bash variables correspond to the 6 sorts of dependencies by platform
+ (there's 12 total but we ignore the propagated/non-propagated axis).
+
+
+
+ Packages adding a hook should not hard code a specific hook, but rather
+ choose a variable relative to how they are included.
+ Returning to the C compiler wrapper example, if it itself is an
+ n dependency, then it only wants to accumulate flags from
+ n + 1 dependencies, as only those ones match the
+ compiler's target platform. The hostOffset variable is
+ defined with the current dependency's host offset
+ targetOffset with its target offset, before it's setup hook
+ is sourced. Additionally, since most environment hooks don't care about the
+ target platform, That means the setup hook can append to the right bash
+ array by doing something like
+
addEnvHooks "$hostOffset" myBashFunction
-
-
- The existence of setups hooks has long been documented and packages inside Nixpkgs are free to use these mechanism.
- Other packages, however, should not rely on these mechanisms not changing between Nixpkgs versions.
- Because of the existing issues with this system, there's little benefit from mandating it be stable for any period of time.
-
-
- Here are some packages that provide a setup hook.
- Since the mechanism is modular, this probably isn't an exhaustive list.
- Then again, since the mechanism is only to be used as a last resort, it might be.
-
-
-
- Bintools Wrapper
-
+
+
+
+ The existence of setups hooks has long been documented
+ and packages inside Nixpkgs are free to use these mechanism. Other packages,
+ however, should not rely on these mechanisms not changing between Nixpkgs
+ versions. Because of the existing issues with this system, there's little
+ benefit from mandating it be stable for any period of time.
+
+
+
+ Here are some packages that provide a setup hook. Since the mechanism is
+ modular, this probably isn't an exhaustive list. Then again, since the
+ mechanism is only to be used as a last resort, it might be.
+
+
+ Bintools Wrapper
+
- Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes.
- These are GNU Binutils when targetting Linux, and a mix of cctools and GNU binutils for Darwin.
- [The "Bintools" name is supposed to be a compromise between "Binutils" and "cctools" not denoting any specific implementation.]
- Specifically, the underlying bintools package, and a C standard library (glibc or Darwin's libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by Bintools Wrapper.
- Packages typically depend on CC Wrapper, which in turn (at run time) depends on Bintools Wrapper.
+ Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous
+ purposes. These are GNU Binutils when targetting Linux, and a mix of
+ cctools and GNU binutils for Darwin. [The "Bintools" name is supposed to
+ be a compromise between "Binutils" and "cctools" not denoting any
+ specific implementation.] Specifically, the underlying bintools package,
+ and a C standard library (glibc or Darwin's libSystem, just for the
+ dynamic loader) are all fed in, and dependency finding, hardening (see
+ below), and purity checks for each are handled by Bintools Wrapper.
+ Packages typically depend on CC Wrapper, which in turn (at run time)
+ depends on Bintools Wrapper.
- Bintools Wrapper was only just recently split off from CC Wrapper, so the division of labor is still being worked out.
- For example, it shouldn't care about about the C standard library, but just take a derivation with the dynamic loader (which happens to be the glibc on linux).
- Dependency finding however is a task both wrappers will continue to need to share, and probably the most important to understand.
- It is currently accomplished by collecting directories of host-platform dependencies (i.e. buildInputs and nativeBuildInputs) in environment variables.
- Bintools Wrapper's setup hook causes any lib and lib64 subdirectories to be added to NIX_LDFLAGS.
- Since CC Wrapper and Bintools Wrapper use the same strategy, most of the Bintools Wrapper code is sparsely commented and refers to CC Wrapper.
- But CC Wrapper's code, by contrast, has quite lengthy comments.
- Bintools Wrapper merely cites those, rather than repeating them, to avoid falling out of sync.
+ Bintools Wrapper was only just recently split off from CC Wrapper, so
+ the division of labor is still being worked out. For example, it
+ shouldn't care about about the C standard library, but just take a
+ derivation with the dynamic loader (which happens to be the glibc on
+ linux). Dependency finding however is a task both wrappers will continue
+ to need to share, and probably the most important to understand. It is
+ currently accomplished by collecting directories of host-platform
+ dependencies (i.e. buildInputs and
+ nativeBuildInputs) in environment variables. Bintools
+ Wrapper's setup hook causes any lib and
+ lib64 subdirectories to be added to
+ NIX_LDFLAGS. Since CC Wrapper and Bintools Wrapper use
+ the same strategy, most of the Bintools Wrapper code is sparsely
+ commented and refers to CC Wrapper. But CC Wrapper's code, by contrast,
+ has quite lengthy comments. Bintools Wrapper merely cites those, rather
+ than repeating them, to avoid falling out of sync.
- A final task of the setup hook is defining a number of standard environment variables to tell build systems which executables full-fill which purpose.
- They are defined to just be the base name of the tools, under the assumption that Bintools Wrapper's binaries will be on the path.
- Firstly, this helps poorly-written packages, e.g. ones that look for just gcc when CC isn't defined yet clang is to be used.
- Secondly, this helps packages not get confused when cross-compiling, in which case multiple Bintools Wrappers may simultaneously be in use.
-
- Each wrapper targets a single platform, so if binaries for multiple platforms are needed, the underlying binaries must be wrapped multiple times.
- As this is a property of the wrapper itself, the multiple wrappings are needed whether or not the same underlying binaries can target multiple platforms.
-
- BUILD_- and TARGET_-prefixed versions of the normal environment variable are defined for the additional Bintools Wrappers, properly disambiguating them.
+ A final task of the setup hook is defining a number of standard
+ environment variables to tell build systems which executables full-fill
+ which purpose. They are defined to just be the base name of the tools,
+ under the assumption that Bintools Wrapper's binaries will be on the
+ path. Firstly, this helps poorly-written packages, e.g. ones that look
+ for just gcc when CC isn't defined yet
+ clang is to be used. Secondly, this helps packages
+ not get confused when cross-compiling, in which case multiple Bintools
+ Wrappers may simultaneously be in use.
+
+
+ Each wrapper targets a single platform, so if binaries for multiple
+ platforms are needed, the underlying binaries must be wrapped multiple
+ times. As this is a property of the wrapper itself, the multiple
+ wrappings are needed whether or not the same underlying binaries can
+ target multiple platforms.
+
+
+ BUILD_- and TARGET_-prefixed versions of
+ the normal environment variable are defined for the additional Bintools
+ Wrappers, properly disambiguating them.
- A problem with this final task is that Bintools Wrapper is honest and defines LD as ld.
- Most packages, however, firstly use the C compiler for linking, secondly use LD anyways, defining it as the C compiler, and thirdly, only so define LD when it is undefined as a fallback.
- This triple-threat means Bintools Wrapper will break those packages, as LD is already defined as the actual linker which the package won't override yet doesn't want to use.
- The workaround is to define, just for the problematic package, LD as the C compiler.
- A good way to do this would be preConfigure = "LD=$CC".
+ A problem with this final task is that Bintools Wrapper is honest and
+ defines LD as ld. Most packages,
+ however, firstly use the C compiler for linking, secondly use
+ LD anyways, defining it as the C compiler, and thirdly,
+ only so define LD when it is undefined as a fallback.
+ This triple-threat means Bintools Wrapper will break those packages, as
+ LD is already defined as the actual linker which the package won't
+ override yet doesn't want to use. The workaround is to define, just for
+ the problematic package, LD as the C compiler. A good way
+ to do this would be preConfigure = "LD=$CC".
-
-
-
-
- CC Wrapper
-
+
+
+
+ CC Wrapper
+
- CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes.
- Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C standard library (glibc or Darwin's libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by CC Wrapper.
- Packages typically depend on CC Wrapper, which in turn (at run time) depends on Bintools Wrapper.
+ CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes.
+ Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C
+ standard library (glibc or Darwin's libSystem, just for the dynamic
+ loader) are all fed in, and dependency finding, hardening (see below),
+ and purity checks for each are handled by CC Wrapper. Packages typically
+ depend on CC Wrapper, which in turn (at run time) depends on Bintools
+ Wrapper.
- Dependency finding is undoubtedly the main task of CC Wrapper.
- This works just like Bintools Wrapper, except that any include subdirectory of any relevant dependency is added to NIX_CFLAGS_COMPILE.
- The setup hook itself contains some lengthy comments describing the exact convoluted mechanism by which this is accomplished.
+ Dependency finding is undoubtedly the main task of CC Wrapper. This
+ works just like Bintools Wrapper, except that any
+ include subdirectory of any relevant dependency is
+ added to NIX_CFLAGS_COMPILE. The setup hook itself
+ contains some lengthy comments describing the exact convoluted mechanism
+ by which this is accomplished.
- CC Wrapper also like Bintools Wrapper defines standard environment variables with the names of the tools it wraps, for the same reasons described above.
- Importantly, while it includes a cc symlink to the c compiler for portability, the CC will be defined using the compiler's "real name" (i.e. gcc or clang).
- This helps lousy build systems that inspect on the name of the compiler rather than run it.
+ CC Wrapper also like Bintools Wrapper defines standard environment
+ variables with the names of the tools it wraps, for the same reasons
+ described above. Importantly, while it includes a cc
+ symlink to the c compiler for portability, the CC will be
+ defined using the compiler's "real name" (i.e. gcc or
+ clang). This helps lousy build systems that inspect
+ on the name of the compiler rather than run it.
-
-
-
-
- Perl
-
+
+
+
+ Perl
+
- Adds the lib/site_perl subdirectory of each build input to the PERL5LIB environment variable.
- For instance, if buildInputs contains Perl, then the lib/site_perl subdirectory of each input is added to the PERL5LIB environment variable.
+ Adds the lib/site_perl subdirectory of each build
+ input to the PERL5LIB environment variable. For instance,
+ if buildInputs contains Perl, then the
+ lib/site_perl subdirectory of each input is added
+ to the PERL5LIB environment variable.
-
-
-
-
- Python
- Adds the
- lib/${python.libPrefix}/site-packages subdirectory of
- each build input to the PYTHONPATH environment
- variable.
-
-
-
- pkg-config
- Adds the lib/pkgconfig and
- share/pkgconfig subdirectories of each
- build input to the PKG_CONFIG_PATH environment
- variable.
-
-
-
- Automake
- Adds the share/aclocal
- subdirectory of each build input to the ACLOCAL_PATH
- environment variable.
-
-
-
- Autoconf
- The autoreconfHook derivation adds
- autoreconfPhase, which runs autoreconf, libtoolize and
- automake, essentially preparing the configure script in autotools-based
- builds.
-
-
-
- libxml2
- Adds every file named
- catalog.xml found under the
- xml/dtd and xml/xsl
- subdirectories of each build input to the
- XML_CATALOG_FILES environment
- variable.
-
-
-
- teTeX / TeX Live
- Adds the share/texmf-nix
- subdirectory of each build input to the TEXINPUTS
- environment variable.
-
-
-
- Qt 4
- Sets the QTDIR environment variable
- to Qt’s path.
-
-
-
- gdk-pixbuf
- Exports GDK_PIXBUF_MODULE_FILE
- environment variable the the builder. Add librsvg package
- to buildInputs to get svg support.
-
-
-
- GHC
- Creates a temporary package database and registers
- every Haskell build input in it (TODO: how?).
-
-
-
- GStreamer
- Adds the
- GStreamer plugins subdirectory of
- each build input to the GST_PLUGIN_SYSTEM_PATH_1_0 or
- GST_PLUGIN_SYSTEM_PATH environment variable.
-
-
-
- paxctl
- Defines the paxmark helper for
- setting per-executable PaX flags on Linux (where it is available by
- default; on all other platforms, paxmark is a no-op).
- For example, to disable secure memory protections on the executable
- foo:
-
+
+
+
+ Python
+
+
+ Adds the lib/${python.libPrefix}/site-packages
+ subdirectory of each build input to the PYTHONPATH
+ environment variable.
+
+
+
+
+ pkg-config
+
+
+ Adds the lib/pkgconfig and
+ share/pkgconfig subdirectories of each build input
+ to the PKG_CONFIG_PATH environment variable.
+
+
+
+
+ Automake
+
+
+ Adds the share/aclocal subdirectory of each build
+ input to the ACLOCAL_PATH environment variable.
+
+
+
+
+ Autoconf
+
+
+ The autoreconfHook derivation adds
+ autoreconfPhase, which runs autoreconf, libtoolize
+ and automake, essentially preparing the configure script in
+ autotools-based builds.
+
+
+
+
+ libxml2
+
+
+ Adds every file named catalog.xml found under the
+ xml/dtd and xml/xsl
+ subdirectories of each build input to the
+ XML_CATALOG_FILES environment variable.
+
+
+
+
+ teTeX / TeX Live
+
+
+ Adds the share/texmf-nix subdirectory of each build
+ input to the TEXINPUTS environment variable.
+
+
+
+
+ Qt 4
+
+
+ Sets the QTDIR environment variable to Qt’s path.
+
+
+
+
+ gdk-pixbuf
+
+
+ Exports GDK_PIXBUF_MODULE_FILE environment variable the
+ the builder. Add librsvg package to buildInputs to
+ get svg support.
+
+
+
+
+ GHC
+
+
+ Creates a temporary package database and registers every Haskell build
+ input in it (TODO: how?).
+
+
+
+
+ GStreamer
+
+
+ Adds the GStreamer plugins subdirectory of each build input to the
+ GST_PLUGIN_SYSTEM_PATH_1_0 or
+ GST_PLUGIN_SYSTEM_PATH environment variable.
+
+
+
+
+ paxctl
+
+
+ Defines the paxmark helper for setting per-executable
+ PaX flags on Linux (where it is available by default; on all other
+ platforms, paxmark is a no-op). For example, to
+ disable secure memory protections on the executable
+ foo:
+
postFixup = ''
paxmark m $out/bin/foo
'';
- The m flag is the most common flag and is typically
- required for applications that employ JIT compilation or otherwise need to
- execute code generated at run-time. Disabling PaX protections should be
- considered a last resort: if possible, problematic features should be
- disabled or patched to work with PaX.
-
-
-
- autoPatchelfHook
- This is a special setup hook which helps in packaging
- proprietary software in that it automatically tries to find missing shared
- library dependencies of ELF files. All packages within the
- runtimeDependencies environment variable are unconditionally
- added to executables, which is useful for programs that use
-
- dlopen
- 3
-
- to load libraries at runtime.
-
-
-
-
-
-
-
-
-
-Purity in Nixpkgs
-
-[measures taken to prevent dependencies on packages outside the
-store, and what you can do to prevent them]
-
-GCC doesn't search in locations such as
-/usr/include. In fact, attempts to add such
-directories through the flag are filtered out.
-Likewise, the linker (from GNU binutils) doesn't search in standard
-locations such as /usr/lib. Programs built on
-Linux are linked against a GNU C Library that likewise doesn't search
-in the default system locations.
-
-
-
-Hardening in Nixpkgs
-
-There are flags available to harden packages at compile or link-time.
-These can be toggled using the stdenv.mkDerivation parameters
-hardeningDisable and hardeningEnable.
-
-
-
-Both parameters take a list of flags as strings. The special
-"all" flag can be passed to hardeningDisable
-to turn off all hardening. These flags can also be used as environment variables
-for testing or development purposes.
-
-
-The following flags are enabled by default and might require disabling with
-hardeningDisable if the program to package is incompatible.
-
-
-
-
-
- format
- Adds the compiler options. At present,
- this warns about calls to printf and
- scanf functions where the format string is
- not a string literal and there are no format arguments, as in
- printf(foo);. This may be a security hole
- if the format string came from untrusted input and contains
- %n.
-
- This needs to be turned off or fixed for errors similar to:
-
-
+ The m flag is the most common flag and is typically
+ required for applications that employ JIT compilation or otherwise need
+ to execute code generated at run-time. Disabling PaX protections should
+ be considered a last resort: if possible, problematic features should be
+ disabled or patched to work with PaX.
+
+
+
+
+ autoPatchelfHook
+
+
+ This is a special setup hook which helps in packaging proprietary
+ software in that it automatically tries to find missing shared library
+ dependencies of ELF files. All packages within the
+ runtimeDependencies environment variable are
+ unconditionally added to executables, which is useful for programs that
+ use
+ dlopen
+ 3 to load libraries at runtime.
+
+
+
+
+
+
+
+ Purity in Nixpkgs
+
+
+ [measures taken to prevent dependencies on packages outside the store, and
+ what you can do to prevent them]
+
+
+
+ GCC doesn't search in locations such as /usr/include.
+ In fact, attempts to add such directories through the
+ flag are filtered out. Likewise, the linker (from GNU binutils) doesn't
+ search in standard locations such as /usr/lib. Programs
+ built on Linux are linked against a GNU C Library that likewise doesn't
+ search in the default system locations.
+
+
+
+ Hardening in Nixpkgs
+
+
+ There are flags available to harden packages at compile or link-time. These
+ can be toggled using the stdenv.mkDerivation parameters
+ hardeningDisable and hardeningEnable.
+
+
+
+ Both parameters take a list of flags as strings. The special
+ "all" flag can be passed to
+ hardeningDisable to turn off all hardening. These flags
+ can also be used as environment variables for testing or development
+ purposes.
+
+
+
+ The following flags are enabled by default and might require disabling with
+ hardeningDisable if the program to package is
+ incompatible.
+
+
+
+
+ format
+
+
+
+ Adds the compiler options. At present, this warns
+ about calls to printf and scanf
+ functions where the format string is not a string literal and there are
+ no format arguments, as in printf(foo);. This may be a
+ security hole if the format string came from untrusted input and contains
+ %n.
+
+
+ This needs to be turned off or fixed for errors similar to:
+
+
/tmp/nix-build-zynaddsubfx-2.5.2.drv-0/zynaddsubfx-2.5.2/src/UI/guimain.cpp:571:28: error: format not a string literal and no format arguments [-Werror=format-security]
printf(help_message);
^
cc1plus: some warnings being treated as errors
-
-
-
-
- stackprotector
+
+
+
+
+ stackprotector
+
- Adds the
- compiler options. This adds safety checks against stack overwrites
- rendering many potential code injection attacks into aborting situations.
- In the best case this turns code injection vulnerabilities into denial
- of service or into non-issues (depending on the application).
-
- This needs to be turned off or fixed for errors similar to:
-
-
+
+ Adds the compiler options. This adds safety checks
+ against stack overwrites rendering many potential code injection attacks
+ into aborting situations. In the best case this turns code injection
+ vulnerabilities into denial of service or into non-issues (depending on
+ the application).
+
+
+ This needs to be turned off or fixed for errors similar to:
+
+
bin/blib.a(bios_console.o): In function `bios_handle_cup':
/tmp/nix-build-ipxe-20141124-5cbdc41.drv-0/ipxe-5cbdc41/src/arch/i386/firmware/pcbios/bios_console.c:86: undefined reference to `__stack_chk_fail'
-
-
-
-
- fortify
+
+
+
+
+ fortify
+
- Adds the compiler
- options. During code generation the compiler knows a great deal of
- information about buffer sizes (where possible), and attempts to replace
- insecure unlimited length buffer function calls with length-limited ones.
- This is especially useful for old, crufty code. Additionally, format
- strings in writable memory that contain '%n' are blocked. If an application
- depends on such a format string, it will need to be worked around.
-
-
- Additionally, some warnings are enabled which might trigger build
- failures if compiler warnings are treated as errors in the package build.
- In this case, set to
- .
-
- This needs to be turned off or fixed for errors similar to:
-
-
+
+ Adds the compiler options.
+ During code generation the compiler knows a great deal of information
+ about buffer sizes (where possible), and attempts to replace insecure
+ unlimited length buffer function calls with length-limited ones. This is
+ especially useful for old, crufty code. Additionally, format strings in
+ writable memory that contain '%n' are blocked. If an application depends
+ on such a format string, it will need to be worked around.
+
+
+ Additionally, some warnings are enabled which might trigger build
+ failures if compiler warnings are treated as errors in the package build.
+ In this case, set to
+ .
+
+
+ This needs to be turned off or fixed for errors similar to:
+
+
malloc.c:404:15: error: return type is an incomplete type
malloc.c:410:19: error: storage size of 'ms' isn't known
-
+
strdup.h:22:1: error: expected identifier or '(' before '__extension__'
-
+
strsep.c:65:23: error: register name not specified for 'delim'
-
+
installwatch.c:3751:5: error: conflicting types for '__open_2'
-
+
fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
-
-
-
- pic
+
+
+ pic
+
- Adds the compiler options. This options adds
- support for position independent code in shared libraries and thus making
- ASLR possible.
- Most notably, the Linux kernel, kernel modules and other code
- not running in an operating system environment like boot loaders won't
- build with PIC enabled. The compiler will is most cases complain that
- PIC is not supported for a specific build.
-
-
- This needs to be turned off or fixed for assembler errors similar to:
-
-
+
+ Adds the compiler options. This options adds
+ support for position independent code in shared libraries and thus making
+ ASLR possible.
+
+
+ Most notably, the Linux kernel, kernel modules and other code not running
+ in an operating system environment like boot loaders won't build with PIC
+ enabled. The compiler will is most cases complain that PIC is not
+ supported for a specific build.
+
+
+ This needs to be turned off or fixed for assembler errors similar to:
+
+
ccbLfRgg.s: Assembler messages:
ccbLfRgg.s:33: Error: missing or invalid displacement expression `private_key_len@GOTOFF'
-
-
-
- strictoverflow
+
+
+ strictoverflow
+
- Signed integer overflow is undefined behaviour according to the C
- standard. If it happens, it is an error in the program as it should check
- for overflow before it can happen, not afterwards. GCC provides built-in
- functions to perform arithmetic with overflow checking, which are correct
- and faster than any custom implementation. As a workaround, the option
- makes gcc behave as if signed
- integer overflows were defined.
-
-
- This flag should not trigger any build or runtime errors.
+
+ Signed integer overflow is undefined behaviour according to the C
+ standard. If it happens, it is an error in the program as it should check
+ for overflow before it can happen, not afterwards. GCC provides built-in
+ functions to perform arithmetic with overflow checking, which are correct
+ and faster than any custom implementation. As a workaround, the option
+ makes gcc behave as if signed
+ integer overflows were defined.
+
+
+ This flag should not trigger any build or runtime errors.
+
-
-
-
- relro
+
+
+ relro
+
- Adds the linker option. During program
- load, several ELF memory sections need to be written to by the linker,
- but can be turned read-only before turning over control to the program.
- This prevents some GOT (and .dtors) overwrite attacks, but at least the
- part of the GOT used by the dynamic linker (.got.plt) is still vulnerable.
-
-
- This flag can break dynamic shared object loading. For instance, the
- module systems of Xorg and OpenCV are incompatible with this flag. In almost
- all cases the bindnow flag must also be disabled and
- incompatible programs typically fail with similar errors at runtime.
+
+ Adds the linker option. During program load,
+ several ELF memory sections need to be written to by the linker, but can
+ be turned read-only before turning over control to the program. This
+ prevents some GOT (and .dtors) overwrite attacks, but at least the part
+ of the GOT used by the dynamic linker (.got.plt) is still vulnerable.
+
+
+ This flag can break dynamic shared object loading. For instance, the
+ module systems of Xorg and OpenCV are incompatible with this flag. In
+ almost all cases the bindnow flag must also be
+ disabled and incompatible programs typically fail with similar errors at
+ runtime.
+
-
-
-
- bindnow
+
+
+ bindnow
+
- Adds the linker option. During program
- load, all dynamic symbols are resolved, allowing for the complete GOT to
- be marked read-only (due to relro). This prevents GOT
- overwrite attacks. For very large applications, this can incur some
- performance loss during initial load while symbols are resolved, but this
- shouldn't be an issue for daemons.
-
-
- This flag can break dynamic shared object loading. For instance, the
- module systems of Xorg and PHP are incompatible with this flag. Programs
- incompatible with this flag often fail at runtime due to missing symbols,
- like:
-
-
+
+ Adds the linker option. During program load,
+ all dynamic symbols are resolved, allowing for the complete GOT to be
+ marked read-only (due to relro). This prevents GOT
+ overwrite attacks. For very large applications, this can incur some
+ performance loss during initial load while symbols are resolved, but this
+ shouldn't be an issue for daemons.
+
+
+ This flag can break dynamic shared object loading. For instance, the
+ module systems of Xorg and PHP are incompatible with this flag. Programs
+ incompatible with this flag often fail at runtime due to missing symbols,
+ like:
+
+
intel_drv.so: undefined symbol: vgaHWFreeHWRec
-
-
-
-
-The following flags are disabled by default and should be enabled
-with hardeningEnable for packages that take untrusted
-input like network services.
-
+
+
-
+
+ The following flags are disabled by default and should be enabled with
+ hardeningEnable for packages that take untrusted input
+ like network services.
+
-
- pie
+
+
+ pie
+
- Adds the compiler and
- linker options. Position Independent Executables are needed to take
- advantage of Address Space Layout Randomization, supported by modern
- kernel versions. While ASLR can already be enforced for data areas in
- the stack and heap (brk and mmap), the code areas must be compiled as
- position-independent. Shared libraries already do this with the
- pic flag, so they gain ASLR automatically, but binary
- .text regions need to be build with pie to gain ASLR.
- When this happens, ROP attacks are much harder since there are no static
- locations to bounce off of during a memory corruption attack.
-
+
+ Adds the compiler and linker
+ options. Position Independent Executables are needed to take advantage of
+ Address Space Layout Randomization, supported by modern kernel versions.
+ While ASLR can already be enforced for data areas in the stack and heap
+ (brk and mmap), the code areas must be compiled as position-independent.
+ Shared libraries already do this with the pic flag, so
+ they gain ASLR automatically, but binary .text regions need to be build
+ with pie to gain ASLR. When this happens, ROP attacks
+ are much harder since there are no static locations to bounce off of
+ during a memory corruption attack.
+
-
-
-
-
-For more in-depth information on these hardening flags and hardening in
-general, refer to the
-Debian Wiki,
-Ubuntu Wiki,
-Gentoo Wiki,
-and the
-Arch Wiki.
-
-
-
-
+
+
+
+
+ For more in-depth information on these hardening flags and hardening in
+ general, refer to the
+ Debian Wiki,
+ Ubuntu
+ Wiki,
+ Gentoo
+ Wiki, and the
+
+ Arch Wiki.
+
+
diff --git a/doc/submitting-changes.xml b/doc/submitting-changes.xml
index d3cf221c9b6962234fffa092b6a996f66d0526f8..ffa3a90b5eb610120a5330c68d60b83cc9b8aee7 100644
--- a/doc/submitting-changes.xml
+++ b/doc/submitting-changes.xml
@@ -1,447 +1,513 @@
+ Submitting changes
+
+ Making patches
-Submitting changes
-
-
-Making patches
-
-
-
-Read Manual (How to write packages for Nix).
-
-
-
-Fork the repository on GitHub.
-
-
-
-Create a branch for your future fix.
-
-
-
-You can make branch from a commit of your local nixos-version. That will help you to avoid additional local compilations. Because you will receive packages from binary cache.
-
-
-
-For example: nixos-version returns 15.05.git.0998212 (Dingo). So you can do:
-
-
-
+
+
+
+ Read Manual (How to
+ write packages for Nix).
+
+
+
+
+ Fork the repository on GitHub.
+
+
+
+
+ Create a branch for your future fix.
+
+
+
+ You can make branch from a commit of your local
+ nixos-version. That will help you to avoid
+ additional local compilations. Because you will receive packages from
+ binary cache.
+
+
+
+ For example: nixos-version returns
+ 15.05.git.0998212 (Dingo). So you can do:
+
+
+
$ git checkout 0998212
$ git checkout -b 'fix/pkg-name-update'
-
-
-
-
-Please avoid working directly on the master branch.
-
-
-
-
-
-
-Make commits of logical units.
-
-
-
-If you removed pkgs, made some major NixOS changes etc., write about them in nixos/doc/manual/release-notes/rl-unstable.xml.
-
-
-
-
-
-
-Check for unnecessary whitespace with git diff --check before committing.
-
-
-
-Format the commit in a following way:
-
-(pkg-name | nixos/<module>): (from -> to | init at version | refactor | etc)
-Additional information.
-
-
-
-
-Examples:
-
-
-
-
-nginx: init at 2.0.1
-
-
-
-
-
-firefox: 54.0.1 -> 55.0
-
-
-
-
-
-nixos/hydra: add bazBaz option
-
-
-
-
-
-nixos/nginx: refactor config generation
-
-
-
-
-
-
-
-
-
-Test your changes. If you work with
-
-
-
-nixpkgs:
-
-
-
-update pkg ->
-
-
-
-
-nix-env -i pkg-name -f <path to your local nixpkgs folder>
-
-
-
-
-
-
-
-add pkg ->
-
-
-
-Make sure it's in pkgs/top-level/all-packages.nix
-
-
-
-
-
-nix-env -i pkg-name -f <path to your local nixpkgs folder>
-
-
-
-
-
-
-
-
-If you don't want to install pkg in you profile.
-
-
-
-
-nix-build -A pkg-attribute-name <path to your local nixpkgs folder>/default.nix and check results in the folder result. It will appear in the same directory where you did nix-build.
-
-
-
-
-
-
-If you did nix-env -i pkg-name you can do nix-env -e pkg-name to uninstall it from your system.
-
-
-
-
-
-
-NixOS and its modules:
-
-
-
-You can add new module to your NixOS configuration file (usually it's /etc/nixos/configuration.nix).
- And do sudo nixos-rebuild test -I nixpkgs=<path to your local nixpkgs folder> --fast.
-
-
-
-
-
-
-
-
-
-If you have commits pkg-name: oh, forgot to insert whitespace: squash commits in this case. Use git rebase -i.
-
-
-
-Rebase you branch against current master.
-
-
-
-
-
-Submitting changes
-
-
-
-Push your changes to your fork of nixpkgs.
-
-
-
-Create pull request:
-
-
-
-Write the title in format (pkg-name | nixos/<module>): improvement.
-
-
-
-If you update the pkg, write versions from -> to.
-
-
-
-
-
-
-Write in comment if you have tested your patch. Do not rely much on TravisCI.
-
-
-
-If you make an improvement, write about your motivation.
-
-
-
-Notify maintainers of the package. For example add to the message: cc @jagajaga @domenkozar.
-
-
-
-
-
-
-
-
- Pull Request Template
-
- The pull request template helps determine what steps have been made for a
- contribution so far, and will help guide maintainers on the status of a
- change. The motivation section of the PR should include any extra details
- the title does not address and link any existing issues related to the pull
- request.
-
- When a PR is created, it will be pre-populated with some checkboxes detailed below:
-
-
- Tested using sandboxing
+
+
+
+
+ Please avoid working directly on the master branch.
+
+
+
+
+
+
- When sandbox builds are enabled, Nix will setup an isolated environment
- for each build process. It is used to remove further hidden dependencies
- set by the build environment to improve reproducibility. This includes
- access to the network during the build outside of
- fetch* functions and files outside the Nix store.
- Depending on the operating system access to other resources are blocked
- as well (ex. inter process communication is isolated on Linux); see build-use-sandbox
- in Nix manual for details.
+ Make commits of logical units.
+
+
+
+ If you removed pkgs, made some major NixOS changes etc., write about
+ them in
+ nixos/doc/manual/release-notes/rl-unstable.xml.
+
+
+
+
+
- Sandboxing is not enabled by default in Nix due to a small performance
- hit on each build. In pull requests for nixpkgs people
- are asked to test builds with sandboxing enabled (see Tested
- using sandboxing in the pull request template) because
- inhttps://nixos.org/hydra/
- sandboxing is also used.
+ Check for unnecessary whitespace with git diff --check
+ before committing.
+
+
- Depending if you use NixOS or other platforms you can use one of the
- following methods to enable sandboxing before building the package:
-
+ Format the commit in a following way:
+
+
+(pkg-name | nixos/<module>): (from -> to | init at version | refactor | etc)
+Additional information.
+
+
+
+
+ Examples:
+
-
- Globally enable sandboxing on NixOS:
- add the following to
- configuration.nix
- nix.useSandbox = true;
-
+
+ nginx: init at 2.0.1
+
-
- Globally enable sandboxing on non-NixOS platforms:
- add the following to: /etc/nix/nix.conf
- build-use-sandbox = true
-
+
+ firefox: 54.0.1 -> 55.0
+
-
-
-
-
-
- Built on platform(s)
+
+
+ nixos/hydra: add bazBaz option
+
+
+
+
+ nixos/nginx: refactor config generation
+
+
+
+
+
+
+
+
- Many Nix packages are designed to run on multiple
- platforms. As such, it's important to let the maintainer know which
- platforms your changes have been tested on. It's not always practical to
- test a change on all platforms, and is not required for a pull request to
- be merged. Only check the systems you tested the build on in this
- section.
+ Test your changes. If you work with
+
+
+
+ nixpkgs:
+
+
+
+ update pkg ->
+
+
+
+ nix-env -i pkg-name -f <path to your local nixpkgs
+ folder>
+
+
+
+
+
+
+
+ add pkg ->
+
+
+
+ Make sure it's in
+ pkgs/top-level/all-packages.nix
+
+
+
+
+ nix-env -i pkg-name -f <path to your local nixpkgs
+ folder>
+
+
+
+
+
+
+
+ If you don't want to install pkg in you
+ profile.
+
+
+
+ nix-build -A pkg-attribute-name <path to your local
+ nixpkgs folder>/default.nix and check results in the
+ folder result. It will appear in the same
+ directory where you did nix-build.
+
+
+
+
+
+
+
+ If you did nix-env -i pkg-name you can do
+ nix-env -e pkg-name to uninstall it from your
+ system.
+
+
+
+
+
+
+
+ NixOS and its modules:
+
+
+
+ You can add new module to your NixOS configuration file (usually
+ it's /etc/nixos/configuration.nix). And do
+ sudo nixos-rebuild test -I nixpkgs=<path to your local
+ nixpkgs folder> --fast.
+
+
+
+
+
+
-
-
- Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
+
+
- Packages with automated tests are much more likely to be merged in a
- timely fashion because it doesn't require as much manual testing by the
- maintainer to verify the functionality of the package. If there are
- existing tests for the package, they should be run to verify your changes
- do not break the tests. Tests only apply to packages with NixOS modules
- defined and can only be run on Linux. For more details on writing and
- running tests, see the section
- in the NixOS manual.
+ If you have commits pkg-name: oh, forgot to insert
+ whitespace: squash commits in this case. Use git rebase
+ -i.
-
-
- Tested compilation of all pkgs that depend on this change using <command>nox-review</command>
+
+
- If you are updating a package's version, you can use nox to make sure all
- packages that depend on the updated package still compile correctly. This
- can be done using the nox utility. The nox-review
- utility can look for and build all dependencies either based on
- uncommited changes with the wip option or specifying a
- github pull request number.
+ Rebase you branch against current master.
+
+
+
+
+ Submitting changes
+
+
+
- review uncommitted changes:
- nix-shell -p nox --run "nox-review wip"
+ Push your changes to your fork of nixpkgs.
+
+
- review changes from pull request number 12345:
- nix-shell -p nox --run "nox-review pr 12345"
+ Create pull request:
+
+
+
+ Write the title in format (pkg-name | nixos/<module>):
+ improvement.
+
+
+
+ If you update the pkg, write versions from -> to.
+
+
+
+
+
+
+
+ Write in comment if you have tested your patch. Do not rely much on
+ TravisCI.
+
+
+
+
+ If you make an improvement, write about your motivation.
+
+
+
+
+ Notify maintainers of the package. For example add to the message:
+ cc @jagajaga @domenkozar.
+
+
+
-
+
+
+
+
+ Pull Request Template
+
+
+ The pull request template helps determine what steps have been made for a
+ contribution so far, and will help guide maintainers on the status of a
+ change. The motivation section of the PR should include any extra details
+ the title does not address and link any existing issues related to the pull
+ request.
+
+
+
+ When a PR is created, it will be pre-populated with some checkboxes detailed
+ below:
+
+
- Tested execution of all binary files (usually in <filename>./result/bin/</filename>)
-
- It's important to test any executables generated by a build when you
- change or create a package in nixpkgs. This can be done by looking in
- ./result/bin and running any files in there, or at a
- minimum, the main executable for the package. For example, if you make a change
- to texlive, you probably would only check the binaries
- associated with the change you made rather than testing all of them.
-
+ Tested using sandboxing
+
+
+ When sandbox builds are enabled, Nix will setup an isolated environment for
+ each build process. It is used to remove further hidden dependencies set by
+ the build environment to improve reproducibility. This includes access to
+ the network during the build outside of fetch*
+ functions and files outside the Nix store. Depending on the operating
+ system access to other resources are blocked as well (ex. inter process
+ communication is isolated on Linux); see
+ build-use-sandbox
+ in Nix manual for details.
+
+
+
+ Sandboxing is not enabled by default in Nix due to a small performance hit
+ on each build. In pull requests for
+ nixpkgs
+ people are asked to test builds with sandboxing enabled (see
+ Tested using sandboxing in the pull request template)
+ because
+ inhttps://nixos.org/hydra/
+ sandboxing is also used.
+
+
+
+ Depending if you use NixOS or other platforms you can use one of the
+ following methods to enable sandboxing
+ before building the package:
+
+
+
+ Globally enable sandboxing on NixOS:
+ add the following to configuration.nix
+nix.useSandbox = true;
+
+
+
+
+ Globally enable sandboxing on non-NixOS
+ platforms: add the following to:
+ /etc/nix/nix.conf
+build-use-sandbox = true
+
+
+
+
+
- Meets nixpkgs contribution standards
-
- The last checkbox is fits CONTRIBUTING.md.
- The contributing document has detailed information on standards the Nix
- community has for commit messages, reviews, licensing of contributions
- you make to the project, etc... Everyone should read and understand the
- standards the community has for contributing before submitting a pull
- request.
-
-
+ Built on platform(s)
+
+
+ Many Nix packages are designed to run on multiple platforms. As such, it's
+ important to let the maintainer know which platforms your changes have been
+ tested on. It's not always practical to test a change on all platforms, and
+ is not required for a pull request to be merged. Only check the systems you
+ tested the build on in this section.
+
-
-
-
-Hotfixing pull requests
-
-
-Make the appropriate changes in you branch.
-
-
-
-Don't create additional commits, do
+
+ Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
+
+
+ Packages with automated tests are much more likely to be merged in a timely
+ fashion because it doesn't require as much manual testing by the maintainer
+ to verify the functionality of the package. If there are existing tests for
+ the package, they should be run to verify your changes do not break the
+ tests. Tests only apply to packages with NixOS modules defined and can only
+ be run on Linux. For more details on writing and running tests, see the
+ section
+ in the NixOS manual.
+
+
-
-
-git rebase -i
-
-
-
-git push --force to your branch.
-
-
-
-
+
+ Tested compilation of all pkgs that depend on this change using <command>nox-review</command>
+
+
+ If you are updating a package's version, you can use nox to make sure all
+ packages that depend on the updated package still compile correctly. This
+ can be done using the nox utility. The nox-review
+ utility can look for and build all dependencies either based on uncommited
+ changes with the wip option or specifying a github pull
+ request number.
+
+
+
+ review uncommitted changes:
+nix-shell -p nox --run "nox-review wip"
+
+
+
+ review changes from pull request number 12345:
+nix-shell -p nox --run "nox-review pr 12345"
+
+
-
-
+
+ Tested execution of all binary files (usually in <filename>./result/bin/</filename>)
+
+
+ It's important to test any executables generated by a build when you change
+ or create a package in nixpkgs. This can be done by looking in
+ ./result/bin and running any files in there, or at a
+ minimum, the main executable for the package. For example, if you make a
+ change to texlive, you probably would only check the
+ binaries associated with the change you made rather than testing all of
+ them.
+
+
-
-Commit policy
+
+ Meets nixpkgs contribution standards
-
-
-Commits must be sufficiently tested before being merged, both for the master and staging branches.
-
+
+ The last checkbox is fits
+ CONTRIBUTING.md.
+ The contributing document has detailed information on standards the Nix
+ community has for commit messages, reviews, licensing of contributions you
+ make to the project, etc... Everyone should read and understand the
+ standards the community has for contributing before submitting a pull
+ request.
+
+
+
+
+ Hotfixing pull requests
-
-Hydra builds for master and staging should not be used as testing platform, it's a build farm for changes that have been already tested.
-
+
+
+
+ Make the appropriate changes in you branch.
+
+
+
+
+ Don't create additional commits, do
+
+
+
+ git rebase -i
+
+
+
+
+ git push --force to your branch.
+
+
+
+
+
+
+
+
+ Commit policy
-
-When changing the bootloader installation process, extra care must be taken. Grub installations cannot be rolled back, hence changes may break people's installations forever. For any non-trivial change to the bootloader please file a PR asking for review, especially from @edolstra.
-
-
+
+
+
+ Commits must be sufficiently tested before being merged, both for the
+ master and staging branches.
+
+
+
+
+ Hydra builds for master and staging should not be used as testing
+ platform, it's a build farm for changes that have been already tested.
+
+
+
+
+ When changing the bootloader installation process, extra care must be
+ taken. Grub installations cannot be rolled back, hence changes may break
+ people's installations forever. For any non-trivial change to the
+ bootloader please file a PR asking for review, especially from @edolstra.
+
+
+
-
- Master branch
+
+ Master branch
-
+
-
- It should only see non-breaking commits that do not cause mass rebuilds.
-
+
+ It should only see non-breaking commits that do not cause mass rebuilds.
+
-
-
+
+
-
- Staging branch
+
+ Staging branch
-
+
-
- It's only for non-breaking mass-rebuild commits. That means it's not to
- be used for testing, and changes must have been well tested already.
- Read policy here.
-
+
+ It's only for non-breaking mass-rebuild commits. That means it's not to
+ be used for testing, and changes must have been well tested already.
+ Read
+ policy here.
+
-
- If the branch is already in a broken state, please refrain from adding
- extra new breakages. Stabilize it for a few days, merge into master,
- then resume development on staging.
- Keep an eye on the staging evaluations here.
- If any fixes for staging happen to be already in master, then master can
- be merged into staging.
-
+
+ If the branch is already in a broken state, please refrain from adding
+ extra new breakages. Stabilize it for a few days, merge into master, then
+ resume development on staging.
+ Keep
+ an eye on the staging evaluations here. If any fixes for staging
+ happen to be already in master, then master can be merged into staging.
+
-
-
+
+
-
- Stable release branches
+
+ Stable release branches
-
+
-
- If you're cherry-picking a commit to a stable release branch, always use
- git cherry-pick -xe and ensure the message contains a
- clear description about why this needs to be included in the stable
- branch.
-
- An example of a cherry-picked commit would look like this:
-
+
+ If you're cherry-picking a commit to a stable release branch, always use
+ git cherry-pick -xe and ensure the message contains a
+ clear description about why this needs to be included in the stable
+ branch.
+
+
+ An example of a cherry-picked commit would look like this:
+
+
nixos: Refactor the world.
The original commit message describing the reason why the world was torn apart.
@@ -451,9 +517,7 @@ Reason: I just had a gut feeling that this would also be wanted by people from
the stone age.
-
-
-
-
+
+
+
-
diff --git a/lib/default.nix b/lib/default.nix
index b3c4fdc0e59a4a4d48ac3d45273547c616cfa50b..60ce01a93cd206f24e36eadb97a49c2ebb8611ff 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -58,7 +58,7 @@ let
replaceStrings seq stringLength sub substring tail;
inherit (trivial) id const concat or and boolToString mergeAttrs
flip mapNullable inNixShell min max importJSON warn info
- nixpkgsVersion mod compare splitByAndCompare
+ nixpkgsVersion version mod compare splitByAndCompare
functionArgs setFunctionArgs isFunction;
inherit (fixedPoints) fix fix' extends composeExtensions
diff --git a/lib/systems/examples.nix b/lib/systems/examples.nix
index 848737700b0bc5fdd45605be3679acb33f79eeb4..fdb120ebb5cbce65114109697aa0cf9ac3a48376 100644
--- a/lib/systems/examples.nix
+++ b/lib/systems/examples.nix
@@ -88,16 +88,36 @@ rec {
#
iphone64 = {
- config = "aarch64-apple-darwin14";
- arch = "arm64";
- libc = "libSystem";
+ config = "aarch64-apple-ios";
+ # config = "aarch64-apple-darwin14";
+ sdkVer = "10.2";
+ useiOSPrebuilt = true;
platform = {};
};
iphone32 = {
- config = "arm-apple-darwin10";
- arch = "armv7-a";
- libc = "libSystem";
+ config = "armv7a-apple-ios";
+ # config = "arm-apple-darwin10";
+ sdkVer = "10.2";
+ useiOSPrebuilt = true;
+ platform = {};
+ };
+
+ iphone64-simulator = {
+ config = "x86_64-apple-ios";
+ # config = "x86_64-apple-darwin14";
+ sdkVer = "10.2";
+ useiOSPrebuilt = true;
+ isiPhoneSimulator = true;
+ platform = {};
+ };
+
+ iphone32-simulator = {
+ config = "i686-apple-ios";
+ # config = "i386-apple-darwin11";
+ sdkVer = "10.2";
+ useiOSPrebuilt = true;
+ isiPhoneSimulator = true;
platform = {};
};
diff --git a/lib/systems/inspect.nix b/lib/systems/inspect.nix
index b87320594cab4346dea641a6207a7056d079dca7..63f9fab4f6755ed9c158dd8c44080bc269b410b1 100644
--- a/lib/systems/inspect.nix
+++ b/lib/systems/inspect.nix
@@ -42,7 +42,7 @@ rec {
isEfi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
- # Deprecated
+ # Deprecated after 18.03
isArm = isAarch32;
};
diff --git a/lib/tests/modules.sh b/lib/tests/modules.sh
index 96a91c0fffbc986996be6f657b8ccab4f66db4b3..b83e1eb7d82d01bc228d9af375be0e49204ef506 100755
--- a/lib/tests/modules.sh
+++ b/lib/tests/modules.sh
@@ -136,7 +136,18 @@ checkConfigOutput "true" "$@" ./define-module-check.nix
# Check coerced value.
checkConfigOutput "\"42\"" config.value ./declare-coerced-value.nix
checkConfigOutput "\"24\"" config.value ./declare-coerced-value.nix ./define-value-string.nix
-checkConfigError 'The option value .* in .* is not.*string or signed integer.*' config.value ./declare-coerced-value.nix ./define-value-list.nix
+checkConfigError 'The option value .* in .* is not.*string or signed integer convertible to it' config.value ./declare-coerced-value.nix ./define-value-list.nix
+
+# Check coerced value with unsound coercion
+checkConfigOutput "12" config.value ./declare-coerced-value-unsound.nix
+checkConfigError 'The option value .* in .* is not.*8 bit signed integer.* or string convertible to it' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
+checkConfigError 'unrecognised JSON value' config.value ./declare-coerced-value-unsound.nix ./define-value-string-arbitrary.nix
+
+# Check loaOf with long list.
+checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-long-list.nix
+
+# Check loaOf with many merges of lists.
+checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-many-list-merges.nix
cat <"]);
getSubModules = elemType.getSubModules;
substSubModules = m: loaOf (elemType.substSubModules m);
@@ -419,16 +430,13 @@ rec {
assert coercedType.getSubModules == null;
mkOptionType rec {
name = "coercedTo";
- description = "${finalType.description} or ${coercedType.description}";
- check = x: finalType.check x || coercedType.check x;
+ description = "${finalType.description} or ${coercedType.description} convertible to it";
+ check = x: finalType.check x || (coercedType.check x && finalType.check (coerceFunc x));
merge = loc: defs:
let
coerceVal = val:
if finalType.check val then val
- else let
- coerced = coerceFunc val;
- in assert finalType.check coerced; coerced;
-
+ else coerceFunc val;
in finalType.merge loc (map (def: def // { value = coerceVal def.value; }) defs);
getSubOptions = finalType.getSubOptions;
getSubModules = finalType.getSubModules;
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 18ed73b1932443c5078c62727440602027e2c762..16edaa5632f6e0274ddf4c5d502d24a869bf66c2 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -998,6 +998,11 @@
github = "demin-dmitriy";
name = "Dmitriy Demin";
};
+ demyanrogozhin = {
+ email = "demyan.rogozhin@gmail.com";
+ github = "demyanrogozhin";
+ name = "Demyan Rogozhin";
+ };
derchris = {
email = "derchris@me.com";
github = "derchrisuk";
@@ -1726,6 +1731,11 @@
github = "jbedo";
name = "Justin Bedő";
};
+ jbgi = {
+ email = "jb@giraudeau.info";
+ github = "jbgi";
+ name = "Jean-Baptiste Giraudeau";
+ };
jcumming = {
email = "jack@mudshark.org";
name = "Jack Cummings";
@@ -1735,6 +1745,11 @@
github = "jdagilliland";
name = "Jason Gilliland";
};
+ jD91mZM2 = {
+ email = "me@krake.one";
+ github = "jD91mZM2";
+ name = "jD91mZM2";
+ };
jefdaj = {
email = "jefdaj@gmail.com";
github = "jefdaj";
@@ -1755,6 +1770,11 @@
github = "tftio";
name = "James Felix Black";
};
+ jflanglois = {
+ email = "yourstruly@julienlanglois.me";
+ github = "jflanglois";
+ name = "Julien Langlois";
+ };
jfrankenau = {
email = "johannes@frankenau.net";
github = "jfrankenau";
@@ -1805,6 +1825,11 @@
github = "joamaki";
name = "Jussi Maki";
};
+ joelburget = {
+ email = "joelburget@gmail.com";
+ github = "joelburget";
+ name = "Joel Burget";
+ };
joelmo = {
email = "joel.moberg@gmail.com";
github = "joelmo";
@@ -3129,6 +3154,11 @@
github = "rittelle";
name = "Lennart Rittel";
};
+ rkoe = {
+ email = "rk@simple-is-better.org";
+ github = "rkoe";
+ name = "Roland Koebler";
+ };
rlupton20 = {
email = "richard.lupton@gmail.com";
github = "rlupton20";
@@ -3209,6 +3239,11 @@
github = "rushmorem";
name = "Rushmore Mushambi";
};
+ ruuda = {
+ email = "dev+nix@veniogames.com";
+ github = "ruuda";
+ name = "Ruud van Asseldonk";
+ };
rvl = {
email = "dev+nix@rodney.id.au";
github = "rvl";
@@ -3974,6 +4009,11 @@
github = "vyp";
name = "vyp";
};
+ wchresta = {
+ email = "wchresta.nix@chrummibei.ch";
+ github = "wchresta";
+ name = "wchresta";
+ };
wedens = {
email = "kirill.wedens@gmail.com";
name = "wedens";
diff --git a/nixos/doc/manual/.gitignore b/nixos/doc/manual/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..87928262421739c2d9073e8cf32c232775248a99
--- /dev/null
+++ b/nixos/doc/manual/.gitignore
@@ -0,0 +1,2 @@
+generated
+manual-combined.xml
diff --git a/nixos/doc/manual/Makefile b/nixos/doc/manual/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..2e2322d5fb5176cd71751f2137435fc1ad2bc459
--- /dev/null
+++ b/nixos/doc/manual/Makefile
@@ -0,0 +1,24 @@
+.PHONY: all
+all: manual-combined.xml format
+
+.PHONY: debug
+debug: generated manual-combined.xml
+
+manual-combined.xml: generated *.xml
+ rm -f ./manual-combined.xml
+ nix-shell --packages xmloscopy \
+ --run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml"
+
+.PHONY: format
+format:
+ find . -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
+ xmlformat --config-file "../xmlformat.conf" -i {}
+
+.PHONY: clean
+clean:
+ rm -f manual-combined.xml generated
+
+generated: ./options-to-docbook.xsl
+ nix-build ../../release.nix \
+ --attr manualGeneratedSources.x86_64-linux \
+ --out-link ./generated
diff --git a/nixos/doc/manual/administration/boot-problems.xml b/nixos/doc/manual/administration/boot-problems.xml
index be6ff3aac0fe8b4858bd00e5035fce061bfbe05b..5f05ad261ef37c9aef1769715cb70edbdea7fc8c 100644
--- a/nixos/doc/manual/administration/boot-problems.xml
+++ b/nixos/doc/manual/administration/boot-problems.xml
@@ -3,63 +3,83 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-boot-problems">
+ Boot Problems
-Boot Problems
+
+ If NixOS fails to boot, there are a number of kernel command line parameters
+ that may help you to identify or fix the issue. You can add these parameters
+ in the GRUB boot menu by pressing “e” to modify the selected boot entry
+ and editing the line starting with linux. The following
+ are some useful kernel command line parameters that are recognised by the
+ NixOS boot scripts or by systemd:
+
+
+ boot.shell_on_fail
+
+
+
+ Start a root shell if something goes wrong in stage 1 of the boot process
+ (the initial ramdisk). This is disabled by default because there is no
+ authentication for the root shell.
+
+
+
+
+ boot.debug1
+
+
+
+ Start an interactive shell in stage 1 before anything useful has been
+ done. That is, no modules have been loaded and no file systems have been
+ mounted, except for /proc and
+ /sys.
+
+
+
+
+ boot.trace
+
+
+
+ Print every shell command executed by the stage 1 and 2 boot scripts.
+
+
+
+
+ single
+
+
+
+ Boot into rescue mode (a.k.a. single user mode). This will cause systemd
+ to start nothing but the unit rescue.target, which
+ runs sulogin to prompt for the root password and start
+ a root login shell. Exiting the shell causes the system to continue with
+ the normal boot process.
+
+
+
+
+ systemd.log_level=debug systemd.log_target=console
+
+
+
+ Make systemd very verbose and send log messages to the console instead of
+ the journal.
+
+
+
+
+ For more parameters recognised by systemd, see
+ systemd
+ 1.
+
-If NixOS fails to boot, there are a number of kernel command
-line parameters that may help you to identify or fix the issue. You
-can add these parameters in the GRUB boot menu by pressing “e” to
-modify the selected boot entry and editing the line starting with
-linux. The following are some useful kernel command
-line parameters that are recognised by the NixOS boot scripts or by
-systemd:
-
-
-
- boot.shell_on_fail
- Start a root shell if something goes wrong in
- stage 1 of the boot process (the initial ramdisk). This is
- disabled by default because there is no authentication for the
- root shell.
-
-
- boot.debug1
- Start an interactive shell in stage 1 before
- anything useful has been done. That is, no modules have been
- loaded and no file systems have been mounted, except for
- /proc and
- /sys.
-
-
- boot.trace
- Print every shell command executed by the stage 1
- and 2 boot scripts.
-
-
- single
- Boot into rescue mode (a.k.a. single user mode).
- This will cause systemd to start nothing but the unit
- rescue.target, which runs
- sulogin to prompt for the root password and
- start a root login shell. Exiting the shell causes the system to
- continue with the normal boot process.
-
-
- systemd.log_level=debug systemd.log_target=console
- Make systemd very verbose and send log messages to
- the console instead of the journal.
-
-
-
-
-For more parameters recognised by systemd, see
-systemd1.
-
-If no login prompts or X11 login screens appear (e.g. due to
-hanging dependencies), you can press Alt+ArrowUp. If you’re lucky,
-this will start rescue mode (described above). (Also note that since
-most units have a 90-second timeout before systemd gives up on them,
-the agetty login prompts should appear eventually
-unless something is very wrong.)
-
-
\ No newline at end of file
+
+ If no login prompts or X11 login screens appear (e.g. due to hanging
+ dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start
+ rescue mode (described above). (Also note that since most units have a
+ 90-second timeout before systemd gives up on them, the
+ agetty login prompts should appear eventually unless
+ something is very wrong.)
+
+
diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml
index 4cf62947f5283d6b2346227c06b2c3d5794137e2..ee201982a40be37a0e6ae52f4b5e9dfe365d20f3 100644
--- a/nixos/doc/manual/administration/cleaning-store.xml
+++ b/nixos/doc/manual/administration/cleaning-store.xml
@@ -3,60 +3,51 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-gc">
-
-Cleaning the Nix Store
-
-Nix has a purely functional model, meaning that packages are
-never upgraded in place. Instead new versions of packages end up in a
-different location in the Nix store (/nix/store).
-You should periodically run Nix’s garbage
-collector to remove old, unreferenced packages. This is
-easy:
-
+ Cleaning the Nix Store
+
+ Nix has a purely functional model, meaning that packages are never upgraded
+ in place. Instead new versions of packages end up in a different location in
+ the Nix store (/nix/store). You should periodically run
+ Nix’s garbage collector to remove old, unreferenced
+ packages. This is easy:
$ nix-collect-garbage
-
-Alternatively, you can use a systemd unit that does the same in the
-background:
-
+ Alternatively, you can use a systemd unit that does the same in the
+ background:
# systemctl start nix-gc.service
-
-You can tell NixOS in configuration.nix to run
-this unit automatically at certain points in time, for instance, every
-night at 03:15:
-
+ You can tell NixOS in configuration.nix to run this unit
+ automatically at certain points in time, for instance, every night at 03:15:
-nix.gc.automatic = true;
-nix.gc.dates = "03:15";
+ = true;
+ = "03:15";
-
-
-
-The commands above do not remove garbage collector roots, such
-as old system configurations. Thus they do not remove the ability to
-roll back to previous configurations. The following command deletes
-old roots, removing the ability to roll back to them:
+
+
+ The commands above do not remove garbage collector roots, such as old system
+ configurations. Thus they do not remove the ability to roll back to previous
+ configurations. The following command deletes old roots, removing the ability
+ to roll back to them:
$ nix-collect-garbage -d
-You can also do this for specific profiles, e.g.
+ You can also do this for specific profiles, e.g.
$ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old
-Note that NixOS system configurations are stored in the profile
-/nix/var/nix/profiles/system.
-
-Another way to reclaim disk space (often as much as 40% of the
-size of the Nix store) is to run Nix’s store optimiser, which seeks
-out identical files in the store and replaces them with hard links to
-a single copy.
+ Note that NixOS system configurations are stored in the profile
+ /nix/var/nix/profiles/system.
+
+
+ Another way to reclaim disk space (often as much as 40% of the size of the
+ Nix store) is to run Nix’s store optimiser, which seeks out identical files
+ in the store and replaces them with hard links to a single copy.
$ nix-store --optimise
-Since this command needs to read the entire Nix store, it can take
-quite a while to finish.
-
+ Since this command needs to read the entire Nix store, it can take quite a
+ while to finish.
+
diff --git a/nixos/doc/manual/administration/container-networking.xml b/nixos/doc/manual/administration/container-networking.xml
index d89d262eff4e87d270fb31c1005f4d388f5e9ee4..4b977d1d82eb42b79d4eed281e13f5320f11225f 100644
--- a/nixos/doc/manual/administration/container-networking.xml
+++ b/nixos/doc/manual/administration/container-networking.xml
@@ -3,15 +3,13 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-container-networking">
+ Container Networking
-
-Container Networking
-
-When you create a container using nixos-container
-create, it gets it own private IPv4 address in the range
-10.233.0.0/16. You can get the container’s IPv4
-address as follows:
-
+
+ When you create a container using nixos-container create,
+ it gets it own private IPv4 address in the range
+ 10.233.0.0/16. You can get the container’s IPv4 address
+ as follows:
# nixos-container show-ip foo
10.233.4.2
@@ -19,40 +17,39 @@ address as follows:
$ ping -c1 10.233.4.2
64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
-
-
-
-Networking is implemented using a pair of virtual Ethernet
-devices. The network interface in the container is called
-eth0, while the matching interface in the host is
-called ve-container-name
-(e.g., ve-foo). The container has its own network
-namespace and the CAP_NET_ADMIN capability, so it
-can perform arbitrary network configuration such as setting up
-firewall rules, without affecting or having access to the host’s
-network.
-
-By default, containers cannot talk to the outside network. If
-you want that, you should set up Network Address Translation (NAT)
-rules on the host to rewrite container traffic to use your external
-IP address. This can be accomplished using the following configuration
-on the host:
-
+
+
+
+ Networking is implemented using a pair of virtual Ethernet devices. The
+ network interface in the container is called eth0, while
+ the matching interface in the host is called
+ ve-container-name (e.g.,
+ ve-foo). The container has its own network namespace and
+ the CAP_NET_ADMIN capability, so it can perform arbitrary
+ network configuration such as setting up firewall rules, without affecting or
+ having access to the host’s network.
+
+
+
+ By default, containers cannot talk to the outside network. If you want that,
+ you should set up Network Address Translation (NAT) rules on the host to
+ rewrite container traffic to use your external IP address. This can be
+ accomplished using the following configuration on the host:
-networking.nat.enable = true;
-networking.nat.internalInterfaces = ["ve-+"];
-networking.nat.externalInterface = "eth0";
+ = true;
+ = ["ve-+"];
+ = "eth0";
-where eth0 should be replaced with the desired
-external interface. Note that ve-+ is a wildcard
-that matches all container interfaces.
-
-If you are using Network Manager, you need to explicitly prevent
-it from managing container interfaces:
-
+ where eth0 should be replaced with the desired external
+ interface. Note that ve-+ is a wildcard that matches all
+ container interfaces.
+
+
+
+ If you are using Network Manager, you need to explicitly prevent it from
+ managing container interfaces:
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
-
-
+
diff --git a/nixos/doc/manual/administration/containers.xml b/nixos/doc/manual/administration/containers.xml
index 4cd2c8ae55637acebc3fb057c9124132ed8ceb3c..0d3355e56a586cefbcff8fb4a61901c5bcbe16f7 100644
--- a/nixos/doc/manual/administration/containers.xml
+++ b/nixos/doc/manual/administration/containers.xml
@@ -3,32 +3,32 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-containers">
-
-Container Management
-
-NixOS allows you to easily run other NixOS instances as
-containers. Containers are a light-weight
-approach to virtualisation that runs software in the container at the
-same speed as in the host system. NixOS containers share the Nix store
-of the host, making container creation very efficient.
-
-Currently, NixOS containers are not perfectly isolated
-from the host system. This means that a user with root access to the
-container can do things that affect the host. So you should not give
-container root access to untrusted users.
-
-NixOS containers can be created in two ways: imperatively, using
-the command nixos-container, and declaratively, by
-specifying them in your configuration.nix. The
-declarative approach implies that containers get upgraded along with
-your host system when you run nixos-rebuild, which
-is often not what you want. By contrast, in the imperative approach,
-containers are configured and updated independently from the host
-system.
-
-
-
-
-
+ Container Management
+
+ NixOS allows you to easily run other NixOS instances as
+ containers. Containers are a light-weight approach to
+ virtualisation that runs software in the container at the same speed as in
+ the host system. NixOS containers share the Nix store of the host, making
+ container creation very efficient.
+
+
+
+ Currently, NixOS containers are not perfectly isolated from the host system.
+ This means that a user with root access to the container can do things that
+ affect the host. So you should not give container root access to untrusted
+ users.
+
+
+
+ NixOS containers can be created in two ways: imperatively, using the command
+ nixos-container, and declaratively, by specifying them in
+ your configuration.nix. The declarative approach implies
+ that containers get upgraded along with your host system when you run
+ nixos-rebuild, which is often not what you want. By
+ contrast, in the imperative approach, containers are configured and updated
+ independently from the host system.
+
+
+
+
-
diff --git a/nixos/doc/manual/administration/control-groups.xml b/nixos/doc/manual/administration/control-groups.xml
index 0d7b8ae910a788f290d1f9b313cfdccbefb5b86f..bb8b7f83d9e0a1b314c7e77f65f7d455d369612e 100644
--- a/nixos/doc/manual/administration/control-groups.xml
+++ b/nixos/doc/manual/administration/control-groups.xml
@@ -3,20 +3,18 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-cgroups">
-
-Control Groups
-
-To keep track of the processes in a running system, systemd uses
-control groups (cgroups). A control group is a
-set of processes used to allocate resources such as CPU, memory or I/O
-bandwidth. There can be multiple control group hierarchies, allowing
-each kind of resource to be managed independently.
-
-The command systemd-cgls lists all control
-groups in the systemd hierarchy, which is what
-systemd uses to keep track of the processes belonging to each service
-or user session:
-
+ Control Groups
+
+ To keep track of the processes in a running system, systemd uses
+ control groups (cgroups). A control group is a set of
+ processes used to allocate resources such as CPU, memory or I/O bandwidth.
+ There can be multiple control group hierarchies, allowing each kind of
+ resource to be managed independently.
+
+
+ The command systemd-cgls lists all control groups in the
+ systemd hierarchy, which is what systemd uses to keep
+ track of the processes belonging to each service or user session:
$ systemd-cgls
├─user
@@ -34,40 +32,34 @@ $ systemd-cgls
│ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf
└─ ...
-
-Similarly, systemd-cgls cpu shows the cgroups in
-the CPU hierarchy, which allows per-cgroup CPU scheduling priorities.
-By default, every systemd service gets its own CPU cgroup, while all
-user sessions are in the top-level CPU cgroup. This ensures, for
-instance, that a thousand run-away processes in the
-httpd.service cgroup cannot starve the CPU for one
-process in the postgresql.service cgroup. (By
-contrast, it they were in the same cgroup, then the PostgreSQL process
-would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s
-CPU share in configuration.nix:
-
+ Similarly, systemd-cgls cpu shows the cgroups in the CPU
+ hierarchy, which allows per-cgroup CPU scheduling priorities. By default,
+ every systemd service gets its own CPU cgroup, while all user sessions are in
+ the top-level CPU cgroup. This ensures, for instance, that a thousand
+ run-away processes in the httpd.service cgroup cannot
+ starve the CPU for one process in the postgresql.service
+ cgroup. (By contrast, it they were in the same cgroup, then the PostgreSQL
+ process would get 1/1001 of the cgroup’s CPU time.) You can limit a
+ service’s CPU share in configuration.nix:
-systemd.services.httpd.serviceConfig.CPUShares = 512;
+systemd.services.httpd.serviceConfig.CPUShares = 512;
-
-By default, every cgroup has 1024 CPU shares, so this will halve the
-CPU allocation of the httpd.service cgroup.
-
-There also is a memory hierarchy that
-controls memory allocation limits; by default, all processes are in
-the top-level cgroup, so any service or session can exhaust all
-available memory. Per-cgroup memory limits can be specified in
-configuration.nix; for instance, to limit
-httpd.service to 512 MiB of RAM (excluding swap):
-
+ By default, every cgroup has 1024 CPU shares, so this will halve the CPU
+ allocation of the httpd.service cgroup.
+
+
+ There also is a memory hierarchy that controls memory
+ allocation limits; by default, all processes are in the top-level cgroup, so
+ any service or session can exhaust all available memory. Per-cgroup memory
+ limits can be specified in configuration.nix; for
+ instance, to limit httpd.service to 512 MiB of RAM
+ (excluding swap):
-systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
+systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
-
-
-
-The command systemd-cgtop shows a
-continuously updated list of all cgroups with their CPU and memory
-usage.
-
+
+
+ The command systemd-cgtop shows a continuously updated
+ list of all cgroups with their CPU and memory usage.
+
diff --git a/nixos/doc/manual/administration/declarative-containers.xml b/nixos/doc/manual/administration/declarative-containers.xml
index 94f03a2ee116ad6d930a6f36b4e86c5b90dcb924..2a98fb1262310275849d0451221f3fc671b04a47 100644
--- a/nixos/doc/manual/administration/declarative-containers.xml
+++ b/nixos/doc/manual/administration/declarative-containers.xml
@@ -3,58 +3,58 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-declarative-containers">
+ Declarative Container Specification
-Declarative Container Specification
-
-You can also specify containers and their configuration in the
-host’s configuration.nix. For example, the
-following specifies that there shall be a container named
-database running PostgreSQL:
-
+
+ You can also specify containers and their configuration in the host’s
+ configuration.nix. For example, the following specifies
+ that there shall be a container named database running
+ PostgreSQL:
containers.database =
{ config =
{ config, pkgs, ... }:
- { services.postgresql.enable = true;
- services.postgresql.package = pkgs.postgresql96;
+ { = true;
+ = pkgs.postgresql96;
};
};
-
-If you run nixos-rebuild switch, the container will
-be built. If the container was already running, it will be
-updated in place, without rebooting. The container can be configured to
-start automatically by setting containers.database.autoStart = true
-in its configuration.
-
-By default, declarative containers share the network namespace
-of the host, meaning that they can listen on (privileged)
-ports. However, they cannot change the network configuration. You can
-give a container its own network as follows:
-
+ If you run nixos-rebuild switch, the container will be
+ built. If the container was already running, it will be updated in place,
+ without rebooting. The container can be configured to start automatically by
+ setting containers.database.autoStart = true in its
+ configuration.
+
+
+
+ By default, declarative containers share the network namespace of the host,
+ meaning that they can listen on (privileged) ports. However, they cannot
+ change the network configuration. You can give a container its own network as
+ follows:
-containers.database =
- { privateNetwork = true;
- hostAddress = "192.168.100.10";
- localAddress = "192.168.100.11";
- };
+containers.database = {
+ privateNetwork = true;
+ hostAddress = "192.168.100.10";
+ localAddress = "192.168.100.11";
+};
-
-This gives the container a private virtual Ethernet interface with IP
-address 192.168.100.11, which is hooked up to a
-virtual Ethernet interface on the host with IP address
-192.168.100.10. (See the next section for details
-on container networking.)
-
-To disable the container, just remove it from
-configuration.nix and run nixos-rebuild
-switch. Note that this will not delete the root directory of
-the container in /var/lib/containers. Containers can be
-destroyed using the imperative method: nixos-container destroy
- foo.
-
-Declarative containers can be started and stopped using the
-corresponding systemd service, e.g. systemctl start
-container@database.
-
+ This gives the container a private virtual Ethernet interface with IP address
+ 192.168.100.11, which is hooked up to a virtual Ethernet
+ interface on the host with IP address 192.168.100.10. (See
+ the next section for details on container networking.)
+
+
+
+ To disable the container, just remove it from
+ configuration.nix and run nixos-rebuild
+ switch. Note that this will not delete the root directory of the
+ container in /var/lib/containers. Containers can be
+ destroyed using the imperative method: nixos-container destroy
+ foo.
+
+
+
+ Declarative containers can be started and stopped using the corresponding
+ systemd service, e.g. systemctl start container@database.
+
diff --git a/nixos/doc/manual/administration/imperative-containers.xml b/nixos/doc/manual/administration/imperative-containers.xml
index d5d8140e076496edd7bb17b91422385d9a3bf56f..9cc7ca3e672a5fe10251752acd41dc6cce057656 100644
--- a/nixos/doc/manual/administration/imperative-containers.xml
+++ b/nixos/doc/manual/administration/imperative-containers.xml
@@ -3,131 +3,114 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-imperative-containers">
+ Imperative Container Management
-Imperative Container Management
-
-We’ll cover imperative container management using
-nixos-container first.
-Be aware that container management is currently only possible
-as root.
-
-You create a container with
-identifier foo as follows:
+
+ We’ll cover imperative container management using
+ nixos-container first. Be aware that container management
+ is currently only possible as root.
+
+
+ You create a container with identifier foo as follows:
# nixos-container create foo
-
-This creates the container’s root directory in
-/var/lib/containers/foo and a small configuration
-file in /etc/containers/foo.conf. It also builds
-the container’s initial system configuration and stores it in
-/nix/var/nix/profiles/per-container/foo/system. You
-can modify the initial configuration of the container on the command
-line. For instance, to create a container that has
-sshd running, with the given public key for
-root:
-
+ This creates the container’s root directory in
+ /var/lib/containers/foo and a small configuration file
+ in /etc/containers/foo.conf. It also builds the
+ container’s initial system configuration and stores it in
+ /nix/var/nix/profiles/per-container/foo/system. You can
+ modify the initial configuration of the container on the command line. For
+ instance, to create a container that has sshd running,
+ with the given public key for root:
# nixos-container create foo --config '
- services.openssh.enable = true;
- users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];
+ = true;
+ users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];
'
+
-
-
-Creating a container does not start it. To start the container,
-run:
-
+
+ Creating a container does not start it. To start the container, run:
# nixos-container start foo
-
-This command will return as soon as the container has booted and has
-reached multi-user.target. On the host, the
-container runs within a systemd unit called
-container@container-name.service.
-Thus, if something went wrong, you can get status info using
-systemctl:
-
+ This command will return as soon as the container has booted and has reached
+ multi-user.target. On the host, the container runs within
+ a systemd unit called
+ container@container-name.service.
+ Thus, if something went wrong, you can get status info using
+ systemctl:
# systemctl status container@foo
+
-
-
-If the container has started successfully, you can log in as
-root using the root-login operation:
-
+
+ If the container has started successfully, you can log in as root using the
+ root-login operation:
# nixos-container root-login foo
[root@foo:~]#
-
-Note that only root on the host can do this (since there is no
-authentication). You can also get a regular login prompt using the
-login operation, which is available to all users on
-the host:
-
+ Note that only root on the host can do this (since there is no
+ authentication). You can also get a regular login prompt using the
+ login operation, which is available to all users on the
+ host:
# nixos-container login foo
foo login: alice
Password: ***
-
-With nixos-container run, you can execute arbitrary
-commands in the container:
-
+ With nixos-container run, you can execute arbitrary
+ commands in the container:
# nixos-container run foo -- uname -a
Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
+
-
-
-There are several ways to change the configuration of the
-container. First, on the host, you can edit
-/var/lib/container/name/etc/nixos/configuration.nix,
-and run
-
+
+ There are several ways to change the configuration of the container. First,
+ on the host, you can edit
+ /var/lib/container/name/etc/nixos/configuration.nix,
+ and run
# nixos-container update foo
-
-This will build and activate the new configuration. You can also
-specify a new configuration on the command line:
-
+ This will build and activate the new configuration. You can also specify a
+ new configuration on the command line:
# nixos-container update foo --config '
- services.httpd.enable = true;
- services.httpd.adminAddr = "foo@example.org";
- networking.firewall.allowedTCPPorts = [ 80 ];
+ = true;
+ = "foo@example.org";
+ = [ 80 ];
'
# curl http://$(nixos-container show-ip foo)/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
-
-However, note that this will overwrite the container’s
-/etc/nixos/configuration.nix.
-
-Alternatively, you can change the configuration from within the
-container itself by running nixos-rebuild switch
-inside the container. Note that the container by default does not have
-a copy of the NixOS channel, so you should run nix-channel
---update first.
-
-Containers can be stopped and started using
-nixos-container stop and nixos-container
-start, respectively, or by using
-systemctl on the container’s service unit. To
-destroy a container, including its file system, do
-
+ However, note that this will overwrite the container’s
+ /etc/nixos/configuration.nix.
+
+
+
+ Alternatively, you can change the configuration from within the container
+ itself by running nixos-rebuild switch inside the
+ container. Note that the container by default does not have a copy of the
+ NixOS channel, so you should run nix-channel --update
+ first.
+
+
+
+ Containers can be stopped and started using nixos-container
+ stop and nixos-container start, respectively, or
+ by using systemctl on the container’s service unit. To
+ destroy a container, including its file system, do
# nixos-container destroy foo
-
-
-
+
diff --git a/nixos/doc/manual/administration/logging.xml b/nixos/doc/manual/administration/logging.xml
index 1d5df7770e298ec8c2b9ba8fcf6d343e62d1d6de..a41936b373d6f126518f18a20db9ac4ff7387b33 100644
--- a/nixos/doc/manual/administration/logging.xml
+++ b/nixos/doc/manual/administration/logging.xml
@@ -3,26 +3,20 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-logging">
-
-Logging
-
-System-wide logging is provided by systemd’s
-journal, which subsumes traditional logging
-daemons such as syslogd and klogd. Log entries are kept in binary
-files in /var/log/journal/. The command
-journalctl allows you to see the contents of the
-journal. For example,
-
+ Logging
+
+ System-wide logging is provided by systemd’s journal,
+ which subsumes traditional logging daemons such as syslogd and klogd. Log
+ entries are kept in binary files in /var/log/journal/.
+ The command journalctl allows you to see the contents of
+ the journal. For example,
$ journalctl -b
-
-shows all journal entries since the last reboot. (The output of
-journalctl is piped into less by
-default.) You can use various options and match operators to restrict
-output to messages of interest. For instance, to get all messages
-from PostgreSQL:
-
+ shows all journal entries since the last reboot. (The output of
+ journalctl is piped into less by
+ default.) You can use various options and match operators to restrict output
+ to messages of interest. For instance, to get all messages from PostgreSQL:
$ journalctl -u postgresql.service
-- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. --
@@ -32,21 +26,18 @@ Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down
Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET
Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections
-
-Or to get all messages since the last reboot that have at least a
-“critical” severity level:
-
+ Or to get all messages since the last reboot that have at least a
+ “critical” severity level:
$ journalctl -b -p crit
Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice]
Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1)
-
-
-
-The system journal is readable by root and by users in the
-wheel and systemd-journal
-groups. All users have a private journal that can be read using
-journalctl.
-
-
\ No newline at end of file
+
+
+ The system journal is readable by root and by users in the
+ wheel and systemd-journal groups. All
+ users have a private journal that can be read using
+ journalctl.
+
+
diff --git a/nixos/doc/manual/administration/maintenance-mode.xml b/nixos/doc/manual/administration/maintenance-mode.xml
index 17a1609e557959edbc92c251b6b8ea10944c79f4..71e3f9ea665d8ee318f9466534ebb73cad6deffa 100644
--- a/nixos/doc/manual/administration/maintenance-mode.xml
+++ b/nixos/doc/manual/administration/maintenance-mode.xml
@@ -3,16 +3,14 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-maintenance-mode">
+ Maintenance Mode
-Maintenance Mode
-
-You can enter rescue mode by running:
-
+
+ You can enter rescue mode by running:
# systemctl rescue
-
-This will eventually give you a single-user root shell. Systemd will
-stop (almost) all system services. To get out of maintenance mode,
-just exit from the rescue shell.
-
+ This will eventually give you a single-user root shell. Systemd will stop
+ (almost) all system services. To get out of maintenance mode, just exit from
+ the rescue shell.
+
diff --git a/nixos/doc/manual/administration/network-problems.xml b/nixos/doc/manual/administration/network-problems.xml
index 91f9eb4e22c680aa2cb08cdafc8ec9ef7ab00e38..570f58358845bf7a80e4dc26c9003c052eb44fb7 100644
--- a/nixos/doc/manual/administration/network-problems.xml
+++ b/nixos/doc/manual/administration/network-problems.xml
@@ -3,31 +3,25 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-network-issues">
+ Network Problems
-Network Problems
-
-Nix uses a so-called binary cache to
-optimise building a package from source into downloading it as a
-pre-built binary. That is, whenever a command like
-nixos-rebuild needs a path in the Nix store, Nix
-will try to download that path from the Internet rather than build it
-from source. The default binary cache is
-https://cache.nixos.org/. If this cache is unreachable,
-Nix operations may take a long time due to HTTP connection timeouts.
-You can disable the use of the binary cache by adding , e.g.
-
+
+ Nix uses a so-called binary cache to optimise building a
+ package from source into downloading it as a pre-built binary. That is,
+ whenever a command like nixos-rebuild needs a path in the
+ Nix store, Nix will try to download that path from the Internet rather than
+ build it from source. The default binary cache is
+ https://cache.nixos.org/. If this cache is unreachable, Nix
+ operations may take a long time due to HTTP connection timeouts. You can
+ disable the use of the binary cache by adding , e.g.
# nixos-rebuild switch --option use-binary-caches false
-
-If you have an alternative binary cache at your disposal, you can use
-it instead:
-
+ If you have an alternative binary cache at your disposal, you can use it
+ instead:
# nixos-rebuild switch --option binary-caches http://my-cache.example.org/
-
-
-
+
diff --git a/nixos/doc/manual/administration/rebooting.xml b/nixos/doc/manual/administration/rebooting.xml
index 23f3a3219c6ae42c3ab64798494ce375ae62b8b0..a5abd6f025885d51a84ccfb258018f702d0f4669 100644
--- a/nixos/doc/manual/administration/rebooting.xml
+++ b/nixos/doc/manual/administration/rebooting.xml
@@ -3,42 +3,33 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-rebooting">
-
-Rebooting and Shutting Down
-
-The system can be shut down (and automatically powered off) by
-doing:
-
+ Rebooting and Shutting Down
+
+ The system can be shut down (and automatically powered off) by doing:
# shutdown
-
-This is equivalent to running systemctl
-poweroff.
-
-To reboot the system, run
-
+ This is equivalent to running systemctl poweroff.
+
+
+ To reboot the system, run
# reboot
-
-which is equivalent to systemctl reboot.
-Alternatively, you can quickly reboot the system using
-kexec, which bypasses the BIOS by directly loading
-the new kernel into memory:
-
+ which is equivalent to systemctl reboot. Alternatively,
+ you can quickly reboot the system using kexec, which
+ bypasses the BIOS by directly loading the new kernel into memory:
# systemctl kexec
-
-
-
-The machine can be suspended to RAM (if supported) using
-systemctl suspend, and suspended to disk using
-systemctl hibernate.
-
-These commands can be run by any user who is logged in locally,
-i.e. on a virtual console or in X11; otherwise, the user is asked for
-authentication.
-
+
+
+ The machine can be suspended to RAM (if supported) using systemctl
+ suspend, and suspended to disk using systemctl
+ hibernate.
+
+
+ These commands can be run by any user who is logged in locally, i.e. on a
+ virtual console or in X11; otherwise, the user is asked for authentication.
+
diff --git a/nixos/doc/manual/administration/rollback.xml b/nixos/doc/manual/administration/rollback.xml
index ae621f33de2caa40cf25122234a1c15b1d6e6b06..07c6acaa469c9fc5f12ca1e2bcab548e44a64c6c 100644
--- a/nixos/doc/manual/administration/rollback.xml
+++ b/nixos/doc/manual/administration/rollback.xml
@@ -3,46 +3,39 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-rollback">
-
-Rolling Back Configuration Changes
-
-After running nixos-rebuild to switch to a
-new configuration, you may find that the new configuration doesn’t
-work very well. In that case, there are several ways to return to a
-previous configuration.
-
-First, the GRUB boot manager allows you to boot into any
-previous configuration that hasn’t been garbage-collected. These
-configurations can be found under the GRUB submenu “NixOS - All
-configurations”. This is especially useful if the new configuration
-fails to boot. After the system has booted, you can make the selected
-configuration the default for subsequent boots:
-
+ Rolling Back Configuration Changes
+
+
+ After running nixos-rebuild to switch to a new
+ configuration, you may find that the new configuration doesn’t work very
+ well. In that case, there are several ways to return to a previous
+ configuration.
+
+
+
+ First, the GRUB boot manager allows you to boot into any previous
+ configuration that hasn’t been garbage-collected. These configurations can
+ be found under the GRUB submenu “NixOS - All configurations”. This is
+ especially useful if the new configuration fails to boot. After the system
+ has booted, you can make the selected configuration the default for
+ subsequent boots:
# /run/current-system/bin/switch-to-configuration boot
+
-
-
-Second, you can switch to the previous configuration in a running
-system:
-
+
+ Second, you can switch to the previous configuration in a running system:
# nixos-rebuild switch --rollback
-
-This is equivalent to running:
-
+ This is equivalent to running:
# /nix/var/nix/profiles/system-N-link/bin/switch-to-configuration switch
-
-where N is the number of the NixOS system
-configuration. To get a list of the available configurations, do:
-
+ where N is the number of the NixOS system
+ configuration. To get a list of the available configurations, do:
$ ls -l /nix/var/nix/profiles/system-*-link
...
lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link -> /nix/store/202b...-nixos-13.07pre4932_5a676e4-4be1055
-
-
-
+
diff --git a/nixos/doc/manual/administration/running.xml b/nixos/doc/manual/administration/running.xml
index 9091511ed527a25b7c4bd6d9edd964d3a02a8624..786dd5e2390d6579f90e55881717d723c95bf4f8 100644
--- a/nixos/doc/manual/administration/running.xml
+++ b/nixos/doc/manual/administration/running.xml
@@ -3,22 +3,19 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-running">
-
-Administration
-
-
-This chapter describes various aspects of managing a running
-NixOS system, such as how to use the systemd
-service manager.
-
-
-
-
-
-
-
-
-
-
-
+ Administration
+
+
+ This chapter describes various aspects of managing a running NixOS system,
+ such as how to use the systemd service manager.
+
+
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/administration/service-mgmt.xml b/nixos/doc/manual/administration/service-mgmt.xml
index 1627c7a2fdeb0d03218aacf78b16c86664187a2c..0c2085c815597d3a3c1894e70941f774d10cdc35 100644
--- a/nixos/doc/manual/administration/service-mgmt.xml
+++ b/nixos/doc/manual/administration/service-mgmt.xml
@@ -3,26 +3,23 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-systemctl">
-
-Service Management
-
-In NixOS, all system services are started and monitored using
-the systemd program. Systemd is the “init” process of the system
-(i.e. PID 1), the parent of all other processes. It manages a set of
-so-called “units”, which can be things like system services
-(programs), but also mount points, swap files, devices, targets
-(groups of units) and more. Units can have complex dependencies; for
-instance, one unit can require that another unit must be successfully
-started before the first unit can be started. When the system boots,
-it starts a unit named default.target; the
-dependencies of this unit cause all system services to be started,
-file systems to be mounted, swap files to be activated, and so
-on.
-
-The command systemctl is the main way to
-interact with systemd. Without any arguments, it
-shows the status of active units:
-
+ Service Management
+
+ In NixOS, all system services are started and monitored using the systemd
+ program. Systemd is the “init” process of the system (i.e. PID 1), the
+ parent of all other processes. It manages a set of so-called “units”,
+ which can be things like system services (programs), but also mount points,
+ swap files, devices, targets (groups of units) and more. Units can have
+ complex dependencies; for instance, one unit can require that another unit
+ must be successfully started before the first unit can be started. When the
+ system boots, it starts a unit named default.target; the
+ dependencies of this unit cause all system services to be started, file
+ systems to be mounted, swap files to be activated, and so on.
+
+
+ The command systemctl is the main way to interact with
+ systemd. Without any arguments, it shows the status of
+ active units:
$ systemctl
-.mount loaded active mounted /
@@ -31,12 +28,10 @@ sshd.service loaded active running SSH Daemon
graphical.target loaded active active Graphical Interface
...
-
-
-
-You can ask for detailed status information about a unit, for
-instance, the PostgreSQL database service:
-
+
+
+ You can ask for detailed status information about a unit, for instance, the
+ PostgreSQL database service:
$ systemctl status postgresql.service
postgresql.service - PostgreSQL Server
@@ -56,28 +51,22 @@ Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG: database system is ready to
Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG: autovacuum launcher started
Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
-
-Note that this shows the status of the unit (active and running), all
-the processes belonging to the service, as well as the most recent log
-messages from the service.
-
-
-
-Units can be stopped, started or restarted:
-
+ Note that this shows the status of the unit (active and running), all the
+ processes belonging to the service, as well as the most recent log messages
+ from the service.
+
+
+ Units can be stopped, started or restarted:
# systemctl stop postgresql.service
# systemctl start postgresql.service
# systemctl restart postgresql.service
-
-These operations are synchronous: they wait until the service has
-finished starting or stopping (or has failed). Starting a unit will
-cause the dependencies of that unit to be started as well (if
-necessary).
-
+ These operations are synchronous: they wait until the service has finished
+ starting or stopping (or has failed). Starting a unit will cause the
+ dependencies of that unit to be started as well (if necessary).
+
-
diff --git a/nixos/doc/manual/administration/store-corruption.xml b/nixos/doc/manual/administration/store-corruption.xml
index 9f567042b727e956c860d8190cf392fb0b09f76f..a4ca3b651e20e20c7e5e16769195ba2ca6b8f75c 100644
--- a/nixos/doc/manual/administration/store-corruption.xml
+++ b/nixos/doc/manual/administration/store-corruption.xml
@@ -3,35 +3,34 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-store-corruption">
-
-Nix Store Corruption
-
-After a system crash, it’s possible for files in the Nix store
-to become corrupted. (For instance, the Ext4 file system has the
-tendency to replace un-synced files with zero bytes.) NixOS tries
-hard to prevent this from happening: it performs a
-sync before switching to a new configuration, and
-Nix’s database is fully transactional. If corruption still occurs,
-you may be able to fix it automatically.
-
-If the corruption is in a path in the closure of the NixOS
-system configuration, you can fix it by doing
-
+ Nix Store Corruption
+
+
+ After a system crash, it’s possible for files in the Nix store to become
+ corrupted. (For instance, the Ext4 file system has the tendency to replace
+ un-synced files with zero bytes.) NixOS tries hard to prevent this from
+ happening: it performs a sync before switching to a new
+ configuration, and Nix’s database is fully transactional. If corruption
+ still occurs, you may be able to fix it automatically.
+
+
+
+ If the corruption is in a path in the closure of the NixOS system
+ configuration, you can fix it by doing
# nixos-rebuild switch --repair
+ This will cause Nix to check every path in the closure, and if its
+ cryptographic hash differs from the hash recorded in Nix’s database, the
+ path is rebuilt or redownloaded.
+
-This will cause Nix to check every path in the closure, and if its
-cryptographic hash differs from the hash recorded in Nix’s database,
-the path is rebuilt or redownloaded.
-
-You can also scan the entire Nix store for corrupt paths:
-
+
+ You can also scan the entire Nix store for corrupt paths:
# nix-store --verify --check-contents --repair
-
-Any corrupt paths will be redownloaded if they’re available in a
-binary cache; otherwise, they cannot be repaired.
-
+ Any corrupt paths will be redownloaded if they’re available in a binary
+ cache; otherwise, they cannot be repaired.
+
diff --git a/nixos/doc/manual/administration/troubleshooting.xml b/nixos/doc/manual/administration/troubleshooting.xml
index 351fb1883310af5997346522adcffbcdfe37123c..6496e7bde3877b03bcf6d99c4072644ed3279fa6 100644
--- a/nixos/doc/manual/administration/troubleshooting.xml
+++ b/nixos/doc/manual/administration/troubleshooting.xml
@@ -3,16 +3,14 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-troubleshooting">
-
-Troubleshooting
-
-This chapter describes solutions to common problems you might
-encounter when you manage your NixOS system.
-
-
-
-
-
-
-
+ Troubleshooting
+
+ This chapter describes solutions to common problems you might encounter when
+ you manage your NixOS system.
+
+
+
+
+
+
diff --git a/nixos/doc/manual/administration/user-sessions.xml b/nixos/doc/manual/administration/user-sessions.xml
index 0a7eb8cd123c34022f2ac13d2133c616f5abc929..1d95cfb22b69674816c2ae1c483ebcca54f3be16 100644
--- a/nixos/doc/manual/administration/user-sessions.xml
+++ b/nixos/doc/manual/administration/user-sessions.xml
@@ -3,14 +3,12 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-user-sessions">
-
-User Sessions
-
-Systemd keeps track of all users who are logged into the system
-(e.g. on a virtual console or remotely via SSH). The command
-loginctl allows querying and manipulating user
-sessions. For instance, to list all user sessions:
-
+ User Sessions
+
+ Systemd keeps track of all users who are logged into the system (e.g. on a
+ virtual console or remotely via SSH). The command loginctl
+ allows querying and manipulating user sessions. For instance, to list all
+ user sessions:
$ loginctl
SESSION UID USER SEAT
@@ -18,12 +16,10 @@ $ loginctl
c3 0 root seat0
c4 500 alice
-
-This shows that two users are logged in locally, while another is
-logged in remotely. (“Seats” are essentially the combinations of
-displays and input devices attached to the system; usually, there is
-only one seat.) To get information about a session:
-
+ This shows that two users are logged in locally, while another is logged in
+ remotely. (“Seats” are essentially the combinations of displays and input
+ devices attached to the system; usually, there is only one seat.) To get
+ information about a session:
$ loginctl session-status c3
c3 - root (0)
@@ -38,16 +34,12 @@ c3 - root (0)
├─10339 -bash
└─10355 w3m nixos.org
-
-This shows that the user is logged in on virtual console 3. It also
-lists the processes belonging to this session. Since systemd keeps
-track of this, you can terminate a session in a way that ensures that
-all the session’s processes are gone:
-
+ This shows that the user is logged in on virtual console 3. It also lists the
+ processes belonging to this session. Since systemd keeps track of this, you
+ can terminate a session in a way that ensures that all the session’s
+ processes are gone:
# loginctl terminate-session c3
-
-
-
+
diff --git a/nixos/doc/manual/configuration/abstractions.xml b/nixos/doc/manual/configuration/abstractions.xml
index cbd54bca62f92674191f221fe52b2bdb32a3e948..5bf0635cc1aa614f3fac70592e5be260d7429cd4 100644
--- a/nixos/doc/manual/configuration/abstractions.xml
+++ b/nixos/doc/manual/configuration/abstractions.xml
@@ -3,15 +3,14 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-module-abstractions">
+ Abstractions
-Abstractions
-
-If you find yourself repeating yourself over and over, it’s time
-to abstract. Take, for instance, this Apache HTTP Server configuration:
-
+
+ If you find yourself repeating yourself over and over, it’s time to
+ abstract. Take, for instance, this Apache HTTP Server configuration:
{
- services.httpd.virtualHosts =
+ =
[ { hostName = "example.org";
documentRoot = "/webroot";
adminAddr = "alice@example.org";
@@ -28,11 +27,9 @@ to abstract. Take, for instance, this Apache HTTP Server configuration:
];
}
-
-It defines two virtual hosts with nearly identical configuration; the
-only difference is that the second one has SSL enabled. To prevent
-this duplication, we can use a let:
-
+ It defines two virtual hosts with nearly identical configuration; the only
+ difference is that the second one has SSL enabled. To prevent this
+ duplication, we can use a let:
let
exampleOrgCommon =
@@ -43,7 +40,7 @@ let
};
in
{
- services.httpd.virtualHosts =
+ =
[ exampleOrgCommon
(exampleOrgCommon // {
enableSSL = true;
@@ -53,40 +50,38 @@ in
];
}
-
-The let exampleOrgCommon =
-... defines a variable named
-exampleOrgCommon. The //
-operator merges two attribute sets, so the configuration of the second
-virtual host is the set exampleOrgCommon extended
-with the SSL options.
-
-You can write a let wherever an expression is
-allowed. Thus, you also could have written:
-
+ The let exampleOrgCommon = ...
+ defines a variable named exampleOrgCommon. The
+ // operator merges two attribute sets, so the
+ configuration of the second virtual host is the set
+ exampleOrgCommon extended with the SSL options.
+
+
+
+ You can write a let wherever an expression is allowed.
+ Thus, you also could have written:
{
- services.httpd.virtualHosts =
+ =
let exampleOrgCommon = ...; in
[ exampleOrgCommon
(exampleOrgCommon // { ... })
];
}
-
-but not { let exampleOrgCommon =
-...; in ...;
-} since attributes (as opposed to attribute values) are not
-expressions.
-
-Functions provide another method of
-abstraction. For instance, suppose that we want to generate lots of
-different virtual hosts, all with identical configuration except for
-the host name. This can be done as follows:
-
+ but not { let exampleOrgCommon = ...; in
+ ...; } since attributes (as opposed to
+ attribute values) are not expressions.
+
+
+
+ Functions provide another method of abstraction. For
+ instance, suppose that we want to generate lots of different virtual hosts,
+ all with identical configuration except for the host name. This can be done
+ as follows:
{
- services.httpd.virtualHosts =
+ =
let
makeVirtualHost = name:
{ hostName = name;
@@ -101,38 +96,36 @@ the host name. This can be done as follows:
];
}
-
-Here, makeVirtualHost is a function that takes a
-single argument name and returns the configuration
-for a virtual host. That function is then called for several names to
-produce the list of virtual host configurations.
-
-We can further improve on this by using the function
-map, which applies another function to every
-element in a list:
-
+ Here, makeVirtualHost is a function that takes a single
+ argument name and returns the configuration for a virtual
+ host. That function is then called for several names to produce the list of
+ virtual host configurations.
+
+
+
+ We can further improve on this by using the function map,
+ which applies another function to every element in a list:
{
- services.httpd.virtualHosts =
+ =
let
makeVirtualHost = ...;
in map makeVirtualHost
[ "example.org" "example.com" "example.gov" "example.nl" ];
}
-
-(The function map is called a
-higher-order function because it takes another
-function as an argument.)
-
-What if you need more than one argument, for instance, if we
-want to use a different documentRoot for each
-virtual host? Then we can make makeVirtualHost a
-function that takes a set as its argument, like this:
-
+ (The function map is called a higher-order
+ function because it takes another function as an argument.)
+
+
+
+ What if you need more than one argument, for instance, if we want to use a
+ different documentRoot for each virtual host? Then we can
+ make makeVirtualHost a function that takes a
+ set as its argument, like this:
{
- services.httpd.virtualHosts =
+ =
let
makeVirtualHost = { name, root }:
{ hostName = name;
@@ -147,10 +140,9 @@ function that takes a set as its argument, like this:
];
}
-
-But in this case (where every root is a subdirectory of
-/sites named after the virtual host), it would
-have been shorter to define makeVirtualHost as
+ But in this case (where every root is a subdirectory of
+ /sites named after the virtual host), it would have been
+ shorter to define makeVirtualHost as
makeVirtualHost = name:
{ hostName = name;
@@ -158,9 +150,7 @@ makeVirtualHost = name:
adminAddr = "alice@example.org";
};
-
-Here, the construct
-${...} allows the result
-of an expression to be spliced into a string.
-
+ Here, the construct ${...}
+ allows the result of an expression to be spliced into a string.
+
diff --git a/nixos/doc/manual/configuration/ad-hoc-network-config.xml b/nixos/doc/manual/configuration/ad-hoc-network-config.xml
index 26a572ba1fb560f036b1bf0f5934d5adf01f25ea..00e595c7cb7f4e5a1f038e7f069568d1c08748ba 100644
--- a/nixos/doc/manual/configuration/ad-hoc-network-config.xml
+++ b/nixos/doc/manual/configuration/ad-hoc-network-config.xml
@@ -3,22 +3,18 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ad-hoc-network-config">
+ Ad-Hoc Configuration
-Ad-Hoc Configuration
-
-You can use to specify
-shell commands to be run at the end of
-network-setup.service. This is useful for doing
-network configuration not covered by the existing NixOS modules. For
-instance, to statically configure an IPv6 address:
-
+
+ You can use to specify shell
+ commands to be run at the end of network-setup.service.
+ This is useful for doing network configuration not covered by the existing
+ NixOS modules. For instance, to statically configure an IPv6 address:
-networking.localCommands =
+ =
''
ip -6 addr add 2001:610:685:1::1/64 dev eth0
'';
-
-
-
+
diff --git a/nixos/doc/manual/configuration/ad-hoc-packages.xml b/nixos/doc/manual/configuration/ad-hoc-packages.xml
index a147291c4f3d9933600da9dca1485b65a9ab7616..19159d8db5b6703cfff53084155d6d9befffad1b 100644
--- a/nixos/doc/manual/configuration/ad-hoc-packages.xml
+++ b/nixos/doc/manual/configuration/ad-hoc-packages.xml
@@ -3,61 +3,59 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-ad-hoc-packages">
+ Ad-Hoc Package Management
-Ad-Hoc Package Management
-
-With the command nix-env, you can install and
-uninstall packages from the command line. For instance, to install
-Mozilla Thunderbird:
-
+
+ With the command nix-env, you can install and uninstall
+ packages from the command line. For instance, to install Mozilla Thunderbird:
$ nix-env -iA nixos.thunderbird
-
-If you invoke this as root, the package is installed in the Nix
-profile /nix/var/nix/profiles/default and visible
-to all users of the system; otherwise, the package ends up in
-/nix/var/nix/profiles/per-user/username/profile
-and is not visible to other users. The flag
-specifies the package by its attribute name; without it, the package
-is installed by matching against its package name
-(e.g. thunderbird). The latter is slower because
-it requires matching against all available Nix packages, and is
-ambiguous if there are multiple matching packages.
-
-Packages come from the NixOS channel. You typically upgrade a
-package by updating to the latest version of the NixOS channel:
+ If you invoke this as root, the package is installed in the Nix profile
+ /nix/var/nix/profiles/default and visible to all users
+ of the system; otherwise, the package ends up in
+ /nix/var/nix/profiles/per-user/username/profile
+ and is not visible to other users. The flag specifies the
+ package by its attribute name; without it, the package is installed by
+ matching against its package name (e.g. thunderbird). The
+ latter is slower because it requires matching against all available Nix
+ packages, and is ambiguous if there are multiple matching packages.
+
+
+
+ Packages come from the NixOS channel. You typically upgrade a package by
+ updating to the latest version of the NixOS channel:
$ nix-channel --update nixos
-and then running nix-env -i again. Other packages
-in the profile are not affected; this is the
-crucial difference with the declarative style of package management,
-where running nixos-rebuild switch causes all
-packages to be updated to their current versions in the NixOS channel.
-You can however upgrade all packages for which there is a newer
-version by doing:
+ and then running nix-env -i again. Other packages in the
+ profile are not affected; this is the crucial difference
+ with the declarative style of package management, where running
+ nixos-rebuild switch causes all packages to be updated to
+ their current versions in the NixOS channel. You can however upgrade all
+ packages for which there is a newer version by doing:
$ nix-env -u '*'
-
+
-A package can be uninstalled using the
-flag:
+
+ A package can be uninstalled using the flag:
$ nix-env -e thunderbird
-
+
-Finally, you can roll back an undesirable
-nix-env action:
+
+ Finally, you can roll back an undesirable nix-env action:
$ nix-env --rollback
-
-
-nix-env has many more flags. For details,
-see the
-nix-env1
-manpage or the Nix manual.
-
+
+
+
+ nix-env has many more flags. For details, see the
+
+ nix-env
+ 1 manpage or the Nix manual.
+
diff --git a/nixos/doc/manual/configuration/adding-custom-packages.xml b/nixos/doc/manual/configuration/adding-custom-packages.xml
index ab3665bae50468c76c6dd5e6be887000119fe803..b59287a622e664ee7b6d051945b698cf0b986d52 100644
--- a/nixos/doc/manual/configuration/adding-custom-packages.xml
+++ b/nixos/doc/manual/configuration/adding-custom-packages.xml
@@ -3,45 +3,38 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-custom-packages">
+ Adding Custom Packages
-Adding Custom Packages
-
-It’s possible that a package you need is not available in NixOS.
-In that case, you can do two things. First, you can clone the Nixpkgs
-repository, add the package to your clone, and (optionally) submit a
-patch or pull request to have it accepted into the main Nixpkgs
-repository. This is described in detail in the Nixpkgs manual.
-In short, you clone Nixpkgs:
-
+
+ It’s possible that a package you need is not available in NixOS. In that
+ case, you can do two things. First, you can clone the Nixpkgs repository, add
+ the package to your clone, and (optionally) submit a patch or pull request to
+ have it accepted into the main Nixpkgs repository. This is described in
+ detail in the Nixpkgs
+ manual. In short, you clone Nixpkgs:
$ git clone git://github.com/NixOS/nixpkgs.git
$ cd nixpkgs
-
-Then you write and test the package as described in the Nixpkgs
-manual. Finally, you add it to
-environment.systemPackages, e.g.
-
+ Then you write and test the package as described in the Nixpkgs manual.
+ Finally, you add it to environment.systemPackages, e.g.
-environment.systemPackages = [ pkgs.my-package ];
+ = [ pkgs.my-package ];
-
-and you run nixos-rebuild, specifying your own
-Nixpkgs tree:
-
+ and you run nixos-rebuild, specifying your own Nixpkgs
+ tree:
# nixos-rebuild switch -I nixpkgs=/path/to/my/nixpkgs
+
-
-
-The second possibility is to add the package outside of the
-Nixpkgs tree. For instance, here is how you specify a build of the
-GNU Hello
-package directly in configuration.nix:
-
+
+ The second possibility is to add the package outside of the Nixpkgs tree. For
+ instance, here is how you specify a build of the
+ GNU Hello
+ package directly in configuration.nix:
-environment.systemPackages =
+ =
let
my-hello = with pkgs; stdenv.mkDerivation rec {
name = "hello-2.8";
@@ -53,13 +46,12 @@ environment.systemPackages =
in
[ my-hello ];
-
-Of course, you can also move the definition of
-my-hello into a separate Nix expression, e.g.
+ Of course, you can also move the definition of my-hello
+ into a separate Nix expression, e.g.
-environment.systemPackages = [ (import ./my-hello.nix) ];
+ = [ (import ./my-hello.nix) ];
-where my-hello.nix contains:
+ where my-hello.nix contains:
with import <nixpkgs> {}; # bring all of Nixpkgs into scope
@@ -71,14 +63,11 @@ stdenv.mkDerivation rec {
};
}
-
-This allows testing the package easily:
+ This allows testing the package easily:
$ nix-build my-hello.nix
$ ./result/bin/hello
Hello, world!
-
-
-
+
diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml
index 3d1cdaf4c4ab6825e957d3a64db8b546172b4c35..a9420b3fc921499f05fad4d23e399ebb5780643a 100644
--- a/nixos/doc/manual/configuration/config-file.xml
+++ b/nixos/doc/manual/configuration/config-file.xml
@@ -3,49 +3,46 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-configuration-file">
+ NixOS Configuration File
-NixOS Configuration File
-
-The NixOS configuration file generally looks like this:
-
+
+ The NixOS configuration file generally looks like this:
{ config, pkgs, ... }:
{ option definitions
}
-
-The first line ({ config, pkgs, ... }:) denotes
-that this is actually a function that takes at least the two arguments
- config and pkgs. (These are
-explained later.) The function returns a set of
-option definitions ({ ... }). These definitions have the
-form name =
-value, where
-name is the name of an option and
-value is its value. For example,
-
+ The first line ({ config, pkgs, ... }:) denotes that this
+ is actually a function that takes at least the two arguments
+ config and pkgs. (These are explained
+ later.) The function returns a set of option definitions
+ ({ ... }). These definitions
+ have the form name =
+ value, where
+ name is the name of an option and
+ value is its value. For example,
{ config, pkgs, ... }:
-{ services.httpd.enable = true;
- services.httpd.adminAddr = "alice@example.org";
- services.httpd.documentRoot = "/webroot";
+{ = true;
+ = "alice@example.org";
+ = "/webroot";
}
-
-defines a configuration with three option definitions that together
-enable the Apache HTTP Server with /webroot as
-the document root.
-
-Sets can be nested, and in fact dots in option names are
-shorthand for defining a set containing another set. For instance,
- defines a set named
-services that contains a set named
-httpd, which in turn contains an option definition
-named enable with value true.
-This means that the example above can also be written as:
-
+ defines a configuration with three option definitions that together enable
+ the Apache HTTP Server with /webroot as the document
+ root.
+
+
+
+ Sets can be nested, and in fact dots in option names are shorthand for
+ defining a set containing another set. For instance,
+ defines a set named
+ services that contains a set named
+ httpd, which in turn contains an option definition named
+ enable with value true. This means that
+ the example above can also be written as:
{ config, pkgs, ... }:
@@ -58,160 +55,144 @@ This means that the example above can also be written as:
};
}
-
-which may be more convenient if you have lots of option definitions
-that share the same prefix (such as
-services.httpd).
-
-NixOS checks your option definitions for correctness. For
-instance, if you try to define an option that doesn’t exist (that is,
-doesn’t have a corresponding option declaration),
-nixos-rebuild will give an error like:
+ which may be more convenient if you have lots of option definitions that
+ share the same prefix (such as services.httpd).
+
+
+
+ NixOS checks your option definitions for correctness. For instance, if you
+ try to define an option that doesn’t exist (that is, doesn’t have a
+ corresponding option declaration),
+ nixos-rebuild will give an error like:
The option `services.httpd.enable' defined in `/etc/nixos/configuration.nix' does not exist.
-Likewise, values in option definitions must have a correct type. For
-instance, must be a Boolean
-(true or false). Trying to give
-it a value of another type, such as a string, will cause an error:
+ Likewise, values in option definitions must have a correct type. For
+ instance, must be a Boolean
+ (true or false). Trying to give it a
+ value of another type, such as a string, will cause an error:
The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is not a boolean.
+
-
-
-Options have various types of values. The most important are:
-
-
-
+
+ Options have various types of values. The most important are:
+
+ Strings
- Strings are enclosed in double quotes, e.g.
-
+
+ Strings are enclosed in double quotes, e.g.
-networking.hostName = "dexter";
+ = "dexter";
-
- Special characters can be escaped by prefixing them with a
- backslash (e.g. \").
-
- Multi-line strings can be enclosed in double
- single quotes, e.g.
-
+ Special characters can be escaped by prefixing them with a backslash
+ (e.g. \").
+
+
+ Multi-line strings can be enclosed in double single
+ quotes, e.g.
-networking.extraHosts =
+ =
''
127.0.0.2 other-localhost
10.0.0.1 server
'';
-
- The main difference is that it strips from each line
- a number of spaces equal to the minimal indentation of
- the string as a whole (disregarding the indentation of
- empty lines), and that characters like
- " and \ are not special
- (making it more convenient for including things like shell
- code).
- See more info about this in the Nix manual here.
+ The main difference is that it strips from each line a number of spaces
+ equal to the minimal indentation of the string as a whole (disregarding
+ the indentation of empty lines), and that characters like
+ " and \ are not special (making it
+ more convenient for including things like shell code). See more info
+ about this in the Nix manual
+ here.
+
-
-
-
+
+ Booleans
- These can be true or
- false, e.g.
-
+
+ These can be true or false, e.g.
-networking.firewall.enable = true;
-networking.firewall.allowPing = false;
+ = true;
+ = false;
-
+
-
-
-
+
+ Integers
- For example,
-
+
+ For example,
-boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;
+."net.ipv4.tcp_keepalive_time" = 60;
-
(Note that here the attribute name
- net.ipv4.tcp_keepalive_time is enclosed in
- quotes to prevent it from being interpreted as a set named
- net containing a set named
- ipv4, and so on. This is because it’s not a
- NixOS option but the literal name of a Linux kernel
- setting.)
+ net.ipv4.tcp_keepalive_time is enclosed in quotes to
+ prevent it from being interpreted as a set named net
+ containing a set named ipv4, and so on. This is
+ because it’s not a NixOS option but the literal name of a Linux kernel
+ setting.)
+
-
-
-
+
+ Sets
- Sets were introduced above. They are name/value pairs
- enclosed in braces, as in the option definition
-
+
+ Sets were introduced above. They are name/value pairs enclosed in braces,
+ as in the option definition
-fileSystems."/boot" =
+."/boot" =
{ device = "/dev/sda1";
fsType = "ext4";
options = [ "rw" "data=ordered" "relatime" ];
};
-
+
-
-
-
+
+ Lists
- The important thing to note about lists is that list
- elements are separated by whitespace, like this:
-
+
+ The important thing to note about lists is that list elements are
+ separated by whitespace, like this:
-boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
+ = [ "fuse" "kvm-intel" "coretemp" ];
-
List elements can be any other type, e.g. sets:
-
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
-
+
-
-
-
+
+ Packages
- Usually, the packages you need are already part of the Nix
- Packages collection, which is a set that can be accessed through
- the function argument pkgs. Typical uses:
-
+
+ Usually, the packages you need are already part of the Nix Packages
+ collection, which is a set that can be accessed through the function
+ argument pkgs. Typical uses:
-environment.systemPackages =
+ =
[ pkgs.thunderbird
pkgs.emacs
];
-postgresql.package = pkgs.postgresql90;
+ = pkgs.postgresql90;
-
- The latter option definition changes the default PostgreSQL
- package used by NixOS’s PostgreSQL service to 9.0. For more
- information on packages, including how to add new ones, see
- .
+ The latter option definition changes the default PostgreSQL package used
+ by NixOS’s PostgreSQL service to 9.0. For more information on packages,
+ including how to add new ones, see .
+
-
-
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/configuration/config-syntax.xml b/nixos/doc/manual/configuration/config-syntax.xml
index 87847f8451ec354b91a3919b5f9e476e18c8ca7a..5ef498cf9ae385c8633913e8193e154dc679a37c 100644
--- a/nixos/doc/manual/configuration/config-syntax.xml
+++ b/nixos/doc/manual/configuration/config-syntax.xml
@@ -3,25 +3,23 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-configuration-syntax">
-
-Configuration Syntax
-
-The NixOS configuration file
-/etc/nixos/configuration.nix is actually a
-Nix expression, which is the Nix package
-manager’s purely functional language for describing how to build
-packages and configurations. This means you have all the expressive
-power of that language at your disposal, including the ability to
-abstract over common patterns, which is very useful when managing
-complex systems. The syntax and semantics of the Nix language are
-fully described in the Configuration Syntax
+
+ The NixOS configuration file
+ /etc/nixos/configuration.nix is actually a Nix
+ expression, which is the Nix package manager’s purely functional
+ language for describing how to build packages and configurations. This means
+ you have all the expressive power of that language at your disposal,
+ including the ability to abstract over common patterns, which is very useful
+ when managing complex systems. The syntax and semantics of the Nix language
+ are fully described in the
+ Nix
-manual, but here we give a short overview of the most important
-constructs useful in NixOS configuration files.
-
-
-
-
-
-
+ manual, but here we give a short overview of the most important
+ constructs useful in NixOS configuration files.
+
+
+
+
+
diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml
index 8677c13db40ff4fa5fd7e5941fabf8c1d9adb4db..8d05dcd34b4d40813b5d6224af5258337e77c431 100644
--- a/nixos/doc/manual/configuration/configuration.xml
+++ b/nixos/doc/manual/configuration/configuration.xml
@@ -3,31 +3,24 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-configuration">
-
-Configuration
-
-
-
-This chapter describes how to configure various aspects of a
-NixOS machine through the configuration file
-/etc/nixos/configuration.nix. As described in
-, changes to this file only take
-effect after you run nixos-rebuild.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ Configuration
+
+
+ This chapter describes how to configure various aspects of a NixOS machine
+ through the configuration file
+ /etc/nixos/configuration.nix. As described in
+ , changes to this file only take
+ effect after you run nixos-rebuild.
+
+
+
+
+
+
+
+
+
+
+
-
-
diff --git a/nixos/doc/manual/configuration/customizing-packages.xml b/nixos/doc/manual/configuration/customizing-packages.xml
index 8aa01fb57a0950c1ab467d78ca8ac13935e33b19..03b5bb53197bd6a849b629277867d20fcdcfe1a3 100644
--- a/nixos/doc/manual/configuration/customizing-packages.xml
+++ b/nixos/doc/manual/configuration/customizing-packages.xml
@@ -3,91 +3,84 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-customising-packages">
+ Customising Packages
-Customising Packages
+
+ Some packages in Nixpkgs have options to enable or disable optional
+ functionality or change other aspects of the package. For instance, the
+ Firefox wrapper package (which provides Firefox with a set of plugins such as
+ the Adobe Flash player) has an option to enable the Google Talk plugin. It
+ can be set in configuration.nix as follows:
+ nixpkgs.config.firefox.enableGoogleTalkPlugin = true;
+
-Some packages in Nixpkgs have options to enable or disable
-optional functionality or change other aspects of the package. For
-instance, the Firefox wrapper package (which provides Firefox with a
-set of plugins such as the Adobe Flash player) has an option to enable
-the Google Talk plugin. It can be set in
-configuration.nix as follows:
-
-
-nixpkgs.config.firefox.enableGoogleTalkPlugin = true;
-
-
-
-Unfortunately, Nixpkgs currently lacks a way to query
-available configuration options.
-
-Apart from high-level options, it’s possible to tweak a package
-in almost arbitrary ways, such as changing or disabling dependencies
-of a package. For instance, the Emacs package in Nixpkgs by default
-has a dependency on GTK+ 2. If you want to build it against GTK+ 3,
-you can specify that as follows:
+
+
+ Unfortunately, Nixpkgs currently lacks a way to query available
+ configuration options.
+
+
+
+ Apart from high-level options, it’s possible to tweak a package in almost
+ arbitrary ways, such as changing or disabling dependencies of a package. For
+ instance, the Emacs package in Nixpkgs by default has a dependency on GTK+ 2.
+ If you want to build it against GTK+ 3, you can specify that as follows:
-environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
+ = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
+ The function override performs the call to the Nix
+ function that produces Emacs, with the original arguments amended by the set
+ of arguments specified by you. So here the function argument
+ gtk gets the value pkgs.gtk3, causing
+ Emacs to depend on GTK+ 3. (The parentheses are necessary because in Nix,
+ function application binds more weakly than list construction, so without
+ them, would be a list with
+ two elements.)
+
-The function override performs the call to the Nix
-function that produces Emacs, with the original arguments amended by
-the set of arguments specified by you. So here the function argument
-gtk gets the value pkgs.gtk3,
-causing Emacs to depend on GTK+ 3. (The parentheses are necessary
-because in Nix, function application binds more weakly than list
-construction, so without them,
-environment.systemPackages would be a list with two
-elements.)
-
-Even greater customisation is possible using the function
-overrideAttrs. While the
-override mechanism above overrides the arguments of
-a package function, overrideAttrs allows
-changing the attributes passed to mkDerivation.
-This permits changing any aspect of the package, such as the source code.
-For instance, if you want to override the source code of Emacs, you
-can say:
-
+
+ Even greater customisation is possible using the function
+ overrideAttrs. While the override
+ mechanism above overrides the arguments of a package function,
+ overrideAttrs allows changing the
+ attributes passed to mkDerivation.
+ This permits changing any aspect of the package, such as the source code. For
+ instance, if you want to override the source code of Emacs, you can say:
-environment.systemPackages = [
+ = [
(pkgs.emacs.overrideAttrs (oldAttrs: {
name = "emacs-25.0-pre";
src = /path/to/my/emacs/tree;
}))
];
+ Here, overrideAttrs takes the Nix derivation specified by
+ pkgs.emacs and produces a new derivation in which the
+ original’s name and src attribute
+ have been replaced by the given values by re-calling
+ stdenv.mkDerivation. The original attributes are
+ accessible via the function argument, which is conventionally named
+ oldAttrs.
+
-Here, overrideAttrs takes the Nix derivation
-specified by pkgs.emacs and produces a new
-derivation in which the original’s name and
-src attribute have been replaced by the given
-values by re-calling stdenv.mkDerivation.
-The original attributes are accessible via the function argument,
-which is conventionally named oldAttrs.
-
-The overrides shown above are not global. They do not affect
-the original package; other packages in Nixpkgs continue to depend on
-the original rather than the customised package. This means that if
-another package in your system depends on the original package, you
-end up with two instances of the package. If you want to have
-everything depend on your customised instance, you can apply a
-global override as follows:
-
+
+ The overrides shown above are not global. They do not affect the original
+ package; other packages in Nixpkgs continue to depend on the original rather
+ than the customised package. This means that if another package in your
+ system depends on the original package, you end up with two instances of the
+ package. If you want to have everything depend on your customised instance,
+ you can apply a global override as follows:
nixpkgs.config.packageOverrides = pkgs:
{ emacs = pkgs.emacs.override { gtk = pkgs.gtk3; };
};
-
-The effect of this definition is essentially equivalent to modifying
-the emacs attribute in the Nixpkgs source tree.
-Any package in Nixpkgs that depends on emacs will
-be passed your customised instance. (However, the value
-pkgs.emacs in
-nixpkgs.config.packageOverrides refers to the
-original rather than overridden instance, to prevent an infinite
-recursion.)
-
+ The effect of this definition is essentially equivalent to modifying the
+ emacs attribute in the Nixpkgs source tree. Any package in
+ Nixpkgs that depends on emacs will be passed your
+ customised instance. (However, the value pkgs.emacs in
+ nixpkgs.config.packageOverrides refers to the original
+ rather than overridden instance, to prevent an infinite recursion.)
+
diff --git a/nixos/doc/manual/configuration/declarative-packages.xml b/nixos/doc/manual/configuration/declarative-packages.xml
index dc2fa715097c3359db877742e466414247266051..be9884fe9dce14bcc6ff6889c96f888283762241 100644
--- a/nixos/doc/manual/configuration/declarative-packages.xml
+++ b/nixos/doc/manual/configuration/declarative-packages.xml
@@ -3,41 +3,41 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-declarative-package-mgmt">
-
-Declarative Package Management
-
-With declarative package management, you specify which packages
-you want on your system by setting the option
-. For instance, adding the
-following line to configuration.nix enables the
-Mozilla Thunderbird email application:
-
+ Declarative Package Management
+
+
+ With declarative package management, you specify which packages you want on
+ your system by setting the option
+ . For instance, adding the
+ following line to configuration.nix enables the Mozilla
+ Thunderbird email application:
-environment.systemPackages = [ pkgs.thunderbird ];
+ = [ pkgs.thunderbird ];
+ The effect of this specification is that the Thunderbird package from Nixpkgs
+ will be built or downloaded as part of the system when you run
+ nixos-rebuild switch.
+
-The effect of this specification is that the Thunderbird package from
-Nixpkgs will be built or downloaded as part of the system when you run
-nixos-rebuild switch.
-
-You can get a list of the available packages as follows:
+
+ You can get a list of the available packages as follows:
$ nix-env -qaP '*' --description
nixos.firefox firefox-23.0 Mozilla Firefox - the browser, reloaded
...
+ The first column in the output is the attribute name,
+ such as nixos.thunderbird. (The nixos
+ prefix allows distinguishing between different channels that you might have.)
+
-The first column in the output is the attribute
-name, such as
-nixos.thunderbird. (The
-nixos prefix allows distinguishing between
-different channels that you might have.)
-
-To “uninstall” a package, simply remove it from
- and run
-nixos-rebuild switch.
+
+ To “uninstall” a package, simply remove it from
+ and run
+ nixos-rebuild switch.
+
-
-
+
+
diff --git a/nixos/doc/manual/configuration/file-systems.xml b/nixos/doc/manual/configuration/file-systems.xml
index ae3d124cd6bbe11d91920a0a79c8e13c8d161f70..e4c03de71b72feda6ccc74b7eae7a00f23517c7b 100644
--- a/nixos/doc/manual/configuration/file-systems.xml
+++ b/nixos/doc/manual/configuration/file-systems.xml
@@ -3,44 +3,44 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-file-systems">
-
-File Systems
-
-You can define file systems using the
- configuration option. For instance, the
-following definition causes NixOS to mount the Ext4 file system on
-device /dev/disk/by-label/data onto the mount
-point /data:
-
+ File Systems
+
+ You can define file systems using the
+ configuration option. For instance, the following definition causes NixOS to
+ mount the Ext4 file system on device
+ /dev/disk/by-label/data onto the mount point
+ /data:
-fileSystems."/data" =
+."/data" =
{ device = "/dev/disk/by-label/data";
fsType = "ext4";
};
-
-Mount points are created automatically if they don’t already exist.
-For , it’s best to use the topology-independent
-device aliases in /dev/disk/by-label and
-/dev/disk/by-uuid, as these don’t change if the
-topology changes (e.g. if a disk is moved to another IDE
-controller).
-
-You can usually omit the file system type
-(), since mount can usually
-detect the type and load the necessary kernel module automatically.
-However, if the file system is needed at early boot (in the initial
-ramdisk) and is not ext2, ext3
-or ext4, then it’s best to specify
- to ensure that the kernel module is
-available.
-
-System startup will fail if any of the filesystems fails to mount,
-dropping you to the emergency shell.
-You can make a mount asynchronous and non-critical by adding
-options = [ "nofail" ];.
-
-
-
-
+ Mount points are created automatically if they don’t already exist. For
+ ,
+ it’s best to use the topology-independent device aliases in
+ /dev/disk/by-label and
+ /dev/disk/by-uuid, as these don’t change if the
+ topology changes (e.g. if a disk is moved to another IDE controller).
+
+
+ You can usually omit the file system type
+ (),
+ since mount can usually detect the type and load the
+ necessary kernel module automatically. However, if the file system is needed
+ at early boot (in the initial ramdisk) and is not ext2,
+ ext3 or ext4, then it’s best to
+ specify to ensure that the kernel module is
+ available.
+
+
+
+ System startup will fail if any of the filesystems fails to mount, dropping
+ you to the emergency shell. You can make a mount asynchronous and
+ non-critical by adding
+ options = [
+ "nofail" ];.
+
+
+
diff --git a/nixos/doc/manual/configuration/firewall.xml b/nixos/doc/manual/configuration/firewall.xml
index 75cccef95b38f06af0667772bcdd1c4b2c1b4c93..b66adcedce6e888ce613ede9e4db7f9a03fa85cd 100644
--- a/nixos/doc/manual/configuration/firewall.xml
+++ b/nixos/doc/manual/configuration/firewall.xml
@@ -3,49 +3,44 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-firewall">
+ Firewall
-Firewall
-
-NixOS has a simple stateful firewall that blocks incoming
-connections and other unexpected packets. The firewall applies to
-both IPv4 and IPv6 traffic. It is enabled by default. It can be
-disabled as follows:
-
+
+ NixOS has a simple stateful firewall that blocks incoming connections and
+ other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic.
+ It is enabled by default. It can be disabled as follows:
-networking.firewall.enable = false;
+ = false;
-
-If the firewall is enabled, you can open specific TCP ports to the
-outside world:
-
+ If the firewall is enabled, you can open specific TCP ports to the outside
+ world:
-networking.firewall.allowedTCPPorts = [ 80 443 ];
+ = [ 80 443 ];
-
-Note that TCP port 22 (ssh) is opened automatically if the SSH daemon
-is enabled (). UDP
-ports can be opened through
-.
-
-To open ranges of TCP ports:
-
+ Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is
+ enabled (). UDP ports can be opened through
+ .
+
+
+
+ To open ranges of TCP ports:
-networking.firewall.allowedTCPPortRanges = [
+ = [
{ from = 4000; to = 4007; }
{ from = 8000; to = 8010; }
];
+ Similarly, UDP port ranges can be opened through
+ .
+
-Similarly, UDP port ranges can be opened through
-.
-
-Also of interest is
-
+
+ Also of interest is
-networking.firewall.allowPing = true;
+ = true;
-
-to allow the machine to respond to ping requests. (ICMPv6 pings are
-always allowed.)
-
+ to allow the machine to respond to ping requests. (ICMPv6 pings are always
+ allowed.)
+
diff --git a/nixos/doc/manual/configuration/ipv4-config.xml b/nixos/doc/manual/configuration/ipv4-config.xml
index 68238b547d60fb79eb3ff704af62ddedb23c9fb3..71ddf41491bafcfb34b288ab756862d579ebc1f9 100644
--- a/nixos/doc/manual/configuration/ipv4-config.xml
+++ b/nixos/doc/manual/configuration/ipv4-config.xml
@@ -3,42 +3,41 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-ipv4">
+ IPv4 Configuration
-IPv4 Configuration
-
-By default, NixOS uses DHCP (specifically,
-dhcpcd) to automatically configure network
-interfaces. However, you can configure an interface manually as
-follows:
-
+
+ By default, NixOS uses DHCP (specifically, dhcpcd) to
+ automatically configure network interfaces. However, you can configure an
+ interface manually as follows:
-networking.interfaces.eth0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];
+networking.interfaces.eth0.ipv4.addresses = [ {
+ address = "192.168.1.2";
+ prefixLength = 24;
+} ];
-
-Typically you’ll also want to set a default gateway and set of name
-servers:
-
+ Typically you’ll also want to set a default gateway and set of name
+ servers:
-networking.defaultGateway = "192.168.1.1";
-networking.nameservers = [ "8.8.8.8" ];
+ = "192.168.1.1";
+ = [ "8.8.8.8" ];
-
-
-
-Statically configured interfaces are set up by the systemd
-service
-interface-name-cfg.service.
-The default gateway and name server configuration is performed by
-network-setup.service.
-
-The host name is set using :
-
+
+
+
+
+ Statically configured interfaces are set up by the systemd service
+ interface-name-cfg.service.
+ The default gateway and name server configuration is performed by
+ network-setup.service.
+
+
+
+
+ The host name is set using :
-networking.hostName = "cartman";
+ = "cartman";
-
-The default host name is nixos. Set it to the
-empty string ("") to allow the DHCP server to
-provide the host name.
-
+ The default host name is nixos. Set it to the empty string
+ ("") to allow the DHCP server to provide the host name.
+
diff --git a/nixos/doc/manual/configuration/ipv6-config.xml b/nixos/doc/manual/configuration/ipv6-config.xml
index 74a21e18ec3fee57a8f1f5e9cd37304c45d41ab3..e9ab7cce4eb25ba38726c061a126a3bf63076769 100644
--- a/nixos/doc/manual/configuration/ipv6-config.xml
+++ b/nixos/doc/manual/configuration/ipv6-config.xml
@@ -3,44 +3,48 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-ipv6">
+ IPv6 Configuration
-IPv6 Configuration
-
-IPv6 is enabled by default. Stateless address autoconfiguration
-is used to automatically assign IPv6 addresses to all interfaces. You
-can disable IPv6 support globally by setting:
-
+
+ IPv6 is enabled by default. Stateless address autoconfiguration is used to
+ automatically assign IPv6 addresses to all interfaces. You can disable IPv6
+ support globally by setting:
-networking.enableIPv6 = false;
-
-
-You can disable IPv6 on a single interface using a normal sysctl (in this
-example, we use interface eth0):
+ = false;
+
+
+
+ You can disable IPv6 on a single interface using a normal sysctl (in this
+ example, we use interface eth0):
-boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
+."net.ipv6.conf.eth0.disable_ipv6" = true;
-
-
-As with IPv4 networking interfaces are automatically configured via
-DHCPv6. You can configure an interface manually:
+
+
+ As with IPv4 networking interfaces are automatically configured via DHCPv6.
+ You can configure an interface manually:
-networking.interfaces.eth0.ipv6.addresses = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ];
+networking.interfaces.eth0.ipv6.addresses = [ {
+ address = "fe00:aa:bb:cc::2";
+ prefixLength = 64;
+} ];
-
-
-For configuring a gateway, optionally with explicitly specified interface:
+
+
+ For configuring a gateway, optionally with explicitly specified interface:
-networking.defaultGateway6 = {
+ = {
address = "fe00::1";
interface = "enp0s3";
}
-
-
-See for similar examples and additional information.
-
+
+
+ See for similar examples and additional
+ information.
+
diff --git a/nixos/doc/manual/configuration/linux-kernel.xml b/nixos/doc/manual/configuration/linux-kernel.xml
index 52be26d6024a82593118edf5d676b57d83e52cac..0990e9d932bae7db533bfb2cfaf090a23b531e68 100644
--- a/nixos/doc/manual/configuration/linux-kernel.xml
+++ b/nixos/doc/manual/configuration/linux-kernel.xml
@@ -3,29 +3,29 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-kernel-config">
-
-Linux Kernel
-
-You can override the Linux kernel and associated packages using
-the option . For instance, this
-selects the Linux 3.10 kernel:
+ Linux Kernel
+
+ You can override the Linux kernel and associated packages using the option
+ . For instance, this selects the Linux
+ 3.10 kernel:
-boot.kernelPackages = pkgs.linuxPackages_3_10;
+ = pkgs.linuxPackages_3_10;
-Note that this not only replaces the kernel, but also packages that
-are specific to the kernel version, such as the NVIDIA video drivers.
-This ensures that driver packages are consistent with the
-kernel.
-
-The default Linux kernel configuration should be fine for most users. You can see the configuration of your current kernel with the following command:
+ Note that this not only replaces the kernel, but also packages that are
+ specific to the kernel version, such as the NVIDIA video drivers. This
+ ensures that driver packages are consistent with the kernel.
+
+
+ The default Linux kernel configuration should be fine for most users. You can
+ see the configuration of your current kernel with the following command:
zcat /proc/config.gz
-If you want to change the kernel configuration, you can use the
- feature (see ). For instance, to enable
-support for the kernel debugger KGDB:
-
+ If you want to change the kernel configuration, you can use the
+ feature (see
+ ). For instance, to enable support
+ for the kernel debugger KGDB:
nixpkgs.config.packageOverrides = pkgs:
{ linux_3_4 = pkgs.linux_3_4.override {
@@ -36,47 +36,46 @@ nixpkgs.config.packageOverrides = pkgs:
};
};
-
-extraConfig takes a list of Linux kernel
-configuration options, one per line. The name of the option should
-not include the prefix CONFIG_. The option value
-is typically y, n or
-m (to build something as a kernel module).
-
-Kernel modules for hardware devices are generally loaded
-automatically by udev. You can force a module to
-be loaded via , e.g.
+ extraConfig takes a list of Linux kernel configuration
+ options, one per line. The name of the option should not include the prefix
+ CONFIG_. The option value is typically
+ y, n or m (to build
+ something as a kernel module).
+
+
+ Kernel modules for hardware devices are generally loaded automatically by
+ udev. You can force a module to be loaded via
+ , e.g.
-boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
+ = [ "fuse" "kvm-intel" "coretemp" ];
-If the module is required early during the boot (e.g. to mount the
-root file system), you can use
-:
+ If the module is required early during the boot (e.g. to mount the root file
+ system), you can use :
-boot.initrd.extraKernelModules = [ "cifs" ];
+ = [ "cifs" ];
-This causes the specified modules and their dependencies to be added
-to the initial ramdisk.
-
-Kernel runtime parameters can be set through
-, e.g.
+ This causes the specified modules and their dependencies to be added to the
+ initial ramdisk.
+
+
+ Kernel runtime parameters can be set through
+ , e.g.
-boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120;
+."net.ipv4.tcp_keepalive_time" = 120;
-sets the kernel’s TCP keepalive time to 120 seconds. To see the
-available parameters, run sysctl -a.
-
-
+ sets the kernel’s TCP keepalive time to 120 seconds. To see the available
+ parameters, run sysctl -a.
+
+ Developing kernel modules
- When developing kernel modules it's often convenient to run
- edit-compile-run loop as quickly as possible.
-
- See below snippet as an example of developing mellanox
- drivers.
+
+ When developing kernel modules it's often convenient to run edit-compile-run
+ loop as quickly as possible. See below snippet as an example of developing
+ mellanox drivers.
- ' -A linuxPackages.kernel.dev
$ nix-shell '' -A linuxPackages.kernel
$ unpackPhase
@@ -84,7 +83,5 @@ $ cd linux-*
$ make -C $dev/lib/modules/*/build M=$(pwd)/drivers/net/ethernet/mellanox modules
# insmod ./drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko
]]>
-
-
-
+
diff --git a/nixos/doc/manual/configuration/luks-file-systems.xml b/nixos/doc/manual/configuration/luks-file-systems.xml
index 00c795cd089840720fa4953f55a613e34702e66f..8a2b107e0ee8aa5c61d6624e53152f07731ca1a5 100644
--- a/nixos/doc/manual/configuration/luks-file-systems.xml
+++ b/nixos/doc/manual/configuration/luks-file-systems.xml
@@ -3,14 +3,13 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-luks-file-systems">
+ LUKS-Encrypted File Systems
-LUKS-Encrypted File Systems
-
-NixOS supports file systems that are encrypted using
-LUKS (Linux Unified Key Setup). For example,
-here is how you create an encrypted Ext4 file system on the device
-/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d:
-
+
+ NixOS supports file systems that are encrypted using
+ LUKS (Linux Unified Key Setup). For example, here is how
+ you create an encrypted Ext4 file system on the device
+ /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d:
# cryptsetup luksFormat /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d
@@ -27,20 +26,15 @@ Enter passphrase for /dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d: ***
# mkfs.ext4 /dev/mapper/crypted
-
-To ensure that this file system is automatically mounted at boot time
-as /, add the following to
-configuration.nix:
-
+ To ensure that this file system is automatically mounted at boot time as
+ /, add the following to
+ configuration.nix:
-boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";
-fileSystems."/".device = "/dev/mapper/crypted";
+boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";
+."/".device = "/dev/mapper/crypted";
-
-Should grub be used as bootloader, and /boot is located
-on an encrypted partition, it is necessary to add the following grub option:
-boot.loader.grub.enableCryptodisk = true;
-
-
-
+ Should grub be used as bootloader, and /boot is located
+ on an encrypted partition, it is necessary to add the following grub option:
+ = true;
+
diff --git a/nixos/doc/manual/configuration/modularity.xml b/nixos/doc/manual/configuration/modularity.xml
index 5420c7f88385331f66d9fea75b15fdd3b45ef3b3..3ff96f719ec57f70004103c2f2925c058d11edff 100644
--- a/nixos/doc/manual/configuration/modularity.xml
+++ b/nixos/doc/manual/configuration/modularity.xml
@@ -3,101 +3,95 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-modularity">
-
-Modularity
-
-The NixOS configuration mechanism is modular. If your
-configuration.nix becomes too big, you can split
-it into multiple files. Likewise, if you have multiple NixOS
-configurations (e.g. for different computers) with some commonality,
-you can move the common configuration into a shared file.
-
-Modules have exactly the same syntax as
-configuration.nix. In fact,
-configuration.nix is itself a module. You can
-use other modules by including them from
-configuration.nix, e.g.:
-
+ Modularity
+
+
+ The NixOS configuration mechanism is modular. If your
+ configuration.nix becomes too big, you can split it into
+ multiple files. Likewise, if you have multiple NixOS configurations (e.g. for
+ different computers) with some commonality, you can move the common
+ configuration into a shared file.
+
+
+
+ Modules have exactly the same syntax as
+ configuration.nix. In fact,
+ configuration.nix is itself a module. You can use other
+ modules by including them from configuration.nix, e.g.:
{ config, pkgs, ... }:
{ imports = [ ./vpn.nix ./kde.nix ];
- services.httpd.enable = true;
- environment.systemPackages = [ pkgs.emacs ];
+ = true;
+ = [ pkgs.emacs ];
...
}
-
-Here, we include two modules from the same directory,
-vpn.nix and kde.nix. The
-latter might look like this:
-
+ Here, we include two modules from the same directory,
+ vpn.nix and kde.nix. The latter
+ might look like this:
{ config, pkgs, ... }:
-{ services.xserver.enable = true;
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
+{ = true;
+ = true;
+ = true;
}
-
-Note that both configuration.nix and
-kde.nix define the option
-. When multiple modules
-define an option, NixOS will try to merge the
-definitions. In the case of
-, that’s easy: the lists of
-packages can simply be concatenated. The value in
-configuration.nix is merged last, so for
-list-type options, it will appear at the end of the merged list. If
-you want it to appear first, you can use mkBefore:
-
+ Note that both configuration.nix and
+ kde.nix define the option
+ . When multiple modules
+ define an option, NixOS will try to merge the
+ definitions. In the case of ,
+ that’s easy: the lists of packages can simply be concatenated. The value in
+ configuration.nix is merged last, so for list-type
+ options, it will appear at the end of the merged list. If you want it to
+ appear first, you can use mkBefore:
-boot.kernelModules = mkBefore [ "kvm-intel" ];
+ = mkBefore [ "kvm-intel" ];
-
-This causes the kvm-intel kernel module to be
-loaded before any other kernel modules.
-
-For other types of options, a merge may not be possible. For
-instance, if two modules define
-,
-nixos-rebuild will give an error:
-
+ This causes the kvm-intel kernel module to be loaded
+ before any other kernel modules.
+
+
+
+ For other types of options, a merge may not be possible. For instance, if two
+ modules define ,
+ nixos-rebuild will give an error:
The unique option `services.httpd.adminAddr' is defined multiple times, in `/etc/nixos/httpd.nix' and `/etc/nixos/configuration.nix'.
-
-When that happens, it’s possible to force one definition take
-precedence over the others:
-
+ When that happens, it’s possible to force one definition take precedence
+ over the others:
-services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org";
+ = pkgs.lib.mkForce "bob@example.org";
-
-
-
-When using multiple modules, you may need to access
-configuration values defined in other modules. This is what the
-config function argument is for: it contains the
-complete, merged system configuration. That is,
-config is the result of combining the
-configurations returned by every moduleIf you’re
-wondering how it’s possible that the (indirect)
-result of a function is passed as an
-input to that same function: that’s because Nix
-is a “lazy” language — it only computes values when they are needed.
-This works as long as no individual configuration value depends on
-itself.. For example, here is a module that adds
-some packages to only if
- is set to
-true somewhere else:
-
+
+
+
+ When using multiple modules, you may need to access configuration values
+ defined in other modules. This is what the config function
+ argument is for: it contains the complete, merged system configuration. That
+ is, config is the result of combining the configurations
+ returned by every module
+
+
+ If you’re wondering how it’s possible that the (indirect)
+ result of a function is passed as an
+ input to that same function: that’s because Nix is a
+ “lazy” language — it only computes values when they are needed. This
+ works as long as no individual configuration value depends on itself.
+
+
+ . For example, here is a module that adds some packages to
+ only if
+ is set to
+ true somewhere else:
{ config, pkgs, ... }:
-{ environment.systemPackages =
- if config.services.xserver.enable then
+{ =
+ if config. then
[ pkgs.firefox
pkgs.thunderbird
]
@@ -105,38 +99,32 @@ some packages to only if
[ ];
}
+
-
-
-With multiple modules, it may not be obvious what the final
-value of a configuration option is. The command
- allows you to find out:
-
+
+ With multiple modules, it may not be obvious what the final value of a
+ configuration option is. The command allows you
+ to find out:
-$ nixos-option services.xserver.enable
+$ nixos-option
true
-$ nixos-option boot.kernelModules
+$ nixos-option
[ "tun" "ipv6" "loop" ... ]
-
-Interactive exploration of the configuration is possible using
-nix-repl,
-a read-eval-print loop for Nix expressions. It’s not installed by
-default; run nix-env -i nix-repl to get it. A
-typical use:
-
+ a read-eval-print loop for Nix expressions. It’s not installed by default;
+ run nix-env -i nix-repl to get it. A typical use:
$ nix-repl '<nixpkgs/nixos>'
-nix-repl> config.networking.hostName
+nix-repl> config.
"mandark"
-nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts
+nix-repl> map (x: x.hostName) config.
[ "example.org" "example.gov" ]
-
-
-
+
diff --git a/nixos/doc/manual/configuration/network-manager.xml b/nixos/doc/manual/configuration/network-manager.xml
index b4808e74ff9dfce91ff68998d867d82aa5e642ef..e217a99148b95d403d2f7b67d5833939022e8255 100644
--- a/nixos/doc/manual/configuration/network-manager.xml
+++ b/nixos/doc/manual/configuration/network-manager.xml
@@ -3,39 +3,42 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-networkmanager">
+ NetworkManager
-NetworkManager
-
-To facilitate network configuration, some desktop environments
-use NetworkManager. You can enable NetworkManager by setting:
-
+
+ To facilitate network configuration, some desktop environments use
+ NetworkManager. You can enable NetworkManager by setting:
-networking.networkmanager.enable = true;
+ = true;
+ some desktop managers (e.g., GNOME) enable NetworkManager automatically for
+ you.
+
-some desktop managers (e.g., GNOME) enable NetworkManager
-automatically for you.
-
-All users that should have permission to change network settings must
-belong to the networkmanager group:
-
+
+ All users that should have permission to change network settings must belong
+ to the networkmanager group:
-users.extraUsers.youruser.extraGroups = [ "networkmanager" ];
+users.extraUsers.youruser.extraGroups = [ "networkmanager" ];
-
-
-NetworkManager is controlled using either nmcli or
-nmtui (curses-based terminal user interface). See their
-manual pages for details on their usage. Some desktop environments (GNOME, KDE)
-have their own configuration tools for NetworkManager. On XFCE, there is no
-configuration tool for NetworkManager by default: by adding
-networkmanagerapplet to the list of system packages, the graphical
-applet will be installed and will launch automatically when XFCE is starting
-(and will show in the status tray).
-
-networking.networkmanager and
-networking.wireless (WPA Supplicant) cannot be enabled at the same
-time: you can still connect to the wireless networks using
-NetworkManager.
-
+
+
+
+ NetworkManager is controlled using either nmcli or
+ nmtui (curses-based terminal user interface). See their
+ manual pages for details on their usage. Some desktop environments (GNOME,
+ KDE) have their own configuration tools for NetworkManager. On XFCE, there is
+ no configuration tool for NetworkManager by default: by adding
+ networkmanagerapplet to the list of system packages, the
+ graphical applet will be installed and will launch automatically when XFCE is
+ starting (and will show in the status tray).
+
+
+
+
+ networking.networkmanager and networking.wireless
+ (WPA Supplicant) cannot be enabled at the same time: you can still connect
+ to the wireless networks using NetworkManager.
+
+
diff --git a/nixos/doc/manual/configuration/networking.xml b/nixos/doc/manual/configuration/networking.xml
index 5f08bc1f12756e20c6d8215f25634cbb6cf1be0e..02cf811e0bd3d77dfd93eb977444ffbc16e8ec42 100644
--- a/nixos/doc/manual/configuration/networking.xml
+++ b/nixos/doc/manual/configuration/networking.xml
@@ -3,20 +3,17 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-networking">
-
-Networking
-
-This section describes how to configure networking components on
-your NixOS machine.
-
-
-
-
-
-
-
-
-
+ Networking
+
+ This section describes how to configure networking components on your NixOS
+ machine.
+
+
+
+
+
+
+
+
-
diff --git a/nixos/doc/manual/configuration/package-mgmt.xml b/nixos/doc/manual/configuration/package-mgmt.xml
index 73c1722da02c6c252976f0fe1626e6717652dfcf..e8ac5d0681a91b13e1f3261727e2bde0cbd1ef76 100644
--- a/nixos/doc/manual/configuration/package-mgmt.xml
+++ b/nixos/doc/manual/configuration/package-mgmt.xml
@@ -3,32 +3,29 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-package-management">
-
-Package Management
-
-This section describes how to add additional packages to your
-system. NixOS has two distinct styles of package management:
-
-
-
- Declarative, where you declare
- what packages you want in your
- configuration.nix. Every time you run
- nixos-rebuild, NixOS will ensure that you get a
- consistent set of binaries corresponding to your
- specification.
-
- Ad hoc, where you install,
- upgrade and uninstall packages via the nix-env
- command. This style allows mixing packages from different Nixpkgs
- versions. It’s the only choice for non-root
- users.
-
-
-
-
-
-
-
-
+ Package Management
+
+ This section describes how to add additional packages to your system. NixOS
+ has two distinct styles of package management:
+
+
+
+ Declarative, where you declare what packages you want
+ in your configuration.nix. Every time you run
+ nixos-rebuild, NixOS will ensure that you get a
+ consistent set of binaries corresponding to your specification.
+
+
+
+
+ Ad hoc, where you install, upgrade and uninstall
+ packages via the nix-env command. This style allows
+ mixing packages from different Nixpkgs versions. It’s the only choice
+ for non-root users.
+
+
+
+
+
+
diff --git a/nixos/doc/manual/configuration/ssh.xml b/nixos/doc/manual/configuration/ssh.xml
index 7c928baaf896c20590786b94eeedc3a09a67c448..6e883e3fbbc1dc7b884ef3a6b441d146586ec4c5 100644
--- a/nixos/doc/manual/configuration/ssh.xml
+++ b/nixos/doc/manual/configuration/ssh.xml
@@ -3,30 +3,25 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-ssh">
+ Secure Shell Access
-Secure Shell Access
-
-Secure shell (SSH) access to your machine can be enabled by
-setting:
-
+
+ Secure shell (SSH) access to your machine can be enabled by setting:
-services.openssh.enable = true;
+ = true;
-
-By default, root logins using a password are disallowed. They can be
-disabled entirely by setting
-services.openssh.permitRootLogin to
-"no".
-
-You can declaratively specify authorised RSA/DSA public keys for
-a user as follows:
-
+ By default, root logins using a password are disallowed. They can be disabled
+ entirely by setting to
+ "no".
+
+
+
+ You can declaratively specify authorised RSA/DSA public keys for a user as
+ follows:
-users.extraUsers.alice.openssh.authorizedKeys.keys =
+users.extraUsers.alice.openssh.authorizedKeys.keys =
[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
-
-
-
+
diff --git a/nixos/doc/manual/configuration/summary.xml b/nixos/doc/manual/configuration/summary.xml
index be1f2263149e47edc3f7dc537fe2782f0a103012..ea980254a8fc4d47bae7d2046afce6840b64544b 100644
--- a/nixos/doc/manual/configuration/summary.xml
+++ b/nixos/doc/manual/configuration/summary.xml
@@ -3,190 +3,225 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nix-syntax-summary">
+ Syntax Summary
-Syntax Summary
-
-Below is a summary of the most important syntactic constructs in
-the Nix expression language. It’s not complete. In particular, there
-are many other built-in functions. See the
+ Below is a summary of the most important syntactic constructs in the Nix
+ expression language. It’s not complete. In particular, there are many other
+ built-in functions. See the
+ Nix
-manual for the rest.
+ manual for the rest.
+
-
+
-
-
-
-
- Example
- Description
-
-
-
-
-
- Basic values
-
-
- "Hello world"
- A string
-
-
- "${pkgs.bash}/bin/sh"
- A string containing an expression (expands to "/nix/store/hash-bash-version/bin/sh")
-
-
- true, false
- Booleans
-
-
- 123
- An integer
-
-
- ./foo.png
- A path (relative to the containing Nix expression)
-
-
-
- Compound values
-
-
- { x = 1; y = 2; }
- An set with attributes names x and y
-
-
- { foo.bar = 1; }
- A nested set, equivalent to { foo = { bar = 1; }; }
-
-
- rec { x = "foo"; y = x + "bar"; }
- A recursive set, equivalent to { x = "foo"; y = "foobar"; }
-
-
- [ "foo" "bar" ]
- A list with two elements
-
-
-
- Operators
-
-
- "foo" + "bar"
- String concatenation
-
-
- 1 + 2
- Integer addition
-
-
- "foo" == "f" + "oo"
- Equality test (evaluates to true)
-
-
- "foo" != "bar"
- Inequality test (evaluates to true)
-
-
- !true
- Boolean negation
-
-
- { x = 1; y = 2; }.x
- Attribute selection (evaluates to 1)
-
-
- { x = 1; y = 2; }.z or 3
- Attribute selection with default (evaluates to 3)
-
-
- { x = 1; y = 2; } // { z = 3; }
- Merge two sets (attributes in the right-hand set taking precedence)
-
-
-
- Control structures
-
-
- if 1 + 1 == 2 then "yes!" else "no!"
- Conditional expression
-
-
- assert 1 + 1 == 2; "yes!"
- Assertion check (evaluates to "yes!"). See
+
+
+
+ Example
+ Description
+
+
+
+
+ Basic values
+
+
+
+ "Hello world"
+
+ A string
+
+
+ "${pkgs.bash}/bin/sh"
+
+ A string containing an expression (expands to "/nix/store/hash-bash-version/bin/sh")
+
+
+ true, false
+
+ Booleans
+
+
+ 123
+
+ An integer
+
+
+ ./foo.png
+
+ A path (relative to the containing Nix expression)
+
+
+ Compound values
+
+
+
+ { x = 1; y = 2; }
+
+ A set with attributes named x and y
+
+
+
+ { foo.bar = 1; }
+
+ A nested set, equivalent to { foo = { bar = 1; }; }
+
+
+
+ rec { x = "foo"; y = x + "bar"; }
+
+ A recursive set, equivalent to { x = "foo"; y = "foobar"; }
+
+
+
+ [ "foo" "bar" ]
+
+ A list with two elements
+
+
+ Operators
+
+
+
+ "foo" + "bar"
+
+ String concatenation
+
+
+ 1 + 2
+
+ Integer addition
+
+
+ "foo" == "f" + "oo"
+
+ Equality test (evaluates to true)
+
+
+ "foo" != "bar"
+
+ Inequality test (evaluates to true)
+
+
+ !true
+
+ Boolean negation
+
+
+ { x = 1; y = 2; }.x
+
+ Attribute selection (evaluates to 1)
+
+
+ { x = 1; y = 2; }.z or 3
+
+ Attribute selection with default (evaluates to 3)
+
+
+ { x = 1; y = 2; } // { z = 3; }
+
+ Merge two sets (attributes in the right-hand set taking precedence)
+
+
+ Control structures
+
+
+
+ if 1 + 1 == 2 then "yes!" else "no!"
+
+ Conditional expression
+
+
+ assert 1 + 1 == 2; "yes!"
+
+ Assertion check (evaluates to "yes!"). See for using assertions in modules
-
-
- let x = "foo"; y = "bar"; in x + y
- Variable definition
-
-
- with pkgs.lib; head [ 1 2 3 ]
- Add all attributes from the given set to the scope
+
+
+ let x = "foo"; y = "bar"; in x + y
+
+ Variable definition
+
+
+ with pkgs.lib; head [ 1 2 3 ]
+
+ Add all attributes from the given set to the scope
(evaluates to 1)
-
-
-
- Functions (lambdas)
-
-
- x: x + 1
- A function that expects an integer and returns it increased by 1
-
-
- (x: x + 1) 100
- A function call (evaluates to 101)
-
-
- let inc = x: x + 1; in inc (inc (inc 100))
- A function bound to a variable and subsequently called by name (evaluates to 103)
-
-
- { x, y }: x + y
- A function that expects a set with required attributes
+
+
+ Functions (lambdas)
+
+
+
+ x: x + 1
+
+ A function that expects an integer and returns it increased by 1
+
+
+ (x: x + 1) 100
+
+ A function call (evaluates to 101)
+
+
+ let inc = x: x + 1; in inc (inc (inc 100))
+
+ A function bound to a variable and subsequently called by name (evaluates to 103)
+
+
+ { x, y }: x + y
+
+ A function that expects a set with required attributes
x and y and concatenates
them
-
-
- { x, y ? "bar" }: x + y
- A function that expects a set with required attribute
+
+
+ { x, y ? "bar" }: x + y
+
+ A function that expects a set with required attribute
x and optional y, using
"bar" as default value for
- y
-
-
- { x, y, ... }: x + y
- A function that expects a set with required attributes
+ y
+
+
+
+ { x, y, ... }: x + y
+
+ A function that expects a set with required attributes
x and y and ignores any
other attributes
-
-
- { x, y } @ args: x + y
- A function that expects a set with required attributes
+
+
+ { x, y } @ args: x + y
+
+ A function that expects a set with required attributes
x and y, and binds the
- whole set to args
-
-
-
- Built-in functions
-
-
- import ./foo.nix
- Load and return Nix expression in given file
-
-
- map (x: x + x) [ 1 2 3 ]
- Apply a function to every element of a list (evaluates to [ 2 4 6 ])
-
-
-
-
+
-
-
+
diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml
index c6656edff6c8f5ffee70efd61089ded8b66ba20b..66c1c6eb3a115f4369a917c8dd0e637069152a97 100644
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@@ -3,98 +3,86 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-user-management">
-
-User Management
-
-NixOS supports both declarative and imperative styles of user
-management. In the declarative style, users are specified in
-configuration.nix. For instance, the following
-states that a user account named alice shall exist:
-
+ User Management
+
+ NixOS supports both declarative and imperative styles of user management. In
+ the declarative style, users are specified in
+ configuration.nix. For instance, the following states
+ that a user account named alice shall exist:
-users.users.alice =
- { isNormalUser = true;
- home = "/home/alice";
- description = "Alice Foobar";
- extraGroups = [ "wheel" "networkmanager" ];
- openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
- };
+.alice = {
+ isNormalUser = true;
+ home = "/home/alice";
+ description = "Alice Foobar";
+ extraGroups = [ "wheel" "networkmanager" ];
+ openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
+};
-
-Note that alice is a member of the
-wheel and networkmanager groups,
-which allows her to use sudo to execute commands as
-root and to configure the network, respectively.
-Also note the SSH public key that allows remote logins with the
-corresponding private key. Users created in this way do not have a
-password by default, so they cannot log in via mechanisms that require
-a password. However, you can use the passwd program
-to set a password, which is retained across invocations of
-nixos-rebuild.
-
-If you set users.mutableUsers to false, then the contents of /etc/passwd
-and /etc/group will be congruent to your NixOS configuration. For instance,
-if you remove a user from users.users and run nixos-rebuild, the user
-account will cease to exist. Also, imperative commands for managing users
-and groups, such as useradd, are no longer available. Passwords may still be
-assigned by setting the user's hashedPassword option. A
-hashed password can be generated using mkpasswd -m sha-512
-after installing the mkpasswd package.
-
-A user ID (uid) is assigned automatically. You can also specify
-a uid manually by adding
-
+ Note that alice is a member of the
+ wheel and networkmanager groups, which
+ allows her to use sudo to execute commands as
+ root and to configure the network, respectively. Also note
+ the SSH public key that allows remote logins with the corresponding private
+ key. Users created in this way do not have a password by default, so they
+ cannot log in via mechanisms that require a password. However, you can use
+ the passwd program to set a password, which is retained
+ across invocations of nixos-rebuild.
+
+
+ If you set to false, then the
+ contents of /etc/passwd and /etc/group
+ will be congruent to your NixOS configuration. For instance, if you remove a
+ user from and run nixos-rebuild, the user
+ account will cease to exist. Also, imperative commands for managing users and
+ groups, such as useradd, are no longer available. Passwords may still be
+ assigned by setting the user's
+ hashedPassword
+ option. A hashed password can be generated using mkpasswd -m
+ sha-512 after installing the mkpasswd package.
+
+
+ A user ID (uid) is assigned automatically. You can also specify a uid
+ manually by adding
uid = 1000;
-
-to the user specification.
-
-Groups can be specified similarly. The following states that a
-group named students shall exist:
-
+ to the user specification.
+
+
+ Groups can be specified similarly. The following states that a group named
+ students shall exist:
-users.groups.students.gid = 1000;
+.students.gid = 1000;
-
-As with users, the group ID (gid) is optional and will be assigned
-automatically if it’s missing.
-
-In the imperative style, users and groups are managed by
-commands such as useradd,
-groupmod and so on. For instance, to create a user
-account named alice:
-
+ As with users, the group ID (gid) is optional and will be assigned
+ automatically if it’s missing.
+
+
+ In the imperative style, users and groups are managed by commands such as
+ useradd, groupmod and so on. For
+ instance, to create a user account named alice:
# useradd -m alice
-
-To make all nix tools available to this new user use `su - USER` which
-opens a login shell (==shell that loads the profile) for given user.
-This will create the ~/.nix-defexpr symlink. So run:
-
+ To make all nix tools available to this new user use `su - USER` which opens
+ a login shell (==shell that loads the profile) for given user. This will
+ create the ~/.nix-defexpr symlink. So run:
# su - alice -c "true"
-
-
-The flag causes the creation of a home directory
-for the new user, which is generally what you want. The user does not
-have an initial password and therefore cannot log in. A password can
-be set using the passwd utility:
-
+ The flag causes the creation of a home directory for the
+ new user, which is generally what you want. The user does not have an initial
+ password and therefore cannot log in. A password can be set using the
+ passwd utility:
# passwd alice
Enter new UNIX password: ***
Retype new UNIX password: ***
-
-A user can be deleted using userdel:
-
+ A user can be deleted using userdel:
# userdel -r alice
-
-The flag deletes the user’s home directory.
-Accounts can be modified using usermod. Unix
-groups can be managed using groupadd,
-groupmod and groupdel.
-
+ The flag deletes the user’s home directory. Accounts
+ can be modified using usermod. Unix groups can be managed
+ using groupadd, groupmod and
+ groupdel.
+
diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml
index 1868380dcbfad31ab5f88ffe0ac5dd354da8e43d..999447234ad1f276f24c092b1969a6f02c3de411 100644
--- a/nixos/doc/manual/configuration/wireless.xml
+++ b/nixos/doc/manual/configuration/wireless.xml
@@ -3,51 +3,43 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-wireless">
+ Wireless Networks
-Wireless Networks
-
-For a desktop installation using NetworkManager (e.g., GNOME),
-you just have to make sure the user is in the
-networkmanager group and you can skip the rest of this
-section on wireless networks.
-
-
-NixOS will start wpa_supplicant for you if you enable this setting:
+
+ For a desktop installation using NetworkManager (e.g., GNOME), you just have
+ to make sure the user is in the networkmanager group and you can
+ skip the rest of this section on wireless networks.
+
+
+ NixOS will start wpa_supplicant for you if you enable this setting:
-networking.wireless.enable = true;
+ = true;
-
-NixOS lets you specify networks for wpa_supplicant declaratively:
+ NixOS lets you specify networks for wpa_supplicant declaratively:
-networking.wireless.networks = {
+ = {
echelon = {
psk = "abcdefgh";
};
"free.wifi" = {};
}
-
-Be aware that keys will be written to the nix store in plaintext!
-
-When no networks are set, it will default to using a configuration file at
-/etc/wpa_supplicant.conf. You should edit this file
-yourself to define wireless networks, WPA keys and so on (see
-wpa_supplicant.conf(5)).
-
-
-
-If you are using WPA2 the wpa_passphrase tool might be useful
-to generate the wpa_supplicant.conf.
-
+ Be aware that keys will be written to the nix store in plaintext! When no
+ networks are set, it will default to using a configuration file at
+ /etc/wpa_supplicant.conf. You should edit this file
+ yourself to define wireless networks, WPA keys and so on (see
+ wpa_supplicant.conf(5)).
+
+
+
+ If you are using WPA2 the wpa_passphrase tool might be
+ useful to generate the wpa_supplicant.conf.
# wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf
-
-After you have edited the wpa_supplicant.conf,
-you need to restart the wpa_supplicant service.
-
+ After you have edited the wpa_supplicant.conf, you need to
+ restart the wpa_supplicant service.
# systemctl restart wpa_supplicant.service
-
-
+
diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml
index 9c2c59006f15d04453c352b8052e6802f22df60a..9a0969ad635565b9670b2fd5a06485dc23f4933e 100644
--- a/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixos/doc/manual/configuration/x-windows.xml
@@ -3,138 +3,133 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-x11">
-
-X Window System
-
-The X Window System (X11) provides the basis of NixOS’ graphical
-user interface. It can be enabled as follows:
+ X Window System
+
+ The X Window System (X11) provides the basis of NixOS’ graphical user
+ interface. It can be enabled as follows:
-services.xserver.enable = true;
+ = true;
-The X server will automatically detect and use the appropriate video
-driver from a set of X.org drivers (such as vesa
-and intel). You can also specify a driver
-manually, e.g.
+ The X server will automatically detect and use the appropriate video driver
+ from a set of X.org drivers (such as vesa and
+ intel). You can also specify a driver manually, e.g.
-services.xserver.videoDrivers = [ "r128" ];
+ = [ "r128" ];
-to enable X.org’s xf86-video-r128 driver.
-
-You also need to enable at least one desktop or window manager.
-Otherwise, you can only log into a plain undecorated
-xterm window. Thus you should pick one or more of
-the following lines:
+ to enable X.org’s xf86-video-r128 driver.
+
+
+ You also need to enable at least one desktop or window manager. Otherwise,
+ you can only log into a plain undecorated xterm window.
+ Thus you should pick one or more of the following lines:
-services.xserver.desktopManager.plasma5.enable = true;
-services.xserver.desktopManager.xfce.enable = true;
-services.xserver.desktopManager.gnome3.enable = true;
-services.xserver.windowManager.xmonad.enable = true;
-services.xserver.windowManager.twm.enable = true;
-services.xserver.windowManager.icewm.enable = true;
-services.xserver.windowManager.i3.enable = true;
+ = true;
+ = true;
+ = true;
+ = true;
+ = true;
+ = true;
+ = true;
-
-
-NixOS’s default display manager (the
-program that provides a graphical login prompt and manages the X
-server) is SLiM. You can select an alternative one by picking one
-of the following lines:
+
+
+ NixOS’s default display manager (the program that
+ provides a graphical login prompt and manages the X server) is SLiM. You can
+ select an alternative one by picking one of the following lines:
-services.xserver.displayManager.sddm.enable = true;
-services.xserver.displayManager.lightdm.enable = true;
+ = true;
+ = true;
-
-
-You can set the keyboard layout (and optionally the layout variant):
+
+
+ You can set the keyboard layout (and optionally the layout variant):
-services.xserver.layout = "de";
-services.xserver.xkbVariant = "neo";
+ = "de";
+ = "neo";
-
-
-The X server is started automatically at boot time. If you
-don’t want this to happen, you can set:
+
+
+ The X server is started automatically at boot time. If you don’t want this
+ to happen, you can set:
-services.xserver.autorun = false;
+ = false;
-The X server can then be started manually:
+ The X server can then be started manually:
# systemctl start display-manager.service
-
-
-
-NVIDIA Graphics Cards
-
-NVIDIA provides a proprietary driver for its graphics cards that
-has better 3D performance than the X.org drivers. It is not enabled
-by default because it’s not free software. You can enable it as follows:
+
+
+ NVIDIA Graphics Cards
+
+ NVIDIA provides a proprietary driver for its graphics cards that has better
+ 3D performance than the X.org drivers. It is not enabled by default because
+ it’s not free software. You can enable it as follows:
-services.xserver.videoDrivers = [ "nvidia" ];
+ = [ "nvidia" ];
-Or if you have an older card, you may have to use one of the legacy drivers:
+ Or if you have an older card, you may have to use one of the legacy drivers:
-services.xserver.videoDrivers = [ "nvidiaLegacy340" ];
-services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
-services.xserver.videoDrivers = [ "nvidiaLegacy173" ];
+ = [ "nvidiaLegacy340" ];
+ = [ "nvidiaLegacy304" ];
+ = [ "nvidiaLegacy173" ];
-You may need to reboot after enabling this driver to prevent a clash
-with other kernel modules.
-
-On 64-bit systems, if you want full acceleration for 32-bit
-programs such as Wine, you should also set the following:
+ You may need to reboot after enabling this driver to prevent a clash with
+ other kernel modules.
+
+
+ On 64-bit systems, if you want full acceleration for 32-bit programs such as
+ Wine, you should also set the following:
-hardware.opengl.driSupport32Bit = true;
+ = true;
-
-
-
-
-AMD Graphics Cards
-
-AMD provides a proprietary driver for its graphics cards that
-has better 3D performance than the X.org drivers. It is not enabled
-by default because it’s not free software. You can enable it as follows:
+
+
+
+ AMD Graphics Cards
+
+ AMD provides a proprietary driver for its graphics cards that has better 3D
+ performance than the X.org drivers. It is not enabled by default because
+ it’s not free software. You can enable it as follows:
-services.xserver.videoDrivers = [ "ati_unfree" ];
+ = [ "ati_unfree" ];
-You will need to reboot after enabling this driver to prevent a clash
-with other kernel modules.
-
-On 64-bit systems, if you want full acceleration for 32-bit
-programs such as Wine, you should also set the following:
+ You will need to reboot after enabling this driver to prevent a clash with
+ other kernel modules.
+
+
+ On 64-bit systems, if you want full acceleration for 32-bit programs such as
+ Wine, you should also set the following:
-hardware.opengl.driSupport32Bit = true;
+ = true;
-
-
-
-
-Touchpads
-
-Support for Synaptics touchpads (found in many laptops such as
-the Dell Latitude series) can be enabled as follows:
+
+
+
+ Touchpads
+
+ Support for Synaptics touchpads (found in many laptops such as the Dell
+ Latitude series) can be enabled as follows:
-services.xserver.libinput.enable = true;
+ = true;
-The driver has many options (see ). For
-instance, the following disables tap-to-click behavior:
+ The driver has many options (see ). For
+ instance, the following disables tap-to-click behavior:
-services.xserver.libinput.tapping = false;
+ = false;
-Note: the use of services.xserver.synaptics is deprecated since NixOS 17.09.
-
-
-
-
-GTK/Qt themes
-
-GTK themes can be installed either to user profile or system-wide (via
-environment.systemPackages). To make Qt 5 applications look similar
-to GTK2 ones, you can install qt5.qtbase.gtk package into your
-system environment. It should work for all Qt 5 library versions.
-
-
-
-
+ Note: the use of services.xserver.synaptics is deprecated
+ since NixOS 17.09.
+
+
+
+ GTK/Qt themes
+
+ GTK themes can be installed either to user profile or system-wide (via
+ environment.systemPackages). To make Qt 5 applications
+ look similar to GTK2 ones, you can install qt5.qtbase.gtk
+ package into your system environment. It should work for all Qt 5 library
+ versions.
+
+
diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml
index 18804d2c08bed85d4c9716f258493a0d55fffb71..40e61d2bd691ff360ad2767e46a3ebe3e4d4c677 100644
--- a/nixos/doc/manual/configuration/xfce.xml
+++ b/nixos/doc/manual/configuration/xfce.xml
@@ -3,92 +3,70 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-xfce">
-
- Xfce Desktop Environment
-
-
- To enable the Xfce Desktop Environment, set
-
-services.xserver.desktopManager = {
- xfce.enable = true;
- default = "xfce";
+ Xfce Desktop Environment
+
+ To enable the Xfce Desktop Environment, set
+
+services.xserver.desktopManager = {
+ xfce.enable = true;
+ default = "xfce";
};
-
-
-
- Optionally, compton
- can be enabled for nice graphical effects, some example settings:
-
-services.compton = {
- enable = true;
- fade = true;
- inactiveOpacity = "0.9";
- shadow = true;
- fadeDelta = 4;
+
+
+ Optionally, compton can be enabled for nice graphical
+ effects, some example settings:
+
+services.compton = {
+ enable = true;
+ fade = true;
+ inactiveOpacity = "0.9";
+ shadow = true;
+ fadeDelta = 4;
};
-
-
-
- Some Xfce programs are not installed automatically.
- To install them manually (system wide), put them into your
- environment.systemPackages.
-
-
-
- Thunar Volume Support
-
-
- To enable
- Thunar
- volume support, put
-
-services.xserver.desktopManager.xfce.enable = true;
+
+
+ Some Xfce programs are not installed automatically. To install them manually
+ (system wide), put them into your
+ .
+
+
+ Thunar Volume Support
+
+ To enable Thunar volume support, put
+
+ = true;
- into your configuration.nix.
-
-
-
-
-
- Polkit Authentication Agent
-
-
- There is no authentication agent automatically installed alongside
- Xfce. To allow mounting of local (non-removable) filesystems, you
- will need to install one.
-
- Installing polkit_gnome, a rebuild, logout and
- login did the trick.
-
-
-
-
-
- Troubleshooting
-
-
- Even after enabling udisks2, volume management might not work.
- Thunar and/or the desktop takes time to show up.
-
- Thunar will spit out this kind of message on start
- (look at journalctl --user -b).
-
-
+ into your configuration.nix.
+
+
+
+ Polkit Authentication Agent
+
+ There is no authentication agent automatically installed alongside Xfce. To
+ allow mounting of local (non-removable) filesystems, you will need to
+ install one. Installing polkit_gnome, a rebuild, logout
+ and login did the trick.
+
+
+
+ Troubleshooting
+
+ Even after enabling udisks2, volume management might not work. Thunar and/or
+ the desktop takes time to show up. Thunar will spit out this kind of message
+ on start (look at journalctl --user -b).
+
Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
-
- This is caused by some needed GNOME services not running.
- This is all fixed by enabling "Launch GNOME services on startup" in
- the Advanced tab of the Session and Startup settings panel.
- Alternatively, you can run this command to do the same thing.
-
+ This is caused by some needed GNOME services not running. This is all fixed
+ by enabling "Launch GNOME services on startup" in the Advanced tab of the
+ Session and Startup settings panel. Alternatively, you can run this command
+ to do the same thing.
+
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
- A log-out and re-log will be needed for this to take effect.
-
-
-
-
+ A log-out and re-log will be needed for this to take effect.
+
+
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix
index ac22712baf87aecffc480dca4d067548ea806999..2c6309474b37a9fde13f533df194db25980ab561 100644
--- a/nixos/doc/manual/default.nix
+++ b/nixos/doc/manual/default.nix
@@ -102,13 +102,18 @@ let
'';
+ generatedSources = runCommand "generated-docbook" {} ''
+ mkdir $out
+ ln -s ${modulesDoc} $out/modules.xml
+ ln -s ${optionsDocBook} $out/options-db.xml
+ printf "%s" "${version}" > $out/version
+ '';
+
copySources =
''
cp -prd $sources/* . # */
+ ln -s ${generatedSources} ./generated
chmod -R u+w .
- ln -s ${modulesDoc} configuration/modules.xml
- ln -s ${optionsDocBook} options-db.xml
- printf "%s" "${version}" > version
'';
toc = builtins.toFile "toc.xml"
@@ -224,6 +229,7 @@ let
'';
in rec {
+ inherit generatedSources;
# The NixOS options in JSON format.
optionsJSON = runCommand "options-json"
diff --git a/nixos/doc/manual/development/assertions.xml b/nixos/doc/manual/development/assertions.xml
index d3434e1f112ee1e71df9aa50cde970d6980b83f5..17c38ffcc717b219b5d68f6eb5c650febcc0f773 100644
--- a/nixos/doc/manual/development/assertions.xml
+++ b/nixos/doc/manual/development/assertions.xml
@@ -3,30 +3,29 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-assertions">
+ Warnings and Assertions
-Warnings and Assertions
+
+ When configuration problems are detectable in a module, it is a good idea to
+ write an assertion or warning. Doing so provides clear feedback to the user
+ and prevents errors after the build.
+
-
- When configuration problems are detectable in a module, it is a good
- idea to write an assertion or warning. Doing so provides clear
- feedback to the user and prevents errors after the build.
-
-
-
+
Although Nix has the abort and
- builtins.trace functions to perform such tasks,
- they are not ideally suited for NixOS modules. Instead of these
- functions, you can declare your warnings and assertions using the
+ builtins.trace
+ functions
+ to perform such tasks, they are not ideally suited for NixOS modules. Instead
+ of these functions, you can declare your warnings and assertions using the
NixOS module system.
-
-
-
+
-Warnings
+
+ Warnings
-
- This is an example of using warnings.
-
+
+ This is an example of using warnings.
+
+
-
-
-
-
-Assertions
+
+ Assertions
-
-
- This example, extracted from the
-
- syslogd module
- shows how to use assertions. Since there
- can only be one active syslog daemon at a time, an assertion is useful to
- prevent such a broken system from being built.
-
+
+ This example, extracted from the
+
+ syslogd module shows how to use
+ assertions. Since there can only be one active syslog
+ daemon at a time, an assertion is useful to prevent such a broken system
+ from being built.
+
-
-
-
+
diff --git a/nixos/doc/manual/development/building-nixos.xml b/nixos/doc/manual/development/building-nixos.xml
index 2f963f8666f1d2a44eebfb0e94f4c996c15701d9..23d9ddf88a776c107e9f90f6c4b209a4d5e68a4e 100644
--- a/nixos/doc/manual/development/building-nixos.xml
+++ b/nixos/doc/manual/development/building-nixos.xml
@@ -3,30 +3,25 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-building-cd">
-
-Building Your Own NixOS CD
-
-Building a NixOS CD is as easy as configuring your own computer. The
-idea is to use another module which will replace
-your configuration.nix to configure the system that
-would be installed on the CD.
-
-Default CD/DVD configurations are available
-inside nixos/modules/installer/cd-dvd.
-
+ Building Your Own NixOS CD
+
+ Building a NixOS CD is as easy as configuring your own computer. The idea is
+ to use another module which will replace your
+ configuration.nix to configure the system that would be
+ installed on the CD.
+
+
+ Default CD/DVD configurations are available inside
+ nixos/modules/installer/cd-dvd.
$ git clone https://github.com/NixOS/nixpkgs.git
$ cd nixpkgs/nixos
$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
-
-
-
-Before burning your CD/DVD, you can check the content of the image by mounting anywhere like
-suggested by the following command:
-
+
+
+ Before burning your CD/DVD, you can check the content of the image by
+ mounting anywhere like suggested by the following command:
# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso
-
-
-
+
diff --git a/nixos/doc/manual/development/building-parts.xml b/nixos/doc/manual/development/building-parts.xml
index 09a40114f02ece9317d461a92a969cb22b9e3d0c..031048aaa377a699c946a1a25681738801937182 100644
--- a/nixos/doc/manual/development/building-parts.xml
+++ b/nixos/doc/manual/development/building-parts.xml
@@ -3,111 +3,110 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-building-parts">
-
-Building Specific Parts of NixOS
-
-With the command nix-build, you can build
-specific parts of your NixOS configuration. This is done as follows:
-
+ Building Specific Parts of NixOS
+
+ With the command nix-build, you can build specific parts
+ of your NixOS configuration. This is done as follows:
$ cd /path/to/nixpkgs/nixos
$ nix-build -A config.option
-
-where option is a NixOS option with type
-“derivation” (i.e. something that can be built). Attributes of
-interest include:
-
-
-
-
- system.build.toplevel
+ where option is a NixOS option with type
+ “derivation” (i.e. something that can be built). Attributes of interest
+ include:
+
+
+ system.build.toplevel
+
- The top-level option that builds the entire NixOS system.
- Everything else in your configuration is indirectly pulled in by
- this option. This is what nixos-rebuild
- builds and what /run/current-system points
- to afterwards.
-
- A shortcut to build this is:
-
+
+ The top-level option that builds the entire NixOS system. Everything else
+ in your configuration is indirectly pulled in by this option. This is
+ what nixos-rebuild builds and what
+ /run/current-system points to afterwards.
+
+
+ A shortcut to build this is:
$ nix-build -A system
-
+
-
-
-
- system.build.manual.manual
- The NixOS manual.
-
-
-
- system.build.etc
- A tree of symlinks that form the static parts of
- /etc.
-
-
-
- system.build.initialRamdisk
- system.build.kernel
+
+
+ system.build.manual.manual
+
- The initial ramdisk and kernel of the system. This allows
- a quick way to test whether the kernel and the initial ramdisk
- boot correctly, by using QEMU’s and
- options:
-
+
+ The NixOS manual.
+
+
+
+
+ system.build.etc
+
+
+
+ A tree of symlinks that form the static parts of
+ /etc.
+
+
+
+
+ system.build.initialRamdisk
+
+ system.build.kernel
+
+
+
+ The initial ramdisk and kernel of the system. This allows a quick way to
+ test whether the kernel and the initial ramdisk boot correctly, by using
+ QEMU’s and options:
$ nix-build -A config.system.build.initialRamdisk -o initrd
$ nix-build -A config.system.build.kernel -o kernel
$ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null
-
-
+
-
-
-
- system.build.nixos-rebuild
- system.build.nixos-install
- system.build.nixos-generate-config
+
+
+ system.build.nixos-rebuild
+
+ system.build.nixos-install
+
+ system.build.nixos-generate-config
+
- These build the corresponding NixOS commands.
+
+ These build the corresponding NixOS commands.
+
-
-
-
- systemd.units.unit-name.unit
+
+
+ systemd.units.unit-name.unit
+
- This builds the unit with the specified name. Note that
- since unit names contain dots
- (e.g. httpd.service), you need to put them
- between quotes, like this:
-
+
+ This builds the unit with the specified name. Note that since unit names
+ contain dots (e.g. httpd.service), you need to put
+ them between quotes, like this:
$ nix-build -A 'config.systemd.units."httpd.service".unit'
-
- You can also test individual units, without rebuilding the whole
- system, by putting them in
- /run/systemd/system:
-
+ You can also test individual units, without rebuilding the whole system,
+ by putting them in /run/systemd/system:
$ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \
/run/systemd/system/tmp-httpd.service
# systemctl daemon-reload
# systemctl start tmp-httpd.service
-
Note that the unit must not have the same name as any unit in
- /etc/systemd/system since those take
- precedence over /run/systemd/system.
- That’s why the unit is installed as
- tmp-httpd.service here.
+ /etc/systemd/system since those take precedence over
+ /run/systemd/system. That’s why the unit is
+ installed as tmp-httpd.service here.
+
-
-
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/development/development.xml b/nixos/doc/manual/development/development.xml
index 47343d93cde953e0fe2c55ed6204e8d3f0cc1c3a..03dee6ff09bb958fdc087c5ae2bd24fd69ca4f1d 100644
--- a/nixos/doc/manual/development/development.xml
+++ b/nixos/doc/manual/development/development.xml
@@ -3,21 +3,18 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-development">
-
-Development
-
-
-This chapter describes how you can modify and extend
-NixOS.
-
-
-
-
-
-
-
-
-
-
-
+ Development
+
+
+ This chapter describes how you can modify and extend NixOS.
+
+
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/development/importing-modules.xml b/nixos/doc/manual/development/importing-modules.xml
new file mode 100644
index 0000000000000000000000000000000000000000..1c6a5671eda8bb6397753dad58d9d15b790bc970
--- /dev/null
+++ b/nixos/doc/manual/development/importing-modules.xml
@@ -0,0 +1,56 @@
+
+ Importing Modules
+
+
+ Sometimes NixOS modules need to be used in configuration but exist outside of
+ Nixpkgs. These modules can be imported:
+
+
+
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ # Use a locally-available module definition in
+ # ./example-module/default.nix
+ ./example-module
+ ];
+
+ services.exampleModule.enable = true;
+}
+
+
+
+ The environment variable NIXOS_EXTRA_MODULE_PATH is an
+ absolute path to a NixOS module that is included alongside the Nixpkgs NixOS
+ modules. Like any NixOS module, this module can import additional modules:
+
+
+
+# ./module-list/default.nix
+[
+ ./example-module1
+ ./example-module2
+]
+
+
+
+# ./extra-module/default.nix
+{ imports = import ./module-list.nix; }
+
+
+
+# NIXOS_EXTRA_MODULE_PATH=/absolute/path/to/extra-module
+{ config, lib, pkgs, ... }:
+
+{
+ # No `imports` needed
+
+ services.exampleModule1.enable = true;
+}
+
+
diff --git a/nixos/doc/manual/development/meta-attributes.xml b/nixos/doc/manual/development/meta-attributes.xml
index de0870314dcb34102e607487d446cae6d85495b3..3d019a4987e1b2b0da13579a87f10fad2f3bf818 100644
--- a/nixos/doc/manual/development/meta-attributes.xml
+++ b/nixos/doc/manual/development/meta-attributes.xml
@@ -3,22 +3,26 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-meta-attributes">
+ Meta Attributes
-Meta Attributes
-
-Like Nix packages, NixOS modules can declare meta-attributes to provide
- extra information. Module meta attributes are defined in the
+
+ Like Nix packages, NixOS modules can declare meta-attributes to provide extra
+ information. Module meta attributes are defined in the
meta.nix
- special module.
+ special module.
+
-meta is a top level attribute like
+
+ meta is a top level attribute like
options and config. Available
meta-attributes are maintainers and
- doc.
+ doc.
+
-Each of the meta-attributes must be defined at most once per module
- file.
+
+ Each of the meta-attributes must be defined at most once per module file.
+
{ config, lib, pkgs, ... }:
@@ -39,24 +43,21 @@
}
-
-
-
+
+
+ maintainers contains a list of the module maintainers.
-
-
-
-
-
+
+
+
+ doc points to a valid DocBook file containing the module
- documentation. Its contents is automatically added to .
- Changes to a module documentation have to be checked to not break
- building the NixOS manual:
-
- $ nix-build nixos/release.nix -A manual
-
-
-
-
+ documentation. Its contents is automatically added to
+ . Changes to a module documentation
+ have to be checked to not break building the NixOS manual:
+
+$ nix-build nixos/release.nix -A manual
+
+
diff --git a/nixos/doc/manual/development/nixos-tests.xml b/nixos/doc/manual/development/nixos-tests.xml
index c09c41ea3bdc1216dbe7b7cdf0f0bf4cffd54805..2695082e386735df28a46021ba45ccc23117530f 100644
--- a/nixos/doc/manual/development/nixos-tests.xml
+++ b/nixos/doc/manual/development/nixos-tests.xml
@@ -3,18 +3,17 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-nixos-tests">
-
-NixOS Tests
-
-When you add some feature to NixOS, you should write a test for
-it. NixOS tests are kept in the directory NixOS Tests
+
+ When you add some feature to NixOS, you should write a test for it. NixOS
+ tests are kept in the directory
+ nixos/tests,
-and are executed (using Nix) by a testing framework that automatically
-starts one or more virtual machines containing the NixOS system(s)
-required for the test.
-
-
-
-
-
+ and are executed (using Nix) by a testing framework that automatically starts
+ one or more virtual machines containing the NixOS system(s) required for the
+ test.
+
+
+
+
diff --git a/nixos/doc/manual/development/option-declarations.xml b/nixos/doc/manual/development/option-declarations.xml
index ed718c89eb77cf6577c09539701f66070f697529..a8f528a0a80459d4d660033078d4a3a6d0bac976 100644
--- a/nixos/doc/manual/development/option-declarations.xml
+++ b/nixos/doc/manual/development/option-declarations.xml
@@ -3,14 +3,12 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-option-declarations">
+ Option Declarations
-Option Declarations
-
-An option declaration specifies the name, type and description
-of a NixOS configuration option. It is invalid to define an option
-that hasn’t been declared in any module. An option declaration
-generally looks like this:
-
+
+ An option declaration specifies the name, type and description of a NixOS
+ configuration option. It is invalid to define an option that hasn’t been
+ declared in any module. An option declaration generally looks like this:
options = {
name = mkOption {
@@ -21,146 +19,177 @@ options = {
};
};
-
-The attribute names within the name
-attribute path must be camel cased in general but should, as an
-exception, match the
-name attribute path
+ must be camel cased in general but should, as an exception, match the
+
-package attribute name when referencing a Nixpkgs package. For
-example, the option services.nix-serve.bindAddress
-references the nix-serve Nixpkgs package.
-
-
-
-The function mkOption accepts the following arguments.
-
-
-
-
- type
+ package attribute name when referencing a Nixpkgs package. For
+ example, the option services.nix-serve.bindAddress
+ references the nix-serve Nixpkgs package.
+
+
+
+ The function mkOption accepts the following arguments.
+
+
+ type
+
- The type of the option (see ).
- It may be omitted, but that’s not advisable since it may lead to errors
- that are hard to diagnose.
+
+ The type of the option (see ). It may
+ be omitted, but that’s not advisable since it may lead to errors that
+ are hard to diagnose.
+
-
-
-
- default
+
+
+ default
+
- The default value used if no value is defined by any
- module. A default is not required; but if a default is not given,
- then users of the module will have to define the value of the
- option, otherwise an error will be thrown.
+
+ The default value used if no value is defined by any module. A default is
+ not required; but if a default is not given, then users of the module
+ will have to define the value of the option, otherwise an error will be
+ thrown.
+
-
-
-
- example
+
+
+ example
+
- An example value that will be shown in the NixOS manual.
+
+ An example value that will be shown in the NixOS manual.
+
-
-
-
- description
+
+
+ description
+
- A textual description of the option, in DocBook format,
- that will be included in the NixOS manual.
+
+ A textual description of the option, in DocBook format, that will be
+ included in the NixOS manual.
+
-
-
-
-
-
-
-Extensible Option
- Types
-
- Extensible option types is a feature that allow to extend certain types
- declaration through multiple module files.
- This feature only work with a restricted set of types, namely
- enum and submodules and any composed
- forms of them.
-
- Extensible option types can be used for enum options
- that affects multiple modules, or as an alternative to related
- enable options.
+
+
+
+
+
+ Extensible Option Types
+
+
+ Extensible option types is a feature that allow to extend certain types
+ declaration through multiple module files. This feature only work with a
+ restricted set of types, namely enum and
+ submodules and any composed forms of them.
+
- As an example, we will take the case of display managers. There is a
- central display manager module for generic display manager options and a
- module file per display manager backend (slim, sddm, gdm ...).
+
+ Extensible option types can be used for enum options that
+ affects multiple modules, or as an alternative to related
+ enable options.
- There are two approach to this module structure:
+
+ As an example, we will take the case of display managers. There is a central
+ display manager module for generic display manager options and a module file
+ per display manager backend (slim, sddm, gdm ...).
+
-
- Managing the display managers independently by adding an
- enable option to every display manager module backend. (NixOS)
+
+ There are two approach to this module structure:
+
+
+
+ Managing the display managers independently by adding an enable option to
+ every display manager module backend. (NixOS)
+
- Managing the display managers in the central module by
- adding an option to select which display manager backend to use.
+
+
+ Managing the display managers in the central module by adding an option
+ to select which display manager backend to use.
+
-
+
- Both approaches have problems.
+
+ Both approaches have problems.
+
- Making backends independent can quickly become hard to manage. For
- display managers, there can be only one enabled at a time, but the type
- system can not enforce this restriction as there is no relation between
- each backend enable option. As a result, this restriction
- has to be done explicitely by adding assertions in each display manager
- backend module.
+
+ Making backends independent can quickly become hard to manage. For display
+ managers, there can be only one enabled at a time, but the type system can
+ not enforce this restriction as there is no relation between each backend
+ enable option. As a result, this restriction has to be
+ done explicitely by adding assertions in each display manager backend
+ module.
+
- On the other hand, managing the display managers backends in the
- central module will require to change the central module option every time
- a new backend is added or removed.
+
+ On the other hand, managing the display managers backends in the central
+ module will require to change the central module option every time a new
+ backend is added or removed.
+
- By using extensible option types, it is possible to create a placeholder
- option in the central module (), and to extend it in each backend module (, ).
+
+ By using extensible option types, it is possible to create a placeholder
+ option in the central module
+ (), and to extend
+ it in each backend module
+ (,
+ ).
+
- As a result, displayManager.enable option values can
- be added without changing the main service module file and the type system
- automatically enforce that there can only be a single display manager
- enabled.
+
+ As a result, displayManager.enable option values can be
+ added without changing the main service module file and the type system
+ automatically enforce that there can only be a single display manager
+ enabled.
+
-Extensible type
- placeholder in the service module
+
+ Extensible type placeholder in the service module
services.xserver.displayManager.enable = mkOption {
description = "Display manager to use";
type = with types; nullOr (enum [ ]);
-};
+};
+
-Extending
- <literal>services.xserver.displayManager.enable</literal> in the
- <literal>slim</literal> module
+
+ Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>slim</literal> module
services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "slim" ]);
-};
+};
+
-Extending
- <literal>services.xserver.displayManager.enable</literal> in the
- <literal>sddm</literal> module
+
+ Extending <literal>services.xserver.displayManager.enable</literal> in the <literal>sddm</literal> module
services.xserver.displayManager.enable = mkOption {
type = with types; nullOr (enum [ "sddm" ]);
-};
-
-The placeholder declaration is a standard mkOption
- declaration, but it is important that extensible option declarations only use
- the type argument.
+};
+
-Extensible option types work with any of the composed variants of
- enum such as
- with types; nullOr (enum [ "foo" "bar" ])
- or with types; listOf (enum [ "foo" "bar" ]).
+
+ The placeholder declaration is a standard mkOption
+ declaration, but it is important that extensible option declarations only
+ use the type argument.
+
-
+
+ Extensible option types work with any of the composed variants of
+ enum such as with types; nullOr (enum [ "foo"
+ "bar" ]) or with types; listOf (enum [ "foo" "bar"
+ ]).
+
+
diff --git a/nixos/doc/manual/development/option-def.xml b/nixos/doc/manual/development/option-def.xml
index 4e267ecfd1e3e7085480c19304ee2bc00c78272f..580a5afd58cdc9452a58e7b9ad44350d5e0410ce 100644
--- a/nixos/doc/manual/development/option-def.xml
+++ b/nixos/doc/manual/development/option-def.xml
@@ -3,39 +3,36 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-option-definitions">
+ Option Definitions
-Option Definitions
-
-Option definitions are generally straight-forward bindings of values to option names, like
-
+
+ Option definitions are generally straight-forward bindings of values to
+ option names, like
config = {
services.httpd.enable = true;
};
-
-However, sometimes you need to wrap an option definition or set of
-option definitions in a property to achieve
-certain effects:
-
-Delaying Conditionals
-
-If a set of option definitions is conditional on the value of
-another option, you may need to use mkIf.
-Consider, for instance:
-
+ However, sometimes you need to wrap an option definition or set of option
+ definitions in a property to achieve certain effects:
+
+
+
+ Delaying Conditionals
+
+ If a set of option definitions is conditional on the value of another
+ option, you may need to use mkIf. Consider, for instance:
config = if config.services.httpd.enable then {
environment.systemPackages = [ ... ];
...
} else {};
-
-This definition will cause Nix to fail with an “infinite recursion”
-error. Why? Because the value of
- depends on the value
-being constructed here. After all, you could also write the clearly
-circular and contradictory:
+ This definition will cause Nix to fail with an “infinite recursion”
+ error. Why? Because the value of
+ depends on the value being
+ constructed here. After all, you could also write the clearly circular and
+ contradictory:
config = if config.services.httpd.enable then {
services.httpd.enable = false;
@@ -43,56 +40,49 @@ config = if config.services.httpd.enable then {
services.httpd.enable = true;
};
-
-The solution is to write:
-
+ The solution is to write:
config = mkIf config.services.httpd.enable {
environment.systemPackages = [ ... ];
...
};
-
-The special function mkIf causes the evaluation of
-the conditional to be “pushed down” into the individual definitions,
-as if you had written:
-
+ The special function mkIf causes the evaluation of the
+ conditional to be “pushed down” into the individual definitions, as if
+ you had written:
config = {
environment.systemPackages = if config.services.httpd.enable then [ ... ] else [];
...
};
-
-
-
-
-
-Setting Priorities
-
-A module can override the definitions of an option in other
-modules by setting a priority. All option
-definitions that do not have the lowest priority value are discarded.
-By default, option definitions have priority 1000. You can specify an
-explicit priority by using mkOverride, e.g.
-
+
+
+
+
+ Setting Priorities
+
+ A module can override the definitions of an option in other modules by
+ setting a priority. All option definitions that do not
+ have the lowest priority value are discarded. By default, option definitions
+ have priority 1000. You can specify an explicit priority by using
+ mkOverride, e.g.
services.openssh.enable = mkOverride 10 false;
-
-This definition causes all other definitions with priorities above 10
-to be discarded. The function mkForce is
-equal to mkOverride 50.
-
-
-
-Merging Configurations
-
-In conjunction with mkIf, it is sometimes
-useful for a module to return multiple sets of option definitions, to
-be merged together as if they were declared in separate modules. This
-can be done using mkMerge:
-
+ This definition causes all other definitions with priorities above 10 to be
+ discarded. The function mkForce is equal to
+ mkOverride 50.
+
+
+
+
+ Merging Configurations
+
+ In conjunction with mkIf, it is sometimes useful for a
+ module to return multiple sets of option definitions, to be merged together
+ as if they were declared in separate modules. This can be done using
+ mkMerge:
config = mkMerge
[ # Unconditional stuff.
@@ -104,9 +94,6 @@ config = mkMerge
})
];
-
-
-
-
-
-
\ No newline at end of file
+
+
+
diff --git a/nixos/doc/manual/development/option-types.xml b/nixos/doc/manual/development/option-types.xml
index 13fa8d1e114cce7db822e2b1bf41d411b34c3f0b..5cb747e6d9f1ea7ac8382bc039f38b0b5f0986c0 100644
--- a/nixos/doc/manual/development/option-types.xml
+++ b/nixos/doc/manual/development/option-types.xml
@@ -3,241 +3,355 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-option-types">
+ Options Types
-Options Types
-
- Option types are a way to put constraints on the values a module option
- can take.
- Types are also responsible of how values are merged in case of multiple
- value definitions.
- Basic Types
-
- Basic types are the simplest available types in the module system.
- Basic types include multiple string types that mainly differ in how
- definition merging is handled.
-
-
-
- types.bool
- A boolean, its values can be true or
- false.
-
-
- types.path
- A filesystem path, defined as anything that when coerced to
- a string starts with a slash. Even if derivations can be considered as
- path, the more specific types.package should be
- preferred.
-
-
- types.package
- A derivation or a store path.
-
-
-
-Integer-related types:
-
-
-
- types.int
- A signed integer.
-
-
-
- types.ints.{s8, s16, s32}
-
-
- Signed integers with a fixed length (8, 16 or 32 bits).
- They go from
- −2n/2
- to
- 2n/2−1
-
- respectively (e.g. −128 to 127
- for 8 bits).
-
-
-
-
- types.ints.unsigned
-
- An unsigned integer (that is >= 0).
-
-
-
-
- types.ints.{u8, u16, u32}
-
-
- Unsigned integers with a fixed length (8, 16 or 32 bits).
- They go from
- 0 to
- 2n−1
-
- respectively (e.g. 0 to 255
- for 8 bits).
-
-
-
-
- types.ints.positive
-
- A positive integer (that is > 0).
-
-
-
-
-String-related types:
-
-
-
- types.str
- A string. Multiple definitions cannot be
- merged.
-
-
- types.lines
- A string. Multiple definitions are concatenated with a new
- line "\n".
-
-
- types.commas
- A string. Multiple definitions are concatenated with a comma
- ",".
-
-
- types.envVar
- A string. Multiple definitions are concatenated with a
- collon ":".
-
-
- types.strMatching
- A string matching a specific regular expression. Multiple
- definitions cannot be merged. The regular expression is processed using
- builtins.match.
-
-
+
+ Option types are a way to put constraints on the values a module option can
+ take. Types are also responsible of how values are merged in case of multiple
+ value definitions.
+
+
+ Basic Types
+
+
+ Basic types are the simplest available types in the module system. Basic
+ types include multiple string types that mainly differ in how definition
+ merging is handled.
+
+
+
+
+ types.attrs
+
+
+
+ A free-form attribute set.
+
+
+
+
+ types.bool
+
+
+
+ A boolean, its values can be true or
+ false.
+
+
+
+
+ types.path
+
+
+
+ A filesystem path, defined as anything that when coerced to a string
+ starts with a slash. Even if derivations can be considered as path, the
+ more specific types.package should be preferred.
+
+
+
+
+ types.package
+
+
+
+ A derivation or a store path.
+
+
+
+
+
+
+ Integer-related types:
+
+
+
+
+ types.int
+
+
+
+ A signed integer.
+
+
+
+
+ types.ints.{s8, s16, s32}
+
+
+
+ Signed integers with a fixed length (8, 16 or 32 bits). They go from
+ −2n/2
+ to
+ 2n/2−1
+ respectively (e.g. −128 to
+ 127 for 8 bits).
+
+
+
+
+ types.ints.unsigned
+
+
+
+ An unsigned integer (that is >= 0).
+
+
+
+
+ types.ints.{u8, u16, u32}
+
+
+
+ Unsigned integers with a fixed length (8, 16 or 32 bits). They go from
+ 0 to
+
+ 2n−1
+ respectively (e.g. 0 to
+ 255 for 8 bits).
+
+
+
+
+ types.ints.positive
+
+
+
+ A positive integer (that is > 0).
+
+
+
+
+
+
+ String-related types:
+
+
+
+
+ types.str
+
+
+
+ A string. Multiple definitions cannot be merged.
+
+
+
+
+ types.lines
+
+
+
+ A string. Multiple definitions are concatenated with a new line
+ "\n".
+
+
+
+
+ types.commas
+
+
+
+ A string. Multiple definitions are concatenated with a comma
+ ",".
+
+
+
+
+ types.envVar
+
+
+
+ A string. Multiple definitions are concatenated with a collon
+ ":".
+
+
+
+
+ types.strMatching
+
+
+
+ A string matching a specific regular expression. Multiple definitions
+ cannot be merged. The regular expression is processed using
+ builtins.match.
+
+
+
+
- Value Types
-
- Value types are types that take a value parameter.
-
-
-
- types.enuml
- One element of the list l, e.g.
- types.enum [ "left" "right" ]. Multiple definitions
- cannot be merged.
-
-
- types.separatedString
- sep
- A string with a custom separator
- sep, e.g. types.separatedString
- "|".
-
-
-
- types.ints.between
- lowest
- highest
-
- An integer between lowest
- and highest (both inclusive).
- Useful for creating types like types.port.
-
-
-
- types.submoduleo
- A set of sub options o.
- o can be an attribute set or a function
- returning an attribute set. Submodules are used in composed types to
- create modular options. Submodule are detailed in .
-
-
+
+ Value Types
+
+
+ Value types are types that take a value parameter.
+
+
+
+
+ types.enuml
+
+
+
+ One element of the list l, e.g.
+ types.enum [ "left" "right" ]. Multiple definitions
+ cannot be merged.
+
+
+
+
+ types.separatedStringsep
+
+
+
+ A string with a custom separator sep, e.g.
+ types.separatedString "|".
+
+
+
+
+ types.ints.betweenlowesthighest
+
+
+
+ An integer between lowest and
+ highest (both inclusive). Useful for creating
+ types like types.port.
+
+
+
+
+ types.submoduleo
+
+
+
+ A set of sub options o.
+ o can be an attribute set or a function
+ returning an attribute set. Submodules are used in composed types to
+ create modular options. Submodule are detailed in
+ .
+
+
+
+
- Composed Types
-
- Composed types are types that take a type as parameter. listOf
- int and either int str are examples of
- composed types.
-
-
-
- types.listOft
- A list of t type, e.g.
- types.listOf int. Multiple definitions are merged
- with list concatenation.
-
-
- types.attrsOft
- An attribute set of where all the values are of
- t type. Multiple definitions result in the
- joined attribute set.
-
-
- types.loaOft
- An attribute set or a list of t
- type. Multiple definitions are merged according to the
- value.
-
-
- types.nullOrt
- null or type
- t. Multiple definitions are merged according
- to type t.
-
-
- types.uniqt
- Ensures that type t cannot be
- merged. It is used to ensure option definitions are declared only
- once.
-
-
- types.eithert1
- t2
- Type t1 or type
- t2, e.g. with types; either int
- str. Multiple definitions cannot be
- merged.
-
-
- types.coercedTofrom
- fto
- Type to or type
- from which will be coerced to
- type to using function
- f which takes an argument of type
- from and return a value of type
- to. Can be used to preserve backwards
- compatibility of an option if its type was changed.
-
-
+
+ Composed Types
-
+
+ Composed types are types that take a type as parameter. listOf
+ int and either int str are examples of composed
+ types.
+
-Submodule
+
+
+ types.listOft
+
+
+
+ A list of t type, e.g. types.listOf
+ int. Multiple definitions are merged with list concatenation.
+
+
+
+
+ types.attrsOft
+
+
+
+ An attribute set of where all the values are of
+ t type. Multiple definitions result in the
+ joined attribute set.
+
+
+
+
+ types.loaOft
+
+
+
+ An attribute set or a list of t type. Multiple
+ definitions are merged according to the value.
+
+
+
+
+ types.nullOrt
+
+
+
+ null or type t. Multiple
+ definitions are merged according to type t.
+
+
+
+
+ types.uniqt
+
+
+
+ Ensures that type t cannot be merged. It is
+ used to ensure option definitions are declared only once.
+
+
+
+
+ types.eithert1t2
+
+
+
+ Type t1 or type t2,
+ e.g. with types; either int str. Multiple definitions
+ cannot be merged.
+
+
+
+
+ types.coercedTofromfto
+
+
+
+ Type to or type
+ from which will be coerced to type
+ to using function f
+ which takes an argument of type from and
+ return a value of type to. Can be used to
+ preserve backwards compatibility of an option if its type was changed.
+
+
+
+
+
- submodule is a very powerful type that defines a set
- of sub-options that are handled like a separate module.
+
+ Submodule
- It takes a parameter o, that should be a set,
- or a function returning a set with an options key
- defining the sub-options.
- Submodule option definitions are type-checked accordingly to the
- options declarations.
- Of course, you can nest submodule option definitons for even higher
- modularity.
+
+ submodule is a very powerful type that defines a set of
+ sub-options that are handled like a separate module.
+
- The option set can be defined directly
- () or as reference
- ().
+
+ It takes a parameter o, that should be a set, or
+ a function returning a set with an options key defining
+ the sub-options. Submodule option definitions are type-checked accordingly
+ to the options declarations. Of course, you can nest
+ submodule option definitons for even higher modularity.
+
-Directly defined submodule
+
+ The option set can be defined directly
+ () or as reference
+ ().
+
+
+
+ Directly defined submodule
options.mod = mkOption {
description = "submodule example";
@@ -251,10 +365,11 @@ options.mod = mkOption {
};
};
};
-};
+};
+
-Submodule defined as a
- reference
+
+ Submodule defined as a reference
let
modOptions = {
@@ -271,19 +386,20 @@ in
options.mod = mkOption {
description = "submodule example";
type = with types; submodule modOptions;
-};
-
- The submodule type is especially interesting when
- used with composed types like attrsOf or
- listOf.
- When composed with listOf
- (),
- submodule allows multiple definitions of the submodule
- option set ().
-
-
-Declaration of a list
- of submodules
+};
+
+
+
+ The submodule type is especially interesting when used
+ with composed types like attrsOf or
+ listOf. When composed with listOf
+ (),
+ submodule allows multiple definitions of the submodule
+ option set ().
+
+
+
+ Declaration of a list of submodules
options.mod = mkOption {
description = "submodule example";
@@ -297,24 +413,27 @@ options.mod = mkOption {
};
};
});
-};
+};
+
-Definition of a list of
- submodules
+
+ Definition of a list of submodules
config.mod = [
{ foo = 1; bar = "one"; }
{ foo = 2; bar = "two"; }
-];
-
- When composed with attrsOf
- (),
- submodule allows multiple named definitions of the
- submodule option set ().
+];
+
+
+
+ When composed with attrsOf
+ (),
+ submodule allows multiple named definitions of the
+ submodule option set ().
-Declaration of
- attribute sets of submodules
+
+ Declaration of attribute sets of submodules
options.mod = mkOption {
description = "submodule example";
@@ -328,194 +447,281 @@ options.mod = mkOption {
};
};
});
-};
+};
+
-Declaration of
- attribute sets of submodules
+
+ Declaration of attribute sets of submodules
config.mod.one = { foo = 1; bar = "one"; };
-config.mod.two = { foo = 2; bar = "two"; };
-
-
-
-Extending types
+config.mod.two = { foo = 2; bar = "two"; };
+
+
- Types are mainly characterized by their check and
- merge functions.
+
+ Extending types
-
-
- check
- The function to type check the value. Takes a value as
- parameter and return a boolean.
- It is possible to extend a type check with the
- addCheck function (), or to fully override the
- check function ().
+
+ Types are mainly characterized by their check and
+ merge functions.
+
-Adding a type check
+
+
+ check
+
+
+
+ The function to type check the value. Takes a value as parameter and
+ return a boolean. It is possible to extend a type check with the
+ addCheck function
+ (), or to fully
+ override the check function
+ ().
+
+
+ Adding a type check
byte = mkOption {
description = "An integer between 0 and 255.";
type = addCheck types.int (x: x >= 0 && x <= 255);
-};
-
-Overriding a type
- check
+};
+
+
+ Overriding a type check
nixThings = mkOption {
description = "words that start with 'nix'";
type = types.str // {
check = (x: lib.hasPrefix "nix" x)
};
-};
-
-
-
- merge
- Function to merge the options values when multiple values
- are set.
-The function takes two parameters, loc the option path as a
-list of strings, and defs the list of defined values as a
-list.
-It is possible to override a type merge function for custom
-needs.
-
-
+};
+
+
+
+
+ merge
+
+
+
+ Function to merge the options values when multiple values are set. The
+ function takes two parameters, loc the option path as
+ a list of strings, and defs the list of defined values
+ as a list. It is possible to override a type merge function for custom
+ needs.
+
+
+
+
+
-
+
+ Custom Types
-Custom Types
-
-Custom types can be created with the mkOptionType
- function.
-As type creation includes some more complex topics such as submodule handling,
-it is recommended to get familiar with types.nix
-code before creating a new type.
-
-The only required parameter is name.
-
-
-
- name
- A string representation of the type function
- name.
-
-
- definition
- Description of the type used in documentation. Give
- information of the type and any of its arguments.
-
-
- check
- A function to type check the definition value. Takes the
- definition value as a parameter and returns a boolean indicating the
- type check result, true for success and
- false for failure.
-
-
- merge
- A function to merge multiple definitions values. Takes two
- parameters:
-
-
- loc
- The option path as a list of strings, e.g.
- ["boot" "loader "grub"
- "enable"].
-
-
- defs
- The list of sets of defined value
- and file where the value was defined, e.g.
- [ { file = "/foo.nix"; value = 1; } { file = "/bar.nix";
- value = 2 } ]. The merge function
- should return the merged value or throw an error in case the
- values are impossible or not meant to be merged.
-
-
-
-
-
- getSubOptions
- For composed types that can take a submodule as type
- parameter, this function generate sub-options documentation. It takes
- the current option prefix as a list and return the set of sub-options.
- Usually defined in a recursive manner by adding a term to the prefix,
- e.g. prefix: elemType.getSubOptions (prefix ++
- ["prefix"]) where
- "prefix" is the newly added
- prefix.
-
-
- getSubModules
- For composed types that can take a submodule as type
- parameter, this function should return the type parameters submodules.
- If the type parameter is called elemType, the
- function should just recursively look into submodules by returning
- elemType.getSubModules;.
-
-
- substSubModules
- For composed types that can take a submodule as type
- parameter, this function can be used to substitute the parameter of a
- submodule type. It takes a module as parameter and return the type with
- the submodule options substituted. It is usually defined as a type
- function call with a recursive call to
- substSubModules, e.g for a type
- composedType that take an elemtype
- type parameter, this function should be defined as m:
- composedType (elemType.substSubModules m).
-
-
- typeMerge
- A function to merge multiple type declarations. Takes the
- type to merge functor as parameter. A
- null return value means that type cannot be
- merged.
-
-
- f
- The type to merge
- functor.
-
-
- Note: There is a generic defaultTypeMerge that
- work with most of value and composed types.
-
-
-
- functor
- An attribute set representing the type. It is used for type
- operations and has the following keys:
-
-
- type
- The type function.
-
-
- wrapped
- Holds the type parameter for composed types.
-
-
-
- payload
- Holds the value parameter for value types.
- The types that have a payload are the
- enum, separatedString and
- submodule types.
-
-
- binOp
- A binary operation that can merge the payloads of two
- same types. Defined as a function that take two payloads as
- parameters and return the payloads merged.
-
-
-
-
-
+
+ Custom types can be created with the mkOptionType
+ function. As type creation includes some more complex topics such as
+ submodule handling, it is recommended to get familiar with
+ types.nix
+ code before creating a new type.
+
-
+
+ The only required parameter is name.
+
+
+
+
+ name
+
+
+
+ A string representation of the type function name.
+
+
+
+
+ definition
+
+
+
+ Description of the type used in documentation. Give information of the
+ type and any of its arguments.
+
+
+
+
+ check
+
+
+
+ A function to type check the definition value. Takes the definition value
+ as a parameter and returns a boolean indicating the type check result,
+ true for success and false for
+ failure.
+
+
+
+
+ merge
+
+
+
+ A function to merge multiple definitions values. Takes two parameters:
+
+
+
+ loc
+
+
+
+ The option path as a list of strings, e.g. ["boot" "loader
+ "grub" "enable"].
+
+
+
+
+ defs
+
+
+
+ The list of sets of defined value and
+ file where the value was defined, e.g. [ {
+ file = "/foo.nix"; value = 1; } { file = "/bar.nix"; value = 2 }
+ ]. The merge function should return the
+ merged value or throw an error in case the values are impossible or
+ not meant to be merged.
+
+
+
+
+
+
+
+ getSubOptions
+
+
+
+ For composed types that can take a submodule as type parameter, this
+ function generate sub-options documentation. It takes the current option
+ prefix as a list and return the set of sub-options. Usually defined in a
+ recursive manner by adding a term to the prefix, e.g. prefix:
+ elemType.getSubOptions (prefix ++
+ ["prefix"]) where
+ "prefix" is the newly added prefix.
+
+
+
+
+ getSubModules
+
+
+
+ For composed types that can take a submodule as type parameter, this
+ function should return the type parameters submodules. If the type
+ parameter is called elemType, the function should just
+ recursively look into submodules by returning
+ elemType.getSubModules;.
+
+
+
+
+ substSubModules
+
+
+
+ For composed types that can take a submodule as type parameter, this
+ function can be used to substitute the parameter of a submodule type. It
+ takes a module as parameter and return the type with the submodule
+ options substituted. It is usually defined as a type function call with a
+ recursive call to substSubModules, e.g for a type
+ composedType that take an elemtype
+ type parameter, this function should be defined as m:
+ composedType (elemType.substSubModules m).
+
+
+
+
+ typeMerge
+
+
+
+ A function to merge multiple type declarations. Takes the type to merge
+ functor as parameter. A null return
+ value means that type cannot be merged.
+
+
+
+ f
+
+
+
+ The type to merge functor.
+
+
+
+
+
+ Note: There is a generic defaultTypeMerge that work
+ with most of value and composed types.
+
+
+
+
+ functor
+
+
+
+ An attribute set representing the type. It is used for type operations
+ and has the following keys:
+
+
+
+ type
+
+
+
+ The type function.
+
+
+
+
+ wrapped
+
+
+
+ Holds the type parameter for composed types.
+
+
+
+
+ payload
+
+
+
+ Holds the value parameter for value types. The types that have a
+ payload are the enum,
+ separatedString and submodule
+ types.
+
+
+
+
+ binOp
+
+
+
+ A binary operation that can merge the payloads of two same types.
+ Defined as a function that take two payloads as parameters and return
+ the payloads merged.
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/development/releases.xml b/nixos/doc/manual/development/releases.xml
index afcb970ed700baea7b943c13e8aa2c95314bb35f..d4e5ff3f4312e713d3ff445e51452cab743ea908 100755
--- a/nixos/doc/manual/development/releases.xml
+++ b/nixos/doc/manual/development/releases.xml
@@ -3,252 +3,258 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-releases">
-
-Releases
-
-
+ Releases
+ Release process
- Going through an example of releasing NixOS 17.09:
+ Going through an example of releasing NixOS 17.09:
- One month before the beta
-
-
-
- Send an email to the nix-devel mailinglist as a warning about upcoming beta "feature freeze" in a month.
-
-
-
-
- Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline.
- Any issue or Pull Request targeting the release should be included in the release milestone.
-
-
-
+ One month before the beta
+
+
+
+
+ Send an email to the nix-devel mailinglist as a warning about upcoming
+ beta "feature freeze" in a month.
+
+
+
+
+ Discuss with Eelco Dolstra and the community (via IRC, ML) about what
+ will reach the deadline. Any issue or Pull Request targeting the release
+ should be included in the release milestone.
+
+
+
+
- At beta release time
-
-
-
- Create
- an issue for tracking Zero Hydra Failures progress. ZHF is an effort
- to get build failures down to zero.
-
-
-
-
- git tag -a -s -m "Release 17.09-beta" 17.09-beta && git push --tags
-
-
-
-
- From the master branch run git checkout -B release-17.09.
-
-
-
-
-
- Make sure a channel is created at http://nixos.org/channels/.
-
-
-
-
-
-
- Let a GitHub nixpkgs admin lock the branch on github for you.
- (so developers can’t force push)
-
-
-
-
-
-
- Bump the system.defaultChannel attribute in
- nixos/modules/misc/version.nix
-
-
-
-
-
-
- Update versionSuffix in
- nixos/release.nix, use
- git log --format=%an|wc -l to get the commit
- count
-
-
-
-
- echo -n "18.03" > .version on
- master.
-
-
-
-
-
- Pick a new name for the unstable branch.
-
-
-
-
-
- Create a new release notes file for the upcoming release + 1, in this
- case rl-1803.xml.
-
-
+ At beta release time
+
+
+
+
+ Create
+ an issue for tracking Zero Hydra Failures progress. ZHF is an effort to
+ get build failures down to zero.
+
+
+
+
+ git tag -a -s -m "Release 17.09-beta" 17.09-beta
+ && git push --tags
+
+
+
+
+ From the master branch run git checkout -B
+ release-17.09.
+
+
+
+
+
+ Make sure a channel is created at http://nixos.org/channels/.
+
+
+
+
+
+ Let a GitHub nixpkgs admin lock the branch on github for you. (so
+ developers can’t force push)
+
+
+
+
+
+ Bump the system.defaultChannel attribute in
+ nixos/modules/misc/version.nix
+
+
+
+
+
+ Update versionSuffix in
+ nixos/release.nix, use git log
+ --format=%an|wc -l to get the commit count
+
+
+
+
+ echo -n "18.03" > .version on master.
+
+
+
+
+
+ Pick a new name for the unstable branch.
+
+
+
+
+ Create a new release notes file for the upcoming release + 1, in this
+ case rl-1803.xml.
+
+
+
+
+ Create two Hydra jobsets: release-17.09 and release-17.09-small with
+ stableBranch set to false.
+
+
+
+
+ Edit changelog at
+ nixos/doc/manual/release-notes/rl-1709.xml (double
+ check desktop versions are noted)
+
+
-
- Create two Hydra jobsets: release-17.09 and release-17.09-small with stableBranch set to false.
-
+
+ Get all new NixOS modules git diff
+ release-17.03..release-17.09 nixos/modules/module-list.nix|grep
+ ^+
+
-
- Edit changelog at
- nixos/doc/manual/release-notes/rl-1709.xml
- (double check desktop versions are noted)
-
-
-
-
- Get all new NixOS modules
- git diff release-17.03..release-17.09 nixos/modules/module-list.nix|grep ^+
-
-
-
-
- Note systemd, kernel, glibc and Nix upgrades.
-
-
-
+
+ Note systemd, kernel, glibc and Nix upgrades.
+
-
+
+
+
+
- During Beta
-
-
-
- Monitor the master branch for bugfixes and minor updates
- and cherry-pick them to the release branch.
-
-
-
+ During Beta
+
+
+
+
+ Monitor the master branch for bugfixes and minor updates and cherry-pick
+ them to the release branch.
+
+
+
+
- Before the final release
-
-
-
- Re-check that the release notes are complete.
-
-
-
-
- Release Nix (currently only Eelco Dolstra can do that).
-
- Make sure fallback is updated.
-
-
-
-
-
-
- Update README.md with new stable NixOS version information.
-
-
-
-
-
- Change stableBranch to true and wait for channel to update.
-
-
-
+ Before the final release
+
+
+
+
+ Re-check that the release notes are complete.
+
+
+
+
+ Release Nix (currently only Eelco Dolstra can do that).
+
+ Make sure fallback is updated.
+
+
+
+
+
+ Update README.md with new stable NixOS version information.
+
+
+
+
+ Change stableBranch to true and wait for channel to
+ update.
+
+
+
+
- At final release time
-
-
-
- git tag -s -a -m "Release 15.09" 15.09
-
-
-
-
- Update http://nixos.org/nixos/download.html and http://nixos.org/nixos/manual in https://github.com/NixOS/nixos-org-configurations
-
-
-
-
- Get number of commits for the release:
- git log release-14.04..release-14.12 --format=%an|wc -l
-
-
-
-
- Commits by contributor:
- git log release-14.04..release-14.12 --format=%an|sort|uniq -c|sort -rn
-
-
-
-
- Send an email to nix-dev to announce the release with above information. Best to check how previous email was formulated
- to see what needs to be included.
-
-
-
-
-
+ At final release time
-
+
+
+
+ git tag -s -a -m "Release 15.09" 15.09
+
+
+
+
+ Update http://nixos.org/nixos/download.html and
+ http://nixos.org/nixos/manual in
+ https://github.com/NixOS/nixos-org-configurations
+
+
+
+
+ Get number of commits for the release: git log
+ release-14.04..release-14.12 --format=%an|wc -l
+
+
+
+
+ Commits by contributor: git log release-14.04..release-14.12
+ --format=%an|sort|uniq -c|sort -rn
+
+
+
+
+ Send an email to nix-dev to announce the release with above information.
+ Best to check how previous email was formulated to see what needs to be
+ included.
+
+
+
+
+
+ Release schedule
-
-
-
-
-
-
+
+
+
+
+
+
Date
-
+
Event
-
-
-
-
-
+
+
+
+
+
2016-07-25
-
+
Send email to nix-dev about upcoming branch-off
-
-
-
+
+
+
2016-09-01
-
- release-16.09 branch and corresponding jobsets are created,
+ release-16.09 branch and corresponding jobsets are created,
change freeze
-
-
-
+
+
+
2016-09-30
-
+
NixOS 16.09 released
-
-
-
+
+
+
-
-
+
diff --git a/nixos/doc/manual/development/replace-modules.xml b/nixos/doc/manual/development/replace-modules.xml
index cc0539ec51092ed58220b67ceb652e8769df6269..7b103c36d907d4f6344493fb11dc8937e04e6eab 100644
--- a/nixos/doc/manual/development/replace-modules.xml
+++ b/nixos/doc/manual/development/replace-modules.xml
@@ -3,27 +3,31 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-replace-modules">
+ Replace Modules
-Replace Modules
+
+ Modules that are imported can also be disabled. The option declarations and
+ config implementation of a disabled module will be ignored, allowing another
+ to take it's place. This can be used to import a set of modules from another
+ channel while keeping the rest of the system on a stable release.
+
-Modules that are imported can also be disabled. The option
- declarations and config implementation of a disabled module will be
- ignored, allowing another to take it's place. This can be used to
- import a set of modules from another channel while keeping the rest
- of the system on a stable release.
-disabledModules is a top level attribute like
+
+ disabledModules is a top level attribute like
imports, options and
- config. It contains a list of modules that will
- be disabled. This can either be the full path to the module or a
- string with the filename relative to the modules path
- (eg. <nixpkgs/nixos/modules> for nixos).
-
+ config. It contains a list of modules that will be
+ disabled. This can either be the full path to the module or a string with the
+ filename relative to the modules path (eg. <nixpkgs/nixos/modules> for
+ nixos).
+
-This example will replace the existing postgresql module with
- the version defined in the nixos-unstable channel while keeping the
- rest of the modules and packages from the original nixos channel.
- This only overrides the module definition, this won't use postgresql
- from nixos-unstable unless explicitly configured to do so.
+
+ This example will replace the existing postgresql module with the version
+ defined in the nixos-unstable channel while keeping the rest of the modules
+ and packages from the original nixos channel. This only overrides the module
+ definition, this won't use postgresql from nixos-unstable unless explicitly
+ configured to do so.
+
{ config, lib, pkgs, ... }:
@@ -41,10 +45,11 @@
}
-This example shows how to define a custom module as a
- replacement for an existing module. Importing this module will
- disable the original module without having to know it's
- implementation details.
+
+ This example shows how to define a custom module as a replacement for an
+ existing module. Importing this module will disable the original module
+ without having to know it's implementation details.
+
{ config, lib, pkgs, ... }:
@@ -71,5 +76,4 @@ in
};
}
-
diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.xml b/nixos/doc/manual/development/running-nixos-tests-interactively.xml
index e4749077781553953384d3576f072bf6e992dcfd..862b364a6d79b5b450d85aaed20e1aa6ad9c62b5 100644
--- a/nixos/doc/manual/development/running-nixos-tests-interactively.xml
+++ b/nixos/doc/manual/development/running-nixos-tests-interactively.xml
@@ -3,41 +3,38 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests">
-Running Tests interactively
-
-The test itself can be run interactively. This is
-particularly useful when developing or debugging a test:
+ Running Tests interactively
+
+ The test itself can be run interactively. This is particularly useful when
+ developing or debugging a test:
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-test-driver
starting VDE switch for network 1
>
-
-You can then take any Perl statement, e.g.
-
+ You can then take any Perl statement, e.g.
> startAll
> testScript
> $machine->succeed("touch /tmp/foo")
-
-The function testScript executes the entire test
-script and drops you back into the test driver command line upon its
-completion. This allows you to inspect the state of the VMs after the
-test (e.g. to debug the test script).
-
-To just start and experiment with the VMs, run:
-
+ The function testScript executes the entire test script
+ and drops you back into the test driver command line upon its completion.
+ This allows you to inspect the state of the VMs after the test (e.g. to debug
+ the test script).
+
+
+
+ To just start and experiment with the VMs, run:
$ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-run-vms
-
-The script nixos-run-vms starts the virtual
-machines defined by test. The root file system of the VMs is created
-on the fly and kept across VM restarts in
-./hostname.qcow2.
-
+ The script nixos-run-vms starts the virtual machines
+ defined by test. The root file system of the VMs is created on the fly and
+ kept across VM restarts in
+ ./hostname.qcow2.
+
diff --git a/nixos/doc/manual/development/running-nixos-tests.xml b/nixos/doc/manual/development/running-nixos-tests.xml
index 908c0a66a32deb93ad23a251a0cd56930ecc1800..eadbe1ea4f2691524561585a49ac7a8ac4a4755b 100644
--- a/nixos/doc/manual/development/running-nixos-tests.xml
+++ b/nixos/doc/manual/development/running-nixos-tests.xml
@@ -3,20 +3,18 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-running-nixos-tests-interactively">
+ Running Tests
-Running Tests
-
-You can run tests using nix-build. For
-example, to run the test
+ You can run tests using nix-build. For example, to run the
+ test
+ login.nix,
-you just do:
-
+ you just do:
$ nix-build '<nixpkgs/nixos/tests/login.nix>'
-
-or, if you don’t want to rely on NIX_PATH:
-
+ or, if you don’t want to rely on NIX_PATH:
$ cd /my/nixpkgs/nixos/tests
$ nix-build login.nix
@@ -26,16 +24,13 @@ machine: QEMU running (pid 8841)
…
6 out of 6 tests succeeded
-
-After building/downloading all required dependencies, this will
-perform a build that starts a QEMU/KVM virtual machine containing a
-NixOS system. The virtual machine mounts the Nix store of the host;
-this makes VM creation very fast, as no disk image needs to be
-created. Afterwards, you can view a pretty-printed log of the test:
-
+ After building/downloading all required dependencies, this will perform a
+ build that starts a QEMU/KVM virtual machine containing a NixOS system. The
+ virtual machine mounts the Nix store of the host; this makes VM creation very
+ fast, as no disk image needs to be created. Afterwards, you can view a
+ pretty-printed log of the test:
$ firefox result/log.html
-
-
+
diff --git a/nixos/doc/manual/development/sources.xml b/nixos/doc/manual/development/sources.xml
index a2896cd7a135e66ceb75dcf3d96872ebfec964d7..c7b64cb84beba123b7d4e613bae584e459457b4a 100644
--- a/nixos/doc/manual/development/sources.xml
+++ b/nixos/doc/manual/development/sources.xml
@@ -3,101 +3,84 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-getting-sources">
-
-Getting the Sources
-
-By default, NixOS’s nixos-rebuild command
-uses the NixOS and Nixpkgs sources provided by the
-nixos channel (kept in
-/nix/var/nix/profiles/per-user/root/channels/nixos).
-To modify NixOS, however, you should check out the latest sources from
-Git. This is as follows:
-
+ Getting the Sources
+
+ By default, NixOS’s nixos-rebuild command uses the NixOS
+ and Nixpkgs sources provided by the nixos channel (kept in
+ /nix/var/nix/profiles/per-user/root/channels/nixos). To
+ modify NixOS, however, you should check out the latest sources from Git. This
+ is as follows:
$ git clone git://github.com/NixOS/nixpkgs.git
$ cd nixpkgs
$ git remote add channels git://github.com/NixOS/nixpkgs-channels.git
$ git remote update channels
-
-This will check out the latest Nixpkgs sources to
-./nixpkgs the NixOS sources to
-./nixpkgs/nixos. (The NixOS source tree lives in
-a subdirectory of the Nixpkgs repository.) The remote
-channels refers to a read-only repository that
-tracks the Nixpkgs/NixOS channels (see
-for more information about channels). Thus, the Git branch
-channels/nixos-17.03 will contain the latest built
-and tested version available in the nixos-17.03
-channel.
-
-It’s often inconvenient to develop directly on the master
-branch, since if somebody has just committed (say) a change to GCC,
-then the binary cache may not have caught up yet and you’ll have to
-rebuild everything from source. So you may want to create a local
-branch based on your current NixOS version:
-
+ This will check out the latest Nixpkgs sources to
+ ./nixpkgs the NixOS sources to
+ ./nixpkgs/nixos. (The NixOS source tree lives in a
+ subdirectory of the Nixpkgs repository.) The remote
+ channels refers to a read-only repository that tracks the
+ Nixpkgs/NixOS channels (see for more
+ information about channels). Thus, the Git branch
+ channels/nixos-17.03 will contain the latest built and
+ tested version available in the nixos-17.03 channel.
+
+
+ It’s often inconvenient to develop directly on the master branch, since if
+ somebody has just committed (say) a change to GCC, then the binary cache may
+ not have caught up yet and you’ll have to rebuild everything from source.
+ So you may want to create a local branch based on your current NixOS version:
$ nixos-version
17.09pre104379.6e0b727 (Hummingbird)
$ git checkout -b local 6e0b727
-
-Or, to base your local branch on the latest version available in a
-NixOS channel:
-
+ Or, to base your local branch on the latest version available in a NixOS
+ channel:
$ git remote update channels
$ git checkout -b local channels/nixos-17.03
-
-(Replace nixos-17.03 with the name of the channel
-you want to use.) You can use git merge or
-git rebase to keep your local branch in sync with
-the channel, e.g.
-
+ (Replace nixos-17.03 with the name of the channel you want
+ to use.) You can use git merge or git
+ rebase to keep your local branch in sync with the channel, e.g.
$ git remote update channels
$ git merge channels/nixos-17.03
-
-You can use git cherry-pick to copy commits from
-your local branch to the upstream branch.
-
-If you want to rebuild your system using your (modified)
-sources, you need to tell nixos-rebuild about them
-using the flag:
-
+ You can use git cherry-pick to copy commits from your
+ local branch to the upstream branch.
+
+
+ If you want to rebuild your system using your (modified) sources, you need to
+ tell nixos-rebuild about them using the
+ flag:
# nixos-rebuild switch -I nixpkgs=/my/sources/nixpkgs
-
-
-
-If you want nix-env to use the expressions in
-/my/sources, use nix-env -f
-/my/sources/nixpkgs, or change
-the default by adding a symlink in
-~/.nix-defexpr:
-
+
+
+ If you want nix-env to use the expressions in
+ /my/sources, use nix-env -f
+ /my/sources/nixpkgs, or change the
+ default by adding a symlink in ~/.nix-defexpr:
$ ln -s /my/sources/nixpkgs ~/.nix-defexpr/nixpkgs
-
-You may want to delete the symlink
-~/.nix-defexpr/channels_root to prevent root’s
-NixOS channel from clashing with your own tree (this may break the
-command-not-found utility though). If you want to go back to the default
-state, you may just remove the ~/.nix-defexpr
-directory completely, log out and log in again and it should have been
-recreated with a link to the root channels.
-
+ You may want to delete the symlink
+ ~/.nix-defexpr/channels_root to prevent root’s NixOS
+ channel from clashing with your own tree (this may break the
+ command-not-found utility though). If you want to go back to the default
+ state, you may just remove the ~/.nix-defexpr directory
+ completely, log out and log in again and it should have been recreated with a
+ link to the root channels.
+
-
diff --git a/nixos/doc/manual/development/testing-installer.xml b/nixos/doc/manual/development/testing-installer.xml
index 16bc8125d9ff48ccdf46d6a782d5ca99f29cb812..63f5f3de7f4df781bb2fa7ddb05f84214a5cc4ea 100644
--- a/nixos/doc/manual/development/testing-installer.xml
+++ b/nixos/doc/manual/development/testing-installer.xml
@@ -3,27 +3,20 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-testing-installer">
-
-Testing the Installer
-
-Building, burning, and booting from an installation CD is rather
-tedious, so here is a quick way to see if the installer works
-properly:
-
+ Testing the Installer
+
+ Building, burning, and booting from an installation CD is rather tedious, so
+ here is a quick way to see if the installer works properly:
# mount -t tmpfs none /mnt
# nixos-generate-config --root /mnt
$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-install
# ./result/bin/nixos-install
-
-To start a login shell in the new NixOS installation in
-/mnt:
-
+ To start a login shell in the new NixOS installation in
+ /mnt:
$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-enter
# ./result/bin/nixos-enter
-
-
-
+
diff --git a/nixos/doc/manual/development/writing-documentation.xml b/nixos/doc/manual/development/writing-documentation.xml
index 59a287717acb422421d5831ea5f6975762d5290b..8ecdd1c770f2dce348ceac88480e74d9d7635a15 100644
--- a/nixos/doc/manual/development/writing-documentation.xml
+++ b/nixos/doc/manual/development/writing-documentation.xml
@@ -3,145 +3,147 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-writing-documentation">
-
-Writing NixOS Documentation
-
-
- As NixOS grows, so too does the need for a catalogue and explanation
- of its extensive functionality. Collecting pertinent information
- from disparate sources and presenting it in an accessible style
- would be a worthy contribution to the project.
-
-
-
-Building the Manual
-
- The DocBook sources of the are in the
- nixos/doc/manual
- subdirectory of the Nixpkgs repository. If you make modifications to
- the manual, it's important to build it before committing. You can do
- that as follows:
-
- nix-build nixos/release.nix -A manual.x86_64-linux
-
-
-
- When this command successfully finishes, it will tell you where the
- manual got generated. The HTML will be accessible through the
- result symlink at
- ./result/share/doc/nixos/index.html.
-
-
-
-
-Editing DocBook XML
-
-
- For general information on how to write in DocBook, see
-
- DocBook 5: The Definitive Guide.
-
-
-
- Emacs nXML Mode is very helpful for editing DocBook XML because it
- validates the document as you write, and precisely locates
- errors. To use it, see .
-
-
-
- Pandoc can generate
- DocBook XML from a multitude of formats, which makes a good starting
- point.
-
-
+ Writing NixOS Documentation
+
+ As NixOS grows, so too does the need for a catalogue and explanation of its
+ extensive functionality. Collecting pertinent information from disparate
+ sources and presenting it in an accessible style would be a worthy
+ contribution to the project.
+
+
+ Building the Manual
+
+
+ The DocBook sources of the are in the
+ nixos/doc/manual
+ subdirectory of the Nixpkgs repository.
+
+
+
+ You can quickly validate your edits with make:
+
+
+
+ $ cd /path/to/nixpkgs/nixos/doc/manual
+ $ make
+
+
+
+ Once you are done making modifications to the manual, it's important to
+ build it before committing. You can do that as follows:
+
+
+nix-build nixos/release.nix -A manual.x86_64-linux
+
+
+ When this command successfully finishes, it will tell you where the manual
+ got generated. The HTML will be accessible through the
+ result symlink at
+ ./result/share/doc/nixos/index.html.
+
+
+
+ Editing DocBook XML
+
+
+ For general information on how to write in DocBook, see
+ DocBook
+ 5: The Definitive Guide.
+
+
+
+ Emacs nXML Mode is very helpful for editing DocBook XML because it validates
+ the document as you write, and precisely locates errors. To use it, see
+ .
+
+
+
+ Pandoc can generate DocBook XML
+ from a multitude of formats, which makes a good starting point.
+ Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML
- pandoc -f markdown_github -t docbook5 docs.md -o my-section.md
-
-
- Pandoc can also quickly convert a single
- section.xml to HTML, which is helpful when
- drafting.
-
-
-
- Sometimes writing valid DocBook is simply too difficult. In this
- case, submit your documentation updates in a pandoc -f markdown_github -t docbook5 docs.md -o my-section.md
+
+ Pandoc can also quickly convert a single section.xml to
+ HTML, which is helpful when drafting.
+
+
+
+ Sometimes writing valid DocBook is simply too difficult. In this case,
+ submit your documentation updates in a
+ GitHub
- Issue and someone will handle the conversion to XML for you.
-
-
-
-
-Creating a Topic
-
-
- You can use an existing topic as a basis for the new topic or create a topic from scratch.
-
-
-
-Keep the following guidelines in mind when you create and add a topic:
-
-
-
- The NixOS book
- element is in nixos/doc/manual/manual.xml.
- It includes several
- parts
- which are in subdirectories.
-
-
-
- Store the topic file in the same directory as the part
- to which it belongs. If your topic is about configuring a NixOS
- module, then the XML file can be stored alongside the module
- definition nix file.
-
-
-
- If you include multiple words in the file name, separate the words
- with a dash. For example: ipv6-config.xml.
-
-
-
- Make sure that the xml:id value is unique. You can use
- abbreviations if the ID is too long. For example:
- nixos-config.
-
-
-
- Determine whether your topic is a chapter or a section. If you are
- unsure, open an existing topic file and check whether the main
- element is chapter or section.
-
-
-
-
-
-
-
-
-Adding a Topic to the Book
-
-
- Open the parent XML file and add an xi:include
- element to the list of chapters with the file name of the topic that
- you created. If you created a section, you add the file to
- the chapter file. If you created a chapter, you
- add the file to the part file.
-
-
-
- If the topic is about configuring a NixOS module, it can be
- automatically included in the manual by using the
- meta.doc attribute. See and someone will handle the conversion to XML for you.
+
+
+
+ Creating a Topic
+
+
+ You can use an existing topic as a basis for the new topic or create a topic
+ from scratch.
+
+
+
+ Keep the following guidelines in mind when you create and add a topic:
+
+
+
+ The NixOS
+ book
+ element is in nixos/doc/manual/manual.xml. It
+ includes several
+ parts
+ which are in subdirectories.
+
+
+
+
+ Store the topic file in the same directory as the part to
+ which it belongs. If your topic is about configuring a NixOS module, then
+ the XML file can be stored alongside the module definition
+ nix file.
+
+
+
+
+ If you include multiple words in the file name, separate the words with a
+ dash. For example: ipv6-config.xml.
+
+
+
+
+ Make sure that the xml:id value is unique. You can use
+ abbreviations if the ID is too long. For example:
+ nixos-config.
+
+
+
+
+ Determine whether your topic is a chapter or a section. If you are
+ unsure, open an existing topic file and check whether the main element is
+ chapter or section.
+
+
+
+
+
+
+ Adding a Topic to the Book
+
+
+ Open the parent XML file and add an xi:include element to
+ the list of chapters with the file name of the topic that you created. If
+ you created a section, you add the file to the chapter
+ file. If you created a chapter, you add the file to the
+ part file.
+
+
+
+ If the topic is about configuring a NixOS module, it can be automatically
+ included in the manual by using the meta.doc attribute.
+ See for an explanation.
-
-
-
-
-
-
-
-
-
+
+
diff --git a/nixos/doc/manual/development/writing-modules.xml b/nixos/doc/manual/development/writing-modules.xml
index cb363b45675bf3eda9d2416f9817135f609228ea..bbf793bb0be9862f9c208b0b96fd0962f343ed18 100644
--- a/nixos/doc/manual/development/writing-modules.xml
+++ b/nixos/doc/manual/development/writing-modules.xml
@@ -3,52 +3,54 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-writing-modules">
-
-Writing NixOS Modules
-
-NixOS has a modular system for declarative configuration. This
-system combines multiple modules to produce the
-full system configuration. One of the modules that constitute the
-configuration is /etc/nixos/configuration.nix.
-Most of the others live in the Writing NixOS Modules
+
+ NixOS has a modular system for declarative configuration. This system
+ combines multiple modules to produce the full system
+ configuration. One of the modules that constitute the configuration is
+ /etc/nixos/configuration.nix. Most of the others live in
+ the
+ nixos/modules
-subdirectory of the Nixpkgs tree.
-
-Each NixOS module is a file that handles one logical aspect of
-the configuration, such as a specific kind of hardware, a service, or
-network settings. A module configuration does not have to handle
-everything from scratch; it can use the functionality provided by
-other modules for its implementation. Thus a module can
-declare options that can be used by other
-modules, and conversely can define options
-provided by other modules in its own implementation. For example, the
-module
+
+ Each NixOS module is a file that handles one logical aspect of the
+ configuration, such as a specific kind of hardware, a service, or network
+ settings. A module configuration does not have to handle everything from
+ scratch; it can use the functionality provided by other modules for its
+ implementation. Thus a module can declare options that
+ can be used by other modules, and conversely can define
+ options provided by other modules in its own implementation. For example, the
+ module
+ pam.nix
-declares the option that allows
-other modules (e.g. security.pam.services that allows other
+ modules (e.g.
+ sshd.nix)
-to define PAM services; and it defines the option
- (declared by environment.etc (declared by
+ etc.nix)
-to cause files to be created in
-/etc/pam.d.
-
-In /etc/pam.d.
+
+
+ In , we saw the following structure
-of NixOS modules:
-
+ of NixOS modules:
{ config, pkgs, ... }:
{ option definitions
}
-
-This is actually an abbreviated form of module
-that only defines options, but does not declare any. The structure of
-full NixOS modules is shown in .
-
-Structure of NixOS Modules
+ This is actually an abbreviated form of module that only
+ defines options, but does not declare any. The structure of full NixOS
+ modules is shown in .
+
+
+ Structure of NixOS Modules
{ config, pkgs, ... }:
@@ -65,56 +67,56 @@ full NixOS modules is shown in .option definitions
};
}
-
-
-The meaning of each part is as follows.
-
-
-
- This line makes the current Nix expression a function. The
- variable pkgs contains Nixpkgs, while
- config contains the full system configuration.
- This line can be omitted if there is no reference to
- pkgs and config inside the
- module.
-
-
-
- This list enumerates the paths to other NixOS modules that
- should be included in the evaluation of the system configuration.
- A default set of modules is defined in the file
- modules/module-list.nix. These don't need to
- be added in the import list.
-
-
-
- The attribute options is a nested set of
- option declarations (described below).
-
-
-
- The attribute config is a nested set of
- option definitions (also described
- below).
-
-
-
-
-
- shows a module that handles
-the regular update of the “locate” database, an index of all files in
-the file system. This module declares two options that can be defined
-by other modules (typically the user’s
-configuration.nix):
- (whether the database should
-be updated) and (when the
-update should be done). It implements its functionality by defining
-two options declared by other modules:
- (the set of all systemd services)
-and (the list of commands to be
-executed periodically by systemd).
-
-NixOS Module for the “locate” Service
+
+
+ The meaning of each part is as follows.
+
+
+
+ This line makes the current Nix expression a function. The variable
+ pkgs contains Nixpkgs, while config
+ contains the full system configuration. This line can be omitted if there
+ is no reference to pkgs and config
+ inside the module.
+
+
+
+
+ This list enumerates the paths to other NixOS modules that should be
+ included in the evaluation of the system configuration. A default set of
+ modules is defined in the file
+ modules/module-list.nix. These don't need to be added
+ in the import list.
+
+
+
+
+ The attribute options is a nested set of
+ option declarations (described below).
+
+
+
+
+ The attribute config is a nested set of
+ option definitions (also described below).
+
+
+
+
+
+ shows a module that handles the regular
+ update of the “locate” database, an index of all files in the file
+ system. This module declares two options that can be defined by other modules
+ (typically the user’s configuration.nix):
+ (whether the database should be
+ updated) and (when the update
+ should be done). It implements its functionality by defining two options
+ declared by other modules: (the set of all
+ systemd services) and (the list of commands
+ to be executed periodically by systemd).
+
+
+ NixOS Module for the “locate” Service
{ config, lib, pkgs, ... }:
@@ -173,13 +175,12 @@ in {
};
}
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml
index a8f6aa00858e3229493a678372ec3a554e6b6a6a..89a6a442362727d1362bb625acfb33462f75e576 100644
--- a/nixos/doc/manual/development/writing-nixos-tests.xml
+++ b/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -3,11 +3,10 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-writing-nixos-tests">
+ Writing Tests
-Writing Tests
-
-A NixOS test is a Nix expression that has the following structure:
-
+
+ A NixOS test is a Nix expression that has the following structure:
import ./make-test.nix {
@@ -32,277 +31,364 @@ import ./make-test.nix {
'';
}
-
-The attribute testScript is a bit of Perl code that
-executes the test (described below). During the test, it will start
-one or more virtual machines, the configuration of which is described
-by the attribute machine (if you need only one
-machine in your test) or by the attribute nodes (if
-you need multiple machines). For instance, testScript is a bit of Perl code that
+ executes the test (described below). During the test, it will start one or
+ more virtual machines, the configuration of which is described by the
+ attribute machine (if you need only one machine in your
+ test) or by the attribute nodes (if you need multiple
+ machines). For instance,
+ login.nix
-only needs a single machine to test whether users can log in on the
-virtual console, whether device ownership is correctly maintained when
-switching between consoles, and so on. On the other hand, nfs.nix,
-which tests NFS client and server functionality in the Linux kernel
-(including whether locks are maintained across server crashes),
-requires three machines: a server and two clients.
-
-There are a few special NixOS configuration options for test
-VMs:
+ which tests NFS client and server functionality in the Linux kernel
+ (including whether locks are maintained across server crashes), requires
+ three machines: a server and two clients.
+
+
+ There are a few special NixOS configuration options for test VMs:
-
-
-
-
-
- The memory of the VM in
- megabytes.
-
-
-
-
- The virtual networks to which the VM is
- connected. See
+
+
+
+
+
+ The memory of the VM in megabytes.
+
+
+
+
+
+
+
+
+ The virtual networks to which the VM is connected. See
+ nat.nix
- for an example.
-
-
-
-
- By default, the Nix store in the VM is not
- writable. If you enable this option, a writable union file system
- is mounted on top of the Nix store to make it appear
- writable. This is necessary for tests that run Nix operations that
- modify the store.
-
-
-
-
-For more options, see the module qemu-vm.nix.
-
-The test script is a sequence of Perl statements that perform
-various actions, such as starting VMs, executing commands in the VMs,
-and so on. Each virtual machine is represented as an object stored in
-the variable $name,
-where name is the identifier of the machine
-(which is just machine if you didn’t specify
-multiple machines using the nodes attribute). For
-instance, the following starts the machine, waits until it has
-finished booting, then executes a command and checks that the output
-is more-or-less correct:
-
+ for an example.
+
+
+
+
+
+
+
+
+ By default, the Nix store in the VM is not writable. If you enable this
+ option, a writable union file system is mounted on top of the Nix store
+ to make it appear writable. This is necessary for tests that run Nix
+ operations that modify the store.
+
+
+
+
+ For more options, see the module
+ qemu-vm.nix.
+
+
+
+ The test script is a sequence of Perl statements that perform various
+ actions, such as starting VMs, executing commands in the VMs, and so on. Each
+ virtual machine is represented as an object stored in the variable
+ $name, where
+ name is the identifier of the machine (which is
+ just machine if you didn’t specify multiple machines
+ using the nodes attribute). For instance, the following
+ starts the machine, waits until it has finished booting, then executes a
+ command and checks that the output is more-or-less correct:
$machine->start;
$machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/;
-
-The first line is actually unnecessary; machines are implicitly
-started when you first execute an action on them (such as
-waitForUnit or succeed). If you
-have multiple machines, you can speed up the test by starting them in
-parallel:
-
+ The first line is actually unnecessary; machines are implicitly started when
+ you first execute an action on them (such as waitForUnit
+ or succeed). If you have multiple machines, you can speed
+ up the test by starting them in parallel:
startAll;
-
-
-
-The following methods are available on machine objects:
-
-
-
-
- start
- Start the virtual machine. This method is
- asynchronous — it does not wait for the machine to finish
- booting.
-
-
-
- shutdown
- Shut down the machine, waiting for the VM to
- exit.
-
-
-
- crash
- Simulate a sudden power failure, by telling the VM
- to exit immediately.
-
-
-
- block
- Simulate unplugging the Ethernet cable that
- connects the machine to the other machines.
-
-
-
- unblock
- Undo the effect of
- block.
-
-
-
- screenshot
- Take a picture of the display of the virtual
- machine, in PNG format. The screenshot is linked from the HTML
- log.
-
-
-
- getScreenText
- Return a textual representation of what is currently
- visible on the machine's screen using optical character
- recognition.
- This requires passing to the test
- attribute set.
-
-
-
- sendMonitorCommand
- Send a command to the QEMU monitor. This is rarely
- used, but allows doing stuff such as attaching virtual USB disks
- to a running machine.
-
-
-
- sendKeys
- Simulate pressing keys on the virtual keyboard,
- e.g., sendKeys("ctrl-alt-delete").
-
-
-
- sendChars
- Simulate typing a sequence of characters on the
- virtual keyboard, e.g., sendKeys("foobar\n")
- will type the string foobar followed by the
- Enter key.
-
-
-
- execute
- Execute a shell command, returning a list
- (status,
- stdout).
-
-
-
- succeed
- Execute a shell command, raising an exception if
- the exit status is not zero, otherwise returning the standard
- output.
-
-
-
- fail
- Like succeed, but raising
- an exception if the command returns a zero status.
-
-
-
- waitUntilSucceeds
- Repeat a shell command with 1-second intervals
- until it succeeds.
-
-
-
- waitUntilFails
- Repeat a shell command with 1-second intervals
- until it fails.
-
-
-
- waitForUnit
- Wait until the specified systemd unit has reached
- the “active” state.
-
-
-
- waitForFile
- Wait until the specified file
- exists.
-
-
-
- waitForOpenPort
- Wait until a process is listening on the given TCP
- port (on localhost, at least).
-
-
-
- waitForClosedPort
- Wait until nobody is listening on the given TCP
- port.
-
-
-
- waitForX
- Wait until the X11 server is accepting
- connections.
-
-
-
- waitForText
- Wait until the supplied regular expressions matches
- the textual contents of the screen by using optical character recognition
- (see getScreenText).
- This requires passing to the test
- attribute set.
-
-
-
- waitForWindow
- Wait until an X11 window has appeared whose name
- matches the given regular expression, e.g.,
- waitForWindow(qr/Terminal/).
-
-
-
- copyFileFromHost
- Copies a file from host to machine, e.g.,
- copyFileFromHost("myfile", "/etc/my/important/file").
- The first argument is the file on the host. The file needs to be
- accessible while building the nix derivation. The second argument is
- the location of the file on the machine.
+
+
+
+ The following methods are available on machine objects:
+
+
+ start
+
+
+
+ Start the virtual machine. This method is asynchronous — it does not
+ wait for the machine to finish booting.
+
-
-
-
- systemctl
+
+
+ shutdown
+
+
+
+ Shut down the machine, waiting for the VM to exit.
+
+
+
+
+ crash
+
- Runs systemctl commands with optional support for
- systemctl --user
-
-
+
+ Simulate a sudden power failure, by telling the VM to exit immediately.
+
+
+
+
+ block
+
+
+
+ Simulate unplugging the Ethernet cable that connects the machine to the
+ other machines.
+
+
+
+
+ unblock
+
+
+
+ Undo the effect of block.
+
+
+
+
+ screenshot
+
+
+
+ Take a picture of the display of the virtual machine, in PNG format. The
+ screenshot is linked from the HTML log.
+
+
+
+
+ getScreenText
+
+
+
+ Return a textual representation of what is currently visible on the
+ machine's screen using optical character recognition.
+
+
+
+ This requires passing to the test attribute
+ set.
+
+
+
+
+
+ sendMonitorCommand
+
+
+
+ Send a command to the QEMU monitor. This is rarely used, but allows doing
+ stuff such as attaching virtual USB disks to a running machine.
+
+
+
+
+ sendKeys
+
+
+
+ Simulate pressing keys on the virtual keyboard, e.g.,
+ sendKeys("ctrl-alt-delete").
+
+
+
+
+ sendChars
+
+
+
+ Simulate typing a sequence of characters on the virtual keyboard, e.g.,
+ sendKeys("foobar\n") will type the string
+ foobar followed by the Enter key.
+
+
+
+
+ execute
+
+
+
+ Execute a shell command, returning a list
+ (status,
+ stdout).
+
+
+
+
+ succeed
+
+
+
+ Execute a shell command, raising an exception if the exit status is not
+ zero, otherwise returning the standard output.
+
+
+
+
+ fail
+
+
+
+ Like succeed, but raising an exception if the
+ command returns a zero status.
+
+
+
+
+ waitUntilSucceeds
+
+
+
+ Repeat a shell command with 1-second intervals until it succeeds.
+
+
+
+
+ waitUntilFails
+
+
+
+ Repeat a shell command with 1-second intervals until it fails.
+
+
+
+
+ waitForUnit
+
+
+
+ Wait until the specified systemd unit has reached the “active” state.
+
+
+
+
+ waitForFile
+
+
+
+ Wait until the specified file exists.
+
+
+
+
+ waitForOpenPort
+
+
+
+ Wait until a process is listening on the given TCP port (on
+ localhost, at least).
+
+
+
+
+ waitForClosedPort
+
+
+
+ Wait until nobody is listening on the given TCP port.
+
+
+
+
+ waitForX
+
+
+
+ Wait until the X11 server is accepting connections.
+
+
+
+
+ waitForText
+
+
+
+ Wait until the supplied regular expressions matches the textual contents
+ of the screen by using optical character recognition (see
+ getScreenText).
+
+
+
+ This requires passing to the test attribute
+ set.
+
+
+
+
+
+ waitForWindow
+
+
+
+ Wait until an X11 window has appeared whose name matches the given
+ regular expression, e.g., waitForWindow(qr/Terminal/).
+
+
+
+
+ copyFileFromHost
+
+
+
+ Copies a file from host to machine, e.g.,
+ copyFileFromHost("myfile", "/etc/my/important/file").
+
+
+ The first argument is the file on the host. The file needs to be
+ accessible while building the nix derivation. The second argument is the
+ location of the file on the machine.
+
+
+
+
+ systemctl
+
+
+
+ Runs systemctl commands with optional support for
+ systemctl --user
+
+
+
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
-
+
-
+
+
+
-
-
-
-
-
- To test user units declared by systemd.user.services the optional $user
- argument can be used:
-
-
+
+ To test user units declared by systemd.user.services the
+ optional $user argument can be used:
+
$machine->start;
$machine->waitForX;
$machine->waitForUnit("xautolock.service", "x-session-user");
-
This applies to systemctl, getUnitInfo,
- waitForUnit, startJob
- and stopJob.
-
-
+ waitForUnit, startJob and
+ stopJob.
+
diff --git a/nixos/doc/manual/installation/changing-config.xml b/nixos/doc/manual/installation/changing-config.xml
index 4db9020b96064a09d2fbf6abceed87d3b928b6de..680160a3cb7e158951ed81988c089b8eeeeec825 100644
--- a/nixos/doc/manual/installation/changing-config.xml
+++ b/nixos/doc/manual/installation/changing-config.xml
@@ -2,101 +2,84 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="sec-changing-config">
-
-Changing the Configuration
-
-The file /etc/nixos/configuration.nix
-contains the current configuration of your machine. Whenever you’ve
-changed something in that file, you should do
-
+ Changing the Configuration
+
+ The file /etc/nixos/configuration.nix contains the
+ current configuration of your machine. Whenever you’ve
+ changed something in that file, you
+ should do
# nixos-rebuild switch
-
-to build the new configuration, make it the default configuration for
-booting, and try to realise the configuration in the running system
-(e.g., by restarting system services).
-
-These commands must be executed as root, so you should
-either run them from a root shell or by prefixing them with
-sudo -i.
-
-You can also do
-
+ to build the new configuration, make it the default configuration for
+ booting, and try to realise the configuration in the running system (e.g., by
+ restarting system services).
+
+
+
+ These commands must be executed as root, so you should either run them from
+ a root shell or by prefixing them with sudo -i.
+
+
+
+ You can also do
# nixos-rebuild test
-
-to build the configuration and switch the running system to it, but
-without making it the boot default. So if (say) the configuration
-locks up your machine, you can just reboot to get back to a working
-configuration.
-
-There is also
-
+ to build the configuration and switch the running system to it, but without
+ making it the boot default. So if (say) the configuration locks up your
+ machine, you can just reboot to get back to a working configuration.
+
+
+ There is also
# nixos-rebuild boot
-
-to build the configuration and make it the boot default, but not
-switch to it now (so it will only take effect after the next
-reboot).
-
-You can make your configuration show up in a different submenu
-of the GRUB 2 boot screen by giving it a different profile
-name, e.g.
-
+ to build the configuration and make it the boot default, but not switch to it
+ now (so it will only take effect after the next reboot).
+
+
+ You can make your configuration show up in a different submenu of the GRUB 2
+ boot screen by giving it a different profile name, e.g.
# nixos-rebuild switch -p test
-
-which causes the new configuration (and previous ones created using
--p test) to show up in the GRUB submenu “NixOS -
-Profile 'test'”. This can be useful to separate test configurations
-from “stable” configurations.
-
-Finally, you can do
-
+ which causes the new configuration (and previous ones created using
+ -p test) to show up in the GRUB submenu “NixOS - Profile
+ 'test'”. This can be useful to separate test configurations from
+ “stable” configurations.
+
+
+ Finally, you can do
$ nixos-rebuild build
-
-to build the configuration but nothing more. This is useful to see
-whether everything compiles cleanly.
-
-If you have a machine that supports hardware virtualisation, you
-can also test the new configuration in a sandbox by building and
-running a QEMU virtual machine that contains the
-desired configuration. Just do
-
+ to build the configuration but nothing more. This is useful to see whether
+ everything compiles cleanly.
+
+
+ If you have a machine that supports hardware virtualisation, you can also
+ test the new configuration in a sandbox by building and running a QEMU
+ virtual machine that contains the desired configuration.
+ Just do
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
-
-The VM does not have any data from your host system, so your existing
-user accounts and home directories will not be available unless you
-have set mutableUsers = false. Another way is to
-temporarily add the following to your configuration:
-
+ The VM does not have any data from your host system, so your existing user
+ accounts and home directories will not be available unless you have set
+ mutableUsers = false. Another way is to temporarily add
+ the following to your configuration:
-users.extraUsers.your-user.initialPassword = "test"
+users.extraUsers.your-user.initialHashedPassword = "test";
-
-Important: delete the $hostname.qcow2 file if you
-have started the virtual machine at least once without the right
-users, otherwise the changes will not get picked up.
-
-You can forward ports on the host to the guest. For
-instance, the following will forward host port 2222 to guest port 22
-(SSH):
-
+ Important: delete the $hostname.qcow2 file if you have
+ started the virtual machine at least once without the right users, otherwise
+ the changes will not get picked up. You can forward ports on the host to the
+ guest. For instance, the following will forward host port 2222 to guest port
+ 22 (SSH):
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
-
-allowing you to log in via SSH (assuming you have set the appropriate
-passwords or SSH authorized keys):
-
+ allowing you to log in via SSH (assuming you have set the appropriate
+ passwords or SSH authorized keys):
$ ssh -p 2222 localhost
-
-
-
+
diff --git a/nixos/doc/manual/installation/installation.xml b/nixos/doc/manual/installation/installation.xml
index ee61bedc4183a827bada575cba23a67fb7379cc0..d4276be95d6893df24151ab1f63ecc5652c6b011 100644
--- a/nixos/doc/manual/installation/installation.xml
+++ b/nixos/doc/manual/installation/installation.xml
@@ -3,19 +3,15 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-installation">
-
-Installation
-
-
-
-This section describes how to obtain, install, and configure
-NixOS for first-time use.
-
-
-
-
-
-
-
-
+ Installation
+
+
+ This section describes how to obtain, install, and configure NixOS for
+ first-time use.
+
+
+
+
+
+
diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml
index ecd020a067a95ff5750581af3c252ae54ca25cb0..8b0c350b064dd712f8e68c14c8098ff88e629f00 100644
--- a/nixos/doc/manual/installation/installing-from-other-distro.xml
+++ b/nixos/doc/manual/installation/installing-from-other-distro.xml
@@ -5,280 +5,325 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-installing-from-other-distro">
-
- Installing from another Linux distribution
-
-
- Because Nix (the package manager) & Nixpkgs (the Nix packages
- collection) can both be installed on any (most?) Linux distributions,
- they can be used to install NixOS in various creative ways. You can,
- for instance:
-
-
-
- Install NixOS on another partition, from your existing
- Linux distribution (without the use of a USB or optical
- device!)
-
- Install NixOS on the same partition (in place!), from
- your existing non-NixOS Linux distribution using
- NIXOS_LUSTRATE.
-
- Install NixOS on your hard drive from the Live CD of
- any Linux distribution.
-
-
- The first steps to all these are the same:
-
-
-
- Install the Nix package manager:
-
- Short version:
-
-
+ Installing from another Linux distribution
+
+
+ Because Nix (the package manager) & Nixpkgs (the Nix packages collection)
+ can both be installed on any (most?) Linux distributions, they can be used to
+ install NixOS in various creative ways. You can, for instance:
+
+
+
+
+
+ Install NixOS on another partition, from your existing Linux distribution
+ (without the use of a USB or optical device!)
+
+
+
+
+ Install NixOS on the same partition (in place!), from your existing
+ non-NixOS Linux distribution using NIXOS_LUSTRATE.
+
+
+
+
+ Install NixOS on your hard drive from the Live CD of any Linux
+ distribution.
+
+
+
+
+
+ The first steps to all these are the same:
+
+
+
+
+
+ Install the Nix package manager:
+
+
+ Short version:
+
+
$ bash <(curl https://nixos.org/nix/install)
$ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell
-
- More details in the
+ More details in the
+
- Nix manual
-
-
-
- Switch to the NixOS channel:
-
- If you've just installed Nix on a non-NixOS distribution, you
- will be on the nixpkgs channel by
- default.
-
-
+ Nix manual
+
+
+
+
+ Switch to the NixOS channel:
+
+
+ If you've just installed Nix on a non-NixOS distribution, you will be on
+ the nixpkgs channel by default.
+
+
$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
-
- As that channel gets released without running the NixOS
- tests, it will be safer to use the nixos-*
- channels instead:
-
-
+
+ As that channel gets released without running the NixOS tests, it will be
+ safer to use the nixos-* channels instead:
+
+
$ nix-channel --add https://nixos.org/channels/nixos-version nixpkgs
-
- You may want to throw in a nix-channel
- --update for good measure.
-
-
-
- Install the NixOS installation tools:
-
- You'll need nixos-generate-config and
- nixos-install and we'll throw in some man
- pages and nixos-enter just in case you want
- to chroot into your NixOS partition. They are installed by
- default on NixOS, but you don't have NixOS yet..
-
- $ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"
-
-
-
- The following 5 steps are only for installing NixOS to
- another partition. For installing NixOS in place using
- NIXOS_LUSTRATE, skip ahead.
-
- Prepare your target partition:
-
- At this point it is time to prepare your target partition.
- Please refer to the partitioning, file-system creation, and
- mounting steps of
-
- If you're about to install NixOS in place using
- NIXOS_LUSTRATE there is nothing to do for
- this step.
-
-
-
- Generate your NixOS configuration:
-
- $ sudo `which nixos-generate-config` --root /mnt
-
- You'll probably want to edit the configuration files. Refer
- to the nixos-generate-config step in for more information.
-
- Consider setting up the NixOS bootloader to give you the
- ability to boot on your existing Linux partition. For instance,
- if you're using GRUB and your existing distribution is running
- Ubuntu, you may want to add something like this to your
- configuration.nix:
-
-
-boot.loader.grub.extraEntries = ''
+
+ You may want to throw in a nix-channel --update for good
+ measure.
+
+
+
+
+ Install the NixOS installation tools:
+
+
+ You'll need nixos-generate-config and
+ nixos-install and we'll throw in some man pages and
+ nixos-enter just in case you want to chroot into your
+ NixOS partition. They are installed by default on NixOS, but you don't have
+ NixOS yet..
+
+$ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"
+
+
+
+
+ The following 5 steps are only for installing NixOS to another partition.
+ For installing NixOS in place using NIXOS_LUSTRATE,
+ skip ahead.
+
+
+
+ Prepare your target partition:
+
+
+ At this point it is time to prepare your target partition. Please refer to
+ the partitioning, file-system creation, and mounting steps of
+
+
+
+ If you're about to install NixOS in place using
+ NIXOS_LUSTRATE there is nothing to do for this step.
+
+
+
+
+ Generate your NixOS configuration:
+
+$ sudo `which nixos-generate-config` --root /mnt
+
+ You'll probably want to edit the configuration files. Refer to the
+ nixos-generate-config step in
+ for more
+ information.
+
+
+ Consider setting up the NixOS bootloader to give you the ability to boot on
+ your existing Linux partition. For instance, if you're using GRUB and your
+ existing distribution is running Ubuntu, you may want to add something like
+ this to your configuration.nix:
+
+
+ = ''
menuentry "Ubuntu" {
search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e
configfile "($ubuntu)/boot/grub/grub.cfg"
}
'';
-
- (You can find the appropriate UUID for your partition in
- /dev/disk/by-uuid)
-
-
-
- Create the nixbld group and user on your
- original distribution:
-
-
+
+ (You can find the appropriate UUID for your partition in
+ /dev/disk/by-uuid)
+
+
+
+
+ Create the nixbld group and user on your original
+ distribution:
+
+
$ sudo groupadd -g 30000 nixbld
$ sudo useradd -u 30000 -g nixbld -G nixbld nixbld
-
-
-
- Download/build/install NixOS:
-
- Once you complete this step, you might no longer be
- able to boot on existing systems without the help of a
- rescue USB drive or similar.
-
- $ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt
-
- Again, please refer to the nixos-install
- step in for more
- information.
-
- That should be it for installation to another partition!
-
-
-
- Optionally, you may want to clean up your non-NixOS distribution:
-
-
+
+
+
+ Download/build/install NixOS:
+
+
+
+ Once you complete this step, you might no longer be able to boot on
+ existing systems without the help of a rescue USB drive or similar.
+
+
+$ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt
+
+ Again, please refer to the nixos-install step in
+ for more information.
+
+
+ That should be it for installation to another partition!
+
+
+
+
+ Optionally, you may want to clean up your non-NixOS distribution:
+
+
$ sudo userdel nixbld
$ sudo groupdel nixbld
-
- If you do not wish to keep the Nix package mananager
- installed either, run something like sudo rm -rv
- ~/.nix-* /nix and remove the line that the Nix
- installer added to your ~/.profile.
-
-
-
- The following steps are only for installing NixOS in
- place using
- NIXOS_LUSTRATE:
-
- Generate your NixOS configuration:
-
- $ sudo `which nixos-generate-config` --root /
-
- Note that this will place the generated configuration files
- in /etc/nixos. You'll probably want to edit
- the configuration files. Refer to the
- nixos-generate-config step in for more information.
-
- You'll likely want to set a root password for your first boot
- using the configuration files because you won't have a chance
- to enter a password until after you reboot. You can initalize
- the root password to an empty one with this line: (and of course
- don't forget to set one once you've rebooted or to lock the
- account with sudo passwd -l root if you use
- sudo)
-
- users.extraUsers.root.initialHashedPassword = "";
-
-
-
- Build the NixOS closure and install it in the
- system profile:
-
- $ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system
-
-
-
- Change ownership of the /nix tree to root
- (since your Nix install was probably single user):
-
- $ sudo chown -R 0.0 /nix
-
-
-
- Set up the /etc/NIXOS and
- /etc/NIXOS_LUSTRATE files:
-
- /etc/NIXOS officializes that this is now a
- NixOS partition (the bootup scripts require its presence).
-
- /etc/NIXOS_LUSTRATE tells the NixOS bootup
- scripts to move everything that's in the
- root partition to /old-root. This will move
- your existing distribution out of the way in the very early
- stages of the NixOS bootup. There are exceptions (we do need to
- keep NixOS there after all), so the NixOS lustrate process will
- not touch:
-
-
- The /nix
- directory
-
- The /boot
- directory
-
- Any file or directory listed in
- /etc/NIXOS_LUSTRATE (one per
- line)
-
-
- Support for NIXOS_LUSTRATE was added
- in NixOS 16.09. The act of "lustrating" refers to the
- wiping of the existing distribution. Creating
- /etc/NIXOS_LUSTRATE can also be used on
- NixOS to remove all mutable files from your root partition
- (anything that's not in /nix or
- /boot gets "lustrated" on the next
- boot.
- lustrate /ˈlʌstreɪt/ verb.
- purify by expiatory sacrifice, ceremonial washing, or
- some other ritual action.
-
- Let's create the files:
-
-
+
+ If you do not wish to keep the Nix package manager installed either, run
+ something like sudo rm -rv ~/.nix-* /nix and remove the
+ line that the Nix installer added to your ~/.profile.
+
+
+
+
+
+ The following steps are only for installing NixOS in place using
+ NIXOS_LUSTRATE:
+
+
+
+ Generate your NixOS configuration:
+
+$ sudo `which nixos-generate-config` --root /
+
+ Note that this will place the generated configuration files in
+ /etc/nixos. You'll probably want to edit the
+ configuration files. Refer to the nixos-generate-config
+ step in for more
+ information.
+
+
+ You'll likely want to set a root password for your first boot using the
+ configuration files because you won't have a chance to enter a password
+ until after you reboot. You can initalize the root password to an empty one
+ with this line: (and of course don't forget to set one once you've rebooted
+ or to lock the account with sudo passwd -l root if you
+ use sudo)
+
+
+users.extraUsers.root.initialHashedPassword = "";
+
+
+
+
+ Build the NixOS closure and install it in the system
+ profile:
+
+$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system
+
+
+
+ Change ownership of the /nix tree to root (since your
+ Nix install was probably single user):
+
+$ sudo chown -R 0.0 /nix
+
+
+
+ Set up the /etc/NIXOS and
+ /etc/NIXOS_LUSTRATE files:
+
+
+ /etc/NIXOS officializes that this is now a NixOS
+ partition (the bootup scripts require its presence).
+
+
+ /etc/NIXOS_LUSTRATE tells the NixOS bootup scripts to
+ move everything that's in the root partition to
+ /old-root. This will move your existing distribution out
+ of the way in the very early stages of the NixOS bootup. There are
+ exceptions (we do need to keep NixOS there after all), so the NixOS
+ lustrate process will not touch:
+
+
+
+
+ The /nix directory
+
+
+
+
+ The /boot directory
+
+
+
+
+ Any file or directory listed in /etc/NIXOS_LUSTRATE
+ (one per line)
+
+
+
+
+
+ Support for NIXOS_LUSTRATE was added in NixOS 16.09.
+ The act of "lustrating" refers to the wiping of the existing distribution.
+ Creating /etc/NIXOS_LUSTRATE can also be used on NixOS
+ to remove all mutable files from your root partition (anything that's not
+ in /nix or /boot gets "lustrated" on
+ the next boot.
+
+
+ lustrate /ˈlʌstreɪt/ verb.
+
+
+ purify by expiatory sacrifice, ceremonial washing, or some other ritual
+ action.
+
+
+
+ Let's create the files:
+
+
$ sudo touch /etc/NIXOS
-$ sudo touch /etc/NIXOS_LUSTRATE
-
- Let's also make sure the NixOS configuration files are kept
- once we reboot on NixOS:
-
-
-$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
-
-
-
- Finally, move the /boot directory of your
- current distribution out of the way (the lustrate process will
- take care of the rest once you reboot, but this one must be
- moved out now because NixOS needs to install its own boot
- files:
-
- Once you complete this step, your current
- distribution will no longer be bootable! If you didn't get
- all the NixOS configuration right, especially those
- settings pertaining to boot loading and root partition,
- NixOS may not be bootable either. Have a USB rescue device
- ready in case this happens.
-
-
+$ sudo touch /etc/NIXOS_LUSTRATE
+
+
+ Let's also make sure the NixOS configuration files are kept once we reboot
+ on NixOS:
+
+
+$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
+
+
+
+
+ Finally, move the /boot directory of your current
+ distribution out of the way (the lustrate process will take care of the
+ rest once you reboot, but this one must be moved out now because NixOS
+ needs to install its own boot files:
+
+
+
+ Once you complete this step, your current distribution will no longer be
+ bootable! If you didn't get all the NixOS configuration right, especially
+ those settings pertaining to boot loading and root partition, NixOS may
+ not be bootable either. Have a USB rescue device ready in case this
+ happens.
+
+
+
$ sudo mv -v /boot /boot.bak &&
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
-
- Cross your fingers, reboot, hopefully you should get a NixOS
- prompt!
-
-
- If for some reason you want to revert to the old
- distribution, you'll need to boot on a USB rescue disk and do
- something along these lines:
-
-
+
+ Cross your fingers, reboot, hopefully you should get a NixOS prompt!
+
+
+
+
+ If for some reason you want to revert to the old distribution, you'll need
+ to boot on a USB rescue disk and do something along these lines:
+
+
# mkdir root
# mount /dev/sdaX root
# mkdir root/nixos-root
@@ -287,23 +332,25 @@ $ sudo mv -v /boot /boot.bak &&
# mv -v root/boot.bak root/boot # We had renamed this by hand earlier
# umount root
# reboot
-
- This may work as is or you might also need to reinstall the
- boot loader
-
- And of course, if you're happy with NixOS and no longer need
- the old distribution:
-
- sudo rm -rf /old-root
-
-
-
- It's also worth noting that this whole process can be
- automated. This is especially useful for Cloud VMs, where
- provider do not provide NixOS. For instance,
+ This may work as is or you might also need to reinstall the boot loader
+
+
+ And of course, if you're happy with NixOS and no longer need the old
+ distribution:
+
+sudo rm -rf /old-root
+
+
+
+ It's also worth noting that this whole process can be automated. This is
+ especially useful for Cloud VMs, where provider do not provide NixOS. For
+ instance,
+ nixos-infect
- uses the lustrate process to convert Digital Ocean droplets to
- NixOS from other distributions automatically.
-
-
+ uses the lustrate process to convert Digital Ocean droplets to NixOS from
+ other distributions automatically.
+
+
+
diff --git a/nixos/doc/manual/installation/installing-pxe.xml b/nixos/doc/manual/installation/installing-pxe.xml
index 7b7597c91626832421bd77ca93e825a7be76165f..94199e5e028db4844556b889699c75403be94276 100644
--- a/nixos/doc/manual/installation/installing-pxe.xml
+++ b/nixos/doc/manual/installation/installing-pxe.xml
@@ -3,46 +3,48 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-booting-from-pxe">
+ Booting from the <quote>netboot</quote> media (PXE)
-Booting from the <quote>netboot</quote> media (PXE)
-
- Advanced users may wish to install NixOS using an existing PXE or
- iPXE setup.
-
-
+
+ Advanced users may wish to install NixOS using an existing PXE or iPXE setup.
+
+
+
These instructions assume that you have an existing PXE or iPXE
- infrastructure and simply want to add the NixOS installer as another
- option. To build the necessary files from a recent version of
- nixpkgs, you can run:
-
+ infrastructure and simply want to add the NixOS installer as another option.
+ To build the necessary files from a recent version of nixpkgs, you can run:
+
+
nix-build -A netboot nixos/release.nix
-
+
+
This will create a result directory containing: *
- bzImage – the Linux kernel *
- initrd – the initrd file *
- netboot.ipxe – an example ipxe script
- demonstrating the appropriate kernel command line arguments for this
+ bzImage – the Linux kernel * initrd
+ – the initrd file * netboot.ipxe – an example ipxe
+ script demonstrating the appropriate kernel command line arguments for this
image
-
-
+
+
+
If you’re using plain PXE, configure your boot loader to use the
- bzImage and initrd files and
- have it provide the same kernel command line arguments found in
+ bzImage and initrd files and have it
+ provide the same kernel command line arguments found in
netboot.ipxe.
-
-
+
+
+
If you’re using iPXE, depending on how your HTTP/FTP/etc. server is
- configured you may be able to use netboot.ipxe
- unmodified, or you may need to update the paths to the files to
- match your server’s directory layout
-
-
- In the future we may begin making these files available as build
- products from hydra at which point we will update this documentation
- with instructions on how to obtain them either for placing on a
- dedicated TFTP server or to boot them directly over the internet.
-
+ configured you may be able to use netboot.ipxe unmodified,
+ or you may need to update the paths to the files to match your server’s
+ directory layout
+
+
+ In the future we may begin making these files available as build products
+ from hydra at which point we will update this documentation with instructions
+ on how to obtain them either for placing on a dedicated TFTP server or to
+ boot them directly over the internet.
+
diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml
index d68cd61626329ad0e247177926108f63bf3528e2..c5934111749cf7dd75dbd9ddd181e4b2de3139b8 100644
--- a/nixos/doc/manual/installation/installing-usb.xml
+++ b/nixos/doc/manual/installation/installing-usb.xml
@@ -3,17 +3,19 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-booting-from-usb">
+ Booting from a USB Drive
-Booting from a USB Drive
+
+ For systems without CD drive, the NixOS live CD can be booted from a USB
+ stick. You can use the dd utility to write the image:
+ dd if=path-to-image
+ of=/dev/sdb. Be careful about specifying
+ the correct drive; you can use the lsblk command to get a
+ list of block devices.
+
-For systems without CD drive, the NixOS live CD can be booted from
-a USB stick. You can use the dd utility to write the image:
-dd if=path-to-image
-of=/dev/sdb. Be careful about specifying the
-correct drive; you can use the lsblk command to get a list of
-block devices.
-
-On macOS:
+
+ On macOS:
$ diskutil list
[..]
@@ -24,36 +26,43 @@ $ diskutil unmountDisk diskN
Unmount of all volumes on diskN was successful
$ sudo dd bs=1m if=nix.iso of=/dev/rdiskN
-Using the 'raw' rdiskN device instead of diskN
-completes in minutes instead of hours. After dd completes, a GUI
-dialog "The disk you inserted was not readable by this computer" will pop up, which
-can be ignored.
-
-The dd utility will write the image verbatim to the drive,
-making it the recommended option for both UEFI and non-UEFI installations. For
-non-UEFI installations, you can alternatively use
-unetbootin. If you
-cannot use dd for a UEFI installation, you can also mount the
-ISO, copy its contents verbatim to your drive, then either:
-
-
-
- Change the label of the disk partition to the label of the ISO
- (visible with the blkid command), or
-
-
- Edit loader/entries/nixos-livecd.conf on the drive
- and change the root= field in the options
- line to point to your drive (see the documentation on root=
- in
- the kernel documentation for more details).
-
-
- If you want to load the contents of the ISO to ram after bootin
- (So you can remove the stick after bootup) you can append the parameter
- copytoram to the options field.
-
-
-
+ Using the 'raw' rdiskN device instead of
+ diskN completes in minutes instead of hours. After
+ dd completes, a GUI dialog "The disk you inserted was not
+ readable by this computer" will pop up, which can be ignored.
+
+
+ The dd utility will write the image verbatim to the drive,
+ making it the recommended option for both UEFI and non-UEFI installations.
+ For non-UEFI installations, you can alternatively use
+ unetbootin. If
+ you cannot use dd for a UEFI installation, you can also
+ mount the ISO, copy its contents verbatim to your drive, then either:
+
+
+
+ Change the label of the disk partition to the label of the ISO (visible
+ with the blkid command), or
+
+
+
+
+ Edit loader/entries/nixos-livecd.conf on the drive
+ and change the root= field in the
+ options line to point to your drive (see the
+ documentation on root= in
+
+ the kernel documentation for more details).
+
+
+
+
+ If you want to load the contents of the ISO to ram after bootin (So you
+ can remove the stick after bootup) you can append the parameter
+ copytoram to the options field.
+
+
+
+
diff --git a/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
index 7fcd22a112cf0e3b4e4ccd330ab17e034ebf9776..da78b480f5aa90f07fbd0c8aab2ae7c92aa58972 100644
--- a/nixos/doc/manual/installation/installing-virtualbox-guest.xml
+++ b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
@@ -3,63 +3,82 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-instaling-virtualbox-guest">
+ Installing in a VirtualBox guest
-Installing in a VirtualBox guest
-
+
Installing NixOS into a VirtualBox guest is convenient for users who want to
try NixOS without installing it on bare metal. If you want to use a pre-made
- VirtualBox appliance, it is available at the downloads page.
- If you want to set up a VirtualBox guest manually, follow these instructions:
-
-
-
-
- Add a New Machine in VirtualBox with OS Type "Linux / Other
- Linux"
-
- Base Memory Size: 768 MB or higher.
-
- New Hard Disk of 8 GB or higher.
-
- Mount the CD-ROM with the NixOS ISO (by clicking on
- CD/DVD-ROM)
-
- Click on Settings / System / Processor and enable
- PAE/NX
-
- Click on Settings / System / Acceleration and enable
- "VT-x/AMD-V" acceleration
-
- Save the settings, start the virtual machine, and continue
- installation like normal
-
-
-
-
- There are a few modifications you should make in configuration.nix.
- Enable booting:
-
+ VirtualBox appliance, it is available at
+ the downloads
+ page. If you want to set up a VirtualBox guest manually, follow these
+ instructions:
+
+
+
+
+
+ Add a New Machine in VirtualBox with OS Type "Linux / Other Linux"
+
+
+
+
+ Base Memory Size: 768 MB or higher.
+
+
+
+
+ New Hard Disk of 8 GB or higher.
+
+
+
+
+ Mount the CD-ROM with the NixOS ISO (by clicking on CD/DVD-ROM)
+
+
+
+
+ Click on Settings / System / Processor and enable PAE/NX
+
+
+
+
+ Click on Settings / System / Acceleration and enable "VT-x/AMD-V"
+ acceleration
+
+
+
+
+ Save the settings, start the virtual machine, and continue installation
+ like normal
+
+
+
+
+
+ There are a few modifications you should make in configuration.nix. Enable
+ booting:
+
-boot.loader.grub.device = "/dev/sda";
+ = "/dev/sda";
-
+
Also remove the fsck that runs at startup. It will always fail to run,
stopping your boot until you press *.
-
+
-boot.initrd.checkJournalingFS = false;
+ = false;
-
+
Shared folders can be given a name and a path in the host system in the
VirtualBox settings (Machine / Settings / Shared Folders, then click on the
"Add" icon). Add the following to the
/etc/nixos/configuration.nix to auto-mount them:
-
+
{ config, pkgs, ...} :
@@ -74,8 +93,7 @@ boot.initrd.checkJournalingFS = false;
}
-
+
The folder will be available directly under the root directory.
-
-
+
diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml
index 1f09704bce53c0ae476450b133ca1b1d1385a32c..4e1fde662d6e79e53e3984483e1122f5fd9b7083 100644
--- a/nixos/doc/manual/installation/installing.xml
+++ b/nixos/doc/manual/installation/installing.xml
@@ -3,66 +3,92 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-installation">
-
-Installing NixOS
-
-NixOS can be installed on BIOS or UEFI systems. The procedure
-for a UEFI installation is by and large the same as a BIOS installation. The differences are mentioned in the steps that follow.
-
-
-
- Boot from the CD.
-
- UEFI systems
- You should boot the live CD in UEFI mode
- (consult your specific hardware's documentation for instructions).
- You may find the rEFInd boot
- manager useful.
-
- The CD contains a basic NixOS installation. (It
- also contains Memtest86+, useful if you want to test new hardware).
- When it’s finished booting, it should have detected most of your
- hardware.
-
- The NixOS manual is available on virtual console 8
- (press Alt+F8 to access) or by running nixos-help.
-
-
- You get logged in as root
- (with empty password).
-
- If you downloaded the graphical ISO image, you can
- run systemctl start display-manager to start KDE. If you
- want to continue on the terminal, you can use
- loadkeys to switch to your preferred keyboard layout.
- (We even provide neo2 via loadkeys de neo!)
-
- The boot process should have brought up networking (check
- ip a). Networking is necessary for the
- installer, since it will download lots of stuff (such as source
- tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP
- server on your network. Otherwise configure networking manually
- using ifconfig.
- To manually configure the network on the graphical installer,
- first disable network-manager with
- systemctl stop network-manager.
- To manually configure the wifi on the minimal installer, run
- wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key').
-
-
- If you would like to continue the installation from a different
- machine you need to activate the SSH daemon via systemctl start sshd.
- In order to be able to login you also need to set a password for
- root using passwd.
-
- The NixOS installer doesn’t do any partitioning or
- formatting yet, so you need to do that yourself. Use the following
- commands:
-
-
-
- For partitioning:
- fdisk.
+ Installing NixOS
+
+ NixOS can be installed on BIOS or UEFI systems. The procedure for a UEFI
+ installation is by and large the same as a BIOS installation. The differences
+ are mentioned in the steps that follow.
+
+
+
+
+ Boot from the CD.
+
+
+
+ UEFI systems
+
+
+ You should boot the live CD in UEFI mode (consult your specific
+ hardware's documentation for instructions). You may find the
+ rEFInd boot
+ manager useful.
+
+
+
+
+
+
+
+ The CD contains a basic NixOS installation. (It also contains Memtest86+,
+ useful if you want to test new hardware). When it’s finished booting, it
+ should have detected most of your hardware.
+
+
+
+
+ The NixOS manual is available on virtual console 8 (press Alt+F8 to access)
+ or by running nixos-help.
+
+
+
+
+ You get logged in as root (with empty password).
+
+
+
+
+ If you downloaded the graphical ISO image, you can run systemctl
+ start display-manager to start KDE. If you want to continue on
+ the terminal, you can use loadkeys to switch to your
+ preferred keyboard layout. (We even provide neo2 via loadkeys de
+ neo!)
+
+
+
+
+ The boot process should have brought up networking (check ip
+ a). Networking is necessary for the installer, since it will
+ download lots of stuff (such as source tarballs or Nixpkgs channel
+ binaries). It’s best if you have a DHCP server on your network. Otherwise
+ configure networking manually using ifconfig.
+
+
+ To manually configure the network on the graphical installer, first disable
+ network-manager with systemctl stop network-manager.
+
+
+ To manually configure the wifi on the minimal installer, run
+ wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID'
+ 'key').
+
+
+
+
+ If you would like to continue the installation from a different machine you
+ need to activate the SSH daemon via systemctl start
+ sshd. In order to be able to login you also need to set a
+ password for root using passwd.
+
+
+
+
+ The NixOS installer doesn’t do any partitioning or formatting yet, so you
+ need to do that yourself. Use the following commands:
+
+
+
+ For partitioning: fdisk.
# fdisk /dev/sda # (or whatever device you want to install on)
-- for UEFI systems only
@@ -86,254 +112,266 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
> x # (enter expert mode)
> f # (fix up the partition ordering)
> r # (exit expert mode)
-> w # (write the partition table to disk and exit)
-
- For initialising Ext4 partitions:
- mkfs.ext4. It is recommended that you assign a
- unique symbolic label to the file system using the option
- , since this
- makes the file system configuration independent from device
- changes. For example:
-
+> w # (write the partition table to disk and exit)
+
+
+
+
+ For initialising Ext4 partitions: mkfs.ext4. It is
+ recommended that you assign a unique symbolic label to the file system
+ using the option ,
+ since this makes the file system configuration independent from device
+ changes. For example:
# mkfs.ext4 -L nixos /dev/sda1
-
-
-
- For creating swap partitions:
- mkswap. Again it’s recommended to assign a
- label to the swap partition: . For example:
-
+
+
+
+
+ For creating swap partitions: mkswap. Again it’s
+ recommended to assign a label to the swap partition: . For example:
# mkswap -L swap /dev/sda2
-
-
-
-
-
- UEFI systems
- For creating boot partitions:
- mkfs.fat. Again it’s recommended to assign a
- label to the boot partition: . For example:
-
+
+
+
+
+
+ UEFI systems
+
+
+ For creating boot partitions: mkfs.fat. Again
+ it’s recommended to assign a label to the boot partition:
+ . For example:
# mkfs.fat -F 32 -n boot /dev/sda3
-
-
-
- For creating LVM volumes, the LVM commands, e.g.,
- pvcreate, vgcreate, and
- lvcreate.
-
- For creating software RAID devices, use
- mdadm.
-
-
-
-
-
- Mount the target file system on which NixOS should
- be installed on /mnt, e.g.
-
+
+
+
+
+
+
+
+ For creating LVM volumes, the LVM commands, e.g.,
+ pvcreate, vgcreate, and
+ lvcreate.
+
+
+
+
+ For creating software RAID devices, use mdadm.
+
+
+
+
+
+
+
+ Mount the target file system on which NixOS should be installed on
+ /mnt, e.g.
# mount /dev/disk/by-label/nixos /mnt
-
-
-
+
+
-
- UEFI systems
- Mount the boot file system on /mnt/boot, e.g.
-
+
+
+ UEFI systems
+
+
+ Mount the boot file system on /mnt/boot, e.g.
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot
-
-
-
- If your machine has a limited amount of memory, you
- may want to activate swap devices now (swapon
- device). The installer (or
- rather, the build actions that it may spawn) may need quite a bit of
- RAM, depending on your configuration.
-
+
+
+
+
+
+
+
+ If your machine has a limited amount of memory, you may want to activate
+ swap devices now (swapon
+ device). The installer (or rather, the
+ build actions that it may spawn) may need quite a bit of RAM, depending on
+ your configuration.
# swapon /dev/sda2
-
-
-
+
+
-
- You now need to create a file
- /mnt/etc/nixos/configuration.nix that
- specifies the intended configuration of the system. This is
- because NixOS has a declarative configuration
- model: you create or edit a description of the desired
- configuration of your system, and then NixOS takes care of making
- it happen. The syntax of the NixOS configuration file is
- described in , while a
- list of available configuration options appears in . A minimal example is shown in .
-
- The command nixos-generate-config can
- generate an initial configuration file for you:
-
+
+ You now need to create a file
+ /mnt/etc/nixos/configuration.nix that specifies the
+ intended configuration of the system. This is because NixOS has a
+ declarative configuration model: you create or edit a
+ description of the desired configuration of your system, and then NixOS
+ takes care of making it happen. The syntax of the NixOS configuration file
+ is described in , while a list of
+ available configuration options appears in
+ . A minimal example is shown in
+ .
+
+
+ The command nixos-generate-config can generate an
+ initial configuration file for you:
# nixos-generate-config --root /mnt
-
- You should then edit
- /mnt/etc/nixos/configuration.nix to suit your
- needs:
-
+ You should then edit /mnt/etc/nixos/configuration.nix
+ to suit your needs:
# nano /mnt/etc/nixos/configuration.nix
-
- If you’re using the graphical ISO image, other editors may be
- available (such as vim). If you have network
- access, you can also install other editors — for instance, you can
- install Emacs by running nix-env -i
- emacs.
-
-
-
- BIOS systems
- You must set the option
- to specify on which disk
- the GRUB boot loader is to be installed. Without it, NixOS cannot
- boot.
-
- UEFI systems
- You must set the option
- to true.
- nixos-generate-config should do this automatically for new
- configurations when booted in
- UEFI mode.
- You may want to look at the options starting with
- and
- as well.
-
-
-
- If there are other operating systems running on the machine before
- installing NixOS, the
- option can be set to
- true to automatically add them to the grub menu.
-
- Another critical option is ,
- specifying the file systems that need to be mounted by NixOS.
- However, you typically don’t need to set it yourself, because
+ If you’re using the graphical ISO image, other editors may be available
+ (such as vim). If you have network access, you can also
+ install other editors — for instance, you can install Emacs by running
+ nix-env -i emacs.
+
+
+
+ BIOS systems
+
+
+ You must set the option
+ to specify on which disk
+ the GRUB boot loader is to be installed. Without it, NixOS cannot boot.
+
+
+
+
+ UEFI systems
+
+
+ You must set the option
+ to
+ true. nixos-generate-config should
+ do this automatically for new configurations when booted in UEFI mode.
+
+
+ You may want to look at the options starting with
+
+ and
+
+ as well.
+
+
+
+
+
+ If there are other operating systems running on the machine before
+ installing NixOS, the
+ option can be set to true to automatically add them to
+ the grub menu.
+
+
+ Another critical option is , specifying the
+ file systems that need to be mounted by NixOS. However, you typically
+ don’t need to set it yourself, because
nixos-generate-config sets it automatically in
- /mnt/etc/nixos/hardware-configuration.nix
- from your currently mounted file systems. (The configuration file
+ /mnt/etc/nixos/hardware-configuration.nix from your
+ currently mounted file systems. (The configuration file
hardware-configuration.nix is included from
- configuration.nix and will be overwritten by
- future invocations of nixos-generate-config;
- thus, you generally should not modify it.)
-
- Depending on your hardware configuration or type of
- file system, you may need to set the option
- to include the kernel
- modules that are necessary for mounting the root file system,
- otherwise the installed system will not be able to boot. (If this
- happens, boot from the CD again, mount the target file system on
- /mnt, fix
- /mnt/etc/nixos/configuration.nix and rerun
- nixos-install.) In most cases,
- nixos-generate-config will figure out the
- required modules.
-
+ configuration.nix and will be overwritten by future
+ invocations of nixos-generate-config; thus, you
+ generally should not modify it.)
+
+
+
+ Depending on your hardware configuration or type of file system, you may
+ need to set the option to
+ include the kernel modules that are necessary for mounting the root file
+ system, otherwise the installed system will not be able to boot. (If this
+ happens, boot from the CD again, mount the target file system on
+ /mnt, fix
+ /mnt/etc/nixos/configuration.nix and rerun
+ nixos-install.) In most cases,
+ nixos-generate-config will figure out the required
+ modules.
+
+
-
- Do the installation:
-
+
+
+ Do the installation:
# nixos-install
-
- Cross fingers. If this fails due to a temporary problem (such as
- a network issue while downloading binaries from the NixOS binary
- cache), you can just re-run nixos-install.
- Otherwise, fix your configuration.nix and
- then re-run nixos-install.
-
- As the last step, nixos-install will ask
- you to set the password for the root user, e.g.
-
+ Cross fingers. If this fails due to a temporary problem (such as a network
+ issue while downloading binaries from the NixOS binary cache), you can just
+ re-run nixos-install. Otherwise, fix your
+ configuration.nix and then re-run
+ nixos-install.
+
+
+ As the last step, nixos-install will ask you to set the
+ password for the root user, e.g.
setting root password...
Enter new UNIX password: ***
Retype new UNIX password: ***
-
-
+
-
- To prevent the password prompt, set users.mutableUsers = false; in
- configuration.nix, which allows unattended installation
- necessary in automation.
-
+
+ To prevent the password prompt, set
+ = false; in
+ configuration.nix, which allows unattended
+ installation necessary in automation.
+
-
-
-
+
-
- If everything went well:
-
+
+ If everything went well:
-# reboot
-
-
-
+ # reboot
+
+
-
- You should now be able to boot into the installed NixOS. The
- GRUB boot menu shows a list of available
- configurations (initially just one). Every time you
- change the NixOS configuration (see Changing Configuration ), a
- new item is added to the menu. This allows you to easily roll back
- to a previous configuration if something goes wrong.
-
- You should log in and change the root
- password with passwd.
-
- You’ll probably want to create some user accounts as well,
- which can be done with useradd:
-
+
+ You should now be able to boot into the installed NixOS. The GRUB boot menu
+ shows a list of available configurations (initially
+ just one). Every time you change the NixOS configuration (see
+ Changing Configuration
+ ), a new item is added to the menu. This allows you to easily roll back to
+ a previous configuration if something goes wrong.
+
+
+ You should log in and change the root password with
+ passwd.
+
+
+ You’ll probably want to create some user accounts as well, which can be
+ done with useradd:
$ useradd -c 'Eelco Dolstra' -m eelco
$ passwd eelco
-
-
-
- You may also want to install some software. For instance,
-
+
+
+ You may also want to install some software. For instance,
$ nix-env -qa \*
-
shows what packages are available, and
-
$ nix-env -i w3m
-
- install the w3m browser.
-
+ install the w3m browser.
+
-
-
-
-To summarise, shows a
-typical sequence of commands for installing NixOS on an empty hard
-drive (here /dev/sda). shows a corresponding configuration Nix expression.
-
-Commands for Installing NixOS on <filename>/dev/sda</filename>
+
+
+ To summarise, shows a typical sequence
+ of commands for installing NixOS on an empty hard drive (here
+ /dev/sda). shows a
+ corresponding configuration Nix expression.
+
+
+ Commands for Installing NixOS on <filename>/dev/sda</filename>
# fdisk /dev/sda # (or whatever device you want to install on)
-- for UEFI systems only
@@ -369,34 +407,31 @@ drive (here /dev/sda).
-
-
-NixOS Configuration
+
+
+ NixOS Configuration
-{ config, pkgs, ... }:
-
-{
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ];
+{ config, pkgs, ... }: {
+ imports = [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
- boot.loader.grub.device = "/dev/sda"; # (for BIOS systems only)
- boot.loader.systemd-boot.enable = true; # (for UEFI systems only)
+ = "/dev/sda"; # (for BIOS systems only)
+ = true; # (for UEFI systems only)
# Note: setting fileSystems is generally not
# necessary, since nixos-generate-config figures them out
# automatically in hardware-configuration.nix.
- #fileSystems."/".device = "/dev/disk/by-label/nixos";
+ #fileSystems."/".device = "/dev/disk/by-label/nixos";
# Enable the OpenSSH server.
services.sshd.enable = true;
-}
-
-
-
-
-
-
-
+}
+
+
+
+
+
+
diff --git a/nixos/doc/manual/installation/obtaining.xml b/nixos/doc/manual/installation/obtaining.xml
index 9b2b474c60ce5fa9d3b8cab146963208ef8d3c0c..56af5c0e25a08e59492eecf19d7b4b3e134db9b8 100644
--- a/nixos/doc/manual/installation/obtaining.xml
+++ b/nixos/doc/manual/installation/obtaining.xml
@@ -3,46 +3,52 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-obtaining">
-
-Obtaining NixOS
-
-NixOS ISO images can be downloaded from the NixOS
-download page. There are a number of installation options. If
-you happen to have an optical drive and a spare CD, burning the
-image to CD and booting from that is probably the easiest option.
-Most people will need to prepare a USB stick to boot from.
- describes the preferred method
-to prepare a USB stick.
-A number of alternative methods are presented in the Obtaining NixOS
+
+ NixOS ISO images can be downloaded from the
+ NixOS download
+ page. There are a number of installation options. If you happen to
+ have an optical drive and a spare CD, burning the image to CD and booting
+ from that is probably the easiest option. Most people will need to prepare a
+ USB stick to boot from. describes the
+ preferred method to prepare a USB stick. A number of alternative methods are
+ presented in the
+ NixOS
-Wiki.
-
-As an alternative to installing NixOS yourself, you can get a
-running NixOS system through several other means:
-
-
-
- Using virtual appliances in Open Virtualization Format (OVF)
- that can be imported into VirtualBox. These are available from
- the NixOS
- download page.
-
-
- Using AMIs for Amazon’s EC2. To find one for your region
- and instance type, please refer to the .
+
+
+ As an alternative to installing NixOS yourself, you can get a running NixOS
+ system through several other means:
+
+
+
+ Using virtual appliances in Open Virtualization Format (OVF) that can be
+ imported into VirtualBox. These are available from the
+ NixOS download
+ page.
+
+
+
+
+ Using AMIs for Amazon’s EC2. To find one for your region and instance
+ type, please refer to the
+ list
- of most recent AMIs.
-
-
- Using NixOps, the NixOS-based cloud deployment tool, which
- allows you to provision VirtualBox and EC2 NixOS instances from
- declarative specifications. Check out the .
+
+
+
+
+ Using NixOps, the NixOS-based cloud deployment tool, which allows you to
+ provision VirtualBox and EC2 NixOS instances from declarative
+ specifications. Check out the
+ NixOps homepage for
- details.
-
-
-
-
-
+ details.
+
+
+
+
diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml
index aee6523345c450bd7f895a39235ae986685315c0..20355812ec635e32ce6f10e84f3ace3d7e0ba004 100644
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -2,140 +2,130 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="sec-upgrading">
-
-Upgrading NixOS
-
-The best way to keep your NixOS installation up to date is to
-use one of the NixOS channels. A channel is a
-Nix mechanism for distributing Nix expressions and associated
-binaries. The NixOS channels are updated automatically from NixOS’s
-Git repository after certain tests have passed and all packages have
-been built. These channels are:
-
-
-
- Stable channels, such as Upgrading NixOS
+
+ The best way to keep your NixOS installation up to date is to use one of the
+ NixOS channels. A channel is a Nix mechanism for
+ distributing Nix expressions and associated binaries. The NixOS channels are
+ updated automatically from NixOS’s Git repository after certain tests have
+ passed and all packages have been built. These channels are:
+
+
+
+ Stable channels, such as
+ nixos-17.03.
- These only get conservative bug fixes and package upgrades. For
- instance, a channel update may cause the Linux kernel on your
- system to be upgraded from 4.9.16 to 4.9.17 (a minor bug fix), but
- not from 4.9.x to
- 4.11.x (a major change that has the
- potential to break things). Stable channels are generally
- maintained until the next stable branch is created.
+ These only get conservative bug fixes and package upgrades. For instance,
+ a channel update may cause the Linux kernel on your system to be upgraded
+ from 4.9.16 to 4.9.17 (a minor bug fix), but not from
+ 4.9.x to 4.11.x (a
+ major change that has the potential to break things). Stable channels are
+ generally maintained until the next stable branch is created.
+
-
-
- The unstable channel,
+
+
+ The unstable channel,
+ nixos-unstable.
- This corresponds to NixOS’s main development branch, and may thus
- see radical changes between channel updates. It’s not recommended
- for production systems.
-
-
- Small channels, such as
+
+
+
+ Small channels, such as
+ nixos-17.03-small
- or nixos-unstable-small. These
- are identical to the stable and unstable channels described above,
- except that they contain fewer binary packages. This means they
- get updated faster than the regular channels (for instance, when a
- critical security patch is committed to NixOS’s source tree), but
- may require more packages to be built from source than
- usual. They’re mostly intended for server environments and as such
- contain few GUI applications.
-
-
-
-To see what channels are available, go to . (Note that the URIs of the
-various channels redirect to a directory that contains the channel’s
-latest version and includes ISO images and VirtualBox
-appliances.)
-
-When you first install NixOS, you’re automatically subscribed to
-the NixOS channel that corresponds to your installation source. For
-instance, if you installed from a 17.03 ISO, you will be subscribed to
-the nixos-17.03 channel. To see which NixOS
-channel you’re subscribed to, run the following as root:
-
+ or
+ nixos-unstable-small.
+ These are identical to the stable and unstable channels described above,
+ except that they contain fewer binary packages. This means they get
+ updated faster than the regular channels (for instance, when a critical
+ security patch is committed to NixOS’s source tree), but may require
+ more packages to be built from source than usual. They’re mostly
+ intended for server environments and as such contain few GUI applications.
+
+
+
+ To see what channels are available, go to
+ . (Note that the URIs of the
+ various channels redirect to a directory that contains the channel’s latest
+ version and includes ISO images and VirtualBox appliances.)
+
+
+ When you first install NixOS, you’re automatically subscribed to the NixOS
+ channel that corresponds to your installation source. For instance, if you
+ installed from a 17.03 ISO, you will be subscribed to the
+ nixos-17.03 channel. To see which NixOS channel you’re
+ subscribed to, run the following as root:
# nix-channel --list | grep nixos
nixos https://nixos.org/channels/nixos-unstable
-
-To switch to a different NixOS channel, do
-
+ To switch to a different NixOS channel, do
# nix-channel --add https://nixos.org/channels/channel-name nixos
-
-(Be sure to include the nixos parameter at the
-end.) For instance, to use the NixOS 17.03 stable channel:
-
+ (Be sure to include the nixos parameter at the end.) For
+ instance, to use the NixOS 17.03 stable channel:
# nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
-
-If you have a server, you may want to use the “small” channel instead:
-
+ If you have a server, you may want to use the “small” channel instead:
# nix-channel --add https://nixos.org/channels/nixos-17.03-small nixos
-
-And if you want to live on the bleeding edge:
-
+ And if you want to live on the bleeding edge:
# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
-
-
-
-You can then upgrade NixOS to the latest version in your chosen
-channel by running
-
+
+
+ You can then upgrade NixOS to the latest version in your chosen channel by
+ running
# nixos-rebuild switch --upgrade
-
-which is equivalent to the more verbose nix-channel --update
-nixos; nixos-rebuild switch.
-
-Channels are set per user. This means that running
-nix-channel --add as a non root user (or without sudo) will not
-affect configuration in /etc/nixos/configuration.nix
-
-
-It is generally safe to switch back and forth between
-channels. The only exception is that a newer NixOS may also have a
-newer Nix version, which may involve an upgrade of Nix’s database
-schema. This cannot be undone easily, so in that case you will not be
-able to go back to your original channel.
-
-
-Automatic Upgrades
-
-You can keep a NixOS system up-to-date automatically by adding
-the following to configuration.nix:
-
+ which is equivalent to the more verbose nix-channel --update nixos;
+ nixos-rebuild switch.
+
+
+
+ Channels are set per user. This means that running nix-channel
+ --add as a non root user (or without sudo) will not affect
+ configuration in /etc/nixos/configuration.nix
+
+
+
+
+ It is generally safe to switch back and forth between channels. The only
+ exception is that a newer NixOS may also have a newer Nix version, which may
+ involve an upgrade of Nix’s database schema. This cannot be undone easily,
+ so in that case you will not be able to go back to your original channel.
+
+
+
+ Automatic Upgrades
+
+
+ You can keep a NixOS system up-to-date automatically by adding the following
+ to configuration.nix:
-system.autoUpgrade.enable = true;
+ = true;
-
-This enables a periodically executed systemd service named
-nixos-upgrade.service. It runs
-nixos-rebuild switch --upgrade to upgrade NixOS to
-the latest version in the current channel. (To see when the service
-runs, see systemctl list-timers.) You can also
-specify a channel explicitly, e.g.
-
+ This enables a periodically executed systemd service named
+ nixos-upgrade.service. It runs nixos-rebuild
+ switch --upgrade to upgrade NixOS to the latest version in the
+ current channel. (To see when the service runs, see systemctl
+ list-timers.) You can also specify a channel explicitly, e.g.
-system.autoUpgrade.channel = https://nixos.org/channels/nixos-17.03;
+ = https://nixos.org/channels/nixos-17.03;
-
-
-
-
-
-
+
+
diff --git a/nixos/doc/manual/man-configuration.xml b/nixos/doc/manual/man-configuration.xml
index 05531b3909a3fdffab8e91a390b6f423021deeab..9f30b79251017882edb973b8c4f0104485654ca2 100644
--- a/nixos/doc/manual/man-configuration.xml
+++ b/nixos/doc/manual/man-configuration.xml
@@ -1,38 +1,31 @@
-
-
- configuration.nix
- 5
+
+ configuration.nix
+ 5NixOS
-
-
-
-
- configuration.nix
- NixOS system configuration specification
-
-
-
-Description
-
-The file /etc/nixos/configuration.nix
-contains the declarative specification of your NixOS system
-configuration. The command nixos-rebuild takes
-this file and realises the system configuration specified
-therein.
-
-
-
-
-Options
-
-You can use the following options in
-configuration.nix.
-
-
-
-
-
+
+
+
+ configuration.nix
+ NixOS system configuration specification
+
+
+ Description
+
+ The file /etc/nixos/configuration.nix contains the
+ declarative specification of your NixOS system configuration. The command
+ nixos-rebuild takes this file and realises the system
+ configuration specified therein.
+
+
+
+ Options
+
+ You can use the following options in configuration.nix.
+
+
+
diff --git a/nixos/doc/manual/man-nixos-build-vms.xml b/nixos/doc/manual/man-nixos-build-vms.xml
index f4b59a7c6d4b914bdebb5822f74baa71552c1855..02dad4c548b8f5af307c1bfed04e3069fa5b2524 100644
--- a/nixos/doc/manual/man-nixos-build-vms.xml
+++ b/nixos/doc/manual/man-nixos-build-vms.xml
@@ -1,40 +1,39 @@
-
-
- nixos-build-vms
- 8
+
+ nixos-build-vms
+ 8NixOS
-
-
-
-
- nixos-build-vms
- build a network of virtual machines from a network of NixOS configurations
-
-
-
-
- nixos-build-vms
-
-
-
- network.nix
+
+
+
+ nixos-build-vms
+ build a network of virtual machines from a network of NixOS configurations
+
+
+ nixos-build-vms
+
+
+
+
+
+
+ network.nix
+
-
-
-Description
-
-This command builds a network of QEMU-KVM virtual machines of a Nix expression
-specifying a network of NixOS machines. The virtual network can be started by
-executing the bin/run-vms shell script that is generated by
-this command. By default, a result symlink is produced that
-points to the generated virtual network.
-
-
-A network Nix expression has the following structure:
-
+
+
+ Description
+
+ This command builds a network of QEMU-KVM virtual machines of a Nix
+ expression specifying a network of NixOS machines. The virtual network can
+ be started by executing the bin/run-vms shell script
+ that is generated by this command. By default, a result
+ symlink is produced that points to the generated virtual network.
+
+
+ A network Nix expression has the following structure:
{
test1 = {pkgs, config, ...}:
@@ -58,53 +57,53 @@ points to the generated virtual network.
};
}
-
-Each attribute in the expression represents a machine in the network
-(e.g. test1 and test2)
-referring to a function defining a NixOS configuration.
-In each NixOS configuration, two attributes have a special meaning.
-The deployment.targetHost specifies the address
-(domain name or IP address)
-of the system which is used by ssh to perform
-remote deployment operations. The nixpkgs.localSystem.system
-attribute can be used to specify an architecture for the target machine,
-such as i686-linux which builds a 32-bit NixOS
-configuration. Omitting this property will build the configuration
-for the same architecture as the host system.
-
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
+ Each attribute in the expression represents a machine in the network (e.g.
+ test1 and test2) referring to a
+ function defining a NixOS configuration. In each NixOS configuration, two
+ attributes have a special meaning. The
+ deployment.targetHost specifies the address (domain name
+ or IP address) of the system which is used by ssh to
+ perform remote deployment operations. The
+ nixpkgs.localSystem.system attribute can be used to
+ specify an architecture for the target machine, such as
+ i686-linux which builds a 32-bit NixOS configuration.
+ Omitting this property will build the configuration for the same
+ architecture as the host system.
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
- Shows a trace of the output.
+
+ Shows a trace of the output.
+
-
-
-
-
+
+
+
+
- Do not create a 'result' symlink.
+
+ Do not create a 'result' symlink.
+
-
-
-
- ,
+
+
+ ,
+
- Shows the usage of this command to the user.
+
+ Shows the usage of this command to the user.
+
-
-
-
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/man-nixos-enter.xml b/nixos/doc/manual/man-nixos-enter.xml
index a2fbe07961db622b98f539ac8c66668e176b60a3..7db4b72ee36e9821540ee68b877b78073eff61da 100644
--- a/nixos/doc/manual/man-nixos-enter.xml
+++ b/nixos/doc/manual/man-nixos-enter.xml
@@ -1,119 +1,119 @@
-
-
- nixos-enter
- 8
+
+ nixos-enter
+ 8NixOS
-
-
-
-
- nixos-enter
- run a command in a NixOS chroot environment
-
-
-
-
- nixos-enter
-
-
- root
-
-
-
- system
-
-
-
- shell-command
-
-
-
-
-
-
- arguments
+
+
+
+ nixos-enter
+ run a command in a NixOS chroot environment
+
+
+ nixos-enter
+
+
+ root
+
+
+
+ system
+
+
+
+ shell-command
+
+
+
+
+
+
+ arguments
+
-
-
-
-Description
-
-This command runs a command in a NixOS chroot environment, that
-is, in a filesystem hierarchy previously prepared using
-nixos-install.
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
+
+
+ Description
+
+ This command runs a command in a NixOS chroot environment, that is, in a
+ filesystem hierarchy previously prepared using
+ nixos-install.
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
+
+
+ The path to the NixOS system you want to enter. It defaults to
+ /mnt.
+
+
+
+
+
+
- The path to the NixOS system you want to enter. It defaults to /mnt.
+
+ The NixOS system configuration to use. It defaults to
+ /nix/var/nix/profiles/system. You can enter a
+ previous NixOS configuration by specifying a path such as
+ /nix/var/nix/profiles/system-106-link.
+
-
-
-
-
+
+
+
+
+
+
- The NixOS system configuration to use. It defaults to
- /nix/var/nix/profiles/system. You can enter
- a previous NixOS configuration by specifying a path such as
- /nix/var/nix/profiles/system-106-link.
+
+ The bash command to execute.
+
-
-
-
-
-
+
+
+
+
- The bash command to execute.
+
+ Interpret the remaining arguments as the program name and arguments to be
+ invoked. The program is not executed in a shell.
+
-
-
-
-
-
- Interpret the remaining arguments as the program
- name and arguments to be invoked. The program is not executed in a
- shell.
-
-
-
-
-
-
-
-
-Examples
-
-Start an interactive shell in the NixOS installation in
-/mnt:
-
+
+
+
+
+ Examples
+
+ Start an interactive shell in the NixOS installation in
+ /mnt:
+
# nixos-enter /mnt
-
-Run a shell command:
-
+
+ Run a shell command:
+
# nixos-enter -c 'ls -l /; cat /proc/mounts'
-
-Run a non-shell command:
-
+
+ Run a non-shell command:
+
# nixos-enter -- cat /proc/mounts
-
-
-
+
diff --git a/nixos/doc/manual/man-nixos-generate-config.xml b/nixos/doc/manual/man-nixos-generate-config.xml
index 993a932ddfbe4e34d9dff5d09d5d9424e0d381fa..8bf90f452db63d6273e57b49ba3bc7b7795c33a8 100644
--- a/nixos/doc/manual/man-nixos-generate-config.xml
+++ b/nixos/doc/manual/man-nixos-generate-config.xml
@@ -1,152 +1,149 @@
-
-
- nixos-generate-config
- 8
+
+ nixos-generate-config
+ 8NixOS
-
-
-
-
- nixos-generate-config
- generate NixOS configuration modules
-
-
-
-
- nixos-generate-config
-
-
-
- root
-
-
-
- dir
-
+
+
+
+ nixos-generate-config
+ generate NixOS configuration modules
+
+
+ nixos-generate-config
+
+
+
+
+ root
+
+
+
+ dir
+
-
-
-
-Description
-
-This command writes two NixOS configuration modules:
-
-
-
-
-
+
+
+ Description
+
+ This command writes two NixOS configuration modules:
+
+
+
+
+
+
+ This module sets NixOS configuration options based on your current
+ hardware configuration. In particular, it sets the
+ option to reflect all currently mounted file
+ systems, the option to reflect active swap
+ devices, and the options to ensure that
+ the initial ramdisk contains any kernel modules necessary for mounting
+ the root file system.
+
+
+ If this file already exists, it is overwritten. Thus, you should not
+ modify it manually. Rather, you should include it from your
+ /etc/nixos/configuration.nix, and re-run
+ nixos-generate-config to update it whenever your
+ hardware configuration changes.
+
+
+
+
+
+
+
+
+ This is the main NixOS system configuration module. If it already
+ exists, it’s left unchanged. Otherwise,
+ nixos-generate-config will write a template for you
+ to customise.
+
+
+
+
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
- This module sets NixOS configuration options based on your
- current hardware configuration. In particular, it sets the
- option to reflect all currently
- mounted file systems, the option to
- reflect active swap devices, and the
- options to ensure that the
- initial ramdisk contains any kernel modules necessary for
- mounting the root file system.
-
- If this file already exists, it is overwritten. Thus, you
- should not modify it manually. Rather, you should include it
- from your /etc/nixos/configuration.nix, and
- re-run nixos-generate-config to update it
- whenever your hardware configuration changes.
+
+ If this option is given, treat the directory
+ root as the root of the file system. This
+ means that configuration files will be written to
+ root/etc/nixos, and that
+ any file systems outside of root are ignored
+ for the purpose of generating the option.
+
-
-
-
-
+
+
+
+
- This is the main NixOS system configuration module. If it
- already exists, it’s left unchanged. Otherwise,
- nixos-generate-config will write a template
- for you to customise.
+
+ If this option is given, write the configuration files to the directory
+ dir instead of
+ /etc/nixos.
+
-
-
-
-
-
-
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
+
+
+
+
- If this option is given, treat the directory
- root as the root of the file system.
- This means that configuration files will be written to
- root/etc/nixos,
- and that any file systems outside of
- root are ignored for the purpose of
- generating the option.
+
+ Overwrite /etc/nixos/configuration.nix if it already
+ exists.
+
-
-
-
-
+
+
+
+
- If this option is given, write the configuration files to
- the directory dir instead of
- /etc/nixos.
+
+ Omit everything concerning file systems and swap devices from the
+ hardware configuration.
+
-
-
-
-
+
+
+
+
- Overwrite
- /etc/nixos/configuration.nix if it already
- exists.
+
+ Don't generate configuration.nix or
+ hardware-configuration.nix and print the hardware
+ configuration to stdout only.
+
-
-
-
-
-
- Omit everything concerning file systems and swap devices
- from the hardware configuration.
-
-
-
-
-
-
- Don't generate configuration.nix or
- hardware-configuration.nix and print the
- hardware configuration to stdout only.
-
-
-
-
-
-
-
-
-Examples
-
-This command is typically used during NixOS installation to
-write initial configuration modules. For example, if you created and
-mounted the target file systems on /mnt and
-/mnt/boot, you would run:
-
+
+
+
+
+ Examples
+
+ This command is typically used during NixOS installation to write initial
+ configuration modules. For example, if you created and mounted the target
+ file systems on /mnt and
+ /mnt/boot, you would run:
$ nixos-generate-config --root /mnt
-
-The resulting file
-/mnt/etc/nixos/hardware-configuration.nix might
-look like this:
-
+ The resulting file
+ /mnt/etc/nixos/hardware-configuration.nix might look
+ like this:
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
@@ -181,28 +178,22 @@ look like this:
nix.maxJobs = 8;
}
-
-It will also create a basic
-/mnt/etc/nixos/configuration.nix, which you
-should edit to customise the logical configuration of your system.
-This file includes the result of the hardware scan as follows:
-
+ It will also create a basic
+ /mnt/etc/nixos/configuration.nix, which you should edit
+ to customise the logical configuration of your system. This file includes
+ the result of the hardware scan as follows:
imports = [ ./hardware-configuration.nix ];
-
-
-After installation, if your hardware configuration changes, you
-can run:
-
+
+
+ After installation, if your hardware configuration changes, you can run:
$ nixos-generate-config
-
-to update /etc/nixos/hardware-configuration.nix.
-Your /etc/nixos/configuration.nix will
-not be overwritten.
-
-
-
+ to update /etc/nixos/hardware-configuration.nix. Your
+ /etc/nixos/configuration.nix will
+ not be overwritten.
+
+
diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml
index c9887146989b19af935fa8cdb53a3e635ec3ae75..2d45e83a863f9bee13fa89a2273b169e46910bd2 100644
--- a/nixos/doc/manual/man-nixos-install.xml
+++ b/nixos/doc/manual/man-nixos-install.xml
@@ -1,212 +1,221 @@
-
-
- nixos-install
- 8
+
+ nixos-install
+ 8NixOS
-
-
-
-
- nixos-install
- install bootloader and NixOS
-
-
-
-
- nixos-install
-
-
- path
+
+
+
+ nixos-install
+ install bootloader and NixOS
+
+
+ nixos-install
+
+
+ path
+
+
+
+ root
+
+
+
+ path
+
+
+
-
-
- root
+
+
+
-
-
- path
+
+
+
-
-
+
+
+
-
-
+
+ number
+
+ number
+
+ namevalue
+
+
+
-
-
-
-
-
-
-
-
- number
-
-
-
- number
-
-
-
- name
- value
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-Description
-
-This command installs NixOS in the file system mounted on
-/mnt, based on the NixOS configuration specified
-in /mnt/etc/nixos/configuration.nix. It performs
-the following steps:
-
-
-
- It copies Nix and its dependencies to
- /mnt/nix/store.
-
- It runs Nix in /mnt to build
- the NixOS configuration specified in
- /mnt/etc/nixos/configuration.nix.
-
- It installs the GRUB boot loader on the device
- specified in the option
- (unless is specified),
- and generates a GRUB configuration file that boots into the NixOS
- configuration just installed.
-
- It prompts you for a password for the root account
- (unless is specified).
-
-
-
-
-
-This command is idempotent: if it is interrupted or fails due to
-a temporary problem (e.g. a network issue), you can safely re-run
-it.
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
+
+
+ Description
+
+ This command installs NixOS in the file system mounted on
+ /mnt, based on the NixOS configuration specified in
+ /mnt/etc/nixos/configuration.nix. It performs the
+ following steps:
+
+
+
+ It copies Nix and its dependencies to
+ /mnt/nix/store.
+
+
+
+
+ It runs Nix in /mnt to build the NixOS configuration
+ specified in /mnt/etc/nixos/configuration.nix.
+
+
+
+
+ It installs the GRUB boot loader on the device specified in the option
+ (unless
+ is specified), and generates a GRUB
+ configuration file that boots into the NixOS configuration just
+ installed.
+
+
+
+
+ It prompts you for a password for the root account (unless
+ is specified).
+
+
+
+
+
+ This command is idempotent: if it is interrupted or fails due to a temporary
+ problem (e.g. a network issue), you can safely re-run it.
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
+
+
+ Defaults to /mnt. If this option is given, treat the
+ directory root as the root of the NixOS
+ installation.
+
+
+
+
+
+
+
+
+ If this option is provided, nixos-install will install
+ the specified closure rather than attempt to build one from
+ /mnt/etc/nixos/configuration.nix.
+
+
+ The closure must be an appropriately configured NixOS system, with boot
+ loader and partition configuration that fits the target host. Such a
+ closure is typically obtained with a command such as nix-build
+ -I nixos-config=./configuration.nix '<nixos>' -A system
+ --no-out-link
+
+
+
+
+
+
- Defaults to /mnt. If this option is given, treat the directory
- root as the root of the NixOS installation.
-
+
+ Add a path to the Nix expression search path. This option may be given
+ multiple times. See the NIX_PATH environment variable for information on
+ the semantics of the Nix search path. Paths added through
+ -I take precedence over NIX_PATH.
+
-
-
-
-
+
+
+
+
+
+
- If this option is provided, nixos-install will install the specified closure
- rather than attempt to build one from /mnt/etc/nixos/configuration.nix.
-
- The closure must be an appropriately configured NixOS system, with boot loader and partition
- configuration that fits the target host. Such a closure is typically obtained with a command such as
- nix-build -I nixos-config=./configuration.nix '<nixos>' -A system --no-out-link
-
+
+ Sets the maximum number of build jobs that Nix will perform in parallel
+ to the specified number. The default is 1. A higher
+ value is useful on SMP systems or to exploit I/O latency.
+
-
-
-
-
+
+
+
+
- Add a path to the Nix expression search path. This option may be given multiple times.
- See the NIX_PATH environment variable for information on the semantics of the Nix search path.
- Paths added through -I take precedence over NIX_PATH.
+
+ Sets the value of the NIX_BUILD_CORES environment variable
+ in the invocation of builders. Builders can use this variable at their
+ discretion to control the maximum amount of parallelism. For instance, in
+ Nixpkgs, if the derivation attribute
+ enableParallelBuilding is set to
+ true, the builder passes the
+ flag to GNU Make. The
+ value 0 means that the builder should use all
+ available CPU cores in the system.
+
-
-
-
-
-
- Sets the maximum number of build jobs that Nix will
- perform in parallel to the specified number. The default is 1.
- A higher value is useful on SMP systems or to exploit I/O latency.
-
-
-
-
-
-
- Sets the value of the NIX_BUILD_CORES
- environment variable in the invocation of builders. Builders can
- use this variable at their discretion to control the maximum amount
- of parallelism. For instance, in Nixpkgs, if the derivation
- attribute enableParallelBuilding is set to
- true, the builder passes the
- flag to GNU Make.
- The value 0 means that the builder should use all
- available CPU cores in the system.
-
-
-
- namevalue
-
- Set the Nix configuration option
- name to value.
-
-
-
-
-
+
+
+ namevalue
+
- Causes Nix to print out a stack trace in case of Nix expression evaluation errors.
+
+ Set the Nix configuration option name to
+ value.
+
-
-
-
-
+
+
+
+
- Chroot into given installation. Any additional arguments passed are going to be executed inside the chroot.
-
+
+ Causes Nix to print out a stack trace in case of Nix expression
+ evaluation errors.
+
-
-
-
-
+
+
+
+
- Synonym for man nixos-install.
+
+ Synonym for man nixos-install.
+
-
-
-
-
-
-
-
-Examples
-
-A typical NixOS installation is done by creating and mounting a
-file system on /mnt, generating a NixOS
-configuration in
-/mnt/etc/nixos/configuration.nix, and running
-nixos-install. For instance, if we want to install
-NixOS on an ext4 file system created in
-/dev/sda1:
-
+
+
+
+
+ Examples
+
+ A typical NixOS installation is done by creating and mounting a file system
+ on /mnt, generating a NixOS configuration in
+ /mnt/etc/nixos/configuration.nix, and running
+ nixos-install. For instance, if we want to install NixOS
+ on an ext4 file system created in
+ /dev/sda1:
$ mkfs.ext4 /dev/sda1
$ mount /dev/sda1 /mnt
@@ -215,9 +224,6 @@ $ # edit /mnt/etc/nixos/configuration.nix
$ nixos-install
$ reboot
-
-
-
-
-
+
+
diff --git a/nixos/doc/manual/man-nixos-option.xml b/nixos/doc/manual/man-nixos-option.xml
index d2b2d5b7965c323f8b88ee897a01cadf66a27cc8..c22c3811dedf2c8a1955d44d53a9eeb733978b34 100644
--- a/nixos/doc/manual/man-nixos-option.xml
+++ b/nixos/doc/manual/man-nixos-option.xml
@@ -1,103 +1,96 @@
-
-
- nixos-option
- 8
+
+ nixos-option
+ 8NixOS
-
-
-
-
- nixos-option
- inspect a NixOS configuration
-
-
-
-
- nixos-option
-
-
- path
-
-
-
- option.name
+
+
+
+ nixos-option
+ inspect a NixOS configuration
+
+
+ nixos-option
+ path
+
+
+
+
+
+ option.name
+
-
-
-Description
-
-This command evaluates the configuration specified in
-/etc/nixos/configuration.nix and returns the properties
-of the option name given as argument.
-
-When the option name is not an option, the command prints the list of
-attributes contained in the attribute set.
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
- path
+
+
+ Description
+
+ This command evaluates the configuration specified in
+ /etc/nixos/configuration.nix and returns the properties
+ of the option name given as argument.
+
+
+ When the option name is not an option, the command prints the list of
+ attributes contained in the attribute set.
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+ path
+
-
- This option is passed to the underlying
- nix-instantiate invocation.
-
+
+ This option is passed to the underlying
+ nix-instantiate invocation.
+
-
-
-
-
+
+
+
+
-
- This option enables verbose mode, which currently is just
- the Bash set debug mode.
-
+
+ This option enables verbose mode, which currently is just the Bash
+ set debug mode.
+
-
-
-
-
+
+
+
+
-
- This option causes the output to be rendered as XML.
-
+
+ This option causes the output to be rendered as XML.
+
-
-
-
-
-
-
-Environment
-
-
-
-
- NIXOS_CONFIG
+
+
+
+
+ Environment
+
+
+ NIXOS_CONFIG
+
- Path to the main NixOS configuration module. Defaults to
- /etc/nixos/configuration.nix.
+
+ Path to the main NixOS configuration module. Defaults to
+ /etc/nixos/configuration.nix.
+
-
-
-
-
-
-
-
-Examples
-
-Investigate option values:
-
+
+
+
+
+ Examples
+
+ Investigate option values:
$ nixos-option boot.loader
This attribute set contains:
generationsDir
@@ -119,16 +112,14 @@ Declared by:
Defined by:
"/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix"
-
-
-
-
-Bugs
-
-The author listed in the following section is wrong. If there is any
- other bug, please report to Nicolas Pierron.
-
-
-
-
+
+
+
+
+ Bugs
+
+ The author listed in the following section is wrong. If there is any other
+ bug, please report to Nicolas Pierron.
+
+
diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml
index f74788353e67e585b16a6f060a253d3887fba184..e1a2c7108d181321179ff6e79a6cb1c4a99dd22d 100644
--- a/nixos/doc/manual/man-nixos-rebuild.xml
+++ b/nixos/doc/manual/man-nixos-rebuild.xml
@@ -1,399 +1,415 @@
-
-
- nixos-rebuild
- 8
+
+ nixos-rebuild
+ 8NixOS
-
-
-
-
- nixos-rebuild
- reconfigure a NixOS machine
-
-
-
-
- nixos-rebuild
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- name
+
+
+
+ nixos-rebuild
+ reconfigure a NixOS machine
+
+
+ nixos-rebuild
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
+
+ name
+
+
+
+
-
-
-
-Description
-
-This command updates the system so that it corresponds to the
-configuration specified in
-/etc/nixos/configuration.nix. Thus, every time
-you modify /etc/nixos/configuration.nix or any
-NixOS module, you must run nixos-rebuild to make
-the changes take effect. It builds the new system in
-/nix/store, runs its activation script, and stop
-and (re)starts any system services if needed.
-
-This command has one required argument, which specifies the
-desired operation. It must be one of the following:
-
-
-
-
-
-
- Build and activate the new configuration, and make it the
- boot default. That is, the configuration is added to the GRUB
- boot menu as the default menu entry, so that subsequent reboots
- will boot the system into the new configuration. Previous
- configurations activated with nixos-rebuild
- switch or nixos-rebuild boot remain
- available in the GRUB menu.
-
-
-
-
-
-
- Build the new configuration and make it the boot default
- (as with nixos-rebuild switch), but do not
- activate it. That is, the system continues to run the previous
- configuration until the next reboot.
-
-
-
-
-
-
- Build and activate the new configuration, but do not add
- it to the GRUB boot menu. Thus, if you reboot the system (or if
- it crashes), you will automatically revert to the default
- configuration (i.e. the configuration resulting from the last
- call to nixos-rebuild switch or
- nixos-rebuild boot).
-
-
-
-
-
-
- Build the new configuration, but neither activate it nor
- add it to the GRUB boot menu. It leaves a symlink named
- result in the current directory, which
- points to the output of the top-level “system” derivation. This
- is essentially the same as doing
+
+
+ Description
+
+ This command updates the system so that it corresponds to the configuration
+ specified in /etc/nixos/configuration.nix. Thus, every
+ time you modify /etc/nixos/configuration.nix or any
+ NixOS module, you must run nixos-rebuild to make the
+ changes take effect. It builds the new system in
+ /nix/store, runs its activation script, and stop and
+ (re)starts any system services if needed.
+
+
+ This command has one required argument, which specifies the desired
+ operation. It must be one of the following:
+
+
+
+
+
+
+ Build and activate the new configuration, and make it the boot default.
+ That is, the configuration is added to the GRUB boot menu as the default
+ menu entry, so that subsequent reboots will boot the system into the new
+ configuration. Previous configurations activated with
+ nixos-rebuild switch or nixos-rebuild
+ boot remain available in the GRUB menu.
+
+
+
+
+
+
+
+
+ Build the new configuration and make it the boot default (as with
+ nixos-rebuild switch), but do not activate it. That
+ is, the system continues to run the previous configuration until the
+ next reboot.
+
+
+
+
+
+
+
+
+ Build and activate the new configuration, but do not add it to the GRUB
+ boot menu. Thus, if you reboot the system (or if it crashes), you will
+ automatically revert to the default configuration (i.e. the
+ configuration resulting from the last call to nixos-rebuild
+ switch or nixos-rebuild boot).
+
+
+
+
+
+
+
+
+ Build the new configuration, but neither activate it nor add it to the
+ GRUB boot menu. It leaves a symlink named result in
+ the current directory, which points to the output of the top-level
+ “system” derivation. This is essentially the same as doing
$ nix-build /path/to/nixpkgs/nixos -A system
- Note that you do not need to be root to run
- nixos-rebuild build.
-
-
-
-
-
-
- Show what store paths would be built or downloaded by any
- of the operations above, but otherwise do nothing.
-
-
-
-
-
-
- Build the new configuration, but instead of activating it,
- show what changes would be performed by the activation (i.e. by
- nixos-rebuild test). For
- instance, this command will print which systemd units would be
- restarted. The list of changes is not guaranteed to be
- complete.
-
-
-
-
-
-
- Build a script that starts a NixOS virtual machine with
- the desired configuration. It leaves a symlink
- result in the current directory that points
- (under
- result/bin/run-hostname-vm)
- at the script that starts the VM. Thus, to test a NixOS
- configuration in a virtual machine, you should do the following:
+ Note that you do not need to be root to run
+ nixos-rebuild build.
+
+
+
+
+
+
+
+
+ Show what store paths would be built or downloaded by any of the
+ operations above, but otherwise do nothing.
+
+
+
+
+
+
+
+
+ Build the new configuration, but instead of activating it, show what
+ changes would be performed by the activation (i.e. by
+ nixos-rebuild test). For instance, this command will
+ print which systemd units would be restarted. The list of changes is not
+ guaranteed to be complete.
+
+
+
+
+
+
+
+
+ Build a script that starts a NixOS virtual machine with the desired
+ configuration. It leaves a symlink result in the
+ current directory that points (under
+ result/bin/run-hostname-vm)
+ at the script that starts the VM. Thus, to test a NixOS configuration in
+ a virtual machine, you should do the following:
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
-
-
- The VM is implemented using the qemu
- package. For best performance, you should load the
- kvm-intel or kvm-amd
- kernel modules to get hardware virtualisation.
-
- The VM mounts the Nix store of the host through the 9P
- file system. The host Nix store is read-only, so Nix commands
- that modify the Nix store will not work in the VM. This
- includes commands such as nixos-rebuild; to
- change the VM’s configuration, you must halt the VM and re-run
- the commands above.
+
-
- The VM has its own ext3 root file
- system, which is automatically created when the VM is first
- started, and is persistent across reboots of the VM. It is
- stored in
- ./hostname.qcow2.
-
-
-
-
-
-
-
- Like , but boots using the
- regular boot loader of your configuration (e.g., GRUB 1 or 2),
- rather than booting directly into the kernel and initial ramdisk
- of the system. This allows you to test whether the boot loader
- works correctly. However, it does not guarantee that your NixOS
- configuration will boot successfully on the host hardware (i.e.,
- after running nixos-rebuild switch), because
- the hardware and boot loader configuration in the VM are
- different. The boot loader is installed on an automatically
- generated virtual disk containing a /boot
- partition, which is mounted read-only in the VM.
-
-
-
-
-
-
-
-
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
+
+ The VM is implemented using the qemu package. For
+ best performance, you should load the kvm-intel or
+ kvm-amd kernel modules to get hardware
+ virtualisation.
+
+
+ The VM mounts the Nix store of the host through the 9P file system. The
+ host Nix store is read-only, so Nix commands that modify the Nix store
+ will not work in the VM. This includes commands such as
+ nixos-rebuild; to change the VM’s configuration,
+ you must halt the VM and re-run the commands above.
+
+
+ The VM has its own ext3 root file system, which is
+ automatically created when the VM is first started, and is persistent
+ across reboots of the VM. It is stored in
+ ./hostname.qcow2.
+
+
+
+
+
+
+
+
+
+ Like , but boots using the regular boot loader
+ of your configuration (e.g., GRUB 1 or 2), rather than booting directly
+ into the kernel and initial ramdisk of the system. This allows you to
+ test whether the boot loader works correctly. However, it does not
+ guarantee that your NixOS configuration will boot successfully on the
+ host hardware (i.e., after running nixos-rebuild
+ switch), because the hardware and boot loader configuration in
+ the VM are different. The boot loader is installed on an automatically
+ generated virtual disk containing a /boot
+ partition, which is mounted read-only in the VM.
+
+
+
+
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
- Fetch the latest version of NixOS from the NixOS
- channel.
+
+ Fetch the latest version of NixOS from the NixOS channel.
+
-
-
-
-
+
+
+
+
- Causes the boot loader to be (re)installed on the
- device specified by the relevant configuration options.
-
+
+ Causes the boot loader to be (re)installed on the device specified by the
+ relevant configuration options.
+
-
-
-
-
+
+
+
+
- Normally, nixos-rebuild first builds
- the nixUnstable attribute in Nixpkgs, and
- uses the resulting instance of the Nix package manager to build
- the new system configuration. This is necessary if the NixOS
- modules use features not provided by the currently installed
- version of Nix. This option disables building a new Nix.
+
+ Normally, nixos-rebuild first builds the
+ nixUnstable attribute in Nixpkgs, and uses the
+ resulting instance of the Nix package manager to build the new system
+ configuration. This is necessary if the NixOS modules use features not
+ provided by the currently installed version of Nix. This option disables
+ building a new Nix.
+
-
-
-
-
+
+
+
+
- Equivalent to
- . This option is useful if you
- call nixos-rebuild frequently (e.g. if you’re
- hacking on a NixOS module).
+
+ Equivalent to
+ . This option is useful if you call
+ nixos-rebuild frequently (e.g. if you’re hacking on
+ a NixOS module).
+
-
-
-
-
+
+
+
+
- Instead of building a new configuration as specified by
- /etc/nixos/configuration.nix, roll back to
- the previous configuration. (The previous configuration is
- defined as the one before the “current” generation of the
- Nix profile /nix/var/nix/profiles/system.)
+
+ Instead of building a new configuration as specified by
+ /etc/nixos/configuration.nix, roll back to the
+ previous configuration. (The previous configuration is defined as the one
+ before the “current” generation of the Nix profile
+ /nix/var/nix/profiles/system.)
+
-
-
-
-
-
+
+
+
+
+
+
- Instead of using the Nix profile
- /nix/var/nix/profiles/system to keep track
- of the current and previous system configurations, use
+
+ Instead of using the Nix profile
+ /nix/var/nix/profiles/system to keep track of the
+ current and previous system configurations, use
/nix/var/nix/profiles/system-profiles/name.
- When you use GRUB 2, for every system profile created with this
- flag, NixOS will create a submenu named “NixOS - Profile
- 'name'” in GRUB’s boot menu,
- containing the current and previous configurations of this
- profile.
-
- For instance, if you want to test a configuration file
- named test.nix without affecting the
- default system profile, you would do:
-
+ When you use GRUB 2, for every system profile created with this flag,
+ NixOS will create a submenu named “NixOS - Profile
+ 'name'” in GRUB’s boot menu, containing
+ the current and previous configurations of this profile.
+
+
+ For instance, if you want to test a configuration file named
+ test.nix without affecting the default system
+ profile, you would do:
$ nixos-rebuild switch -p test -I nixos-config=./test.nix
-
- The new configuration will appear in the GRUB 2 submenu “NixOS - Profile
- 'test'”.
+ The new configuration will appear in the GRUB 2 submenu “NixOS -
+ Profile 'test'”.
+
-
-
-
-
+
+
+
+
- Instead of building the new configuration locally, use the
- specified host to perform the build. The host needs to be accessible
- with ssh, and must be able to perform Nix builds. If the option
+
+ Instead of building the new configuration locally, use the specified host
+ to perform the build. The host needs to be accessible with ssh, and must
+ be able to perform Nix builds. If the option
is not set, the build will be copied back
- to the local machine when done.
-
- Note that, if is not specified,
- Nix will be built both locally and remotely. This is because the
- configuration will always be evaluated locally even though the building
- might be performed remotely.
-
- You can include a remote user name in
- the host name (user@host). You can also set
- ssh options by defining the NIX_SSHOPTS environment
- variable.
+ to the local machine when done.
+
+
+ Note that, if is not specified, Nix will
+ be built both locally and remotely. This is because the configuration
+ will always be evaluated locally even though the building might be
+ performed remotely.
+
+
+ You can include a remote user name in the host name
+ (user@host). You can also set ssh options by
+ defining the NIX_SSHOPTS environment variable.
+
-
-
-
-
+
+
+
+
- Specifies the NixOS target host. By setting this to something other
- than localhost, the system activation will
- happen on the remote host instead of the local machine. The remote host
- needs to be accessible over ssh, and for the commands
- , and
- you need root access.
-
- If is not explicitly
- specified, will implicitly be set to the
- same value as . So, if you only specify
+
+ Specifies the NixOS target host. By setting this to something other than
+ localhost, the system activation will happen
+ on the remote host instead of the local machine. The remote host needs to
+ be accessible over ssh, and for the commands ,
+ and you need root access.
+
+
+ If is not explicitly specified,
+ will implicitly be set to the same value as
+ . So, if you only specify
both building and activation will take
place remotely (and no build artifacts will be copied to the local
- machine).
-
- You can include a remote user name in
- the host name (user@host). You can also set
- ssh options by defining the NIX_SSHOPTS environment
- variable.
+ machine).
+
+
+ You can include a remote user name in the host name
+ (user@host). You can also set ssh options by
+ defining the NIX_SSHOPTS environment variable.
+
+
+
+
+
+ In addition, nixos-rebuild accepts various Nix-related
+ flags, including / ,
+ , ,
+ and /
+ . See the Nix manual for details.
+
+
+
+ Environment
+
+
+ NIXOS_CONFIG
+
+
+
+ Path to the main NixOS configuration module. Defaults to
+ /etc/nixos/configuration.nix.
+
-
-
-
-
-In addition, nixos-rebuild accepts various
-Nix-related flags, including /
-, ,
-, and
- / . See
-the Nix manual for details.
-
-
-
-
-Environment
-
-
-
-
- NIXOS_CONFIG
+
+
+ NIX_SSHOPTS
+
- Path to the main NixOS configuration module. Defaults to
- /etc/nixos/configuration.nix.
+
+ Additional options to be passed to ssh on the command
+ line.
+
-
-
- NIX_SSHOPTS
-
- Additional options to be passed to
- ssh on the command line.
-
-
-
-
-
-
-
-
-Files
-
-
-
-
- /run/current-system
+
+
+
+
+ Files
+
+
+ /run/current-system
+
- A symlink to the currently active system configuration in
- the Nix store.
+
+ A symlink to the currently active system configuration in the Nix store.
+
-
-
-
- /nix/var/nix/profiles/system
+
+
+ /nix/var/nix/profiles/system
+
- The Nix profile that contains the current and previous
- system configurations. Used to generate the GRUB boot
- menu.
+
+ The Nix profile that contains the current and previous system
+ configurations. Used to generate the GRUB boot menu.
+
-
-
-
-
-
-
-
-Bugs
-
-This command should be renamed to something more
-descriptive.
-
-
-
-
-
+
+
+
+
+ Bugs
+
+ This command should be renamed to something more descriptive.
+
+
diff --git a/nixos/doc/manual/man-nixos-version.xml b/nixos/doc/manual/man-nixos-version.xml
index 615d74f9090852bd878422226f5bd62c4a2190ab..c173bce191365644af74805156605c964b71cb06 100644
--- a/nixos/doc/manual/man-nixos-version.xml
+++ b/nixos/doc/manual/man-nixos-version.xml
@@ -1,97 +1,102 @@
-
-
- nixos-version
- 8
+
+ nixos-version
+ 8NixOS
-
-
-
- nixos-version
- show the NixOS version
-
-
-
-
- nixos-version
-
-
+
+
+ nixos-version
+ show the NixOS version
+
+
+ nixos-version
+
+
+
+
-
-
-Description
-
-This command shows the version of the currently active NixOS
-configuration. For example:
-
+
+
+ Description
+
+ This command shows the version of the currently active NixOS configuration.
+ For example:
$ nixos-version
16.03.1011.6317da4 (Emu)
-
-The version consists of the following elements:
-
-
-
-
- 16.03
- The NixOS release, indicating the year and month
- in which it was released (e.g. March 2016).
-
-
-
- 1011
- The number of commits in the Nixpkgs Git
- repository between the start of the release branch and the commit
- from which this version was built. This ensures that NixOS
- versions are monotonically increasing. It is
- git when the current NixOS configuration was
- built from a checkout of the Nixpkgs Git repository rather than
- from a NixOS channel.
-
-
-
- 6317da4
- The first 7 characters of the commit in the
- Nixpkgs Git repository from which this version was
- built.
-
-
-
- Emu
- The code name of the NixOS release. The first
- letter of the code name indicates that this is the N'th stable
- NixOS release; for example, Emu is the fifth
- release.
-
-
-
-
-
-
-
-
-
-Options
-
-This command accepts the following options:
-
-
-
-
-
-
+ The version consists of the following elements:
+
+
+ 16.03
+
+
+
+ The NixOS release, indicating the year and month in which it was
+ released (e.g. March 2016).
+
+
+
+
+ 1011
+
+
+
+ The number of commits in the Nixpkgs Git repository between the start of
+ the release branch and the commit from which this version was built.
+ This ensures that NixOS versions are monotonically increasing. It is
+ git when the current NixOS configuration was built
+ from a checkout of the Nixpkgs Git repository rather than from a NixOS
+ channel.
+
+
+
+
+ 6317da4
+
+
+
+ The first 7 characters of the commit in the Nixpkgs Git repository from
+ which this version was built.
+
+
+
+
+ Emu
+
+
+
+ The code name of the NixOS release. The first letter of the code name
+ indicates that this is the N'th stable NixOS release; for example, Emu
+ is the fifth release.
+
+
+
+
+
+
+
+ Options
+
+ This command accepts the following options:
+
+
+
+
+
+
+
- Show the full SHA1 hash of the Git commit from which this
- configuration was built, e.g.
+
+ Show the full SHA1 hash of the Git commit from which this configuration
+ was built, e.g.
$ nixos-version --hash
6317da40006f6bc2480c6781999c52d88dde2acf
-
+
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/man-pages.xml b/nixos/doc/manual/man-pages.xml
index 80a8458fbfec499831d67874239e7d1a16eb1d7a..0390dda6468fa3ab8fb161dd2b025bc0aadc44b2 100644
--- a/nixos/doc/manual/man-pages.xml
+++ b/nixos/doc/manual/man-pages.xml
@@ -1,33 +1,20 @@
-
- NixOS Reference Pages
-
-
-
-
-
- Eelco
- Dolstra
-
- Author
-
-
-
- 2007-2018
- Eelco Dolstra
-
-
-
-
-
-
-
-
-
-
-
-
-
+ NixOS Reference Pages
+
+ EelcoDolstra
+ Author
+
+ 2007-2018Eelco Dolstra
+
+
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/manual.xml b/nixos/doc/manual/manual.xml
index 9aa332f026da4a311882670d21bdbb1613e0189b..61b21203f5006b27e8a4a28f39960ae8c777bd23 100644
--- a/nixos/doc/manual/manual.xml
+++ b/nixos/doc/manual/manual.xml
@@ -3,45 +3,46 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="book-nixos-manual">
-
-
- NixOS Manual
- Version
-
-
-
- Preface
-
- This manual describes how to install, use and extend NixOS,
- a Linux distribution based on the purely functional package
- management system Nix.
-
- If you encounter problems, please report them on the
-
+ NixOS Manual
+ Version
+
+
+
+ Preface
+
+ This manual describes how to install, use and extend NixOS, a Linux
+ distribution based on the purely functional package management system Nix.
+
+
+ If you encounter problems, please report them on the
+ nix-devel
- mailing list or on the
- #nixos channel on Freenode. Bugs should
- be reported in NixOS’ GitHub
- issue tracker.
-
- Commands prefixed with # have to be run as
- root, either requiring to login as root user or temporarily switching
- to it using sudo for example.
-
-
-
-
-
-
-
-
-
- Configuration Options
-
-
-
-
-
+ #nixos channel on Freenode. Bugs should be
+ reported in
+ NixOS’
+ GitHub issue tracker.
+
+
+
+ Commands prefixed with # have to be run as root, either
+ requiring to login as root user or temporarily switching to it using
+ sudo for example.
+
+
+
+
+
+
+
+
+
+ Configuration Options
+
+
+
diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/doc/manual/options-to-docbook.xsl
index 7b45b233ab2a5a6efae7e405f001a4b7d0d71ff8..43a69806a2b0fd27ff6c36b12353446ad11d8513 100644
--- a/nixos/doc/manual/options-to-docbook.xsl
+++ b/nixos/doc/manual/options-to-docbook.xsl
@@ -15,9 +15,9 @@
-
-
-
+
+ Configuration Options
+
@@ -100,7 +100,7 @@
-
+
diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml
index b7f9fab44f3b100460bb2a94375140ba93593301..94f176186b6e0abacb766793b198ba85137a0031 100644
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@@ -3,21 +3,19 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-release-notes">
-
-Release Notes
-
-This section lists the release notes for each stable version of NixOS
-and current unstable revision.
-
-
-
-
-
-
-
-
-
-
-
-
+ Release Notes
+
+ This section lists the release notes for each stable version of NixOS and
+ current unstable revision.
+
+
+
+
+
+
+
+
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1310.xml b/nixos/doc/manual/release-notes/rl-1310.xml
index 583912d70738ead258586b6969e8156a01410acb..248bab70c36b5a1105ad46408a61977156e170ce 100644
--- a/nixos/doc/manual/release-notes/rl-1310.xml
+++ b/nixos/doc/manual/release-notes/rl-1310.xml
@@ -3,9 +3,9 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-13.10">
+ Release 13.10 (“Aardvark”, 2013/10/31)
-Release 13.10 (“Aardvark”, 2013/10/31)
-
-This is the first stable release branch of NixOS.
-
+
+ This is the first stable release branch of NixOS.
+
diff --git a/nixos/doc/manual/release-notes/rl-1404.xml b/nixos/doc/manual/release-notes/rl-1404.xml
index 137caf14cba206492fa47d50fe78506467a6cde1..8d8cea4303a32ceb7d6c31ab2d9ea96568482f13 100644
--- a/nixos/doc/manual/release-notes/rl-1404.xml
+++ b/nixos/doc/manual/release-notes/rl-1404.xml
@@ -3,158 +3,177 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-14.04">
-
-Release 14.04 (“Baboon”, 2014/04/30)
-
-This is the second stable release branch of NixOS. In addition
-to numerous new and upgraded packages and modules, this release has
-the following highlights:
-
-
-
- Installation on UEFI systems is now supported. See
- for
- details.
-
- Systemd has been updated to version 212, which has
- numerous
- improvements. NixOS now automatically starts systemd user
- instances when you log in. You can define global user units through
- the options.
-
- NixOS is now based on Glibc 2.19 and GCC
- 4.8.
-
- The default Linux kernel has been updated to
- 3.12.
-
- KDE has been updated to 4.12.
-
- GNOME 3.10 experimental support has been added.
-
- Nix has been updated to 1.7 (details).
-
- NixOS now supports fully declarative management of
- users and groups. If you set to
- false, then the contents of
- /etc/passwd and /etc/group
- will be Release 14.04 (“Baboon”, 2014/04/30)
+
+
+ This is the second stable release branch of NixOS. In addition to numerous
+ new and upgraded packages and modules, this release has the following
+ highlights:
+
+
+
+ Installation on UEFI systems is now supported. See
+ for details.
+
+
+
+
+ Systemd has been updated to version 212, which has
+ numerous
+ improvements. NixOS now automatically starts systemd user instances
+ when you log in. You can define global user units through the
+ options.
+
+
+
+
+ NixOS is now based on Glibc 2.19 and GCC 4.8.
+
+
+
+
+ The default Linux kernel has been updated to 3.12.
+
+
+
+
+ KDE has been updated to 4.12.
+
+
+
+
+ GNOME 3.10 experimental support has been added.
+
+
+
+
+ Nix has been updated to 1.7
+ (details).
+
+
+
+
+ NixOS now supports fully declarative management of users and groups. If
+ you set to false,
+ then the contents of /etc/passwd and
+ /etc/group will be
+ congruent
- to your NixOS configuration. For instance, if you remove a user from
- and run
- nixos-rebuild, the user account will cease to
- exist. Also, imperative commands for managing users and groups, such
- as useradd, are no longer available. If
- is true (the
- default), then behaviour is unchanged from NixOS
- 13.10.
-
- NixOS now has basic container support, meaning you
- can easily run a NixOS instance as a container in a NixOS host
- system. These containers are suitable for testing and
- experimentation but not production use, since they’re not fully
- isolated from the host. See for
- details.
-
- Systemd units provided by packages can now be
- overridden from the NixOS configuration. For instance, if a package
- foo provides systemd units, you can say:
-
+ to your NixOS configuration. For instance, if you remove a user from
+ and run
+ nixos-rebuild, the user account will cease to exist.
+ Also, imperative commands for managing users and groups, such as
+ useradd, are no longer available. If
+ is true (the
+ default), then behaviour is unchanged from NixOS 13.10.
+
+
+
+
+ NixOS now has basic container support, meaning you can easily run a NixOS
+ instance as a container in a NixOS host system. These containers are
+ suitable for testing and experimentation but not production use, since
+ they’re not fully isolated from the host. See
+ for details.
+
+
+
+
+ Systemd units provided by packages can now be overridden from the NixOS
+ configuration. For instance, if a package foo provides
+ systemd units, you can say:
systemd.packages = [ pkgs.foo ];
-
- to enable those units. You can then set or override unit options in
- the usual way, e.g.
-
+ to enable those units. You can then set or override unit options in the
+ usual way, e.g.
systemd.services.foo.wantedBy = [ "multi-user.target" ];
systemd.services.foo.serviceConfig.MemoryLimit = "512M";
-
-
-
-
-
-
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
- Nixpkgs no longer exposes unfree packages by
- default. If your NixOS configuration requires unfree packages from
- Nixpkgs, you need to enable support for them explicitly by setting:
-
+
+
+
+
+
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
+
+ Nixpkgs no longer exposes unfree packages by default. If your NixOS
+ configuration requires unfree packages from Nixpkgs, you need to enable
+ support for them explicitly by setting:
nixpkgs.config.allowUnfree = true;
-
- Otherwise, you get an error message such as:
-
+ Otherwise, you get an error message such as:
error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’
has an unfree license, refusing to evaluate
-
-
-
- The Adobe Flash player is no longer enabled by
- default in the Firefox and Chromium wrappers. To enable it, you must
- set:
-
+
+
+
+
+ The Adobe Flash player is no longer enabled by default in the Firefox and
+ Chromium wrappers. To enable it, you must set:
nixpkgs.config.allowUnfree = true;
nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox
nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium
-
-
-
- The firewall is now enabled by default. If you don’t
- want this, you need to disable it explicitly:
-
+
+
+
+
+ The firewall is now enabled by default. If you don’t want this, you need
+ to disable it explicitly:
networking.firewall.enable = false;
-
-
-
- The option
- has been renamed to
- .
-
- The mysql55 service has been
- merged into the mysql service, which no longer
- sets a default for the option
- .
-
- Package variants are now differentiated by suffixing
- the name, rather than the version. For instance,
- sqlite-3.8.4.3-interactive is now called
- sqlite-interactive-3.8.4.3. This ensures that
- nix-env -i sqlite is unambiguous, and that
- nix-env -u won’t “upgrade”
- sqlite to sqlite-interactive
- or vice versa. Notably, this change affects the Firefox wrapper
- (which provides plugins), as it is now called
- firefox-wrapper. So when using
- nix-env, you should do nix-env -e
- firefox; nix-env -i firefox-wrapper if you want to keep
- using the wrapper. This change does not affect declarative package
- management, since attribute names like
- pkgs.firefoxWrapper were already
- unambiguous.
-
- The symlink /etc/ca-bundle.crt
- is gone. Programs should instead use the environment variable
- OPENSSL_X509_CERT_FILE (which points to
- /etc/ssl/certs/ca-bundle.crt).
-
-
-
-
-
+
+
+
+
+ The option has been renamed to
+ .
+
+
+
+
+ The mysql55 service has been merged into the
+ mysql service, which no longer sets a default for the
+ option .
+
+
+
+
+ Package variants are now differentiated by suffixing the name, rather than
+ the version. For instance, sqlite-3.8.4.3-interactive
+ is now called sqlite-interactive-3.8.4.3. This
+ ensures that nix-env -i sqlite is unambiguous, and that
+ nix-env -u won’t “upgrade”
+ sqlite to sqlite-interactive or vice
+ versa. Notably, this change affects the Firefox wrapper (which provides
+ plugins), as it is now called firefox-wrapper. So when
+ using nix-env, you should do nix-env -e
+ firefox; nix-env -i firefox-wrapper if you want to keep using
+ the wrapper. This change does not affect declarative package management,
+ since attribute names like pkgs.firefoxWrapper were
+ already unambiguous.
+
+
+
+
+ The symlink /etc/ca-bundle.crt is gone. Programs
+ should instead use the environment variable
+ OPENSSL_X509_CERT_FILE (which points to
+ /etc/ssl/certs/ca-bundle.crt).
+
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1412.xml b/nixos/doc/manual/release-notes/rl-1412.xml
index 42b51cd4a8ef1884d6b270ad991028cb6e30880d..4d93aa644c1d6fdf205237a1e41f8afeba8d395b 100644
--- a/nixos/doc/manual/release-notes/rl-1412.xml
+++ b/nixos/doc/manual/release-notes/rl-1412.xml
@@ -3,175 +3,465 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-14.12">
+ Release 14.12 (“Caterpillar”, 2014/12/30)
-Release 14.12 (“Caterpillar”, 2014/12/30)
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
+
+
+ Systemd has been updated to version 217, which has numerous
+ improvements.
+
+
+
+
+
+ Nix has been updated to 1.8.
+
+
+
+
+ NixOS is now based on Glibc 2.20.
+
+
+
+
+ KDE has been updated to 4.14.
+
+
+
+
+ The default Linux kernel has been updated to 3.14.
+
+
+
+
+ If is enabled (the default), changes
+ made to the declaration of a user or group will be correctly realised when
+ running nixos-rebuild. For instance, removing a user
+ specification from configuration.nix will cause the
+ actual user account to be deleted. If
+ is disabled, it is no longer necessary to specify UIDs or GIDs; if
+ omitted, they are allocated dynamically.
+
+
+
+
-In addition to numerous new and upgraded packages, this release has the following highlights:
+
+ Following new services were added since the last release:
+
+
+
+ atftpd
+
+
+
+
+ bosun
+
+
+
+
+ bspwm
+
+
+
+
+ chronos
+
+
+
+
+ collectd
+
+
+
+
+ consul
+
+
+
+
+ cpuminer-cryptonight
+
+
+
+
+ crashplan
+
+
+
+
+ dnscrypt-proxy
+
+
+
+
+ docker-registry
+
+
+
+
+ docker
+
+
+
+
+ etcd
+
+
+
+
+ fail2ban
+
+
+
+
+ fcgiwrap
+
+
+
+
+ fleet
+
+
+
+
+ fluxbox
+
+
+
+
+ gdm
+
+
+
+
+ geoclue2
+
+
+
+
+ gitlab
+
+
+
+
+ gitolite
+
+
+
+
+ gnome3.gnome-documents
+
+
+
+
+ gnome3.gnome-online-miners
+
+
+
+
+ gnome3.gvfs
+
+
+
+
+ gnome3.seahorse
+
+
+
+
+ hbase
+
+
+
+
+ i2pd
+
+
+
+
+ influxdb
+
+
+
+
+ kubernetes
+
+
+
+
+ liquidsoap
+
+
+
+
+ lxc
+
+
+
+
+ mailpile
+
+
+
+
+ mesos
+
+
+
+
+ mlmmj
+
+
+
+
+ monetdb
+
+
+
+
+ mopidy
+
+
+
+
+ neo4j
+
+
+
+
+ nsd
+
+
+
+
+ openntpd
+
+
+
+
+ opentsdb
+
+
+
+
+ openvswitch
+
+
+
+
+ parallels-guest
+
+
+
+
+ peerflix
+
+
+
+
+ phd
+
+
+
+
+ polipo
+
+
+
+
+ prosody
+
+
+
+
+ radicale
+
+
+
+
+ redmine
+
+
+
+
+ riemann
+
+
+
+
+ scollector
+
+
+
+
+ seeks
+
+
+
+
+ siproxd
+
+
+
+
+ strongswan
+
+
+
+
+ tcsd
+
+
+
+
+ teamspeak3
+
+
+
+
+ thermald
+
+
+
+
+ torque/mrom
+
+
+
+
+ torque/server
+
+
+
+
+ uhub
+
+
+
+
+ unifi
+
+
+
+
+ znc
+
+
+
+
+ zookeeper
+
+
+
+
-
-
-Systemd has been updated to version 217, which has numerous
-improvements.
-
-
-Nix has been updated to 1.8.
-
-NixOS is now based on Glibc 2.20.
-
-KDE has been updated to 4.14.
-
-The default Linux kernel has been updated to 3.14.
-
-If is enabled (the
-default), changes made to the declaration of a user or group will be
-correctly realised when running nixos-rebuild. For
-instance, removing a user specification from
-configuration.nix will cause the actual user
-account to be deleted. If is
-disabled, it is no longer necessary to specify UIDs or GIDs; if
-omitted, they are allocated dynamically.
-
-
-
-Following new services were added since the last release:
-
-
-atftpd
-bosun
-bspwm
-chronos
-collectd
-consul
-cpuminer-cryptonight
-crashplan
-dnscrypt-proxy
-docker-registry
-docker
-etcd
-fail2ban
-fcgiwrap
-fleet
-fluxbox
-gdm
-geoclue2
-gitlab
-gitolite
-gnome3.gnome-documents
-gnome3.gnome-online-miners
-gnome3.gvfs
-gnome3.seahorse
-hbase
-i2pd
-influxdb
-kubernetes
-liquidsoap
-lxc
-mailpile
-mesos
-mlmmj
-monetdb
-mopidy
-neo4j
-nsd
-openntpd
-opentsdb
-openvswitch
-parallels-guest
-peerflix
-phd
-polipo
-prosody
-radicale
-redmine
-riemann
-scollector
-seeks
-siproxd
-strongswan
-tcsd
-teamspeak3
-thermald
-torque/mrom
-torque/server
-uhub
-unifi
-znc
-zookeeper
-
-
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
-The default version of Apache httpd is now 2.4. If
-you use the option to pass literal
-Apache configuration text, you may need to update it — see
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
+
+ The default version of Apache httpd is now 2.4. If you use the
+ option to pass literal Apache configuration
+ text, you may need to update it — see
+ Apache’s
-documentation for details. If you wish to continue to use
-httpd 2.2, add the following line to your NixOS configuration:
-
+ documentation for details. If you wish to continue to use httpd
+ 2.2, add the following line to your NixOS configuration:
services.httpd.package = pkgs.apacheHttpd_2_2;
-
-
-
-PHP 5.3 has been removed because it is no longer
-supported by the PHP project. A migration guide is
-available.
-
-The host side of a container virtual Ethernet pair
-is now called ve-container-name
-rather than c-container-name.
-
-GNOME 3.10 support has been dropped. The default GNOME version is now 3.12.
-
-VirtualBox has been upgraded to 4.3.20 release. Users
-may be required to run rm -rf /tmp/.vbox*. The line
-imports = [ <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is
-no longer necessary, use services.virtualboxHost.enable =
-true instead.
-
-Also, hardening mode is now enabled by default, which means that unless you want to use
-USB support, you no longer need to be a member of the vboxusers group.
-
-
-Chromium has been updated to 39.0.2171.65. is now enabled by default.
-chromium*Wrapper packages no longer exist, because upstream removed NSAPI support.
-chromium-stable has been renamed to chromium.
-
-
-Python packaging documentation is now part of nixpkgs manual. To override
-the python packages available to a custom python you now use pkgs.pythonFull.buildEnv.override
-instead of pkgs.pythonFull.override.
-
-
-boot.resumeDevice = "8:6" is no longer supported. Most users will
-want to leave it undefined, which takes the swap partitions automatically. There is an evaluation
-assertion to ensure that the string starts with a slash.
-
-
-The system-wide default timezone for NixOS installations
-changed from CET to UTC. To choose
-a different timezone for your system, configure
-time.timeZone in
-configuration.nix. A fairly complete list of possible
-values for that setting is available at .
-
-GNU screen has been updated to 4.2.1, which breaks
-the ability to connect to sessions created by older versions of
-screen.
-
-The Intel GPU driver was updated to the 3.x prerelease
-version (used by most distributions) and supports DRI3
-now.
-
-
-
-
-
+
+
+
+
+ PHP 5.3 has been removed because it is no longer supported by the PHP
+ project. A migration
+ guide is available.
+
+
+
+
+ The host side of a container virtual Ethernet pair is now called
+ ve-container-name rather
+ than c-container-name.
+
+
+
+
+ GNOME 3.10 support has been dropped. The default GNOME version is now
+ 3.12.
+
+
+
+
+ VirtualBox has been upgraded to 4.3.20 release. Users may be required to
+ run rm -rf /tmp/.vbox*. The line imports = [
+ <nixpkgs/nixos/modules/programs/virtualbox.nix> ] is no
+ longer necessary, use services.virtualboxHost.enable =
+ true instead.
+
+
+ Also, hardening mode is now enabled by default, which means that unless
+ you want to use USB support, you no longer need to be a member of the
+ vboxusers group.
+
+
+
+
+ Chromium has been updated to 39.0.2171.65.
+ is now enabled by default.
+ chromium*Wrapper packages no longer exist, because
+ upstream removed NSAPI support. chromium-stable has
+ been renamed to chromium.
+
+
+
+
+ Python packaging documentation is now part of nixpkgs manual. To override
+ the python packages available to a custom python you now use
+ pkgs.pythonFull.buildEnv.override instead of
+ pkgs.pythonFull.override.
+
+
+
+
+ boot.resumeDevice = "8:6" is no longer supported. Most
+ users will want to leave it undefined, which takes the swap partitions
+ automatically. There is an evaluation assertion to ensure that the string
+ starts with a slash.
+
+
+
+
+ The system-wide default timezone for NixOS installations changed from
+ CET to UTC. To choose a different
+ timezone for your system, configure time.timeZone in
+ configuration.nix. A fairly complete list of possible
+ values for that setting is available at
+ .
+
+
+
+
+ GNU screen has been updated to 4.2.1, which breaks the ability to connect
+ to sessions created by older versions of screen.
+
+
+
+
+ The Intel GPU driver was updated to the 3.x prerelease version (used by
+ most distributions) and supports DRI3 now.
+
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml
index 6c1c46844ccbe989eacbe1b80e5c809622d5db66..e500c9d634224224cbe9a376efe8a03296591ee8 100644
--- a/nixos/doc/manual/release-notes/rl-1509.xml
+++ b/nixos/doc/manual/release-notes/rl-1509.xml
@@ -3,375 +3,640 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-15.09">
+ Release 15.09 (“Dingo”, 2015/09/30)
-Release 15.09 (“Dingo”, 2015/09/30)
-
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
+
- The Haskell
- packages infrastructure has been re-designed from the ground up
- ("Haskell NG"). NixOS now distributes the latest version
- of every single package registered on Hackage -- well in
- excess of 8,000 Haskell packages. Detailed instructions on how to
- use that infrastructure can be found in the
+ The Haskell packages
+ infrastructure has been re-designed from the ground up ("Haskell
+ NG"). NixOS now distributes the latest version of every single package
+ registered on
+ Hackage -- well
+ in excess of 8,000 Haskell packages. Detailed instructions on how to use
+ that infrastructure can be found in the
+ User's
- Guide to the Haskell Infrastructure. Users migrating from an
- earlier release may find helpful information below, in the list of
- backwards-incompatible changes. Furthermore, we distribute 51(!)
- additional Haskell package sets that provide every single . Users migrating from an earlier
+ release may find helpful information below, in the list of
+ backwards-incompatible changes. Furthermore, we distribute 51(!) additional
+ Haskell package sets that provide every single
+ LTS Haskell release
- since version 0.0 as well as the most recent Stackage Nightly
- snapshot. The announcement "Full
- Stackage Support in Nixpkgs" gives additional
- details.
+ Stackage Support in Nixpkgs" gives additional details.
+
-
- Nix has been updated to version 1.10, which among other
- improvements enables cryptographic signatures on binary caches for
- improved security.
+
+ Nix has been updated to version 1.10, which among other improvements
+ enables cryptographic signatures on binary caches for improved security.
+
-
- You can now keep your NixOS system up to date automatically
- by setting
-
+
+ You can now keep your NixOS system up to date automatically by setting
system.autoUpgrade.enable = true;
-
- This will cause the system to periodically check for updates in
- your current channel and run nixos-rebuild.
+ This will cause the system to periodically check for updates in your
+ current channel and run nixos-rebuild.
+
-
- This release is based on Glibc 2.21, GCC 4.9 and Linux
- 3.18.
+
+ This release is based on Glibc 2.21, GCC 4.9 and Linux 3.18.
+
-
- GNOME has been upgraded to 3.16.
-
+
+ GNOME has been upgraded to 3.16.
+
-
- Xfce has been upgraded to 4.12.
-
+
+ Xfce has been upgraded to 4.12.
+
-
- KDE 5 has been upgraded to KDE Frameworks 5.10,
- Plasma 5.3.2 and Applications 15.04.3.
- KDE 4 has been updated to kdelibs-4.14.10.
-
+
+ KDE 5 has been upgraded to KDE Frameworks 5.10, Plasma 5.3.2 and
+ Applications 15.04.3. KDE 4 has been updated to kdelibs-4.14.10.
+
-
- E19 has been upgraded to 0.16.8.15.
-
+
+ E19 has been upgraded to 0.16.8.15.
+
+
-
-
-
-The following new services were added since the last release:
-
+
+ The following new services were added since the last release:
- services/mail/exim.nix
- services/misc/apache-kafka.nix
- services/misc/canto-daemon.nix
- services/misc/confd.nix
- services/misc/devmon.nix
- services/misc/gitit.nix
- services/misc/ihaskell.nix
- services/misc/mbpfan.nix
- services/misc/mediatomb.nix
- services/misc/mwlib.nix
- services/misc/parsoid.nix
- services/misc/plex.nix
- services/misc/ripple-rest.nix
- services/misc/ripple-data-api.nix
- services/misc/subsonic.nix
- services/misc/sundtek.nix
- services/monitoring/cadvisor.nix
- services/monitoring/das_watchdog.nix
- services/monitoring/grafana.nix
- services/monitoring/riemann-tools.nix
- services/monitoring/teamviewer.nix
- services/network-filesystems/u9fs.nix
- services/networking/aiccu.nix
- services/networking/asterisk.nix
- services/networking/bird.nix
- services/networking/charybdis.nix
- services/networking/docker-registry-server.nix
- services/networking/fan.nix
- services/networking/firefox/sync-server.nix
- services/networking/gateone.nix
- services/networking/heyefi.nix
- services/networking/i2p.nix
- services/networking/lambdabot.nix
- services/networking/mstpd.nix
- services/networking/nix-serve.nix
- services/networking/nylon.nix
- services/networking/racoon.nix
- services/networking/skydns.nix
- services/networking/shout.nix
- services/networking/softether.nix
- services/networking/sslh.nix
- services/networking/tinc.nix
- services/networking/tlsdated.nix
- services/networking/tox-bootstrapd.nix
- services/networking/tvheadend.nix
- services/networking/zerotierone.nix
- services/scheduling/marathon.nix
- services/security/fprintd.nix
- services/security/hologram.nix
- services/security/munge.nix
- services/system/cloud-init.nix
- services/web-servers/shellinabox.nix
- services/web-servers/uwsgi.nix
- services/x11/unclutter.nix
- services/x11/display-managers/sddm.nix
- system/boot/coredump.nix
- system/boot/loader/loader.nix
- system/boot/loader/generic-extlinux-compatible
- system/boot/networkd.nix
- system/boot/resolved.nix
- system/boot/timesyncd.nix
- tasks/filesystems/exfat.nix
- tasks/filesystems/ntfs.nix
- tasks/filesystems/vboxsf.nix
- virtualisation/virtualbox-host.nix
- virtualisation/vmware-guest.nix
- virtualisation/xen-dom0.nix
+
+
+ services/mail/exim.nix
+
+
+
+
+ services/misc/apache-kafka.nix
+
+
+
+
+ services/misc/canto-daemon.nix
+
+
+
+
+ services/misc/confd.nix
+
+
+
+
+ services/misc/devmon.nix
+
+
+
+
+ services/misc/gitit.nix
+
+
+
+
+ services/misc/ihaskell.nix
+
+
+
+
+ services/misc/mbpfan.nix
+
+
+
+
+ services/misc/mediatomb.nix
+
+
+
+
+ services/misc/mwlib.nix
+
+
+
+
+ services/misc/parsoid.nix
+
+
+
+
+ services/misc/plex.nix
+
+
+
+
+ services/misc/ripple-rest.nix
+
+
+
+
+ services/misc/ripple-data-api.nix
+
+
+
+
+ services/misc/subsonic.nix
+
+
+
+
+ services/misc/sundtek.nix
+
+
+
+
+ services/monitoring/cadvisor.nix
+
+
+
+
+ services/monitoring/das_watchdog.nix
+
+
+
+
+ services/monitoring/grafana.nix
+
+
+
+
+ services/monitoring/riemann-tools.nix
+
+
+
+
+ services/monitoring/teamviewer.nix
+
+
+
+
+ services/network-filesystems/u9fs.nix
+
+
+
+
+ services/networking/aiccu.nix
+
+
+
+
+ services/networking/asterisk.nix
+
+
+
+
+ services/networking/bird.nix
+
+
+
+
+ services/networking/charybdis.nix
+
+
+
+
+ services/networking/docker-registry-server.nix
+
+
+
+
+ services/networking/fan.nix
+
+
+
+
+ services/networking/firefox/sync-server.nix
+
+
+
+
+ services/networking/gateone.nix
+
+
+
+
+ services/networking/heyefi.nix
+
+
+
+
+ services/networking/i2p.nix
+
+
+
+
+ services/networking/lambdabot.nix
+
+
+
+
+ services/networking/mstpd.nix
+
+
+
+
+ services/networking/nix-serve.nix
+
+
+
+
+ services/networking/nylon.nix
+
+
+
+
+ services/networking/racoon.nix
+
+
+
+
+ services/networking/skydns.nix
+
+
+
+
+ services/networking/shout.nix
+
+
+
+
+ services/networking/softether.nix
+
+
+
+
+ services/networking/sslh.nix
+
+
+
+
+ services/networking/tinc.nix
+
+
+
+
+ services/networking/tlsdated.nix
+
+
+
+
+ services/networking/tox-bootstrapd.nix
+
+
+
+
+ services/networking/tvheadend.nix
+
+
+
+
+ services/networking/zerotierone.nix
+
+
+
+
+ services/scheduling/marathon.nix
+
+
+
+
+ services/security/fprintd.nix
+
+
+
+
+ services/security/hologram.nix
+
+
+
+
+ services/security/munge.nix
+
+
+
+
+ services/system/cloud-init.nix
+
+
+
+
+ services/web-servers/shellinabox.nix
+
+
+
+
+ services/web-servers/uwsgi.nix
+
+
+
+
+ services/x11/unclutter.nix
+
+
+
+
+ services/x11/display-managers/sddm.nix
+
+
+
+
+ system/boot/coredump.nix
+
+
+
+
+ system/boot/loader/loader.nix
+
+
+
+
+ system/boot/loader/generic-extlinux-compatible
+
+
+
+
+ system/boot/networkd.nix
+
+
+
+
+ system/boot/resolved.nix
+
+
+
+
+ system/boot/timesyncd.nix
+
+
+
+
+ tasks/filesystems/exfat.nix
+
+
+
+
+ tasks/filesystems/ntfs.nix
+
+
+
+
+ tasks/filesystems/vboxsf.nix
+
+
+
+
+ virtualisation/virtualbox-host.nix
+
+
+
+
+ virtualisation/vmware-guest.nix
+
+
+
+
+ virtualisation/xen-dom0.nix
+
+
-
-
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
-sshd no longer supports DSA and ECDSA
-host keys by default. If you have existing systems with such host keys
-and want to continue to use them, please set
+
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
+
+ sshd no longer supports DSA and ECDSA host keys by
+ default. If you have existing systems with such host keys and want to
+ continue to use them, please set
system.stateVersion = "14.12";
-
-The new option ensures that
-certain configuration changes that could break existing systems (such
-as the sshd host key setting) will maintain
-compatibility with the specified NixOS release. NixOps sets the state
-version of existing deployments automatically.
-
-cron is no longer enabled by
-default, unless you have a non-empty
-. To force
-cron to be enabled, set
-.
-
-Nix now requires binary caches to be cryptographically
-signed. If you have unsigned binary caches that you want to continue
-to use, you should set .
-
-Steam now doesn't need root rights to work. Instead of using
-*-steam-chrootenv, you should now just run steam.
-steamChrootEnv package was renamed to steam,
-and old steam package -- to steamOriginal.
-
-
-CMPlayer has been renamed to bomi upstream. Package
-cmplayer was accordingly renamed to
-bomi
-
-Atom Shell has been renamed to Electron upstream. Package atom-shell
-was accordingly renamed to electron
-
-
-Elm is not released on Hackage anymore. You should now use elmPackages.elm
-which contains the latest Elm platform.
-
-
- The CUPS printing service has been updated to version
- 2.0.2. Furthermore its systemd service has been
- renamed to cups.service.
-
- Local printers are no longer shared or advertised by
- default. This behavior can be changed by enabling
- or
- respectively.
-
-
-
-
- The VirtualBox host and guest options have been named more
- consistently. They can now found in
- instead of
- and
- instead of
- .
-
-
-
- Also, there now is support for the vboxsf file
- system using the configuration
- attribute. An example of how this can be used in a configuration:
-
+ The new option ensures that certain
+ configuration changes that could break existing systems (such as the
+ sshd host key setting) will maintain compatibility with
+ the specified NixOS release. NixOps sets the state version of existing
+ deployments automatically.
+
+
+
+
+ cron is no longer enabled by default, unless you have a
+ non-empty . To force
+ cron to be enabled, set .
+
+
+
+
+ Nix now requires binary caches to be cryptographically signed. If you have
+ unsigned binary caches that you want to continue to use, you should set
+ .
+
+
+
+
+ Steam now doesn't need root rights to work. Instead of using
+ *-steam-chrootenv, you should now just run
+ steam. steamChrootEnv package was
+ renamed to steam, and old steam
+ package -- to steamOriginal.
+
+
+
+
+ CMPlayer has been renamed to bomi upstream. Package
+ cmplayer was accordingly renamed to
+ bomi
+
+
+
+
+ Atom Shell has been renamed to Electron upstream. Package
+ atom-shell was accordingly renamed to
+ electron
+
+
+
+
+ Elm is not released on Hackage anymore. You should now use
+ elmPackages.elm which contains the latest Elm platform.
+
+
+
+
+ The CUPS printing service has been updated to version
+ 2.0.2. Furthermore its systemd service has been renamed
+ to cups.service.
+
+
+ Local printers are no longer shared or advertised by default. This
+ behavior can be changed by enabling
+ or
+ respectively.
+
+
+
+
+ The VirtualBox host and guest options have been named more consistently.
+ They can now found in
+ instead of and
+ instead of
+ .
+
+
+ Also, there now is support for the vboxsf file system
+ using the configuration attribute. An example
+ of how this can be used in a configuration:
fileSystems."/shiny" = {
device = "myshinysharedfolder";
fsType = "vboxsf";
};
-
-
-
-
-
-
- "nix-env -qa" no longer discovers
- Haskell packages by name. The only packages visible in the global
- scope are ghc, cabal-install,
- and stack, but all other packages are hidden. The
- reason for this inconvenience is the sheer size of the Haskell
- package set. Name-based lookups are expensive, and most
- nix-env -qa operations would become much slower
- if we'd add the entire Hackage database into the top level attribute
- set. Instead, the list of Haskell packages can be displayed by
- running:
-
-
+
+
+
+
+ "nix-env -qa" no longer discovers Haskell
+ packages by name. The only packages visible in the global scope are
+ ghc, cabal-install, and
+ stack, but all other packages are hidden. The reason
+ for this inconvenience is the sheer size of the Haskell package set.
+ Name-based lookups are expensive, and most nix-env -qa
+ operations would become much slower if we'd add the entire Hackage
+ database into the top level attribute set. Instead, the list of Haskell
+ packages can be displayed by running:
+
+
nix-env -f "<nixpkgs>" -qaP -A haskellPackages
-
- Executable programs written in Haskell can be installed with:
-
-
+
+ Executable programs written in Haskell can be installed with:
+
+
nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
-
- Installing Haskell libraries this way, however, is no
- longer supported. See the next item for more details.
-
-
-
-
-
- Previous versions of NixOS came with a feature called
- ghc-wrapper, a small script that allowed GHC to
- transparently pick up on libraries installed in the user's profile. This
- feature has been deprecated; ghc-wrapper was removed
- from the distribution. The proper way to register Haskell libraries with
- the compiler now is the haskellPackages.ghcWithPackages
- function. The
+ Installing Haskell libraries this way, however, is no
+ longer supported. See the next item for more details.
+
+
+
+
+ Previous versions of NixOS came with a feature called
+ ghc-wrapper, a small script that allowed GHC to
+ transparently pick up on libraries installed in the user's profile. This
+ feature has been deprecated; ghc-wrapper was removed
+ from the distribution. The proper way to register Haskell libraries with
+ the compiler now is the haskellPackages.ghcWithPackages
+ function. The
+ User's
- Guide to the Haskell Infrastructure provides more information about
- this subject.
-
-
-
-
-
- All Haskell builds that have been generated with version 1.x of
- the cabal2nix utility are now invalid and need
- to be re-generated with a current version of
- cabal2nix to function. The most recent version
- of this tool can be installed by running
- nix-env -i cabal2nix.
-
-
-
-
-
- The haskellPackages set in Nixpkgs used to have a
- function attribute called extension that users
- could override in their ~/.nixpkgs/config.nix
- files to configure additional attributes, etc. That function still
- exists, but it's now called overrides.
-
-
-
-
-
- The OpenBLAS library has been updated to version
- 0.2.14. Support for the
- x86_64-darwin platform was added. Dynamic
- architecture detection was enabled; OpenBLAS now selects
- microarchitecture-optimized routines at runtime, so optimal
- performance is achieved without the need to rebuild OpenBLAS
- locally. OpenBLAS has replaced ATLAS in most packages which use an
- optimized BLAS or LAPACK implementation.
-
-
-
-
-
- The phpfpm is now using the default PHP version
- (pkgs.php) instead of PHP 5.4 (pkgs.php54).
-
-
-
-
-
- The locate service no longer indexes the Nix store
- by default, preventing packages with potentially numerous versions from
- cluttering the output. Indexing the store can be activated by setting
- .
-
-
-
-
-
- The Nix expression search path (NIX_PATH) no longer
- contains /etc/nixos/nixpkgs by default. You
- can override NIX_PATH by setting
- .
-
-
-
-
-
- Python 2.6 has been marked as broken (as it no longer receives
- security updates from upstream).
-
-
-
-
-
- Any use of module arguments such as pkgs to access
- library functions, or to define imports attributes
- will now lead to an infinite loop at the time of the evaluation.
-
-
-
- In case of an infinite loop, use the --show-trace
- command line argument and read the line just above the error message.
-
+ Guide to the Haskell Infrastructure provides more information about
+ this subject.
+
+
+
+
+ All Haskell builds that have been generated with version 1.x of the
+ cabal2nix utility are now invalid and need to be
+ re-generated with a current version of cabal2nix to
+ function. The most recent version of this tool can be installed by running
+ nix-env -i cabal2nix.
+
+
+
+
+ The haskellPackages set in Nixpkgs used to have a
+ function attribute called extension that users could
+ override in their ~/.nixpkgs/config.nix files to
+ configure additional attributes, etc. That function still exists, but it's
+ now called overrides.
+
+
+
+
+ The OpenBLAS library has been updated to version
+ 0.2.14. Support for the
+ x86_64-darwin platform was added. Dynamic architecture
+ detection was enabled; OpenBLAS now selects microarchitecture-optimized
+ routines at runtime, so optimal performance is achieved without the need
+ to rebuild OpenBLAS locally. OpenBLAS has replaced ATLAS in most packages
+ which use an optimized BLAS or LAPACK implementation.
+
+
+
+
+ The phpfpm is now using the default PHP version
+ (pkgs.php) instead of PHP 5.4
+ (pkgs.php54).
+
+
+
+
+ The locate service no longer indexes the Nix store by
+ default, preventing packages with potentially numerous versions from
+ cluttering the output. Indexing the store can be activated by setting
+ .
+
+
+
+
+ The Nix expression search path (NIX_PATH) no longer
+ contains /etc/nixos/nixpkgs by default. You can
+ override NIX_PATH by setting .
+
+
+
+
+ Python 2.6 has been marked as broken (as it no longer receives security
+ updates from upstream).
+
+
+
+
+ Any use of module arguments such as pkgs to access
+ library functions, or to define imports attributes will
+ now lead to an infinite loop at the time of the evaluation.
+
+
+ In case of an infinite loop, use the --show-trace
+ command line argument and read the line just above the error message.
$ nixos-rebuild build --show-trace
…
while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix":
infinite recursion encountered
-
-
-
-
- Any use of pkgs.lib, should be replaced by
- lib, after adding it as argument of the module. The
- following module
-
+
+
+ Any use of pkgs.lib, should be replaced by
+ lib, after adding it as argument of the module. The
+ following module
{ config, pkgs, ... }:
@@ -384,9 +649,7 @@ with pkgs.lib;
config = mkIf config.foo { … };
}
-
- should be modified to look like:
-
+ should be modified to look like:
{ config, pkgs, lib, ... }:
@@ -399,13 +662,11 @@ with lib;
config = mkIf config.foo { option definition };
}
-
-
-
- When pkgs is used to download other projects to
- import their modules, and only in such cases, it should be replaced by
- (import <nixpkgs> {}). The following module
-
+
+
+ When pkgs is used to download other projects to import
+ their modules, and only in such cases, it should be replaced by
+ (import <nixpkgs> {}). The following module
{ config, pkgs, ... }:
@@ -420,9 +681,7 @@ in
imports = [ "${myProject}/module.nix" ];
}
-
- should be modified to look like:
-
+ should be modified to look like:
{ config, pkgs, ... }:
@@ -437,55 +696,55 @@ in
imports = [ "${myProject}/module.nix" ];
}
-
-
-
-
-
-
-
-
-Other notable improvements:
-
-
-
- The nixos and nixpkgs channels were unified,
- so one can use nix-env -iA nixos.bash
- instead of nix-env -iA nixos.pkgs.bash.
- See the commit for details.
-
+
+
+
+
-
+
+ Other notable improvements:
+
+
- Users running an SSH server who worry about the quality of their
- /etc/ssh/moduli file with respect to the
- can use nix-env -iA nixos.bash
+ instead of nix-env -iA nixos.pkgs.bash. See
+ the
+ commit for details.
+
+
+
+
+ Users running an SSH server who worry about the quality of their
+ /etc/ssh/moduli file with respect to the
+ vulnerabilities
- discovered in the Diffie-Hellman key exchange can now
- replace OpenSSH's default version with one they generated
- themselves using the new
- option.
-
-
-
-
- A newly packaged TeX Live 2015 is provided in pkgs.texlive,
- split into 6500 nix packages. For basic user documentation see
- the source.
- Beware of an issue when installing a too large package set.
-
- The plan is to deprecate and maybe delete the original TeX packages
- until the next release.
-
-
-
- on all Python interpreters
- is now available for nix-shell interoperability.
-
-
-
-
-
+ discovered in the Diffie-Hellman key exchange can now replace
+ OpenSSH's default version with one they generated themselves using the new
+ option.
+
+
+
+
+ A newly packaged TeX Live 2015 is provided in
+ pkgs.texlive, split into 6500 nix packages. For basic
+ user documentation see
+ the
+ source. Beware of
+ an
+ issue when installing a too large package set. The plan is to
+ deprecate and maybe delete the original TeX packages until the next
+ release.
+
+
+
+
+ on all Python interpreters is now available
+ for nix-shell interoperability.
+
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml
index 7279dd05827031f859905b4d59118ce6d3de240b..9b512c4b1e58602a43b7d635d53603c93d2719ba 100644
--- a/nixos/doc/manual/release-notes/rl-1603.xml
+++ b/nixos/doc/manual/release-notes/rl-1603.xml
@@ -3,250 +3,471 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-16.03">
+ Release 16.03 (“Emu”, 2016/03/31)
-Release 16.03 (“Emu”, 2016/03/31)
-
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
+
- Systemd 229, bringing
+ Systemd 229, bringing
+ numerous
- improvements over 217.
+ improvements over 217.
+
-
- Linux 4.4 (was 3.18).
+
+ Linux 4.4 (was 3.18).
+
-
- GCC 5.3 (was 4.9). Note that GCC 5
+ GCC 5.3 (was 4.9). Note that GCC 5
+ changes
- the C++ ABI in an incompatible way; this may cause problems
- if you try to link objects compiled with different versions of
- GCC.
+ the C++ ABI in an incompatible way; this may cause problems if you
+ try to link objects compiled with different versions of GCC.
+
-
- Glibc 2.23 (was 2.21).
+
+ Glibc 2.23 (was 2.21).
+
-
- Binutils 2.26 (was 2.23.1). See #909
+
+ Binutils 2.26 (was 2.23.1). See #909
+
-
- Improved support for ensuring bitwise reproducible
- builds. For example, stdenv now sets the
- environment variable
+ Improved support for ensuring
+ bitwise
+ reproducible builds. For example, stdenv now sets
+ the environment variable
+ SOURCE_DATE_EPOCH
- to a deterministic value, and Nix has gained
- an option to repeat a build a number of times to test
- determinism. An ongoing project, the goal of exact reproducibility
- is to allow binaries to be verified independently (e.g., a user
- might only trust binaries that appear in three independent binary
- caches).
+ an option to repeat a build a number of times to test determinism.
+ An ongoing project, the goal of exact reproducibility is to allow binaries
+ to be verified independently (e.g., a user might only trust binaries that
+ appear in three independent binary caches).
+
-
- Perl 5.22.
+
+ Perl 5.22.
+
+
-
-
-The following new services were added since the last release:
-
+
+ The following new services were added since the last release:
- services/monitoring/longview.nix
- hardware/video/webcam/facetimehd.nix
- i18n/input-method/default.nix
- i18n/input-method/fcitx.nix
- i18n/input-method/ibus.nix
- i18n/input-method/nabi.nix
- i18n/input-method/uim.nix
- programs/fish.nix
- security/acme.nix
- security/audit.nix
- security/oath.nix
- services/hardware/irqbalance.nix
- services/mail/dspam.nix
- services/mail/opendkim.nix
- services/mail/postsrsd.nix
- services/mail/rspamd.nix
- services/mail/rmilter.nix
- services/misc/autofs.nix
- services/misc/bepasty.nix
- services/misc/calibre-server.nix
- services/misc/cfdyndns.nix
- services/misc/gammu-smsd.nix
- services/misc/mathics.nix
- services/misc/matrix-synapse.nix
- services/misc/octoprint.nix
- services/monitoring/hdaps.nix
- services/monitoring/heapster.nix
- services/monitoring/longview.nix
- services/network-filesystems/netatalk.nix
- services/network-filesystems/xtreemfs.nix
- services/networking/autossh.nix
- services/networking/dnschain.nix
- services/networking/gale.nix
- services/networking/miniupnpd.nix
- services/networking/namecoind.nix
- services/networking/ostinato.nix
- services/networking/pdnsd.nix
- services/networking/shairport-sync.nix
- services/networking/supplicant.nix
- services/search/kibana.nix
- services/security/haka.nix
- services/security/physlock.nix
- services/web-apps/pump.io.nix
- services/x11/hardware/libinput.nix
- services/x11/window-managers/windowlab.nix
- system/boot/initrd-network.nix
- system/boot/initrd-ssh.nix
- system/boot/loader/loader.nix
- system/boot/networkd.nix
- system/boot/resolved.nix
- virtualisation/lxd.nix
- virtualisation/rkt.nix
+
+
+ services/monitoring/longview.nix
+
+
+
+
+ hardware/video/webcam/facetimehd.nix
+
+
+
+
+ i18n/input-method/default.nix
+
+
+
+
+ i18n/input-method/fcitx.nix
+
+
+
+
+ i18n/input-method/ibus.nix
+
+
+
+
+ i18n/input-method/nabi.nix
+
+
+
+
+ i18n/input-method/uim.nix
+
+
+
+
+ programs/fish.nix
+
+
+
+
+ security/acme.nix
+
+
+
+
+ security/audit.nix
+
+
+
+
+ security/oath.nix
+
+
+
+
+ services/hardware/irqbalance.nix
+
+
+
+
+ services/mail/dspam.nix
+
+
+
+
+ services/mail/opendkim.nix
+
+
+
+
+ services/mail/postsrsd.nix
+
+
+
+
+ services/mail/rspamd.nix
+
+
+
+
+ services/mail/rmilter.nix
+
+
+
+
+ services/misc/autofs.nix
+
+
+
+
+ services/misc/bepasty.nix
+
+
+
+
+ services/misc/calibre-server.nix
+
+
+
+
+ services/misc/cfdyndns.nix
+
+
+
+
+ services/misc/gammu-smsd.nix
+
+
+
+
+ services/misc/mathics.nix
+
+
+
+
+ services/misc/matrix-synapse.nix
+
+
+
+
+ services/misc/octoprint.nix
+
+
+
+
+ services/monitoring/hdaps.nix
+
+
+
+
+ services/monitoring/heapster.nix
+
+
+
+
+ services/monitoring/longview.nix
+
+
+
+
+ services/network-filesystems/netatalk.nix
+
+
+
+
+ services/network-filesystems/xtreemfs.nix
+
+
+
+
+ services/networking/autossh.nix
+
+
+
+
+ services/networking/dnschain.nix
+
+
+
+
+ services/networking/gale.nix
+
+
+
+
+ services/networking/miniupnpd.nix
+
+
+
+
+ services/networking/namecoind.nix
+
+
+
+
+ services/networking/ostinato.nix
+
+
+
+
+ services/networking/pdnsd.nix
+
+
+
+
+ services/networking/shairport-sync.nix
+
+
+
+
+ services/networking/supplicant.nix
+
+
+
+
+ services/search/kibana.nix
+
+
+
+
+ services/security/haka.nix
+
+
+
+
+ services/security/physlock.nix
+
+
+
+
+ services/web-apps/pump.io.nix
+
+
+
+
+ services/x11/hardware/libinput.nix
+
+
+
+
+ services/x11/window-managers/windowlab.nix
+
+
+
+
+ system/boot/initrd-network.nix
+
+
+
+
+ system/boot/initrd-ssh.nix
+
+
+
+
+ system/boot/loader/loader.nix
+
+
+
+
+ system/boot/networkd.nix
+
+
+
+
+ system/boot/resolved.nix
+
+
+
+
+ virtualisation/lxd.nix
+
+
+
+
+ virtualisation/rkt.nix
+
+
-
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
+
-
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
- We no longer produce graphical ISO images and VirtualBox
- images for i686-linux. A minimal ISO image is
- still provided.
+
+ We no longer produce graphical ISO images and VirtualBox images for
+ i686-linux. A minimal ISO image is still provided.
+
-
- Firefox and similar browsers are now wrapped by default.
- The package and attribute names are plain firefox
- or midori, etc. Backward-compatibility attributes were set up,
- but note that nix-env -u will not update
- your current firefox-with-plugins;
- you have to uninstall it and install firefox instead.
+
+ Firefox and similar browsers are now wrapped by
+ default. The package and attribute names are plain
+ firefox or midori, etc.
+ Backward-compatibility attributes were set up, but note that
+ nix-env -u will not update your
+ current firefox-with-plugins; you have to uninstall it
+ and install firefox instead.
+
-
- wmiiSnap has been replaced with
+
+ wmiiSnap has been replaced with
wmii_hg, but
- services.xserver.windowManager.wmii.enable has
- been updated respectively so this only affects you if you have
- explicitly installed wmiiSnap.
-
+ services.xserver.windowManager.wmii.enable has been
+ updated respectively so this only affects you if you have explicitly
+ installed wmiiSnap.
+
-
- jobs NixOS option has been removed. It served as
+
+ jobs NixOS option has been removed. It served as
compatibility layer between Upstart jobs and SystemD services. All services
- have been rewritten to use systemd.services
+ have been rewritten to use systemd.services
+
-
- wmiimenu is removed, as it has been
- removed by the developers upstream. Use wimenu
- from the wmii-hg package.
+
+ wmiimenu is removed, as it has been removed by the
+ developers upstream. Use wimenu from the
+ wmii-hg package.
+
-
- Gitit is no longer automatically added to the module list in
- NixOS and as such there will not be any manual entries for it. You
- will need to add an import statement to your NixOS configuration
- in order to use it, e.g.
-
+
+ Gitit is no longer automatically added to the module list in NixOS and as
+ such there will not be any manual entries for it. You will need to add an
+ import statement to your NixOS configuration in order to use it, e.g.
];
}
]]>
-
- will include the Gitit service configuration options.
+ will include the Gitit service configuration options.
+
-
- nginx does not accept flags for enabling and
- disabling modules anymore. Instead it accepts modules
- argument, which is a list of modules to be built in. All modules now
- reside in nginxModules set. Example configuration:
-
+
+ nginx does not accept flags for enabling and disabling
+ modules anymore. Instead it accepts modules argument,
+ which is a list of modules to be built in. All modules now reside in
+ nginxModules set. Example configuration:
-
+
-
- s3sync is removed, as it hasn't been
- developed by upstream for 4 years and only runs with ruby 1.8.
- For an actively-developer alternative look at
- tarsnap and others.
-
+
+ s3sync is removed, as it hasn't been developed by
+ upstream for 4 years and only runs with ruby 1.8. For an actively-developer
+ alternative look at tarsnap and others.
+
-
- ruby_1_8 has been removed as it's not
- supported from upstream anymore and probably contains security
- issues.
-
+
+ ruby_1_8 has been removed as it's not supported from
+ upstream anymore and probably contains security issues.
+
-
- tidy-html5 package is removed.
- Upstream only provided (lib)tidy5 during development,
- and now they went back to (lib)tidy to work as a drop-in
- replacement of the original package that has been unmaintained for years.
- You can (still) use the html-tidy package, which got updated
- to a stable release from this new upstream.
+
+ tidy-html5 package is removed. Upstream only provided
+ (lib)tidy5 during development, and now they went back to
+ (lib)tidy to work as a drop-in replacement of the
+ original package that has been unmaintained for years. You can (still) use
+ the html-tidy package, which got updated to a stable
+ release from this new upstream.
+
-
- extraDeviceOptions argument is removed
- from bumblebee package. Instead there are
- now two separate arguments: extraNvidiaDeviceOptions
- and extraNouveauDeviceOptions for setting
- extra X11 options for nvidia and nouveau drivers, respectively.
-
+
+ extraDeviceOptions argument is removed from
+ bumblebee package. Instead there are now two separate
+ arguments: extraNvidiaDeviceOptions and
+ extraNouveauDeviceOptions for setting extra X11 options
+ for nvidia and nouveau drivers, respectively.
+
-
- The Ctrl+Alt+Backspace key combination
- no longer kills the X server by default.
- There's a new option
- allowing to enable the combination again.
-
+
+ The Ctrl+Alt+Backspace key combination no longer kills
+ the X server by default. There's a new option
+ allowing to enable
+ the combination again.
+
-
- emacsPackagesNg now contains all packages
- from the ELPA, MELPA, and MELPA Stable repositories.
-
+
+ emacsPackagesNg now contains all packages from the ELPA,
+ MELPA, and MELPA Stable repositories.
+
-
- Data directory for Postfix MTA server is moved from
+
+ Data directory for Postfix MTA server is moved from
/var/postfix to /var/lib/postfix.
- Old configurations are migrated automatically. service.postfix
- module has also received many improvements, such as correct directories' access
- rights, new aliasFiles and mapFiles
- options and more.
+ Old configurations are migrated automatically.
+ service.postfix module has also received many
+ improvements, such as correct directories' access rights, new
+ aliasFiles and mapFiles options and
+ more.
+
-
- Filesystem options should now be configured as a list of strings, not
- a comma-separated string. The old style will continue to work, but print a
+
+ Filesystem options should now be configured as a list of strings, not a
+ comma-separated string. The old style will continue to work, but print a
warning, until the 16.09 release. An example of the new style:
-
fileSystems."/example" = {
device = "/dev/sdc";
@@ -254,103 +475,103 @@ fileSystems."/example" = {
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
};
-
+
-
- CUPS, installed by services.printing module, now
- has its data directory in /var/lib/cups. Old
- configurations from /etc/cups are moved there
- automatically, but there might be problems. Also configuration options
+
+ CUPS, installed by services.printing module, now has its
+ data directory in /var/lib/cups. Old configurations
+ from /etc/cups are moved there automatically, but
+ there might be problems. Also configuration options
services.printing.cupsdConf and
- services.printing.cupsdFilesConf were removed
- because they had been allowing one to override configuration variables
- required for CUPS to work at all on NixOS. For most use cases,
+ services.printing.cupsdFilesConf were removed because
+ they had been allowing one to override configuration variables required for
+ CUPS to work at all on NixOS. For most use cases,
services.printing.extraConf and new option
- services.printing.extraFilesConf should be enough;
- if you encounter a situation when they are not, please file a bug.
-
- There are also Gutenprint improvements; in particular, a new option
- services.printing.gutenprint is added to enable automatic
- updating of Gutenprint PPMs; it's greatly recommended to enable it instead
- of adding gutenprint to the drivers list.
-
-
-
-
- services.xserver.vaapiDrivers has been removed. Use
- hardware.opengl.extraPackages{,32} instead. You can
- also specify VDPAU drivers there.
-
-
-
-
- programs.ibus moved to i18n.inputMethod.ibus.
- The option programs.ibus.plugins changed to i18n.inputMethod.ibus.engines
- and the option to enable ibus changed from programs.ibus.enable to
+ services.printing.extraFilesConf should be enough; if
+ you encounter a situation when they are not, please file a bug.
+
+
+ There are also Gutenprint improvements; in particular, a new option
+ services.printing.gutenprint is added to enable
+ automatic updating of Gutenprint PPMs; it's greatly recommended to enable
+ it instead of adding gutenprint to the
+ drivers list.
+
+
+
+
+ services.xserver.vaapiDrivers has been removed. Use
+ hardware.opengl.extraPackages{,32} instead. You can also
+ specify VDPAU drivers there.
+
+
+
+
+ programs.ibus moved to
+ i18n.inputMethod.ibus. The option
+ programs.ibus.plugins changed to
+ i18n.inputMethod.ibus.engines and the option to enable
+ ibus changed from programs.ibus.enable to
i18n.inputMethod.enabled.
- i18n.inputMethod.enabled should be set to the used input method name,
- "ibus" for ibus.
- An example of the new style:
-
+ i18n.inputMethod.enabled should be set to the used input
+ method name, "ibus" for ibus. An example of the new
+ style:
i18n.inputMethod.enabled = "ibus";
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
-
-That is equivalent to the old version:
-
+ That is equivalent to the old version:
programs.ibus.enable = true;
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
-
-
+
-
- services.udev.extraRules option now writes rules
- to 99-local.rules instead of 10-local.rules.
- This makes all the user rules apply after others, so their results wouldn't be
- overriden by anything else.
+
+ services.udev.extraRules option now writes rules to
+ 99-local.rules instead of
+ 10-local.rules. This makes all the user rules apply
+ after others, so their results wouldn't be overriden by anything else.
+
-
- Large parts of the services.gitlab module has been
- been rewritten. There are new configuration options available. The
+
+ Large parts of the services.gitlab module has been been
+ rewritten. There are new configuration options available. The
stateDir option was renamned to
- statePath and the satellitesDir option
- was removed. Please review the currently available options.
+ statePath and the satellitesDir
+ option was removed. Please review the currently available options.
+
-
-
- The option no
- longer interpret the dollar sign ($) as a shell variable, as such it
- should not be escaped anymore. Thus the following zone data:
-
-
+
+ The option no longer
+ interpret the dollar sign ($) as a shell variable, as such it should not be
+ escaped anymore. Thus the following zone data:
+
+
\$ORIGIN example.com.
\$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
-
+
Should modified to look like the actual file expected by nsd:
-
-
+
+
$ORIGIN example.com.
$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
-
-
- service.syncthing.dataDir options now has to point
- to exact folder where syncthing is writing to. Example configuration should
+
+ service.syncthing.dataDir options now has to point to
+ exact folder where syncthing is writing to. Example configuration should
look something like:
-
-
+
+
services.syncthing = {
enable = true;
dataDir = "/home/somebody/.syncthing";
@@ -358,76 +579,73 @@ services.syncthing = {
};
-
-
-
- networking.firewall.allowPing is now enabled by
- default. Users are encouraged to configure an appropriate rate limit for
- their machines using the Kernel interface at
- /proc/sys/net/ipv4/icmp_ratelimit and
- /proc/sys/net/ipv6/icmp/ratelimit or using the
- firewall itself, i.e. by setting the NixOS option
- networking.firewall.pingLimit.
-
-
-
-
-
- Systems with some broadcom cards used to result into a generated config
- that is no longer accepted. If you get errors like
- error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
- you should either re-run nixos-generate-config or manually replace
- "${config.boot.kernelPackages.broadcom_sta}"
- by
- config.boot.kernelPackages.broadcom_sta
- in your /etc/nixos/hardware-configuration.nix.
- More discussion is on
- the github issue.
-
-
-
-
- The services.xserver.startGnuPGAgent option has been removed.
- GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
- longer requires (or even supports) the "start everything as a child of the
- agent" scheme we've implemented in NixOS for older versions.
- To configure the gpg-agent for your X session, add the following code to
- ~/.bashrc or some file that’s sourced when your shell is started:
-
+
+ networking.firewall.allowPing is now enabled by default.
+ Users are encouraged to configure an appropriate rate limit for their
+ machines using the Kernel interface at
+ /proc/sys/net/ipv4/icmp_ratelimit and
+ /proc/sys/net/ipv6/icmp/ratelimit or using the
+ firewall itself, i.e. by setting the NixOS option
+ networking.firewall.pingLimit.
+
+
+
+
+ Systems with some broadcom cards used to result into a generated config
+ that is no longer accepted. If you get errors like
+error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
+ you should either re-run nixos-generate-config or
+ manually replace
+ "${config.boot.kernelPackages.broadcom_sta}" by
+ config.boot.kernelPackages.broadcom_sta in your
+ /etc/nixos/hardware-configuration.nix. More discussion
+ is on the
+ github issue.
+
+
+
+
+ The services.xserver.startGnuPGAgent option has been
+ removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new
+ approach no longer requires (or even supports) the "start everything as a
+ child of the agent" scheme we've implemented in NixOS for older versions.
+ To configure the gpg-agent for your X session, add the following code to
+ ~/.bashrc or some file that’s sourced when your
+ shell is started:
+
GPG_TTY=$(tty)
export GPG_TTY
- If you want to use gpg-agent for SSH, too, add the following to your session
- initialization (e.g. displayManager.sessionCommands)
-
+ If you want to use gpg-agent for SSH, too, add the following to your
+ session initialization (e.g.
+ displayManager.sessionCommands)
+
gpg-connect-agent /bye
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
- and make sure that
-
+ and make sure that
+
enable-ssh-support
- is included in your ~/.gnupg/gpg-agent.conf.
- You will need to use ssh-add to re-add your ssh keys.
- If gpg’s automatic transformation of the private keys to the new format fails,
- you will need to re-import your private keyring as well:
-
+ is included in your ~/.gnupg/gpg-agent.conf. You will
+ need to use ssh-add to re-add your ssh keys. If gpg’s
+ automatic transformation of the private keys to the new format fails, you
+ will need to re-import your private keyring as well:
+
gpg --import ~/.gnupg/secring.gpg
- The gpg-agent(1) man page has more details about this subject,
- i.e. in the "EXAMPLES" section.
-
+ The gpg-agent(1) man page has more details about this
+ subject, i.e. in the "EXAMPLES" section.
+
-
-
-
-Other notable improvements:
+
-
-
-
-
-
- ejabberd module is brought back and now works on
- NixOS.
-
-
-
- Input method support was improved. New NixOS modules (fcitx, nabi and uim),
- fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
- have been added.
-
-
-
-
+
+
+ ejabberd module is brought back and now works on NixOS.
+
+
+
+
+ Input method support was improved. New NixOS modules (fcitx, nabi and
+ uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus
+ engines (hangul and m17n) have been added.
+
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml
index 893f894f42fee5c763c31f88a561f7bc30192ed5..4a2343edc970268a8a6899b093a6b3875e98ebe8 100644
--- a/nixos/doc/manual/release-notes/rl-1609.xml
+++ b/nixos/doc/manual/release-notes/rl-1609.xml
@@ -3,237 +3,275 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-16.09">
+ Release 16.09 (“Flounder”, 2016/09/30)
-Release 16.09 (“Flounder”, 2016/09/30)
-
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
+
- Many NixOS configurations and Nix packages now use
- significantly less disk space, thanks to the
+ Many NixOS configurations and Nix packages now use significantly less disk
+ space, thanks to the
+ extensive
- work on closure size reduction. For example, the closure
- size of a minimal NixOS container went down from ~424 MiB in 16.03
- to ~212 MiB in 16.09, while the closure size of Firefox went from
- ~651 MiB to ~259 MiB.
+ work on closure size reduction. For example, the closure size of a
+ minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in
+ 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB.
+
-
- To improve security, packages are now
+ To improve security, packages are now
+ built
- using various hardening features. See the Nixpkgs manual
- for more information.
+ using various hardening features. See the Nixpkgs manual for more
+ information.
+
-
- Support for PXE netboot. See for documentation.
+
+ Support for PXE netboot. See
+ for documentation.
+
-
- X.org server 1.18. If you use the
- ati_unfree driver, 1.17 is still used due to an
- ABI incompatibility.
+
+ X.org server 1.18. If you use the ati_unfree driver,
+ 1.17 is still used due to an ABI incompatibility.
+
-
- This release is based on Glibc 2.24, GCC 5.4.0 and systemd
- 231. The default Linux kernel remains 4.4.
+
+ This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default
+ Linux kernel remains 4.4.
+
+
-
-
-The following new services were added since the last release:
+
+ The following new services were added since the last release:
+
-
- (this will get automatically generated at release time)
-
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
+
+
+
+ (this will get automatically generated at release time)
+
+
+
-
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
- A large number of packages have been converted to use the multiple outputs feature
- of Nix to greatly reduce the amount of required disk space, as
- mentioned above. This may require changes
- to any custom packages to make them build again; see the relevant chapter in the
- Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions
- related to multiple-output packages
- were changed
- late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
-
+
+ A large number of packages have been converted to use the multiple outputs
+ feature of Nix to greatly reduce the amount of required disk space, as
+ mentioned above. This may require changes to any custom packages to make
+ them build again; see the relevant chapter in the Nixpkgs manual for more
+ information. (Additional caveat to packagers: some packaging conventions
+ related to multiple-output packages
+ were
+ changed late (August 2016) in the release cycle and differ from the
+ initial introduction of multiple outputs.)
+
-
- Previous versions of Nixpkgs had support for all versions of the LTS
+
+ Previous versions of Nixpkgs had support for all versions of the LTS
Haskell package set. That support has been dropped. The previously provided
haskell.packages.lts-x_y package sets still exist in
name to aviod breaking user code, but these package sets don't actually
contain the versions mandated by the corresponding LTS release. Instead,
our package set it loosely based on the latest available LTS release, i.e.
LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will
- drop those old names entirely. The
motivation for this change has been discussed at length on the
- nix-dev mailing list and in Github issue
- #14897. Development strategies for Haskell hackers who want to rely
- on Nix and NixOS have been described in nix-dev mailing list and in
+ Github
+ issue #14897. Development strategies for Haskell hackers who want to
+ rely on Nix and NixOS have been described in
+ another
- nix-dev article.
+ nix-dev article.
+
-
- Shell aliases for systemd sub-commands
- were dropped:
- start, stop,
- restart, status.
+
+ Shell aliases for systemd sub-commands
+ were
+ dropped: start, stop,
+ restart, status.
+
-
- Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default
- behavior of Redis 3.2
+
+ Redis now binds to 127.0.0.1 only instead of listening to all network
+ interfaces. This is the default behavior of Redis 3.2
+
-
-
- /var/empty is now immutable. Activation script runs chattr +i
- to forbid any modifications inside the folder. See
- the pull request for what bugs this caused.
-
+
+ /var/empty is now immutable. Activation script runs
+ chattr +i to forbid any modifications inside the folder.
+ See the
+ pull request for what bugs this caused.
+
-
- Gitlab's maintainance script
- gitlab-runner was removed and split up into the
- more clearer gitlab-run and
+
+ Gitlab's maintainance script gitlab-runner was removed
+ and split up into the more clearer gitlab-run and
gitlab-rake scripts, because
- gitlab-runner is a component of Gitlab
- CI.
+ gitlab-runner is a component of Gitlab CI.
+
-
- services.xserver.libinput.accelProfile default
- changed from flat to adaptive,
- as per
- official documentation.
+
+ services.xserver.libinput.accelProfile default changed
+ from flat to adaptive, as per
+
+ official documentation.
+
-
- fonts.fontconfig.ultimate.rendering was removed
- because our presets were obsolete for some time. New presets are hardcoded
- into FreeType; you can select a preset via fonts.fontconfig.ultimate.preset.
- You can customize those presets via ordinary environment variables, using
- environment.variables.
+
+ fonts.fontconfig.ultimate.rendering was removed because
+ our presets were obsolete for some time. New presets are hardcoded into
+ FreeType; you can select a preset via
+ fonts.fontconfig.ultimate.preset. You can customize
+ those presets via ordinary environment variables, using
+ environment.variables.
+
-
- The audit service is no longer enabled by default.
- Use security.audit.enable = true to explicitly enable it.
+
+ The audit service is no longer enabled by default. Use
+ security.audit.enable = true to explicitly enable it.
+
-
-
- pkgs.linuxPackages.virtualbox now contains only the
- kernel modules instead of the VirtualBox user space binaries.
- If you want to reference the user space binaries, you have to use the new
- pkgs.virtualbox instead.
-
+
+ pkgs.linuxPackages.virtualbox now contains only the
+ kernel modules instead of the VirtualBox user space binaries. If you want
+ to reference the user space binaries, you have to use the new
+ pkgs.virtualbox instead.
+
-
- goPackages was replaced with separated Go
- applications in appropriate nixpkgs
- categories. Each Go package uses its own dependency set. There's
- also a new go2nix tool introduced to generate a
- Go package definition from its Go source automatically.
+
+ goPackages was replaced with separated Go applications
+ in appropriate nixpkgs categories. Each Go package uses
+ its own dependency set. There's also a new go2nix tool
+ introduced to generate a Go package definition from its Go source
+ automatically.
+
-
- services.mongodb.extraConfig configuration format
- was changed to YAML.
+
+ services.mongodb.extraConfig configuration format was
+ changed to YAML.
+
-
-
- PHP has been upgraded to 7.0
-
+
+ PHP has been upgraded to 7.0
+
-
-
-
-Other notable improvements:
-
-
+
- Revamped grsecurity/PaX support. There is now only a single
- general-purpose distribution kernel and the configuration interface has been
- streamlined. Desktop users should be able to simply set
- security.grsecurity.enable = true to get
- a reasonably secure system without having to sacrifice too much
- functionality.
-
+
+ Other notable improvements:
+
- Special filesystems, like /proc,
- /run and others, now have the same mount options
- as recommended by systemd and are unified across different places in
- NixOS. Mount options are updated during nixos-rebuild
- switch if possible. One benefit from this is improved
- security — most such filesystems are now mounted with
- noexec, nodev and/or
- nosuid options.
-
- The reverse path filter was interfering with DHCPv4 server
- operation in the past. An exception for DHCPv4 and a new option to log
- packets that were dropped due to the reverse path filter was added
- (networking.firewall.logReversePathDrops) for easier
- debugging.
-
- Containers configuration within
- containers.<name>.config is
+
+
+ Revamped grsecurity/PaX support. There is now only a single general-purpose
+ distribution kernel and the configuration interface has been streamlined.
+ Desktop users should be able to simply set
+security.grsecurity.enable = true
+ to get a reasonably secure system without having to sacrifice too much
+ functionality.
+
+
+
+
+ Special filesystems, like /proc, /run
+ and others, now have the same mount options as recommended by systemd and
+ are unified across different places in NixOS. Mount options are updated
+ during nixos-rebuild switch if possible. One benefit
+ from this is improved security — most such filesystems are now mounted
+ with noexec, nodev and/or
+ nosuid options.
+
+
+
+
+ The reverse path filter was interfering with DHCPv4 server operation in the
+ past. An exception for DHCPv4 and a new option to log packets that were
+ dropped due to the reverse path filter was added
+ (networking.firewall.logReversePathDrops) for easier
+ debugging.
+
+
+
+
+ Containers configuration within
+ containers.<name>.config is
+ now
- properly typed and checked. In particular, partial
- configurations are merged correctly.
-
+ properly typed and checked. In particular, partial configurations
+ are merged correctly.
+
+
- The directory container setuid wrapper programs,
- /var/setuid-wrappers,
+ The directory container setuid wrapper programs,
+ /var/setuid-wrappers,
+ is now
- updated atomically to prevent failures if the switch to a new
- configuration is interrupted.
+ updated atomically to prevent failures if the switch to a new configuration
+ is interrupted.
+
-
- services.xserver.startGnuPGAgent
- has been removed due to GnuPG 2.1.x bump. See
+ services.xserver.startGnuPGAgent has been removed due to
+ GnuPG 2.1.x bump. See
+
- how to achieve similar behavior. You might need to
- pkill gpg-agent after the upgrade
- to prevent a stale agent being in the way.
-
+ how to achieve similar behavior. You might need to pkill
+ gpg-agent after the upgrade to prevent a stale agent being in the
+ way.
+
-
-
+
+
- Declarative users could share the uid due to the bug in
- the script handling conflict resolution.
-
-
-
-
+ Declarative users could share the uid due to the bug in the script handling
+ conflict resolution.
+
+
+
+
Gummi boot has been replaced using systemd-boot.
-
-
-
+
+
+
+
Hydra package and NixOS module were added for convenience.
-
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 6147b9830137d3b507cffe09c8471d72decbb58b..6ca79e2bc00da1d145c5c37af99d59a8af5477de 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -3,259 +3,588 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.03">
+ Release 17.03 (“Gorilla”, 2017/03/31)
-Release 17.03 (“Gorilla”, 2017/03/31)
-
-
+ Highlights
-Highlights
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
-
- Nixpkgs is now extensible through overlays. See the
+
+
+ Nixpkgs is now extensible through overlays. See the
+ Nixpkgs
- manual for more information.
-
-
-
- This release is based on Glibc 2.25, GCC 5.4.0 and systemd
- 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
-
-
-
- The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed
-
-
-
- The setuid wrapper functionality now supports setting
- capabilities.
-
-
-
- X.org server uses branch 1.19. Due to ABI incompatibilities,
- ati_unfree keeps forcing 1.17
- and amdgpu-pro starts forcing 1.18.
-
-
-
+ manual for more information.
+
+
+
- Cross compilation has been rewritten. See the nixpkgs manual for
- details. The most obvious breaking change is that in derivations there is no
- .nativeDrv nor .crossDrv are now
- cross by default, not native.
+ This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The
+ default Linux kernel is 4.9 and Nix is at 1.11.8.
-
-
-
- The overridePackages function has been rewritten
- to be replaced by
+
+
+ The default desktop environment now is KDE's Plasma 5. KDE 4 has been
+ removed
+
+
+
+
+ The setuid wrapper functionality now supports setting capabilities.
+
+
+
+
+ X.org server uses branch 1.19. Due to ABI incompatibilities,
+ ati_unfree keeps forcing 1.17 and
+ amdgpu-pro starts forcing 1.18.
+
+
+
+
+ Cross compilation has been rewritten. See the nixpkgs manual for details.
+ The most obvious breaking change is that in derivations there is no
+ .nativeDrv nor .crossDrv are now
+ cross by default, not native.
+
+
+
+
+ The overridePackages function has been rewritten to be
+ replaced by
+
- overlays
-
-
-
- Packages in nixpkgs can be marked as insecure through listed
- vulnerabilities. See the
+
+
+
+
+ Packages in nixpkgs can be marked as insecure through listed
+ vulnerabilities. See the
+ Nixpkgs
- manual for more information.
-
-
-
- PHP now defaults to PHP 7.1
-
-
-
+ manual for more information.
+
+
+
+
+ PHP now defaults to PHP 7.1
+
+
+
+
-
-
+ New Services
-New Services
+
+ The following new services were added since the last release:
+
-The following new services were added since the last release:
-
-
- hardware/ckb.nix
- hardware/mcelog.nix
- hardware/usb-wwan.nix
- hardware/video/capture/mwprocapture.nix
- programs/adb.nix
- programs/chromium.nix
- programs/gphoto2.nix
- programs/java.nix
- programs/mtr.nix
- programs/oblogout.nix
- programs/vim.nix
- programs/wireshark.nix
- security/dhparams.nix
- services/audio/ympd.nix
- services/computing/boinc/client.nix
- services/continuous-integration/buildbot/master.nix
- services/continuous-integration/buildbot/worker.nix
- services/continuous-integration/gitlab-runner.nix
- services/databases/riak-cs.nix
- services/databases/stanchion.nix
- services/desktops/gnome3/gnome-terminal-server.nix
- services/editors/infinoted.nix
- services/hardware/illum.nix
- services/hardware/trezord.nix
- services/logging/journalbeat.nix
- services/mail/offlineimap.nix
- services/mail/postgrey.nix
- services/misc/couchpotato.nix
- services/misc/docker-registry.nix
- services/misc/errbot.nix
- services/misc/geoip-updater.nix
- services/misc/gogs.nix
- services/misc/leaps.nix
- services/misc/nix-optimise.nix
- services/misc/ssm-agent.nix
- services/misc/sssd.nix
- services/monitoring/arbtt.nix
- services/monitoring/netdata.nix
- services/monitoring/prometheus/default.nix
- services/monitoring/prometheus/alertmanager.nix
- services/monitoring/prometheus/blackbox-exporter.nix
- services/monitoring/prometheus/json-exporter.nix
- services/monitoring/prometheus/nginx-exporter.nix
- services/monitoring/prometheus/node-exporter.nix
- services/monitoring/prometheus/snmp-exporter.nix
- services/monitoring/prometheus/unifi-exporter.nix
- services/monitoring/prometheus/varnish-exporter.nix
- services/monitoring/sysstat.nix
- services/monitoring/telegraf.nix
- services/monitoring/vnstat.nix
- services/network-filesystems/cachefilesd.nix
- services/network-filesystems/glusterfs.nix
- services/network-filesystems/ipfs.nix
- services/networking/dante.nix
- services/networking/dnscrypt-wrapper.nix
- services/networking/fakeroute.nix
- services/networking/flannel.nix
- services/networking/htpdate.nix
- services/networking/miredo.nix
- services/networking/nftables.nix
- services/networking/powerdns.nix
- services/networking/pdns-recursor.nix
- services/networking/quagga.nix
- services/networking/redsocks.nix
- services/networking/wireguard.nix
- services/system/cgmanager.nix
- services/torrent/opentracker.nix
- services/web-apps/atlassian/confluence.nix
- services/web-apps/atlassian/crowd.nix
- services/web-apps/atlassian/jira.nix
- services/web-apps/frab.nix
- services/web-apps/nixbot.nix
- services/web-apps/selfoss.nix
- services/web-apps/quassel-webserver.nix
- services/x11/unclutter-xfixes.nix
- services/x11/urxvtd.nix
- system/boot/systemd-nspawn.nix
- virtualisation/ecs-agent.nix
- virtualisation/lxcfs.nix
- virtualisation/openstack/keystone.nix
- virtualisation/openstack/glance.nix
-
+
+
+
+ hardware/ckb.nix
+
+
+
+
+ hardware/mcelog.nix
+
+
+
+
+ hardware/usb-wwan.nix
+
+
+
+
+ hardware/video/capture/mwprocapture.nix
+
+
+
+
+ programs/adb.nix
+
+
+
+
+ programs/chromium.nix
+
+
+
+
+ programs/gphoto2.nix
+
+
+
+
+ programs/java.nix
+
+
+
+
+ programs/mtr.nix
+
+
+
+
+ programs/oblogout.nix
+
+
+
+
+ programs/vim.nix
+
+
+
+
+ programs/wireshark.nix
+
+
+
+
+ security/dhparams.nix
+
+
+
+
+ services/audio/ympd.nix
+
+
+
+
+ services/computing/boinc/client.nix
+
+
+
+
+ services/continuous-integration/buildbot/master.nix
+
+
+
+
+ services/continuous-integration/buildbot/worker.nix
+
+
+
+
+ services/continuous-integration/gitlab-runner.nix
+
+
+
+
+ services/databases/riak-cs.nix
+
+
+
+
+ services/databases/stanchion.nix
+
+
+
+
+ services/desktops/gnome3/gnome-terminal-server.nix
+
+
+
+
+ services/editors/infinoted.nix
+
+
+
+
+ services/hardware/illum.nix
+
+
+
+
+ services/hardware/trezord.nix
+
+
+
+
+ services/logging/journalbeat.nix
+
+
+
+
+ services/mail/offlineimap.nix
+
+
+
+
+ services/mail/postgrey.nix
+
+
+
+
+ services/misc/couchpotato.nix
+
+
+
+
+ services/misc/docker-registry.nix
+
+
+
+
+ services/misc/errbot.nix
+
+
+
+
+ services/misc/geoip-updater.nix
+
+
+
+
+ services/misc/gogs.nix
+
+
+
+
+ services/misc/leaps.nix
+
+
+
+
+ services/misc/nix-optimise.nix
+
+
+
+
+ services/misc/ssm-agent.nix
+
+
+
+
+ services/misc/sssd.nix
+
+
+
+
+ services/monitoring/arbtt.nix
+
+
+
+
+ services/monitoring/netdata.nix
+
+
+
+
+ services/monitoring/prometheus/default.nix
+
+
+
+
+ services/monitoring/prometheus/alertmanager.nix
+
+
+
+
+ services/monitoring/prometheus/blackbox-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/json-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/nginx-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/node-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/snmp-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/unifi-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/varnish-exporter.nix
+
+
+
+
+ services/monitoring/sysstat.nix
+
+
+
+
+ services/monitoring/telegraf.nix
+
+
+
+
+ services/monitoring/vnstat.nix
+
+
+
+
+ services/network-filesystems/cachefilesd.nix
+
+
+
+
+ services/network-filesystems/glusterfs.nix
+
+
+
+
+ services/network-filesystems/ipfs.nix
+
+
+
+
+ services/networking/dante.nix
+
+
+
+
+ services/networking/dnscrypt-wrapper.nix
+
+
+
+
+ services/networking/fakeroute.nix
+
+
+
+
+ services/networking/flannel.nix
+
+
+
+
+ services/networking/htpdate.nix
+
+
+
+
+ services/networking/miredo.nix
+
+
+
+
+ services/networking/nftables.nix
+
+
+
+
+ services/networking/powerdns.nix
+
+
+
+
+ services/networking/pdns-recursor.nix
+
+
+
+
+ services/networking/quagga.nix
+
+
+
+
+ services/networking/redsocks.nix
+
+
+
+
+ services/networking/wireguard.nix
+
+
+
+
+ services/system/cgmanager.nix
+
+
+
+
+ services/torrent/opentracker.nix
+
+
+
+
+ services/web-apps/atlassian/confluence.nix
+
+
+
+
+ services/web-apps/atlassian/crowd.nix
+
+
+
+
+ services/web-apps/atlassian/jira.nix
+
+
+
+
+ services/web-apps/frab.nix
+
+
+
+
+ services/web-apps/nixbot.nix
+
+
+
+
+ services/web-apps/selfoss.nix
+
+
+
+
+ services/web-apps/quassel-webserver.nix
+
+
+
+
+ services/x11/unclutter-xfixes.nix
+
+
+
+
+ services/x11/urxvtd.nix
+
+
+
+
+ system/boot/systemd-nspawn.nix
+
+
+
+
+ virtualisation/ecs-agent.nix
+
+
+
+
+ virtualisation/lxcfs.nix
+
+
+
+
+ virtualisation/openstack/keystone.nix
+
+
+
+
+ virtualisation/openstack/glance.nix
+
+
+
+
-
-
+ Backward Incompatibilities
-Backward Incompatibilities
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
+
+
- Derivations have no .nativeDrv nor .crossDrv
- and are now cross by default, not native.
+ Derivations have no .nativeDrv nor
+ .crossDrv and are now cross by default, not native.
-
-
-
+
+
- stdenv.overrides is now expected to take self
- and super arguments. See lib.trivial.extends
- for what those parameters represent.
+ stdenv.overrides is now expected to take
+ self and super arguments. See
+ lib.trivial.extends for what those parameters
+ represent.
-
-
-
+
+
- ansible now defaults to ansible version 2 as version 1
- has been removed due to a serious ansible now defaults to ansible version 2 as version 1
+ has been removed due to a serious
+
- vulnerability unpatched by upstream.
+ vulnerability unpatched by upstream.
-
-
-
+
+
- gnome alias has been removed along with
- gtk, gtkmm and several others.
- Now you need to use versioned attributes, like gnome3.
+ gnome alias has been removed along with
+ gtk, gtkmm and several others. Now
+ you need to use versioned attributes, like gnome3.
-
-
-
+
+
- The attribute name of the Radicale daemon has been changed from
- pythonPackages.radicale to
- radicale.
+ The attribute name of the Radicale daemon has been changed from
+ pythonPackages.radicale to radicale.
-
-
-
+
+
- The stripHash bash function in stdenv
- changed according to its documentation; it now outputs the stripped name to
- stdout instead of putting it in the variable
- strippedName.
+ The stripHash bash function in
+ stdenv changed according to its documentation; it now
+ outputs the stripped name to stdout instead of putting
+ it in the variable strippedName.
-
-
-
- PHP now scans for extra configuration .ini files in /etc/php.d
- instead of /etc. This prevents accidentally loading non-PHP .ini files
- that may be in /etc.
+
+
+
+ PHP now scans for extra configuration .ini files in /etc/php.d instead of
+ /etc. This prevents accidentally loading non-PHP .ini files that may be in
+ /etc.
-
-
-
+
+
- Two lone top-level dict dbs moved into dictdDBs. This
- affects: dictdWordnet which is now at
- dictdDBs.wordnet and dictdWiktionary
- which is now at dictdDBs.wiktionary
+ Two lone top-level dict dbs moved into dictdDBs. This
+ affects: dictdWordnet which is now at
+ dictdDBs.wordnet and dictdWiktionary
+ which is now at dictdDBs.wiktionary
-
-
-
+
+
- Parsoid service now uses YAML configuration format.
+ Parsoid service now uses YAML configuration format.
service.parsoid.interwikis is now called
service.parsoid.wikis and is a list of either API URLs
or attribute sets as specified in parsoid's documentation.
-
-
-
+
+ Ntpd was replaced by
systemd-timesyncd as the default service to synchronize
@@ -263,14 +592,12 @@ following incompatible changes:
setting services.ntp.enable to true.
Upstream time servers for all NTP implementations are now configured using
networking.timeServers.
-
-
-
-
+
+
+
- service.nylon is now declared using named instances.
- As an example:
-
+ service.nylon is now declared using named instances. As
+ an example:
services.nylon = {
enable = true;
@@ -279,9 +606,7 @@ following incompatible changes:
port = 5912;
};
-
- should be replaced with:
-
+ should be replaced with:
services.nylon.myvpn = {
enable = true;
@@ -290,225 +615,203 @@ following incompatible changes:
port = 5912;
};
-
- this enables you to declare a SOCKS proxy for each uplink.
-
+ this enables you to declare a SOCKS proxy for each uplink.
-
-
-
- overridePackages function no longer exists.
- It is replaced by
+
+
+ overridePackages function no longer exists. It is
+ replaced by
+
- overlays. For example, the following code:
-
+ overlays. For example, the following code:
let
pkgs = import <nixpkgs> {};
in
pkgs.overridePackages (self: super: ...)
-
- should be replaced by:
-
+ should be replaced by:
let
pkgs = import <nixpkgs> {};
in
import pkgs.path { overlays = [(self: super: ...)]; }
-
-
-
-
+
+
- Autoloading connection tracking helpers is now disabled by default.
- This default was also changed in the Linux kernel and is considered
- insecure if not configured properly in your firewall. If you need
- connection tracking helpers (i.e. for active FTP) please enable
- networking.firewall.autoLoadConntrackHelpers and
- tune networking.firewall.connectionTrackingModules
- to suit your needs.
-
-
-
-
+ Autoloading connection tracking helpers is now disabled by default. This
+ default was also changed in the Linux kernel and is considered insecure if
+ not configured properly in your firewall. If you need connection tracking
+ helpers (i.e. for active FTP) please enable
+ networking.firewall.autoLoadConntrackHelpers and tune
+ networking.firewall.connectionTrackingModules to suit
+ your needs.
+
+
+
- local_recipient_maps is not set to empty value by
- Postfix service. It's an insecure default as stated by Postfix
- documentation. Those who want to retain this setting need to set it via
- services.postfix.extraConfig.
+ local_recipient_maps is not set to empty value by
+ Postfix service. It's an insecure default as stated by Postfix
+ documentation. Those who want to retain this setting need to set it via
+ services.postfix.extraConfig.
-
-
-
+
+
- Iputils no longer provide ping6 and traceroute6. The functionality of
- these tools has been integrated into ping and traceroute respectively. To
- enforce an address family the new flags -4 and
- -6 have been added. One notable incompatibility is that
- specifying an interface (for link-local IPv6 for instance) is no longer done
- with the -I flag, but by encoding the interface into the
- address (ping fe80::1%eth0).
-
-
-
-
+ Iputils no longer provide ping6 and traceroute6. The functionality of
+ these tools has been integrated into ping and traceroute respectively. To
+ enforce an address family the new flags -4 and
+ -6 have been added. One notable incompatibility is that
+ specifying an interface (for link-local IPv6 for instance) is no longer
+ done with the -I flag, but by encoding the interface
+ into the address (ping fe80::1%eth0).
+
+
+
- The socket handling of the services.rmilter module
- has been fixed and refactored. As rmilter doesn't support binding to
- more than one socket, the options bindUnixSockets
- and bindInetSockets have been replaced by
- services.rmilter.bindSocket.*. The default is still
- a unix socket in /run/rmilter/rmilter.sock. Refer to
- the options documentation for more information.
-
-
-
-
+ The socket handling of the services.rmilter module has
+ been fixed and refactored. As rmilter doesn't support binding to more than
+ one socket, the options bindUnixSockets and
+ bindInetSockets have been replaced by
+ services.rmilter.bindSocket.*. The default is still a
+ unix socket in /run/rmilter/rmilter.sock. Refer to the
+ options documentation for more information.
+
+
+
- The fetch* functions no longer support md5,
- please use sha256 instead.
+ The fetch* functions no longer support md5, please use
+ sha256 instead.
-
-
-
+
+
- The dnscrypt-proxy module interface has been streamlined around the
- option. Where possible, legacy option
- declarations are mapped to but will emit
- warnings. The has been outright
- removed: to use an unlisted resolver, use the
- option.
-
-
-
-
+ The dnscrypt-proxy module interface has been streamlined around the
+ option. Where possible, legacy option
+ declarations are mapped to but will emit
+ warnings. The has been outright removed: to
+ use an unlisted resolver, use the option.
+
+
+
- torbrowser now stores local state under
- ~/.local/share/tor-browser by default. Any
- browser profile data from the old location,
- ~/.torbrowser4, must be migrated manually.
+ torbrowser now stores local state under
+ ~/.local/share/tor-browser by default. Any browser
+ profile data from the old location, ~/.torbrowser4,
+ must be migrated manually.
-
-
-
+
+
- The ihaskell, monetdb, offlineimap and sitecopy services have been removed.
+ The ihaskell, monetdb, offlineimap and sitecopy services have been
+ removed.
-
-
+
+
+
-
-
+ Other Notable Changes
-Other Notable Changes
-
-
-
-
- Module type system have a new extensible option types feature that
- allow to extend certain types, such as enum, through multiple option
- declarations of the same option across multiple modules.
-
-
-
-
+
+
- jre now defaults to GTK+ UI by default. This
- improves visual consistency and makes Java follow system font style,
- improving the situation on HighDPI displays. This has a cost of increased
- closure size; for server and other headless workloads it's recommended to
- use jre_headless.
+ Module type system have a new extensible option types feature that allow
+ to extend certain types, such as enum, through multiple option
+ declarations of the same option across multiple modules.
-
-
-
- Python 2.6 interpreter and package set have been removed.
-
-
-
+
+
+
+ jre now defaults to GTK+ UI by default. This improves
+ visual consistency and makes Java follow system font style, improving the
+ situation on HighDPI displays. This has a cost of increased closure size;
+ for server and other headless workloads it's recommended to use
+ jre_headless.
+
+
+
- The Python 2.7 interpreter does not use modules anymore. Instead, all
- CPython interpreters now include the whole standard library except for `tkinter`,
- which is available in the Python package set.
+ Python 2.6 interpreter and package set have been removed.
-
-
-
+
+
- Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
- Minor modifications had to be made to the interpreters in order to generate
- deterministic bytecode. This has security implications and is relevant for
- those using Python in a nix-shell. See the Nixpkgs manual
- for details.
+ The Python 2.7 interpreter does not use modules anymore. Instead, all
+ CPython interpreters now include the whole standard library except for
+ `tkinter`, which is available in the Python package set.
-
-
-
+
+
- The Python package sets now use a fixed-point combinator and the sets are
- available as attributes of the interpreters.
+ Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
+ Minor modifications had to be made to the interpreters in order to
+ generate deterministic bytecode. This has security implications and is
+ relevant for those using Python in a nix-shell. See the
+ Nixpkgs manual for details.
+
+
+
+
+ The Python package sets now use a fixed-point combinator and the sets are
+ available as attributes of the interpreters.
-
-
-
+
+
- The Python function buildPythonPackage has been improved and can be
- used to build from Setuptools source, Flit source, and precompiled Wheels.
+ The Python function buildPythonPackage has been
+ improved and can be used to build from Setuptools source, Flit source, and
+ precompiled Wheels.
-
-
-
+
+
- When adding new or updating current Python libraries, the expressions should be put
- in separate files in pkgs/development/python-modules and
- called from python-packages.nix.
+ When adding new or updating current Python libraries, the expressions
+ should be put in separate files in
+ pkgs/development/python-modules and called from
+ python-packages.nix.
-
-
-
+
+
- The dnscrypt-proxy service supports synchronizing the list of public
- resolvers without working DNS resolution. This fixes issues caused by the
- resolver list becoming outdated. It also improves the viability of
- DNSCrypt only configurations.
+ The dnscrypt-proxy service supports synchronizing the list of public
+ resolvers without working DNS resolution. This fixes issues caused by the
+ resolver list becoming outdated. It also improves the viability of
+ DNSCrypt only configurations.
-
-
-
+
+
- Containers using bridged networking no longer lose their connection after
- changes to the host networking.
+ Containers using bridged networking no longer lose their connection after
+ changes to the host networking.
-
-
-
+
+
- ZFS supports pool auto scrubbing.
+ ZFS supports pool auto scrubbing.
-
-
-
+
+
- The bind DNS utilities (e.g. dig) have been split into their own output and
- are now also available in pkgs.dnsutils and it is no longer
- necessary to pull in all of bind to use them.
+ The bind DNS utilities (e.g. dig) have been split into their own output
+ and are now also available in pkgs.dnsutils and it is
+ no longer necessary to pull in all of bind to use them.
-
-
-
+
+
- Per-user configuration was moved from ~/.nixpkgs to
- ~/.config/nixpkgs. The former is still valid for
- config.nix for backwards compatibility.
+ Per-user configuration was moved from ~/.nixpkgs to
+ ~/.config/nixpkgs. The former is still valid for
+ config.nix for backwards compatibility.
-
-
-
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1709.xml b/nixos/doc/manual/release-notes/rl-1709.xml
index 66f7b01db72a8aa103b9f7e0635465ef3d007fd5..795c51d2923dada71b2f4bffae27b6322df8052c 100644
--- a/nixos/doc/manual/release-notes/rl-1709.xml
+++ b/nixos/doc/manual/release-notes/rl-1709.xml
@@ -3,40 +3,40 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.09">
+ Release 17.09 (“Hummingbird”, 2017/09/??)
-Release 17.09 (“Hummingbird”, 2017/09/??)
-
-
+ Highlights
-Highlights
-
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
-
-
+
+
- The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10,
- KDE Applications to 17.08.1 and KDE Frameworks to 5.37.
+ The GNOME version is now 3.24. KDE Plasma was upgraded to 5.10, KDE
+ Applications to 17.08.1 and KDE Frameworks to 5.37.
-
-
+
+
- The user handling now keeps track of deallocated UIDs/GIDs. When a user
- or group is revived, this allows it to be allocated the UID/GID it had before.
- A consequence is that UIDs and GIDs are no longer reused.
+ The user handling now keeps track of deallocated UIDs/GIDs. When a user or
+ group is revived, this allows it to be allocated the UID/GID it had
+ before. A consequence is that UIDs and GIDs are no longer reused.
-
-
+
+
- The module option now
- causes the first head specified in this list to be set as the primary
- head. Apart from that, it's now possible to also set additional options
- by using an attribute set, for example:
+ The module option now causes
+ the first head specified in this list to be set as the primary head. Apart
+ from that, it's now possible to also set additional options by using an
+ attribute set, for example:
{ services.xserver.xrandrHeads = [
"HDMI-0"
@@ -50,365 +50,664 @@ has the following highlights:
];
}
- This will set the DVI-0 output to be the primary head,
- even though HDMI-0 is the first head in the list.
+ This will set the DVI-0 output to be the primary head,
+ even though HDMI-0 is the first head in the list.
-
-
+
+
- The handling of SSL in the services.nginx module has
- been cleaned up, renaming the misnamed enableSSL to
- onlySSL which reflects its original intention. This
- is not to be used with the already existing forceSSL
- which creates a second non-SSL virtual host redirecting to the SSL
- virtual host. This by chance had worked earlier due to specific
- implementation details. In case you had specified both please remove
- the enableSSL option to keep the previous behaviour.
+ The handling of SSL in the services.nginx module has
+ been cleaned up, renaming the misnamed enableSSL to
+ onlySSL which reflects its original intention. This is
+ not to be used with the already existing forceSSL which
+ creates a second non-SSL virtual host redirecting to the SSL virtual host.
+ This by chance had worked earlier due to specific implementation details.
+ In case you had specified both please remove the
+ enableSSL option to keep the previous behaviour.
- Another addSSL option has been introduced to configure
- both a non-SSL virtual host and an SSL virtual host with the same
- configuration.
+ Another addSSL option has been introduced to configure
+ both a non-SSL virtual host and an SSL virtual host with the same
+ configuration.
- Options to configure resolver options and
- upstream blocks have been introduced. See their information
- for further details.
+ Options to configure resolver options and
+ upstream blocks have been introduced. See their
+ information for further details.
- The port option has been replaced by a more generic
- listen option which makes it possible to specify
- multiple addresses, ports and SSL configs dependant on the new SSL
- handling mentioned above.
+ The port option has been replaced by a more generic
+ listen option which makes it possible to specify
+ multiple addresses, ports and SSL configs dependant on the new SSL
+ handling mentioned above.
-
-
+
+
+
-
-
+ New Services
-New Services
-
-The following new services were added since the last release:
+
+ The following new services were added since the last release:
+
-
- config/fonts/fontconfig-penultimate.nix
- config/fonts/fontconfig-ultimate.nix
- config/terminfo.nix
- hardware/sensor/iio.nix
- hardware/nitrokey.nix
- hardware/raid/hpsa.nix
- programs/browserpass.nix
- programs/gnupg.nix
- programs/qt5ct.nix
- programs/slock.nix
- programs/thefuck.nix
- security/auditd.nix
- security/lock-kernel-modules.nix
- service-managers/docker.nix
- service-managers/trivial.nix
- services/admin/salt/master.nix
- services/admin/salt/minion.nix
- services/audio/slimserver.nix
- services/cluster/kubernetes/default.nix
- services/cluster/kubernetes/dns.nix
- services/cluster/kubernetes/dashboard.nix
- services/continuous-integration/hail.nix
- services/databases/clickhouse.nix
- services/databases/postage.nix
- services/desktops/gnome3/gnome-disks.nix
- services/desktops/gnome3/gpaste.nix
- services/logging/SystemdJournal2Gelf.nix
- services/logging/heartbeat.nix
- services/logging/journalwatch.nix
- services/logging/syslogd.nix
- services/mail/mailhog.nix
- services/mail/nullmailer.nix
- services/misc/airsonic.nix
- services/misc/autorandr.nix
- services/misc/exhibitor.nix
- services/misc/fstrim.nix
- services/misc/gollum.nix
- services/misc/irkerd.nix
- services/misc/jackett.nix
- services/misc/radarr.nix
- services/misc/snapper.nix
- services/monitoring/osquery.nix
- services/monitoring/prometheus/collectd-exporter.nix
- services/monitoring/prometheus/fritzbox-exporter.nix
- services/network-filesystems/kbfs.nix
- services/networking/dnscache.nix
- services/networking/fireqos.nix
- services/networking/iwd.nix
- services/networking/keepalived/default.nix
- services/networking/keybase.nix
- services/networking/lldpd.nix
- services/networking/matterbridge.nix
- services/networking/squid.nix
- services/networking/tinydns.nix
- services/networking/xrdp.nix
- services/security/shibboleth-sp.nix
- services/security/sks.nix
- services/security/sshguard.nix
- services/security/torify.nix
- services/security/usbguard.nix
- services/security/vault.nix
- services/system/earlyoom.nix
- services/system/saslauthd.nix
- services/web-apps/nexus.nix
- services/web-apps/pgpkeyserver-lite.nix
- services/web-apps/piwik.nix
- services/web-servers/lighttpd/collectd.nix
- services/web-servers/minio.nix
- services/x11/display-managers/xpra.nix
- services/x11/xautolock.nix
- tasks/filesystems/bcachefs.nix
- tasks/powertop.nix
-
+
+
+
+ config/fonts/fontconfig-penultimate.nix
+
+
+
+
+ config/fonts/fontconfig-ultimate.nix
+
+
+
+
+ config/terminfo.nix
+
+
+
+
+ hardware/sensor/iio.nix
+
+
+
+
+ hardware/nitrokey.nix
+
+
+
+
+ hardware/raid/hpsa.nix
+
+
+
+
+ programs/browserpass.nix
+
+
+
+
+ programs/gnupg.nix
+
+
+
+
+ programs/qt5ct.nix
+
+
+
+
+ programs/slock.nix
+
+
+
+
+ programs/thefuck.nix
+
+
+
+
+ security/auditd.nix
+
+
+
+
+ security/lock-kernel-modules.nix
+
+
+
+
+ service-managers/docker.nix
+
+
+
+
+ service-managers/trivial.nix
+
+
+
+
+ services/admin/salt/master.nix
+
+
+
+
+ services/admin/salt/minion.nix
+
+
+
+
+ services/audio/slimserver.nix
+
+
+
+
+ services/cluster/kubernetes/default.nix
+
+
+
+
+ services/cluster/kubernetes/dns.nix
+
+
+
+
+ services/cluster/kubernetes/dashboard.nix
+
+
+
+
+ services/continuous-integration/hail.nix
+
+
+
+
+ services/databases/clickhouse.nix
+
+
+
+
+ services/databases/postage.nix
+
+
+
+
+ services/desktops/gnome3/gnome-disks.nix
+
+
+
+
+ services/desktops/gnome3/gpaste.nix
+
+
+
+
+ services/logging/SystemdJournal2Gelf.nix
+
+
+
+
+ services/logging/heartbeat.nix
+
+
+
+
+ services/logging/journalwatch.nix
+
+
+
+
+ services/logging/syslogd.nix
+
+
+
+
+ services/mail/mailhog.nix
+
+
+
+
+ services/mail/nullmailer.nix
+
+
+
+
+ services/misc/airsonic.nix
+
+
+
+
+ services/misc/autorandr.nix
+
+
+
+
+ services/misc/exhibitor.nix
+
+
+
+
+ services/misc/fstrim.nix
+
+
+
+
+ services/misc/gollum.nix
+
+
+
+
+ services/misc/irkerd.nix
+
+
+
+
+ services/misc/jackett.nix
+
+
+
+
+ services/misc/radarr.nix
+
+
+
+
+ services/misc/snapper.nix
+
+
+
+
+ services/monitoring/osquery.nix
+
+
+
+
+ services/monitoring/prometheus/collectd-exporter.nix
+
+
+
+
+ services/monitoring/prometheus/fritzbox-exporter.nix
+
+
+
+
+ services/network-filesystems/kbfs.nix
+
+
+
+
+ services/networking/dnscache.nix
+
+
+
+
+ services/networking/fireqos.nix
+
+
+
+
+ services/networking/iwd.nix
+
+
+
+
+ services/networking/keepalived/default.nix
+
+
+
+
+ services/networking/keybase.nix
+
+
+
+
+ services/networking/lldpd.nix
+
+
+
+
+ services/networking/matterbridge.nix
+
+
+
+
+ services/networking/squid.nix
+
+
+
+
+ services/networking/tinydns.nix
+
+
+
+
+ services/networking/xrdp.nix
+
+
+
+
+ services/security/shibboleth-sp.nix
+
+
+
+
+ services/security/sks.nix
+
+
+
+
+ services/security/sshguard.nix
+
+
+
+
+ services/security/torify.nix
+
+
+
+
+ services/security/usbguard.nix
+
+
+
+
+ services/security/vault.nix
+
+
+
+
+ services/system/earlyoom.nix
+
+
+
+
+ services/system/saslauthd.nix
+
+
+
+
+ services/web-apps/nexus.nix
+
+
+
+
+ services/web-apps/pgpkeyserver-lite.nix
+
+
+
+
+ services/web-apps/piwik.nix
+
+
+
+
+ services/web-servers/lighttpd/collectd.nix
+
+
+
+
+ services/web-servers/minio.nix
+
+
+
+
+ services/x11/display-managers/xpra.nix
+
+
+
+
+ services/x11/xautolock.nix
+
+
+
+
+ tasks/filesystems/bcachefs.nix
+
+
+
+
+ tasks/powertop.nix
+
+
+
+
-
-
+ Backward Incompatibilities
-Backward Incompatibilities
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
-
-
-
-
- In an Qemu-based virtualization environment, the network interface
- names changed from i.e. enp0s3 to
- ens3.
-
-
-
- This is due to a kernel configuration change. The new naming
- is consistent with those of other Linux distributions with
- systemd. See
- #29197
- for more information.
-
-
- A machine is affected if the virt-what tool
- either returns qemu or
- kvmand has
- interface names used in any part of its NixOS configuration,
- in particular if a static network configuration with
- networking.interfaces is used.
-
-
- Before rebooting affected machines, please ensure:
-
-
-
- Change the interface names in your NixOS configuration.
- The first interface will be called ens3,
- the second one ens8 and starting from there
- incremented by 1.
-
-
-
-
- After changing the interface names, rebuild your system with
- nixos-rebuild boot to activate the new
- configuration after a reboot. If you switch to the new
- configuration right away you might lose network connectivity!
- If using nixops, deploy with
- nixops deploy --force-reboot.
-
-
-
-
-
-
-
- The following changes apply if the stateVersion is changed to 17.09 or higher.
- For stateVersion = "17.03" or lower the old behavior is preserved.
+
+
+
+ In an Qemu-based virtualization environment, the
+ network interface names changed from i.e. enp0s3 to
+ ens3.
-
-
-
- The postgres default version was changed from 9.5 to 9.6.
-
-
-
-
- The postgres superuser name has changed from root to postgres to more closely follow what other Linux distributions are doing.
-
-
-
-
- The postgres default dataDir has changed from /var/db/postgres to /var/lib/postgresql/$psqlSchema where $psqlSchema is 9.6 for example.
-
-
+
+ This is due to a kernel configuration change. The new naming is consistent
+ with those of other Linux distributions with systemd. See
+ #29197
+ for more information.
+
+
+ A machine is affected if the virt-what tool either
+ returns qemu or kvm
+ and has interface names used in any part of its NixOS
+ configuration, in particular if a static network configuration with
+ networking.interfaces is used.
+
+
+ Before rebooting affected machines, please ensure:
+
-
- The mysql default dataDir has changed from /var/mysql to /var/lib/mysql.
-
+
+ Change the interface names in your NixOS configuration. The first
+ interface will be called ens3, the second one
+ ens8 and starting from there incremented by 1.
+
-
- Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found here . It is also possible to use the newer version by setting the package to radicale2, which is done automatically when stateVersion is 17.09 or higher. The extraArgs option has been added to allow passing the data migration arguments specified in the instructions; see the radicale.nix NixOS test for an example migration.
-
+
+ After changing the interface names, rebuild your system with
+ nixos-rebuild boot to activate the new configuration
+ after a reboot. If you switch to the new configuration right away you
+ might lose network connectivity! If using nixops,
+ deploy with nixops deploy --force-reboot.
+
+
+
+
+
+
+ The following changes apply if the stateVersion is
+ changed to 17.09 or higher. For stateVersion = "17.03"
+ or lower the old behavior is preserved.
+
+
+
+
+ The postgres default version was changed from 9.5 to
+ 9.6.
+
+
+
+
+ The postgres superuser name has changed from
+ root to postgres to more closely
+ follow what other Linux distributions are doing.
+
+
+
+
+ The postgres default dataDir has
+ changed from /var/db/postgres to
+ /var/lib/postgresql/$psqlSchema where $psqlSchema is
+ 9.6 for example.
+
+
+
+
+ The mysql default dataDir has
+ changed from /var/mysql to
+ /var/lib/mysql.
+
+
+
+
+ Radicale's default package has changed from 1.x to 2.x. Instructions to
+ migrate can be found here
+ . It is also possible to use the newer version by setting the
+ package to radicale2, which is
+ done automatically when stateVersion is 17.09 or
+ higher. The extraArgs option has been added to allow
+ passing the data migration arguments specified in the instructions; see
+ the
+ radicale.nix
+ NixOS test for an example migration.
+
+
-
-
+
+
- The aiccu package was removed. This is due to SixXS
- sunsetting its IPv6 tunnel.
+ The aiccu package was removed. This is due to SixXS
+ sunsetting its IPv6
+ tunnel.
-
-
+
+
- The fanctl package and fan module
- have been removed due to the developers not upstreaming their iproute2
- patches and lagging with compatibility to recent iproute2 versions.
+ The fanctl package and fan module
+ have been removed due to the developers not upstreaming their iproute2
+ patches and lagging with compatibility to recent iproute2 versions.
-
-
+
+
- Top-level idea package collection was renamed.
- All JetBrains IDEs are now at jetbrains.
+ Top-level idea package collection was renamed. All
+ JetBrains IDEs are now at jetbrains.
-
-
+
+
- flexget's state database cannot be upgraded to its
- new internal format, requiring removal of any existing
- db-config.sqlite which will be automatically recreated.
+ flexget's state database cannot be upgraded to its new
+ internal format, requiring removal of any existing
+ db-config.sqlite which will be automatically recreated.
-
-
+
+
- The ipfs service now doesn't ignore the dataDir option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
+ The ipfs service now doesn't ignore the
+ dataDir option anymore. If you've ever set this option
+ to anything other than the default you'll have to either unset it (so the
+ default gets used) or migrate the old data manually with
dataDir=<valueOfDataDir>
mv /var/lib/ipfs/.ipfs/* $dataDir
rmdir /var/lib/ipfs/.ipfs
-
-
+
+
- The caddy service was previously using an extra
- .caddy directory in the data directory specified
- with the dataDir option. The contents of the
- .caddy directory are now expected to be in the
- dataDir.
+ The caddy service was previously using an extra
+ .caddy directory in the data directory specified with
+ the dataDir option. The contents of the
+ .caddy directory are now expected to be in the
+ dataDir.
-
-
+
+
- The ssh-agent user service is not started by default
- anymore. Use programs.ssh.startAgent to enable it if
- needed. There is also a new programs.gnupg.agent
- module that creates a gpg-agent user service. It can
- also serve as a SSH agent if enableSSHSupport is set.
+ The ssh-agent user service is not started by default
+ anymore. Use programs.ssh.startAgent to enable it if
+ needed. There is also a new programs.gnupg.agent module
+ that creates a gpg-agent user service. It can also
+ serve as a SSH agent if enableSSHSupport is set.
-
-
+
+
- The services.tinc.networks.<name>.listenAddress
- option had a misleading name that did not correspond to its behavior. It
- now correctly defines the ip to listen for incoming connections on. To
- keep the previous behaviour, use
- services.tinc.networks.<name>.bindToAddress
- instead. Refer to the description of the options for more details.
+ The services.tinc.networks.<name>.listenAddress
+ option had a misleading name that did not correspond to its behavior. It
+ now correctly defines the ip to listen for incoming connections on. To
+ keep the previous behaviour, use
+ services.tinc.networks.<name>.bindToAddress
+ instead. Refer to the description of the options for more details.
-
-
+
+
- tlsdate package and module were removed. This is due to the project
- being dead and not building with openssl 1.1.
+ tlsdate package and module were removed. This is due to
+ the project being dead and not building with openssl 1.1.
-
-
+
+
- wvdial package and module were removed. This is due to the project
- being dead and not building with openssl 1.1.
+ wvdial package and module were removed. This is due to
+ the project being dead and not building with openssl 1.1.
-
-
+
+
- cc-wrapper's setup-hook now exports a number of
- environment variables corresponding to binutils binaries,
- (e.g. LD, STRIP, RANLIB,
- etc). This is done to prevent packages' build systems guessing, which is
- harder to predict, especially when cross-compiling. However, some packages
- have broken due to this—their build systems either not supporting, or
- claiming to support without adequate testing, taking such environment
- variables as parameters.
+ cc-wrapper's setup-hook now exports a number of
+ environment variables corresponding to binutils binaries, (e.g.
+ LD, STRIP, RANLIB, etc). This
+ is done to prevent packages' build systems guessing, which is harder to
+ predict, especially when cross-compiling. However, some packages have
+ broken due to this—their build systems either not supporting, or
+ claiming to support without adequate testing, taking such environment
+ variables as parameters.
-
-
+
+
- services.firefox.syncserver now runs by default as a
- non-root user. To accomodate this change, the default sqlite database
- location has also been changed. Migration should work automatically.
- Refer to the description of the options for more details.
+ services.firefox.syncserver now runs by default as a
+ non-root user. To accomodate this change, the default sqlite database
+ location has also been changed. Migration should work automatically. Refer
+ to the description of the options for more details.
-
-
+
+
- The compiz window manager and package was
- removed. The system support had been broken for several years.
+ The compiz window manager and package was removed. The
+ system support had been broken for several years.
-
-
+
+
- Touchpad support should now be enabled through
- libinput as synaptics is
- now deprecated. See the option
- services.xserver.libinput.enable.
+ Touchpad support should now be enabled through libinput
+ as synaptics is now deprecated. See the option
+ services.xserver.libinput.enable.
-
-
+
+
- grsecurity/PaX support has been dropped, following upstream's
- decision to cease free support. See
-
- upstream's announcement for more information.
- No complete replacement for grsecurity/PaX is available presently.
+ grsecurity/PaX support has been dropped, following upstream's decision to
+ cease free support. See
+
+ upstream's announcement for more information. No complete
+ replacement for grsecurity/PaX is available presently.
-
-
+
+
- services.mysql now has declarative
- configuration of databases and users with the ensureDatabases and
- ensureUsers options.
+ services.mysql now has declarative configuration of
+ databases and users with the ensureDatabases and
+ ensureUsers options.
-
- These options will never delete existing databases and users,
- especially not when the value of the options are changed.
+ These options will never delete existing databases and users, especially
+ not when the value of the options are changed.
-
- The MySQL users will be identified using
-
- Unix socket authentication. This authenticates the
- Unix user with the same name only, and that without the need
- for a password.
+ The MySQL users will be identified using
+
+ Unix socket authentication. This authenticates the Unix user with
+ the same name only, and that without the need for a password.
-
- If you have previously created a MySQL root
- user with a password, you will need to add
- root user for unix socket authentication
- before using the new options. This can be done by running the
- following SQL script:
-
+ If you have previously created a MySQL root user
+ with a password, you will need to add
+ root user for unix socket authentication before using
+ the new options. This can be done by running the following SQL script:
CREATE USER 'root'@'%' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
@@ -418,194 +717,183 @@ FLUSH PRIVILEGES;
-- DROP USER 'root'@'localhost';
-
-
-
+
+
- services.mysqlBackup now works by default
- without any user setup, including for users other than
- mysql.
+ services.mysqlBackup now works by default without any
+ user setup, including for users other than mysql.
-
- By default, the mysql user is no longer the
- user which performs the backup. Instead a system account
- mysqlbackup is used.
+ By default, the mysql user is no longer the user which
+ performs the backup. Instead a system account
+ mysqlbackup is used.
-
- The mysqlBackup service is also now using
- systemd timers instead of cron.
+ The mysqlBackup service is also now using systemd
+ timers instead of cron.
-
- Therefore, the services.mysqlBackup.period
- option no longer exists, and has been replaced with
- services.mysqlBackup.calendar, which is in
- the format of services.mysqlBackup.period option no
+ longer exists, and has been replaced with
+ services.mysqlBackup.calendar, which is in the format
+ of
+ systemd.time(7).
-
- If you expect to be sent an e-mail when the backup fails,
- consider using a script which monitors the systemd journal for
- errors. Regretfully, at present there is no built-in
- functionality for this.
+ If you expect to be sent an e-mail when the backup fails, consider using a
+ script which monitors the systemd journal for errors. Regretfully, at
+ present there is no built-in functionality for this.
-
- You can check that backups still work by running
- systemctl start mysql-backup then
- systemctl status mysql-backup.
+ You can check that backups still work by running systemctl start
+ mysql-backup then systemctl status
+ mysql-backup.
-
-
-
+
+
- Templated systemd services e.g container@name are
- now handled currectly when switching to a new configuration, resulting
- in them being reloaded.
+ Templated systemd services e.g container@name are now
+ handled currectly when switching to a new configuration, resulting in them
+ being reloaded.
-
-
-
- Steam: the newStdcpp parameter
- was removed and should not be needed anymore.
-
-
-
+
+
- Redis has been updated to version 4 which mandates a cluster
- mass-restart, due to changes in the network handling, in order
- to ensure compatibility with networks NATing traffic.
+ Steam: the newStdcpp parameter was removed and should
+ not be needed anymore.
-
-
+
+
+
+ Redis has been updated to version 4 which mandates a cluster mass-restart,
+ due to changes in the network handling, in order to ensure compatibility
+ with networks NATing traffic.
+
+
+
+
-
-
+ Other Notable Changes
-Other Notable Changes
-
-
-
-
+
+
- Modules can now be disabled by using
- disabledModules, allowing another to take it's place. This can be
- used to import a set of modules from another channel while keeping the
- rest of the system on a stable release.
+ disabledModules, allowing another to take it's place. This can be
+ used to import a set of modules from another channel while keeping the
+ rest of the system on a stable release.
-
-
+
+
- Updated to FreeType 2.7.1, including a new TrueType engine.
- The new engine replaces the Infinality engine which was the default in
- NixOS. The default font rendering settings are now provided by
- fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults
- are less invasive and provide rendering that is more consistent with
- other systems and hopefully with each font designer's intent. Some
- system-wide configuration has been removed from the Fontconfig NixOS
- module where user Fontconfig settings are available.
+ Updated to FreeType 2.7.1, including a new TrueType engine. The new engine
+ replaces the Infinality engine which was the default in NixOS. The default
+ font rendering settings are now provided by fontconfig-penultimate,
+ replacing fontconfig-ultimate; the new defaults are less invasive and
+ provide rendering that is more consistent with other systems and hopefully
+ with each font designer's intent. Some system-wide configuration has been
+ removed from the Fontconfig NixOS module where user Fontconfig settings
+ are available.
-
-
+
+
- ZFS/SPL have been updated to 0.7.0, zfsUnstable, splUnstable
- have therefore been removed.
+ ZFS/SPL have been updated to 0.7.0, zfsUnstable,
+ splUnstable have therefore been removed.
-
-
+
+
- The option now allows the value
- null in addition to timezone strings. This value
- allows changing the timezone of a system imperatively using
- timedatectl set-timezone. The default timezone
- is still UTC.
+ The option now allows the value
+ null in addition to timezone strings. This value allows
+ changing the timezone of a system imperatively using timedatectl
+ set-timezone. The default timezone is still UTC.
-
-
+
+
- Nixpkgs overlays may now be specified with a file as well as a directory. The
- value of <nixpkgs-overlays> may be a file, and
- ~/.config/nixpkgs/overlays.nix can be used instead of the
- ~/.config/nixpkgs/overlays directory.
+ Nixpkgs overlays may now be specified with a file as well as a directory.
+ The value of <nixpkgs-overlays> may be a file, and
+ ~/.config/nixpkgs/overlays.nix can be used instead of
+ the ~/.config/nixpkgs/overlays directory.
- See the overlays chapter of the Nixpkgs manual for more details.
+ See the overlays chapter of the Nixpkgs manual for more details.
-
-
+
+
- Definitions for /etc/hosts can now be specified
- declaratively with networking.hosts.
+ Definitions for /etc/hosts can now be specified
+ declaratively with networking.hosts.
-
-
+
+
- Two new options have been added to the installer loader, in addition
- to the default having changed. The kernel log verbosity has been lowered
- to the upstream default for the default options, in order to not spam
- the console when e.g. joining a network.
+ Two new options have been added to the installer loader, in addition to
+ the default having changed. The kernel log verbosity has been lowered to
+ the upstream default for the default options, in order to not spam the
+ console when e.g. joining a network.
- This therefore leads to adding a new debug option
- to set the log level to the previous verbose mode, to make debugging
- easier, but still accessible easily.
+ This therefore leads to adding a new debug option to
+ set the log level to the previous verbose mode, to make debugging easier,
+ but still accessible easily.
- Additionally a copytoram option has been added,
- which makes it possible to remove the install medium after booting.
- This allows tethering from your phone after booting from it.
+ Additionally a copytoram option has been added, which
+ makes it possible to remove the install medium after booting. This allows
+ tethering from your phone after booting from it.
-
-
+
+
- services.gitlab-runner.configOptions has been added
- to specify the configuration of gitlab-runners declaratively.
+ services.gitlab-runner.configOptions has been added to
+ specify the configuration of gitlab-runners declaratively.
-
-
+
+
- services.jenkins.plugins has been added
- to install plugins easily, this can be generated with jenkinsPlugins2nix.
+ services.jenkins.plugins has been added to install
+ plugins easily, this can be generated with jenkinsPlugins2nix.
-
-
+
+
- services.postfix.config has been added
- to specify the main.cf with NixOS options. Additionally other options
- have been added to the postfix module and has been improved further.
+ services.postfix.config has been added to specify the
+ main.cf with NixOS options. Additionally other options have been added to
+ the postfix module and has been improved further.
-
-
+
+
- The GitLab package and module have been updated to the latest 10.0
- release.
+ The GitLab package and module have been updated to the latest 10.0
+ release.
-
-
+
+
- The systemd-boot boot loader now lists the NixOS
- version, kernel version and build date of all bootable generations.
+ The systemd-boot boot loader now lists the NixOS
+ version, kernel version and build date of all bootable generations.
-
-
+
+
- The dnscrypt-proxy service now defaults to using a random upstream resolver,
- selected from the list of public non-logging resolvers with DNSSEC support.
- Existing configurations can be migrated to this mode of operation by
- omitting the option
- or setting it to "random".
+ The dnscrypt-proxy service now defaults to using a random upstream
+ resolver, selected from the list of public non-logging resolvers with
+ DNSSEC support. Existing configurations can be migrated to this mode of
+ operation by omitting the
+ option or setting it
+ to "random".
-
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index 9221c2951ed25b5739159694ef75164901371fc8..c14679eea0719f0860acf5d230174034ea5e213d 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -3,532 +3,822 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.03">
+ Release 18.03 (“Impala”, 2018/04/04)
-Release 18.03 (“Impala”, 2018/04/04)
-
-
+ Highlights
-Highlights
-
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
-
+
+
- End of support is planned for end of October 2018, handing over to 18.09.
+ End of support is planned for end of October 2018, handing over to 18.09.
-
-
-
+
+
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn't NixOS, really).
- Binaries for aarch64-linux are available, but no channel exists yet, as it's waiting for some test fixes, etc.
+ Platform support: x86_64-linux and x86_64-darwin since release time (the
+ latter isn't NixOS, really). Binaries for aarch64-linux are available, but
+ no channel exists yet, as it's waiting for some test fixes, etc.
-
-
-
+
+
- Nix now defaults to 2.0; see its
- release notes.
+ Nix now defaults to 2.0; see its
+ release
+ notes.
-
-
-
+
+
- Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237.
+ Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 ->
+ 7, systemd: 234 -> 237.
-
-
-
+
+
- Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12.
+ Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10
+ -> 5.12.
-
-
-
-
- MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes
- have been made to the infrastructure involved:
-
-
-
- libmysql has been deprecated, please use mysql.connector-c
- instead, a compatibility passthru has been added to the MySQL packages.
-
-
-
-
- The mysql57 package has a new static output containing
- the static libraries including libmysqld.a
-
-
-
-
-
-
-
- PHP now defaults to PHP 7.2, updated from 7.1.
-
-
+
+
+
+ MariaDB 10.2, updated from 10.1, is now the default MySQL implementation.
+ While upgrading a few changes have been made to the infrastructure
+ involved:
+
+
+
+ libmysql has been deprecated, please use
+ mysql.connector-c instead, a compatibility passthru
+ has been added to the MySQL packages.
+
+
+
+
+ The mysql57 package has a new
+ static output containing the static libraries
+ including libmysqld.a
+
+
+
+
+
+
+
+ PHP now defaults to PHP 7.2, updated from 7.1.
+
+
+
+
-
-
+ New Services
-New Services
-
-The following new services were added since the last release:
+
+ The following new services were added since the last release:
+
-
- ./config/krb5/default.nix
- ./hardware/digitalbitbox.nix
- ./misc/label.nix
- ./programs/ccache.nix
- ./programs/criu.nix
- ./programs/digitalbitbox/default.nix
- ./programs/less.nix
- ./programs/npm.nix
- ./programs/plotinus.nix
- ./programs/rootston.nix
- ./programs/systemtap.nix
- ./programs/sway.nix
- ./programs/udevil.nix
- ./programs/way-cooler.nix
- ./programs/yabar.nix
- ./programs/zsh/zsh-autoenv.nix
- ./services/backup/borgbackup.nix
- ./services/backup/crashplan-small-business.nix
- ./services/desktops/dleyna-renderer.nix
- ./services/desktops/dleyna-server.nix
- ./services/desktops/pipewire.nix
- ./services/desktops/gnome3/chrome-gnome-shell.nix
- ./services/desktops/gnome3/tracker-miners.nix
- ./services/hardware/fwupd.nix
- ./services/hardware/interception-tools.nix
- ./services/hardware/u2f.nix
- ./services/hardware/usbmuxd.nix
- ./services/mail/clamsmtp.nix
- ./services/mail/dkimproxy-out.nix
- ./services/mail/pfix-srsd.nix
- ./services/misc/gitea.nix
- ./services/misc/home-assistant.nix
- ./services/misc/ihaskell.nix
- ./services/misc/logkeys.nix
- ./services/misc/novacomd.nix
- ./services/misc/osrm.nix
- ./services/misc/plexpy.nix
- ./services/misc/pykms.nix
- ./services/misc/tzupdate.nix
- ./services/monitoring/fusion-inventory.nix
- ./services/monitoring/prometheus/exporters.nix
- ./services/network-filesystems/beegfs.nix
- ./services/network-filesystems/davfs2.nix
- ./services/network-filesystems/openafs/client.nix
- ./services/network-filesystems/openafs/server.nix
- ./services/network-filesystems/ceph.nix
- ./services/networking/aria2.nix
- ./services/networking/monero.nix
- ./services/networking/nghttpx/default.nix
- ./services/networking/nixops-dns.nix
- ./services/networking/rxe.nix
- ./services/networking/stunnel.nix
- ./services/web-apps/matomo.nix
- ./services/web-apps/restya-board.nix
- ./services/web-servers/mighttpd2.nix
- ./services/x11/fractalart.nix
- ./system/boot/binfmt.nix
- ./system/boot/grow-partition.nix
- ./tasks/filesystems/ecryptfs.nix
- ./virtualisation/hyperv-guest.nix
-
+
+
+
+ ./config/krb5/default.nix
+
+
+
+
+ ./hardware/digitalbitbox.nix
+
+
+
+
+ ./misc/label.nix
+
+
+
+
+ ./programs/ccache.nix
+
+
+
+
+ ./programs/criu.nix
+
+
+
+
+ ./programs/digitalbitbox/default.nix
+
+
+
+
+ ./programs/less.nix
+
+
+
+
+ ./programs/npm.nix
+
+
+
+
+ ./programs/plotinus.nix
+
+
+
+
+ ./programs/rootston.nix
+
+
+
+
+ ./programs/systemtap.nix
+
+
+
+
+ ./programs/sway.nix
+
+
+
+
+ ./programs/udevil.nix
+
+
+
+
+ ./programs/way-cooler.nix
+
+
+
+
+ ./programs/yabar.nix
+
+
+
+
+ ./programs/zsh/zsh-autoenv.nix
+
+
+
+
+ ./services/backup/borgbackup.nix
+
+
+
+
+ ./services/backup/crashplan-small-business.nix
+
+
+
+
+ ./services/desktops/dleyna-renderer.nix
+
+
+
+
+ ./services/desktops/dleyna-server.nix
+
+
+
+
+ ./services/desktops/pipewire.nix
+
+
+
+
+ ./services/desktops/gnome3/chrome-gnome-shell.nix
+
+
+
+
+ ./services/desktops/gnome3/tracker-miners.nix
+
+
+
+
+ ./services/hardware/fwupd.nix
+
+
+
+
+ ./services/hardware/interception-tools.nix
+
+
+
+
+ ./services/hardware/u2f.nix
+
+
+
+
+ ./services/hardware/usbmuxd.nix
+
+
+
+
+ ./services/mail/clamsmtp.nix
+
+
+
+
+ ./services/mail/dkimproxy-out.nix
+
+
+
+
+ ./services/mail/pfix-srsd.nix
+
+
+
+
+ ./services/misc/gitea.nix
+
+
+
+
+ ./services/misc/home-assistant.nix
+
+
+
+
+ ./services/misc/ihaskell.nix
+
+
+
+
+ ./services/misc/logkeys.nix
+
+
+
+
+ ./services/misc/novacomd.nix
+
+
+
+
+ ./services/misc/osrm.nix
+
+
+
+
+ ./services/misc/plexpy.nix
+
+
+
+
+ ./services/misc/pykms.nix
+
+
+
+
+ ./services/misc/tzupdate.nix
+
+
+
+
+ ./services/monitoring/fusion-inventory.nix
+
+
+
+
+ ./services/monitoring/prometheus/exporters.nix
+
+
+
+
+ ./services/network-filesystems/beegfs.nix
+
+
+
+
+ ./services/network-filesystems/davfs2.nix
+
+
+
+
+ ./services/network-filesystems/openafs/client.nix
+
+
+
+
+ ./services/network-filesystems/openafs/server.nix
+
+
+
+
+ ./services/network-filesystems/ceph.nix
+
+
+
+
+ ./services/networking/aria2.nix
+
+
+
+
+ ./services/networking/monero.nix
+
+
+
+
+ ./services/networking/nghttpx/default.nix
+
+
+
+
+ ./services/networking/nixops-dns.nix
+
+
+
+
+ ./services/networking/rxe.nix
+
+
+
+
+ ./services/networking/stunnel.nix
+
+
+
+
+ ./services/web-apps/matomo.nix
+
+
+
+
+ ./services/web-apps/restya-board.nix
+
+
+
+
+ ./services/web-servers/mighttpd2.nix
+
+
+
+
+ ./services/x11/fractalart.nix
+
+
+
+
+ ./system/boot/binfmt.nix
+
+
+
+
+ ./system/boot/grow-partition.nix
+
+
+
+
+ ./tasks/filesystems/ecryptfs.nix
+
+
+
+
+ ./virtualisation/hyperv-guest.nix
+
+
+
+
-
-
+ Backward Incompatibilities
-Backward Incompatibilities
-
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
-
- sound.enable now defaults to false.
-
-
-
-
- Dollar signs in options under are
- passed verbatim to Postfix, which will interpret them as the beginning of
- a parameter expression. This was already true for string-valued options
- in the previous release, but not for list-valued options. If you need to
- pass literal dollar signs through Postfix, double them.
-
-
-
-
- The postage package (for web-based PostgreSQL
- administration) has been renamed to pgmanage. The
- corresponding module has also been renamed. To migrate please rename all
- options to
- .
-
-
-
-
- Package attributes starting with a digit have been prefixed with an
- underscore sign. This is to avoid quoting in the configuration and
- other issues with command-line tools like nix-env.
- The change affects the following packages:
-
-
- 2048-in-terminal → _2048-in-terminal
-
-
- 90secondportraits → _90secondportraits
-
-
- 2bwm → _2bwm
-
-
- 389-ds-base → _389-ds-base
-
-
-
-
-
-
-
- The OpenSSH service no longer enables support for DSA keys by default,
- which could cause a system lock out. Update your keys or, unfavorably,
- re-enable DSA support manually.
-
-
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
+
+
- DSA support was
- deprecated in OpenSSH 7.0,
- due to it being too weak. To re-enable support, add
- PubkeyAcceptedKeyTypes +ssh-dss to the end of your
- .
+ sound.enable now defaults to false.
-
+
+
- After updating the keys to be stronger, anyone still on a pre-17.03
- version is safe to jump to 17.03, as vetted
- here.
+ Dollar signs in options under are passed
+ verbatim to Postfix, which will interpret them as the beginning of a
+ parameter expression. This was already true for string-valued options in
+ the previous release, but not for list-valued options. If you need to pass
+ literal dollar signs through Postfix, double them.
-
-
+
+
- The openssh package
- now includes Kerberos support by default;
- the openssh_with_kerberos package
- is now a deprecated alias.
- If you do not want Kerberos support,
- you can do openssh.override { withKerberos = false; }.
- Note, this also applies to the openssh_hpn package.
+ The postage package (for web-based PostgreSQL
+ administration) has been renamed to pgmanage. The
+ corresponding module has also been renamed. To migrate please rename all
+ options to
+ .
-
-
+
+
- cc-wrapper has been split in two; there is now also a bintools-wrapper.
- The most commonly used files in nix-support are now split between the two wrappers.
- Some commonly used ones, like nix-support/dynamic-linker, are duplicated for backwards compatability, even though they rightly belong only in bintools-wrapper.
- Other more obscure ones are just moved.
+ Package attributes starting with a digit have been prefixed with an
+ underscore sign. This is to avoid quoting in the configuration and other
+ issues with command-line tools like nix-env. The change
+ affects the following packages:
+
+
+
+ 2048-in-terminal →
+ _2048-in-terminal
+
+
+
+
+ 90secondportraits →
+ _90secondportraits
+
+
+
+
+ 2bwm → _2bwm
+
+
+
+
+ 389-ds-base → _389-ds-base
+
+
+
+
+
+
+
+ The OpenSSH service no longer enables support for
+ DSA keys by default, which could cause a system lock out. Update your keys
+ or, unfavorably, re-enable DSA support manually.
+
+
+ DSA support was
+ deprecated in
+ OpenSSH 7.0, due to it being too weak. To re-enable support, add
+ PubkeyAcceptedKeyTypes +ssh-dss to the end of your
+ .
+
+
+ After updating the keys to be stronger, anyone still on a pre-17.03
+ version is safe to jump to 17.03, as vetted
+ here.
+
+
+
+
+ The openssh package now includes Kerberos support by
+ default; the openssh_with_kerberos package is now a
+ deprecated alias. If you do not want Kerberos support, you can do
+ openssh.override { withKerberos = false; }. Note, this
+ also applies to the openssh_hpn package.
+
+
+
+
+ cc-wrapper has been split in two; there is now also a
+ bintools-wrapper. The most commonly used files in
+ nix-support are now split between the two wrappers.
+ Some commonly used ones, like
+ nix-support/dynamic-linker, are duplicated for
+ backwards compatability, even though they rightly belong only in
+ bintools-wrapper. Other more obscure ones are just
+ moved.
+
+
+
+
+ The propagation logic has been changed. The new logic, along with new
+ types of dependencies that go with, is thoroughly documented in the
+ "Specifying dependencies" section of the "Standard Environment" chapter of
+ the nixpkgs manual.
+
+ The old logic isn't but is easy to describe: dependencies were propagated
+ as the same type of dependency no matter what. In practice, that means
+ that many propagatedNativeBuildInputs should instead
+ be propagatedBuildInputs. Thankfully, that was and is
+ the least used type of dependency. Also, it means that some
+ propagatedBuildInputs should instead be
+ depsTargetTargetPropagated. Other types dependencies
+ should be unaffected.
+
+
+
+
+ lib.addPassthru drv passthru is removed. Use
+ lib.extendDerivation true passthru drv instead.
+
+
+
+
+ The memcached service no longer accept dynamic socket
+ paths via . Unix sockets can be
+ still enabled by and
+ will be accessible at /run/memcached/memcached.sock.
+
+
+
+
+ The hardware.amdHybridGraphics.disable option was
+ removed for lack of a maintainer. If you still need this module, you may
+ wish to include a copy of it from an older version of nixos in your
+ imports.
+
+
+
+
+ The merging of config options for
+ services.postfix.config was buggy. Previously, if other
+ options in the Postfix module like
+ services.postfix.useSrs were set and the user set
+ config options that were also set by such options, the resulting config
+ wouldn't include all options that were needed. They are now merged
+ correctly. If config options need to be overridden,
+ lib.mkForce or lib.mkOverride can be
+ used.
+
+
+
+
+ The following changes apply if the stateVersion is
+ changed to 18.03 or higher. For stateVersion = "17.09"
+ or lower the old behavior is preserved.
-
-
+
+
+
+ matrix-synapse uses postgresql by default instead of
+ sqlite. Migration instructions can be found
+
+ here .
+
+
+
+
+
- The propagation logic has been changed.
- The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual.
-
- The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what.
- In practice, that means that many propagatedNativeBuildInputs should instead be propagatedBuildInputs.
- Thankfully, that was and is the least used type of dependency.
- Also, it means that some propagatedBuildInputs should instead be depsTargetTargetPropagated.
- Other types dependencies should be unaffected.
+ The jid package has been removed, due to maintenance
+ overhead of a go package having non-versioned dependencies.
-
-
+
+
- lib.addPassthru drv passthru is removed. Use lib.extendDerivation true passthru drv instead.
+ When using (enabled by default
+ in GNOME), it now handles all input devices, not just touchpads. As a
+ result, you might need to re-evaluate any custom Xorg configuration. In
+ particular, Option "XkbRules" "base" may result in
+ broken keyboard layout.
-
-
+
+
- The memcached service no longer accept dynamic socket
- paths via . Unix sockets can be
- still enabled by and
- will be accessible at /run/memcached/memcached.sock.
+ The attic package was removed. A maintained fork called
+ Borg should be used
+ instead. Migration instructions can be found
+ here.
-
-
+
+
- The hardware.amdHybridGraphics.disable option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
+ The Piwik analytics software was renamed to Matomo:
+
+
+
+ The package pkgs.piwik was renamed to
+ pkgs.matomo.
+
+
+
+
+ The service services.piwik was renamed to
+ services.matomo.
+
+
+
+
+ The data directory /var/lib/piwik was renamed to
+ /var/lib/matomo. All files will be moved
+ automatically on first startup, but you might need to adjust your
+ backup scripts.
+
+
+
+
+ The default for the nginx configuration
+ changed from piwik.${config.networking.hostName} to
+ matomo.${config.networking.hostName}.${config.networking.domain}
+ if is set,
+ matomo.${config.networking.hostName} if it is not
+ set. If you change your , remember you'll
+ need to update the trustedHosts[] array in
+ /var/lib/matomo/config/config.ini.php as well.
+
+
+
+
+ The piwik user was renamed to
+ matomo. The service will adjust ownership
+ automatically for files in the data directory. If you use unix socket
+ authentication, remember to give the new matomo user
+ access to the database and to change the username to
+ matomo in the [database] section
+ of /var/lib/matomo/config/config.ini.php.
+
+
+
+
+ If you named your database `piwik`, you might want to rename it to
+ `matomo` to keep things clean, but this is neither enforced nor
+ required.
+
+
+
-
-
+
+
- The merging of config options for services.postfix.config
- was buggy. Previously, if other options in the Postfix module like
- services.postfix.useSrs were set and the user set config
- options that were also set by such options, the resulting config wouldn't
- include all options that were needed. They are now merged correctly. If
- config options need to be overridden, lib.mkForce or
- lib.mkOverride can be used.
+ nodejs-4_x is end-of-life.
+ nodejs-4_x, nodejs-slim-4_x and
+ nodePackages_4_x are removed.
-
-
+
+
- The following changes apply if the stateVersion is changed to 18.03 or higher.
- For stateVersion = "17.09" or lower the old behavior is preserved.
+ The pump.io NixOS module was removed. It is now
+ maintained as an
+ external
+ module.
-
+
+
+
+ The Prosody XMPP server has received a major update. The following modules
+ were renamed:
+
-
- matrix-synapse uses postgresql by default instead of sqlite.
- Migration instructions can be found here .
-
+
+ is now
+
+
-
-
-
-
- The jid package has been removed, due to maintenance
- overhead of a go package having non-versioned dependencies.
-
-
-
-
- When using (enabled by default in GNOME),
- it now handles all input devices, not just touchpads. As a result, you might need to
- re-evaluate any custom Xorg configuration. In particular,
- Option "XkbRules" "base" may result in broken keyboard layout.
-
-
-
-
- The attic package was removed. A maintained fork called
- Borg should be used instead.
- Migration instructions can be found
- here.
-
-
-
-
- The Piwik analytics software was renamed to Matomo:
-
-
- The package pkgs.piwik was renamed to pkgs.matomo.
-
-
- The service services.piwik was renamed to services.matomo.
-
-
-
- The data directory /var/lib/piwik was renamed to /var/lib/matomo.
- All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
-
-
-
-
- The default for the nginx configuration changed from
- piwik.${config.networking.hostName} to
- matomo.${config.networking.hostName}.${config.networking.domain}
- if is set,
- matomo.${config.networking.hostName} if it is not set.
- If you change your , remember you'll need to update the
- trustedHosts[] array in /var/lib/matomo/config/config.ini.php
- as well.
-
-
-
-
- The piwik user was renamed to matomo.
- The service will adjust ownership automatically for files in the data directory.
- If you use unix socket authentication, remember to give the new matomo user
- access to the database and to change the username to matomo
- in the [database] section of /var/lib/matomo/config/config.ini.php.
-
-
-
-
- If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
- but this is neither enforced nor required.
-
-
-
-
-
-
-
- nodejs-4_x is end-of-life.
- nodejs-4_x, nodejs-slim-4_x and nodePackages_4_x are removed.
-
-
-
-
- The pump.io NixOS module was removed.
- It is now maintained as an
- external module.
-
-
-
-
- The Prosody XMPP server has received a major update. The following modules were renamed:
-
-
-
- is now
-
-
-
-
- is now
-
-
-
+
+
+ is now
+
+
+
+
-
- Many new modules are now core modules, most notably
- and .
+ Many new modules are now core modules, most notably
+ and
+ .
-
- The better-performing libevent backend is now enabled by default.
+ The better-performing libevent backend is now enabled
+ by default.
-
- withCommunityModules now passes through the modules to .
- Use withOnlyInstalledCommunityModules for modules that should not be enabled directly, e.g lib_ldap.
+ withCommunityModules now passes through the modules to
+ . Use
+ withOnlyInstalledCommunityModules for modules that
+ should not be enabled directly, e.g lib_ldap.
-
-
+
+
- All prometheus exporter modules are now defined as submodules.
- The exporters are configured using services.prometheus.exporters.
+ All prometheus exporter modules are now defined as submodules. The
+ exporters are configured using
+ services.prometheus.exporters.
-
-
+
+
+
-
-
+ Other Notable Changes
-Other Notable Changes
-
-
-
-
- ZNC option now defaults to
- true. That means that old configuration is not
- overwritten by default when update to the znc options are made.
-
-
-
-
- The option
- has been added for wireless networks with WPA-Enterprise authentication.
- There is also a new option to directly
- configure wpa_supplicant and
- to connect to hidden networks.
-
-
-
-
- In the module the
- following options have been removed:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- To assign static addresses to an interface the options
- and
- should be used instead.
- The options and have been
- renamed to
- respectively.
- The new options and
- have been added to set up static routing.
-
-
-
-
- The option is now 127.0.0.1 by default.
- Previously the default behaviour was to listen on all interfaces.
-
-
-
-
- services.btrfs.autoScrub has been added, to
- periodically check btrfs filesystems for data corruption.
- If there's a correct copy available, it will automatically repair
- corrupted blocks.
-
-
-
-
- displayManager.lightdm.greeters.gtk.clock-format.
- has been added, the clock format string (as expected by
- strftime, e.g. %H:%M) to use with the lightdm
- gtk greeter panel.
-
-
- If set to null the default clock format is used.
-
-
-
-
- displayManager.lightdm.greeters.gtk.indicators
- has been added, a list of allowed indicator modules to use with
- the lightdm gtk greeter panel.
-
-
- Built-in indicators include ~a11y,
- ~language, ~session,
- ~power, ~clock,
- ~host, ~spacer. Unity
- indicators can be represented by short name
- (e.g. sound, power),
- service file name, or absolute path.
-
-
- If set to null the default indicators are
- used.
-
-
- In order to have the previous default configuration add
+
+
+
+ ZNC option now defaults to
+ true. That means that old configuration is not
+ overwritten by default when update to the znc options are made.
+
+
+
+
+ The option
+ has been added for wireless networks with WPA-Enterprise authentication.
+ There is also a new option to directly
+ configure wpa_supplicant and to
+ connect to hidden networks.
+
+
+
+
+ In the module the
+ following options have been removed:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ To assign static addresses to an interface the options
+ and should
+ be used instead. The options and
+ have been renamed to
+ respectively. The new options
+ and have been
+ added to set up static routing.
+
+
+
+
+ The option is now
+ 127.0.0.1 by default. Previously the default behaviour
+ was to listen on all interfaces.
+
+
+
+
+ services.btrfs.autoScrub has been added, to
+ periodically check btrfs filesystems for data corruption. If there's a
+ correct copy available, it will automatically repair corrupted blocks.
+
+
+
+
+ displayManager.lightdm.greeters.gtk.clock-format. has
+ been added, the clock format string (as expected by strftime, e.g.
+ %H:%M) to use with the lightdm gtk greeter panel.
+
+
+ If set to null the default clock format is used.
+
+
+
+
+ displayManager.lightdm.greeters.gtk.indicators has been
+ added, a list of allowed indicator modules to use with the lightdm gtk
+ greeter panel.
+
+
+ Built-in indicators include ~a11y,
+ ~language, ~session,
+ ~power, ~clock,
+ ~host, ~spacer. Unity indicators can
+ be represented by short name (e.g. sound,
+ power), service file name, or absolute path.
+
+
+ If set to null the default indicators are used.
+
+
+ In order to have the previous default configuration add
services.xserver.displayManager.lightdm.greeters.gtk.indicators = [
"~host" "~spacer"
@@ -539,24 +829,27 @@ following incompatible changes:
"~power"
];
- to your configuration.nix.
+ to your configuration.nix.
-
-
+
+
- The NixOS test driver supports user services declared by systemd.user.services.
- The methods waitForUnit, getUnitInfo, startJob
- and stopJob provide an optional $user argument for that purpose.
+ The NixOS test driver supports user services declared by
+ systemd.user.services. The methods
+ waitForUnit, getUnitInfo,
+ startJob and stopJob provide an
+ optional $user argument for that purpose.
-
-
+
+
- Enabling bash completion on NixOS, programs.bash.enableCompletion, will now also enable
- completion for the Nix command line tools by installing the
- nix-bash-completions package.
+ Enabling bash completion on NixOS,
+ programs.bash.enableCompletion, will now also enable
+ completion for the Nix command line tools by installing the
+ nix-bash-completions
+ package.
-
-
-
-
+
+
+
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index 2e53f0563baf9aaf8ab479c798422c1d5c05ad71..01b5e9d77460dcd84d14f433243b4bb27776c2d3 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -3,128 +3,236 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-18.09">
+ Release 18.09 (“Jellyfish”, 2018/09/??)
-Release 18.09 (“Jellyfish”, 2018/09/??)
-
-
+ Highlights
-Highlights
+
+ In addition to numerous new and upgraded packages, this release has the
+ following highlights:
+
-In addition to numerous new and upgraded packages, this release
-has the following highlights:
-
-
-
+
+
- TODO
+ User channels are now in the default NIX_PATH, allowing
+ users to use their personal nix-channel defined
+ channels in nix-build and nix-shell
+ commands, as well as in imports like import
+ <mychannel>.
-
-
-
-
-
-
+ For example
+
+
+$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgsunstable
+$ nix-channel --update
+$ nix-build '<nixpkgsunstable>' -A gitFull
+$ nix run -f '<nixpkgsunstable>' gitFull
+$ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
+
+
+
+
+
+
+ New Services
-New Services
-
-The following new services were added since the last release:
+
+ The following new services were added since the last release:
+
-
-
+
+
-
-
+
+
+
-
-
+ Backward Incompatibilities
-Backward Incompatibilities
+
+ When upgrading from a previous release, please be aware of the following
+ incompatible changes:
+
-When upgrading from a previous release, please be aware of the
-following incompatible changes:
-
-
-
+
+
+
+ lib.strict is removed. Use
+ builtins.seq instead.
+
+
+
- lib.strict is removed. Use builtins.seq instead.
+ The clementine package points now to the free
+ derivation. clementineFree is removed now and
+ clementineUnfree points to the package which is bundled
+ with the unfree libspotify package.
-
-
+
+
- The clementine package points now to the free derivation.
- clementineFree is removed now and clementineUnfree
- points to the package which is bundled with the unfree libspotify package.
+ The netcat package is now taken directly from OpenBSD's
+ libressl, instead of relying on Debian's fork. The new
+ version should be very close to the old version, but there are some minor
+ differences. Importantly, flags like -b, -q, -C, and -Z are no longer
+ accepted by the nc command.
-
-
+
+
+
+ The services.docker-registry.extraConfig object doesn't contain
+ environment variables anymore. Instead it needs to provide an object structure
+ that can be mapped onto the YAML configuration defined in the docker/distribution docs.
+
+
+
+
+ googleearth has been removed from Nixpkgs. Google does not provide
+ a stable URL for Nixpkgs to use to package this proprietary software.
+
+
+
+
-
-
+ Other Notable Changes
-Other Notable Changes
-
-
-
+
+
+
+ dockerTools.pullImage relies on image digest
+ instead of image tag to download the image. The
+ sha256 of a pulled image has to be updated.
+
+
+
- lib.attrNamesToStr has been deprecated. Use
- more specific concatenation (lib.concat(Map)StringsSep)
- instead.
+ lib.attrNamesToStr has been deprecated. Use more
+ specific concatenation (lib.concat(Map)StringsSep)
+ instead.
-
-
+
+
- lib.addErrorContextToAttrs has been deprecated. Use
- builtins.addErrorContext directly.
+ lib.addErrorContextToAttrs has been deprecated. Use
+ builtins.addErrorContext directly.
-
-
+
+
- lib.showVal has been deprecated. Use
- lib.traceSeqN instead.
+ lib.showVal has been deprecated. Use
+ lib.traceSeqN instead.
-
-
+
+
- lib.traceXMLVal has been deprecated. Use
- lib.traceValFn builtins.toXml instead.
+ lib.traceXMLVal has been deprecated. Use
+ lib.traceValFn builtins.toXml instead.
-
-
+
+
- lib.traceXMLValMarked has been deprecated. Use
- lib.traceValFn (x: str + builtins.toXML x) instead.
+ lib.traceXMLValMarked has been deprecated. Use
+ lib.traceValFn (x: str + builtins.toXML x) instead.
-
-
+
+
- lib.traceValIfNot has been deprecated. Use
- if/then/else and lib.traceValSeq
- instead.
+ lib.traceValIfNot has been deprecated. Use
+ if/then/else and lib.traceValSeq
+ instead.
-
-
+
+
- lib.traceCallXml has been deprecated. Please complain
- if you use the function regularly.
+ lib.traceCallXml has been deprecated. Please complain
+ if you use the function regularly.
+
+
+ The attribute lib.nixpkgsVersion has been deprecated in
+ favor of lib.version. Please refer to the discussion in
+ NixOS/nixpkgs#39416
+ for further reference.
+
+
+
+
+ The module for has two new options now:
-
-
-
+
+
+
+
+ Puts the generated Diffie-Hellman parameters into the Nix store instead
+ of managing them in a stateful manner in
+ /var/lib/dhparams.
+
+
+
+
+
+ The default bit size to use for the generated Diffie-Hellman parameters.
+
+
+
+
+
+ The path to the actual generated parameter files should now be queried
+ using
+ config.security.dhparams.params.name.path
+ because it might be either in the Nix store or in a directory configured
+ by .
+
+
+
+ For developers:
+
+ Module implementers should not set a specific bit size in order to let
+ users configure it by themselves if they want to have a different bit
+ size than the default (2048).
+
+
+ An example usage of this would be:
+
+{ config, ... }:
+
+{
+ security.dhparams.params.myservice = {};
+ environment.etc."myservice.conf".text = ''
+ dhparams = ${config.security.dhparams.params.myservice.path}
+ '';
+}
+
+
+
+
+
+
+ networking.networkmanager.useDnsmasq has been deprecated. Use
+ networking.networkmanager.dns instead.
+
+
+
+
diff --git a/nixos/doc/manual/shell.nix b/nixos/doc/manual/shell.nix
new file mode 100644
index 0000000000000000000000000000000000000000..7f8422b4ec11fdcb76ce8b48ef740ddc0b3581e6
--- /dev/null
+++ b/nixos/doc/manual/shell.nix
@@ -0,0 +1,8 @@
+let
+ pkgs = import ../../.. { };
+in
+pkgs.mkShell {
+ name = "nixos-manual";
+
+ buildInputs = with pkgs; [ xmlformat jing xmloscopy ];
+}
diff --git a/nixos/doc/xmlformat.conf b/nixos/doc/xmlformat.conf
new file mode 100644
index 0000000000000000000000000000000000000000..50255857b24a01142083c94e3aad0817323f83ca
--- /dev/null
+++ b/nixos/doc/xmlformat.conf
@@ -0,0 +1,72 @@
+#
+# DocBook Configuration file for "xmlformat"
+# see http://www.kitebird.com/software/xmlformat/
+# 10 Sept. 2004
+#
+
+# Only block elements
+ackno address appendix article biblioentry bibliography bibliomixed \
+biblioset blockquote book bridgehead callout calloutlist caption caution \
+chapter chapterinfo classsynopsis cmdsynopsis colophon constraintdef \
+constructorsynopsis dedication destructorsynopsis entry epigraph equation example \
+figure formalpara funcsynopsis glossary glossdef glossdiv glossentry glosslist \
+glosssee glossseealso graphic graphicco highlights imageobjectco important \
+index indexdiv indexentry indexinfo info informalequation informalexample \
+informalfigure informaltable legalnotice literallayout lot lotentry mediaobject \
+mediaobjectco msgmain msgset note orderedlist para part preface primaryie \
+procedure qandadiv qandaentry qandaset refentry refentrytitle reference \
+refnamediv refsect1 refsect2 refsect3 refsection revhistory screenshot sect1 \
+sect2 sect3 sect4 sect5 section seglistitem set setindex sidebar simpara \
+simplesect step substeps synopfragment synopsis table term title \
+toc variablelist varlistentry warning itemizedlist listitem \
+footnote colspec partintro row simplelist subtitle tbody tgroup thead tip
+ format block
+ normalize no
+
+
+#appendix bibliography chapter glossary preface reference
+# element-break 3
+
+sect1 section
+ element-break 2
+
+
+#
+para abstract
+ format block
+ entry-break 1
+ exit-break 1
+ normalize yes
+ wrap-length 79
+
+title
+ format block
+ normalize = yes
+ entry-break = 0
+ exit-break = 0
+
+# Inline elements
+abbrev accel acronym action application citation citebiblioid citerefentry citetitle \
+classname co code command computeroutput constant country database date email emphasis \
+envar errorcode errorname errortext errortype exceptionname fax filename \
+firstname firstterm footnoteref foreignphrase funcdef funcparams function \
+glossterm group guibutton guiicon guilabel guimenu guimenuitem guisubmenu \
+hardware holder honorific indexterm inlineequation inlinegraphic inlinemediaobject \
+interface interfacename \
+keycap keycode keycombo keysym lineage link literal manvolnum markup medialabel \
+menuchoice methodname methodparam modifier mousebutton olink ooclass ooexception \
+oointerface option optional otheraddr othername package paramdef parameter personname \
+phrase pob postcode productname prompt property quote refpurpose replaceable \
+returnvalue revnumber sgmltag state street structfield structname subscript \
+superscript surname symbol systemitem token trademark type ulink userinput \
+uri varargs varname void wordasword xref year mathphrase member tag
+ format inline
+
+programlisting screen
+ format verbatim
+ entry-break = 0
+ exit-break = 0
+
+
+#term
+# format inline
diff --git a/nixos/lib/make-ext4-fs.nix b/nixos/lib/make-ext4-fs.nix
index 986d80ff1b999674aecb52e91869acd23c525848..4095d9c6d00d438f056a10363218a1ffe65be125 100644
--- a/nixos/lib/make-ext4-fs.nix
+++ b/nixos/lib/make-ext4-fs.nix
@@ -14,7 +14,7 @@ in
pkgs.stdenv.mkDerivation {
name = "ext4-fs.img";
- nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl];
+ nativeBuildInputs = with pkgs; [e2fsprogs.bin libfaketime perl];
buildCommand =
''
@@ -83,5 +83,12 @@ pkgs.stdenv.mkDerivation {
echo "--- Failed to create EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks) ---"
return 1
fi
+
+ # I have ended up with corrupted images sometimes, I suspect that happens when the build machine's disk gets full during the build.
+ if ! fsck.ext4 -n -f $out; then
+ echo "--- Fsck failed for EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks) ---"
+ cat errorlog
+ return 1
+ fi
'';
}
diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm
index 7e269b43e70ff5da0b1afe1b393733c3f74b82a3..b18f48464ceec5917b38b71d02b9235e54368ffa 100644
--- a/nixos/lib/test-driver/Machine.pm
+++ b/nixos/lib/test-driver/Machine.pm
@@ -33,9 +33,20 @@ sub new {
$startCommand =
"qemu-kvm -m 384 " .
"-net nic,model=virtio \$QEMU_OPTS ";
- my $iface = $args->{hdaInterface} || "virtio";
- $startCommand .= "-drive file=" . Cwd::abs_path($args->{hda}) . ",if=$iface,werror=report "
- if defined $args->{hda};
+
+ if (defined $args->{hda}) {
+ if ($args->{hdaInterface} eq "scsi") {
+ $startCommand .= "-drive id=hda,file="
+ . Cwd::abs_path($args->{hda})
+ . ",werror=report,if=none "
+ . "-device scsi-hd,drive=hda ";
+ } else {
+ $startCommand .= "-drive file=" . Cwd::abs_path($args->{hda})
+ . ",if=" . $args->{hdaInterface}
+ . ",werror=report ";
+ }
+ }
+
$startCommand .= "-cdrom $args->{cdrom} "
if defined $args->{cdrom};
$startCommand .= "-device piix3-usb-uhci -drive id=usbdisk,file=$args->{usb},if=none,readonly -device usb-storage,drive=usbdisk "
diff --git a/nixos/maintainers/scripts/ec2/create-amis.sh b/nixos/maintainers/scripts/ec2/create-amis.sh
index 347e6b9c6e0dbb104847dc0bdab4085d8f0a10b9..9461144fad5a7acde0d62faaeab4031da16970c7 100755
--- a/nixos/maintainers/scripts/ec2/create-amis.sh
+++ b/nixos/maintainers/scripts/ec2/create-amis.sh
@@ -6,7 +6,7 @@
set -e
set -o pipefail
-version=$(nix-instantiate --eval --strict '' -A lib.nixpkgsVersion | sed s/'"'//g)
+version=$(nix-instantiate --eval --strict '' -A lib.version | sed s/'"'//g)
major=${version:0:5}
echo "NixOS version is $version ($major)"
diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml
index 45d6daf068b34133ef2fc40fc554c7c73d17f90b..76ffa8cb7e37bec3cdb08efe22ba2229fa812615 100644
--- a/nixos/modules/i18n/input-method/default.xml
+++ b/nixos/modules/i18n/input-method/default.xml
@@ -6,56 +6,56 @@
Input Methods
-Input methods are an operating system component that allows any data, such
- as keyboard strokes or mouse movements, to be received as input. In this way
- users can enter characters and symbols not found on their input devices. Using
- an input method is obligatory for any language that has more graphemes than
+Input methods are an operating system component that allows any data, such
+ as keyboard strokes or mouse movements, to be received as input. In this way
+ users can enter characters and symbols not found on their input devices. Using
+ an input method is obligatory for any language that has more graphemes than
there are keys on the keyboard.The following input methods are available in NixOS:IBus: The intelligent input bus.
- Fcitx: A customizable lightweight input
+ Fcitx: A customizable lightweight input
method.Nabi: A Korean input method based on XIM.
- Uim: The universal input method, is a library with a XIM
+ Uim: The universal input method, is a library with a XIM
bridge.IBus
-IBus is an Intelligent Input Bus. It provides full featured and user
+IBus is an Intelligent Input Bus. It provides full featured and user
friendly input method user interface.The following snippet can be used to configure IBus:
i18n.inputMethod = {
- enabled = "ibus";
- ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ];
+ enabled = "ibus";
+ ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ];
};
-i18n.inputMethod.ibus.engines is optional and can be
+i18n.inputMethod.ibus.engines is optional and can be
used to add extra IBus engines.Available extra IBus engines are:
- Anthy (ibus-engines.anthy): Anthy is a
- system for Japanese input method. It converts Hiragana text to Kana Kanji
+ Anthy (ibus-engines.anthy): Anthy is a
+ system for Japanese input method. It converts Hiragana text to Kana Kanji
mixed text.
- Hangul (ibus-engines.hangul): Korean input
+ Hangul (ibus-engines.hangul): Korean input
method.
- m17n (ibus-engines.m17n): m17n is an input
- method that uses input methods and corresponding icons in the m17n
+ m17n (ibus-engines.m17n): m17n is an input
+ method that uses input methods and corresponding icons in the m17n
database.
- mozc (ibus-engines.mozc): A Japanese input
+ mozc (ibus-engines.mozc): A Japanese input
method from Google.
- Table (ibus-engines.table): An input method
+ Table (ibus-engines.table): An input method
that load tables of input methods.
- table-others (ibus-engines.table-others):
+ table-others (ibus-engines.table-others):
Various table-based input methods. To use this, and any other table-based
input methods, it must appear in the list of engines along with
table. For example:
@@ -72,71 +72,71 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ];
Fcitx
-Fcitx is an input method framework with extension support. It has three
- built-in Input Method Engine, Pinyin, QuWei and Table-based input
+Fcitx is an input method framework with extension support. It has three
+ built-in Input Method Engine, Pinyin, QuWei and Table-based input
methods.The following snippet can be used to configure Fcitx:
i18n.inputMethod = {
- enabled = "fcitx";
- fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ];
+ enabled = "fcitx";
+ fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ];
};
-i18n.inputMethod.fcitx.engines is optional and can be
+i18n.inputMethod.fcitx.engines is optional and can be
used to add extra Fcitx engines.Available extra Fcitx engines are:
- Anthy (fcitx-engines.anthy): Anthy is a
- system for Japanese input method. It converts Hiragana text to Kana Kanji
+ Anthy (fcitx-engines.anthy): Anthy is a
+ system for Japanese input method. It converts Hiragana text to Kana Kanji
mixed text.
- Chewing (fcitx-engines.chewing): Chewing is
- an intelligent Zhuyin input method. It is one of the most popular input
+ Chewing (fcitx-engines.chewing): Chewing is
+ an intelligent Zhuyin input method. It is one of the most popular input
methods among Traditional Chinese Unix users.
- Hangul (fcitx-engines.hangul): Korean input
+ Hangul (fcitx-engines.hangul): Korean input
method.
- Unikey (fcitx-engines.unikey): Vietnamese input
+ Unikey (fcitx-engines.unikey): Vietnamese input
method.
- m17n (fcitx-engines.m17n): m17n is an input
- method that uses input methods and corresponding icons in the m17n
+ m17n (fcitx-engines.m17n): m17n is an input
+ method that uses input methods and corresponding icons in the m17n
database.
- mozc (fcitx-engines.mozc): A Japanese input
+ mozc (fcitx-engines.mozc): A Japanese input
method from Google.
- table-others (fcitx-engines.table-others):
+ table-others (fcitx-engines.table-others):
Various table-based input methods.Nabi
-Nabi is an easy to use Korean X input method. It allows you to enter
- phonetic Korean characters (hangul) and pictographic Korean characters
+Nabi is an easy to use Korean X input method. It allows you to enter
+ phonetic Korean characters (hangul) and pictographic Korean characters
(hanja).The following snippet can be used to configure Nabi:
i18n.inputMethod = {
- enabled = "nabi";
+ enabled = "nabi";
};
Uim
-Uim (short for "universal input method") is a multilingual input method
+Uim (short for "universal input method") is a multilingual input method
framework. Applications can use it through so-called bridges.The following snippet can be used to configure uim:
i18n.inputMethod = {
- enabled = "uim";
+ enabled = "uim";
};
-Note: The i18n.inputMethod.uim.toolbar option can be
+Note: The option can be
used to choose uim toolbar.
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 83f8a2586bd35a5217f00c59ff0e2ef3d26c3b59..08923970cd386589250237602d897ad479b68ce1 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -73,7 +73,8 @@ let
APPEND ${toString config.boot.loader.grub.memtest86.params}
'';
- isolinuxCfg = baseIsolinuxCfg + (optionalString config.boot.loader.grub.memtest86.enable isolinuxMemtest86Entry);
+ isolinuxCfg = concatStringsSep "\n"
+ ([ baseIsolinuxCfg ] ++ optional config.boot.loader.grub.memtest86.enable isolinuxMemtest86Entry);
# The EFI boot image.
efiDir = pkgs.runCommand "efi-directory" {} ''
diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix
index 6bb556a0123c14defb3c3170d5f19e4576e98e3b..5ad28ea9499ef0b6d53c9b5920d3e0e46b34b047 100644
--- a/nixos/modules/installer/tools/nix-fallback-paths.nix
+++ b/nixos/modules/installer/tools/nix-fallback-paths.nix
@@ -1,6 +1,6 @@
{
- x86_64-linux = "/nix/store/2gk7rk2sx2dkmsjr59gignrfdmya8f6s-nix-2.0.1";
- i686-linux = "/nix/store/5160glkphiv13qggnivyidg8r0491pbl-nix-2.0.1";
- aarch64-linux = "/nix/store/jk29zz3ns9vdkkclcyzzkpzp8dhv1x3i-nix-2.0.1";
- x86_64-darwin = "/nix/store/4a9czmrpd4hf3r80zcmga2c2lm3hbbvv-nix-2.0.1";
+ x86_64-linux = "/nix/store/z6avpvg24f6d1br2sr6qlphsq3h4d91v-nix-2.0.2";
+ i686-linux = "/nix/store/cdqjyb9srhwkc4gqbknnap7y31lws4yq-nix-2.0.2";
+ aarch64-linux = "/nix/store/fbgaa3fb2am30klwv4lls44njwqh487a-nix-2.0.2";
+ x86_64-darwin = "/nix/store/hs8mxsvdhm95dxgx943d74fws01j2zj3-nix-2.0.2";
}
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
index 14c611e18bc3e233d8ff9ab8a22287468e540202..74b61a64667e0fe4c48590c33a88755a7720ade6 100644
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -577,8 +577,8 @@ $bootLoaderConfig
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
- # List packages installed in system profile. To search by name, run:
- # \$ nix-env -qaP | grep wget
+ # List packages installed in system profile. To search, run:
+ # \$ nix search wget
# environment.systemPackages = with pkgs; [
# wget vim
# ];
diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix
index 2e426c017080f3d949fbcd8fa66a4a11d851d57f..b482a5a675230405cc6d7f2c35928330dbca80e2 100644
--- a/nixos/modules/misc/documentation.nix
+++ b/nixos/modules/misc/documentation.nix
@@ -75,20 +75,20 @@ let cfg = config.documentation; in
(mkIf cfg.man.enable {
environment.systemPackages = [ pkgs.man-db ];
environment.pathsToLink = [ "/share/man" ];
- environment.extraOutputsToInstall = [ "man" ] ++ optional cfg.dev.enable [ "devman" ];
+ environment.extraOutputsToInstall = [ "man" ] ++ optional cfg.dev.enable "devman";
})
(mkIf cfg.info.enable {
environment.systemPackages = [ pkgs.texinfoInteractive ];
environment.pathsToLink = [ "/share/info" ];
- environment.extraOutputsToInstall = [ "info" ] ++ optional cfg.dev.enable [ "devinfo" ];
+ environment.extraOutputsToInstall = [ "info" ] ++ optional cfg.dev.enable "devinfo";
})
(mkIf cfg.doc.enable {
# TODO(@oxij): put it here and remove from profiles?
# environment.systemPackages = [ pkgs.w3m ]; # w3m-nox?
environment.pathsToLink = [ "/share/doc" ];
- environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable [ "devdoc" ];
+ environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable "devdoc";
})
]);
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index ab3cbcab0646fbff90e1d2bef7efae382b4333ba..cc7d868498241f48fe5a834df207af1b55a1e7b5 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -138,7 +138,6 @@
ngircd = 112;
btsync = 113;
minecraft = 114;
- #monetdb = 115; # unused (not packaged), removed 2016-09-19
vault = 115;
rippled = 116;
murmur = 117;
@@ -191,7 +190,7 @@
cadvisor = 167;
nylon = 168;
apache-kafka = 169;
- panamax = 170;
+ #panamax = 170; # unused
exim = 172;
#fleet = 173; # unused
#input = 174; # unused
@@ -306,6 +305,8 @@
monero = 287;
ceph = 288;
duplicati = 289;
+ monetdb = 290;
+ restic = 291;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@@ -424,7 +425,6 @@
#ngircd = 112; # unused
btsync = 113;
#minecraft = 114; # unused
- #monetdb = 115; # unused (not packaged), removed 2016-09-19
vault = 115;
#ripped = 116; # unused
#murmur = 117; # unused
@@ -474,9 +474,9 @@
#chronos = 164; # unused
gitlab = 165;
nylon = 168;
- panamax = 170;
+ #panamax = 170; # unused
exim = 172;
- fleet = 173;
+ #fleet = 173; # unused
input = 174;
sddm = 175;
tss = 176;
@@ -580,6 +580,8 @@
monero = 287;
ceph = 288;
duplicati = 289;
+ monetdb = 290;
+ restic = 291;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix
index b8f0a223c910aaa74d127a40a9c8cf64b9e5f2e3..74c86443ab90a314669398000177b97d3df0cb6c 100644
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@@ -5,8 +5,6 @@ with lib;
let
cfg = config.system.nixos;
- releaseFile = "${toString pkgs.path}/.version";
- suffixFile = "${toString pkgs.path}/.version-suffix";
revisionFile = "${toString pkgs.path}/.git-revision";
gitRepo = "${toString pkgs.path}/.git";
gitCommitId = lib.substring 0 7 (commitIdFromGitRepo gitRepo);
@@ -25,14 +23,14 @@ in
nixos.release = mkOption {
readOnly = true;
type = types.str;
- default = fileContents releaseFile;
+ default = trivial.release;
description = "The NixOS release (e.g. 16.03).";
};
nixos.versionSuffix = mkOption {
internal = true;
type = types.str;
- default = if pathExists suffixFile then fileContents suffixFile else "pre-git";
+ default = trivial.versionSuffix;
description = "The NixOS version suffix (e.g. 1160.f2d4ee1).";
};
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 8ef76b9d81eddad85c1c954f3fff0601169afb1b..6c4326046ef849a4da93b2d35ea856ea007038c3 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -167,14 +167,13 @@
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/restic.nix
+ ./services/backup/restic-rest-server.nix
./services/backup/rsnapshot.nix
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
- ./services/cluster/fleet.nix
./services/cluster/kubernetes/default.nix
./services/cluster/kubernetes/dns.nix
./services/cluster/kubernetes/dashboard.nix
- ./services/cluster/panamax.nix
./services/computing/boinc/client.nix
./services/computing/torque/server.nix
./services/computing/torque/mom.nix
@@ -199,6 +198,7 @@
./services/databases/hbase.nix
./services/databases/influxdb.nix
./services/databases/memcached.nix
+ ./services/databases/monetdb.nix
./services/databases/mongodb.nix
./services/databases/mysql.nix
./services/databases/neo4j.nix
@@ -250,6 +250,7 @@
./services/hardware/illum.nix
./services/hardware/interception-tools.nix
./services/hardware/irqbalance.nix
+ ./services/hardware/lcd.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
@@ -512,6 +513,7 @@
./services/networking/murmur.nix
./services/networking/namecoind.nix
./services/networking/nat.nix
+ ./services/networking/ndppd.nix
./services/networking/networkmanager.nix
./services/networking/nftables.nix
./services/networking/ngircd.nix
@@ -650,6 +652,7 @@
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy.nix
./services/web-servers/fcgiwrap.nix
+ ./services/web-servers/hitch/default.nix
./services/web-servers/jboss/default.nix
./services/web-servers/lighttpd/cgit.nix
./services/web-servers/lighttpd/collectd.nix
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 3bf06a951193fc36e137cab17ef1b6cbe6e7ddf2..52481d90eab9e06a3d55a6ce13d107df0cac0f6b 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -17,6 +17,7 @@
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
+ pkgs.mkpasswd # for generating password files
# Some networking tools.
pkgs.fuse
diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml
index 7acbc2fc4dde8b1ac163697502c2d143646de48a..a26653dda535fd83854193bfd1d18c054f7421ec 100644
--- a/nixos/modules/programs/digitalbitbox/doc.xml
+++ b/nixos/modules/programs/digitalbitbox/doc.xml
@@ -15,9 +15,9 @@
installed by setting programs.digitalbitbox
to true in a manner similar to
-
- programs.digitalbitbox.enable = true;
-
+
+ = true;
+
and bundles the digitalbitbox package (see ), which contains the
@@ -46,11 +46,11 @@
digitalbitbox package which could be installed
as follows:
-
- environment.systemPackages = [
- pkgs.digitalbitbox
- ];
-
+
+ = [
+ pkgs.digitalbitbox
+];
+
@@ -62,9 +62,9 @@
The digitalbitbox hardware package enables the udev rules for
Digital Bitbox devices and may be installed as follows:
-
- hardware.digitalbitbox.enable = true;
-
+
+ = true;
+
@@ -72,14 +72,14 @@
the udevRule51 and udevRule52
attributes by means of overriding as follows:
-
- programs.digitalbitbox = {
- enable = true;
- package = pkgs.digitalbitbox.override {
- udevRule51 = "something else";
- };
- };
-
+
+programs.digitalbitbox = {
+ enable = true;
+ package = pkgs.digitalbitbox.override {
+ udevRule51 = "something else";
+ };
+};
+
diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml
index 85b0e023e6c1721f1f83ba72ebf097e8397c06e1..91740ee16ec2f59d497c0cdc9cd814dfe4d9aaa6 100644
--- a/nixos/modules/programs/plotinus.xml
+++ b/nixos/modules/programs/plotinus.xml
@@ -17,7 +17,7 @@
To enable Plotinus, add the following to your configuration.nix:
-programs.plotinus.enable = true;
+ = true;
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index a1ead80cc21577b827c9e2d0adc0b908def0b3a5..56b7bf00448c97862a58f75ae51c541a28998f27 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -17,6 +17,7 @@ with lib;
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
+ (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index e430c2ddb903d67adb3a2020877dfaa1a78f0aeb..9e5d636241e973ca700d6a8e269ad3b25e37a5ef 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -257,7 +257,7 @@ in
if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then
${if data.activationDelay != null then ''
-
+
${data.preDelay}
if [ -d '${lpath}' ]; then
@@ -266,6 +266,10 @@ in
systemctl --wait start acme-setlive-${cert}.service
fi
'' else data.postRun}
+
+ # noop ensuring that the "if" block is non-empty even if
+ # activationDelay == null and postRun == ""
+ true
fi
'';
@@ -294,7 +298,7 @@ in
chown '${data.user}:${data.group}' '${cpath}'
fi
'';
- script =
+ script =
''
workdir="$(mktemp -d)"
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml
index 6130ed82ed3806370afdffc045b5f8c80f992037..7cdc554989ea4bce9033ef330e3edf27a36f305a 100644
--- a/nixos/modules/security/acme.xml
+++ b/nixos/modules/security/acme.xml
@@ -48,9 +48,9 @@ http {
configuration.nix:
-security.acme.certs."foo.example.com" = {
- webroot = "/var/www/challenges";
- email = "foo@example.com";
+."foo.example.com" = {
+ webroot = "/var/www/challenges";
+ email = "foo@example.com";
};
@@ -58,17 +58,17 @@ security.acme.certs."foo.example.com" = {
The private key key.pem and certificate
fullchain.pem will be put into
/var/lib/acme/foo.example.com. The target directory can
-be configured with the option security.acme.directory.
+be configured with the option .
Refer to for all available configuration
-options for the security.acme module.
+options for the security.acme module.
Using ACME certificates in NginxNixOS supports fetching ACME certificates for you by setting
-enableACME = true; in a virtualHost config. We
+ enableACME = true; in a virtualHost config. We
first create self-signed placeholder certificates in place of the
real ACME certs. The placeholder certs are overwritten when the ACME
certs arrive. For foo.example.com the config would
@@ -77,13 +77,13 @@ look like.
services.nginx = {
- enable = true;
- virtualHosts = {
+ enable = true;
+ virtualHosts = {
"foo.example.com" = {
- forceSSL = true;
- enableACME = true;
+ forceSSL = true;
+ enableACME = true;
locations."/" = {
- root = "/var/www";
+ root = "/var/www";
};
};
};
diff --git a/nixos/modules/security/dhparams.nix b/nixos/modules/security/dhparams.nix
index 55c75713101d323dca33a1eb5754430d042a64e7..e2b84c3e3b38018b95aa1ea7e8e1911e31f56226 100644
--- a/nixos/modules/security/dhparams.nix
+++ b/nixos/modules/security/dhparams.nix
@@ -1,107 +1,173 @@
{ config, lib, pkgs, ... }:
-with lib;
let
+ inherit (lib) mkOption types;
cfg = config.security.dhparams;
-in
-{
+
+ bitType = types.addCheck types.int (b: b >= 16) // {
+ name = "bits";
+ description = "integer of at least 16 bits";
+ };
+
+ paramsSubmodule = { name, config, ... }: {
+ options.bits = mkOption {
+ type = bitType;
+ default = cfg.defaultBitSize;
+ description = ''
+ The bit size for the prime that is used during a Diffie-Hellman
+ key exchange.
+ '';
+ };
+
+ options.path = mkOption {
+ type = types.path;
+ readOnly = true;
+ description = ''
+ The resulting path of the generated Diffie-Hellman parameters
+ file for other services to reference. This could be either a
+ store path or a file inside the directory specified by
+ .
+ '';
+ };
+
+ config.path = let
+ generated = pkgs.runCommand "dhparams-${name}.pem" {
+ nativeBuildInputs = [ pkgs.openssl ];
+ } "openssl dhparam -out \"$out\" ${toString config.bits}";
+ in if cfg.stateful then "${cfg.path}/${name}.pem" else generated;
+ };
+
+in {
options = {
security.dhparams = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to generate new DH params and clean up old DH params.
+ '';
+ };
+
params = mkOption {
- description =
- ''
- Diffie-Hellman parameters to generate.
-
- The value is the size (in bits) of the DH params to generate. The
- generated DH params path can be found in
- security.dhparams.path/name.pem.
-
- Note: The name of the DH params is taken as being the name of the
- service it serves: the params will be generated before the said
- service is started.
-
- Warning: If you are removing all dhparams from this list, you have
- to leave security.dhparams.enable for at least one activation in
- order to have them be cleaned up. This also means if you rollback to
- a version without any dhparams the existing ones won't be cleaned
- up.
- '';
- type = with types; attrsOf int;
+ type = with types; let
+ coerce = bits: { inherit bits; };
+ in attrsOf (coercedTo int coerce (submodule paramsSubmodule));
default = {};
- example = { nginx = 3072; };
+ example = lib.literalExample "{ nginx.bits = 3072; }";
+ description = ''
+ Diffie-Hellman parameters to generate.
+
+ The value is the size (in bits) of the DH params to generate. The
+ generated DH params path can be found in
+ config.security.dhparams.params.name.path.
+
+ The name of the DH params is taken as being the name of
+ the service it serves and the params will be generated before the
+ said service is started.
+
+ If you are removing all dhparams from this list, you
+ have to leave for at
+ least one activation in order to have them be cleaned up. This also
+ means if you rollback to a version without any dhparams the
+ existing ones won't be cleaned up. Of course this only applies if
+ is
+ true.
+
+ For module implementers:It's recommended
+ to not set a specific bit size here, so that users can easily
+ override this by setting
+ .
+ '';
+ };
+
+ stateful = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether generation of Diffie-Hellman parameters should be stateful or
+ not. If this is enabled, PEM-encoded files for Diffie-Hellman
+ parameters are placed in the directory specified by
+ . Otherwise the files are
+ created within the Nix store.
+
+ If this is false the resulting store
+ path will be non-deterministic and will be rebuilt every time the
+ openssl package changes.
+ '';
+ };
+
+ defaultBitSize = mkOption {
+ type = bitType;
+ default = 2048;
+ description = ''
+ This allows to override the default bit size for all of the
+ Diffie-Hellman parameters set in
+ .
+ '';
};
path = mkOption {
- description =
- ''
- Path to the directory in which Diffie-Hellman parameters will be
- stored.
- '';
type = types.str;
default = "/var/lib/dhparams";
- };
-
- enable = mkOption {
- description =
- ''
- Whether to generate new DH params and clean up old DH params.
- '';
- default = false;
- type = types.bool;
+ description = ''
+ Path to the directory in which Diffie-Hellman parameters will be
+ stored. This only is relevant if
+ is
+ true.
+ '';
};
};
};
- config = mkIf cfg.enable {
+ config = lib.mkIf (cfg.enable && cfg.stateful) {
systemd.services = {
dhparams-init = {
- description = "Cleanup old Diffie-Hellman parameters";
- wantedBy = [ "multi-user.target" ]; # Clean up even when no DH params is set
+ description = "Clean Up Old Diffie-Hellman Parameters";
+
+ # Clean up even when no DH params is set
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig.RemainAfterExit = true;
serviceConfig.Type = "oneshot";
- script =
- # Create directory
- ''
- if [ ! -d ${cfg.path} ]; then
- mkdir -p ${cfg.path}
- fi
- '' +
+
+ script = ''
+ if [ ! -d ${cfg.path} ]; then
+ mkdir -p ${cfg.path}
+ fi
+
# Remove old dhparams
- ''
- for file in ${cfg.path}/*; do
- if [ ! -f "$file" ]; then
- continue
- fi
- '' + concatStrings (mapAttrsToList (name: value:
- ''
- if [ "$file" == "${cfg.path}/${name}.pem" ] && \
- ${pkgs.openssl}/bin/openssl dhparam -in "$file" -text | head -n 1 | grep "(${toString value} bit)" > /dev/null; then
+ for file in ${cfg.path}/*; do
+ if [ ! -f "$file" ]; then
+ continue
+ fi
+ ${lib.concatStrings (lib.mapAttrsToList (name: { bits, path, ... }: ''
+ if [ "$file" = ${lib.escapeShellArg path} ] && \
+ ${pkgs.openssl}/bin/openssl dhparam -in "$file" -text \
+ | head -n 1 | grep "(${toString bits} bit)" > /dev/null; then
continue
fi
- ''
- ) cfg.params) +
- ''
- rm $file
- done
-
- # TODO: Ideally this would be removing the *former* cfg.path, though this
- # does not seem really important as changes to it are quite unlikely
- rmdir --ignore-fail-on-non-empty ${cfg.path}
- '';
+ '') cfg.params)}
+ rm $file
+ done
+
+ # TODO: Ideally this would be removing the *former* cfg.path, though
+ # this does not seem really important as changes to it are quite
+ # unlikely
+ rmdir --ignore-fail-on-non-empty ${cfg.path}
+ '';
};
- } //
- mapAttrs' (name: value: nameValuePair "dhparams-gen-${name}" {
- description = "Generate Diffie-Hellman parameters for ${name} if they don't exist yet";
- after = [ "dhparams-init.service" ];
- before = [ "${name}.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "oneshot";
- script =
- ''
- mkdir -p ${cfg.path}
- if [ ! -f ${cfg.path}/${name}.pem ]; then
- ${pkgs.openssl}/bin/openssl dhparam -out ${cfg.path}/${name}.pem ${toString value}
- fi
- '';
- }) cfg.params;
+ } // lib.mapAttrs' (name: { bits, path, ... }: lib.nameValuePair "dhparams-gen-${name}" {
+ description = "Generate Diffie-Hellman Parameters for ${name}";
+ after = [ "dhparams-init.service" ];
+ before = [ "${name}.service" ];
+ wantedBy = [ "multi-user.target" ];
+ unitConfig.ConditionPathExists = "!${path}";
+ serviceConfig.Type = "oneshot";
+ script = ''
+ mkdir -p ${lib.escapeShellArg cfg.path}
+ ${pkgs.openssl}/bin/openssl dhparam -out ${lib.escapeShellArg path} \
+ ${toString bits}
+ '';
+ }) cfg.params;
};
}
diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml
index 5715ee7ac165b8c6ad85fdea0c37e11386f57899..d69341eb3cde18697fee94f1bf153332f3298c2c 100644
--- a/nixos/modules/security/hidepid.xml
+++ b/nixos/modules/security/hidepid.xml
@@ -8,9 +8,9 @@
Setting
-
- security.hideProcessInformation = true;
-
+
+ = true;
+
ensures that access to process information is restricted to the
owning user. This implies, among other things, that command-line
arguments remain private. Unless your deployment relies on unprivileged
@@ -25,9 +25,9 @@
To allow a service foo to run without process information hiding, set
-
- systemd.services.foo.serviceConfig.SupplementaryGroups = [ "proc" ];
-
+
+systemd.services.foo.serviceConfig.SupplementaryGroups = [ "proc" ];
+
diff --git a/nixos/modules/services/backup/restic-rest-server.nix b/nixos/modules/services/backup/restic-rest-server.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d4b47a09941016774cf2999ef1f4fc79bd32cb90
--- /dev/null
+++ b/nixos/modules/services/backup/restic-rest-server.nix
@@ -0,0 +1,107 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.restic.server;
+in
+{
+ meta.maintainers = [ maintainers.bachp ];
+
+ options.services.restic.server = {
+ enable = mkEnableOption "Restic REST Server";
+
+ listenAddress = mkOption {
+ default = ":8000";
+ example = "127.0.0.1:8080";
+ type = types.str;
+ description = "Listen on a specific IP address and port.";
+ };
+
+ dataDir = mkOption {
+ default = "/var/lib/restic";
+ type = types.path;
+ description = "The directory for storing the restic repository.";
+ };
+
+ appendOnly = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Enable append only mode.
+ This mode allows creation of new backups but prevents deletion and modification of existing backups.
+ This can be useful when backing up systems that have a potential of being hacked.
+ '';
+ };
+
+ privateRepos = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Enable private repos.
+ Grants access only when a subdirectory with the same name as the user is specified in the repository URL.
+ '';
+ };
+
+ prometheus = mkOption {
+ default = false;
+ type = types.bool;
+ description = "Enable Prometheus metrics at /metrics.";
+ };
+
+ extraFlags = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ Extra commandline options to pass to Restic REST server.
+ '';
+ };
+
+ package = mkOption {
+ default = pkgs.restic-rest-server;
+ defaultText = "pkgs.restic-rest-server";
+ type = types.package;
+ description = "Restic REST server package to use.";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.restic-rest-server = {
+ description = "Restic REST Server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = ''
+ ${cfg.package}/bin/rest-server \
+ --listen ${cfg.listenAddress} \
+ --path ${cfg.dataDir} \
+ ${optionalString cfg.appendOnly "--append-only"} \
+ ${optionalString cfg.privateRepos "--private-repos"} \
+ ${optionalString cfg.prometheus "--prometheus"} \
+ ${escapeShellArgs cfg.extraFlags} \
+ '';
+ Type = "simple";
+ User = "restic";
+ Group = "restic";
+
+ # Security hardening
+ ReadWritePaths = [ cfg.dataDir ];
+ PrivateTmp = true;
+ ProtectSystem = "strict";
+ ProtectKernelTunables = true;
+ ProtectKernelModules = true;
+ ProtectControlGroups = true;
+ PrivateDevices = true;
+ };
+ };
+
+ users.extraUsers.restic = {
+ group = "restic";
+ home = cfg.dataDir;
+ createHome = true;
+ uid = config.ids.uids.restic;
+ };
+
+ users.extraGroups.restic.gid = config.ids.uids.restic;
+ };
+}
diff --git a/nixos/modules/services/cluster/fleet.nix b/nixos/modules/services/cluster/fleet.nix
deleted file mode 100644
index ec03be3959483cf3c033a6583ec913143fad2e95..0000000000000000000000000000000000000000
--- a/nixos/modules/services/cluster/fleet.nix
+++ /dev/null
@@ -1,150 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.fleet;
-
-in {
-
- ##### Interface
- options.services.fleet = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable fleet service.
- '';
- };
-
- listen = mkOption {
- type = types.listOf types.str;
- default = [ "/var/run/fleet.sock" ];
- example = [ "/var/run/fleet.sock" "127.0.0.1:49153" ];
- description = ''
- Fleet listening addresses.
- '';
- };
-
- etcdServers = mkOption {
- type = types.listOf types.str;
- default = [ "http://127.0.0.1:2379" ];
- description = ''
- Fleet list of etcd endpoints to use.
- '';
- };
-
- publicIp = mkOption {
- type = types.nullOr types.str;
- default = "";
- description = ''
- Fleet IP address that should be published with the local Machine's
- state and any socket information. If not set, fleetd will attempt
- to detect the IP it should publish based on the machine's IP
- routing information.
- '';
- };
-
- etcdCafile = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = ''
- Fleet TLS ca file when SSL certificate authentication is enabled
- in etcd endpoints.
- '';
- };
-
- etcdKeyfile = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = ''
- Fleet TLS key file when SSL certificate authentication is enabled
- in etcd endpoints.
- '';
- };
-
- etcdCertfile = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = ''
- Fleet TLS cert file when SSL certificate authentication is enabled
- in etcd endpoints.
- '';
- };
-
- metadata = mkOption {
- type = types.attrsOf types.str;
- default = {};
- apply = attrs: concatMapStringsSep "," (n: "${n}=${attrs."${n}"}") (attrNames attrs);
- example = literalExample ''
- {
- region = "us-west";
- az = "us-west-1";
- }
- '';
- description = ''
- Key/value pairs that are published with the local to the fleet registry.
- This data can be used directly by a client of fleet to make scheduling decisions.
- '';
- };
-
- extraConfig = mkOption {
- type = types.attrsOf types.str;
- apply = mapAttrs' (n: v: nameValuePair ("FLEET_" + n) v);
- default = {};
- example = literalExample ''
- {
- VERBOSITY = 1;
- ETCD_REQUEST_TIMEOUT = "2.0";
- AGENT_TTL = "40s";
- }
- '';
- description = ''
- Fleet extra config. See
-
- for configuration options.
- '';
- };
-
- };
-
- ##### Implementation
- config = mkIf cfg.enable {
- systemd.services.fleet = {
- description = "Fleet Init System Daemon";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "fleet.socket" "etcd.service" "docker.service" ];
- requires = [ "fleet.socket" ];
- environment = {
- FLEET_ETCD_SERVERS = concatStringsSep "," cfg.etcdServers;
- FLEET_PUBLIC_IP = cfg.publicIp;
- FLEET_ETCD_CAFILE = cfg.etcdCafile;
- FLEET_ETCD_KEYFILE = cfg.etcdKeyfile;
- FLEET_ETCD_CERTFILE = cfg.etcdCertfile;
- FLEET_METADATA = cfg.metadata;
- } // cfg.extraConfig;
- serviceConfig = {
- ExecStart = "${pkgs.fleet}/bin/fleetd";
- Group = "fleet";
- };
- };
-
- systemd.sockets.fleet = {
- description = "Fleet Socket for the API";
- wantedBy = [ "sockets.target" ];
- listenStreams = cfg.listen;
- socketConfig = {
- ListenStream = "/var/run/fleet.sock";
- SocketMode = "0660";
- SocketUser = "root";
- SocketGroup = "fleet";
- };
- };
-
- services.etcd.enable = mkDefault true;
- virtualisation.docker.enable = mkDefault true;
-
- environment.systemPackages = [ pkgs.fleet ];
- users.extraGroups.fleet.gid = config.ids.gids.fleet;
- };
-}
diff --git a/nixos/modules/services/cluster/panamax.nix b/nixos/modules/services/cluster/panamax.nix
deleted file mode 100644
index 4475e8d8c24b4501e9e45856a76499e7097e8680..0000000000000000000000000000000000000000
--- a/nixos/modules/services/cluster/panamax.nix
+++ /dev/null
@@ -1,156 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.panamax;
-
- panamax_api = pkgs.panamax_api.override { dataDir = cfg.dataDir + "/api"; };
- panamax_ui = pkgs.panamax_ui.override { dataDir = cfg.dataDir + "/ui"; };
-
-in {
-
- ##### Interface
- options.services.panamax = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable Panamax service.
- '';
- };
-
- UIPort = mkOption {
- type = types.int;
- default = 8888;
- description = ''
- Panamax UI listening port.
- '';
- };
-
- APIPort = mkOption {
- type = types.int;
- default = 3000;
- description = ''
- Panamax UI listening port.
- '';
- };
-
- dataDir = mkOption {
- type = types.str;
- default = "/var/lib/panamax";
- description = ''
- Data dir for Panamax.
- '';
- };
-
- fleetctlEndpoint = mkOption {
- type = types.str;
- default = "http://127.0.0.1:2379";
- description = ''
- Panamax fleetctl endpoint.
- '';
- };
-
- journalEndpoint = mkOption {
- type = types.str;
- default = "http://127.0.0.1:19531";
- description = ''
- Panamax journal endpoint.
- '';
- };
-
- secretKey = mkOption {
- type = types.str;
- default = "SomethingVeryLong.";
- description = ''
- Panamax secret key (do change this).
- '';
- };
-
- };
-
- ##### Implementation
- config = mkIf cfg.enable {
- systemd.services.panamax-api = {
- description = "Panamax API";
-
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "fleet.service" "etcd.service" "docker.service" ];
-
- path = [ panamax_api ];
- environment = {
- RAILS_ENV = "production";
- JOURNAL_ENDPOINT = cfg.journalEndpoint;
- FLEETCTL_ENDPOINT = cfg.fleetctlEndpoint;
- PANAMAX_DATABASE_PATH = "${cfg.dataDir}/api/db/mnt/db.sqlite3";
- };
-
- preStart = ''
- rm -rf ${cfg.dataDir}/state/tmp
- mkdir -p ${cfg.dataDir}/api/{db/mnt,state/log,state/tmp}
- ln -sf ${panamax_api}/share/panamax-api/_db/{schema.rb,seeds.rb,migrate} ${cfg.dataDir}/api/db/
-
- if [ ! -f ${cfg.dataDir}/.created ]; then
- bundle exec rake db:setup
- bundle exec rake db:seed
- bundle exec rake panamax:templates:load || true
- touch ${cfg.dataDir}/.created
- else
- bundle exec rake db:migrate
- fi
- '';
-
- serviceConfig = {
- ExecStart = "${panamax_api}/bin/bundle exec rails server --binding 127.0.0.1 --port ${toString cfg.APIPort}";
- User = "panamax";
- Group = "panamax";
- };
- };
-
- systemd.services.panamax-ui = {
- description = "Panamax UI";
-
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "panamax_api.service" ];
-
- path = [ panamax_ui ];
- environment = {
- RAILS_ENV = "production";
- JOURNAL_ENDPOINT = cfg.journalEndpoint;
- PMX_API_PORT_3000_TCP_ADDR = "localhost";
- PMX_API_PORT_3000_TCP_PORT = toString cfg.APIPort;
- SECRET_KEY_BASE = cfg.secretKey;
- };
-
- preStart = ''
- mkdir -p ${cfg.dataDir}/ui/state/{log,tmp}
- chown -R panamax:panamax ${cfg.dataDir}
- '';
-
- serviceConfig = {
- ExecStart = "${panamax_ui}/bin/bundle exec rails server --binding 127.0.0.1 --port ${toString cfg.UIPort}";
- User = "panamax";
- Group = "panamax";
- PermissionsStartOnly = true;
- };
- };
-
- users.extraUsers.panamax =
- { uid = config.ids.uids.panamax;
- description = "Panamax user";
- createHome = true;
- home = cfg.dataDir;
- extraGroups = [ "docker" ];
- };
-
- services.journald.enableHttpGateway = mkDefault true;
- services.fleet.enable = mkDefault true;
- services.cadvisor.enable = mkDefault true;
- services.cadvisor.port = mkDefault 3002;
- virtualisation.docker.enable = mkDefault true;
-
- environment.systemPackages = [ panamax_api panamax_ui ];
- users.extraGroups.panamax.gid = config.ids.gids.panamax;
- };
-}
diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix
index 22acddc8ca9174371df3bee4d0a5622dbb6f3d5c..693d2fde99163ccd075d619f13f541ddd8b70994 100644
--- a/nixos/modules/services/databases/foundationdb.nix
+++ b/nixos/modules/services/databases/foundationdb.nix
@@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.foundationdb;
+ pkg = cfg.package;
# used for initial cluster configuration
initialIpAddr = if (cfg.publicAddress != "auto") then cfg.publicAddress else "127.0.0.1";
@@ -24,7 +25,7 @@ let
group = ${cfg.group}
[fdbserver]
- command = ${pkgs.foundationdb}/bin/fdbserver
+ command = ${pkg}/bin/fdbserver
public_address = ${cfg.publicAddress}:$ID
listen_address = ${cfg.listenAddress}
datadir = ${cfg.dataDir}/$ID
@@ -35,6 +36,13 @@ let
memory = ${cfg.memory}
storage_memory = ${cfg.storageMemory}
+ ${optionalString (cfg.tls != null) ''
+ tls_plugin = ${pkg}/libexec/plugins/FDBLibTLS.so
+ tls_certificate_file = ${cfg.tls.certificate}
+ tls_key_file = ${cfg.tls.key}
+ tls_verify_peers = ${cfg.tls.allowedPeers}
+ ''}
+
${optionalString (cfg.locality.machineId != null) "locality_machineid=${cfg.locality.machineId}"}
${optionalString (cfg.locality.zoneId != null) "locality_zoneid=${cfg.locality.zoneId}"}
${optionalString (cfg.locality.datacenterId != null) "locality_dcid=${cfg.locality.datacenterId}"}
@@ -43,7 +51,7 @@ let
${fdbServers cfg.serverProcesses}
[backup_agent]
- command = ${pkgs.foundationdb}/libexec/backup_agent
+ command = ${pkg}/libexec/backup_agent
${backupAgents cfg.backupProcesses}
'';
in
@@ -52,6 +60,14 @@ in
enable = mkEnableOption "FoundationDB Server";
+ package = mkOption {
+ type = types.package;
+ description = ''
+ The FoundationDB package to use for this server. This must be specified by the user
+ in order to ensure migrations and upgrades are controlled appropriately.
+ '';
+ };
+
publicAddress = mkOption {
type = types.str;
default = "auto";
@@ -188,6 +204,43 @@ in
'';
};
+ tls = mkOption {
+ default = null;
+ description = ''
+ FoundationDB Transport Security Layer (TLS) settings.
+ '';
+
+ type = types.nullOr (types.submodule ({
+ options = {
+ certificate = mkOption {
+ type = types.str;
+ description = ''
+ Path to the TLS certificate file. This certificate will
+ be offered to, and may be verified by, clients.
+ '';
+ };
+
+ key = mkOption {
+ type = types.str;
+ description = "Private key file for the certificate.";
+ };
+
+ allowedPeers = mkOption {
+ type = types.str;
+ default = "Check.Valid=1,Check.Unexpired=1";
+ description = ''
+ "Peer verification string". This may be used to adjust which TLS
+ client certificates a server will accept, as a form of user
+ authorization; for example, it may only accept TLS clients who
+ offer a certificate abiding by some locality or organization name.
+
+ For more information, please see the FoundationDB documentation.
+ '';
+ };
+ };
+ }));
+ };
+
locality = mkOption {
default = {
machineId = null;
@@ -270,7 +323,7 @@ in
meta.doc = ./foundationdb.xml;
meta.maintainers = with lib.maintainers; [ thoughtpolice ];
- environment.systemPackages = [ pkgs.foundationdb ];
+ environment.systemPackages = [ pkg ];
users.extraUsers = optionalAttrs (cfg.user == "foundationdb") (singleton
{ name = "foundationdb";
@@ -324,34 +377,37 @@ in
ReadWritePaths = lib.concatStringsSep " " (map (x: "-" + x) rwpaths);
};
- path = [ pkgs.foundationdb pkgs.coreutils ];
+ path = [ pkg pkgs.coreutils ];
preStart = ''
rm -f ${cfg.pidfile} && \
touch ${cfg.pidfile} && \
chown -R ${cfg.user}:${cfg.group} ${cfg.pidfile}
- for x in "${cfg.logDir}" "${cfg.dataDir}" /etc/foundationdb; do
- [ ! -d "$x" ] && mkdir -m 0700 -vp "$x" && chown -R ${cfg.user}:${cfg.group} "$x";
+ for x in "${cfg.logDir}" "${cfg.dataDir}"; do
+ [ ! -d "$x" ] && mkdir -m 0700 -vp "$x";
+ chown -R ${cfg.user}:${cfg.group} "$x";
done
+ [ ! -d /etc/foundationdb ] && \
+ mkdir -m 0775 -vp /etc/foundationdb && \
+ chown -R ${cfg.user}:${cfg.group} "/etc/foundationdb"
+
if [ ! -f /etc/foundationdb/fdb.cluster ]; then
cf=/etc/foundationdb/fdb.cluster
desc=$(tr -dc A-Za-z0-9 /dev/null | head -c8)
rand=$(tr -dc A-Za-z0-9 /dev/null | head -c8)
echo ''${desc}:''${rand}@${initialIpAddr}:${builtins.toString cfg.listenPortStart} > $cf
- chmod 0660 $cf && chown -R ${cfg.user}:${cfg.group} $cf
+ chmod 0664 $cf && chown -R ${cfg.user}:${cfg.group} $cf
touch "${cfg.dataDir}/.first_startup"
fi
'';
- script = ''
- exec fdbmonitor --lockfile ${cfg.pidfile} --conffile ${configFile};
- '';
+ script = "exec fdbmonitor --lockfile ${cfg.pidfile} --conffile ${configFile}";
postStart = ''
if [ -e "${cfg.dataDir}/.first_startup" ]; then
- fdbcli --exec "configure new single ssd"
+ fdbcli --exec "configure new single memory"
rm -f "${cfg.dataDir}/.first_startup";
fi
'';
diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml
index 2a0e3c76c9d8f4a78694f0acf662437b8dea832e..def9cc43669141f2901d74cd36463ad32d8aa800 100644
--- a/nixos/modules/services/databases/foundationdb.xml
+++ b/nixos/modules/services/databases/foundationdb.xml
@@ -12,7 +12,7 @@
Maintainer: Austin Seipp
-Default version: 5.1.x
+Available version(s): 5.1.xFoundationDB (or "FDB") is a distributed, open source, high performance,
transactional key-value store. It can store petabytes of data and deliver
@@ -26,9 +26,17 @@ exceptional performance while maintaining consistency and ACID semantics
services.foundationdb.enable = true;
+services.foundationdb.package = pkgs.foundationdb51; # FoundationDB 5.1.x
+The option is required,
+and must always be specified. Because FoundationDB network protocols and
+on-disk storage formats may change between (major) versions, and upgrades must
+be explicitly handled by the user, you must always manually specify this
+yourself so that the NixOS module will use the proper version. Note that minor,
+bugfix releases are always compatible.
+
After running nixos-rebuild, you can verify whether
FoundationDB is running by executing fdbcli (which is added
to ):
@@ -192,6 +200,44 @@ to a new node in order to connect, if it is not part of the cluster.
+Client authorization and TLS
+
+By default, any user who can connect to a FoundationDB process with the
+correct cluster configuration can access anything. FoundationDB uses a
+pluggable design to transport security, and out of the box it supports a
+LibreSSL-based plugin for TLS support. This plugin not only does in-flight
+encryption, but also performs client authorization based on the given
+endpoint's certificate chain. For example, a FoundationDB server may be
+configured to only accept client connections over TLS, where the client TLS
+certificate is from organization Acme Co in the
+Research and Development unit.
+
+Configuring TLS with FoundationDB is done using the
+ options in order to control the peer
+verification string, as well as the certificate and its private key.
+
+Note that the certificate and its private key must be accessible to the
+FoundationDB user account that the server runs under. These files are also NOT
+managed by NixOS, as putting them into the store may reveal private
+information.
+
+After you have a key and certificate file in place, it is not enough to
+simply set the NixOS module options -- you must also configure the
+fdb.cluster file to specify that a given set of coordinators
+use TLS. This is as simple as adding the suffix :tls to your
+cluster coordinator configuration, after the port number. For example, assuming
+you have a coordinator on localhost with the default configuration, simply
+specifying:
+
+
+XXXXXX:XXXXXX@127.0.0.1:4500:tls
+
+
+will configure all clients and server processes to use TLS from now
+on.
+
+
+
Backups and Disaster RecoveryThe usual rules for doing FoundationDB backups apply on NixOS as written
@@ -245,16 +291,12 @@ FoundationDB is not new software, but the NixOS compilation and integration has
only undergone fairly basic testing of all the available functionality.
- TLS plugin support is compiled in, but it's currently not
- possible to specify the set of TLS certificate options in
- services.foundationdbThere is no way to specify individual parameters for
individual fdbserver processes. Currently, all server
processes inherit all the global fdbmonitor settings.
Python bindings are not currently installed.Ruby bindings are not currently installed.
- Java bindings are not currently installed.Go bindings are not currently installed.
diff --git a/nixos/modules/services/databases/monetdb.nix b/nixos/modules/services/databases/monetdb.nix
new file mode 100644
index 0000000000000000000000000000000000000000..5c66fc7b2e360ca9323273891669d2b5e9e07577
--- /dev/null
+++ b/nixos/modules/services/databases/monetdb.nix
@@ -0,0 +1,100 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.monetdb;
+
+in {
+ meta.maintainers = with maintainers; [ StillerHarpo primeos ];
+
+ ###### interface
+ options = {
+ services.monetdb = {
+
+ enable = mkEnableOption "the MonetDB database server";
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.monetdb;
+ defaultText = "pkgs.monetdb";
+ description = "MonetDB package to use.";
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = "monetdb";
+ description = "User account under which MonetDB runs.";
+ };
+
+ group = mkOption {
+ type = types.str;
+ default = "monetdb";
+ description = "Group under which MonetDB runs.";
+ };
+
+ dataDir = mkOption {
+ type = types.path;
+ default = "/var/lib/monetdb";
+ description = "Data directory for the dbfarm.";
+ };
+
+ port = mkOption {
+ type = types.ints.u16;
+ default = 50000;
+ description = "Port to listen on.";
+ };
+
+ listenAddress = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ example = "0.0.0.0";
+ description = "Address to listen on.";
+ };
+ };
+ };
+
+ ###### implementation
+ config = mkIf cfg.enable {
+
+ users.users.monetdb = mkIf (cfg.user == "monetdb") {
+ uid = config.ids.uids.monetdb;
+ group = cfg.group;
+ description = "MonetDB user";
+ home = cfg.dataDir;
+ createHome = true;
+ };
+
+ users.groups.monetdb = mkIf (cfg.group == "monetdb") {
+ gid = config.ids.gids.monetdb;
+ members = [ cfg.user ];
+ };
+
+ environment.systemPackages = [ cfg.package ];
+
+ systemd.services.monetdb = {
+ description = "MonetDB database server";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ path = [ cfg.package ];
+ unitConfig.RequiresMountsFor = "${cfg.dataDir}";
+ serviceConfig = {
+ User = cfg.user;
+ Group = cfg.group;
+ ExecStart = "${cfg.package}/bin/monetdbd start -n ${cfg.dataDir}";
+ ExecStop = "${cfg.package}/bin/monetdbd stop ${cfg.dataDir}";
+ };
+ preStart = ''
+ if [ ! -e ${cfg.dataDir}/.merovingian_properties ]; then
+ # Create the dbfarm (as cfg.user)
+ ${cfg.package}/bin/monetdbd create ${cfg.dataDir}
+ fi
+
+ # Update the properties
+ ${cfg.package}/bin/monetdbd set port=${toString cfg.port} ${cfg.dataDir}
+ ${cfg.package}/bin/monetdbd set listenaddr=${cfg.listenAddress} ${cfg.dataDir}
+ '';
+ };
+
+ };
+}
diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml
index a98026942959c83fb689c3ee46ad7404cccdd3a4..98a631c0cd32aff47946ba9e4e7e034262b5b07e 100644
--- a/nixos/modules/services/databases/postgresql.xml
+++ b/nixos/modules/services/databases/postgresql.xml
@@ -23,15 +23,15 @@
configuration.nix:
-services.postgresql.enable = true;
-services.postgresql.package = pkgs.postgresql94;
+ = true;
+ = pkgs.postgresql94;
Note that you are required to specify the desired version of
PostgreSQL (e.g. pkgs.postgresql94). Since
upgrading your PostgreSQL version requires a database dump and reload
(see below), NixOS cannot provide a default value for
- such as the most recent
+ such as the most recent
release of PostgreSQL.
- If services.emacs.defaultEditor is
+ If is
true, the EDITOR variable
will be set to a wrapper script which launches
emacsclient.
@@ -497,10 +497,10 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
Emacs daemon is not wanted for all users, it is possible to
install the service but not globally enable it:
-
+
+ = false;
+ = true;
+
@@ -582,7 +582,7 @@ services.emacs.install = true;
To install the DocBook 5.0 schemas, either add
pkgs.docbook5 to
- environment.systemPackages ( (NixOS), or run
nix-env -i pkgs.docbook5
(Nix).
diff --git a/nixos/modules/services/editors/infinoted.nix b/nixos/modules/services/editors/infinoted.nix
index 963147b18a04770cc18dcdbd109e77d13fd8b1ec..9074a4345eae5151cdded29b1fdca13406b2ab4c 100644
--- a/nixos/modules/services/editors/infinoted.nix
+++ b/nixos/modules/services/editors/infinoted.nix
@@ -129,7 +129,7 @@ in {
serviceConfig = {
Type = "simple";
Restart = "always";
- ExecStart = "${cfg.package}/bin/infinoted-0.6 --config-file=/var/lib/infinoted/infinoted.conf";
+ ExecStart = "${cfg.package}/bin/infinoted-${versions.majorMinor cfg.package.version} --config-file=/var/lib/infinoted/infinoted.conf";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
diff --git a/nixos/modules/services/hardware/lcd.nix b/nixos/modules/services/hardware/lcd.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d78d742cd3185f9540d4fe8fc95ed374ec62de17
--- /dev/null
+++ b/nixos/modules/services/hardware/lcd.nix
@@ -0,0 +1,172 @@
+{ config, lib, pkgs, ... }:
+
+let
+ cfg = config.services.hardware.lcd;
+ pkg = lib.getBin pkgs.lcdproc;
+
+ serverCfg = pkgs.writeText "lcdd.conf" ''
+ [server]
+ DriverPath=${pkg}/lib/lcdproc/
+ ReportToSyslog=false
+ Bind=${cfg.serverHost}
+ Port=${toString cfg.serverPort}
+ ${cfg.server.extraConfig}
+ '';
+
+ clientCfg = pkgs.writeText "lcdproc.conf" ''
+ [lcdproc]
+ Server=${cfg.serverHost}
+ Port=${toString cfg.serverPort}
+ ReportToSyslog=false
+ ${cfg.client.extraConfig}
+ '';
+
+ serviceCfg = {
+ DynamicUser = true;
+ Restart = "on-failure";
+ Slice = "lcd.slice";
+ };
+
+in with lib; {
+
+ meta.maintainers = with maintainers; [ peterhoeg ];
+
+ options = with types; {
+ services.hardware.lcd = {
+ serverHost = mkOption {
+ type = str;
+ default = "localhost";
+ description = "Host on which LCDd is listening.";
+ };
+
+ serverPort = mkOption {
+ type = int;
+ default = 13666;
+ description = "Port on which LCDd is listening.";
+ };
+
+ server = {
+ enable = mkOption {
+ type = bool;
+ default = false;
+ description = "Enable the LCD panel server (LCDd)";
+ };
+
+ openPorts = mkOption {
+ type = bool;
+ default = false;
+ description = "Open the ports in the firewall";
+ };
+
+ usbPermissions = mkOption {
+ type = bool;
+ default = false;
+ description = ''
+ Set group-write permissions on a USB device.
+
+
+ A USB connected LCD panel will most likely require having its
+ permissions modified for lcdd to write to it. Enabling this option
+ sets group-write permissions on the device identified by
+ and
+ . In order to find the
+ values, you can run the lsusb command. Example
+ output:
+
+
+
+ Bus 005 Device 002: ID 0403:c630 Future Technology Devices International, Ltd lcd2usb interface
+
+
+
+ In this case the vendor id is 0403 and the product id is c630.
+ '';
+ };
+
+ usbVid = mkOption {
+ type = str;
+ default = "";
+ description = "The vendor ID of the USB device to claim.";
+ };
+
+ usbPid = mkOption {
+ type = str;
+ default = "";
+ description = "The product ID of the USB device to claim.";
+ };
+
+ usbGroup = mkOption {
+ type = str;
+ default = "dialout";
+ description = "The group to use for settings permissions. This group must exist or you will have to create it.";
+ };
+
+ extraConfig = mkOption {
+ type = lines;
+ default = "";
+ description = "Additional configuration added verbatim to the server config.";
+ };
+ };
+
+ client = {
+ enable = mkOption {
+ type = bool;
+ default = false;
+ description = "Enable the LCD panel client (LCDproc)";
+ };
+
+ extraConfig = mkOption {
+ type = lines;
+ default = "";
+ description = "Additional configuration added verbatim to the client config.";
+ };
+
+ restartForever = mkOption {
+ type = bool;
+ default = true;
+ description = "Try restarting the client forever.";
+ };
+ };
+ };
+ };
+
+ config = mkIf (cfg.server.enable || cfg.client.enable) {
+ networking.firewall.allowedTCPPorts = mkIf (cfg.server.enable && cfg.server.openPorts) [ cfg.serverPort ];
+
+ services.udev.extraRules = mkIf (cfg.server.enable && cfg.server.usbPermissions) ''
+ ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="${cfg.server.usbVid}", ATTRS{idProduct}=="${cfg.server.usbPid}", MODE="660", GROUP="${cfg.server.usbGroup}"
+ '';
+
+ systemd.services = {
+ lcdd = mkIf cfg.server.enable {
+ description = "LCDproc - server";
+ wantedBy = [ "lcd.target" ];
+ serviceConfig = serviceCfg // {
+ ExecStart = "${pkg}/bin/LCDd -f -c ${serverCfg}";
+ SupplementaryGroups = cfg.server.usbGroup;
+ };
+ };
+
+ lcdproc = mkIf cfg.client.enable {
+ description = "LCDproc - client";
+ after = [ "lcdd.service" ];
+ wantedBy = [ "lcd.target" ];
+ serviceConfig = serviceCfg // {
+ ExecStart = "${pkg}/bin/lcdproc -f -c ${clientCfg}";
+ # If the server is being restarted at the same time, the client will
+ # fail as it cannot connect, so space it out a bit.
+ RestartSec = "5";
+ # Allow restarting for eternity
+ StartLimitIntervalSec = lib.mkIf cfg.client.restartForever "0";
+ StartLimitBurst = lib.mkIf cfg.client.restartForever "0";
+ };
+ };
+ };
+
+ systemd.targets.lcd = {
+ description = "LCD client/server";
+ after = [ "lcdd.service" "lcdproc.service" ];
+ wantedBy = [ "multi-user.target" ];
+ };
+ };
+}
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index 543e732127a538661ef801ddf2088f74d195a0be..96e60f9c88ea63d4d48ccbefefa1afab54643311 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -25,6 +25,7 @@ let
ssl_cert = <${cfg.sslServerCert}
ssl_key = <${cfg.sslServerKey}
${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
+ ssl_dh = <${config.security.dhparams.path}/dovecot2.pem
disable_plaintext_auth = yes
'')
@@ -297,10 +298,15 @@ in
config = mkIf cfg.enable {
-
security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
- services.dovecot2.protocols =
+ security.dhparams = mkIf (! isNull cfg.sslServerCert) {
+ enable = true;
+ params = {
+ dovecot2 = 2048;
+ };
+ };
+ services.dovecot2.protocols =
optional cfg.enableImap "imap"
++ optional cfg.enablePop3 "pop3"
++ optional cfg.enableLmtp "lmtp";
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
index 96ac2a1cf2c9dc8bd746187da373baaee9ff3b42..45931cb42b54fdfe02b2e4c0ddc73a87215e1e0a 100644
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -5,6 +5,45 @@ with lib;
let
cfg = config.services.dockerRegistry;
+ blobCache = if cfg.enableRedisCache
+ then "redis"
+ else "inmemory";
+
+ registryConfig = {
+ version = "0.1";
+ log.fields.service = "registry";
+ storage = {
+ cache.blobdescriptor = blobCache;
+ filesystem.rootdirectory = cfg.storagePath;
+ delete.enabled = cfg.enableDelete;
+ };
+ http = {
+ addr = ":${builtins.toString cfg.port}";
+ headers.X-Content-Type-Options = ["nosniff"];
+ };
+ health.storagedriver = {
+ enabled = true;
+ interval = "10s";
+ threshold = 3;
+ };
+ };
+
+ registryConfig.redis = mkIf cfg.enableRedisCache {
+ addr = "${cfg.redisUrl}";
+ password = "${cfg.redisPassword}";
+ db = 0;
+ dialtimeout = "10ms";
+ readtimeout = "10ms";
+ writetimeout = "10ms";
+ pool = {
+ maxidle = 16;
+ maxactive = 64;
+ idletimeout = "300s";
+ };
+ };
+
+ configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
+
in {
options.services.dockerRegistry = {
enable = mkEnableOption "Docker Registry";
@@ -27,6 +66,26 @@ in {
description = "Docker registry storage path.";
};
+ enableDelete = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable delete for manifests and blobs.";
+ };
+
+ enableRedisCache = mkEnableOption "redis as blob cache";
+
+ redisUrl = mkOption {
+ type = types.str;
+ default = "localhost:6379";
+ description = "Set redis host and port.";
+ };
+
+ redisPassword = mkOption {
+ type = types.str;
+ default = "";
+ description = "Set redis password.";
+ };
+
extraConfig = mkOption {
description = ''
Docker extra registry configuration via environment variables.
@@ -34,6 +93,19 @@ in {
default = {};
type = types.attrsOf types.str;
};
+
+ enableGarbageCollect = mkEnableOption "garbage collect";
+
+ garbageCollectDates = mkOption {
+ default = "daily";
+ type = types.str;
+ description = ''
+ Specification (in the format described by
+ systemd.time
+ 7) of the time at
+ which the garbage collect will occur.
+ '';
+ };
};
config = mkIf cfg.enable {
@@ -41,15 +113,8 @@ in {
description = "Docker Container Registry";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
-
- environment = {
- REGISTRY_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.port}";
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY = cfg.storagePath;
- } // cfg.extraConfig;
-
script = ''
- ${pkgs.docker-distribution}/bin/registry serve \
- ${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml
+ ${pkgs.docker-distribution}/bin/registry serve ${configFile}
'';
serviceConfig = {
@@ -58,6 +123,22 @@ in {
};
};
+ systemd.services.docker-registry-garbage-collect = {
+ description = "Run Garbage Collection for docker registry";
+
+ restartIfChanged = false;
+ unitConfig.X-StopOnRemoval = false;
+
+ serviceConfig.Type = "oneshot";
+
+ script = ''
+ ${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile}
+ ${pkgs.systemd}/bin/systemctl restart docker-registry.service
+ '';
+
+ startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
+ };
+
users.extraUsers.docker-registry = {
createHome = true;
home = cfg.storagePath;
diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml
index 4b00f50abd63d1b3432f4f39d5df8f14a7a07b12..3306ba8e9b11e143e039fff13ccaff00bd9b50c4 100644
--- a/nixos/modules/services/misc/gitlab.xml
+++ b/nixos/modules/services/misc/gitlab.xml
@@ -18,19 +18,18 @@ webserver to proxy HTTP requests to the socket.
frontend proxy:
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- virtualHosts."git.example.com" = {
- enableACME = true;
- forceSSL = true;
- locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
- };
- };
-'';
+services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ virtualHosts."git.example.com" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+ };
+};
@@ -49,24 +48,24 @@ all data like the repositories and uploads will be stored.
services.gitlab = {
- enable = true;
- databasePassword = "eXaMpl3";
- initialRootPassword = "UseNixOS!";
- https = true;
- host = "git.example.com";
- port = 443;
- user = "git";
- group = "git";
+ enable = true;
+ databasePassword = "eXaMpl3";
+ initialRootPassword = "UseNixOS!";
+ https = true;
+ host = "git.example.com";
+ port = 443;
+ user = "git";
+ group = "git";
smtp = {
- enable = true;
- address = "localhost";
- port = 25;
+ enable = true;
+ address = "localhost";
+ port = 25;
};
secrets = {
- db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
- secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
- otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
- jws = ''
+ db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
+ secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
+ otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
+ jws = ''
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK
ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm
@@ -96,7 +95,7 @@ services.gitlab = {
-----END RSA PRIVATE KEY-----
'';
};
- extraConfig = {
+ extraConfig = {
gitlab = {
email_from = "gitlab-no-reply@example.com";
email_display_name = "Example GitLab";
@@ -116,7 +115,7 @@ secret from config/secrets.yml located in your Gitlab state
folder.
Refer to for all available configuration
-options for the services.gitlab module.
+options for the services.gitlab module.
diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix
index 7e880ad09b89650ad6513588413fe46f376fc966..10901e102225103dc64ec455aead8c8e6f130f60 100644
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@@ -395,7 +395,14 @@ in {
};
url_preview_ip_range_blacklist = mkOption {
type = types.listOf types.str;
- default = [];
+ default = [
+ "127.0.0.0/8"
+ "10.0.0.0/8"
+ "172.16.0.0/12"
+ "192.168.0.0/16"
+ "100.64.0.0/10"
+ "169.254.0.0/16"
+ ];
description = ''
List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
@@ -412,14 +419,7 @@ in {
};
url_preview_url_blacklist = mkOption {
type = types.listOf types.str;
- default = [
- "127.0.0.0/8"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
- "100.64.0.0/10"
- "169.254.0.0/16"
- ];
+ default = [];
description = ''
Optional list of URL matches that the URL preview spider is
denied from accessing.
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index f2d34560a718dd23af0d60739dbab4decd630d1b..277ae9e292ce9df663b6d7e6b46c7ca3ddae1aaa 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -338,7 +338,9 @@ in
nixPath = mkOption {
type = types.listOf types.str;
default =
- [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
+ [
+ "$HOME/.nix-defexpr/channels"
+ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
];
diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml
index 6d4d2a9b488c073395d5ab514e167c647548f1ea..75493ac1394f6e7b0d546417c60dc42a22ddc085 100644
--- a/nixos/modules/services/misc/taskserver/doc.xml
+++ b/nixos/modules/services/misc/taskserver/doc.xml
@@ -55,7 +55,7 @@
Because Taskserver by default only provides scripts to setup users
imperatively, the nixos-taskserver tool is used for
addition and deletion of organisations along with users and groups defined
- by and as well for
+ by and as well for
imperative set up.
@@ -99,10 +99,10 @@
For example, let's say you have the following configuration:
{
- services.taskserver.enable = true;
- services.taskserver.fqdn = "server";
- services.taskserver.listenHost = "::";
- services.taskserver.organisations.my-company.users = [ "alice" ];
+ = true;
+ = "server";
+ = "::";
+ services.taskserver.organisations.my-company.users = [ "alice" ];
}
This creates an organisation called my-company with the
@@ -136,7 +136,7 @@ $ ssh server nixos-taskserver user export my-company alice | sh
If you set any options within
- ,
+ service.taskserver.pki.manual.*,
nixos-taskserver won't issue certificates, but you can
still use it for adding or removing user accounts.
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix
index 180b273d177e589368ee016fc457a972282bd7d9..780448d8bad89a5af313410845ba97e9de05d641 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -18,18 +18,19 @@ let
# systemd service must be provided by specifying either
# `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart`
exporterOpts = {
- blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
- collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
- dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
- fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
- json = import ./exporters/json.nix { inherit config lib pkgs; };
- minio = import ./exporters/minio.nix { inherit config lib pkgs; };
- nginx = import ./exporters/nginx.nix { inherit config lib pkgs; };
- node = import ./exporters/node.nix { inherit config lib pkgs; };
- postfix = import ./exporters/postfix.nix { inherit config lib pkgs; };
- snmp = import ./exporters/snmp.nix { inherit config lib pkgs; };
- unifi = import ./exporters/unifi.nix { inherit config lib pkgs; };
- varnish = import ./exporters/varnish.nix { inherit config lib pkgs; };
+ blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
+ collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
+ dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
+ fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
+ json = import ./exporters/json.nix { inherit config lib pkgs; };
+ minio = import ./exporters/minio.nix { inherit config lib pkgs; };
+ nginx = import ./exporters/nginx.nix { inherit config lib pkgs; };
+ node = import ./exporters/node.nix { inherit config lib pkgs; };
+ postfix = import ./exporters/postfix.nix { inherit config lib pkgs; };
+ snmp = import ./exporters/snmp.nix { inherit config lib pkgs; };
+ surfboard = import ./exporters/surfboard.nix { inherit config lib pkgs; };
+ unifi = import ./exporters/unifi.nix { inherit config lib pkgs; };
+ varnish = import ./exporters/varnish.nix { inherit config lib pkgs; };
};
mkExporterOpts = ({ name, port }: {
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix
index 6a3ba2d0457c5670f2210ccd6af0c77b0324f448..431dd8b4ead794c82d1168794da2dd3ee4234622 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix
@@ -9,21 +9,37 @@ in
port = 9113;
extraOpts = {
scrapeUri = mkOption {
- type = types.string;
+ type = types.str;
default = "http://localhost/nginx_status";
description = ''
Address to access the nginx status page.
Can be enabled with services.nginx.statusPage = true.
'';
};
+ telemetryEndpoint = mkOption {
+ type = types.str;
+ default = "/metrics";
+ description = ''
+ Path under which to expose metrics.
+ '';
+ };
+ insecure = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Ignore server certificate if using https.
+ '';
+ };
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-nginx-exporter}/bin/nginx_exporter \
- -nginx.scrape_uri '${cfg.scrapeUri}' \
- -telemetry.address ${cfg.listenAddress}:${toString cfg.port} \
+ --nginx.scrape_uri '${cfg.scrapeUri}' \
+ --telemetry.address ${cfg.listenAddress}:${toString cfg.port} \
+ --telemetry.endpoint ${cfg.telemetryEndpoint} \
+ --insecure ${toString cfg.insecure} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix
new file mode 100644
index 0000000000000000000000000000000000000000..715dba06a3dcac277512213bca42279b8bcd9a7d
--- /dev/null
+++ b/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs }:
+
+with lib;
+
+let
+ cfg = config.services.prometheus.exporters.surfboard;
+in
+{
+ port = 9239;
+ extraOpts = {
+ modemAddress = mkOption {
+ type = types.str;
+ default = "192.168.100.1";
+ description = ''
+ The hostname or IP of the cable modem.
+ '';
+ };
+ };
+ serviceOpts = {
+ description = "Prometheus exporter for surfboard cable modem";
+ unitConfig.Documentation = "https://github.com/ipstatic/surfboard_exporter";
+ serviceConfig = {
+ DynamicUser = true;
+ ExecStart = ''
+ ${pkgs.prometheus-surfboard-exporter}/bin/surfboard_exporter \
+ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+ --modem-address ${cfg.modemAddress} \
+ ${concatStringsSep " \\\n " cfg.extraFlags}
+ '';
+ };
+ };
+}
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix
index b439a83e7aa2fb1eecc9de84897a8b761e7f4b71..8dbf2d735ab96b8a57d9e32cc89c1b108352e7e7 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix
@@ -7,14 +7,80 @@ let
in
{
port = 9131;
+ extraOpts = {
+ noExit = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Do not exit server on Varnish scrape errors.
+ '';
+ };
+ withGoMetrics = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Export go runtime and http handler metrics.
+ '';
+ };
+ verbose = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable verbose logging.
+ '';
+ };
+ raw = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable raw stdout logging without timestamps.
+ '';
+ };
+ varnishStatPath = mkOption {
+ type = types.str;
+ default = "varnishstat";
+ description = ''
+ Path to varnishstat.
+ '';
+ };
+ instance = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ varnishstat -n value.
+ '';
+ };
+ healthPath = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Path under which to expose healthcheck. Disabled unless configured.
+ '';
+ };
+ telemetryPath = mkOption {
+ type = types.str;
+ default = "/metrics";
+ description = ''
+ Path under which to expose metrics.
+ '';
+ };
+ };
serviceOpts = {
path = [ pkgs.varnish ];
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \
- -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
- ${concatStringsSep " \\\n " cfg.extraFlags}
+ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
+ --web.telemetry-path ${cfg.telemetryPath} \
+ --varnishstat-path ${cfg.varnishStatPath} \
+ ${concatStringsSep " \\\n " (cfg.extraFlags
+ ++ optional (cfg.healthPath != null) "--web.health-path ${cfg.healthPath}"
+ ++ optional (cfg.instance != null) "-n ${cfg.instance}"
+ ++ optional cfg.noExit "--no-exit"
+ ++ optional cfg.withGoMetrics "--with-go-metrics"
+ ++ optional cfg.verbose "--verbose"
+ ++ optional cfg.raw "--raw")}
'';
};
};
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml
index 555c6df4d551f95ddcfdc6320f75d1d3d9141f65..ff10886985891daca1e9f5c8b45c68051e2ddfcd 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.xml
+++ b/nixos/modules/services/networking/dnscrypt-proxy.xml
@@ -19,7 +19,7 @@
To enable the client proxy, set
- services.dnscrypt-proxy.enable = true;
+ = true;
@@ -38,17 +38,17 @@
DNS client, change the default proxy listening port to a
non-standard value and point the other client to it:
- services.dnscrypt-proxy.localPort = 43;
+ = 43;
dnsmasq
- {
- services.dnsmasq.enable = true;
- services.dnsmasq.servers = [ "127.0.0.1#43" ];
- }
+{
+ = true;
+ = [ "127.0.0.1#43" ];
+}
@@ -56,10 +56,10 @@
unbound
- {
- services.unbound.enable = true;
- services.unbound.forwardAddresses = [ "127.0.0.1@43" ];
- }
+{
+ = true;
+ = [ "127.0.0.1@43" ];
+}
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index 20c0b0acf165c1f90cf6f4500fe4d8815cc078fd..c4bd0e7f9eef2808e754bdb324a8ba7b022afd40 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -242,6 +242,9 @@ let
# Don't allow traffic to leak out until the script has completed
ip46tables -A INPUT -j nixos-drop
+
+ ${cfg.extraStopCommands}
+
if ${startScript}; then
ip46tables -D INPUT -j nixos-drop 2>/dev/null || true
else
diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix
index 5526e2ba23ac78a25d5fd4bf8c7633eda4ed53b9..e2f4784059530f48bd152851329b749833cee5b8 100644
--- a/nixos/modules/services/networking/matterbridge.nix
+++ b/nixos/modules/services/networking/matterbridge.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ options, config, pkgs, lib, ... }:
with lib;
@@ -6,7 +6,11 @@ let
cfg = config.services.matterbridge;
- matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile);
+ matterbridgeConfToml =
+ if cfg.configPath == null then
+ pkgs.writeText "matterbridge.toml" (cfg.configFile)
+ else
+ cfg.configPath;
in
@@ -15,17 +19,32 @@ in
services.matterbridge = {
enable = mkEnableOption "Matterbridge chat platform bridge";
+ configPath = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ example = "/etc/nixos/matterbridge.toml";
+ description = ''
+ The path to the matterbridge configuration file.
+ '';
+ };
+
configFile = mkOption {
type = types.str;
example = ''
- #WARNING: as this file contains credentials, be sure to set correct file permissions [irc]
+ # WARNING: as this file contains credentials, do not use this option!
+ # It is kept only for backwards compatibility, and would cause your
+ # credentials to be in the nix-store, thus with the world-readable
+ # permission bits.
+ # Use services.matterbridge.configPath instead.
+
+ [irc]
[irc.freenode]
Server="irc.freenode.net:6667"
Nick="matterbot"
[mattermost]
[mattermost.work]
- #do not prefix it wit http:// or https://
+ # Do not prefix it with http:// or https://
Server="yourmattermostserver.domain"
Team="yourteam"
Login="yourlogin"
@@ -44,6 +63,10 @@ in
channel="off-topic"
'';
description = ''
+ WARNING: THIS IS INSECURE, as your password will end up in
+ /nix/store, thus publicly readable. Use
+ services.matterbridge.configPath instead.
+
The matterbridge configuration file in the TOML file format.
'';
};
@@ -65,32 +88,31 @@ in
};
};
- config = mkMerge [
- (mkIf cfg.enable {
-
- users.extraUsers = mkIf (cfg.user == "matterbridge") [
- { name = "matterbridge";
- group = "matterbridge";
- } ];
-
- users.extraGroups = mkIf (cfg.group == "matterbridge") [
- { name = "matterbridge";
- } ];
-
- systemd.services.matterbridge = {
- description = "Matterbridge chat platform bridge";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
-
- serviceConfig = {
- User = cfg.user;
- Group = cfg.group;
- ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
- Restart = "always";
- RestartSec = "10";
- };
+ config = mkIf cfg.enable {
+ warnings = optional options.services.matterbridge.configFile.isDefined
+ "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath";
+
+ users.extraUsers = optional (cfg.user == "matterbridge")
+ { name = "matterbridge";
+ group = "matterbridge";
+ };
+
+ users.extraGroups = optional (cfg.group == "matterbridge")
+ { name = "matterbridge";
};
- })
- ];
-}
+ systemd.services.matterbridge = {
+ description = "Matterbridge chat platform bridge";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ User = cfg.user;
+ Group = cfg.group;
+ ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
+ Restart = "always";
+ RestartSec = "10";
+ };
+ };
+ };
+}
diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix
index 61d063dbfe0e863c6a36c483acba2ace44a87b04..6401631bf62093bdaf91e5ff25d951520417af8c 100644
--- a/nixos/modules/services/networking/minidlna.nix
+++ b/nixos/modules/services/networking/minidlna.nix
@@ -1,23 +1,16 @@
# Module for MiniDLNA, a simple DLNA server.
-
{ config, lib, pkgs, ... }:
with lib;
let
-
cfg = config.services.minidlna;
-
port = 8200;
-
in
{
-
###### interface
-
options = {
-
services.minidlna.enable = mkOption {
type = types.bool;
default = false;
@@ -43,24 +36,48 @@ in
'';
};
+ services.minidlna.loglevel = mkOption {
+ type = types.str;
+ default = "warn";
+ example = "general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn";
+ description =
+ ''
+ Defines the type of messages that should be logged, and down to
+ which level of importance they should be considered.
+
+ The possible types are “artwork”, “database”, “general”, “http”,
+ “inotify”, “metadata”, “scanner”, “ssdp” and “tivo”.
+
+ The levels are “off”, “fatal”, “error”, “warn”, “info” and
+ “debug”, listed here in order of decreasing importance. “off”
+ turns off logging messages entirely, “fatal” logs the most
+ critical messages only, and so on down to “debug” that logs every
+ single messages.
+
+ The types are comma-separated, followed by an equal sign (‘=’),
+ followed by a level that applies to the preceding types. This can
+ be repeated, separating each of these constructs with a comma.
+
+ Defaults to “general,artwork,database,inotify,scanner,metadata,
+ http,ssdp,tivo=warn” which logs every type of message at the
+ “warn” level.
+ '';
+ };
+
services.minidlna.config = mkOption {
type = types.lines;
description = "The contents of MiniDLNA's configuration file.";
};
-
};
-
###### implementation
-
config = mkIf cfg.enable {
-
services.minidlna.config =
''
port=${toString port}
friendly_name=${config.networking.hostName} MiniDLNA
db_dir=/var/cache/minidlna
- log_level=warn
+ log_level=${cfg.loglevel}
inotify=yes
${concatMapStrings (dir: ''
media_dir=${dir}
@@ -98,7 +115,5 @@ in
" -f ${pkgs.writeText "minidlna.conf" cfg.config}";
};
};
-
};
-
}
diff --git a/nixos/modules/services/networking/ndppd.nix b/nixos/modules/services/networking/ndppd.nix
new file mode 100644
index 0000000000000000000000000000000000000000..1d6c48dd8d378f9cc919f6cd15740eba89b0bac1
--- /dev/null
+++ b/nixos/modules/services/networking/ndppd.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.ndppd;
+
+ configFile = pkgs.runCommand "ndppd.conf" {} ''
+ substitute ${pkgs.ndppd}/etc/ndppd.conf $out \
+ --replace eth0 ${cfg.interface} \
+ --replace 1111:: ${cfg.network}
+ '';
+in {
+ options = {
+ services.ndppd = {
+ enable = mkEnableOption "daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces";
+ interface = mkOption {
+ type = types.string;
+ default = "eth0";
+ example = "ens3";
+ description = "Interface which is on link-level with router.";
+ };
+ network = mkOption {
+ type = types.string;
+ default = "1111::";
+ example = "2001:DB8::/32";
+ description = "Network that we proxy.";
+ };
+ configFile = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = "Path to configuration file.";
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.packages = [ pkgs.ndppd ];
+ environment.etc."ndppd.conf".source = if (cfg.configFile != null) then cfg.configFile else configFile;
+ systemd.services.ndppd = {
+ serviceConfig.RuntimeDirectory = [ "ndppd" ];
+ wantedBy = [ "multi-user.target" ];
+ };
+ };
+
+ meta.maintainers = with maintainers; [ gnidorah ];
+}
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 10e96eb403623b977072e339ca42dd4e98a46cac..f4c4adcaaeb897c741cb2cced41fb8a548e2cb74 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -10,7 +10,8 @@ let
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
dns =
- if cfg.useDnsmasq then "dnsmasq"
+ if cfg.dns == "none" then "none"
+ else if cfg.dns == "dnsmasq" then "dnsmasq"
else if config.services.resolved.enable then "systemd-resolved"
else if config.services.unbound.enable then "unbound"
else "default";
@@ -205,14 +206,20 @@ in {
};
};
- useDnsmasq = mkOption {
- type = types.bool;
- default = false;
+ dns = mkOption {
+ type = types.enum [ "auto" "dnsmasq" "none" ];
+ default = "auto";
description = ''
- Enable NetworkManager's dnsmasq integration. NetworkManager will run
- dnsmasq as a local caching nameserver, using a "split DNS"
- configuration if you are connected to a VPN, and then update
- resolv.conf to point to the local nameserver.
+ Options:
+ - auto: Check for systemd-resolved, unbound, or use default.
+ - dnsmasq:
+ Enable NetworkManager's dnsmasq integration. NetworkManager will run
+ dnsmasq as a local caching nameserver, using a "split DNS"
+ configuration if you are connected to a VPN, and then update
+ resolv.conf to point to the local nameserver.
+ - none:
+ Disable NetworkManager's DNS integration completely.
+ It will not touch your /etc/resolv.conf.
'';
};
diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix
index 0b52b1d3e302645d21e97e897163b09e579754e0..fc910e59c323d69fe08f02cc732d323435ed74c3 100644
--- a/nixos/modules/services/networking/nsd.nix
+++ b/nixos/modules/services/networking/nsd.nix
@@ -20,6 +20,7 @@ let
zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;
};
+ mkZoneFileName = name: if name == "." then "root" else name;
nsdEnv = pkgs.buildEnv {
name = "nsd-env";
@@ -50,8 +51,9 @@ let
};
writeZoneData = name: text: pkgs.writeTextFile {
- inherit name text;
- destination = "/zones/${name}";
+ name = "nsd-zone-${mkZoneFileName name}";
+ inherit text;
+ destination = "/zones/${mkZoneFileName name}";
};
@@ -146,7 +148,7 @@ let
zoneConfigFile = name: zone: ''
zone:
name: "${name}"
- zonefile: "${stateDir}/zones/${name}"
+ zonefile: "${stateDir}/zones/${mkZoneFileName name}"
${maybeString "outgoing-interface: " zone.outgoingInterface}
${forEach " rrl-whitelist: " zone.rrlWhitelist}
${maybeString "zonestats: " zone.zoneStats}
@@ -887,6 +889,12 @@ in
config = mkIf cfg.enable {
+ assertions = singleton {
+ assertion = zoneConfigs ? "." -> cfg.rootServer;
+ message = "You have a root zone configured. If this is really what you "
+ + "want, please enable 'services.nsd.rootServer'.";
+ };
+
environment.systemPackages = [ nsdPkg ];
users.extraGroups = singleton {
diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix
index 8e5f0bfc070d4f4e3d5cfdcff065a1e87edcc480..94958bfdd83ecead03854d8571f46f12d9031a10 100644
--- a/nixos/modules/services/networking/unifi.nix
+++ b/nixos/modules/services/networking/unifi.nix
@@ -4,22 +4,22 @@ let
cfg = config.services.unifi;
stateDir = "/var/lib/unifi";
cmd = ''
- @${pkgs.jre}/bin/java java \
+ @${cfg.jrePackage}/bin/java java \
${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \
${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \
-jar ${stateDir}/lib/ace.jar
'';
mountPoints = [
{
- what = "${pkgs.unifi}/dl";
+ what = "${cfg.unifiPackage}/dl";
where = "${stateDir}/dl";
}
{
- what = "${pkgs.unifi}/lib";
+ what = "${cfg.unifiPackage}/lib";
where = "${stateDir}/lib";
}
{
- what = "${pkgs.mongodb}/bin";
+ what = "${cfg.mongodbPackage}/bin";
where = "${stateDir}/bin";
}
{
@@ -41,6 +41,33 @@ in
'';
};
+ services.unifi.jrePackage = mkOption {
+ type = types.package;
+ default = pkgs.jre8;
+ defaultText = "pkgs.jre8";
+ description = ''
+ The JRE package to use. Check the release notes to ensure it is supported.
+ '';
+ };
+
+ services.unifi.unifiPackage = mkOption {
+ type = types.package;
+ default = pkgs.unifiLTS;
+ defaultText = "pkgs.unifiLTS";
+ description = ''
+ The unifi package to use.
+ '';
+ };
+
+ services.unifi.mongodbPackage = mkOption {
+ type = types.package;
+ default = pkgs.mongodb;
+ defaultText = "pkgs.mongodb";
+ description = ''
+ The mongodb package to use.
+ '';
+ };
+
services.unifi.dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
@@ -137,7 +164,7 @@ in
rm -rf "${stateDir}/webapps"
mkdir -p "${stateDir}/webapps"
chown unifi "${stateDir}/webapps"
- ln -s "${pkgs.unifi}/webapps/ROOT" "${stateDir}/webapps/ROOT"
+ ln -s "${cfg.unifiPackage}/webapps/ROOT" "${stateDir}/webapps/ROOT"
'';
postStop = ''
diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix
index ecab8cfc7df9f3d21c038c00e52fd1a79302084e..c4147986439c4814e7d6db5eee4243954c1b43f9 100644
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@@ -83,6 +83,8 @@ let
WebInterface ${if cfg.webInterface then "Yes" else "No"}
+ LogLevel ${cfg.logLevel}
+
${cfg.extraConf}
'';
@@ -165,6 +167,15 @@ in
'';
};
+ logLevel = mkOption {
+ type = types.str;
+ default = "info";
+ example = "debug";
+ description = ''
+ Specifies the cupsd logging verbosity.
+ '';
+ };
+
extraFilesConf = mkOption {
type = types.lines;
default = "";
@@ -180,7 +191,7 @@ in
example =
''
BrowsePoll cups.example.com
- LogLevel debug
+ MaxCopies 42
'';
description = ''
Extra contents of the configuration file of the CUPS daemon
@@ -345,8 +356,6 @@ in
services.printing.extraConf =
''
- LogLevel info
-
DefaultAuthType Basic
diff --git a/nixos/modules/services/security/sshguard.nix b/nixos/modules/services/security/sshguard.nix
index 7f09e8893c4d0556641e6e530026f87a2c7fc2aa..137c3d610186caadb783beb6c4a2331abf74b7fe 100644
--- a/nixos/modules/services/security/sshguard.nix
+++ b/nixos/modules/services/security/sshguard.nix
@@ -133,6 +133,7 @@ in {
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run/sshguard /var/lib/sshguard";
RuntimeDirectory = "sshguard";
+ StateDirectory = "sshguard";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
};
};
diff --git a/nixos/modules/services/web-servers/hitch/default.nix b/nixos/modules/services/web-servers/hitch/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..895d02827f718240eb14cde087f8b44165f139f4
--- /dev/null
+++ b/nixos/modules/services/web-servers/hitch/default.nix
@@ -0,0 +1,108 @@
+{ config, lib, pkgs, ...}:
+let
+ cfg = config.services.hitch;
+ ocspDir = lib.optionalString cfg.ocsp-stapling.enabled "/var/cache/hitch/ocsp";
+ hitchConfig = with lib; pkgs.writeText "hitch.conf" (concatStringsSep "\n" [
+ ("backend = \"${cfg.backend}\"")
+ (concatMapStrings (s: "frontend = \"${s}\"\n") cfg.frontend)
+ (concatMapStrings (s: "pem-file = \"${s}\"\n") cfg.pem-files)
+ ("ciphers = \"${cfg.ciphers}\"")
+ ("ocsp-dir = \"${ocspDir}\"")
+ "user = \"${cfg.user}\""
+ "group = \"${cfg.group}\""
+ cfg.extraConfig
+ ]);
+in
+with lib;
+{
+ options = {
+ services.hitch = {
+ enable = mkEnableOption "Hitch Server";
+
+ backend = mkOption {
+ type = types.str;
+ description = ''
+ The host and port Hitch connects to when receiving
+ a connection in the form [HOST]:PORT
+ '';
+ };
+
+ ciphers = mkOption {
+ type = types.str;
+ default = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ description = "The list of ciphers to use";
+ };
+
+ frontend = mkOption {
+ type = types.either types.str (types.listOf types.str);
+ default = "[127.0.0.1]:443";
+ description = ''
+ The port and interface of the listen endpoint in the
++ form [HOST]:PORT[+CERT].
+ '';
+ apply = toList;
+ };
+
+ pem-files = mkOption {
+ type = types.listOf types.path;
+ default = [];
+ description = "PEM files to use";
+ };
+
+ ocsp-stapling = {
+ enabled = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Whether to enable OCSP Stapling";
+ };
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = "hitch";
+ description = "The user to run as";
+ };
+
+ group = mkOption {
+ type = types.str;
+ default = "hitch";
+ description = "The group to run as";
+ };
+
+ extraConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = "Additional configuration lines";
+ };
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+
+ systemd.services.hitch = {
+ description = "Hitch";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ preStart = ''
+ ${pkgs.hitch}/sbin/hitch -t --config ${hitchConfig}
+ '' + (optionalString cfg.ocsp-stapling.enabled ''
+ mkdir -p ${ocspDir}
+ chown -R hitch:hitch ${ocspDir}
+ '');
+ serviceConfig = {
+ Type = "forking";
+ ExecStart = "${pkgs.hitch}/sbin/hitch --daemon --config ${hitchConfig}";
+ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+ Restart = "always";
+ RestartSec = "5s";
+ LimitNOFILE = 131072;
+ };
+ };
+
+ environment.systemPackages = [ pkgs.hitch ];
+
+ users.extraUsers.hitch.group = "hitch";
+ users.extraGroups.hitch = {};
+ };
+}
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 815c3147e647dee44f897e219b119e133bac6b0b..0aa780bf6da163e146da048d76288aad17f18dcc 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -38,6 +38,7 @@ let
${toString (flip mapAttrsToList upstream.servers (name: server: ''
server ${name} ${optionalString server.backup "backup"};
''))}
+ ${upstream.extraConfig}
}
''));
@@ -492,6 +493,13 @@ in
'';
default = {};
};
+ extraConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = ''
+ These lines go to the end of the upstream verbatim.
+ '';
+ };
};
});
description = ''
diff --git a/nixos/modules/services/x11/window-managers/bspwm.nix b/nixos/modules/services/x11/window-managers/bspwm.nix
index 6783ac3479e6e67e8ac1e1727df323d72d66eab0..23cd4f6529a60786009052bdb6a64c82d2d348b0 100644
--- a/nixos/modules/services/x11/window-managers/bspwm.nix
+++ b/nixos/modules/services/x11/window-managers/bspwm.nix
@@ -59,7 +59,7 @@ in
start = ''
export _JAVA_AWT_WM_NONREPARENTING=1
SXHKD_SHELL=/bin/sh ${cfg.sxhkd.package}/bin/sxhkd ${optionalString (cfg.sxhkd.configFile != null) "-c \"${cfg.sxhkd.configFile}\""} &
- ${cfg.package}/bin/bspwm ${optionalString (cfg.configFile != null) "-c \"${cfg.configFile}\""}
+ ${cfg.package}/bin/bspwm ${optionalString (cfg.configFile != null) "-c \"${cfg.configFile}\""} &
waitPID=$!
'';
};
diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
index 29d1f17d28c8be1cf70e222f6da285b234f2bfc0..1404231f837e093c5143ee8cf9700a1c4c00fb18 100644
--- a/nixos/modules/services/x11/xserver.nix
+++ b/nixos/modules/services/x11/xserver.nix
@@ -242,7 +242,7 @@ in
default = [ "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
example = [
"ati_unfree" "amdgpu" "amdgpu-pro"
- "nv" "nvidia" "nvidiaLegacy340" "nvidiaLegacy304" "nvidiaLegacy173"
+ "nv" "nvidia" "nvidiaLegacy340" "nvidiaLegacy304"
];
description = ''
The names of the video drivers the configuration
diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl
index 87a4ab2a586df7e539fd83ca65d2545035ce7cc0..2ce04ed5342c4c3d0a44060b582cf03b2ddddcf5 100644
--- a/nixos/modules/system/activation/switch-to-configuration.pl
+++ b/nixos/modules/system/activation/switch-to-configuration.pl
@@ -4,6 +4,7 @@ use strict;
use warnings;
use File::Basename;
use File::Slurp;
+use Net::DBus;
use Sys::Syslog qw(:standard :macros);
use Cwd 'abs_path';
@@ -67,17 +68,15 @@ EOF
$SIG{PIPE} = "IGNORE";
sub getActiveUnits {
- # FIXME: use D-Bus or whatever to query this, since parsing the
- # output of list-units is likely to break.
- # Use current version of systemctl binary before daemon is reexeced.
- my $lines = `LANG= /run/current-system/sw/bin/systemctl list-units --full --no-legend`;
+ my $mgr = Net::DBus->system->get_service("org.freedesktop.systemd1")->get_object("/org/freedesktop/systemd1");
+ my $units = $mgr->ListUnitsByPatterns([], []);
my $res = {};
- foreach my $line (split '\n', $lines) {
- chomp $line;
- last if $line eq "";
- $line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
- next if $1 eq "UNIT";
- $res->{$1} = { load => $2, state => $3, substate => $4 };
+ for my $item (@$units) {
+ my ($id, $description, $load_state, $active_state, $sub_state,
+ $following, $unit_path, $job_id, $job_type, $job_path) = @$item;
+ next unless $following eq '';
+ next if $job_id == 0 and $active_state eq 'inactive';
+ $res->{$id} = { load => $load_state, state => $active_state, substate => $sub_state };
}
return $res;
}
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix
index 091a2e412eeda91be63803ed45fbc0a1ddc90615..e2d1dd49ef0ecc07eb7632100fbb35ea9195c3f1 100644
--- a/nixos/modules/system/activation/top-level.nix
+++ b/nixos/modules/system/activation/top-level.nix
@@ -127,7 +127,8 @@ let
configurationName = config.boot.loader.grub.configurationName;
# Needed by switch-to-configuration.
- perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
+
+ perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ]));
} else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}");
# Replace runtime dependencies
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 54dfb53fd30ffba7c716ca46a89a86e31225cc6d..7ebfdb134d7d00ea566d1752d43a2029b520c76c 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -454,7 +454,6 @@ in
["firewire_ohci" "firewire_core" "firewire_sbp2"];
# Some modules that may be needed for mounting anything ciphered
- # Also load input_leds to get caps lock light working (#12456)
boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" "input_leds" ]
++ luks.cryptoModules
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index eea10613ea586aa4a5d5ee32d3d925b66d059882..9aa557ac85959cd329a35569b4cf7522fcc4fe90 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -146,12 +146,13 @@ let
# .network files have a [Link] section with different options than in .netlink files
checkNetworkLink = checkUnitConfig "Link" [
(assertOnlyFields [
- "MACAddress" "MTUBytes" "ARP" "Unmanaged"
+ "MACAddress" "MTUBytes" "ARP" "Unmanaged" "RequiredForOnline"
])
(assertMacAddress "MACAddress")
(assertByteFormat "MTUBytes")
(assertValueOneOf "ARP" boolValues)
(assertValueOneOf "Unmanaged" boolValues)
+ (assertValueOneOf "RquiredForOnline" boolValues)
];
@@ -712,6 +713,9 @@ in
systemd.services.systemd-networkd = {
wantedBy = [ "multi-user.target" ];
restartTriggers = map (f: f.source) (unitFiles);
+ # prevent race condition with interface renaming (#39069)
+ requires = [ "systemd-udev-settle.service" ];
+ after = [ "systemd-udev-settle.service" ];
};
systemd.services.systemd-networkd-wait-online = {
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
index 0b6bec786da4c4774b7ad4cfd961cc01b156a8f7..374a84332357ae3391a9264e91747edf8828cd3b 100644
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@@ -221,7 +221,7 @@ in
echo "Obtaining SSH keys..."
mkdir -m 0700 -p /root/.ssh
AUTH_KEYS=$(${mktemp})
- ${wget} -O $AUTH_KEYS --header="Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
+ ${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
if [ -s $AUTH_KEYS ]; then
# Read in key one by one, split in case Google decided
@@ -246,6 +246,18 @@ in
false
fi
rm -f $AUTH_KEYS
+ SSH_HOST_KEYS_DIR=$(${mktemp} -d)
+ ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key
+ ${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub
+ if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then
+ mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/
+ chmod 600 /etc/ssh/ssh_host_ed25519_key
+ chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
+ else
+ echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed."
+ false
+ fi
+ rm -f $SSH_HOST_KEYS_DIR
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
index 2b78276fcdeaf6cdff9a5ff2c3435580c4aa9305..f7ec5b088c1b82dca9935d5e74ae9a3ee014189e 100644
--- a/nixos/modules/virtualisation/qemu-vm.nix
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@@ -23,9 +23,27 @@ let
cfg = config.virtualisation;
- qemuGraphics = if cfg.graphics then "" else "-nographic";
- kernelConsole = if cfg.graphics then "" else "console=${qemuSerialDevice}";
- ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
+ qemuGraphics = lib.optionalString (!cfg.graphics) "-nographic";
+
+ # enable both serial console and tty0. select preferred console (last one) based on cfg.graphics
+ kernelConsoles = let
+ consoles = [ "console=${qemuSerialDevice},115200n8" "console=tty0" ];
+ in lib.concatStringsSep " " (if cfg.graphics then consoles else reverseList consoles);
+
+ # XXX: This is very ugly and in the future we really should use attribute
+ # sets to build ALL of the QEMU flags instead of this mixed mess of Nix
+ # expressions and shell script stuff.
+ mkDiskIfaceDriveFlag = idx: driveArgs: let
+ inherit (cfg.qemu) diskInterface;
+ # The drive identifier created by incrementing the index by one using the
+ # shell.
+ drvId = "drive$((${idx} + 1))";
+ # NOTE: DO NOT shell escape, because this may contain shell variables.
+ commonArgs = "index=${idx},id=${drvId},${driveArgs}";
+ isSCSI = diskInterface == "scsi";
+ devArgs = "${diskInterface}-hd,drive=${drvId}";
+ args = "-drive ${commonArgs},if=none -device lsi53c895a -device ${devArgs}";
+ in if isSCSI then args else "-drive ${commonArgs},if=${diskInterface}";
# Shell script to start the VM.
startVM =
@@ -68,7 +86,7 @@ let
if ! test -e "empty$idx.qcow2"; then
${qemu}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
fi
- extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx.qcow2,if=${cfg.qemu.diskInterface},werror=report"
+ extraDisks="$extraDisks ${mkDiskIfaceDriveFlag "$idx" "file=$(pwd)/empty$idx.qcow2,werror=report"}"
idx=$((idx + 1))
'')}
@@ -77,22 +95,23 @@ let
-name ${vmName} \
-m ${toString config.virtualisation.memorySize} \
-smp ${toString config.virtualisation.cores} \
+ -device virtio-rng-pci \
${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
${if cfg.useBootLoader then ''
- -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=writeback,werror=report \
- -drive index=1,id=drive2,file=$TMPDIR/disk.img,media=disk \
+ ${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \
+ ${mkDiskIfaceDriveFlag "1" "file=$TMPDIR/disk.img,media=disk"} \
${if cfg.useEFIBoot then ''
-pflash $TMPDIR/bios.bin \
'' else ''
''}
'' else ''
- -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=writeback,werror=report \
+ ${mkDiskIfaceDriveFlag "0" "file=$NIX_DISK_IMAGE,cache=writeback,werror=report"} \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
- -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${kernelConsole} $QEMU_KERNEL_PARAMS" \
+ -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${kernelConsoles} $QEMU_KERNEL_PARAMS" \
''} \
$extraDisks \
${qemuGraphics} \
@@ -232,9 +251,10 @@ in
default = true;
description =
''
- Whether to run QEMU with a graphics window, or access
- the guest computer serial port through the host tty.
- '';
+ Whether to run QEMU with a graphics window, or in nographic mode.
+ Serial console will be enabled on both settings, but this will
+ change the preferred console.
+ '';
};
virtualisation.cores =
@@ -337,11 +357,8 @@ in
mkOption {
default = "virtio";
example = "scsi";
- type = types.str;
- description = ''
- The interface used for the virtual hard disks
- (virtio or scsi).
- '';
+ type = types.enum [ "virtio" "scsi" "ide" ];
+ description = "The interface used for the virtual hard disks.";
};
};
diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix
index 7413e12c8f3d012d4c4dfd92cc836726c2e49ffe..885d752577d50f4eb5b910527613fa2bda616c8e 100644
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@@ -6,7 +6,7 @@ let
cfg = config.virtualisation.virtualbox.host;
virtualbox = pkgs.virtualbox.override {
- inherit (cfg) enableHardening headless;
+ inherit (cfg) enableExtensionPack enableHardening headless;
};
kernelModules = config.boot.kernelPackages.virtualbox.override {
@@ -17,9 +17,7 @@ in
{
options.virtualisation.virtualbox.host = {
- enable = mkOption {
- type = types.bool;
- default = false;
+ enable = mkEnableOption "VirtualBox" // {
description = ''
Whether to enable VirtualBox.
@@ -30,6 +28,8 @@ in
'';
};
+ enableExtensionPack = mkEnableOption "VirtualBox extension pack";
+
addNetworkInterface = mkOption {
type = types.bool;
default = true;
diff --git a/nixos/release.nix b/nixos/release.nix
index 2f779280e6b23c531b0b7b308c9af814d7d830c6..ae70b535a5e2f2368670a9f1501062bb7b5f1aca 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -124,7 +124,6 @@ let
preferLocalBuild = true;
};
-
in rec {
channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; };
@@ -132,6 +131,7 @@ in rec {
manual = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manual);
manualEpub = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manualEpub));
manpages = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.manpages);
+ manualGeneratedSources = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.generatedSources);
options = (buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.manual.optionsJSON)).x86_64-linux;
@@ -269,6 +269,7 @@ in rec {
tests.containers-macvlans = callTest tests/containers-macvlans.nix {};
tests.couchdb = callTest tests/couchdb.nix {};
tests.deluge = callTest tests/deluge.nix {};
+ tests.dhparams = callTest tests/dhparams.nix {};
tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {};
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
@@ -284,7 +285,6 @@ in rec {
tests.ferm = callTest tests/ferm.nix {};
tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {};
- tests.fleet = callTestOnMatchingSystems ["x86_64-linux"] tests/fleet.nix {};
tests.fwupd = callTest tests/fwupd.nix {};
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
@@ -297,6 +297,7 @@ in rec {
tests.graphite = callTest tests/graphite.nix {};
tests.hardened = callTest tests/hardened.nix { };
tests.hibernate = callTest tests/hibernate.nix {};
+ tests.hitch = callTest tests/hitch {};
tests.home-assistant = callTest tests/home-assistant.nix { };
tests.hound = callTest tests/hound.nix {};
tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};
@@ -307,6 +308,7 @@ in rec {
tests.influxdb = callTest tests/influxdb.nix {};
tests.ipv6 = callTest tests/ipv6.nix {};
tests.jenkins = callTest tests/jenkins.nix {};
+ tests.osquery = callTest tests/osquery.nix {};
tests.plasma5 = callTest tests/plasma5.nix {};
tests.plotinus = callTest tests/plotinus.nix {};
tests.keymap = callSubTests tests/keymap.nix {};
@@ -358,7 +360,6 @@ in rec {
tests.openldap = callTest tests/openldap.nix {};
tests.owncloud = callTest tests/owncloud.nix {};
tests.pam-oath-login = callTest tests/pam-oath-login.nix {};
- #tests.panamax = callTestOnMatchingSystems ["x86_64-linux"] tests/panamax.nix {};
tests.peerflix = callTest tests/peerflix.nix {};
tests.php-pcre = callTest tests/php-pcre.nix {};
tests.postgresql = callSubTests tests/postgresql.nix {};
diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix
index 65c314e22e1d251e1696d16e859dc84bbc8166ad..c341e83961a8e9fd01519d67ea2a9b78c3650096 100644
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@@ -94,6 +94,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
''}");
if ($status == 0) {
$ret = 1;
+
+ # XXX: Somehow Chromium is not accepting keystrokes for a few
+ # seconds after a new window has appeared, so let's wait a while.
+ $machine->sleep(10);
+
last;
}
$machine->sleep(1);
diff --git a/nixos/tests/dhparams.nix b/nixos/tests/dhparams.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d11dfeec5d0c178af286bfa4dd7601e8de4ff265
--- /dev/null
+++ b/nixos/tests/dhparams.nix
@@ -0,0 +1,144 @@
+let
+ common = { pkgs, ... }: {
+ security.dhparams.enable = true;
+ environment.systemPackages = [ pkgs.openssl ];
+ };
+
+in import ./make-test.nix {
+ name = "dhparams";
+
+ nodes.generation1 = { pkgs, config, ... }: {
+ imports = [ common ];
+ security.dhparams.params = {
+ # Use low values here because we don't want the test to run for ages.
+ foo.bits = 16;
+ # Also use the old format to make sure the type is coerced in the right
+ # way.
+ bar = 17;
+ };
+
+ systemd.services.foo = {
+ description = "Check systemd Ordering";
+ wantedBy = [ "multi-user.target" ];
+ unitConfig = {
+ # This is to make sure that the dhparams generation of foo occurs
+ # before this service so we need this service to start as early as
+ # possible to provoke a race condition.
+ DefaultDependencies = false;
+
+ # We check later whether the service has been started or not.
+ ConditionPathExists = config.security.dhparams.params.foo.path;
+ };
+ serviceConfig.Type = "oneshot";
+ serviceConfig.RemainAfterExit = true;
+ # The reason we only provide an ExecStop here is to ensure that we don't
+ # accidentally trigger an error because a file system is not yet ready
+ # during very early startup (we might not even have the Nix store
+ # available, for example if future changes in NixOS use systemd mount
+ # units to do early file system initialisation).
+ serviceConfig.ExecStop = "${pkgs.coreutils}/bin/true";
+ };
+ };
+
+ nodes.generation2 = {
+ imports = [ common ];
+ security.dhparams.params.foo.bits = 18;
+ };
+
+ nodes.generation3 = common;
+
+ nodes.generation4 = {
+ imports = [ common ];
+ security.dhparams.stateful = false;
+ security.dhparams.params.foo2.bits = 18;
+ security.dhparams.params.bar2.bits = 19;
+ };
+
+ nodes.generation5 = {
+ imports = [ common ];
+ security.dhparams.defaultBitSize = 30;
+ security.dhparams.params.foo3 = {};
+ security.dhparams.params.bar3 = {};
+ };
+
+ testScript = { nodes, ... }: let
+ getParamPath = gen: name: let
+ node = "generation${toString gen}";
+ in nodes.${node}.config.security.dhparams.params.${name}.path;
+
+ assertParamBits = gen: name: bits: let
+ path = getParamPath gen name;
+ in ''
+ $machine->nest('check bit size of ${path}', sub {
+ my $out = $machine->succeed('openssl dhparam -in ${path} -text');
+ $out =~ /^\s*DH Parameters:\s+\((\d+)\s+bit\)\s*$/m;
+ die "bit size should be ${toString bits} but it is $1 instead."
+ if $1 != ${toString bits};
+ });
+ '';
+
+ switchToGeneration = gen: let
+ node = "generation${toString gen}";
+ inherit (nodes.${node}.config.system.build) toplevel;
+ switchCmd = "${toplevel}/bin/switch-to-configuration test";
+ in ''
+ $machine->nest('switch to generation ${toString gen}', sub {
+ $machine->succeed('${switchCmd}');
+ $main::machine = ''$${node};
+ });
+ '';
+
+ in ''
+ my $machine = $generation1;
+
+ $machine->waitForUnit('multi-user.target');
+
+ subtest "verify startup order", sub {
+ $machine->succeed('systemctl is-active foo.service');
+ };
+
+ subtest "check bit sizes of dhparam files", sub {
+ ${assertParamBits 1 "foo" 16}
+ ${assertParamBits 1 "bar" 17}
+ };
+
+ ${switchToGeneration 2}
+
+ subtest "check whether bit size has changed", sub {
+ ${assertParamBits 2 "foo" 18}
+ };
+
+ subtest "ensure that dhparams file for 'bar' was deleted", sub {
+ $machine->fail('test -e ${getParamPath 1 "bar"}');
+ };
+
+ ${switchToGeneration 3}
+
+ subtest "ensure that 'security.dhparams.path' has been deleted", sub {
+ $machine->fail(
+ 'test -e ${nodes.generation3.config.security.dhparams.path}'
+ );
+ };
+
+ ${switchToGeneration 4}
+
+ subtest "check bit sizes dhparam files", sub {
+ ${assertParamBits 4 "foo2" 18}
+ ${assertParamBits 4 "bar2" 19}
+ };
+
+ subtest "check whether dhparam files are in the Nix store", sub {
+ $machine->succeed(
+ 'expr match ${getParamPath 4 "foo2"} ${builtins.storeDir}',
+ 'expr match ${getParamPath 4 "bar2"} ${builtins.storeDir}',
+ );
+ };
+
+ ${switchToGeneration 5}
+
+ subtest "check whether defaultBitSize works as intended", sub {
+ ${assertParamBits 5 "foo3" 30}
+ ${assertParamBits 5 "bar3" 30}
+ };
+ '';
+}
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
index 109fca440e57e0813ba9a888fcaa7bedc72fe2b7..1fbd199c7bc4f1aa9479047284f8be4f1cdb12e3 100644
--- a/nixos/tests/docker-registry.nix
+++ b/nixos/tests/docker-registry.nix
@@ -3,14 +3,16 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "docker-registry";
meta = with pkgs.stdenv.lib.maintainers; {
- maintainers = [ globin ];
+ maintainers = [ globin ma27 ironpinguin ];
};
nodes = {
registry = { config, pkgs, ... }: {
services.dockerRegistry.enable = true;
+ services.dockerRegistry.enableDelete = true;
services.dockerRegistry.port = 8080;
services.dockerRegistry.listenAddress = "0.0.0.0";
+ services.dockerRegistry.enableGarbageCollect = true;
networking.firewall.allowedTCPPorts = [ 8080 ];
};
@@ -33,11 +35,29 @@ import ./make-test.nix ({ pkgs, ...} : {
$registry->start();
$registry->waitForUnit("docker-registry.service");
+ $registry->waitForOpenPort("8080");
$client1->succeed("docker push registry:8080/scratch");
$client2->start();
$client2->waitForUnit("docker.service");
$client2->succeed("docker pull registry:8080/scratch");
$client2->succeed("docker images | grep scratch");
+
+ $client2->succeed(
+ 'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
+ );
+
+ $registry->systemctl("start docker-registry-garbage-collect.service");
+ $registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
+ $registry->waitForUnit("docker-registry.service");
+
+ $registry->fail(
+ 'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
+ );
+
+ $client1->succeed("docker push registry:8080/scratch");
+ $registry->succeed(
+ 'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
+ );
'';
})
diff --git a/nixos/tests/fleet.nix b/nixos/tests/fleet.nix
deleted file mode 100644
index 67c95446526f88c08b5797e52a3780b4d8a21abe..0000000000000000000000000000000000000000
--- a/nixos/tests/fleet.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : rec {
- name = "simple";
- meta = with pkgs.stdenv.lib.maintainers; {
- maintainers = [ offline ];
- };
-
- nodes = {
- node1 =
- { config, pkgs, ... }:
- {
- services = {
- etcd = {
- enable = true;
- listenPeerUrls = ["http://0.0.0.0:7001"];
- initialAdvertisePeerUrls = ["http://node1:7001"];
- initialCluster = ["node1=http://node1:7001" "node2=http://node2:7001"];
- };
- };
-
- services.fleet = {
- enable = true;
- metadata.name = "node1";
- };
-
- networking.firewall.allowedTCPPorts = [ 7001 ];
- };
-
- node2 =
- { config, pkgs, ... }:
- {
- services = {
- etcd = {
- enable = true;
- listenPeerUrls = ["http://0.0.0.0:7001"];
- initialAdvertisePeerUrls = ["http://node2:7001"];
- initialCluster = ["node1=http://node1:7001" "node2=http://node2:7001"];
- };
- };
-
- services.fleet = {
- enable = true;
- metadata.name = "node2";
- };
-
- networking.firewall.allowedTCPPorts = [ 7001 ];
- };
- };
-
- service = builtins.toFile "hello.service" ''
- [Unit]
- Description=Hello World
-
- [Service]
- ExecStart=/bin/sh -c "while true; do echo \"Hello, world\"; /var/run/current-system/sw/bin/sleep 1; done"
-
- [X-Fleet]
- MachineMetadata=name=node2
- '';
-
- testScript =
- ''
- startAll;
- $node1->waitForUnit("fleet.service");
- $node2->waitForUnit("fleet.service");
-
- $node2->waitUntilSucceeds("fleetctl list-machines | grep node1");
- $node1->waitUntilSucceeds("fleetctl list-machines | grep node2");
-
- $node1->succeed("cp ${service} hello.service && fleetctl submit hello.service");
- $node1->succeed("fleetctl list-unit-files | grep hello");
- $node1->succeed("fleetctl start hello.service");
- $node1->waitUntilSucceeds("fleetctl list-units | grep running");
- $node1->succeed("fleetctl stop hello.service");
- $node1->succeed("fleetctl destroy hello.service");
- '';
-})
diff --git a/nixos/tests/hibernate.nix b/nixos/tests/hibernate.nix
index a95235887e897c45e4993ad5fb92c8aa78bc043a..3ae2bdffed90aa6d9288cef03a0889c4ae6afc19 100644
--- a/nixos/tests/hibernate.nix
+++ b/nixos/tests/hibernate.nix
@@ -37,7 +37,7 @@ import ./make-test.nix (pkgs: {
$machine->waitForShutdown;
$machine->start;
$probe->waitForUnit("network.target");
- $probe->waitUntilSucceeds("echo test | nc machine 4444 -q 0");
+ $probe->waitUntilSucceeds("echo test | nc machine 4444 -N");
'';
})
diff --git a/nixos/tests/hitch/default.nix b/nixos/tests/hitch/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b024306cde56be8bfca4a9a5b1417df647acf850
--- /dev/null
+++ b/nixos/tests/hitch/default.nix
@@ -0,0 +1,33 @@
+import ../make-test.nix ({ pkgs, ... }:
+{
+ name = "hitch";
+ meta = with pkgs.stdenv.lib.maintainers; {
+ maintainers = [ jflanglois ];
+ };
+ machine = { config, pkgs, ... }: {
+ environment.systemPackages = [ pkgs.curl ];
+ services.hitch = {
+ enable = true;
+ backend = "[127.0.0.1]:80";
+ pem-files = [
+ ./example.pem
+ ];
+ };
+
+ services.httpd = {
+ enable = true;
+ documentRoot = ./example;
+ adminAddr = "noone@testing.nowhere";
+ };
+ };
+
+ testScript =
+ ''
+ startAll;
+
+ $machine->waitForUnit('multi-user.target');
+ $machine->waitForUnit('hitch.service');
+ $machine->waitForOpenPort(443);
+ $machine->succeed('curl -k https://localhost:443/index.txt | grep "We are all good!"');
+ '';
+})
diff --git a/nixos/tests/hitch/example.pem b/nixos/tests/hitch/example.pem
new file mode 100644
index 0000000000000000000000000000000000000000..fde6f3cbd19addb8ce84ffe32ab4d040e8b09c18
--- /dev/null
+++ b/nixos/tests/hitch/example.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIJAIFAWQXSZ7lIMA0GCSqGSIb3DQEBCwUAMIGqMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMUmVkd29vZCBD
+aXR5MRkwFwYDVQQKDBBUZXN0aW5nIDEyMyBJbmMuMRQwEgYDVQQLDAtJVCBTZXJ2
+aWNlczEYMBYGA1UEAwwPdGVzdGluZy5ub3doZXJlMSQwIgYJKoZIhvcNAQkBFhVu
+b29uZUB0ZXN0aW5nLm5vd2hlcmUwHhcNMTgwNDIzMDcxMTI5WhcNMTkwNDIzMDcx
+MTI5WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNV
+BAcMDFJlZHdvb2QgQ2l0eTEZMBcGA1UECgwQVGVzdGluZyAxMjMgSW5jLjEUMBIG
+A1UECwwLSVQgU2VydmljZXMxGDAWBgNVBAMMD3Rlc3Rpbmcubm93aGVyZTEkMCIG
+CSqGSIb3DQEJARYVbm9vbmVAdGVzdGluZy5ub3doZXJlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAxQq6AA9o/QErMbQwfgDF4mqXcvglRTwPr2zPE6Rv
+1g0ncRBSMM8iKbPapHM6qHNfg2e1fU2SFqzD6HkyZqHHLCgLzkdzswEcEjsMqiUP
+OR++5g4CWoQrdTi31itzYzCjnQ45BrAMrLEhBQgDTNwrEE+Tit0gpOGggtj/ktLk
+OD8BKa640lkmWEUGF18fd3rYTUC4hwM5qhAVXTe21vj9ZWsgprpQKdN61v0dCUap
+C5eAgvZ8Re+Cd0Id674hK4cJ4SekqfHKv/jLyIg3Vsdc9nkhmiC4O6KH5f1Zzq2i
+E4Kd5mnJDFxfSzIErKWmbhriLWsj3KEJ983AGLJ9hxQTAwIDAQABo1AwTjAdBgNV
+HQ4EFgQU76Mm6DP/BePJRQUNrJ9z038zjocwHwYDVR0jBBgwFoAU76Mm6DP/BePJ
+RQUNrJ9z038zjocwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAZzt
+VdPaUqrvDAh5rMYqzYMJ3tj6daNYoX6CbTFoevK5J5D4FESM0D/FMKgpNiVz39kB
+8Cjaw5rPHMHY61rHz7JRDK1sWXsonwzCF21BK7Tx0G1CIfLpYHWYb/FfdWGROx+O
+hPgKuoMRWQB+txozkZp5BqWJmk5MOyFCDEXhMOmrfsJq0IYU6QaH3Lsf1oJRy4yU
+afFrT9o3DLOyYLG/j/HXijCu8DVjZVa4aboum79ecYzPjjGF1posrFUnvQiuAeYy
+t7cuHNUB8gW9lWR5J7tP8fzFWtIcyT2oRL8u3H+fXf0i4bW73wtOBOoeULBzBNE7
+6rphcSrQunSZQIc+hg==
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFCroAD2j9ASsx
+tDB+AMXiapdy+CVFPA+vbM8TpG/WDSdxEFIwzyIps9qkczqoc1+DZ7V9TZIWrMPo
+eTJmoccsKAvOR3OzARwSOwyqJQ85H77mDgJahCt1OLfWK3NjMKOdDjkGsAyssSEF
+CANM3CsQT5OK3SCk4aCC2P+S0uQ4PwEprrjSWSZYRQYXXx93ethNQLiHAzmqEBVd
+N7bW+P1layCmulAp03rW/R0JRqkLl4CC9nxF74J3Qh3rviErhwnhJ6Sp8cq/+MvI
+iDdWx1z2eSGaILg7oofl/VnOraITgp3mackMXF9LMgSspaZuGuItayPcoQn3zcAY
+sn2HFBMDAgMBAAECggEAcaR8HijFHpab+PC5vxJnDuz3KEHiDQpU6ZJR5DxEnCm+
+A8GsBaaRR4gJpCspO5o/DiS0Ue55QUanPt8XqIXJv7fhBznCiw0qyYDxDviMzR94
+FGskBFySS+tIa+dnh1+4HY7kaO0Egl0udB5o+N1KoP+kUsSyXSYcUxsgW+fx5FW9
+22Ya3HNWnWxMCSfSGGlTFXGj2whf25SkL25dM9iblO4ZOx4MX8kaXij7TaYy8hMM
+Vf6/OMnXqtPKho+ctZZVKZkE9PxdS4f/pnp5EsdoOZwNBtfQ1WqVLWd3DlGWhnsH
+7L8ZSP2HkoI4Pd1wtkpOKZc+yM2bFXWa8WY4TcmpUQKBgQD33HxGdtmtZehrexSA
+/ZwWJlMslUsNz4Ivv6s7J4WCRhdh94+r9TWQP/yHdT9Ry5bvn84I5ZLUdp+aA962
+mvjz+GIglkCGpA7HU/hqurB1O63pj2cIDB8qhV21zjVIoqXcQ7IBJ+tqD79nF8vm
+h3KfuHUhuu1rayGepbtIyNhLdwKBgQDLgw4TJBg/QB8RzYECk78QnfZpCExsQA/z
+YJpc+dF2/nsid5R2u9jWzfmgHM2Jjo2/+ofRUaTqcFYU0K57CqmQkOLIzsbNQoYt
+e2NOANNVHiZLuzTZC2r3BrrkNbo3YvQzhAesUA5lS6LfrxBLUKiwo2LU9NlmJs3b
+UPVFYI0/1QKBgCswxIcS1sOcam+wNtZzWuuRKhUuvrFdY3YmlBPuwxj8Vb7AgMya
+IgdM3xhLmgkKzPZchm6OcpOLSCxyWDDBuHfq5E6BYCUWGW0qeLNAbNdA2wFD99Qz
+KIskSjwP/sD1dql3MmF5L1CABf5U6zb0i0jBv8ds50o8lNMsVgJM3UPpAoGBAL1+
+nzllb4pdi1CJWKnspoizfQCZsIdPM0r71V/jYY36MO+MBtpz2NlSWzAiAaQm74gl
+oBdgfT2qMg0Zro11BSRONEykdOolGkj5TiMQk7b65s+3VeMPRZ8UTis2d9kgs5/Q
+PVDODkl1nwfGu1ZVmW04BUujXVZHpYCkJm1eFMetAoGAImE7gWj+qRMhpbtCCGCg
+z06gDKvMrF6S+GJsvUoSyM8oUtfdPodI6gWAC65NfYkIiqbpCaEVNzfui73f5Lnz
+p5X1IbzhuH5UZs/k5A3OR2PPDbPs3lqEw7YJdBdLVRmO1o824uaXaJJwkL/1C+lq
+8dh1wV3CnynNmZApkz4vpzQ=
+-----END PRIVATE KEY-----
diff --git a/nixos/tests/hitch/example/index.txt b/nixos/tests/hitch/example/index.txt
new file mode 100644
index 0000000000000000000000000000000000000000..0478b1c26351790689f3ec228c46d9ec5e8eff6f
--- /dev/null
+++ b/nixos/tests/hitch/example/index.txt
@@ -0,0 +1 @@
+We are all good!
diff --git a/nixos/tests/kernel-copperhead.nix b/nixos/tests/kernel-copperhead.nix
index 0af978f1851f934bd9e14d1401d7b7d9d4948ba9..aa133c9b0aa7ae01062744351e1d52a73ee8cc0d 100644
--- a/nixos/tests/kernel-copperhead.nix
+++ b/nixos/tests/kernel-copperhead.nix
@@ -6,14 +6,14 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { config, lib, pkgs, ... }:
{
- boot.kernelPackages = pkgs.linuxPackages_copperhead_hardened;
+ boot.kernelPackages = pkgs.linuxPackages_copperhead_lts;
};
testScript =
''
$machine->succeed("uname -a");
$machine->succeed("uname -s | grep 'Linux'");
- $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_hardened.kernel.modDirVersion}'");
+ $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_lts.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep 'hardened'");
'';
})
diff --git a/nixos/tests/nsd.nix b/nixos/tests/nsd.nix
index ad4d4f8224353d1be28f49e7c6a7bd54ee14001a..c3c91e71b5ca85730486de918670ff52045472e6 100644
--- a/nixos/tests/nsd.nix
+++ b/nixos/tests/nsd.nix
@@ -41,6 +41,7 @@ in import ./make-test.nix ({ pkgs, ...} : {
{ address = "dead:beef::1"; prefixLength = 64; }
];
services.nsd.enable = true;
+ services.nsd.rootServer = true;
services.nsd.interfaces = lib.mkForce [];
services.nsd.zones."example.com.".data = ''
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
@@ -55,6 +56,11 @@ in import ./make-test.nix ({ pkgs, ...} : {
@ A 9.8.7.6
@ AAAA fedc::bbaa
'';
+ services.nsd.zones.".".data = ''
+ @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
+ root A 1.8.7.4
+ root AAAA acbd::4
+ '';
};
};
@@ -86,6 +92,9 @@ in import ./make-test.nix ({ pkgs, ...} : {
assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);
assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);
+
+ assertHost($_, "a", "root", qr/address 1.8.7.4$/);
+ assertHost($_, "aaaa", "root", qr/address acbd::4$/);
};
}
'';
diff --git a/nixos/tests/osquery.nix b/nixos/tests/osquery.nix
new file mode 100644
index 0000000000000000000000000000000000000000..281dbcff664382be478ec98c9f7d734fa687eb0d
--- /dev/null
+++ b/nixos/tests/osquery.nix
@@ -0,0 +1,28 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+with lib;
+
+{
+ name = "osquery";
+ meta = with pkgs.stdenv.lib.maintainers; {
+ maintainers = [ ma27 ];
+ };
+
+ machine = {
+ services.osquery.enable = true;
+ services.osquery.loggerPath = "/var/log/osquery/logs";
+ services.osquery.pidfile = "/var/run/osqueryd.pid";
+ };
+
+ testScript = ''
+ $machine->start;
+ $machine->waitForUnit("osqueryd.service");
+
+ $machine->succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | grep '127.0.0.1'");
+ $machine->succeed(
+ "echo 'SELECT value FROM osquery_flags WHERE name = \"logger_path\";' | osqueryi | grep /var/log/osquery/logs"
+ );
+
+ $machine->succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"pidfile\";' | osqueryi | grep /var/run/osqueryd.pid");
+ '';
+})
diff --git a/nixos/tests/panamax.nix b/nixos/tests/panamax.nix
deleted file mode 100644
index 088aa79f8c6156eebfdb578cc69bc64d1f6aae3e..0000000000000000000000000000000000000000
--- a/nixos/tests/panamax.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
- name = "panamax";
- meta = with pkgs.stdenv.lib.maintainers; {
- maintainers = [ offline ];
- };
-
- machine = { config, pkgs, ... }: {
- services.panamax.enable = true;
- };
-
- testScript =
- ''
- startAll;
- $machine->waitForUnit("panamax-api.service");
- $machine->waitForUnit("panamax-ui.service");
- $machine->waitForOpenPort(3000);
- $machine->waitForOpenPort(8888);
- $machine->succeed("curl --fail http://localhost:8888/ > /dev/null");
- $machine->shutdown;
- '';
-})
diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix
index b4c2039923cf02d5fea04768315ba7706d5c4a3a..0b431034a7a928ef6c8b23771877979779491ec5 100644
--- a/nixos/tests/predictable-interface-names.nix
+++ b/nixos/tests/predictable-interface-names.nix
@@ -1,27 +1,24 @@
-{ system ? builtins.currentSystem
-, pkgs ? import ../.. { inherit system; }
-}:
-with import ../lib/testing.nix { inherit system; };
-let boolToString = x: if x then "yes" else "no"; in
-let testWhenSetTo = predictable: withNetworkd:
-makeTest {
- name = "${if predictable then "" else "un"}predictableInterfaceNames${if withNetworkd then "-with-networkd" else ""}";
- meta = {};
+{ system ? builtins.currentSystem }:
- machine = { config, pkgs, ... }: {
- networking.usePredictableInterfaceNames = pkgs.stdenv.lib.mkForce predictable;
- networking.useNetworkd = withNetworkd;
- networking.dhcpcd.enable = !withNetworkd;
- };
+let
+ inherit (import ../lib/testing.nix { inherit system; }) makeTest pkgs;
+in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: {
+ name = pkgs.lib.optionalString (!predictable) "un" + "predictable"
+ + pkgs.lib.optionalString withNetworkd "Networkd";
+ value = makeTest {
+ name = "${if predictable then "" else "un"}predictableInterfaceNames${if withNetworkd then "-with-networkd" else ""}";
+ meta = {};
+
+ machine = { config, lib, ... }: {
+ networking.usePredictableInterfaceNames = lib.mkForce predictable;
+ networking.useNetworkd = withNetworkd;
+ networking.dhcpcd.enable = !withNetworkd;
+ };
- testScript = ''
- print $machine->succeed("ip link");
- $machine->succeed("ip link show ${if predictable then "ens3" else "eth0"}");
- $machine->fail("ip link show ${if predictable then "eth0" else "ens3"}");
- '';
-}; in
-with pkgs.stdenv.lib.lists;
-with pkgs.stdenv.lib.attrsets;
-listToAttrs (map (drv: nameValuePair drv.name drv) (
-crossLists testWhenSetTo [[true false] [true false]]
-))
+ testScript = ''
+ print $machine->succeed("ip link");
+ $machine->succeed("ip link show ${if predictable then "ens3" else "eth0"}");
+ $machine->fail("ip link show ${if predictable then "eth0" else "ens3"}");
+ '';
+ };
+}) [[true false] [true false]])
diff --git a/nixos/tests/statsd.nix b/nixos/tests/statsd.nix
index a9d7dc61cb603ab876cbd58f2832ead5f199711b..c71949249a4b9138e9ba711fc5bf45202fb8fdb4 100644
--- a/nixos/tests/statsd.nix
+++ b/nixos/tests/statsd.nix
@@ -35,6 +35,6 @@ with lib;
testScript = ''
$statsd1->start();
$statsd1->waitForUnit("statsd.service");
- $statsd1->succeed("nc -z 127.0.0.1 8126");
+ $statsd1->waitUntilSucceeds("nc -z 127.0.0.1 8126");
'';
})
diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix
index 72d51c0051c07751ae4575589cd481c10bf1422c..70a999267a54c237ee80e1327df1b34c9790c139 100644
--- a/nixos/tests/udisks2.nix
+++ b/nixos/tests/udisks2.nix
@@ -37,7 +37,8 @@ in
$machine->fail("udisksctl info -b /dev/sda1");
# Attach a USB stick and wait for it to show up.
- $machine->sendMonitorCommand("usb_add disk:$stick");
+ $machine->sendMonitorCommand("drive_add 0 id=stick,if=none,file=$stick,format=raw");
+ $machine->sendMonitorCommand("device_add usb-storage,id=stick,drive=stick");
$machine->waitUntilSucceeds("udisksctl info -b /dev/sda1");
$machine->succeed("udisksctl info -b /dev/sda1 | grep 'IdLabel:.*USBSTICK'");
@@ -52,7 +53,7 @@ in
$machine->fail("[ -d /run/media/alice/USBSTICK ]");
# Remove the USB stick.
- $machine->sendMonitorCommand("usb_del 0.3"); # FIXME
+ $machine->sendMonitorCommand("device_del stick");
$machine->waitUntilFails("udisksctl info -b /dev/sda1");
$machine->fail("[ -e /dev/sda ]");
'';
diff --git a/pkgs/applications/altcoins/bitcoin-abc.nix b/pkgs/applications/altcoins/bitcoin-abc.nix
index 35488732117d61f501c42378659ecd34f7417a2c..bd365e16730499420cd29aac83af6c293c347caa 100644
--- a/pkgs/applications/altcoins/bitcoin-abc.nix
+++ b/pkgs/applications/altcoins/bitcoin-abc.nix
@@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
- version = "0.17.0";
+ version = "0.17.1";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
- sha256 = "1s2y29h2q4fnbrfg2ig1cd3h7g3kdcdyrfq7znq1ndnh8xj1j489";
+ sha256 = "1kq9n3s9vhkmfaizsyi2cb91ibi06gb6wx0hkcb9hg3nrrvcka3y";
};
patches = [ ./fix-bitcoin-qt-build.patch ];
diff --git a/pkgs/applications/altcoins/default.nix b/pkgs/applications/altcoins/default.nix
index c58178e3edbb11d69dcf5c237d13a3e6ad90b6d3..9915e0a301a1bea314531ac7316adf7554ba241b 100644
--- a/pkgs/applications/altcoins/default.nix
+++ b/pkgs/applications/altcoins/default.nix
@@ -86,4 +86,7 @@ rec {
parity = callPackage ./parity { };
parity-beta = callPackage ./parity/beta.nix { };
+ parity-ui = callPackage ./parity-ui { };
+
+ particl-core = callPackage ./particl/particl-core.nix { boost = boost165; miniupnpc = miniupnpc_2; withGui = false; };
}
diff --git a/pkgs/applications/altcoins/go-ethereum.nix b/pkgs/applications/altcoins/go-ethereum.nix
index 65e1dbc9b198e170af902220b579d2303f9c0683..a47b7fa3168fba6458ff326056eb4138d8ddad20 100644
--- a/pkgs/applications/altcoins/go-ethereum.nix
+++ b/pkgs/applications/altcoins/go-ethereum.nix
@@ -2,7 +2,7 @@
buildGoPackage rec {
name = "go-ethereum-${version}";
- version = "1.8.3";
+ version = "1.8.6";
goPackagePath = "github.com/ethereum/go-ethereum";
# Fix for usb-related segmentation faults on darwin
@@ -27,7 +27,7 @@ buildGoPackage rec {
owner = "ethereum";
repo = "go-ethereum";
rev = "v${version}";
- sha256 = "1vdrf3fi4arr6aivyp5myj4jy7apqbiqa6brr3jplmc07q1yijnf";
+ sha256 = "1n6f34r7zlc64l1q8xzcjk5sljdznjwp81d9naapprhpqb8g01gl";
};
meta = with stdenv.lib; {
diff --git a/pkgs/applications/altcoins/monero/default.nix b/pkgs/applications/altcoins/monero/default.nix
index 8be24522f5648d3ffe6169cf38ecd30598566c26..cbba1ecba145d9a8e8e8f13226bb7ad01bf1d67a 100644
--- a/pkgs/applications/altcoins/monero/default.nix
+++ b/pkgs/applications/altcoins/monero/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchFromGitHub, cmake, pkgconfig, git
+{ stdenv, fetchFromGitHub, fetchpatch
+, cmake, pkgconfig, git
, boost, miniupnpc, openssl, unbound, cppzmq
, zeromq, pcsclite, readline
, CoreData, IOKit, PCSC
@@ -21,6 +22,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake pkgconfig git ];
+ patches = [
+ # fix daemon crash, remove with 0.12.1.0 update
+ (fetchpatch {
+ url = "https://github.com/monero-project/monero/commit/08343ab.diff";
+ sha256 = "0f1snrl2mk2czwk1ysympzr8ismjx39fcqgy13276vcmw0cfqi83";
+ })
+ ];
+
buildInputs = [
boost miniupnpc openssl unbound
cppzmq zeromq pcsclite readline
diff --git a/pkgs/applications/altcoins/nano-wallet/CMakeLists.txt.patch b/pkgs/applications/altcoins/nano-wallet/CMakeLists.txt.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5bbec1d39bea2d433c91db2c4c0e77fb7497f825
--- /dev/null
+++ b/pkgs/applications/altcoins/nano-wallet/CMakeLists.txt.patch
@@ -0,0 +1,13 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b43f02f6..4470abbf 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -119,7 +119,7 @@ endif (RAIBLOCKS_SECURE_RPC)
+
+ include_directories (${CMAKE_SOURCE_DIR})
+
+-set(Boost_USE_STATIC_LIBS ON)
++add_definitions(-DBOOST_LOG_DYN_LINK)
+ set(Boost_USE_MULTITHREADED ON)
+
+ if (BOOST_CUSTOM)
diff --git a/pkgs/applications/altcoins/nano-wallet/default.nix b/pkgs/applications/altcoins/nano-wallet/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..8c4722bd99171039aadf20c485b91bc8fdfe1b89
--- /dev/null
+++ b/pkgs/applications/altcoins/nano-wallet/default.nix
@@ -0,0 +1,57 @@
+{lib, pkgs, stdenv, fetchFromGitHub, cmake, pkgconfig, boost, libGL, qtbase}:
+
+stdenv.mkDerivation rec {
+
+ name = "nano-wallet-${version}";
+ version = "12.1";
+
+ src = fetchFromGitHub {
+ owner = "nanocurrency";
+ repo = "raiblocks";
+ rev = "V${version}";
+ sha256 = "10ng7qn6y31s2bjahmpivw2plx90ljjjzb87j3l7zmppsjd2iq03";
+ fetchSubmodules = true;
+ };
+
+ # Use a patch to force dynamic linking
+ patches = [
+ ./CMakeLists.txt.patch
+ ];
+
+ cmakeFlags = let
+ options = {
+ BOOST_ROOT = "${boost}";
+ Boost_USE_STATIC_LIBS = "OFF";
+ RAIBLOCKS_GUI = "ON";
+ RAIBLOCKS_TEST = "ON";
+ Qt5_DIR = "${qtbase.dev}/lib/cmake/Qt5";
+ Qt5Core_DIR = "${qtbase.dev}/lib/cmake/Qt5Core";
+ Qt5Gui_INCLUDE_DIRS = "${qtbase.dev}/include/QtGui";
+ Qt5Widgets_INCLUDE_DIRS = "${qtbase.dev}/include/QtWidgets";
+ };
+ optionToFlag = name: value: "-D${name}=${value}";
+ in lib.mapAttrsToList optionToFlag options;
+
+ nativeBuildInputs = [ cmake pkgconfig ];
+ buildInputs = [ boost libGL qtbase ];
+
+ buildPhase = ''
+ make nano_wallet
+ '';
+
+ checkPhase = ''
+ ./core_test
+ '';
+
+ meta = {
+ inherit version;
+ description = "Wallet for Nano cryptocurrency";
+ homepage = https://nano.org/en/wallet/;
+ license = lib.licenses.bsd2;
+ # Fails on Darwin. See:
+ # https://github.com/NixOS/nixpkgs/pull/39295#issuecomment-386800962
+ platforms = lib.platforms.linux;
+ maintainers = with lib.maintainers; [ jluttine ];
+ };
+
+}
diff --git a/pkgs/applications/altcoins/parity-ui/default.nix b/pkgs/applications/altcoins/parity-ui/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..56a95b6d5968b687dce641f769d7f7822b53b70e
--- /dev/null
+++ b/pkgs/applications/altcoins/parity-ui/default.nix
@@ -0,0 +1,50 @@
+{ stdenv, pkgs, fetchurl, lib, makeWrapper, nodePackages }:
+
+let
+
+uiEnv = pkgs.callPackage ./env.nix { };
+
+in stdenv.mkDerivation rec {
+ name = "parity-ui-${version}";
+ version = "0.1.1";
+
+ src = fetchurl {
+ url = "https://github.com/parity-js/shell/releases/download/v${version}/parity-ui_${version}_amd64.deb";
+ sha256 = "1jym6q63m5f4xm06dxiiabhbqnr0hysf2d3swysncs5hg6w00lh3";
+ name = "${name}.deb";
+ };
+
+ nativeBuildInputs = [ makeWrapper nodePackages.asar ];
+
+ buildCommand = ''
+ mkdir -p $out/usr/
+ ar p $src data.tar.xz | tar -C $out -xJ .
+ substituteInPlace $out/usr/share/applications/parity-ui.desktop \
+ --replace "/opt/Parity UI" $out/bin
+ mv $out/usr/* $out/
+ mv "$out/opt/Parity UI" $out/share/parity-ui
+ rm -r $out/usr/
+ rm -r $out/opt/
+
+ fixupPhase
+
+ patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+ --set-rpath "${uiEnv.libPath}:$out/share/parity-ui" \
+ $out/share/parity-ui/parity-ui
+
+ find $out/share/parity-ui -name "*.node" -exec patchelf --set-rpath "${uiEnv.libPath}:$out/share/parity-ui" {} \;
+
+ paxmark m $out/share/parity-ui/parity-ui
+
+ mkdir -p $out/bin
+ ln -s $out/share/parity-ui/parity-ui $out/bin/parity-ui
+ '';
+
+ meta = with stdenv.lib; {
+ description = "UI for Parity. Fast, light, robust Ethereum implementation";
+ homepage = http://parity.io;
+ license = licenses.gpl3;
+ maintainers = [ maintainers.sorpaas ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/altcoins/parity-ui/env.nix b/pkgs/applications/altcoins/parity-ui/env.nix
new file mode 100644
index 0000000000000000000000000000000000000000..a273bf33d1006d32e7b557231647016464536f7f
--- /dev/null
+++ b/pkgs/applications/altcoins/parity-ui/env.nix
@@ -0,0 +1,19 @@
+{ stdenv, lib, zlib, glib, alsaLib, dbus, gtk2, atk, pango, freetype, fontconfig
+, libgnome-keyring3, gdk_pixbuf, gvfs, cairo, cups, expat, libgpgerror, nspr
+, nss, xorg, libcap, systemd, libnotify, libsecret, gnome3 }:
+
+let
+ packages = [
+ stdenv.cc.cc zlib glib dbus gtk2 atk pango freetype libgnome-keyring3
+ fontconfig gdk_pixbuf cairo cups expat libgpgerror alsaLib nspr nss
+ xorg.libXrender xorg.libX11 xorg.libXext xorg.libXdamage xorg.libXtst
+ xorg.libXcomposite xorg.libXi xorg.libXfixes xorg.libXrandr
+ xorg.libXcursor xorg.libxkbfile xorg.libXScrnSaver libcap systemd libnotify
+ xorg.libxcb libsecret gnome3.gconf
+ ];
+
+ libPathNative = lib.makeLibraryPath packages;
+ libPath64 = lib.makeSearchPathOutput "lib" "lib64" packages;
+ libPath = "${libPathNative}:${libPath64}";
+
+in { inherit packages libPath; }
diff --git a/pkgs/applications/altcoins/parity/beta.nix b/pkgs/applications/altcoins/parity/beta.nix
index ed78133a759cf17ed913b04a01590a40d0d4c85b..9cbab6ad0955611a39fae99ac4d51deb625d1dac 100644
--- a/pkgs/applications/altcoins/parity/beta.nix
+++ b/pkgs/applications/altcoins/parity/beta.nix
@@ -1,7 +1,7 @@
let
- version = "1.10.0";
- sha256 = "0dmdd7qa8lww5bzcdn25nkyz6334irh8hw0y1j0yc2pmd2dny99g";
- cargoSha256 = "0whkjbaq40mqva1ayqnmz2ppqjrg35va93cypx1al41rsp1yc37m";
+ version = "1.10.2";
+ sha256 = "1a1rbwlwi60nfv6m1rdy5baq5lcafc8nw96y45pr1674i48gkp0l";
+ cargoSha256 = "0l3rjkinzppfq8fi8h24r35rb552fzzman5a6yk33wlsdj2lv7yh";
patches = [ ./patches/vendored-sources-1.10.patch ];
in
import ./parity.nix { inherit version sha256 cargoSha256 patches; }
diff --git a/pkgs/applications/altcoins/parity/default.nix b/pkgs/applications/altcoins/parity/default.nix
index 99179932109470f794bd93a3476af50fe6a21da2..d85fc25355c8c9db2b66b844648487cf0edb654b 100644
--- a/pkgs/applications/altcoins/parity/default.nix
+++ b/pkgs/applications/altcoins/parity/default.nix
@@ -1,7 +1,7 @@
let
- version = "1.9.5";
- sha256 = "0f2x78p5bshs3678qcybqd34k83d294mp3vadp99iqhmbkhbfyy7";
- cargoSha256 = "1irc01sva5yyhdv79cs6jk5pbmhxyvs0ja4cly4nw639m1kx7rva";
+ version = "1.9.7";
+ sha256 = "1h9rmyqkdv2v83g12dadgqflq1n1qqgd5hrpy20ajha0qpbiv3ph";
+ cargoSha256 = "0ss5jw43850r8l34prai5vk1zd5d5fjyg4rcav1asbq6v683bww0";
patches = [ ./patches/vendored-sources-1.9.patch ];
in
import ./parity.nix { inherit version sha256 cargoSha256 patches; }
diff --git a/pkgs/applications/altcoins/parity/patches/vendored-sources-1.10.patch b/pkgs/applications/altcoins/parity/patches/vendored-sources-1.10.patch
index 3e8e032f30c2e97bbf61edb2b5e402f04d901b39..e59858442c9e6260269484770b8db26be98b7c38 100644
--- a/pkgs/applications/altcoins/parity/patches/vendored-sources-1.10.patch
+++ b/pkgs/applications/altcoins/parity/patches/vendored-sources-1.10.patch
@@ -2,7 +2,7 @@ diff --git a/.cargo/config b/.cargo/config
index 72652ad2f..b21c6aa7b 100644
--- a/.cargo/config
+++ b/.cargo/config
-@@ -1,3 +1,113 @@
+@@ -1,3 +1,108 @@
[target.x86_64-pc-windows-msvc]
# Link the C runtime statically ; https://github.com/paritytech/parity/issues/6643
rustflags = ["-Ctarget-feature=+crt-static"]
@@ -42,6 +42,11 @@ index 72652ad2f..b21c6aa7b 100644
+rev = "eecaadcb9e421bce31e91680d14a20bbd38f92a2"
+replace-with = "vendored-sources"
+
++[source."https://github.com/paritytech/app-dirs-rs"]
++git = "https://github.com/paritytech/app-dirs-rs"
++branch = "master"
++replace-with = "vendored-sources"
++
+[source."https://github.com/paritytech/bn"]
+git = "https://github.com/paritytech/bn"
+branch = "master"
@@ -97,16 +102,6 @@ index 72652ad2f..b21c6aa7b 100644
+branch = "master"
+replace-with = "vendored-sources"
+
-+[source."https://github.com/paritytech/wasm-utils"]
-+git = "https://github.com/paritytech/wasm-utils"
-+branch = "master"
-+replace-with = "vendored-sources"
-+
-+[source."https://github.com/paritytech/wasmi"]
-+git = "https://github.com/paritytech/wasmi"
-+branch = "master"
-+replace-with = "vendored-sources"
-+
+[source."https://github.com/tailhook/rotor"]
+git = "https://github.com/tailhook/rotor"
+branch = "master"
@@ -116,3 +111,4 @@ index 72652ad2f..b21c6aa7b 100644
+git = "https://github.com/tomusdrw/ws-rs"
+branch = "master"
+replace-with = "vendored-sources"
++
diff --git a/pkgs/applications/altcoins/parity/patches/vendored-sources-1.9.patch b/pkgs/applications/altcoins/parity/patches/vendored-sources-1.9.patch
index d91b103c6cef9915f21768897191e816efd372a4..3e1ba2429f2dfd5f2abcd2ced55053c4dc01d258 100644
--- a/pkgs/applications/altcoins/parity/patches/vendored-sources-1.9.patch
+++ b/pkgs/applications/altcoins/parity/patches/vendored-sources-1.9.patch
@@ -1,10 +1,9 @@
diff --git a/.cargo/config b/.cargo/config
new file mode 100644
index 000000000..0efb69724
---- /dev/null
+--- /dev/null
+++ b/.cargo/config
-@@ -0,0 +1,100 @@
-+
+@@ -0,0 +1,94 @@
+[source."https://github.com/alexcrichton/mio-named-pipes"]
+git = "https://github.com/alexcrichton/mio-named-pipes"
+branch = "master"
@@ -30,6 +29,11 @@ index 000000000..0efb69724
+branch = "master"
+replace-with = "vendored-sources"
+
++[source."https://github.com/paritytech/app-dirs-rs"]
++git = "https://github.com/paritytech/app-dirs-rs"
++branch = "master"
++replace-with = "vendored-sources"
++
+[source."https://github.com/paritytech/bn"]
+git = "https://github.com/paritytech/bn"
+branch = "master"
@@ -85,16 +89,6 @@ index 000000000..0efb69724
+branch = "master"
+replace-with = "vendored-sources"
+
-+[source."https://github.com/paritytech/wasm-utils"]
-+git = "https://github.com/paritytech/wasm-utils"
-+branch = "master"
-+replace-with = "vendored-sources"
-+
-+[source."https://github.com/paritytech/wasmi"]
-+git = "https://github.com/paritytech/wasmi"
-+branch = "master"
-+replace-with = "vendored-sources"
-+
+[source."https://github.com/tailhook/rotor"]
+git = "https://github.com/tailhook/rotor"
+branch = "master"
diff --git a/pkgs/applications/altcoins/particl/particl-core.nix b/pkgs/applications/altcoins/particl/particl-core.nix
new file mode 100644
index 0000000000000000000000000000000000000000..2524408429c3848698eb9c16f4f26a62c2b16e95
--- /dev/null
+++ b/pkgs/applications/altcoins/particl/particl-core.nix
@@ -0,0 +1,47 @@
+{ stdenv
+, autoreconfHook
+, boost
+, db48
+, fetchurl
+, libevent
+, libtool
+, miniupnpc
+, openssl
+, pkgconfig
+, utillinux
+, zeromq
+, zlib
+, withGui
+, unixtools
+}:
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+ name = "particl-core-${version}";
+ version = "0.16.0.4";
+
+ src = fetchurl {
+ url = "https://github.com/particl/particl-core/archive/v${version}.tar.gz";
+ sha256 = "1yy8pw13rn821jpi1zvzwi3ipxi1bgfxv8g6jz49qlbjzjmjcr68";
+ };
+
+ nativeBuildInputs = [ pkgconfig autoreconfHook ];
+ buildInputs = [
+ openssl db48 boost zlib miniupnpc libevent zeromq
+ unixtools.hexdump
+ ];
+
+ configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ];
+
+ meta = {
+ description = "Privacy-Focused Marketplace & Decentralized Application Platform";
+ longDescription= ''
+ An open source, decentralized privacy platform built for global person to person eCommerce.
+ '';
+ homepage = https://particl.io/;
+ maintainers = with maintainers; [ demyanrogozhin ];
+ license = licenses.mit;
+ platforms = platforms.unix;
+ };
+}
diff --git a/pkgs/applications/audio/gmpc/default.nix b/pkgs/applications/audio/gmpc/default.nix
index c2adc58f9ce564d99c780ad701f42ad52923c844..099e4428016e5b24523fb893ecbf92dbdfb7e6b9 100644
--- a/pkgs/applications/audio/gmpc/default.nix
+++ b/pkgs/applications/audio/gmpc/default.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
];
meta = with stdenv.lib; {
- homepage = http://gmpclient.org;
+ homepage = https://gmpclient.org;
description = "A GTK2 frontend for Music Player Daemon";
license = licenses.gpl2;
maintainers = [ maintainers.rickynils ];
diff --git a/pkgs/applications/audio/kid3/default.nix b/pkgs/applications/audio/kid3/default.nix
index 4c9540607eb6da12beae580fb726325e58e1a51c..31369bd1e6385677d3a13e0a70c94d04ff9826d7 100644
--- a/pkgs/applications/audio/kid3/default.nix
+++ b/pkgs/applications/audio/kid3/default.nix
@@ -1,9 +1,8 @@
{ stdenv, fetchurl
-, pkgconfig, cmake
-, docbook_xml_dtd_45, docbook_xsl, libxslt
-, python, ffmpeg, mp4v2, flac, libogg, libvorbis
-, phonon, automoc4, chromaprint, id3lib, taglib
-, qt, zlib, readline
+, pkgconfig, cmake, python, ffmpeg, phonon, automoc4
+, chromaprint, docbook_xml_dtd_45, docbook_xsl, libxslt
+, id3lib, taglib, mp4v2, flac, libogg, libvorbis
+, zlib, readline , qtbase, qttools, qtmultimedia, qtquickcontrols
, makeWrapper
}:
@@ -18,9 +17,10 @@ stdenv.mkDerivation rec {
};
buildInputs = with stdenv.lib;
- [ pkgconfig cmake python ffmpeg docbook_xml_dtd_45 docbook_xsl libxslt
- phonon automoc4 chromaprint id3lib taglib mp4v2 flac libogg libvorbis
- qt zlib readline makeWrapper ];
+ [ pkgconfig cmake python ffmpeg phonon automoc4
+ chromaprint docbook_xml_dtd_45 docbook_xsl libxslt
+ id3lib taglib mp4v2 flac libogg libvorbis zlib readline
+ qtbase qttools qtmultimedia qtquickcontrols makeWrapper ];
cmakeFlags = [ "-DWITH_APPS=Qt;CLI" ];
NIX_LDFLAGS = "-lm -lpthread";
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
'';
postInstall = ''
- wrapProgram $out/bin/kid3-qt --prefix QT_PLUGIN_PATH : $out/lib/qt4/plugins
+ wrapProgram $out/bin/kid3-qt --prefix QT_PLUGIN_PATH : $out/lib/qt5/plugins
'';
enableParallelBuilding = true;
@@ -73,4 +73,3 @@ stdenv.mkDerivation rec {
platforms = platforms.linux;
};
}
-# TODO: Qt5 support - not so urgent!
diff --git a/pkgs/applications/audio/mopidy/iris.nix b/pkgs/applications/audio/mopidy/iris.nix
index f3a9b73aabe5e29152c74630bebd15c67c9f1c74..cfd2a4173da70f9f7ffe2d8f1ce3531a52950391 100644
--- a/pkgs/applications/audio/mopidy/iris.nix
+++ b/pkgs/applications/audio/mopidy/iris.nix
@@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
- version = "3.17.1";
+ version = "3.17.5";
src = pythonPackages.fetchPypi {
inherit pname version;
- sha256 = "02k1br077v9c5x6nn0391vh28pvn1zjbkjv8h508vy7k6ch2xjyq";
+ sha256 = "011bccvjy1rdrc43576hgfb7md404ziqmkam6na2z6v9km1b9gwr";
};
propagatedBuildInputs = [
diff --git a/pkgs/applications/audio/mpc123/default.nix b/pkgs/applications/audio/mpc123/default.nix
index ac945bee7f743f2d982e1e11323210b445b3bfda..efaef97257e0a1c028107084066873a30bdccbed 100644
--- a/pkgs/applications/audio/mpc123/default.nix
+++ b/pkgs/applications/audio/mpc123/default.nix
@@ -27,6 +27,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ ];
- platforms = stdenv.lib.platforms.gnu; # arbitrary choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice
};
}
diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix
index ee0ebf234ce5a82c9acccbdc18bd13aac798abd2..3ffc5265f7a034f31e0b9002ca9224fff22159ee 100644
--- a/pkgs/applications/audio/mpg321/default.nix
+++ b/pkgs/applications/audio/mpg321/default.nix
@@ -30,6 +30,6 @@ stdenv.mkDerivation rec {
homepage = http://mpg321.sourceforge.net/;
license = licenses.gpl2;
maintainers = [ maintainers.rycee ];
- platforms = platforms.gnu;
+ platforms = platforms.gnu ++ platforms.linux;
};
}
diff --git a/pkgs/applications/audio/snd/default.nix b/pkgs/applications/audio/snd/default.nix
index 660f342dc9d96f8ad9c91eb0641cfad2ce52edb0..cacc6e04429df6c19a452b01d81e95dcbd7c447c 100644
--- a/pkgs/applications/audio/snd/default.nix
+++ b/pkgs/applications/audio/snd/default.nix
@@ -4,11 +4,11 @@
}:
stdenv.mkDerivation rec {
- name = "snd-18.2";
+ name = "snd-18.3";
src = fetchurl {
url = "mirror://sourceforge/snd/${name}.tar.gz";
- sha256 = "0b0ija3cf2c9sqh3cclk5a7i73vagfkyw211aykfd76w7ibirs3r";
+ sha256 = "117sgvdv0a03ys1v27bs99mgzpfm2a7xg6s0q6m1f79jniia12ss";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/applications/audio/spotify/default.nix b/pkgs/applications/audio/spotify/default.nix
index 87bf440ed4f39b08c1f2f87d6f9a146011ebc2b7..5f6772256cab75eda70214e7aa47d7d8c584e6e4 100644
--- a/pkgs/applications/audio/spotify/default.nix
+++ b/pkgs/applications/audio/spotify/default.nix
@@ -1,15 +1,13 @@
{ fetchurl, stdenv, dpkg, xorg, alsaLib, makeWrapper, openssl, freetype
-, glib, pango, cairo, atk, gdk_pixbuf, gtk2, cups, nspr, nss, libpng, GConf
-, libgcrypt, systemd, fontconfig, dbus, expat, ffmpeg_0_10, curl, zlib, gnome2 }:
-
-assert stdenv.system == "x86_64-linux";
+, glib, pango, cairo, atk, gdk_pixbuf, gtk2, cups, nspr, nss, libpng
+, libgcrypt, systemd, fontconfig, dbus, expat, ffmpeg_0_10, curl, zlib, gnome3 }:
let
# Please update the stable branch!
# Latest version number can be found at:
# http://repository-origin.spotify.com/pool/non-free/s/spotify-client/
# Be careful not to pick the testing version.
- version = "1.0.77.338.g758ebd78-41";
+ version = "1.0.79.223.g92622cc2-21";
deps = [
alsaLib
@@ -22,7 +20,6 @@ let
ffmpeg_0_10
fontconfig
freetype
- GConf
gdk_pixbuf
glib
gtk2
@@ -54,7 +51,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
- sha256 = "1971jc0431pl8yixpl37ryl2l0pqdf0xjvkg59nqdwj3vbdx5606";
+ sha256 = "1x1rpprzin4cmz1spzw036b4phd0yk1v7idlrcy4pkv97b4g5dw6";
};
buildInputs = [ dpkg makeWrapper ];
@@ -95,7 +92,7 @@ stdenv.mkDerivation {
librarypath="${stdenv.lib.makeLibraryPath deps}:$libdir"
wrapProgram $out/share/spotify/spotify \
--prefix LD_LIBRARY_PATH : "$librarypath" \
- --prefix PATH : "${gnome2.zenity}/bin"
+ --prefix PATH : "${gnome3.zenity}/bin"
# Desktop file
mkdir -p "$out/share/applications/"
diff --git a/pkgs/applications/audio/x42-plugins/default.nix b/pkgs/applications/audio/x42-plugins/default.nix
index 4c4f958ec493712c971070b6b6429a659b7ab5ca..6bf45f451a5d7ad3b4edee51e3435278f3bcad2b 100644
--- a/pkgs/applications/audio/x42-plugins/default.nix
+++ b/pkgs/applications/audio/x42-plugins/default.nix
@@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
- version = "20170428";
+ version = "20180320";
name = "x42-plugins-${version}";
src = fetchurl {
url = "http://gareus.org/misc/x42-plugins/${name}.tar.xz";
- sha256 = "0yi82rak2277x4nzzr5zwbsnha5pi61w975c8src2iwar2b6m0xg";
+ sha256 = "167ly9nxqq3g0j35i9jv9rvd8qp4i9ncfcjxmg972cp6q8ak8mdl";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/applications/editors/android-studio/default.nix b/pkgs/applications/editors/android-studio/default.nix
index 75385275ec84dfecb354e1907f5b25c72d346645..630f5dd34471d4365b5e58a79c3181fb6ec89652 100644
--- a/pkgs/applications/editors/android-studio/default.nix
+++ b/pkgs/applications/editors/android-studio/default.nix
@@ -13,9 +13,9 @@ let
sha256Hash = "1h9f4pkyqxkqxampi8v035czg5d4g6lp4bsrnq5mgpwhjwkr1whk";
};
latestVersion = {
- version = "3.2.0.11"; # "Android Studio 3.2 Canary 12"
- build = "181.4729833";
- sha256Hash = "1b976m59d230pl35ajhdic46cw8qmnykkbrg3l7am7zmih0zk64c";
+ version = "3.2.0.12"; # "Android Studio 3.2 Canary 13"
+ build = "181.4749738";
+ sha256Hash = "0mwsbmxzrs7yavgkckpmfvpz46v7fpa0nxvf8zqa9flmsv8p8l10";
};
in rec {
# Old alias
diff --git a/pkgs/applications/editors/eclipse/plugins.nix b/pkgs/applications/editors/eclipse/plugins.nix
index 136ef7dfc23d52d80d740fc0a27b4e62191fa6d3..adb763c1250748f3f6d703c85a1a358f6b6dafda 100644
--- a/pkgs/applications/editors/eclipse/plugins.nix
+++ b/pkgs/applications/editors/eclipse/plugins.nix
@@ -432,11 +432,11 @@ rec {
jsonedit = buildEclipsePlugin rec {
name = "jsonedit-${version}";
- version = "1.1.0";
+ version = "1.1.1";
srcFeature = fetchurl {
url = "https://boothen.github.io/Json-Eclipse-Plugin/features/jsonedit-feature_${version}.jar";
- sha256 = "1qqbzh9sv0s9p0irim7kimvzdkw0hg6yv090bz5ifpzqdxc4v9r5";
+ sha256 = "0zkg8d8x3l5jpfxi0mz9dn62wmy4fjgpwdikj280fvsklmcw5b86";
};
srcPlugins =
@@ -448,13 +448,13 @@ rec {
};
in
map fetch [
- { n = "core"; h = "1fl4api6j0wp4vfbyabxqsrjvvpclp8p3b4xnxxpn4v8g12q526m"; }
- { n = "editor"; h = "1kn15qampdlpxblj2bv94b3bb15qfwng27lk0n578585yqmb3p66"; }
- { n = "folding"; h = "1qnzdx4xx9ma3p6lg1ab8xf3nik1yrww33nksi0j3vnvh8i9ihdm"; }
- { n = "model"; h = "0n8855ma1h2as0skrrp2qy3sdkmnhl5vlqxcjv8xlc3faa72174a"; }
- { n = "outline"; h = "07i2spmzghs49pkxl8z9c29n6l38x26v20prkh4a7i1rf9whg1q8"; }
- { n = "preferences"; h = "0d1m8pb903wpc4vvhsp0gx0h65r432ax898wif3a23c5wxj4nh9i"; }
- { n = "text"; h = "0z80d9qgpbx88jrq8b4r478lrcrf52gxqkl94l13wrk7rszjpldh"; }
+ { n = "core"; h = "0svs0aswnhl26cqw6bmw30cisx4cr50kc5njg272sy5c1dqjm1zq"; }
+ { n = "editor"; h = "1q62dinrbb18aywbvii4mlr7rxa20rdsxxd6grix9y8h9776q4l5"; }
+ { n = "folding"; h = "1qh4ijfb1gl9xza5ydi87v1kyima3a9sh7lncwdy1way3pdhln1y"; }
+ { n = "model"; h = "1pr6k2pdfdwx8jqs7gx7wzn3gxsql3sk6lnjha8m15lv4al6d4kj"; }
+ { n = "outline"; h = "1jgr2g16j3id8v367jbgd6kx6g2w636fbzmd8jvkvkh7y1jgjqxm"; }
+ { n = "preferences"; h = "027fhaqa5xbil6dmhvkbpha3pgw6dpmc2im3nlliyds57mdmdb1h"; }
+ { n = "text"; h = "0clywylyidrxlqs0n816nhgjmk1c3xl7sn904ki4q050amfy0wb2"; }
];
propagatedBuildInputs = [ antlr-runtime_4_7 ];
diff --git a/pkgs/applications/editors/emacs-modes/calfw/default.nix b/pkgs/applications/editors/emacs-modes/calfw/default.nix
index c173684fab4cd1bbc303e98f88b51f48c1e64cf9..091635feda6faba87380ea5a1458f169766255dc 100644
--- a/pkgs/applications/editors/emacs-modes/calfw/default.nix
+++ b/pkgs/applications/editors/emacs-modes/calfw/default.nix
@@ -29,6 +29,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl3Plus;
maintainers = with stdenv.lib.maintainers; [ chaoflow ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/editors/emacs-modes/jdee/default.nix b/pkgs/applications/editors/emacs-modes/jdee/default.nix
index e47da7a419346356f6ef482ac5c5e932b2c83f9a..306fe66823c842d602d43097fe210a9b69c24903 100644
--- a/pkgs/applications/editors/emacs-modes/jdee/default.nix
+++ b/pkgs/applications/editors/emacs-modes/jdee/default.nix
@@ -92,7 +92,7 @@ in
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ ];
- platforms = stdenv.lib.platforms.gnu; # arbitrary choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice
broken = true;
};
diff --git a/pkgs/applications/editors/jetbrains/default.nix b/pkgs/applications/editors/jetbrains/default.nix
index 84ba32c41256ff78b72e52158f6745e78d47663b..98172ce1905bc2017d6c09850f79cf8c07c91c5e 100644
--- a/pkgs/applications/editors/jetbrains/default.nix
+++ b/pkgs/applications/editors/jetbrains/default.nix
@@ -3,8 +3,6 @@
, androidsdk, jdk, cmake, libxml2, zlib, python3, ncurses
}:
-assert stdenv.isLinux;
-
with stdenv.lib;
let
@@ -239,12 +237,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
- sha256 = "1mwajah0qghkw2f4hap5f35x826h8318a0bjbn9lpknffgfi0zc3"; /* updated by script */
+ sha256 = "158ydbr0bbzm1nqi4xhrcp6bwk7kmiw78v959h7bxg3y7z55hbwa"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion_Release"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@@ -252,25 +250,25 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
- version = "2017.3.7"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
- sha256 = "1pmkv1yd8xwqa4kdffg0vvk3whmnvrs9js7vnq4ilm39zzksqmpa"; /* updated by script */
+ sha256 = "12rihb1ppl4i1i0j3yj4ih4qx3xf30kfx022pbvng1rjy0bpikp7"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
- update-channel = "datagrip_2017_3";
+ update-channel = "datagrip_2018_1";
};
goland = buildGoland rec {
name = "goland-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
- sha256 = "0r008q3dn30zbn9zzyjj6pz3myxrb9i1s96kinj9vy0cj7gb0aai"; /* updated by script */
+ sha256 = "1qhhxarvw6mzavyzackzkbq52yfr5437gljxdvlbr6rpi99hgfzb"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "goland_release";
@@ -278,12 +276,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
- sha256 = "08dlyf2zfgcbbbnadx5x0n877diyglg9h7h39njcw4ajh4aninyq"; /* updated by script */
+ sha256 = "0s5vbdg8ajaac1jqh8ypy20fp061aqjhiyi20kdcsb0856nw5frg"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IDEA_Release";
@@ -291,12 +289,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
- sha256 = "1483w692n29v22f5vchh8fbizwn74wlznd5pvlscxs4ly9af7935"; /* updated by script */
+ sha256 = "1rrqc9sj0ibkkj627hzwdh7l5z8zm6cmaz0yzx6xhyi989ivfy2r"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IDEA_Release";
@@ -304,25 +302,25 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
- version = "2017.3.6"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
- sha256 = "00g86fggh8wfm02k9wwn33yqmbfr2b1x3vnvyn9gdpycdk46lqgw"; /* updated by script */
+ sha256 = "13si8g7n1qvjm5ivbrazsbqlvwwlg65nia78k74nkaqp704z92cs"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
- update-channel = "PS2017.3";
+ update-channel = "PS2018.1";
};
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
- sha256 = "0f3chibs7lp3kgkd0ah6d7z1lf3n4scalmadpxcn0fd6bap5mnjb"; /* updated by script */
+ sha256 = "1phxzsz2qnyk0b0kkccsgjkxx4ak7rbm68k1lpgr59rwyxqnazy3"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm_Release";
@@ -330,12 +328,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
- sha256 = "0lq5bqnfxj02sbd4yaf3ma6nps7cnf0d11dzqjv9m6b41y55dp0k"; /* updated by script */
+ sha256 = "08cfmrrmxs67dc61cvjc0ynzng0hnr2i78fv3m888k4x63cy6mv5"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm_Release";
@@ -356,25 +354,25 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
- version = "2017.3.3"; /* updated by script */
+ version = "2018.1.1"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
- sha256 = "1b0y8pcg8wwprm1swrl4laajnmx2c359bi7ahsyfjfprlzwx7wck"; /* updated by script */
+ sha256 = "1nh2m10ikwl85n66aspkmgxmbk98amhlgj2xl2sasjfwn5pn1wmf"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
- update-channel = "rm2017.3";
+ update-channel = "rm2018.1";
};
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
- version = "2018.1"; /* updated by script */
+ version = "2018.1.2"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
- sha256 = "1lx852gycrzajh58k1r2wfpwwjna6y3fsd5srw5fgzw58f120vn4"; /* updated by script */
+ sha256 = "14fmny9i0cgkplna0li5q2c5wiqk71k6c5h480ia85jaqi2vm8jh"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WS_Release";
diff --git a/pkgs/applications/editors/moe/default.nix b/pkgs/applications/editors/moe/default.nix
index 751b78ab674ba565394bcb6d4a339c04dc8a6531..764877a11cb34fa03b2600ea1c5087b60e949476 100644
--- a/pkgs/applications/editors/moe/default.nix
+++ b/pkgs/applications/editors/moe/default.nix
@@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
homepage = http://www.gnu.org/software/moe/;
license = licenses.gpl2Plus;
maintainers = with maintainers; [ AndersonTorres ];
- platforms = platforms.linux;
+ platforms = platforms.unix;
};
}
# TODO: a configurable, global moerc file
diff --git a/pkgs/applications/editors/neovim/ruby_provider/Gemfile.lock b/pkgs/applications/editors/neovim/ruby_provider/Gemfile.lock
index 87b011c4f8b40c184bff1c50073cac592a2cc725..a95ced76371d40c7095e0ee2e79a9d8f2a18830d 100644
--- a/pkgs/applications/editors/neovim/ruby_provider/Gemfile.lock
+++ b/pkgs/applications/editors/neovim/ruby_provider/Gemfile.lock
@@ -1,9 +1,9 @@
GEM
remote: https://rubygems.org/
specs:
- msgpack (1.2.2)
+ msgpack (1.2.4)
multi_json (1.13.1)
- neovim (0.6.2)
+ neovim (0.7.0)
msgpack (~> 1.0)
multi_json (~> 1.0)
diff --git a/pkgs/applications/editors/neovim/ruby_provider/gemset.nix b/pkgs/applications/editors/neovim/ruby_provider/gemset.nix
index aefecbf5ba83adc0be7f80e9d3003063bf86fd09..af887161ea6cff33273614d2b81a079f32b6e704 100644
--- a/pkgs/applications/editors/neovim/ruby_provider/gemset.nix
+++ b/pkgs/applications/editors/neovim/ruby_provider/gemset.nix
@@ -2,10 +2,10 @@
msgpack = {
source = {
remotes = ["https://rubygems.org"];
- sha256 = "1ai0sfdv9jnr333fsvkn7a8vqvn0iwiw83yj603a3i68ds1x6di1";
+ sha256 = "09xy1wc4wfbd1jdrzgxwmqjzfdfxbz0cqdszq2gv6rmc3gv1c864";
type = "gem";
};
- version = "1.2.2";
+ version = "1.2.4";
};
multi_json = {
source = {
@@ -19,9 +19,9 @@
dependencies = ["msgpack" "multi_json"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "15r3j9bwlpm1ry7cp6059xb0irvsvvlmw53i28z6sf2khwfj5j53";
+ sha256 = "0b487dzz41im8cwzvfjqgf8kkrp6mpkvcbzhazrmqqw8gxyvfbq4";
type = "gem";
};
- version = "0.6.2";
+ version = "0.7.0";
};
}
diff --git a/pkgs/applications/editors/sublime/2/default.nix b/pkgs/applications/editors/sublime/2/default.nix
index 9cf5bd97d0a330e91a6fe2c8c763032c97c3c89e..78c2d9aaa0c41cca63d23f626c73d43c629d28cb 100644
--- a/pkgs/applications/editors/sublime/2/default.nix
+++ b/pkgs/applications/editors/sublime/2/default.nix
@@ -2,11 +2,10 @@
let
libPath = stdenv.lib.makeLibraryPath [glib xorg.libX11 gtk2 cairo];
in
-assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
stdenv.mkDerivation rec {
name = "sublimetext-2.0.2";
- src =
+ src =
if stdenv.system == "i686-linux" then
fetchurl {
name = "sublimetext-2.0.2.tar.bz2";
@@ -55,5 +54,6 @@ stdenv.mkDerivation rec {
meta = {
description = "Sophisticated text editor for code, markup and prose";
license = stdenv.lib.licenses.unfree;
+ platforms = [ "x86_64-linux" "i686-linux" ];
};
}
diff --git a/pkgs/applications/editors/sublime/3/common.nix b/pkgs/applications/editors/sublime/3/common.nix
index 7185a82a9601d0efdaed52a2c567a5c07d85fc05..628993dbf5be55d7a8f33109c66ad0d0263f163b 100644
--- a/pkgs/applications/editors/sublime/3/common.nix
+++ b/pkgs/applications/editors/sublime/3/common.nix
@@ -4,7 +4,6 @@
pkexecPath ? "/run/wrappers/bin/pkexec", libredirect,
gksuSupport ? false, gksu, unzip, zip, bash}:
-assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
assert gksuSupport -> gksu != null;
let
@@ -114,6 +113,6 @@ in stdenv.mkDerivation (rec {
homepage = https://www.sublimetext.com/;
maintainers = with maintainers; [ wmertens demin-dmitriy zimbatm ];
license = licenses.unfree;
- platforms = platforms.linux;
+ platforms = [ "x86_64-linux" "i686-linux" ];
};
})
diff --git a/pkgs/applications/editors/sublime/3/packages.nix b/pkgs/applications/editors/sublime/3/packages.nix
index 01445ade4732165327526de62a7b5810492100c9..98cfc03c3d26db31f1e468f4ecb539e947f227b6 100644
--- a/pkgs/applications/editors/sublime/3/packages.nix
+++ b/pkgs/applications/editors/sublime/3/packages.nix
@@ -5,14 +5,14 @@ let
in
rec {
sublime3-dev = common {
- buildVersion = "3162";
- x32sha256 = "190il02hqvv64w17w7xc1fz2wkbhk5a5y96jb25dvafmslm46d4i";
- x64sha256 = "1nsjhjs6zajhx7m3dk7i450krg6pb03zffm1n3m1v0xb9zr37xz3";
+ buildVersion = "3170";
+ x32sha256 = "04ll92mqnpvvaa161il6l02gvd0g0x95sci0yrywr6jzk6am1fzg";
+ x64sha256 = "1snzjr000qrjyvzd876x5j66138glh0bff3c1b2cb2bfc88c3kzx";
} {};
sublime3 = common {
- buildVersion = "3143";
- x32sha256 = "0dgpx4wij2m77f478p746qadavab172166bghxmj7fb61nvw9v5i";
- x64sha256 = "06b554d2cvpxc976rvh89ix3kqc7klnngvk070xrs8wbyb221qcw";
+ buildVersion = "3170";
+ x32sha256 = "04ll92mqnpvvaa161il6l02gvd0g0x95sci0yrywr6jzk6am1fzg";
+ x64sha256 = "1snzjr000qrjyvzd876x5j66138glh0bff3c1b2cb2bfc88c3kzx";
} {};
}
diff --git a/pkgs/applications/editors/texmacs/default.nix b/pkgs/applications/editors/texmacs/default.nix
index 447e729d4f9b5e5667db87414ed213c44f0c336b..d3d95e5886a5996538327abc834fa6fef99a22b4 100644
--- a/pkgs/applications/editors/texmacs/default.nix
+++ b/pkgs/applications/editors/texmacs/default.nix
@@ -41,6 +41,6 @@ stdenv.mkDerivation {
meta = common.meta // {
maintainers = [ stdenv.lib.maintainers.roconnor ];
- platforms = stdenv.lib.platforms.gnu; # arbitrary choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice
};
}
diff --git a/pkgs/applications/editors/tiled/default.nix b/pkgs/applications/editors/tiled/default.nix
index 8444ff6eaecc42934f2f95bd134b235ca449e194..b23db38e0f45930c28eb411ae43c059e2d481193 100644
--- a/pkgs/applications/editors/tiled/default.nix
+++ b/pkgs/applications/editors/tiled/default.nix
@@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
name = "tiled-${version}";
- version = "1.1.4";
+ version = "1.1.5";
src = fetchFromGitHub {
owner = "bjorn";
repo = "tiled";
rev = "v${version}";
- sha256 = "0ln8lis9g23wp3w70xwbkzqmmbkd02cdx6z7msw9lrpkjzkj7mlr";
+ sha256 = "1l8sx0qfkm7n2ag0ns01vrs8mzcxzva00in4xqz4zgd505qx5q9v";
};
nativeBuildInputs = [ pkgconfig qmake ];
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Free, easy to use and flexible tile map editor";
- homepage = http://www.mapeditor.org/;
+ homepage = https://www.mapeditor.org/;
license = with licenses; [
bsd2 # libtiled and tmxviewer
gpl2Plus # all the rest
diff --git a/pkgs/applications/editors/typora/default.nix b/pkgs/applications/editors/typora/default.nix
index 7c6d186b88302fd070059933e5f7244a30394fbb..d687712fc08a0c759d0168e00eae01726e780275 100644
--- a/pkgs/applications/editors/typora/default.nix
+++ b/pkgs/applications/editors/typora/default.nix
@@ -3,18 +3,18 @@
stdenv.mkDerivation rec {
name = "typora-${version}";
- version = "0.9.44";
+ version = "0.9.47";
src =
if stdenv.system == "x86_64-linux" then
fetchurl {
url = "https://www.typora.io/linux/typora_${version}_amd64.deb";
- sha256 = "9442c090bf2619d270890228abd7dabb9e217c0b200615f8ed3cb255efd122d5";
+ sha256 = "431741948f5a2faba04984c495bea56b4a800c6dbb7e21e24ad3124fb8ffcbc9";
}
else
fetchurl {
url = "https://www.typora.io/linux/typora_${version}_i386.deb";
- sha256 = "ae228ca946d03940b85df30c995c4de3f942a780e32d4dcab872dec671c66ef3";
+ sha256 = "a95c8c1e296d8587a4dc6182af3b24253c3c2abc991badb7c758cd6d1bf5b1b6";
}
;
diff --git a/pkgs/applications/editors/vscode/default.nix b/pkgs/applications/editors/vscode/default.nix
index 5c10f6fb3bbca059ddf961673de3c9605fa85dcb..41d4c114c75adc278d84374025de44dcd5a759c1 100644
--- a/pkgs/applications/editors/vscode/default.nix
+++ b/pkgs/applications/editors/vscode/default.nix
@@ -2,7 +2,7 @@
makeWrapper, libXScrnSaver, libxkbfile, libsecret }:
let
- version = "1.22.2";
+ version = "1.23.0";
channel = "stable";
plat = {
@@ -12,9 +12,9 @@ let
}.${stdenv.system};
sha256 = {
- "i686-linux" = "17iqqg6vdccbl1k4k2ks3kkgg7619j6qdvca4k27pjfqm17mvw5n";
- "x86_64-linux" = "1ng2jhhaghsf7a2dmrimazh817jh0ag88whija179ywgrg3i6xam";
- "x86_64-darwin" = "083hizigzxm45hcy6yqwznj9ibqdaxg2xv8rsyas4ig9x55irrcj";
+ "i686-linux" = "1nyrcgnf18752n3i7xaq6gpb2k4wsfzk671kxg6za4ycrriw1f5l";
+ "x86_64-linux" = "1mkxyavzav522sl3fjn2hdlbj0bkdl3hagqiw9i6h8wgkxcvsszy";
+ "x86_64-darwin" = "123ggzssd5qd80jxar2pf5g2n2473pd2j8pfjyir1c7xkaqji2w6";
}.${stdenv.system};
archive_fmt = if stdenv.system == "x86_64-darwin" then "zip" else "tar.gz";
diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix
index 410c74ac6cfa874155f7c7e10da42f84485cfee0..65a3238ef57135924d0b34c801af78727c845060 100644
--- a/pkgs/applications/graphics/ImageMagick/7.0.nix
+++ b/pkgs/applications/graphics/ImageMagick/7.0.nix
@@ -14,8 +14,8 @@ let
else throw "ImageMagick is not supported on this platform.";
cfg = {
- version = "7.0.7-27";
- sha256 = "04v7m1s2a89xi57fpxbq30hzxqg3fawr3lms6wfmaq4j2ax0qw6k";
+ version = "7.0.7-29";
+ sha256 = "0jfpfydz50zxs776knz6w2f5g0l4nhivp9g1fz4cf5clgjcpa3z6";
patches = [];
};
in
diff --git a/pkgs/applications/graphics/digikam/default.nix b/pkgs/applications/graphics/digikam/default.nix
index 633a1d9bd6e6d7a8a566ea13020443c9cfdc6661..5c6a4bab93066ceff03ef6cf0a9280df9fbb77ae 100644
--- a/pkgs/applications/graphics/digikam/default.nix
+++ b/pkgs/applications/graphics/digikam/default.nix
@@ -116,7 +116,7 @@ mkDerivation rec {
meta = with lib; {
description = "Photo Management Program";
license = licenses.gpl2;
- homepage = http://www.digikam.org;
+ homepage = https://www.digikam.org;
maintainers = with maintainers; [ the-kenny ];
platforms = platforms.linux;
};
diff --git a/pkgs/applications/graphics/dosage/default.nix b/pkgs/applications/graphics/dosage/default.nix
index f95370e39e7220db358e06218d3e60016c9cd142..4bc0e93a3b46099841eb3952c1e5c42ff3a37ccf 100644
--- a/pkgs/applications/graphics/dosage/default.nix
+++ b/pkgs/applications/graphics/dosage/default.nix
@@ -23,6 +23,6 @@ pythonPackages.buildPythonApplication rec {
meta = {
description = "A comic strip downloader and archiver";
- homepage = http://dosage.rocks/;
+ homepage = https://dosage.rocks/;
};
}
diff --git a/pkgs/applications/graphics/draftsight/default.nix b/pkgs/applications/graphics/draftsight/default.nix
index 9ab43ff9433706e8c232b6d60b5b99fc7ed6dc5a..b604099096ff10d3d944d570ed2851d0c0ddd72c 100644
--- a/pkgs/applications/graphics/draftsight/default.nix
+++ b/pkgs/applications/graphics/draftsight/default.nix
@@ -4,8 +4,6 @@
libX11, libXcursor, libXrandr, libxcb, libXi, libSM, libICE,
libXrender, libXcomposite }:
-assert stdenv.system == "x86_64-linux";
-
let version = "2017-SP2"; in
stdenv.mkDerivation {
name = "draftsight-${version}";
@@ -71,6 +69,6 @@ stdenv.mkDerivation {
homepage = https://www.3ds.com/products-services/draftsight-cad-software/;
license = stdenv.lib.licenses.unfree;
maintainers = with maintainers; [ hodapp ];
- platforms = platforms.linux;
+ platforms = [ "x86_64-linux" ];
};
}
diff --git a/pkgs/applications/graphics/epeg/default.nix b/pkgs/applications/graphics/epeg/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..02528a43e31b6216ff9e7037978c80e4ad4c805d
--- /dev/null
+++ b/pkgs/applications/graphics/epeg/default.nix
@@ -0,0 +1,31 @@
+{ lib, stdenv, fetchFromGitHub, pkgconfig, libtool, autoconf, automake
+, libjpeg, libexif
+}:
+
+stdenv.mkDerivation rec {
+ name = "epeg-0.9.1.042"; # version taken from configure.ac
+
+ src = fetchFromGitHub {
+ owner = "mattes";
+ repo = "epeg";
+ rev = "248ae9fc3f1d6d06e6062a1f7bf5df77d4f7de9b";
+ sha256 = "14ad33w3pxrg2yfc2xzyvwyvjirwy2d00889dswisq8b84cmxfia";
+ };
+
+ enableParallelBuilding = true;
+
+ nativeBuildInputs = [ pkgconfig libtool autoconf automake ];
+
+ propagatedBuildInputs = [ libjpeg libexif ];
+
+ preConfigure = ''
+ ./autogen.sh
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/mattes/epeg;
+ description = "Insanely fast JPEG/ JPG thumbnail scaling";
+ platforms = platforms.linux ++ platforms.darwin;
+ maintainers = with maintainers; [ nh2 ];
+ };
+}
diff --git a/pkgs/applications/graphics/geeqie/default.nix b/pkgs/applications/graphics/geeqie/default.nix
index d034f5d64d9384165a9079cc60b8889e07b04285..a1ea88da84be2d6c88911a101b3d962dc0866f07 100644
--- a/pkgs/applications/graphics/geeqie/default.nix
+++ b/pkgs/applications/graphics/geeqie/default.nix
@@ -49,6 +49,6 @@ stdenv.mkDerivation rec {
homepage = http://geeqie.sourceforge.net;
maintainers = with maintainers; [ jfrankenau pSub ];
- platforms = platforms.gnu;
+ platforms = platforms.gnu ++ platforms.linux;
};
}
diff --git a/pkgs/applications/graphics/gimp/2.8.nix b/pkgs/applications/graphics/gimp/2.8.nix
deleted file mode 100644
index 3802fff2ad21aac8358433ded9c6e4b2e515c504..0000000000000000000000000000000000000000
--- a/pkgs/applications/graphics/gimp/2.8.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ stdenv, fetchurl, pkgconfig, intltool, babl, gegl, gtk2, glib, gdk_pixbuf
-, pango, cairo, freetype, fontconfig, lcms, libpng, libjpeg, poppler, libtiff
-, webkit, libmng, librsvg, libwmf, zlib, libzip, ghostscript, aalib, jasper
-, python2Packages, libexif, gettext, xorg
-, AppKit, Cocoa, gtk-mac-integration }:
-
-let
- inherit (python2Packages) pygtk wrapPython python;
-in stdenv.mkDerivation rec {
- name = "gimp-${version}";
- version = "2.8.22";
-
- # This declarations for `gimp-with-plugins` wrapper,
- # (used for determining $out/lib/gimp/${majorVersion}/ paths)
- majorVersion = "2.0";
- targetPluginDir = "$out/lib/gimp/${majorVersion}/plug-ins";
- targetScriptDir = "$out/lib/gimp/${majorVersion}/scripts";
-
- src = fetchurl {
- url = "http://download.gimp.org/pub/gimp/v2.8/${name}.tar.bz2";
- sha256 = "12k3lp938qdc9cqj29scg55f3bb8iav2fysd29w0s49bqmfa71wi";
- };
-
- buildInputs =
- [ pkgconfig intltool babl gegl gtk2 glib gdk_pixbuf pango cairo
- freetype fontconfig lcms libpng libjpeg poppler libtiff webkit
- libmng librsvg libwmf zlib libzip ghostscript aalib jasper
- python pygtk libexif gettext xorg.libXpm
- wrapPython
- ]
- ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit Cocoa gtk-mac-integration ];
-
- pythonPath = [ pygtk ];
-
- postFixup = ''
- wrapPythonProgramsIn $out/lib/gimp/2.0/plug-ins/
- wrapProgram $out/bin/gimp \
- --prefix PYTHONPATH : "$PYTHONPATH" \
- --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE"
- '';
-
- passthru = { gtk = gtk2; }; # probably its a good idea to use the same gtk in plugins ?
-
- #configureFlags = [ "--disable-print" ];
-
- enableParallelBuilding = true;
-
- # "screenshot" needs this.
- NIX_LDFLAGS = "-rpath ${xorg.libX11.out}/lib";
-
- meta = {
- description = "The GNU Image Manipulation Program";
- homepage = https://www.gimp.org/;
- license = stdenv.lib.licenses.gpl3Plus;
- platforms = stdenv.lib.platforms.unix;
- };
-}
diff --git a/pkgs/applications/graphics/gimp/default.nix b/pkgs/applications/graphics/gimp/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..2536367f6cebb7a730308436277afb79785d1951
--- /dev/null
+++ b/pkgs/applications/graphics/gimp/default.nix
@@ -0,0 +1,95 @@
+{ stdenv, fetchurl, fetchpatch, autoreconfHook, pkgconfig, intltool, babl, gegl, gtk2, glib, gdk_pixbuf, isocodes
+, pango, cairo, freetype, fontconfig, lcms, libpng, libjpeg, poppler, poppler_data, libtiff
+, libmng, librsvg, libwmf, zlib, libzip, ghostscript, aalib, shared-mime-info
+, python2Packages, libexif, gettext, xorg, glib-networking, libmypaint, gexiv2
+, harfbuzz, mypaint-brushes, libwebp, libgudev, openexr
+, AppKit, Cocoa, gtk-mac-integration }:
+
+let
+ inherit (python2Packages) pygtk wrapPython python;
+in stdenv.mkDerivation rec {
+ name = "gimp-${version}";
+ version = "2.10.0";
+
+ src = fetchurl {
+ url = "http://download.gimp.org/pub/gimp/v${stdenv.lib.versions.majorMinor version}/${name}.tar.bz2";
+ sha256 = "1qkxaigbfkx26xym5nzrgfrmn97cbnhn63v1saaha2nbi3xrdk3z";
+ };
+
+ patches = [
+ # fix rpath of python library https://bugzilla.gnome.org/show_bug.cgi?id=795620
+ (fetchurl {
+ url = https://bugzilla.gnome.org/attachment.cgi?id=371482;
+ sha256 = "18bysndh61pvlv255xapdrfpsl5ivm51wp1w7xgk9vky9z2y3llc";
+ })
+
+ # fix absolute paths stored in configuration
+ (fetchpatch {
+ url = https://git.gnome.org/browse/gimp/patch/?id=0fce8fdb3c056acead8322c976a96fb6fba793b6;
+ sha256 = "09845i3bdpdbf13razr04ksvwydxcvzhjwlb4dfgdv5q203g2ris";
+ })
+ (fetchpatch {
+ url = https://git.gnome.org/browse/gimp/patch/?id=f6b586237cb8c912c1503f8e6086edd17f07d4df;
+ sha256 = "0s68885ip2wgjvsl5vqi2f1xhxdjpzqprifzgdl1vnv6gqmfy3bh";
+ })
+
+ # fix pc file (needed e.g. for building plug-ins)
+ (fetchpatch {
+ url = https://git.gnome.org/browse/gimp/patch/?id=7e19906827d301eb70275dba089849a632a0eabe;
+ sha256 = "0cbjfbwvzg2hqihg3rpsga405v7z2qahj22dfqn2jrb2gbhrjcp1";
+ })
+ ];
+
+ nativeBuildInputs = [ autoreconfHook pkgconfig intltool gettext wrapPython ];
+ propagatedBuildInputs = [ gegl ]; # needed by gimp-2.0.pc
+ buildInputs = [
+ babl gegl gtk2 glib gdk_pixbuf pango cairo gexiv2 harfbuzz isocodes libgudev
+ freetype fontconfig lcms libpng libjpeg poppler poppler_data libtiff openexr
+ libmng librsvg libwmf zlib libzip ghostscript aalib shared-mime-info libwebp
+ python pygtk libexif xorg.libXpm glib-networking libmypaint mypaint-brushes
+ ] ++ stdenv.lib.optionals stdenv.isDarwin [ AppKit Cocoa gtk-mac-integration ];
+
+ pythonPath = [ pygtk ];
+
+ # Check if librsvg was built with --disable-pixbuf-loader.
+ PKG_CONFIG_GDK_PIXBUF_2_0_GDK_PIXBUF_MODULEDIR = "${librsvg}/${gdk_pixbuf.moduleDir}";
+
+ preConfigure = ''
+ # The check runs before glib-networking is registered
+ export GIO_EXTRA_MODULES="${glib-networking}/lib/gio/modules:$GIO_EXTRA_MODULES"
+ '';
+
+ postFixup = ''
+ wrapPythonProgramsIn $out/lib/gimp/${passthru.majorVersion}/plug-ins/
+ wrapProgram $out/bin/gimp-${stdenv.lib.versions.majorMinor version} \
+ --prefix PYTHONPATH : "$PYTHONPATH" \
+ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE"
+ '';
+
+ passthru = rec {
+ # The declarations for `gimp-with-plugins` wrapper,
+ # used for determining plug-in installation paths
+ majorVersion = "${stdenv.lib.versions.major version}.0";
+ targetPluginDir = "lib/gimp/${majorVersion}/plug-ins";
+ targetScriptDir = "lib/gimp/${majorVersion}/scripts";
+
+ # probably its a good idea to use the same gtk in plugins ?
+ gtk = gtk2;
+ };
+
+ configureFlags = [
+ "--without-webkit" # old version is required
+ ];
+
+ doCheck = true;
+
+ enableParallelBuilding = true;
+
+ meta = with stdenv.lib; {
+ description = "The GNU Image Manipulation Program";
+ homepage = https://www.gimp.org/;
+ maintainers = with maintainers; [ jtojnar ];
+ license = licenses.gpl3Plus;
+ platforms = platforms.unix;
+ };
+}
diff --git a/pkgs/applications/graphics/gimp/plugins/default.nix b/pkgs/applications/graphics/gimp/plugins/default.nix
index 0d4215dd5bc2cb92baf6a094ea3f0c05c98317ac..5b21b349764b385d99616c02f9bfffbb9039ebc3 100644
--- a/pkgs/applications/graphics/gimp/plugins/default.nix
+++ b/pkgs/applications/graphics/gimp/plugins/default.nix
@@ -12,12 +12,12 @@ let
prePhases = "extraLib";
extraLib = ''
installScripts(){
- mkdir -p ${targetScriptDir};
- for p in "$@"; do cp "$p" ${targetScriptDir}; done
+ mkdir -p $out/${targetScriptDir};
+ for p in "$@"; do cp "$p" $out/${targetScriptDir}; done
}
installPlugins(){
- mkdir -p ${targetPluginDir};
- for p in "$@"; do cp "$p" ${targetPluginDir}; done
+ mkdir -p $out/${targetPluginDir};
+ for p in "$@"; do cp "$p" $out/${targetPluginDir}; done
}
'';
}
@@ -35,15 +35,6 @@ let
installPhase = "installScripts ${src}";
};
- libLQR = pluginDerivation {
- name = "liblqr-1-0.4.1";
- # required by lqrPlugin, you don't havet to install this lib explicitely
- src = fetchurl {
- url = http://registry.gimp.org/files/liblqr-1-0.4.1.tar.bz2;
- sha256 = "02g90wag7xi5rjlmwq8h0qs666b1i2sa90s4303hmym40il33nlz";
- };
- };
-
in
rec {
gap = pluginDerivation {
@@ -52,7 +43,7 @@ rec {
*/
name = "gap-2.6.0";
src = fetchurl {
- url = http://ftp.gimp.org/pub/gimp/plug-ins/v2.6/gap/gimp-gap-2.6.0.tar.bz2;
+ url = https://ftp.gimp.org/pub/gimp/plug-ins/v2.6/gap/gimp-gap-2.6.0.tar.bz2;
sha256 = "1jic7ixcmsn4kx2cn32nc5087rk6g8xsrz022xy11yfmgvhzb0ql";
};
patchPhase = ''
@@ -62,7 +53,7 @@ rec {
hardeningDisable = [ "format" ];
meta = with stdenv.lib; {
description = "The GIMP Animation Package";
- homepage = http://www.gimp.org;
+ homepage = https://www.gimp.org;
# The main code is given in GPLv3, but it has ffmpeg in it, and I think ffmpeg license
# falls inside "free".
license = with licenses; [ gpl3 free ];
@@ -97,6 +88,7 @@ rec {
url = "http://registry.gimp.org/files/${name}.tar.bz2";
sha256 = "1gqf3hchz7n7v5kpqkhqh8kwnxbsvlb5cr2w2n7ngrvl56f5xs1h";
};
+ meta.broken = true;
};
resynthesizer = pluginDerivation {
@@ -147,6 +139,7 @@ rec {
sha256 = "1zzvbczly7k456c0y6s92a1i8ph4ywmbvdl8i4rcc29l4qd2z8fw";
};
installPhase = "installPlugins src/texturize";
+ meta.broken = true; # https://github.com/lmanul/gimp-texturize/issues/1
};
waveletSharpen = pluginDerivation {
@@ -166,54 +159,18 @@ rec {
Layer/Liquid Rescale
*/
name = "lqr-plugin-0.6.1";
- buildInputs = with pkgs; [ libLQR ];
+ buildInputs = with pkgs; [ liblqr1 ];
src = fetchurl {
url = http://registry.gimp.org/files/gimp-lqr-plugin-0.6.1.tar.bz2;
sha256 = "00hklkpcimcbpjly4rjhfipaw096cpy768g9wixglwrsyqhil7l9";
};
- #postInstall = ''mkdir -p $out/nix-support; echo "${libLQR}" > "$out/nix-support/propagated-user-env-packages"'';
+ #postInstall = ''mkdir -p $out/nix-support; echo "${liblqr1}" > "$out/nix-support/propagated-user-env-packages"'';
installPhase = "installPlugins src/gimp-lqr-plugin";
};
- gmic =
- pluginDerivation rec {
- inherit (pkgs.gmic) name src meta;
+ gmic = pkgs.gmic.gimpPlugin;
- buildInputs = with pkgs; [ fftw opencv curl ];
-
- sourceRoot = "${name}/src";
-
- buildFlags = "gimp";
-
- installPhase = "installPlugins gmic_gimp";
- };
-
- # this is more than a gimp plugin !
- # either load the raw image with gimp (and the import dialog will popup)
- # or use the binary
- ufraw = pluginDerivation rec {
- name = "ufraw-0.19.2";
- buildInputs = with pkgs; [ gtkimageview lcms ];
- # --enable-mime - install mime files, see README for more information
- # --enable-extras - build extra (dcraw, nikon-curve) executables
- # --enable-dst-correction - enable DST correction for file timestamps.
- # --enable-contrast - enable the contrast setting option.
- # --enable-interp-none: enable 'None' interpolation (mostly for debugging).
- # --with-lensfun: use the lensfun library - experimental feature, read this before using it.
- # --with-prefix=PREFIX - use also PREFIX as an input prefix for the build
- # --with-dosprefix=PREFIX - PREFIX in the the prefix in dos format (needed only for ms-window
- configureFlags = "--enable-extras --enable-dst-correction --enable-contrast";
-
- src = fetchurl {
- url = "mirror://sourceforge/ufraw/${name}.tar.gz";
- sha256 = "1lxba7pb3vcsq94dwapg9bk9mb3ww6r3pvvcyb0ah5gh2sgzxgkk";
- };
- installPhase = "
- installPlugins ufraw-gimp
- mkdir -p $out/bin
- cp ufraw $out/bin
- ";
- };
+ ufraw = pkgs.ufraw.gimpPlugin;
gimplensfun = pluginDerivation rec {
version = "0.2.4";
@@ -239,7 +196,7 @@ rec {
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
};
diff --git a/pkgs/applications/graphics/gimp/wrapper.nix b/pkgs/applications/graphics/gimp/wrapper.nix
index 7455a69dde97c9862904348be73144b63b63f980..ec529519159b2f3958ba07e9735d9b3ac3cb8299 100644
--- a/pkgs/applications/graphics/gimp/wrapper.nix
+++ b/pkgs/applications/graphics/gimp/wrapper.nix
@@ -1,9 +1,10 @@
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, plugins ? null}:
let
-allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation") (lib.attrValues gimpPlugins);
+allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins);
selectedPlugins = if plugins == null then allPlugins else plugins;
extraArgs = map (x: x.wrapArgs or "") selectedPlugins;
+versionBranch = stdenv.lib.versions.majorMinor gimp.version;
in symlinkJoin {
name = "gimp-with-plugins-${gimp.version}";
@@ -13,14 +14,14 @@ in symlinkJoin {
buildInputs = [ makeWrapper ];
postBuild = ''
- for each in gimp-2.8 gimp-console-2.8; do
+ for each in gimp-${versionBranch} gimp-console-${versionBranch}; do
wrapProgram $out/bin/$each \
--set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \
${toString extraArgs}
done
set +x
for each in gimp gimp-console; do
- ln -sf "$each-2.8" $out/bin/$each
+ ln -sf "$each-${versionBranch}" $out/bin/$each
done
'';
}
diff --git a/pkgs/applications/graphics/goxel/default.nix b/pkgs/applications/graphics/goxel/default.nix
index 8df630d582cc65188a27a8131a7fd5cf7d69914f..3d49452cbe62dd29e5488ba5961122b3a9510cbb 100644
--- a/pkgs/applications/graphics/goxel/default.nix
+++ b/pkgs/applications/graphics/goxel/default.nix
@@ -3,15 +3,17 @@
stdenv.mkDerivation rec {
name = "goxel-${version}";
- version = "0.7.3";
+ version = "0.8.0";
src = fetchFromGitHub {
owner = "guillaumechereau";
repo = "goxel";
rev = "v${version}";
- sha256 = "114s1pbv3ixc2gzkg7n927hffd6ly5gg59izw4z6drgjcdhd7xj9";
+ sha256 = "01022c43pmwiqb18rx9fz08xr99h6p03gw6bp0lay5z61g3xkz17";
};
+ patches = [ ./disable-imgui_ini.patch ];
+
nativeBuildInputs = [ scons pkgconfig wrapGAppsHook ];
buildInputs = [ glfw3 gtk3 libpng12 ];
diff --git a/pkgs/applications/graphics/goxel/disable-imgui_ini.patch b/pkgs/applications/graphics/goxel/disable-imgui_ini.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9427d45487d4b50ffb8ac053c0f4a0e01294fc61
--- /dev/null
+++ b/pkgs/applications/graphics/goxel/disable-imgui_ini.patch
@@ -0,0 +1,13 @@
+diff --git a/src/gui.cpp b/src/gui.cpp
+index 9b7236c..a8a11b2 100644
+--- a/src/gui.cpp
++++ b/src/gui.cpp
+@@ -314,6 +314,8 @@ static void init_ImGui(const inputs_t *inputs)
+ ImGuiIO& io = ImGui::GetIO();
+ io.DeltaTime = 1.0f/60.0f;
+
++ io.IniFilename = NULL;
++
+ io.KeyMap[ImGuiKey_Tab] = KEY_TAB;
+ io.KeyMap[ImGuiKey_LeftArrow] = KEY_LEFT;
+ io.KeyMap[ImGuiKey_RightArrow] = KEY_RIGHT;
diff --git a/pkgs/applications/graphics/graphicsmagick/compat.nix b/pkgs/applications/graphics/graphicsmagick/compat.nix
new file mode 100644
index 0000000000000000000000000000000000000000..bd1ce2ed893a49655c26e2e0fdc4f40a7476add2
--- /dev/null
+++ b/pkgs/applications/graphics/graphicsmagick/compat.nix
@@ -0,0 +1,37 @@
+{ stdenv, graphicsmagick }:
+
+stdenv.mkDerivation rec {
+ name = "graphicsmagick-imagemagick-compat-${version}";
+ inherit (graphicsmagick) version;
+
+ unpackPhase = "true";
+ buildPhase = "true";
+
+ utils = [
+ "composite"
+ "conjure"
+ "convert"
+ "identify"
+ "mogrify"
+ "montage"
+ "animate"
+ "display"
+ "import"
+ ];
+
+ # TODO: symlink libraries?
+ installPhase = ''
+ mkdir -p "$out"/bin
+ mkdir -p "$out"/share/man/man1
+ for util in ''${utils[@]}; do
+ ln -s ${graphicsmagick}/bin/gm "$out/bin/$util"
+ ln -s ${graphicsmagick}/share/man/man1/gm.1.gz "$out/share/man/man1/$util.1.gz"
+ done
+ '';
+
+ meta = {
+ description = "ImageMagick interface for GraphicsMagick";
+ license = stdenv.lib.licenses.free;
+ platforms = stdenv.lib.platforms.all;
+ };
+}
diff --git a/pkgs/applications/graphics/graphicsmagick/default.nix b/pkgs/applications/graphics/graphicsmagick/default.nix
index f086a8f5ba608b51b8caaedd49a5eeabc073b4c1..872afb39ec6ff6c0ced4c3e2aa8b20d7bde332a5 100644
--- a/pkgs/applications/graphics/graphicsmagick/default.nix
+++ b/pkgs/applications/graphics/graphicsmagick/default.nix
@@ -2,14 +2,13 @@
, libjpeg, libpng, libtiff, libxml2, zlib, libtool, xz, libX11
, libwebp, quantumdepth ? 8, fixDarwinDylibNames }:
-let version = "1.3.28"; in
-
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
name = "graphicsmagick-${version}";
+ version = "1.3.29";
src = fetchurl {
url = "mirror://sourceforge/graphicsmagick/GraphicsMagick-${version}.tar.xz";
- sha256 = "0jlrrimrajcmwp7llivyj14qnzb1mpqd8vw95dl6zbx5m2lnhall";
+ sha256 = "1m0cc6kpky06lpcipj7rfwc2jbw2igr0jk97zqmw3j1ld5mg93g1";
};
patches = [
diff --git a/pkgs/applications/graphics/ocrad/default.nix b/pkgs/applications/graphics/ocrad/default.nix
index ac67759c258cdeb89f31ca0ab73dfc505fded1f0..2ff62cc9eef27d5080e928aefbca6f3fe046df88 100644
--- a/pkgs/applications/graphics/ocrad/default.nix
+++ b/pkgs/applications/graphics/ocrad/default.nix
@@ -29,6 +29,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl3Plus;
maintainers = with maintainers; [ pSub ];
- platforms = platforms.gnu; # arbitrary choice
+ platforms = platforms.unix;
};
}
diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix
index 33fddf6c8d0121ff06509f727e9d5b9843a32beb..9ab5288700cce31ba73ac8b9b2fc2a86ea161492 100644
--- a/pkgs/applications/graphics/openscad/default.nix
+++ b/pkgs/applications/graphics/openscad/default.nix
@@ -1,20 +1,30 @@
-{ stdenv, fetchurl, qt4, qmake4Hook, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
-, mpfr, gmp, glib, pkgconfig, harfbuzz, qscintilla, gettext
+{ stdenv, fetchurl, fetchFromGitHub, qt5, libsForQt5
+, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
+, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext
}:
stdenv.mkDerivation rec {
- version = "2015.03-3";
+ version = "2018.04-git";
name = "openscad-${version}";
- src = fetchurl {
- url = "http://files.openscad.org/${name}.src.tar.gz";
- sha256 = "0djsgi9yx1nxr2gh1kgsqw5vrbncp8v5li0p1pp02higqf1psajx";
+# src = fetchurl {
+# url = "http://files.openscad.org/${name}.src.tar.gz";
+# sha256 = "0djsgi9yx1nxr2gh1kgsqw5vrbncp8v5li0p1pp02higqf1psajx";
+# };
+ src = fetchFromGitHub {
+ owner = "openscad";
+ repo = "openscad";
+ rev = "179074dff8c23cbc0e651ce8463737df0006f4ca";
+ sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
};
buildInputs = [
- qt4 qmake4Hook bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
- pkgconfig harfbuzz qscintilla gettext
- ];
+ bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
+ pkgconfig harfbuzz gettext
+ ]
+ ++ (with qt5; [qtbase qmake])
+ ++ (with libsForQt5; [qscintilla])
+ ;
qmakeFlags = [ "VERSION=${version}" ];
diff --git a/pkgs/applications/graphics/panotools/default.nix b/pkgs/applications/graphics/panotools/default.nix
index 9ca90d2f5df36c226cbabc3ae525bf8f3f547208..719aca5096a584c082a316be9efe598f1e0c632e 100644
--- a/pkgs/applications/graphics/panotools/default.nix
+++ b/pkgs/applications/graphics/panotools/default.nix
@@ -18,6 +18,6 @@ stdenv.mkDerivation rec {
description = "Free software suite for authoring and displaying virtual reality panoramas";
license = stdenv.lib.licenses.gpl2Plus;
- platforms = stdenv.lib.platforms.gnu; # arbitrary choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice
};
}
diff --git a/pkgs/applications/graphics/pqiv/default.nix b/pkgs/applications/graphics/pqiv/default.nix
index 757ce52e9c4c8e296970b2a0de67d6564a3270d4..e4f565b3b052b6eb6603fc8277eb53bc25d60904 100644
--- a/pkgs/applications/graphics/pqiv/default.nix
+++ b/pkgs/applications/graphics/pqiv/default.nix
@@ -4,13 +4,13 @@
stdenv.mkDerivation (rec {
name = "pqiv-${version}";
- version = "2.10.3";
+ version = "2.10.4";
src = fetchFromGitHub {
owner = "phillipberndt";
repo = "pqiv";
rev = version;
- sha256 = "16nhnv0dcp242jf1099pjr5dwnc65i40cnb3dvx1avdhidcmsx01";
+ sha256 = "04fawc3sd625y1bbgfgwmak56pq28sm58dwn5db4h183iy3awdl9";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/applications/graphics/qtpfsgui/default.nix b/pkgs/applications/graphics/qtpfsgui/default.nix
index d3edc40cbea2aebdd795342211e663048af6194a..4be7d230b5f461e186a666dbcd9d68f8cf1dc3ae 100644
--- a/pkgs/applications/graphics/qtpfsgui/default.nix
+++ b/pkgs/applications/graphics/qtpfsgui/default.nix
@@ -36,6 +36,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/graphics/sane/xsane.nix b/pkgs/applications/graphics/sane/xsane.nix
index ad02e1a80231a71d07573da2cf3760148fb4ecf0..ca0f49e0c948ce42895e15c117fe5804c795d828 100644
--- a/pkgs/applications/graphics/sane/xsane.nix
+++ b/pkgs/applications/graphics/sane/xsane.nix
@@ -1,9 +1,9 @@
{ stdenv, fetchurl, sane-backends, sane-frontends, libX11, gtk2, pkgconfig, libpng
, libusb ? null
-, gimpSupport ? false, gimp_2_8 ? null
+, gimpSupport ? false, gimp ? null
}:
-assert gimpSupport -> gimp_2_8 != null;
+assert gimpSupport -> gimp != null;
stdenv.mkDerivation rec {
name = "xsane-0.999";
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [libpng sane-backends sane-frontends libX11 gtk2 ]
++ (if libusb != null then [libusb] else [])
- ++ stdenv.lib.optional gimpSupport gimp_2_8;
+ ++ stdenv.lib.optional gimpSupport gimp;
meta = {
homepage = http://www.sane-project.org/;
diff --git a/pkgs/applications/graphics/scantailor/advanced.nix b/pkgs/applications/graphics/scantailor/advanced.nix
index bea4fe9b2c6c0b4ad7583c377b828d0da5c4623f..1fb8d572e95b547d87e0b2e51e7a3ee9b1473f3e 100644
--- a/pkgs/applications/graphics/scantailor/advanced.nix
+++ b/pkgs/applications/graphics/scantailor/advanced.nix
@@ -44,6 +44,6 @@ stdenv.mkDerivation rec {
description = "Interactive post-processing tool for scanned pages";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ jfrankenau ];
- platforms = platforms.gnu;
+ platforms = platforms.gnu ++ platforms.linux;
};
}
diff --git a/pkgs/applications/graphics/scantailor/default.nix b/pkgs/applications/graphics/scantailor/default.nix
index ec7af8829073932ac36cf08807728a9f1c63f493..395179ff70aedccfe03f6a269dfc550d7efaa243 100644
--- a/pkgs/applications/graphics/scantailor/default.nix
+++ b/pkgs/applications/graphics/scantailor/default.nix
@@ -19,6 +19,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ stdenv.lib.maintainers.viric ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/graphics/shutter/default.nix b/pkgs/applications/graphics/shutter/default.nix
index 2cc127a3fc6fa97c5d9bce3365542ebc49fbd847..3bc814e1e758d88428b06f93d9921d7f54380cae 100644
--- a/pkgs/applications/graphics/shutter/default.nix
+++ b/pkgs/applications/graphics/shutter/default.nix
@@ -1,4 +1,6 @@
-{ stdenv, fetchurl, fetchpatch, perl, perlPackages, makeWrapper, imagemagick, gdk_pixbuf, librsvg }:
+{ stdenv, fetchurl, fetchpatch, perl, perlPackages, makeWrapper, imagemagick, gdk_pixbuf, librsvg
+, hicolor-icon-theme
+}:
let
perlModules = with perlPackages;
@@ -29,6 +31,7 @@ stdenv.mkDerivation rec {
wrapProgram $out/bin/shutter \
--set PERL5LIB "${stdenv.lib.makePerlPath perlModules}" \
--prefix PATH : "${imagemagick.out}/bin" \
+ --suffix XDG_DATA_DIRS : "${hicolor-icon-theme}/share" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE"
'';
diff --git a/pkgs/applications/graphics/ufraw/default.nix b/pkgs/applications/graphics/ufraw/default.nix
index fc8e7a62c2bac5b2576b33754027a2689456e43b..50cd9485a3e8d4da9879fb8e849def9a95098800 100644
--- a/pkgs/applications/graphics/ufraw/default.nix
+++ b/pkgs/applications/graphics/ufraw/default.nix
@@ -1,6 +1,9 @@
{ fetchurl, stdenv, pkgconfig, gtk2, gettext, bzip2, zlib
+, withGimpPlugin ? true, gimp ? null
, libjpeg, libtiff, cfitsio, exiv2, lcms2, gtkimageview, lensfun }:
+assert withGimpPlugin -> gimp != null;
+
stdenv.mkDerivation rec {
name = "ufraw-0.22";
@@ -10,10 +13,23 @@ stdenv.mkDerivation rec {
sha256 = "0pm216pg0vr44gwz9vcvq3fsf8r5iayljhf5nis2mnw7wn6d5azp";
};
- buildInputs =
- [ pkgconfig gtk2 gtkimageview gettext bzip2 zlib
- libjpeg libtiff cfitsio exiv2 lcms2 lensfun
- ];
+ outputs = [ "out" ] ++ stdenv.lib.optional withGimpPlugin "gimpPlugin";
+
+ nativeBuildInputs = [ pkgconfig gettext ];
+ buildInputs = [
+ gtk2 gtkimageview bzip2 zlib
+ libjpeg libtiff cfitsio exiv2 lcms2 lensfun
+ ] ++ stdenv.lib.optional withGimpPlugin gimp;
+
+ configureFlags = [
+ "--enable-extras"
+ "--enable-dst-correction"
+ "--enable-contrast"
+ ] ++ stdenv.lib.optional withGimpPlugin "--with-gimp";
+
+ postInstall = stdenv.lib.optionalString withGimpPlugin ''
+ moveToOutput "lib/gimp" "$gimpPlugin"
+ '';
meta = {
homepage = http://ufraw.sourceforge.net/;
@@ -33,6 +49,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ ];
- platforms = stdenv.lib.platforms.gnu; # needs GTK+
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # needs GTK+
};
}
diff --git a/pkgs/applications/graphics/viewnior/default.nix b/pkgs/applications/graphics/viewnior/default.nix
index c655cadef400866abaac7a92ecd504cd04e4510d..5afd7a0237d05fd5faecdd3e6d3b24af07225d2f 100644
--- a/pkgs/applications/graphics/viewnior/default.nix
+++ b/pkgs/applications/graphics/viewnior/default.nix
@@ -38,6 +38,6 @@ stdenv.mkDerivation rec {
maintainers = [ stdenv.lib.maintainers.smironov ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/graphics/xfig/default.nix b/pkgs/applications/graphics/xfig/default.nix
index c70b1029b7910897f1ca55812a79e589a8954d6d..545675ab1545adad96f346b347a5beb7b7eeb744 100644
--- a/pkgs/applications/graphics/xfig/default.nix
+++ b/pkgs/applications/graphics/xfig/default.nix
@@ -42,6 +42,6 @@ stdenv.mkDerivation {
meta = {
description = "An interactive drawing tool for X11";
homepage = http://xfig.org;
- platforms = stdenv.lib.platforms.gnu; # arbitrary choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice
};
}
diff --git a/pkgs/applications/kde/akonadi-import-wizard.nix b/pkgs/applications/kde/akonadi-import-wizard.nix
new file mode 100644
index 0000000000000000000000000000000000000000..cc1acbc6dd05e1f9828e5ecb677afa88f368a11a
--- /dev/null
+++ b/pkgs/applications/kde/akonadi-import-wizard.nix
@@ -0,0 +1,20 @@
+{
+ mkDerivation, lib, kdepimTeam,
+ extra-cmake-modules, kdoctools,
+ akonadi, karchive, kcontacts, kcrash, kidentitymanagement, kio,
+ kmailtransport, kwallet, mailcommon, mailimporter, messagelib
+}:
+
+mkDerivation {
+ name = "akonadi-import-wizard";
+ meta = {
+ license = with lib.licenses; [ gpl2Plus lgpl21Plus fdl12 ];
+ maintainers = kdepimTeam;
+ };
+ nativeBuildInputs = [ extra-cmake-modules kdoctools ];
+ buildInputs = [
+ akonadi karchive kcontacts kcrash kidentitymanagement kio
+ kmailtransport kwallet mailcommon mailimporter messagelib
+ ];
+ outputs = [ "out" "dev" ];
+}
diff --git a/pkgs/applications/kde/default.nix b/pkgs/applications/kde/default.nix
index 5870179b6c0b961fc396e9daa320090134dd7698..f602e5c92d9f75a411e66c6574ba118f69a9bed8 100644
--- a/pkgs/applications/kde/default.nix
+++ b/pkgs/applications/kde/default.nix
@@ -67,6 +67,7 @@ let
akonadi = callPackage ./akonadi {};
akonadi-calendar = callPackage ./akonadi-calendar.nix {};
akonadi-contacts = callPackage ./akonadi-contacts.nix {};
+ akonadi-import-wizard = callPackage ./akonadi-import-wizard.nix {};
akonadi-mime = callPackage ./akonadi-mime.nix {};
akonadi-notes = callPackage ./akonadi-notes.nix {};
akonadi-search = callPackage ./akonadi-search.nix {};
@@ -101,6 +102,7 @@ let
kdenetwork-filesharing = callPackage ./kdenetwork-filesharing.nix {};
kdenlive = callPackage ./kdenlive.nix {};
kdepim-runtime = callPackage ./kdepim-runtime.nix {};
+ kdepim-addons = callPackage ./kdepim-addons.nix {};
kdepim-apps-libs = callPackage ./kdepim-apps-libs {};
kdf = callPackage ./kdf.nix {};
kdialog = callPackage ./kdialog.nix {};
diff --git a/pkgs/applications/kde/kdepim-addons.nix b/pkgs/applications/kde/kdepim-addons.nix
new file mode 100644
index 0000000000000000000000000000000000000000..fd3fe2d6c098da39f2d373877646dcfc2b7f6355
--- /dev/null
+++ b/pkgs/applications/kde/kdepim-addons.nix
@@ -0,0 +1,23 @@
+{
+ mkDerivation, lib, kdepimTeam,
+ extra-cmake-modules, shared-mime-info,
+ akonadi-import-wizard, akonadi-notes, calendarsupport, eventviews,
+ incidenceeditor, kcalcore, kcalutils, kconfig, kdbusaddons, kdeclarative,
+ kdepim-apps-libs, kholidays, ki18n, kmime, ktexteditor, ktnef, libgravatar,
+ libksieve, mailcommon, mailimporter, messagelib, poppler_qt5, prison
+}:
+
+mkDerivation {
+ name = "kdepim-addons";
+ meta = {
+ license = with lib.licenses; [ gpl2Plus lgpl21Plus ];
+ maintainers = kdepimTeam;
+ };
+ nativeBuildInputs = [ extra-cmake-modules shared-mime-info ];
+ buildInputs = [
+ akonadi-import-wizard akonadi-notes calendarsupport eventviews
+ incidenceeditor kcalcore kcalutils kconfig kdbusaddons kdeclarative
+ kdepim-apps-libs kholidays ki18n kmime ktexteditor ktnef libgravatar
+ libksieve mailcommon mailimporter messagelib poppler_qt5 prison
+ ];
+}
diff --git a/pkgs/applications/misc/1password/default.nix b/pkgs/applications/misc/1password/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b0b6111b334a23073f899bb715fc3dcd094e4db9
--- /dev/null
+++ b/pkgs/applications/misc/1password/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchzip, makeWrapper }:
+
+stdenv.mkDerivation rec {
+ name = "1password-${version}";
+ version = "0.4";
+ src = if stdenv.system == "i686-linux" then fetchzip {
+ url = "https://cache.agilebits.com/dist/1P/op/pkg/v${version}/op_linux_386_v${version}.zip";
+ sha256 = "0mhlqvd3az50gnfil0xlq10855v3bg7yb05j6ndg4h2c551jrq41";
+ stripRoot = false;
+ } else fetchzip {
+ url = "https://cache.agilebits.com/dist/1P/op/pkg/v${version}/op_linux_amd64_v${version}.zip";
+ sha256 = "15cv8xi4slid9jicdmc5xx2r9ag63wcx1mn7hcgzxbxbhyrvwhyf";
+ stripRoot = false;
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+ installPhase = ''
+ mkdir -p $out/bin
+ install -D op $out/share/1password/op
+
+ # https://github.com/NixOS/patchelf/issues/66#issuecomment-267743051
+ makeWrapper $(cat $NIX_CC/nix-support/dynamic-linker) $out/bin/op \
+ --argv0 op \
+ --add-flags $out/share/1password/op
+ '';
+
+ meta = with stdenv.lib; {
+ description = "1Password command-line tool";
+ homepage = "https://blog.agilebits.com/2017/09/06/announcing-the-1password-command-line-tool-public-beta/";
+ maintainers = with maintainers; [ joelburget ];
+ license = licenses.unfree;
+ platforms = [ "i686-linux" "x86_64-linux" ];
+ };
+}
diff --git a/pkgs/applications/misc/calibre/no_updates_dialog.patch b/pkgs/applications/misc/calibre/no_updates_dialog.patch
index 4d37c3b642f5c7323211664b5376f7a53a541c4a..faaaf2c19949410b9cce12a800a29f7cf4a0b519 100644
--- a/pkgs/applications/misc/calibre/no_updates_dialog.patch
+++ b/pkgs/applications/misc/calibre/no_updates_dialog.patch
@@ -13,15 +13,3 @@ diff -burN calibre-2.9.0.orig/src/calibre/gui2/main.py calibre-2.9.0/src/calibre
parser.add_option('--ignore-plugins', default=False, action='store_true',
help=_('Ignore custom plugins, useful if you installed a plugin'
' that is preventing calibre from starting'))
-diff -burN calibre-2.9.0.orig/src/calibre/gui2/update.py calibre-2.9.0/src/calibre/gui2/update.py
---- calibre-2.9.0.orig/src/calibre/gui2/update.py 2014-11-09 20:09:54.082231864 +0800
-+++ calibre-2.9.0/src/calibre/gui2/update.py 2014-11-09 20:17:49.954767115 +0800
-@@ -154,6 +154,8 @@
- self.update_checker.signal.update_found.connect(self.update_found,
- type=Qt.QueuedConnection)
- self.update_checker.start()
-+ else:
-+ self.update_checker = None
-
- def recalc_update_label(self, number_of_plugin_updates):
- self.update_found(self.last_newest_calibre_version, number_of_plugin_updates)
diff --git a/pkgs/applications/misc/chirp/default.nix b/pkgs/applications/misc/chirp/default.nix
index 22d659dd10e445d7b6e62401c1e73c15339e2a5b..b8fc63c2c9ed06325aabe6b3d5588989307bf196 100644
--- a/pkgs/applications/misc/chirp/default.nix
+++ b/pkgs/applications/misc/chirp/default.nix
@@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
version = "20180412";
src = fetchurl {
- url = "http://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz";
+ url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz";
sha256 = "17wpxqzifz6grw9xzg9q9vr58vm2xd50fhd64c3ngdhxcnq2dpj9";
};
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "A free, open-source tool for programming your amateur radio";
- homepage = http://chirp.danplanet.com/;
+ homepage = https://chirp.danplanet.com/;
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = [ maintainers.the-kenny ];
diff --git a/pkgs/applications/misc/cointop/default.nix b/pkgs/applications/misc/cointop/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..2ac335759ce462994c031f4ec238078ab5646717
--- /dev/null
+++ b/pkgs/applications/misc/cointop/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, buildGoPackage, fetchgit }:
+
+buildGoPackage rec {
+ name = "cointop-unstable-${version}";
+ version = "2018-05-03";
+ rev = "08acd96082682347d458cd4f861e2debd3255745";
+
+ goPackagePath = "github.com/miguelmota/cointop";
+
+ src = fetchgit {
+ inherit rev;
+ url = "https://github.com/miguelmota/cointop";
+ sha256 = "14savz48wzrfpm12fgnnndpl3mpzx7wsch4jrnm3rmrfdabdx7mi";
+ };
+
+ goDeps = ./deps.nix;
+
+ meta = {
+ description = "The fastest and most interactive terminal based UI application for tracking cryptocurrencies";
+ longDescription = ''
+ cointop is a fast and lightweight interactive terminal based UI application
+ for tracking and monitoring cryptocurrency coin stats in real-time.
+
+ The interface is inspired by htop and shortcut keys are inspired by vim.
+ '';
+ homepage = https://cointop.sh;
+ platforms = stdenv.lib.platforms.linux; # cannot test others
+ maintainers = [ ];
+ };
+}
diff --git a/pkgs/applications/misc/cointop/deps.nix b/pkgs/applications/misc/cointop/deps.nix
new file mode 100644
index 0000000000000000000000000000000000000000..3ba1d12a8048b4389c7e3a37b1fc27cf536d964f
--- /dev/null
+++ b/pkgs/applications/misc/cointop/deps.nix
@@ -0,0 +1,3 @@
+# This file was generated by https://github.com/kamilchm/go2nix v1.2.1
+[
+]
diff --git a/pkgs/applications/misc/dbeaver/default.nix b/pkgs/applications/misc/dbeaver/default.nix
index 002d8fc8f23b6ac792f428bbe281405b61317561..edc1497294fc3dafc69185f29801f16e7cedb9a7 100644
--- a/pkgs/applications/misc/dbeaver/default.nix
+++ b/pkgs/applications/misc/dbeaver/default.nix
@@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
name = "dbeaver-ce-${version}";
- version = "5.0.3";
+ version = "5.0.4";
desktopItem = makeDesktopItem {
name = "dbeaver";
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.jkiss.org/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
- sha256 = "0pk40jzmd23cv690a8wslxbb4xp4msq2zwh7xm0hvs64ykm9a581";
+ sha256 = "0dfs2xa490dypp4qz8v0wj6d2bjnfqhjmlskpzrf8ih416lz1bd3";
};
installPhase = ''
diff --git a/pkgs/applications/misc/dunst/default.nix b/pkgs/applications/misc/dunst/default.nix
index 9906b1fd8587a6c833fef2b2db21ec720797d9b3..5396299943c535782683fc747381b33a16ef765a 100644
--- a/pkgs/applications/misc/dunst/default.nix
+++ b/pkgs/applications/misc/dunst/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, fetchpatch
+{ stdenv, fetchFromGitHub
, pkgconfig, which, perl, libXrandr
, cairo, dbus, systemd, gdk_pixbuf, glib, libX11, libXScrnSaver
, libXinerama, libnotify, libxdg_basedir, pango, xproto, librsvg
diff --git a/pkgs/applications/misc/electrum/ltc.nix b/pkgs/applications/misc/electrum/ltc.nix
index 7852e6eb790e02f4858ac68330fe47a1d3eb5801..45c448804626d9697129221e60dbb48f5a69ec69 100644
--- a/pkgs/applications/misc/electrum/ltc.nix
+++ b/pkgs/applications/misc/electrum/ltc.nix
@@ -5,11 +5,11 @@
python3Packages.buildPythonApplication rec {
name = "electrum-ltc-${version}";
- version = "3.1.2.1";
+ version = "3.1.3.1";
src = fetchurl {
url = "https://electrum-ltc.org/download/Electrum-LTC-${version}.tar.gz";
- sha256 = "0sdql4k8g3py941rzdskm3k4hkwam4hzvg4qlvs0b5pw139mri86";
+ sha256 = "0kxcx1xf6h9z8x0k483d6ykpnmfr30n6z3r6lgqxvbl42pq75li7";
};
propagatedBuildInputs = with python3Packages; [
diff --git a/pkgs/applications/misc/gcal/default.nix b/pkgs/applications/misc/gcal/default.nix
index 67bb5feff8c7f896fe6701cdf888a2de1e2ae6e6..f3f7fe2aacbae8702f8bef0d88fe51004508bc4d 100644
--- a/pkgs/applications/misc/gcal/default.nix
+++ b/pkgs/applications/misc/gcal/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
'';
homepage = https://www.gnu.org/software/gcal/;
license = stdenv.lib.licenses.gpl3Plus;
- platforms = stdenv.lib.platforms.linux;
+ platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.romildo ];
};
}
diff --git a/pkgs/applications/misc/gcalcli/default.nix b/pkgs/applications/misc/gcalcli/default.nix
index d3ba5a97333a805d9a715ecf6f327e216f7a0e11..6a7a7ae604de9234cfb8bf02492d307d2ec1a61f 100644
--- a/pkgs/applications/misc/gcalcli/default.nix
+++ b/pkgs/applications/misc/gcalcli/default.nix
@@ -1,7 +1,38 @@
-{ stdenv, lib, fetchFromGitHub, pythonPackages
+{ stdenv, lib, fetchFromGitHub, python2
, libnotify ? null }:
-pythonPackages.buildPythonApplication rec {
+let
+ py = python2.override {
+ packageOverrides = self: super: {
+ google_api_python_client = super.google_api_python_client.overridePythonAttrs (oldAttrs: rec {
+ version = "1.5.1";
+ src = oldAttrs.src.override {
+ inherit version;
+ sha256 = "1ggxk094vqr4ia6yq7qcpa74b4x5cjd5mj74rq0xx9wp2jkrxmig";
+ };
+ });
+
+ oauth2client = super.oauth2client.overridePythonAttrs (oldAttrs: rec {
+ version = "1.4.12";
+ src = oldAttrs.src.override {
+ inherit version;
+ sha256 = "0phfk6s8bgpap5xihdk1xv2lakdk1pb3rg6hp2wsg94hxcxnrakl";
+ };
+ });
+
+ uritemplate = super.uritemplate.overridePythonAttrs (oldAttrs: rec {
+ version = "0.6";
+ src = oldAttrs.src.override {
+ inherit version;
+ sha256 = "1zapwg406vkwsirnzc6mwq9fac4az8brm6d9bp5xpgkyxc5263m3";
+ };
+ # there are no checks in this version
+ doCheck = false;
+ });
+ };
+ };
+
+in with py.pkgs; buildPythonApplication rec {
version = "3.4.0";
name = "gcalcli-${version}";
@@ -12,27 +43,21 @@ pythonPackages.buildPythonApplication rec {
sha256 = "171awccgnmfv4j7m2my9387sjy60g18kzgvscl6pzdid9fn9rrm8";
};
- propagatedBuildInputs = with pythonPackages; [
- dateutil
- gflags
- google_api_python_client
- httplib2
- oauth2client
- parsedatetime
- six
- vobject
- ]
- ++ lib.optional (!pythonPackages.isPy3k) futures;
-
- # there are no tests as of 3.4.0
- doCheck = false;
+ propagatedBuildInputs = [
+ dateutil gflags httplib2 parsedatetime six vobject
+ # overridden
+ google_api_python_client oauth2client uritemplate
+ ] ++ lib.optional (!isPy3k) futures;
postInstall = lib.optionalString stdenv.isLinux ''
- substituteInPlace $out/bin/gcalcli \
- --replace "command = 'notify-send -u critical -a gcalcli %s'" \
- "command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'"
+ substituteInPlace $out/bin/gcalcli --replace \
+ "command = 'notify-send -u critical -a gcalcli %s'" \
+ "command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'"
'';
+ # There are no tests as of 3.4.0
+ doCheck = false;
+
meta = with lib; {
homepage = https://github.com/insanum/gcalcli;
description = "CLI for Google Calendar";
diff --git a/pkgs/applications/misc/googleearth/default.nix b/pkgs/applications/misc/googleearth/default.nix
deleted file mode 100644
index f8ba66c4197c23fed590f05debfc7d64611c746f..0000000000000000000000000000000000000000
--- a/pkgs/applications/misc/googleearth/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ stdenv, fetchurl, glibc, libGLU_combined, freetype, glib, libSM, libICE, libXi, libXv
-, libXrender, libXrandr, libXfixes, libXcursor, libXinerama, libXext, libX11, qt4
-, zlib, fontconfig, dpkg }:
-
-let
- arch =
- if stdenv.system == "x86_64-linux" then "amd64"
- else if stdenv.system == "i686-linux" then "i386"
- else throw "Unsupported system ${stdenv.system}";
- sha256 =
- if arch == "amd64"
- then "0dwnppn5snl5bwkdrgj4cyylnhngi0g66fn2k41j3dvis83x24k6"
- else "0gndbxrj3kgc2dhjqwjifr3cl85hgpm695z0wi01wvwzhrjqs0l2";
- fullPath = stdenv.lib.makeLibraryPath [
- glibc
- glib
- stdenv.cc.cc
- libSM
- libICE
- libXi
- libXv
- libGLU_combined
- libXrender
- libXrandr
- libXfixes
- libXcursor
- libXinerama
- freetype
- libXext
- libX11
- qt4
- zlib
- fontconfig
- ];
-in
-stdenv.mkDerivation rec {
- version = "7.1.4.1529";
- name = "googleearth-${version}";
-
- src = fetchurl {
- url = "https://dl.google.com/earth/client/current/google-earth-stable_current_${arch}.deb";
- inherit sha256;
- };
-
- phases = "unpackPhase installPhase";
-
- buildInputs = [ dpkg ];
-
- unpackPhase = ''
- dpkg-deb -x ${src} ./
- '';
-
- installPhase =''
- mkdir $out
- mv usr/* $out/
- rmdir usr
- mv * $out/
- rm $out/bin/google-earth $out/opt/google/earth/free/google-earth
- ln -s $out/opt/google/earth/free/googleearth $out/bin/google-earth
-
- patchelf --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
- --set-rpath "${fullPath}:\$ORIGIN" \
- $out/opt/google/earth/free/googleearth-bin
-
- for a in $out/opt/google/earth/free/*.so* ; do
- patchelf --set-rpath "${fullPath}:\$ORIGIN" $a
- done
- '';
-
- dontPatchELF = true;
-
- meta = {
- description = "A world sphere viewer";
- homepage = http://earth.google.com;
- license = stdenv.lib.licenses.unfree;
- maintainers = [ stdenv.lib.maintainers.viric ];
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/pkgs/applications/misc/gpa/default.nix b/pkgs/applications/misc/gpa/default.nix
index ef805a31567ac23659016c1b61d729f52e5de09b..149092c70d387413d99ee46f69d35081f4dddbcf 100644
--- a/pkgs/applications/misc/gpa/default.nix
+++ b/pkgs/applications/misc/gpa/default.nix
@@ -15,6 +15,6 @@ stdenv.mkDerivation rec {
description = "Graphical user interface for the GnuPG";
homepage = https://www.gnupg.org/related_software/gpa/;
license = licenses.gpl3Plus;
- platforms = platforms.linux;
+ platforms = platforms.unix;
};
}
diff --git a/pkgs/applications/misc/gramps/default.nix b/pkgs/applications/misc/gramps/default.nix
index 5f219dc4752c75cd1c6961b388d44fb4c5a9cc32..50f575d15cecf3d4fa492d597891b44cc2273aec 100644
--- a/pkgs/applications/misc/gramps/default.nix
+++ b/pkgs/applications/misc/gramps/default.nix
@@ -51,7 +51,7 @@ in buildPythonApplication rec {
meta = with stdenv.lib; {
description = "Genealogy software";
- homepage = http://gramps-project.org;
+ homepage = https://gramps-project.org;
license = licenses.gpl2;
};
}
diff --git a/pkgs/applications/misc/guake/default.nix b/pkgs/applications/misc/guake/default.nix
index 17837c6c254ea4196af55c820c5248abb521cde7..c34f0e48f3ec89b7e8bf8e44b27e517f737d09ec 100644
--- a/pkgs/applications/misc/guake/default.nix
+++ b/pkgs/applications/misc/guake/default.nix
@@ -2,7 +2,7 @@
, gtk3, keybinder3, libnotify, libutempter, vte }:
let
- version = "3.2.0";
+ version = "3.2.1";
in python3.pkgs.buildPythonApplication rec {
name = "guake-${version}";
format = "other";
@@ -11,7 +11,7 @@ in python3.pkgs.buildPythonApplication rec {
owner = "Guake";
repo = "guake";
rev = version;
- sha256 = "1qghapg9sslj9fdrl2mnbi10lgqgqa36gdag74wn7as9wak4qc3d";
+ sha256 = "0qzrkmjizpc3kirvhml62wya1sr3pbig25nfcrfhk1hhr3jxq17s";
};
nativeBuildInputs = [ gettext gobjectIntrospection wrapGAppsHook python3.pkgs.pip glibcLocales ];
@@ -24,6 +24,12 @@ in python3.pkgs.buildPythonApplication rec {
PBR_VERSION = version; # pbr needs either .git directory, sdist, or env var
+ postPatch = ''
+ # unnecessary /usr/bin/env in Makefile
+ # https://github.com/Guake/guake/pull/1285
+ substituteInPlace "Makefile" --replace "/usr/bin/env python3" "python3"
+ '';
+
makeFlags = [
"prefix=$(out)"
];
diff --git a/pkgs/applications/misc/houdini/runtime.nix b/pkgs/applications/misc/houdini/runtime.nix
index 097386547f57082de07ed0cca45cc891eed48088..7477e5c0af2a45147486ebb6405815a1a0a2417a 100644
--- a/pkgs/applications/misc/houdini/runtime.nix
+++ b/pkgs/applications/misc/houdini/runtime.nix
@@ -29,11 +29,11 @@ let
license_dir = "~/.config/houdini";
in
stdenv.mkDerivation rec {
- version = "16.5.405";
+ version = "16.5.439";
name = "houdini-runtime-${version}";
src = requireFile rec {
name = "houdini-${version}-linux_x86_64_gcc4.8.tar.gz";
- sha256 = "14i0kzv881jqd5z9jshri1fxxi3pkxdmi5l4p2b51c9i3apsxmw6";
+ sha256 = "7e483072a0e6e751a93f2a2f968cccb2d95559c61106ffeb344c95975704321b";
message = ''
This nix expression requires that ${name} is already part of the store.
Download it from https://sidefx.com and add it to the nix store with:
diff --git a/pkgs/applications/misc/ipmiview/default.nix b/pkgs/applications/misc/ipmiview/default.nix
index ebc13766cccbb993caa843623ae6b565befafe2e..638765840cb98c3273ae439256c72925f2408430 100644
--- a/pkgs/applications/misc/ipmiview/default.nix
+++ b/pkgs/applications/misc/ipmiview/default.nix
@@ -1,7 +1,5 @@
{ stdenv, fetchurl, patchelf, makeWrapper, xorg, gcc, gcc-unwrapped }:
-assert stdenv.isLinux;
-
stdenv.mkDerivation rec {
name = "IPMIView-${version}";
version = "2.13.0";
diff --git a/pkgs/applications/misc/jekyll/basic/Gemfile.lock b/pkgs/applications/misc/jekyll/basic/Gemfile.lock
index f231df3d8e76b3ef6ccf72a5d372b13216f66904..a0b1916fb181ee28bc825a18c683b7ebf18c0a8f 100644
--- a/pkgs/applications/misc/jekyll/basic/Gemfile.lock
+++ b/pkgs/applications/misc/jekyll/basic/Gemfile.lock
@@ -13,17 +13,17 @@ GEM
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
- eventmachine (1.2.5)
+ eventmachine (1.2.6)
ffi (1.9.23)
forwardable-extended (2.6.0)
gemoji (3.0.0)
- html-pipeline (2.7.1)
+ html-pipeline (2.7.2)
activesupport (>= 2)
nokogiri (>= 1.4)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
- jekyll (3.8.0)
+ jekyll (3.8.1)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
@@ -38,8 +38,7 @@ GEM
safe_yaml (~> 1.0)
jekyll-avatar (0.6.0)
jekyll (~> 3.0)
- jekyll-mentions (1.3.0)
- activesupport (~> 4.0)
+ jekyll-mentions (1.4.0)
html-pipeline (~> 2.3)
jekyll (~> 3.0)
jekyll-sass-converter (1.5.2)
@@ -50,8 +49,7 @@ GEM
jekyll (~> 3.3)
jekyll-watch (2.0.0)
listen (~> 3.0)
- jemoji (0.9.0)
- activesupport (~> 4.0, >= 4.2.9)
+ jemoji (0.10.0)
gemoji (~> 3.0)
html-pipeline (~> 2.2)
jekyll (~> 3.0)
diff --git a/pkgs/applications/misc/jekyll/basic/gemset.nix b/pkgs/applications/misc/jekyll/basic/gemset.nix
index 7c6ac55c2012feaaafba584513e2bbed66a2cb6a..c93f93f457dbef854734f34b66ac55410323c818 100644
--- a/pkgs/applications/misc/jekyll/basic/gemset.nix
+++ b/pkgs/applications/misc/jekyll/basic/gemset.nix
@@ -45,10 +45,10 @@
eventmachine = {
source = {
remotes = ["https://rubygems.org"];
- sha256 = "075hdw0fgzldgss3xaqm2dk545736khcvv1fmzbf1sgdlkyh1v8z";
+ sha256 = "08477hl609rmmngwfy8dmsqz5zvsg8xrsrrk6xi70jf48majwli0";
type = "gem";
};
- version = "1.2.5";
+ version = "1.2.6";
};
ffi = {
source = {
@@ -78,10 +78,10 @@
dependencies = ["activesupport" "nokogiri"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0hkx70z9ijgnncmrna9qdh9ajn9m7v146k91j257lrzyq2f6jdjd";
+ sha256 = "1fdnxi9lh88vjndk4g94pwa45awbzklqc9b38nhqqb3sxg6my6zp";
type = "gem";
};
- version = "2.7.1";
+ version = "2.7.2";
};
"http_parser.rb" = {
source = {
@@ -104,10 +104,10 @@
dependencies = ["addressable" "colorator" "em-websocket" "i18n" "jekyll-sass-converter" "jekyll-watch" "kramdown" "liquid" "mercenary" "pathutil" "rouge" "safe_yaml"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0fdb3qfbpjhlz5vlx4aw7kg9iy4bvaa5k1v82fxapyjghs2zg8as";
+ sha256 = "01s1r5pjfdvk5r1pz3j4smz42jsfv5vvp4q7fg0mrzxn9xk2nvi6";
type = "gem";
};
- version = "3.8.0";
+ version = "3.8.1";
};
jekyll-avatar = {
dependencies = ["jekyll"];
@@ -119,13 +119,13 @@
version = "0.6.0";
};
jekyll-mentions = {
- dependencies = ["activesupport" "html-pipeline" "jekyll"];
+ dependencies = ["html-pipeline" "jekyll"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "11rfn2w9d50szbwbn3pajswjgcg85714d4d052mq2p803zg1i3mn";
+ sha256 = "042z02j0chv679s8imciiy44fgxh9028q8n95w48i0xrfrhyzzfb";
type = "gem";
};
- version = "1.3.0";
+ version = "1.4.0";
};
jekyll-sass-converter = {
dependencies = ["sass"];
@@ -164,13 +164,13 @@
version = "2.0.0";
};
jemoji = {
- dependencies = ["activesupport" "gemoji" "html-pipeline" "jekyll"];
+ dependencies = ["gemoji" "html-pipeline" "jekyll"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0acmi7mgr844dmzgfi9flcqkkb0jh5l21h579cidxwf1409w588b";
+ sha256 = "0r6ja4bw2c50hb585cmqscbmm27982kkskyh7gk6j0mr70jqlz25";
type = "gem";
};
- version = "0.9.0";
+ version = "0.10.0";
};
kramdown = {
source = {
diff --git a/pkgs/applications/misc/jekyll/full/Gemfile.lock b/pkgs/applications/misc/jekyll/full/Gemfile.lock
index 45bd34187ca99f9ded903b419764170b68b908dc..bbcdad669da18649d3ba3062405fd2e7e1d74d49 100644
--- a/pkgs/applications/misc/jekyll/full/Gemfile.lock
+++ b/pkgs/applications/misc/jekyll/full/Gemfile.lock
@@ -20,7 +20,7 @@ GEM
em-websocket (0.5.1)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
- eventmachine (1.2.5)
+ eventmachine (1.2.6)
execjs (2.7.0)
faraday (0.15.0)
multipart-post (>= 1.2, < 3)
@@ -28,13 +28,13 @@ GEM
ffi (1.9.23)
forwardable-extended (2.6.0)
gemoji (3.0.0)
- html-pipeline (2.7.1)
+ html-pipeline (2.7.2)
activesupport (>= 2)
nokogiri (>= 1.4)
http_parser.rb (0.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
- jekyll (3.8.0)
+ jekyll (3.8.1)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
@@ -56,8 +56,7 @@ GEM
jekyll (~> 3.3)
jekyll-gist (1.5.0)
octokit (~> 4.2)
- jekyll-mentions (1.3.0)
- activesupport (~> 4.0)
+ jekyll-mentions (1.4.0)
html-pipeline (~> 2.3)
jekyll (~> 3.0)
jekyll-paginate (1.1.0)
@@ -71,8 +70,7 @@ GEM
jekyll (~> 3.3)
jekyll-watch (2.0.0)
listen (~> 3.0)
- jemoji (0.9.0)
- activesupport (~> 4.0, >= 4.2.9)
+ jemoji (0.10.0)
gemoji (~> 3.0)
html-pipeline (~> 2.2)
jekyll (~> 3.0)
diff --git a/pkgs/applications/misc/jekyll/full/gemset.nix b/pkgs/applications/misc/jekyll/full/gemset.nix
index b45ea5b9d0799dc94d868fa19ce647cc5f9b1641..8473cee0be530829ed5fddab415060c4eecbe779 100644
--- a/pkgs/applications/misc/jekyll/full/gemset.nix
+++ b/pkgs/applications/misc/jekyll/full/gemset.nix
@@ -79,10 +79,10 @@
eventmachine = {
source = {
remotes = ["https://rubygems.org"];
- sha256 = "075hdw0fgzldgss3xaqm2dk545736khcvv1fmzbf1sgdlkyh1v8z";
+ sha256 = "08477hl609rmmngwfy8dmsqz5zvsg8xrsrrk6xi70jf48majwli0";
type = "gem";
};
- version = "1.2.5";
+ version = "1.2.6";
};
execjs = {
source = {
@@ -137,10 +137,10 @@
dependencies = ["activesupport" "nokogiri"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0hkx70z9ijgnncmrna9qdh9ajn9m7v146k91j257lrzyq2f6jdjd";
+ sha256 = "1fdnxi9lh88vjndk4g94pwa45awbzklqc9b38nhqqb3sxg6my6zp";
type = "gem";
};
- version = "2.7.1";
+ version = "2.7.2";
};
"http_parser.rb" = {
source = {
@@ -163,10 +163,10 @@
dependencies = ["addressable" "colorator" "em-websocket" "i18n" "jekyll-sass-converter" "jekyll-watch" "kramdown" "liquid" "mercenary" "pathutil" "rouge" "safe_yaml"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0fdb3qfbpjhlz5vlx4aw7kg9iy4bvaa5k1v82fxapyjghs2zg8as";
+ sha256 = "01s1r5pjfdvk5r1pz3j4smz42jsfv5vvp4q7fg0mrzxn9xk2nvi6";
type = "gem";
};
- version = "3.8.0";
+ version = "3.8.1";
};
jekyll-avatar = {
dependencies = ["jekyll"];
@@ -205,13 +205,13 @@
version = "1.5.0";
};
jekyll-mentions = {
- dependencies = ["activesupport" "html-pipeline" "jekyll"];
+ dependencies = ["html-pipeline" "jekyll"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "11rfn2w9d50szbwbn3pajswjgcg85714d4d052mq2p803zg1i3mn";
+ sha256 = "042z02j0chv679s8imciiy44fgxh9028q8n95w48i0xrfrhyzzfb";
type = "gem";
};
- version = "1.3.0";
+ version = "1.4.0";
};
jekyll-paginate = {
source = {
@@ -267,13 +267,13 @@
version = "2.0.0";
};
jemoji = {
- dependencies = ["activesupport" "gemoji" "html-pipeline" "jekyll"];
+ dependencies = ["gemoji" "html-pipeline" "jekyll"];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "0acmi7mgr844dmzgfi9flcqkkb0jh5l21h579cidxwf1409w588b";
+ sha256 = "0r6ja4bw2c50hb585cmqscbmm27982kkskyh7gk6j0mr70jqlz25";
type = "gem";
};
- version = "0.9.0";
+ version = "0.10.0";
};
kramdown = {
source = {
diff --git a/pkgs/applications/misc/keepass/default.nix b/pkgs/applications/misc/keepass/default.nix
index 5e492fc621fef38a7e686ecb770630278a3b7fac..8676ba70858fd2407f22291496699e325e9082a4 100644
--- a/pkgs/applications/misc/keepass/default.nix
+++ b/pkgs/applications/misc/keepass/default.nix
@@ -3,11 +3,11 @@
with builtins; buildDotnetPackage rec {
baseName = "keepass";
- version = "2.38";
+ version = "2.39";
src = fetchurl {
url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
- sha256 = "0m33gfpvv01xc28k4rrc8llbyk6qanm9rsqcnv8ydms0cr78dbbk";
+ sha256 = "05mrbzlkr2h42cls6xhas76dg8kyic4fijwckrh0b0qv5pp71c11";
};
sourceRoot = ".";
diff --git a/pkgs/applications/misc/keepassx/community.nix b/pkgs/applications/misc/keepassx/community.nix
index 0e1aecaab1d19d694a2fdfc36db5d238dc4e4f2d..373320dfe15a68997b174caa14763b73c601e2b9 100644
--- a/pkgs/applications/misc/keepassx/community.nix
+++ b/pkgs/applications/misc/keepassx/community.nix
@@ -26,13 +26,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "keepassxc-${version}";
- version = "2.3.1";
+ version = "2.3.2";
src = fetchFromGitHub {
owner = "keepassxreboot";
repo = "keepassxc";
rev = "${version}";
- sha256 = "1xlg8zb22c2f1pi2has4f4qwggd0m2z254f0d6jrgz368x4g3p87";
+ sha256 = "13gf7rsan6fjkdr46xkr08d150nh194fkbzb4cazwd7rf05agw1y";
};
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang [
diff --git a/pkgs/applications/misc/lilyterm/default.nix b/pkgs/applications/misc/lilyterm/default.nix
index 36527cdbe7c3b477d1e0fd048cd9cb45d70e1c69..662ca9761fb2297362f6d6b793be8971cbd8f1db 100644
--- a/pkgs/applications/misc/lilyterm/default.nix
+++ b/pkgs/applications/misc/lilyterm/default.nix
@@ -15,7 +15,7 @@ let
then rec {
version = "0.9.9.4";
src = fetchurl {
- url = "http://lilyterm.luna.com.tw/file/lilyterm-${version}.tar.gz";
+ url = "https://lilyterm.luna.com.tw/file/lilyterm-${version}.tar.gz";
sha256 = "0x2x59qsxq6d6xg5sd5lxbsbwsdvkwqlk17iw3h4amjg3m1jc9mp";
};
}
@@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
longDescription = ''
LilyTerm is a terminal emulator based off of libvte that aims to be fast and lightweight.
'';
- homepage = http://lilyterm.luna.com.tw/;
+ homepage = https://lilyterm.luna.com.tw/;
license = licenses.gpl3;
maintainers = with maintainers; [ AndersonTorres Profpatsch ];
platforms = platforms.linux;
diff --git a/pkgs/applications/misc/limesuite/default.nix b/pkgs/applications/misc/limesuite/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..4599fab0c6d6e6654f67aa4c0e810ff625428bca
--- /dev/null
+++ b/pkgs/applications/misc/limesuite/default.nix
@@ -0,0 +1,53 @@
+{ stdenv, fetchFromGitHub, cmake
+, sqlite, wxGTK30, libusb1, soapysdr
+, mesa_glu, libX11, gnuplot, fltk
+} :
+
+let
+ version = "18.04.1";
+
+in stdenv.mkDerivation {
+ name = "limesuite-${version}";
+
+ src = fetchFromGitHub {
+ owner = "myriadrf";
+ repo = "LimeSuite";
+ rev = "v${version}";
+ sha256 = "1aaqnwif1j045hvj011k5dyqxgxx72h33r4al74h5f8al81zvzj9";
+ };
+
+ nativeBuildInputs = [ cmake ];
+
+ buildInputs = [
+ libusb1
+ sqlite
+ wxGTK30
+ fltk
+ gnuplot
+ libusb1
+ soapysdr
+ mesa_glu
+ libX11
+ ];
+
+ postInstall = ''
+ mkdir -p $out/lib/udev/rules.d
+ cp ../udev-rules/64-limesuite.rules $out/lib/udev/rules.d
+
+ mkdir -p $out/share/limesuite
+ cp bin/Release/lms7suite_mcu/* $out/share/limesuite
+
+ cp bin/dualRXTX $out/bin
+ cp bin/basicRX $out/bin
+ cp bin/singleRX $out/bin
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Driver and GUI for LMS7002M-based SDR platforms";
+ homepage = https://github.com/myriadrf/LimeSuite;
+ license = licenses.asl20;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
+
diff --git a/pkgs/applications/misc/makeself/default.nix b/pkgs/applications/misc/makeself/default.nix
index 8a752bbaf86ec15cf65b054c45f4fcf574d16f61..a9ec2760e8ad7be9598800d8de0b35737b8b2a58 100644
--- a/pkgs/applications/misc/makeself/default.nix
+++ b/pkgs/applications/misc/makeself/default.nix
@@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub }:
stdenv.mkDerivation rec {
- version = "2.3.1";
+ version = "2.4.0";
name = "makeself-${version}";
src = fetchFromGitHub {
owner = "megastep";
repo = "makeself";
rev = "release-${version}";
- sha256 = "01r7vb9vyb99s3g5cw0c04s1ahcingynk3ki17wknlk2asjrbc4p";
+ sha256 = "1lw3gx1zpzp2wmzrw5v7k31vfsrdzadqha9ni309fp07g8inrr9n";
};
patchPhase = ''
diff --git a/pkgs/applications/misc/minergate/default.nix b/pkgs/applications/misc/minergate/default.nix
index acf0731f0aeb61b66d25b21c21b725162d5813ef..d11e889e932c8912e82be4c7418a795c7522c2c7 100644
--- a/pkgs/applications/misc/minergate/default.nix
+++ b/pkgs/applications/misc/minergate/default.nix
@@ -1,12 +1,10 @@
{ fetchurl, stdenv, dpkg, makeWrapper, fontconfig, freetype, openssl, xorg, xkeyboard_config }:
-assert stdenv.system == "x86_64-linux";
-
stdenv.mkDerivation rec {
version = "8.1";
name = "minergate-${version}";
src = fetchurl {
- url = "https://minergate.com/download/ubuntu";
+ url = "https://minergate.com/download/ubuntu";
sha256 = "1dbbbb8e0735cde239fca9e82c096dcc882f6cecda20bba7c14720a614c16e13";
};
@@ -15,12 +13,12 @@ stdenv.mkDerivation rec {
phases = [ "installPhase" ];
installPhase = ''
- dpkg-deb -x $src $out
+ dpkg-deb -x $src $out
pgm=$out/opt/minergate/minergate
interpreter=${stdenv.glibc}/lib/ld-linux-x86-64.so.2
patchelf --set-interpreter "$interpreter" $pgm
-
+
wrapProgram $pgm --prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [ fontconfig freetype openssl stdenv.cc.cc xorg.libX11 xorg.libxcb ]} --prefix "QT_XKB_CONFIG_ROOT" ":" "${xkeyboard_config}/share/X11/xkb"
rm $out/usr/bin/minergate
@@ -35,5 +33,4 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ bfortz ];
platforms = [ "x86_64-linux" ];
};
-}
-
+}
diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix
index 000a916b737ad7b331b20ee361b6c1d307f4528d..fbc7da070211fbe446e435cf52fb31d4be05da46 100644
--- a/pkgs/applications/misc/mupdf/default.nix
+++ b/pkgs/applications/misc/mupdf/default.nix
@@ -14,77 +14,19 @@ let
in stdenv.mkDerivation rec {
- version = "1.12.0";
+ version = "1.13.0";
name = "mupdf-${version}";
src = fetchurl {
url = "https://mupdf.com/downloads/archive/${name}-source.tar.gz";
- sha256 = "0mc7a92zri27lk17wdr2iffarbfi4lvrmxhc53sz84hm5yl56qsw";
+ sha256 = "02faww5bnjw76k6igrjzwf0lnw4xd9ckc8d6ilc3c4gfrdi6j707";
};
patches = [
- # Compatibility with new openjpeg
- (fetchpatch {
- name = "mupdf-1.12-openjpeg-version.patch";
- url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/0001-mupdf-openjpeg.patch?h=packages/mupdf&id=a910cd33a2b311712f83710dc042fbe80c104306";
- sha256 = "05i9v2ia586jyjqdb7g68ss4vkfwgp6cwhagc8zzggsba83azyqk";
- })
- (fetchpatch {
- name = "CVE-2018-6544.1.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=b03def134988da8c800adac1a38a41a1f09a1d89;hp=26527eef77b3e51c2258c8e40845bfbc015e405d";
- sha256 = "1rlmjibl73ls8xfpsz69axa3lw5l47vb0a1dsjqziszsld4lpj5i";
- })
- (fetchpatch {
- name = "CVE-2018-6544.2.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=26527eef77b3e51c2258c8e40845bfbc015e405d;hp=ab98356f959c7a6e94b1ec10f78dd2c33ed3f3e7";
- sha256 = "1brcc029s5zmd6ya0d9qk3mh9qwx5g6vhsf1j8h879092sya5627";
- })
- (fetchpatch {
- # Bugs 698804/698810/698811, 698819: Keep PDF object numbers below limit.
- name = "CVE-2017-17858.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731";
- sha256 = "1bf683d59i5009cv1hhmwmrp2rsb75cbf98qd44dk39cpvq8ydwv";
- })
- (fetchpatch {
- # Bug 698825: Do not drop borrowed colorspaces.
- name = "CVE-2018-1000051.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=321ba1de287016b0036bf4a56ce774ad11763384";
- sha256 = "0jbcc9j565q5y305pi888qzlp83zww6nhkqbsmkk91gim958zikm";
- })
- (fetchpatch {
- # Bug 698908 preprecondition: Add portable pseudo-random number generator based on the lrand48 family.
- name = "CVE-2018-6187.0.1.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=2d5b4683e912d6e6e1f1e2ca5aa0297beb3e6807";
- sha256 = "028bxinbjs5gg9myjr3vs366qxg9l2iyba2j3pxkxsh1851hj728";
- })
- (fetchpatch {
- # Bug 698908 precondition: Fix "being able to search for redacted text" bug.
- name = "CVE-2018-6187.0.2.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=25593f4f9df0c4a9b9adaa84aaa33fe2a89087f6";
- sha256 = "195y69c3f8yqxcsa0bxrmxbdc3fx1dzvz8v66i56064mjj0mx04s";
- })
- (fetchpatch {
- # Bug 698908: Resize object use and renumbering lists after repair.
- name = "CVE-2018-6187.1.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=3e30fbb7bf5efd88df431e366492356e7eb969ec";
- sha256 = "0wzbqj750h06q1wa6vxbpv5a5q9pfg0cxjdv88yggkrjb3vrkd9j";
- })
- (fetchpatch {
- # Bug 698908: Plug PDF object leaks when decimating pages in pdfposter.
- name = "CVE-2018-6187.2.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=a71e7c85a9f2313cde20d4479cd727a5f5518ed2";
- sha256 = "1pcjkq8lg6l2m0186rl79lilg79crgdvz9hrmm3w60gy2gxkgksc";
- })
- (fetchpatch {
- # Bug 698916: Indirect object numbers must be in range.
- name = "CVE-2018-6192.patch";
- url = "http://git.ghostscript.com/?p=mupdf.git;a=patch;h=5e411a99604ff6be5db9e273ee84737204113299";
- sha256 = "134zc07fp0p1mwqa8xrkq3drg4crajzf1hjf4mdwmcy1jfj2pfhj";
- })
]
# Use shared libraries to decrease size
- ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.12-shared_libs-1.patch
+ ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.13-shared_libs-1.patch
++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch
;
diff --git a/pkgs/applications/misc/mupdf/mupdf-1.12-shared_libs-1.patch b/pkgs/applications/misc/mupdf/mupdf-1.13-shared_libs-1.patch
similarity index 80%
rename from pkgs/applications/misc/mupdf/mupdf-1.12-shared_libs-1.patch
rename to pkgs/applications/misc/mupdf/mupdf-1.13-shared_libs-1.patch
index b39f005ed74a179f008498347fe56989ff55c5ee..e29f1f52077c36274e3e3b4ece9eb065e0173436 100644
--- a/pkgs/applications/misc/mupdf/mupdf-1.12-shared_libs-1.patch
+++ b/pkgs/applications/misc/mupdf/mupdf-1.13-shared_libs-1.patch
@@ -9,22 +9,24 @@
LIBS += $(XLIBS) -lm
LIBS += $(FREETYPE_LIBS)
-@@ -312,9 +312,9 @@
+@@ -312,10 +312,10 @@
# --- Library ---
-MUPDF_LIB = $(OUT)/libmupdf.a
-THIRD_LIB = $(OUT)/libmupdfthird.a
-THREAD_LIB = $(OUT)/libmuthreads.a
+-PKCS7_LIB = $(OUT)/libmupkcs7.a
+MUPDF_LIB = $(OUT)/libmupdf.so
+THIRD_LIB = $(OUT)/libmupdfthird.so
+THREAD_LIB = $(OUT)/libmuthreads.so
++PKCS7_LIB = $(OUT)/libmupkcs7.so
MUPDF_OBJ := \
$(FITZ_OBJ) \
-@@ -343,11 +343,14 @@
-
- THREAD_OBJ := $(THREAD_OBJ)
+@@ -343,13 +343,17 @@
+ $(ZLIB_OBJ) \
+ $(LCMS2_OBJ)
-$(MUPDF_LIB) : $(MUPDF_OBJ)
+$(MUPDF_LIB) : $(MUPDF_OBJ) $(THIRD_LIB) $(THREAD_LIB)
@@ -33,9 +35,11 @@
+ $(LINK_CMD) -shared -Wl,-soname -Wl,libmupdfthird.so -Wl,--no-undefined
$(THREAD_LIB) : $(THREAD_OBJ)
+ $(LINK_CMD) -shared -Wl,-soname -Wl,libmuthreads.so -Wl,--no-undefined -lpthread
+ $(PKCS7_LIB) : $(PKCS7_OBJ)
++ $(LINK_CMD) -shared -Wl,-soname -Wl,libmupkcs7.so
-INSTALL_LIBS := $(MUPDF_LIB) $(THIRD_LIB)
-+INSTALL_LIBS := $(MUPDF_LIB) $(THIRD_LIB) $(THREAD_LIB)
++INSTALL_LIBS := $(MUPDF_LIB) $(THIRD_LIB) $(THREAD_LIB) $(PKCS7_LIB)
# --- Tools and Apps ---
diff --git a/pkgs/applications/misc/mwic/default.nix b/pkgs/applications/misc/mwic/default.nix
index 02c18109abc23d72033510642597a315b16db216..67e6ed3fa9ce9388d7c2ae313a8b0646250761f8 100644
--- a/pkgs/applications/misc/mwic/default.nix
+++ b/pkgs/applications/misc/mwic/default.nix
@@ -1,12 +1,12 @@
{ stdenv, fetchurl, pythonPackages }:
stdenv.mkDerivation rec {
- version = "0.7.4";
+ version = "0.7.5";
name = "mwic-${version}";
src = fetchurl {
url = "https://github.com/jwilk/mwic/releases/download/${version}/${name}.tar.gz";
- sha256 = "0c0xk7wx4vaamlry6srdixw1q6afmqznvxdzcg1skr0qjypw5i5q";
+ sha256 = "1b4fz9vs0aihg9nj9aj6d2jmykpa9nxi9rvz06v50wwk515plpmc";
};
makeFlags=["PREFIX=\${out}"];
diff --git a/pkgs/applications/misc/open-pdf-presenter/default.nix b/pkgs/applications/misc/open-pdf-presenter/default.nix
deleted file mode 100644
index 0f40a236c5870582ba486d91a7b93b5d23204326..0000000000000000000000000000000000000000
--- a/pkgs/applications/misc/open-pdf-presenter/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake, qt4, pythonPackages }:
-
-stdenv.mkDerivation rec {
- name = "open-pdf-presenter-git-2014-09-23";
-
- src = fetchFromGitHub {
- owner = "olabini";
- repo = "open-pdf-presenter";
- rev = "f14930871b60b6ba50298c27377605e0a5fdf124";
- sha256 = "1lfqb60zmjmsvzpbz29m8yxlzs2fscingyk8jvisng1y921726rr";
- };
-
- buildInputs = [ cmake qt4 pythonPackages.poppler-qt4 ];
-
- meta = {
- homepage = https://github.com/olabini/open-pdf-presenter;
- description = "A program for presenting PDFs on multi-monitor settings (typically a laptop connected to a overhead projector)";
- license = stdenv.lib.licenses.gpl3;
- maintainers = [ ];
- platforms = stdenv.lib.platforms.all;
- };
-}
diff --git a/pkgs/applications/misc/pdf-quench/default.nix b/pkgs/applications/misc/pdf-quench/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..c567a7903b81372f818cc411c14eff8fb91e3761
--- /dev/null
+++ b/pkgs/applications/misc/pdf-quench/default.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchFromGitHub, pkgs, pythonPackages, wrapGAppsHook}:
+
+pythonPackages.buildPythonApplication rec {
+ name = "pdf-quench-${version}";
+ version = "1.0.5";
+
+ src = fetchFromGitHub {
+ owner = "linuxerwang";
+ repo = "pdf-quench";
+ rev = "b72b3970b371026f9a7ebe6003581e8a63af98f6";
+ sha256 = "1rp9rlwr6rarcsxygv5x2c5psgwl6r69k0lsgribgyyla9cf2m7n";
+ };
+
+ nativeBuildInputs = [ wrapGAppsHook ];
+ buildInputs = with pkgs; [
+ gtk3
+ gobjectIntrospection
+ goocanvas2
+ poppler_gi
+ ];
+ propagatedBuildInputs = with pythonPackages; [ pygobject3 pypdf2 ];
+
+ format = "other";
+ doCheck = false;
+
+ installPhase = ''
+ install -D -T -m 755 src/pdf_quench.py $out/bin/pdf-quench
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/linuxerwang/pdf-quench;
+ description = "A visual tool for cropping pdf files";
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ flokli ];
+ };
+}
diff --git a/pkgs/applications/misc/pdfpc/default.nix b/pkgs/applications/misc/pdfpc/default.nix
index 515127e12ebbe34a24f0599ff576f5e0a9925230..f3fd091363f021dc539ffda9ade4e7aab39014af 100644
--- a/pkgs/applications/misc/pdfpc/default.nix
+++ b/pkgs/applications/misc/pdfpc/default.nix
@@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "${product}-${version}";
product = "pdfpc";
- version = "4.1";
+ version = "4.1.1";
src = fetchFromGitHub {
repo = "pdfpc";
owner = "pdfpc";
rev = "v${version}";
- sha256 = "02cp0x5prqrizxdp0sf2sk5ip0363vyw6fxsb3zwyx4dw0vz4g96";
+ sha256 = "1yjh9rx49d24wlwg44r2a6b5scybp8l1fi9wyf05sig6zfziw1mm";
};
nativeBuildInputs = [
diff --git a/pkgs/applications/misc/playonlinux/default.nix b/pkgs/applications/misc/playonlinux/default.nix
index 9fb15aab2d450e03ec6849457d6e9b077c10dfb8..2ad6321d51911087c386740bfc7dfda084c3667c 100644
--- a/pkgs/applications/misc/playonlinux/default.nix
+++ b/pkgs/applications/misc/playonlinux/default.nix
@@ -21,8 +21,6 @@
, curl
}:
-assert stdenv.isLinux;
-
let
version = "4.2.12";
diff --git a/pkgs/applications/misc/plover/default.nix b/pkgs/applications/misc/plover/default.nix
index b8fa38268c385dfc4e43d4ef011ec9f0ba1ec0df..09558ff4c47f4d63ef60b1f9ad32d5eace5bf0ab 100644
--- a/pkgs/applications/misc/plover/default.nix
+++ b/pkgs/applications/misc/plover/default.nix
@@ -1,26 +1,47 @@
-{ stdenv, fetchurl, python27Packages, wmctrl }:
+{ stdenv, fetchurl, python27Packages, python36Packages, wmctrl }:
-python27Packages.buildPythonPackage rec {
- name = "plover-${version}";
- version = "3.1.0";
+{
+ stable = with python27Packages; buildPythonPackage rec {
+ name = "plover-${version}";
+ version = "3.1.1";
- meta = with stdenv.lib; {
- description = "OpenSteno Plover stenography software";
- maintainers = with maintainers; [ twey kovirobi ];
- license = licenses.gpl2;
- };
+ meta = with stdenv.lib; {
+ description = "OpenSteno Plover stenography software";
+ maintainers = with maintainers; [ twey kovirobi ];
+ license = licenses.gpl2;
+ };
+
+ src = fetchurl {
+ url = "https://github.com/openstenoproject/plover/archive/v${version}.tar.gz";
+ sha256 = "1hdg5491phx6svrxxsxp8v6n4b25y7y4wxw7x3bxlbyhaskgj53r";
+ };
- src = fetchurl {
- url = "https://github.com/openstenoproject/plover/archive/v${version}.tar.gz";
- sha256 = "1zdlgyjp93sfvk6by7rsh9hj4ijzplglrxpcpkcir6c3nq2bixl4";
+ buildInputs = [ pytest mock ];
+ propagatedBuildInputs = [
+ six setuptools pyserial appdirs hidapi wxPython xlib wmctrl
+ ];
};
- # This is a fix for https://github.com/pypa/pip/issues/3624 causing regression https://github.com/pypa/pip/issues/3781
- postPatch = ''
- substituteInPlace setup.py --replace " in sys_platform" " == sys_platform"
- '';
+ dev = with python36Packages; buildPythonPackage rec {
+ name = "plover-${version}";
+ version = "4.0.0.dev6";
+
+ meta = with stdenv.lib; {
+ description = "OpenSteno Plover stenography software";
+ maintainers = with maintainers; [ twey kovirobi ];
+ license = licenses.gpl2;
+ };
- buildInputs = with python27Packages; [ pytest mock ];
- propagatedBuildInputs = with python27Packages; [ six setuptools pyserial appdirs hidapi
- wxPython xlib wmctrl ];
+ src = fetchurl {
+ url = "https://github.com/openstenoproject/plover/archive/v${version}.tar.gz";
+ sha256 = "067rkpqnjjxwyv9cwh9i925ndba6fvj6q0r56lizy0l26b4jc8rp";
+ };
+
+ # I'm not sure why we don't find PyQt5 here but there's a similar
+ # sed on many of the platforms Plover builds for
+ postPatch = "sed -i /PyQt5/d setup.cfg";
+
+ buildInputs = [ pytest mock ];
+ propagatedBuildInputs = [ Babel pyqt5 xlib pyserial appdirs ];
+ };
}
diff --git a/pkgs/applications/misc/qpdfview/default.nix b/pkgs/applications/misc/qpdfview/default.nix
index e3e7ff950b0c82c9c53e595b8df8a8cf01afd7da..f836ce5b80851374a94187fca720bc4c304236f2 100644
--- a/pkgs/applications/misc/qpdfview/default.nix
+++ b/pkgs/applications/misc/qpdfview/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, qt4, pkgconfig, poppler_qt4, djvulibre, libspectre, cups
+{stdenv, fetchurl, qmake, qtbase, qtsvg, pkgconfig, poppler_qt5, djvulibre, libspectre, cups
, file, ghostscript
}:
let
@@ -10,9 +10,9 @@ let
url="https://launchpad.net/qpdfview/trunk/${version}/+download/qpdfview-${version}.tar.gz";
sha256 = "0zysjhr58nnmx7ba01q3zvgidkgcqxjdj4ld3gx5fc7wzvl1dm7s";
};
- nativeBuildInputs = [ pkgconfig ];
+ nativeBuildInputs = [ qmake pkgconfig ];
buildInputs = [
- qt4 poppler_qt4 djvulibre libspectre cups file ghostscript
+ qtbase qtsvg poppler_qt5 djvulibre libspectre cups file ghostscript
];
in
stdenv.mkDerivation {
@@ -21,13 +21,12 @@ stdenv.mkDerivation {
src = fetchurl {
inherit (s) url sha256;
};
- configurePhase = ''
- qmake *.pro
- for i in *.pro; do
- qmake "$i" -o "Makefile.$(basename "$i" .pro)"
- done
- sed -e "s@/usr/@$out/@g" -i Makefile*
+
+ # TODO: revert this once placeholder is supported
+ preConfigure = ''
+ qmakeFlags="$qmakeFlags *.pro TARGET_INSTALL_PATH=$out/bin PLUGIN_INSTALL_PATH=$out/lib/qpdfview DATA_INSTALL_PATH=$out/share/qpdfview MANUAL_INSTALL_PATH=$out/share/man/man1 ICON_INSTALL_PATH=$out/share/icons/hicolor/scalable/apps LAUNCHER_INSTALL_PATH=$out/share/applications APPDATA_INSTALL_PATH=$out/share/appdata"
'';
+
meta = {
inherit (s) version;
description = "A tabbed document viewer";
diff --git a/pkgs/applications/misc/robo3t/default.nix b/pkgs/applications/misc/robo3t/default.nix
index 8928ee18064db2844337f912a1708bf3ad7dcd09..be365cb94e4e1f059e01f0d598a06393e672376f 100644
--- a/pkgs/applications/misc/robo3t/default.nix
+++ b/pkgs/applications/misc/robo3t/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, zlib, glib, xorg, dbus, fontconfig,
+{ stdenv, fetchurl, zlib, glib, xorg, dbus, fontconfig, libGL,
freetype, xkeyboard_config, makeDesktopItem, makeWrapper }:
stdenv.mkDerivation rec {
@@ -41,6 +41,7 @@ stdenv.mkDerivation rec {
dbus
fontconfig
freetype
+ libGL
];
installPhase = ''
diff --git a/pkgs/applications/misc/soapyairspy/default.nix b/pkgs/applications/misc/soapyairspy/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..af72c784135d48ec1b53cd25c0ac2ccf6bf25c72
--- /dev/null
+++ b/pkgs/applications/misc/soapyairspy/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub, cmake
+, airspy, soapysdr
+} :
+
+let
+ version = "0.1.1";
+
+in stdenv.mkDerivation {
+ name = "soapyairspy-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapyAirspy";
+ rev = "soapy-airspy-${version}";
+ sha256 = "072vc9619s9f22k7639krr1p2418cmhgm44yhzy7x9dzapc43wvk";
+ };
+
+ nativeBuildInputs = [ cmake ];
+ buildInputs = [ airspy soapysdr ];
+
+ cmakeFlags = [ "-DSoapySDR_DIR=${soapysdr}/share/cmake/SoapySDR/" ];
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapyAirspy;
+ description = "SoapySDR plugin for Airspy devices";
+ license = licenses.mit;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/misc/soapybladerf/default.nix b/pkgs/applications/misc/soapybladerf/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..4e1adc32946eca606050c8440b5e0d0513ab83cd
--- /dev/null
+++ b/pkgs/applications/misc/soapybladerf/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchFromGitHub, cmake, pkgconfig
+, libbladeRF, soapysdr
+} :
+
+let
+ version = "0.3.5";
+
+in stdenv.mkDerivation {
+ name = "soapybladerf-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapyBladeRF";
+ rev = "soapy-bladerf-${version}";
+ sha256 = "1n7vy6y8k1smq3l729npxbhxbnrc79gz06dxkibsihz4k8sddkrg";
+ };
+
+ nativeBuildInputs = [ cmake pkgconfig ];
+ buildInputs = [ libbladeRF soapysdr ];
+
+ cmakeFlags = [ "-DSoapySDR_DIR=${soapysdr}/share/cmake/SoapySDR/" ];
+
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapyBladeRF;
+ description = "SoapySDR plugin for BladeRF devices";
+ license = licenses.lgpl21;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/misc/soapyhackrf/default.nix b/pkgs/applications/misc/soapyhackrf/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..f5543af9c60b05dac204f4e9526d9c95aa7f2d1f
--- /dev/null
+++ b/pkgs/applications/misc/soapyhackrf/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub, cmake, pkgconfig
+, hackrf, soapysdr
+} :
+
+let
+ version = "0.3.2";
+
+in stdenv.mkDerivation {
+ name = "soapyhackrf-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapyHackRF";
+ rev = "soapy-hackrf-${version}";
+ sha256 = "1sgx2nk8yrzfwisjfs9mw0xwc47bckzi17p42s2pbv7zcxzpb66p";
+ };
+
+ nativeBuildInputs = [ cmake pkgconfig ];
+ buildInputs = [ hackrf soapysdr ];
+
+ cmakeFlags = [ "-DSoapySDR_DIR=${soapysdr}/share/cmake/SoapySDR/" ];
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapyHackRF;
+ description = "SoapySDR plugin for HackRF devices";
+ license = licenses.mit;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/misc/soapyremote/default.nix b/pkgs/applications/misc/soapyremote/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d10b09f99a8d211feb04df717c1e3a22923525e9
--- /dev/null
+++ b/pkgs/applications/misc/soapyremote/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, fetchFromGitHub, cmake, soapysdr }:
+
+let
+ version = "0.4.3";
+
+in stdenv.mkDerivation {
+ name = "soapyremote-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapyRemote";
+ rev = "d07f43863b1ef79252f8029cfb5947220f21311d";
+ sha256 = "0i101dfqq0aawybv0qyjgsnhk39dc4q6z6ys2gsvwjhpf3d48aw0";
+ };
+
+ nativeBuildInputs = [ cmake ];
+ buildInputs = [ soapysdr ];
+
+ cmakeFlags = [ "-DSoapySDR_DIR=${soapysdr}/share/cmake/SoapySDR/" ];
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapyRemote;
+ description = "SoapySDR plugin for remote access to SDRs";
+ license = licenses.boost;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/misc/soapysdr/default.nix b/pkgs/applications/misc/soapysdr/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..6230f2f6f6a66f68f8b8b19dbeee3c6deac310f0
--- /dev/null
+++ b/pkgs/applications/misc/soapysdr/default.nix
@@ -0,0 +1,50 @@
+{ stdenv, lib, lndir, makeWrapper
+, fetchFromGitHub, cmake
+, libusb, pkgconfig
+, python, swig2, numpy, ncurses
+, extraPackages ? []
+} :
+
+let
+ version = "0.6.1";
+
+in stdenv.mkDerivation {
+ name = "soapysdr-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapySDR";
+ rev = "soapy-sdr-${version}";
+ sha256 = "1azbb2j6dv0b2dd5ks6yqd31j17sdhi9p82czwc8zy2isymax0l9";
+ };
+
+ nativeBuildInputs = [ cmake pkgconfig ];
+ buildInputs = [ libusb ncurses numpy swig2 python ];
+
+ cmakeFlags = [
+ "-DCMAKE_BUILD_TYPE=Release"
+ "-DUSE_PYTHON_CONFIG=ON"
+ ];
+
+ postFixup = lib.optionalString (lib.length extraPackages != 0) ''
+ # Join all plugins via symlinking
+ for i in ${toString extraPackages}; do
+ ${lndir}/bin/lndir -silent $i $out
+ done
+
+ # Needed for at least the remote plugin server
+ for file in out/bin/*; do
+ ${makeWrapper}/bin/wrapProgram "$file" \
+ --prefix SOAPY_SDR_PLUGIN_PATH : ${lib.makeSearchPath "lib/SoapySDR/modules0.6" extraPackages}
+ done
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapySDR;
+ description = "Vendor and platform neutral SDR support library";
+ license = licenses.boost;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
+
diff --git a/pkgs/applications/misc/soapyuhd/default.nix b/pkgs/applications/misc/soapyuhd/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..4f2a79c97fe2d2847cc8d39ef556b151006dad7e
--- /dev/null
+++ b/pkgs/applications/misc/soapyuhd/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchFromGitHub, cmake, pkgconfig
+, uhd, boost, soapysdr
+} :
+
+let
+ version = "0.3.4";
+
+in stdenv.mkDerivation {
+ name = "soapyuhd-${version}";
+
+ src = fetchFromGitHub {
+ owner = "pothosware";
+ repo = "SoapyUHD";
+ rev = "soapy-uhd-${version}";
+ sha256 = "1da7cjcvfdqhgznm7x14s1h7lwz5lan1b48akw445ah1vxwvh4hl";
+ };
+
+ nativeBuildInputs = [ cmake pkgconfig ];
+ buildInputs = [ uhd boost soapysdr ];
+
+ cmakeFlags = [ "-DSoapySDR_DIR=${soapysdr}/share/cmake/SoapySDR/" ];
+
+ postPatch = ''
+ sed -i "s:DESTINATION .*uhd/modules:DESTINATION $out/lib/uhd/modules:" CMakeLists.txt
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = https://github.com/pothosware/SoapyAirspy;
+ description = "SoapySDR plugin for UHD devices";
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ markuskowa ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/applications/misc/todiff/default.nix b/pkgs/applications/misc/todiff/default.nix
index 049a9eff347c798c11e8a76221aa685c9fef9e79..6af7fae34972acf726f9fa5ec15c5da0fa544f81 100644
--- a/pkgs/applications/misc/todiff/default.nix
+++ b/pkgs/applications/misc/todiff/default.nix
@@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
name = "todiff-${version}";
- version = "0.4.0";
+ version = "0.5.0";
src = fetchFromGitHub {
owner = "Ekleog";
repo = "todiff";
rev = version;
- sha256 = "0n3sifinwhny651q1v1a6y9ybim1b0nd5s1z26sigjdhdvxckn65";
+ sha256 = "0xnqw98nccnkqfdmbkblm897v981rw1fagbi5q895bpwfg0p71lk";
};
- cargoSha256 = "0mxdpn98fvmxrp656vwxvzl9vprz5mvqj7d1hvvs4gsjrsiyp0fy";
+ cargoSha256 = "0ih7lw5hbayvc66fjqwga0i7l3sb9qn0m26vnham5li39f5i3rqp";
meta = with stdenv.lib; {
description = "Human-readable diff for todo.txt files";
diff --git a/pkgs/applications/misc/vit/default.nix b/pkgs/applications/misc/vit/default.nix
index 37d7aeb88e6178323d55fdf526d3d9374d67c109..40a399247e9050a12eea6ae1055c6374614500b4 100644
--- a/pkgs/applications/misc/vit/default.nix
+++ b/pkgs/applications/misc/vit/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation {
meta = {
description = "Visual Interactive Taskwarrior";
maintainers = with pkgs.lib.maintainers; [ ];
- platforms = pkgs.lib.platforms.linux;
+ platforms = pkgs.lib.platforms.all;
license = pkgs.lib.licenses.gpl3;
};
}
diff --git a/pkgs/applications/misc/welle-io/default.nix b/pkgs/applications/misc/welle-io/default.nix
index d705de1a8cd6ca44190581789f39bb8554f57809..143ec518ac51944babca39c6f586a416f6422808 100644
--- a/pkgs/applications/misc/welle-io/default.nix
+++ b/pkgs/applications/misc/welle-io/default.nix
@@ -1,6 +1,6 @@
{ stdenv, buildEnv, fetchFromGitHub, cmake, pkgconfig
, qtbase, qtcharts, qtmultimedia, qtquickcontrols, qtquickcontrols2
-, faad2, rtl-sdr, libusb, fftwSinglePrec }:
+, faad2, rtl-sdr, soapysdr-with-plugins, libusb, fftwSinglePrec }:
let
version = "1.0-rc2";
@@ -28,10 +28,11 @@ in stdenv.mkDerivation {
qtquickcontrols
qtquickcontrols2
rtl-sdr
+ soapysdr-with-plugins
];
cmakeFlags = [
- "-DRTLSDR=true"
+ "-DRTLSDR=true" "-DSOAPYSDR=true"
];
enableParallelBuilding = true;
@@ -41,7 +42,6 @@ in stdenv.mkDerivation {
homepage = http://www.welle.io/;
maintainers = with maintainers; [ ck3d ];
license = licenses.gpl2;
- platforms = with platforms; linux ++ darwin;
+ platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin;
};
-
}
diff --git a/pkgs/applications/misc/xmrig/default.nix b/pkgs/applications/misc/xmrig/default.nix
index 88adbfff3b9ae83bacde420248912d9828398a85..5b389d99da76da20b8fd84f9a7fd2f98c0376738 100644
--- a/pkgs/applications/misc/xmrig/default.nix
+++ b/pkgs/applications/misc/xmrig/default.nix
@@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "xmrig-${version}";
- version = "2.5.3";
+ version = "2.6.1";
src = fetchFromGitHub {
owner = "xmrig";
repo = "xmrig";
rev = "v${version}";
- sha256 = "1f9z9akgaf27r5hjrsjw0clk47p7igi0slbg7z6c3rvy5q9kq0wp";
+ sha256 = "05gd3jl8nvj2b73l4x72rfbbxrkw3r8q1h761ly4z35v4f3lahk8";
};
nativeBuildInputs = [ cmake ];
@@ -28,6 +28,7 @@ stdenv.mkDerivation rec {
description = "Monero (XMR) CPU miner";
homepage = "https://github.com/xmrig/xmrig";
license = licenses.gpl3Plus;
+ platforms = [ "x86_64-linux" "x86_64-darwin" ];
maintainers = with maintainers; [ fpletz ];
};
}
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index b591d5d7ba0cdbd2ccdee45034c9182c59538237..923084a57385fc875538e8d2504889b0fe78df38 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -154,14 +154,10 @@ let
(githubPatch "ba4141e451f4e0b1b19410b1b503bd32e150df06" "1cjxw1f9fin6z12b0mcxnxf2mdjb0n3chwz7mgvmp9yij8qhqnxj")
(githubPatch "b34ed1e6524479d61ee944ebf6ca7389ea47e563" "1s13zw93nsyr259dzck6gbhg4x46qg5sg14djf4bvrrc6hlkiczw")
(githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z")
- (fetchpatch {
- ## see https://groups.google.com/a/chromium.org/forum/#!msg/chromium-packagers/So-ojMYOQdI/K66hndtdCAAJ
- url = "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch";
- sha256 = "0dc4cmd05qjqyihrd4qb34kz0jlapjgah8bzgnvxf9m4791w062z";
- })
] ++ optional enableWideVine ./patches/widevine.patch
- ++ optionals (stdenv.isAarch64 && versionRange "65" "66") [
+ ++ optionals (stdenv.isAarch64 && versionRange "65" "67") [
./patches/skia_buildfix.patch
+ ./patches/neon_buildfix.patch
];
postPatch = ''
diff --git a/pkgs/applications/networking/browsers/chromium/patches/neon_buildfix.patch b/pkgs/applications/networking/browsers/chromium/patches/neon_buildfix.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b44487ca634c26373e9e7ceccbaa678237c338a4
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/patches/neon_buildfix.patch
@@ -0,0 +1,21 @@
+diff --git a/skia/ext/convolver_neon.cc b/skia/ext/convolver_neon.cc
+index 26b91b9..cae6bc2 100644
+--- a/skia/ext/convolver_neon.cc
++++ b/skia/ext/convolver_neon.cc
+
+@@ -23,7 +23,7 @@
+ remainder[2] += coeff * pixels_left[i * 4 + 2];
+ remainder[3] += coeff * pixels_left[i * 4 + 3];
+ }
+- return {remainder[0], remainder[1], remainder[2], remainder[3]};
++ return vld1q_s32(remainder);
+ }
+
+ // Convolves horizontally along a single row. The row data is given in
+@@ -336,4 +336,4 @@
+ }
+ }
+
+-} // namespace skia
+\ No newline at end of file
++} // namespace skia
diff --git a/pkgs/applications/networking/browsers/chromium/plugins.nix b/pkgs/applications/networking/browsers/chromium/plugins.nix
index f0862aebafe522c516ee3a8e63c121a6ad19cf95..cb2121553ace26acdfd32119ef4519b7768eedb6 100644
--- a/pkgs/applications/networking/browsers/chromium/plugins.nix
+++ b/pkgs/applications/networking/browsers/chromium/plugins.nix
@@ -98,12 +98,12 @@ let
flash = stdenv.mkDerivation rec {
name = "flashplayer-ppapi-${version}";
- version = "29.0.0.140";
+ version = "29.0.0.171";
src = fetchzip {
url = "https://fpdownload.adobe.com/pub/flashplayer/pdc/"
+ "${version}/flash_player_ppapi_linux.x86_64.tar.gz";
- sha256 = "1p0jr7s6vyzxw1mhbrl5yx092z2wpvfw0jjw127gs576z0zwamwh";
+ sha256 = "1j7w81wjfrpkir11m719jdahnbnw4sph448hs90hvai6rsn3imib";
stripRoot = false;
};
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.nix b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
index d55cc12c165adee226ec433a9f8bf26a701e2572..7be5d2591150e268b0bdaef2c5546aaac16bea08 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.nix
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.nix
@@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
- sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
- sha256bin64 = "067gpmiwnpdaqarkz740plg0ixpp7642xf4qqkq32w9v8flx3y57";
- version = "66.0.3359.117";
+ sha256 = "136gx9qqbzfzaf19k0gxb8n4ypd4ycyr83i9v68nqdvy2k26vf4n";
+ sha256bin64 = "0w628afj5k4xygizlznwxkljgc1prxqc3lanaz6gdmyrl7gk1s7n";
+ version = "67.0.3396.18";
};
dev = {
- sha256 = "0058g5dm5nfm7wdpd9y4fn0dmi8bq013l0ky5fsn4j7msm55rrg5";
- sha256bin64 = "1ag8kg3jjv6jsxdjq33h4ksqhhhfaz5aqw9jaaqhfma908c5mc9y";
- version = "67.0.3396.10";
+ sha256 = "1yspf0n385ail9qxsmax58mfk5yi473ygsraqs83q30pfgxc5z2f";
+ sha256bin64 = "1gi1xpnjwkg7sxv94ksv6fiymw13rxdq2hyvza8b9famvfcaz07j";
+ version = "68.0.3409.2";
};
stable = {
- sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
- sha256bin64 = "1ycfq6pqk7a9kyqf2112agcxav360rxbqqdc1yil0qkmz51i9zdg";
- version = "66.0.3359.117";
+ sha256 = "1ck4wbi28702p1lfs4sz894ysbgm7fj79wrqj8srsy65z2ssaxdy";
+ sha256bin64 = "1vgrgay3h0961vj96ql2p0pb16gzfr48r4hk25rxdqbflnz7njz0";
+ version = "66.0.3359.139";
};
}
diff --git a/pkgs/applications/networking/browsers/firefox-bin/default.nix b/pkgs/applications/networking/browsers/firefox-bin/default.nix
index 5b01daeef510084cc12471b07eb61315aaedfda9..eaf304ca9fd4758c008cfc9d1f9988084428edf2 100644
--- a/pkgs/applications/networking/browsers/firefox-bin/default.nix
+++ b/pkgs/applications/networking/browsers/firefox-bin/default.nix
@@ -12,8 +12,6 @@
, gdk_pixbuf
, glib
, glibc
-, gst-plugins-base
-, gstreamer
, gtk2
, gtk3
, kerberos
@@ -30,6 +28,7 @@
, libcanberra-gtk2
, libgnome
, libgnomeui
+, libnotify
, defaultIconTheme
, libGLU_combined
, nspr
@@ -48,8 +47,6 @@
, gnupg
}:
-assert stdenv.isLinux;
-
let
inherit (generated) version sources;
@@ -100,8 +97,6 @@ stdenv.mkDerivation {
gdk_pixbuf
glib
glibc
- gst-plugins-base
- gstreamer
gtk2
gtk3
kerberos
@@ -118,6 +113,7 @@ stdenv.mkDerivation {
libcanberra-gtk2
libgnome
libgnomeui
+ libnotify
libGLU_combined
nspr
nss
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index 45917bf65c1e555cf4f8ea1dc0ea9b14318a094d..b619941820e626565074097cbf8d1465ffbdbf70 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -2,13 +2,13 @@
## various stuff that can be plugged in
, flashplayer, hal-flash
-, MPlayerPlugin, ffmpeg, gst_all, xorg, libpulseaudio, libcanberra-gtk2
+, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
, jrePlugin, icedtea_web
, trezor-bridge, bluejeans, djview4, adobe-reader
, google_talk_plugin, fribid, gnome3/*.gnome-shell*/
, esteidfirefoxplugin
, vlc_npapi
-, browserpass, chrome-gnome-shell
+, browserpass, chrome-gnome-shell, uget-integrator
, libudev
, kerberos
}:
@@ -64,15 +64,15 @@ let
([ ]
++ lib.optional (cfg.enableBrowserpass or false) browserpass
++ lib.optional (cfg.enableGnomeExtensions or false) chrome-gnome-shell
+ ++ lib.optional (cfg.enableUgetIntegrator or false) uget-integrator
++ extraNativeMessagingHosts
);
- libs = (if ffmpegSupport then [ ffmpeg ] else with gst_all; [ gstreamer gst-plugins-base ])
+ libs = lib.optional ffmpegSupport ffmpeg
++ lib.optional gssSupport kerberos
++ lib.optionals (cfg.enableQuakeLive or false)
(with xorg; [ stdenv.cc libX11 libXxf86dga libXxf86vm libXext libXt alsaLib zlib libudev ])
++ lib.optional (enableAdobeFlash && (cfg.enableAdobeFlashDRM or false)) hal-flash
++ lib.optional (config.pulseaudio or true) libpulseaudio;
- gst-plugins = with gst_all; [ gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-ffmpeg ];
gtk_modules = [ libcanberra-gtk2 ];
in stdenv.mkDerivation {
@@ -98,7 +98,6 @@ let
};
buildInputs = [makeWrapper]
- ++ lib.optional (!ffmpegSupport) gst-plugins
++ lib.optional (browser ? gtk3) browser.gtk3;
buildCommand = ''
@@ -118,9 +117,7 @@ let
--suffix PATH ':' "$out/bin" \
--set MOZ_APP_LAUNCHER "${browserName}${nameSuffix}" \
--set MOZ_SYSTEM_DIR "$out/lib/mozilla" \
- ${lib.optionalString (!ffmpegSupport)
- ''--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH"''
- + lib.optionalString (browser ? gtk3)
+ ${lib.optionalString (browser ? gtk3)
''--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share'
''
diff --git a/pkgs/applications/networking/browsers/lynx/default.nix b/pkgs/applications/networking/browsers/lynx/default.nix
index 9cad2838a39b20e9e1f71584c6689528dfba99b2..9cdd32d2aaed4d1eef0e1cc1fad60adcce8838f4 100644
--- a/pkgs/applications/networking/browsers/lynx/default.nix
+++ b/pkgs/applications/networking/browsers/lynx/default.nix
@@ -9,21 +9,24 @@ assert sslSupport -> openssl != null;
stdenv.mkDerivation rec {
name = "lynx-${version}";
- version = "2.8.9dev.16";
+ version = "2.8.9dev.17";
src = fetchurl {
urls = [
"ftp://ftp.invisible-island.net/lynx/tarballs/lynx${version}.tar.bz2"
"https://invisible-mirror.net/archives/lynx/tarballs/lynx${version}.tar.bz2"
];
- sha256 = "1j0vx871ghkm7fgrafnvd2ml3ywcl8d3gyhq02fhfb851c88lc84";
+ sha256 = "1lvfsnrw5mmwrmn1m76q9mx287xwm3h5lg8sv7bcqilc0ywi2f54";
};
enableParallelBuilding = true;
hardeningEnable = [ "pie" ];
- configureFlags = [ "--enable-widec" ] ++ stdenv.lib.optional sslSupport "--with-ssl";
+ configureFlags = [
+ "--enable-widec"
+ "--enable-ipv6"
+ ] ++ stdenv.lib.optional sslSupport "--with-ssl";
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ nukeReferences ]
@@ -40,7 +43,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "A text-mode web browser";
- homepage = http://lynx.invisible-island.net/;
+ homepage = https://lynx.invisible-island.net/;
license = licenses.gpl2Plus;
platforms = platforms.unix;
};
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix b/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix
index 162dd88054c75331c09de918b07714c00a5e946d..6c19b684aaa565d8a3ff6d7f5a14054d60f22feb 100644
--- a/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/default.nix
@@ -73,7 +73,7 @@ let
in
stdenv.mkDerivation rec {
name = "flashplayer-${version}";
- version = "29.0.0.140";
+ version = "29.0.0.171";
src = fetchurl {
url =
@@ -84,14 +84,14 @@ stdenv.mkDerivation rec {
sha256 =
if debug then
if arch == "x86_64" then
- "0bj0d899dswfbkbrm08c381yzm0hlqdv53sgbl2z9zj4x8rqyi3p"
+ "140galarr38lmfnd2chl2msvxizx96kdi000gbikir9xnd7bx1hc"
else
- "16as2dydgqip6qlg13jh83sd4lb2cgrny4ibqg7jlx1d1a1i0jwh"
+ "0wzmf12xrmyq8vqqyii932yx4nadrvkn2j9s86xcw67lb40xj5ig"
else
if arch == "x86_64" then
- "10s6j5izsy2v2ljljcv2vk898jg9xmp6zqqazmj07zy7m5vywfi7"
+ "17c57xgs0w71p4xsjw5an7dg484769wanq3kx86ppaqw8vqhnqc3"
else
- "0xk8a2brpzfxi87mqqfv8l5xi5j9x71cy0ik64dzwcq7ka16gpz1";
+ "06pjbc9050fgi2njzf9vm6py7c22i6chw852rbm8flx3cmplw23b";
};
nativeBuildInputs = [ unzip ];
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix b/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix
index 42d7aa2f56f06e81307713db1b043fd3b9699ba5..fa9c89b442bb34ba02ed1e271a504b7c482be490 100644
--- a/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/flashplayer/standalone.nix
@@ -55,7 +55,7 @@ let
in
stdenv.mkDerivation rec {
name = "flashplayer-standalone-${version}";
- version = "29.0.0.140";
+ version = "29.0.0.171";
src = fetchurl {
url =
@@ -65,9 +65,9 @@ stdenv.mkDerivation rec {
"https://fpdownload.macromedia.com/pub/flashplayer/updaters/29/flash_player_sa_linux.x86_64.tar.gz";
sha256 =
if debug then
- "1gvfm4z46m2y39fswpzhx18dlwcxwwy5mins3kx2m425dgp76zd5"
+ "1q2lmsb9g2cxbwxb712javmadk6vmcgkihd244394nr10isdzw67"
else
- "08a21c0l47w97xhwiby8j5055kl37ld5insfd459gz92d3f145fl";
+ "0qj5qdc9k53pgqxb5jpcbgfsgavmlyzp0cpz468c4zacsvxgq502";
};
nativeBuildInputs = [ unzip ];
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/trezor/default.nix b/pkgs/applications/networking/browsers/mozilla-plugins/trezor/default.nix
index db871c0c9a5b05cfdb07831116f505f8f7b5a774..fb6e85ccdbba3b0af3510f4984c318f0d3b14e2e 100644
--- a/pkgs/applications/networking/browsers/mozilla-plugins/trezor/default.nix
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/trezor/default.nix
@@ -1,7 +1,5 @@
{ stdenv, fetchurl, dpkg, zlib }:
-assert stdenv.system == "x86_64-linux" || stdenv.system == "i686-linux";
-
stdenv.mkDerivation {
name = "TREZOR-bridge-1.0.5";
@@ -42,6 +40,7 @@ stdenv.mkDerivation {
# Download URL, .deb content & hash (yikes) changed, not version.
# New archive doesn't contain any Mozilla plugin at all.
broken = true;
- };
+ platforms = platforms.linux;
+ };
-}
\ No newline at end of file
+}
diff --git a/pkgs/applications/networking/browsers/palemoon/default.nix b/pkgs/applications/networking/browsers/palemoon/default.nix
index 0c0ef501e9963cfefe7e969e57fc0b16a9846ce7..aa77f08473444f8cbfa64d16d8db36be62158ca0 100644
--- a/pkgs/applications/networking/browsers/palemoon/default.nix
+++ b/pkgs/applications/networking/browsers/palemoon/default.nix
@@ -10,14 +10,14 @@
stdenv.mkDerivation rec {
name = "palemoon-${version}";
- version = "27.8.3";
+ version = "27.9.0";
src = fetchFromGitHub {
name = "palemoon-src";
owner = "MoonchildProductions";
repo = "Pale-Moon";
rev = version + "_Release";
- sha256 = "1v3wliq8k5yq17ms214fhwka8x4l3sq8kja59dx4pbvczzb1zyzh";
+ sha256 = "181g1hy4k9xr6nlrw8jamp541gr5znny4mmpwwaa1lzq5v1w1sw6";
};
desktopItem = makeDesktopItem {
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
index 8a8abb42f55e1f71e34600d684f47bc013df24a6..a2094305db55aa4dc97d8a9fe490d1d043fdbbc1 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
@@ -340,7 +340,7 @@ stdenv.mkDerivation rec {
\
TMPDIR="\''${TMPDIR:-/tmp}" \
HOME="\$HOME" \
- XAUTHORITY="\$XAUTHORITY" \
+ XAUTHORITY="\''${XAUTHORITY:-}" \
DISPLAY="\$DISPLAY" \
DBUS_SESSION_BUS_ADDRESS="\$DBUS_SESSION_BUS_ADDRESS" \
\
diff --git a/pkgs/applications/networking/cluster/cni/plugins.nix b/pkgs/applications/networking/cluster/cni/plugins.nix
index 9f6b6fcb7e112a28d1671469b16d21e4761181cc..8a006edda6a80ca5ef9651d7d33045f5e74e96f1 100644
--- a/pkgs/applications/networking/cluster/cni/plugins.nix
+++ b/pkgs/applications/networking/cluster/cni/plugins.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "cni-plugins-${version}";
- version = "0.7.0";
+ version = "0.7.1";
src = fetchFromGitHub {
owner = "containernetworking";
repo = "plugins";
rev = "v${version}";
- sha256 = "0m885v76azs7lrk6m6n53rwh0xadwvdcr90h0l3bxpdv87sj2mnf";
+ sha256 = "1sywllwnr6lc812sgkqjdd3y10r82shl88dlnwgnbgzs738q2vp2";
};
buildInputs = [ go ];
diff --git a/pkgs/applications/networking/cluster/kontemplate/default.nix b/pkgs/applications/networking/cluster/kontemplate/default.nix
index 56cbef7f00553830ef8f5c02835d90632aa3bc41..fd599cd865868f480ab146e2211fa8ea9e7e0e82 100644
--- a/pkgs/applications/networking/cluster/kontemplate/default.nix
+++ b/pkgs/applications/networking/cluster/kontemplate/default.nix
@@ -2,7 +2,7 @@
buildGoPackage rec {
name = "kontemplate-${version}";
- version = "1.4.0";
+ version = "1.5.0";
goPackagePath = "github.com/tazjin/kontemplate";
goDeps = ./deps.nix;
@@ -10,7 +10,7 @@ buildGoPackage rec {
owner = "tazjin";
repo = "kontemplate";
rev = "v${version}";
- sha256 = "11aqc9sgyqz3pscx7njnb3xghl7d61vzdgl3bqndady0dxsccrpj";
+ sha256 = "0k3yr0ypw6brj1lxqs041zsyi0r09113i0x3xfj48zv4ralq74b6";
};
meta = with lib; {
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index 2b55543532701c590778514ffecfcffec83b653b..1a7ba3cf93dfff719abdea935e8e3059551cab6e 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -84,7 +84,7 @@ stdenv.mkDerivation rec {
meta = {
description = "Production-Grade Container Scheduling and Management";
license = licenses.asl20;
- homepage = http://kubernetes.io;
+ homepage = https://kubernetes.io;
maintainers = with maintainers; [offline];
platforms = platforms.unix;
};
diff --git a/pkgs/applications/networking/cluster/panamax/api/Gemfile b/pkgs/applications/networking/cluster/panamax/api/Gemfile
deleted file mode 100644
index 82085aa6db08b66d9ebe1a18c962aab52d896ea0..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/api/Gemfile
+++ /dev/null
@@ -1,23 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'rails', '4.1.7'
-gem 'puma', '2.8.2'
-gem 'sqlite3', '1.3.9'
-gem 'faraday_middleware', '0.9.0'
-gem 'docker-api', '1.13.0', require: 'docker'
-gem 'fleet-api', '0.6.0', require: 'fleet'
-gem 'active_model_serializers', '0.9.0'
-gem 'octokit', '3.2.0'
-gem 'kmts', '2.0.1'
-
-group :test, :development do
- gem 'rspec-rails'
- gem 'its'
-end
-
-group :test do
- gem 'coveralls', '0.7.0'
- gem 'shoulda-matchers', '2.6.1'
- gem 'database_cleaner', '1.3.0'
- gem 'webmock', '1.20.0'
-end
diff --git a/pkgs/applications/networking/cluster/panamax/api/Gemfile.lock b/pkgs/applications/networking/cluster/panamax/api/Gemfile.lock
deleted file mode 100644
index 597c691700ad24cd09b1eed2fee5905d2981dd80..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/api/Gemfile.lock
+++ /dev/null
@@ -1,164 +0,0 @@
-GEM
- remote: https://rubygems.org/
- specs:
- actionmailer (4.1.7)
- actionpack (= 4.1.7)
- actionview (= 4.1.7)
- mail (~> 2.5, >= 2.5.4)
- actionpack (4.1.7)
- actionview (= 4.1.7)
- activesupport (= 4.1.7)
- rack (~> 1.5.2)
- rack-test (~> 0.6.2)
- actionview (4.1.7)
- activesupport (= 4.1.7)
- builder (~> 3.1)
- erubis (~> 2.7.0)
- active_model_serializers (0.9.0)
- activemodel (>= 3.2)
- activemodel (4.1.7)
- activesupport (= 4.1.7)
- builder (~> 3.1)
- activerecord (4.1.7)
- activemodel (= 4.1.7)
- activesupport (= 4.1.7)
- arel (~> 5.0.0)
- activesupport (4.1.7)
- i18n (~> 0.6, >= 0.6.9)
- json (~> 1.7, >= 1.7.7)
- minitest (~> 5.1)
- thread_safe (~> 0.1)
- tzinfo (~> 1.1)
- addressable (2.3.6)
- archive-tar-minitar (0.5.2)
- arel (5.0.1.20140414130214)
- builder (3.2.2)
- coveralls (0.7.0)
- multi_json (~> 1.3)
- rest-client
- simplecov (>= 0.7)
- term-ansicolor
- thor
- crack (0.4.2)
- safe_yaml (~> 1.0.0)
- database_cleaner (1.3.0)
- diff-lcs (1.2.5)
- docile (1.1.5)
- docker-api (1.13.0)
- archive-tar-minitar
- excon (>= 0.37.0)
- json
- erubis (2.7.0)
- excon (0.37.0)
- faraday (0.8.9)
- multipart-post (~> 1.2.0)
- faraday_middleware (0.9.0)
- faraday (>= 0.7.4, < 0.9)
- fleet-api (0.6.0)
- faraday (= 0.8.9)
- faraday_middleware (= 0.9.0)
- hike (1.2.3)
- i18n (0.7.0)
- its (0.2.0)
- rspec-core
- json (1.8.1)
- kmts (2.0.1)
- mail (2.6.3)
- mime-types (>= 1.16, < 3)
- mime-types (2.4.3)
- minitest (5.5.1)
- multi_json (1.10.1)
- multipart-post (1.2.0)
- octokit (3.2.0)
- sawyer (~> 0.5.3)
- puma (2.8.2)
- rack (>= 1.1, < 2.0)
- rack (1.5.2)
- rack-test (0.6.3)
- rack (>= 1.0)
- rails (4.1.7)
- actionmailer (= 4.1.7)
- actionpack (= 4.1.7)
- actionview (= 4.1.7)
- activemodel (= 4.1.7)
- activerecord (= 4.1.7)
- activesupport (= 4.1.7)
- bundler (>= 1.3.0, < 2.0)
- railties (= 4.1.7)
- sprockets-rails (~> 2.0)
- railties (4.1.7)
- actionpack (= 4.1.7)
- activesupport (= 4.1.7)
- rake (>= 0.8.7)
- thor (>= 0.18.1, < 2.0)
- rake (10.4.0)
- rest-client (1.6.7)
- mime-types (>= 1.16)
- rspec-core (3.1.7)
- rspec-support (~> 3.1.0)
- rspec-expectations (3.1.2)
- diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.1.0)
- rspec-mocks (3.1.3)
- rspec-support (~> 3.1.0)
- rspec-rails (3.1.0)
- actionpack (>= 3.0)
- activesupport (>= 3.0)
- railties (>= 3.0)
- rspec-core (~> 3.1.0)
- rspec-expectations (~> 3.1.0)
- rspec-mocks (~> 3.1.0)
- rspec-support (~> 3.1.0)
- rspec-support (3.1.2)
- safe_yaml (1.0.4)
- sawyer (0.5.4)
- addressable (~> 2.3.5)
- faraday (~> 0.8, < 0.10)
- shoulda-matchers (2.6.1)
- activesupport (>= 3.0.0)
- simplecov (0.9.1)
- docile (~> 1.1.0)
- multi_json (~> 1.0)
- simplecov-html (~> 0.8.0)
- simplecov-html (0.8.0)
- sprockets (2.12.3)
- hike (~> 1.2)
- multi_json (~> 1.0)
- rack (~> 1.0)
- tilt (~> 1.1, != 1.3.0)
- sprockets-rails (2.2.4)
- actionpack (>= 3.0)
- activesupport (>= 3.0)
- sprockets (>= 2.8, < 4.0)
- sqlite3 (1.3.9)
- term-ansicolor (1.3.0)
- tins (~> 1.0)
- thor (0.19.1)
- thread_safe (0.3.4)
- tilt (1.4.1)
- tins (1.3.0)
- tzinfo (1.2.2)
- thread_safe (~> 0.1)
- webmock (1.20.0)
- addressable (>= 2.3.6)
- crack (>= 0.3.2)
-
-PLATFORMS
- ruby
-
-DEPENDENCIES
- active_model_serializers (= 0.9.0)
- coveralls (= 0.7.0)
- database_cleaner (= 1.3.0)
- docker-api (= 1.13.0)
- faraday_middleware (= 0.9.0)
- fleet-api (= 0.6.0)
- its
- kmts (= 2.0.1)
- octokit (= 3.2.0)
- puma (= 2.8.2)
- rails (= 4.1.7)
- rspec-rails
- shoulda-matchers (= 2.6.1)
- sqlite3 (= 1.3.9)
- webmock (= 1.20.0)
diff --git a/pkgs/applications/networking/cluster/panamax/api/default.nix b/pkgs/applications/networking/cluster/panamax/api/default.nix
deleted file mode 100644
index 1c2e2ccac27be815f38489b2565a794905d44023..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/api/default.nix
+++ /dev/null
@@ -1,74 +0,0 @@
-{ stdenv, fetchgit, fetchurl, makeWrapper, bundlerEnv, bundler
-, ruby, libxslt, libxml2, sqlite, openssl, docker
-, dataDir ? "/var/lib/panamax-api" }@args:
-
-with stdenv.lib;
-
-stdenv.mkDerivation rec {
- name = "panamax-api-${version}";
- version = "0.2.16";
-
- env = bundlerEnv {
- name = "panamax-api-gems-${version}";
- inherit ruby;
- gemdir = ./.;
- };
-
- bundler = args.bundler.override { inherit ruby; };
-
- database_yml = builtins.toFile "database.yml" ''
- production:
- adapter: sqlite3
- database: <%= ENV["PANAMAX_DATABASE_PATH"] || "${dataDir}/db/mnt/db.sqlite3" %>
- timeout: 5000
- '';
-
- src = fetchgit {
- rev = "refs/tags/v${version}";
- url = "git://github.com/CenturyLinkLabs/panamax-api";
- sha256 = "0dqg0fbmy5cgjh0ql8yqlybhjyyrslgghjrc24wjhd1rghjn2qi6";
- };
-
- buildInputs = [ makeWrapper sqlite openssl env.ruby bundler ];
-
- setSourceRoot = ''
- mkdir -p $out/share
- cp -R panamax-api $out/share/panamax-api
- export sourceRoot="$out/share/panamax-api"
- '';
-
- postPatch = ''
- find . -type f -exec sed -e 's|/usr/bin/docker|${docker}/bin/docker|g' -i "{}" \;
- '';
-
- configurePhase = ''
- export HOME=$PWD
- export GEM_HOME=${env}/${env.ruby.gemPath}
- export RAILS_ENV=production
-
- ln -sf ${database_yml} config/database.yml
- '';
-
- installPhase = ''
- rm -rf log tmp
- mv ./db ./_db
- ln -sf ${dataDir}/{db,state/log,state/tmp} .
-
- mkdir -p $out/bin
- makeWrapper bin/bundle "$out/bin/bundle" \
- --run "cd $out/share/panamax-api" \
- --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
- --prefix "HOME" : "$out/share/panamax-api" \
- --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
- --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
- '';
-
- meta = with stdenv.lib; {
- broken = true; # needs ruby 2.1
- homepage = https://github.com/CenturyLinkLabs/panamax-api;
- description = "The API behind The Panamax UI";
- license = licenses.asl20;
- maintainers = with maintainers; [ matejc offline ];
- platforms = platforms.linux;
- };
-}
diff --git a/pkgs/applications/networking/cluster/panamax/api/gemset.nix b/pkgs/applications/networking/cluster/panamax/api/gemset.nix
deleted file mode 100644
index 8182543a2bb9bcba4d1bab442cc9c51b2987ecbd..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/api/gemset.nix
+++ /dev/null
@@ -1,568 +0,0 @@
-{
- "actionmailer" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0qjv5akjbpgd4cx518k522mssvc3y3nki65hi6fj5nbzi7a6rwq5";
- };
- dependencies = [
- "actionpack"
- "actionview"
- "mail"
- ];
- };
- "actionpack" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "07y1ny00h69xklq260smyl5md052f617gqrzkyw5sxafs5z25zax";
- };
- dependencies = [
- "actionview"
- "activesupport"
- "rack"
- "rack-test"
- ];
- };
- "actionview" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "06sp37gfpn2jn7j6vlpp1y6vfi5kig60vyvixrjhyz0g4vgm13ax";
- };
- dependencies = [
- "activesupport"
- "builder"
- "erubis"
- ];
- };
- "active_model_serializers" = {
- version = "0.9.0";
- source = {
- type = "gem";
- sha256 = "1ws3gx3wwlm17w7k0agwzmcmww6627lvqaqm828lzm3g1xqilkkl";
- };
- dependencies = [
- "activemodel"
- ];
- };
- "activemodel" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0rlqzz25l7vsphgkilg80kmk20d9h357awi27ax6zzb9klkqh0jr";
- };
- dependencies = [
- "activesupport"
- "builder"
- ];
- };
- "activerecord" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0j4r0m32mjbwmz9gs8brln35jzr1cn7h585ggj0w0f1ai4hjsby5";
- };
- dependencies = [
- "activemodel"
- "activesupport"
- "arel"
- ];
- };
- "activesupport" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "13i3mz66d5kp5y39gjwmcfqv0wb6mxm5k1nnz40wvd38dsf7n3bs";
- };
- dependencies = [
- "i18n"
- "json"
- "minitest"
- "thread_safe"
- "tzinfo"
- ];
- };
- "addressable" = {
- version = "2.3.6";
- source = {
- type = "gem";
- sha256 = "137fj0whmn1kvaq8wjalp8x4qbblwzvg3g4bfx8d8lfi6f0w48p8";
- };
- };
- "archive-tar-minitar" = {
- version = "0.5.2";
- source = {
- type = "gem";
- sha256 = "1j666713r3cc3wb0042x0wcmq2v11vwwy5pcaayy5f0lnd26iqig";
- };
- };
- "arel" = {
- version = "5.0.1.20140414130214";
- source = {
- type = "gem";
- sha256 = "0dhnc20h1v8ml3nmkxq92rr7qxxpk6ixhwvwhgl2dbw9mmxz0hf9";
- };
- };
- "builder" = {
- version = "3.2.2";
- source = {
- type = "gem";
- sha256 = "14fii7ab8qszrvsvhz6z2z3i4dw0h41a62fjr2h1j8m41vbrmyv2";
- };
- };
- "coveralls" = {
- version = "0.7.0";
- source = {
- type = "gem";
- sha256 = "0sz30d7b83qqsj3i0fr691w05d62wj7x3afh0ryjkqkis3fq94j4";
- };
- dependencies = [
- "multi_json"
- "rest-client"
- "simplecov"
- "term-ansicolor"
- "thor"
- ];
- };
- "crack" = {
- version = "0.4.2";
- source = {
- type = "gem";
- sha256 = "1il94m92sz32nw5i6hdq14f1a2c3s9hza9zn6l95fvqhabq38k7a";
- };
- dependencies = [
- "safe_yaml"
- ];
- };
- "database_cleaner" = {
- version = "1.3.0";
- source = {
- type = "gem";
- sha256 = "19w25yda684pg29bggq26wy4lpyjvzscwg2hx3hmmmpysiwfnxgn";
- };
- };
- "diff-lcs" = {
- version = "1.2.5";
- source = {
- type = "gem";
- sha256 = "1vf9civd41bnqi6brr5d9jifdw73j9khc6fkhfl1f8r9cpkdvlx1";
- };
- };
- "docile" = {
- version = "1.1.5";
- source = {
- type = "gem";
- sha256 = "0m8j31whq7bm5ljgmsrlfkiqvacrw6iz9wq10r3gwrv5785y8gjx";
- };
- };
- "docker-api" = {
- version = "1.13.0";
- source = {
- type = "gem";
- sha256 = "1rara27gn7lxaf12dqkx8s1clssg10jndfcy4wz2fv6ms1i1lnp6";
- };
- dependencies = [
- "archive-tar-minitar"
- "excon"
- "json"
- ];
- };
- "erubis" = {
- version = "2.7.0";
- source = {
- type = "gem";
- sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3";
- };
- };
- "excon" = {
- version = "0.37.0";
- source = {
- type = "gem";
- sha256 = "05x7asmsq5m419n1lhzk9bic02gwng4cqmrcqsfnd6kmkwm8csv2";
- };
- };
- "faraday" = {
- version = "0.8.9";
- source = {
- type = "gem";
- sha256 = "17d79fsgx0xwh0mfxyz5pbr435qlw79phlfvifc546w2axdkp718";
- };
- dependencies = [
- "multipart-post"
- ];
- };
- "faraday_middleware" = {
- version = "0.9.0";
- source = {
- type = "gem";
- sha256 = "1kwvi2sdxd6j764a7q5iir73dw2v6816zx3l8cgfv0wr2m47icq2";
- };
- dependencies = [
- "faraday"
- ];
- };
- "fleet-api" = {
- version = "0.6.0";
- source = {
- type = "gem";
- sha256 = "0136mzc0fxp6mzh38n6xbg87cw9g9vq1nrlr3ylazbflvmlxgan6";
- };
- dependencies = [
- "faraday"
- "faraday_middleware"
- ];
- };
- "hike" = {
- version = "1.2.3";
- source = {
- type = "gem";
- sha256 = "0i6c9hrszzg3gn2j41v3ijnwcm8cc2931fnjiv6mnpl4jcjjykhm";
- };
- };
- "i18n" = {
- version = "0.7.0";
- source = {
- type = "gem";
- sha256 = "1i5z1ykl8zhszsxcs8mzl8d0dxgs3ylz8qlzrw74jb0gplkx6758";
- };
- };
- "its" = {
- version = "0.2.0";
- source = {
- type = "gem";
- sha256 = "0rxwds9ipqp48mzqcaxzmfcqhawazg0zlhc1avv3i2cmm3np1z8g";
- };
- dependencies = [
- "rspec-core"
- ];
- };
- "json" = {
- version = "1.8.1";
- source = {
- type = "gem";
- sha256 = "0002bsycvizvkmk1jyv8px1hskk6wrjfk4f7x5byi8gxm6zzn6wn";
- };
- };
- "kmts" = {
- version = "2.0.1";
- source = {
- type = "gem";
- sha256 = "1wk680q443lg35a25am6i8xawf16iqg5xnq1m8xd2gib4dsy1d8v";
- };
- };
- "mail" = {
- version = "2.6.3";
- source = {
- type = "gem";
- sha256 = "1nbg60h3cpnys45h7zydxwrl200p7ksvmrbxnwwbpaaf9vnf3znp";
- };
- dependencies = [
- "mime-types"
- ];
- };
- "mime-types" = {
- version = "2.4.3";
- source = {
- type = "gem";
- sha256 = "16nissnb31wj7kpcaynx4gr67i7pbkzccfg8k7xmplbkla4rmwiq";
- };
- };
- "minitest" = {
- version = "5.5.1";
- source = {
- type = "gem";
- sha256 = "1h8jn0rgmwy37jnhfcg55iilw0n370vgp8xnh0g5laa8rhv32fyn";
- };
- };
- "multi_json" = {
- version = "1.10.1";
- source = {
- type = "gem";
- sha256 = "1ll21dz01jjiplr846n1c8yzb45kj5hcixgb72rz0zg8fyc9g61c";
- };
- };
- "multipart-post" = {
- version = "1.2.0";
- source = {
- type = "gem";
- sha256 = "12p7lnmc52di1r4h73h6xrpppplzyyhani9p7wm8l4kgf1hnmwnc";
- };
- };
- "octokit" = {
- version = "3.2.0";
- source = {
- type = "gem";
- sha256 = "07ll3x1hv72zssb4hkdw56xg3xk6x4fch4yf38zljvbh388r11ng";
- };
- dependencies = [
- "sawyer"
- ];
- };
- "puma" = {
- version = "2.8.2";
- source = {
- type = "gem";
- sha256 = "1l57fmf8vyxfjv7ab5znq0k339cym5ghnm5xxfvd1simjp73db0k";
- };
- dependencies = [
- "rack"
- ];
- };
- "rack" = {
- version = "1.5.2";
- source = {
- type = "gem";
- sha256 = "19szfw76cscrzjldvw30jp3461zl00w4xvw1x9lsmyp86h1g0jp6";
- };
- };
- "rack-test" = {
- version = "0.6.3";
- source = {
- type = "gem";
- sha256 = "0h6x5jq24makgv2fq5qqgjlrk74dxfy62jif9blk43llw8ib2q7z";
- };
- dependencies = [
- "rack"
- ];
- };
- "rails" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "059mpljplmhfz8rr4hk40q67fllcpsy809m4mwwbkm8qwif2z5r0";
- };
- dependencies = [
- "actionmailer"
- "actionpack"
- "actionview"
- "activemodel"
- "activerecord"
- "activesupport"
- "railties"
- "sprockets-rails"
- ];
- };
- "railties" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "1n08h0rgj0aq5lvslnih6lvqz9wadpz6nnb25i4qhp37fhhyz9yz";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "rake"
- "thor"
- ];
- };
- "rake" = {
- version = "10.4.0";
- source = {
- type = "gem";
- sha256 = "0a10xzqc1lh6gjkajkslr0n40wjrniyiyzxkp9m5fc8wf7b74zw8";
- };
- };
- "rest-client" = {
- version = "1.6.7";
- source = {
- type = "gem";
- sha256 = "0nn7zalgidz2yj0iqh3xvzh626krm2al79dfiij19jdhp0rk8853";
- };
- dependencies = [
- "mime-types"
- ];
- };
- "rspec-core" = {
- version = "3.1.7";
- source = {
- type = "gem";
- sha256 = "01bawvln663gffljwzpq3mrpa061cghjbvfbq15jvhmip3csxqc9";
- };
- dependencies = [
- "rspec-support"
- ];
- };
- "rspec-expectations" = {
- version = "3.1.2";
- source = {
- type = "gem";
- sha256 = "0m8d36wng1lpbcs54zhg1rxh63rgj345k3p0h0c06lgknz339nzh";
- };
- dependencies = [
- "diff-lcs"
- "rspec-support"
- ];
- };
- "rspec-mocks" = {
- version = "3.1.3";
- source = {
- type = "gem";
- sha256 = "0gxk5w3klia4zsnp0svxck43xxwwfdqvhr3srv6p30f3m5q6rmzr";
- };
- dependencies = [
- "rspec-support"
- ];
- };
- "rspec-rails" = {
- version = "3.1.0";
- source = {
- type = "gem";
- sha256 = "1b1in3n1dc1bpf9wb3p3b2ynq05iacmr48jxzc73lj4g44ksh3wq";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "railties"
- "rspec-core"
- "rspec-expectations"
- "rspec-mocks"
- "rspec-support"
- ];
- };
- "rspec-support" = {
- version = "3.1.2";
- source = {
- type = "gem";
- sha256 = "14y6v9r9lrh91ry9r79h85v0f3y9ja25w42nv5z9n0bipfcwhprb";
- };
- };
- "safe_yaml" = {
- version = "1.0.4";
- source = {
- type = "gem";
- sha256 = "1hly915584hyi9q9vgd968x2nsi5yag9jyf5kq60lwzi5scr7094";
- };
- };
- "sawyer" = {
- version = "0.5.4";
- source = {
- type = "gem";
- sha256 = "01kl4zpf0gaacnkra5nikrzfpwj8f10hsvgyzm7z2s1mz4iipx2v";
- };
- dependencies = [
- "addressable"
- "faraday"
- ];
- };
- "shoulda-matchers" = {
- version = "2.6.1";
- source = {
- type = "gem";
- sha256 = "1p3jhvd4dsj6d7nbmvnqhqhpmb8pnr05pi7jv9ajwqcys8140mc1";
- };
- dependencies = [
- "activesupport"
- ];
- };
- "simplecov" = {
- version = "0.9.1";
- source = {
- type = "gem";
- sha256 = "06hylxlalaxxldpbaqa54gc52wxdff0fixdvjyzr6i4ygxwzr7yf";
- };
- dependencies = [
- "docile"
- "multi_json"
- "simplecov-html"
- ];
- };
- "simplecov-html" = {
- version = "0.8.0";
- source = {
- type = "gem";
- sha256 = "0jhn3jql73x7hsr00wwv984iyrcg0xhf64s90zaqv2f26blkqfb9";
- };
- };
- "sprockets" = {
- version = "2.12.3";
- source = {
- type = "gem";
- sha256 = "1bn2drr8bc2af359dkfraq0nm0p1pib634kvhwn5lvj3r4vllnn2";
- };
- dependencies = [
- "hike"
- "multi_json"
- "rack"
- "tilt"
- ];
- };
- "sprockets-rails" = {
- version = "2.2.4";
- source = {
- type = "gem";
- sha256 = "172cdg38cqsfgvrncjzj0kziz7kv6b1lx8pccd0blyphs25qf4gc";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "sprockets"
- ];
- };
- "sqlite3" = {
- version = "1.3.9";
- source = {
- type = "gem";
- sha256 = "07m6a6flmyyi0rkg0j7x1a9861zngwjnximfh95cli2zzd57914r";
- };
- };
- "term-ansicolor" = {
- version = "1.3.0";
- source = {
- type = "gem";
- sha256 = "1a2gw7gmpmx57sdpyhjwl0zn4bqp7jyjz7aslpvvphd075layp4b";
- };
- dependencies = [
- "tins"
- ];
- };
- "thor" = {
- version = "0.19.1";
- source = {
- type = "gem";
- sha256 = "08p5gx18yrbnwc6xc0mxvsfaxzgy2y9i78xq7ds0qmdm67q39y4z";
- };
- };
- "thread_safe" = {
- version = "0.3.4";
- source = {
- type = "gem";
- sha256 = "1cil2zcdzqkyr8zrwhlg7gywryg36j4mxlxw0h0x0j0wjym5nc8n";
- };
- };
- "tilt" = {
- version = "1.4.1";
- source = {
- type = "gem";
- sha256 = "00sr3yy7sbqaq7cb2d2kpycajxqf1b1wr1yy33z4bnzmqii0b0ir";
- };
- };
- "tins" = {
- version = "1.3.0";
- source = {
- type = "gem";
- sha256 = "1yxa5kyp9mw4w866wlg7c32ingzqxnzh3ir9yf06pwpkmq3mrbdi";
- };
- };
- "tzinfo" = {
- version = "1.2.2";
- source = {
- type = "gem";
- sha256 = "1c01p3kg6xvy1cgjnzdfq45fggbwish8krd0h864jvbpybyx7cgx";
- };
- dependencies = [
- "thread_safe"
- ];
- };
- "webmock" = {
- version = "1.20.0";
- source = {
- type = "gem";
- sha256 = "0bl5v0xzcj24lx7xpsnywv3liqnqb5lfxysmmfb2fgi0n8586i6m";
- };
- dependencies = [
- "addressable"
- "crack"
- ];
- };
-}
\ No newline at end of file
diff --git a/pkgs/applications/networking/cluster/panamax/ui/Gemfile b/pkgs/applications/networking/cluster/panamax/ui/Gemfile
deleted file mode 100644
index 6f7dc59d04d03586a1d8890ed08ebc664a5ba344..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/ui/Gemfile
+++ /dev/null
@@ -1,31 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'rails', '4.1.7'
-gem 'puma', '2.8.2'
-gem 'sass', '3.3.9'
-gem 'therubyracer', '0.12.1', platforms: :ruby
-gem 'haml', '4.0.5'
-gem 'uglifier', '2.5.1'
-gem 'ctl_base_ui'
-gem 'activeresource', '4.0.0'
-gem 'kramdown', '1.4.0'
-gem 'zeroclipboard-rails'
-
-
-group :test, :development do
- gem 'rspec-rails'
- gem 'its'
- gem 'capybara'
- gem 'teaspoon'
- gem 'phantomjs'
- gem 'dotenv-rails', '0.11.1'
- gem 'pry'
- gem 'pry-byebug'
- gem 'pry-stack_explorer'
-end
-
-group :test do
- gem 'webmock'
- gem 'sinatra', '1.4.5'
- gem 'coveralls', '0.7.0'
-end
diff --git a/pkgs/applications/networking/cluster/panamax/ui/Gemfile.lock b/pkgs/applications/networking/cluster/panamax/ui/Gemfile.lock
deleted file mode 100644
index b273595bbb051f2fe48dd74d18afd20dc532e841..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/ui/Gemfile.lock
+++ /dev/null
@@ -1,226 +0,0 @@
-GEM
- remote: https://rubygems.org/
- specs:
- actionmailer (4.1.7)
- actionpack (= 4.1.7)
- actionview (= 4.1.7)
- mail (~> 2.5, >= 2.5.4)
- actionpack (4.1.7)
- actionview (= 4.1.7)
- activesupport (= 4.1.7)
- rack (~> 1.5.2)
- rack-test (~> 0.6.2)
- actionview (4.1.7)
- activesupport (= 4.1.7)
- builder (~> 3.1)
- erubis (~> 2.7.0)
- activemodel (4.1.7)
- activesupport (= 4.1.7)
- builder (~> 3.1)
- activerecord (4.1.7)
- activemodel (= 4.1.7)
- activesupport (= 4.1.7)
- arel (~> 5.0.0)
- activeresource (4.0.0)
- activemodel (~> 4.0)
- activesupport (~> 4.0)
- rails-observers (~> 0.1.1)
- activesupport (4.1.7)
- i18n (~> 0.6, >= 0.6.9)
- json (~> 1.7, >= 1.7.7)
- minitest (~> 5.1)
- thread_safe (~> 0.1)
- tzinfo (~> 1.1)
- addressable (2.3.6)
- arel (5.0.1.20140414130214)
- binding_of_caller (0.7.2)
- debug_inspector (>= 0.0.1)
- builder (3.2.2)
- byebug (3.5.1)
- columnize (~> 0.8)
- debugger-linecache (~> 1.2)
- slop (~> 3.6)
- capybara (2.4.4)
- mime-types (>= 1.16)
- nokogiri (>= 1.3.3)
- rack (>= 1.0.0)
- rack-test (>= 0.5.4)
- xpath (~> 2.0)
- coderay (1.1.0)
- columnize (0.8.9)
- coveralls (0.7.0)
- multi_json (~> 1.3)
- rest-client
- simplecov (>= 0.7)
- term-ansicolor
- thor
- crack (0.4.2)
- safe_yaml (~> 1.0.0)
- ctl_base_ui (0.0.5)
- haml (~> 4.0)
- jquery-rails (~> 3.1)
- jquery-ui-rails (~> 4.2)
- rails (~> 4.1)
- sass (~> 3.3)
- debug_inspector (0.0.2)
- debugger-linecache (1.2.0)
- diff-lcs (1.2.5)
- docile (1.1.5)
- dotenv (0.11.1)
- dotenv-deployment (~> 0.0.2)
- dotenv-deployment (0.0.2)
- dotenv-rails (0.11.1)
- dotenv (= 0.11.1)
- erubis (2.7.0)
- execjs (2.2.2)
- haml (4.0.5)
- tilt
- hike (1.2.3)
- i18n (0.7.0)
- its (0.2.0)
- rspec-core
- jquery-rails (3.1.2)
- railties (>= 3.0, < 5.0)
- thor (>= 0.14, < 2.0)
- jquery-ui-rails (4.2.1)
- railties (>= 3.2.16)
- json (1.8.2)
- kramdown (1.4.0)
- libv8 (3.16.14.11)
- mail (2.6.3)
- mime-types (>= 1.16, < 3)
- method_source (0.8.2)
- mime-types (2.4.3)
- mini_portile (0.6.1)
- minitest (5.5.1)
- multi_json (1.10.1)
- netrc (0.8.0)
- nokogiri (1.6.5)
- mini_portile (~> 0.6.0)
- phantomjs (1.9.7.1)
- pry (0.10.1)
- coderay (~> 1.1.0)
- method_source (~> 0.8.1)
- slop (~> 3.4)
- pry-byebug (2.0.0)
- byebug (~> 3.4)
- pry (~> 0.10)
- pry-stack_explorer (0.4.9.1)
- binding_of_caller (>= 0.7)
- pry (>= 0.9.11)
- puma (2.8.2)
- rack (>= 1.1, < 2.0)
- rack (1.5.2)
- rack-protection (1.5.3)
- rack
- rack-test (0.6.3)
- rack (>= 1.0)
- rails (4.1.7)
- actionmailer (= 4.1.7)
- actionpack (= 4.1.7)
- actionview (= 4.1.7)
- activemodel (= 4.1.7)
- activerecord (= 4.1.7)
- activesupport (= 4.1.7)
- bundler (>= 1.3.0, < 2.0)
- railties (= 4.1.7)
- sprockets-rails (~> 2.0)
- rails-observers (0.1.2)
- activemodel (~> 4.0)
- railties (4.1.7)
- actionpack (= 4.1.7)
- activesupport (= 4.1.7)
- rake (>= 0.8.7)
- thor (>= 0.18.1, < 2.0)
- rake (10.4.0)
- ref (1.0.5)
- rest-client (1.7.2)
- mime-types (>= 1.16, < 3.0)
- netrc (~> 0.7)
- rspec-core (3.1.7)
- rspec-support (~> 3.1.0)
- rspec-expectations (3.1.2)
- diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.1.0)
- rspec-mocks (3.1.3)
- rspec-support (~> 3.1.0)
- rspec-rails (3.1.0)
- actionpack (>= 3.0)
- activesupport (>= 3.0)
- railties (>= 3.0)
- rspec-core (~> 3.1.0)
- rspec-expectations (~> 3.1.0)
- rspec-mocks (~> 3.1.0)
- rspec-support (~> 3.1.0)
- rspec-support (3.1.2)
- safe_yaml (1.0.4)
- sass (3.3.9)
- simplecov (0.9.1)
- docile (~> 1.1.0)
- multi_json (~> 1.0)
- simplecov-html (~> 0.8.0)
- simplecov-html (0.8.0)
- sinatra (1.4.5)
- rack (~> 1.4)
- rack-protection (~> 1.4)
- tilt (~> 1.3, >= 1.3.4)
- slop (3.6.0)
- sprockets (2.12.3)
- hike (~> 1.2)
- multi_json (~> 1.0)
- rack (~> 1.0)
- tilt (~> 1.1, != 1.3.0)
- sprockets-rails (2.2.4)
- actionpack (>= 3.0)
- activesupport (>= 3.0)
- sprockets (>= 2.8, < 4.0)
- teaspoon (0.8.0)
- railties (>= 3.2.5, < 5)
- term-ansicolor (1.3.0)
- tins (~> 1.0)
- therubyracer (0.12.1)
- libv8 (~> 3.16.14.0)
- ref
- thor (0.19.1)
- thread_safe (0.3.4)
- tilt (1.4.1)
- tins (1.3.3)
- tzinfo (1.2.2)
- thread_safe (~> 0.1)
- uglifier (2.5.1)
- execjs (>= 0.3.0)
- json (>= 1.8.0)
- webmock (1.20.4)
- addressable (>= 2.3.6)
- crack (>= 0.3.2)
- xpath (2.0.0)
- nokogiri (~> 1.3)
- zeroclipboard-rails (0.1.0)
- railties (>= 3.1)
-
-PLATFORMS
- ruby
-
-DEPENDENCIES
- activeresource (= 4.0.0)
- capybara
- coveralls (= 0.7.0)
- ctl_base_ui
- dotenv-rails (= 0.11.1)
- haml (= 4.0.5)
- its
- kramdown (= 1.4.0)
- phantomjs
- pry
- pry-byebug
- pry-stack_explorer
- puma (= 2.8.2)
- rails (= 4.1.7)
- rspec-rails
- sass (= 3.3.9)
- sinatra (= 1.4.5)
- teaspoon
- therubyracer (= 0.12.1)
- uglifier (= 2.5.1)
- webmock
- zeroclipboard-rails
diff --git a/pkgs/applications/networking/cluster/panamax/ui/default.nix b/pkgs/applications/networking/cluster/panamax/ui/default.nix
deleted file mode 100644
index 2f60942f014babdda2440c494609a2e0555dffbe..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/ui/default.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ stdenv, fetchgit, fetchurl, makeWrapper, bundlerEnv, bundler
-, ruby, openssl, sqlite, dataDir ? "/var/lib/panamax-ui"}@args:
-
-with stdenv.lib;
-
-stdenv.mkDerivation rec {
- name = "panamax-ui-${version}";
- version = "0.2.14";
-
- env = bundlerEnv {
- name = "panamax-ui-gems-${version}";
- inherit ruby;
- gemdir = ./.;
- };
-
- bundler = args.bundler.override { inherit ruby; };
-
- src = fetchgit {
- rev = "refs/tags/v${version}";
- url = "git://github.com/CenturyLinkLabs/panamax-ui";
- sha256 = "01k0h0rjqp5arvwxm2xpfxjsag5qw0qqlg7hx4v8f6jsyc4wmjfl";
- };
-
- buildInputs = [ makeWrapper env.ruby openssl sqlite bundler ];
-
- setSourceRoot = ''
- mkdir -p $out/share
- cp -R panamax-ui $out/share/panamax-ui
- export sourceRoot="$out/share/panamax-ui"
- '';
-
- postPatch = ''
- find . -type f -iname "*.haml" -exec sed -e 's|CoreOS Journal|NixOS Journal|g' -i "{}" \;
- find . -type f -iname "*.haml" -exec sed -e 's|CoreOS Local|NixOS Local|g' -i "{}" \;
- find . -type f -iname "*.haml" -exec sed -e 's|CoreOS Host|NixOS Host|g' -i "{}" \;
- sed -e 's|CoreOS Local|NixOS Local|g' -i "spec/features/manage_application_spec.rb"
- # fix libv8 dependency
- substituteInPlace Gemfile.lock --replace "3.16.14.7" "3.16.14.11"
- '';
-
- configurePhase = ''
- export HOME=$PWD
- export GEM_HOME=${env}/${env.ruby.gemPath}
- '';
-
- buildPhase = ''
- rm -f ./bin/*
- bundle exec rake rails:update:bin
- '';
-
- installPhase = ''
- rm -rf log tmp db
- ln -sf ${dataDir}/{db,state/log,state/tmp} .
-
- mkdir -p $out/bin
- makeWrapper bin/bundle "$out/bin/bundle" \
- --run "cd $out/share/panamax-ui" \
- --prefix "PATH" : "$out/share/panamax-ui/bin:${env.ruby}/bin:$PATH" \
- --prefix "HOME" : "$out/share/panamax-ui" \
- --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
- --prefix "GEM_PATH" : "$out/share/panamax-ui:${bundler}/${env.ruby.gemPath}"
- '';
-
- meta = with stdenv.lib; {
- broken = true; # needs ruby 2.1
- homepage = https://github.com/CenturyLinkLabs/panamax-ui;
- description = "The Web GUI for Panamax";
- license = licenses.asl20;
- maintainers = with maintainers; [ matejc offline ];
- platforms = platforms.linux;
- };
-}
diff --git a/pkgs/applications/networking/cluster/panamax/ui/gemset.nix b/pkgs/applications/networking/cluster/panamax/ui/gemset.nix
deleted file mode 100644
index b41b482edb73c12331222bae51f1914ee4f97c8a..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/cluster/panamax/ui/gemset.nix
+++ /dev/null
@@ -1,789 +0,0 @@
-{
- "actionmailer" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0qjv5akjbpgd4cx518k522mssvc3y3nki65hi6fj5nbzi7a6rwq5";
- };
- dependencies = [
- "actionpack"
- "actionview"
- "mail"
- ];
- };
- "actionpack" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "07y1ny00h69xklq260smyl5md052f617gqrzkyw5sxafs5z25zax";
- };
- dependencies = [
- "actionview"
- "activesupport"
- "rack"
- "rack-test"
- ];
- };
- "actionview" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "06sp37gfpn2jn7j6vlpp1y6vfi5kig60vyvixrjhyz0g4vgm13ax";
- };
- dependencies = [
- "activesupport"
- "builder"
- "erubis"
- ];
- };
- "activemodel" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0rlqzz25l7vsphgkilg80kmk20d9h357awi27ax6zzb9klkqh0jr";
- };
- dependencies = [
- "activesupport"
- "builder"
- ];
- };
- "activerecord" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "0j4r0m32mjbwmz9gs8brln35jzr1cn7h585ggj0w0f1ai4hjsby5";
- };
- dependencies = [
- "activemodel"
- "activesupport"
- "arel"
- ];
- };
- "activeresource" = {
- version = "4.0.0";
- source = {
- type = "gem";
- sha256 = "0fc5igjijyjzsl9q5kybkdzhc92zv8wsv0ifb0y90i632jx6d4jq";
- };
- dependencies = [
- "activemodel"
- "activesupport"
- "rails-observers"
- ];
- };
- "activesupport" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "13i3mz66d5kp5y39gjwmcfqv0wb6mxm5k1nnz40wvd38dsf7n3bs";
- };
- dependencies = [
- "i18n"
- "json"
- "minitest"
- "thread_safe"
- "tzinfo"
- ];
- };
- "addressable" = {
- version = "2.3.6";
- source = {
- type = "gem";
- sha256 = "137fj0whmn1kvaq8wjalp8x4qbblwzvg3g4bfx8d8lfi6f0w48p8";
- };
- };
- "arel" = {
- version = "5.0.1.20140414130214";
- source = {
- type = "gem";
- sha256 = "0dhnc20h1v8ml3nmkxq92rr7qxxpk6ixhwvwhgl2dbw9mmxz0hf9";
- };
- };
- "binding_of_caller" = {
- version = "0.7.2";
- source = {
- type = "gem";
- sha256 = "15jg6dkaq2nzcd602d7ppqbdxw3aji961942w93crs6qw4n6h9yk";
- };
- dependencies = [
- "debug_inspector"
- ];
- };
- "builder" = {
- version = "3.2.2";
- source = {
- type = "gem";
- sha256 = "14fii7ab8qszrvsvhz6z2z3i4dw0h41a62fjr2h1j8m41vbrmyv2";
- };
- };
- "byebug" = {
- version = "3.5.1";
- source = {
- type = "gem";
- sha256 = "0ldc2r0b316rrn2fgdgiznskj9gb0q9n60243laq7nqw9na8wdan";
- };
- dependencies = [
- "columnize"
- "debugger-linecache"
- "slop"
- ];
- };
- "capybara" = {
- version = "2.4.4";
- source = {
- type = "gem";
- sha256 = "114k4xi4nfbp3jfbxgwa3fksbwsyibx74gbdqpcgg3dxpmzkaa4f";
- };
- dependencies = [
- "mime-types"
- "nokogiri"
- "rack"
- "rack-test"
- "xpath"
- ];
- };
- "coderay" = {
- version = "1.1.0";
- source = {
- type = "gem";
- sha256 = "059wkzlap2jlkhg460pkwc1ay4v4clsmg1bp4vfzjzkgwdckr52s";
- };
- };
- "columnize" = {
- version = "0.8.9";
- source = {
- type = "gem";
- sha256 = "1f3azq8pvdaaclljanwhab78hdw40k908ma2cwk59qzj4hvf7mip";
- };
- };
- "coveralls" = {
- version = "0.7.0";
- source = {
- type = "gem";
- sha256 = "0sz30d7b83qqsj3i0fr691w05d62wj7x3afh0ryjkqkis3fq94j4";
- };
- dependencies = [
- "multi_json"
- "rest-client"
- "simplecov"
- "term-ansicolor"
- "thor"
- ];
- };
- "crack" = {
- version = "0.4.2";
- source = {
- type = "gem";
- sha256 = "1il94m92sz32nw5i6hdq14f1a2c3s9hza9zn6l95fvqhabq38k7a";
- };
- dependencies = [
- "safe_yaml"
- ];
- };
- "ctl_base_ui" = {
- version = "0.0.5";
- source = {
- type = "gem";
- sha256 = "1pji85xmddgld5lqx52zxi5r2kx6rsjwkqlr26bp62xb29r10x57";
- };
- dependencies = [
- "haml"
- "jquery-rails"
- "jquery-ui-rails"
- "rails"
- "sass"
- ];
- };
- "debug_inspector" = {
- version = "0.0.2";
- source = {
- type = "gem";
- sha256 = "109761g00dbrw5q0dfnbqg8blfm699z4jj70l4zrgf9mzn7ii50m";
- };
- };
- "debugger-linecache" = {
- version = "1.2.0";
- source = {
- type = "gem";
- sha256 = "0iwyx190fd5vfwj1gzr8pg3m374kqqix4g4fc4qw29sp54d3fpdz";
- };
- };
- "diff-lcs" = {
- version = "1.2.5";
- source = {
- type = "gem";
- sha256 = "1vf9civd41bnqi6brr5d9jifdw73j9khc6fkhfl1f8r9cpkdvlx1";
- };
- };
- "docile" = {
- version = "1.1.5";
- source = {
- type = "gem";
- sha256 = "0m8j31whq7bm5ljgmsrlfkiqvacrw6iz9wq10r3gwrv5785y8gjx";
- };
- };
- "dotenv" = {
- version = "0.11.1";
- source = {
- type = "gem";
- sha256 = "09z0y0d6bks7i0sqvd8szfqj9i1kkj01anzly7shi83b3gxhrq9m";
- };
- dependencies = [
- "dotenv-deployment"
- ];
- };
- "dotenv-deployment" = {
- version = "0.0.2";
- source = {
- type = "gem";
- sha256 = "1ad66jq9a09qq1js8wsyil97018s7y6x0vzji0dy34gh65sbjz8c";
- };
- };
- "dotenv-rails" = {
- version = "0.11.1";
- source = {
- type = "gem";
- sha256 = "0r6hif0i1lipbi7mkxx7wa5clsn65n6wyd9jry262cx396lsfrqy";
- };
- dependencies = [
- "dotenv"
- ];
- };
- "erubis" = {
- version = "2.7.0";
- source = {
- type = "gem";
- sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3";
- };
- };
- "execjs" = {
- version = "2.2.2";
- source = {
- type = "gem";
- sha256 = "05m41mnxn4b2p133qzbz5cy9cc5rn57aa0pp2943hxmzbk379z1f";
- };
- };
- "haml" = {
- version = "4.0.5";
- source = {
- type = "gem";
- sha256 = "1xmzb0k5q271090crzmv7dbw8ss4289bzxklrc0fhw6pw3kcvc85";
- };
- dependencies = [
- "tilt"
- ];
- };
- "hike" = {
- version = "1.2.3";
- source = {
- type = "gem";
- sha256 = "0i6c9hrszzg3gn2j41v3ijnwcm8cc2931fnjiv6mnpl4jcjjykhm";
- };
- };
- "i18n" = {
- version = "0.7.0";
- source = {
- type = "gem";
- sha256 = "1i5z1ykl8zhszsxcs8mzl8d0dxgs3ylz8qlzrw74jb0gplkx6758";
- };
- };
- "its" = {
- version = "0.2.0";
- source = {
- type = "gem";
- sha256 = "0rxwds9ipqp48mzqcaxzmfcqhawazg0zlhc1avv3i2cmm3np1z8g";
- };
- dependencies = [
- "rspec-core"
- ];
- };
- "jquery-rails" = {
- version = "3.1.2";
- source = {
- type = "gem";
- sha256 = "0h5a565i3l2mbd221m6mz9d1nr53pz19i9qxv08qr1dv0yx2pr3y";
- };
- dependencies = [
- "railties"
- "thor"
- ];
- };
- "jquery-ui-rails" = {
- version = "4.2.1";
- source = {
- type = "gem";
- sha256 = "1garrnqwh35acj2pp4sp6fpm2g881h23y644lzbic2qmcrq9wd2v";
- };
- dependencies = [
- "railties"
- ];
- };
- "json" = {
- version = "1.8.2";
- source = {
- type = "gem";
- sha256 = "0zzvv25vjikavd3b1bp6lvbgj23vv9jvmnl4vpim8pv30z8p6vr5";
- };
- };
- "kramdown" = {
- version = "1.4.0";
- source = {
- type = "gem";
- sha256 = "001vy0ymiwbvkdbb9wpqmswv6imliv7xim00gq6rlk0chnbiaq80";
- };
- };
- libv8 = {
- version = "3.16.14.11";
- source = {
- type = "gem";
- sha256 = "000vbiy78wk5r1f6p7qncab8ldg7qw5pjz7bchn3lw700gpaacxp";
- };
- };
- "mail" = {
- version = "2.6.3";
- source = {
- type = "gem";
- sha256 = "1nbg60h3cpnys45h7zydxwrl200p7ksvmrbxnwwbpaaf9vnf3znp";
- };
- dependencies = [
- "mime-types"
- ];
- };
- "method_source" = {
- version = "0.8.2";
- source = {
- type = "gem";
- sha256 = "1g5i4w0dmlhzd18dijlqw5gk27bv6dj2kziqzrzb7mpgxgsd1sf2";
- };
- };
- "mime-types" = {
- version = "2.4.3";
- source = {
- type = "gem";
- sha256 = "16nissnb31wj7kpcaynx4gr67i7pbkzccfg8k7xmplbkla4rmwiq";
- };
- };
- "mini_portile" = {
- version = "0.6.1";
- source = {
- type = "gem";
- sha256 = "07gah4k84sar9d850v9gip9b323pw74vwwndh3bbzxpw5iiwsd3l";
- };
- };
- "minitest" = {
- version = "5.5.1";
- source = {
- type = "gem";
- sha256 = "1h8jn0rgmwy37jnhfcg55iilw0n370vgp8xnh0g5laa8rhv32fyn";
- };
- };
- "multi_json" = {
- version = "1.10.1";
- source = {
- type = "gem";
- sha256 = "1ll21dz01jjiplr846n1c8yzb45kj5hcixgb72rz0zg8fyc9g61c";
- };
- };
- "netrc" = {
- version = "0.8.0";
- source = {
- type = "gem";
- sha256 = "1j4jbdvd19kq34xiqx1yqb4wmcywyrlaky8hrh09c1hz3c0v5dkb";
- };
- };
- "nokogiri" = {
- version = "1.6.5";
- source = {
- type = "gem";
- sha256 = "1xmxz6fa0m4p7c7ngpgz6gjgv65lzz63dsf0b6vh7gs2fkiw8j7l";
- };
- dependencies = [
- "mini_portile"
- ];
- };
- "phantomjs" = {
- version = "1.9.7.1";
- source = {
- type = "gem";
- sha256 = "14as0yzwbzvshbp1f8igjxcdxc5vbjgh0jhdvy393il084inlrl7";
- };
- };
- "pry" = {
- version = "0.10.1";
- source = {
- type = "gem";
- sha256 = "1j0r5fm0wvdwzbh6d6apnp7c0n150hpm9zxpm5xvcgfqr36jaj8z";
- };
- dependencies = [
- "coderay"
- "method_source"
- "slop"
- ];
- };
- "pry-byebug" = {
- version = "2.0.0";
- source = {
- type = "gem";
- sha256 = "17b6720ci9345wkzj369ydyj6hdlg2krd26zivpd4dvaijszzgzq";
- };
- dependencies = [
- "byebug"
- "pry"
- ];
- };
- "pry-stack_explorer" = {
- version = "0.4.9.1";
- source = {
- type = "gem";
- sha256 = "1828jqcfdr9nk86n15ky199vf33cfz51wkpv6kx230g0dsh9r85z";
- };
- dependencies = [
- "binding_of_caller"
- "pry"
- ];
- };
- "puma" = {
- version = "2.8.2";
- source = {
- type = "gem";
- sha256 = "1l57fmf8vyxfjv7ab5znq0k339cym5ghnm5xxfvd1simjp73db0k";
- };
- dependencies = [
- "rack"
- ];
- };
- "rack" = {
- version = "1.5.2";
- source = {
- type = "gem";
- sha256 = "19szfw76cscrzjldvw30jp3461zl00w4xvw1x9lsmyp86h1g0jp6";
- };
- };
- "rack-protection" = {
- version = "1.5.3";
- source = {
- type = "gem";
- sha256 = "0cvb21zz7p9wy23wdav63z5qzfn4nialik22yqp6gihkgfqqrh5r";
- };
- dependencies = [
- "rack"
- ];
- };
- "rack-test" = {
- version = "0.6.3";
- source = {
- type = "gem";
- sha256 = "0h6x5jq24makgv2fq5qqgjlrk74dxfy62jif9blk43llw8ib2q7z";
- };
- dependencies = [
- "rack"
- ];
- };
- "rails" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "059mpljplmhfz8rr4hk40q67fllcpsy809m4mwwbkm8qwif2z5r0";
- };
- dependencies = [
- "actionmailer"
- "actionpack"
- "actionview"
- "activemodel"
- "activerecord"
- "activesupport"
- "railties"
- "sprockets-rails"
- ];
- };
- "rails-observers" = {
- version = "0.1.2";
- source = {
- type = "gem";
- sha256 = "1lsw19jzmvipvrfy2z04hi7r29dvkfc43h43vs67x6lsj9rxwwcy";
- };
- dependencies = [
- "activemodel"
- ];
- };
- "railties" = {
- version = "4.1.7";
- source = {
- type = "gem";
- sha256 = "1n08h0rgj0aq5lvslnih6lvqz9wadpz6nnb25i4qhp37fhhyz9yz";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "rake"
- "thor"
- ];
- };
- "rake" = {
- version = "10.4.0";
- source = {
- type = "gem";
- sha256 = "0a10xzqc1lh6gjkajkslr0n40wjrniyiyzxkp9m5fc8wf7b74zw8";
- };
- };
- "ref" = {
- version = "1.0.5";
- source = {
- type = "gem";
- sha256 = "19qgpsfszwc2sfh6wixgky5agn831qq8ap854i1jqqhy1zsci3la";
- };
- };
- "rest-client" = {
- version = "1.7.2";
- source = {
- type = "gem";
- sha256 = "0h8c0prfi2v5p8iim3wm60xc4yripc13nqwq601bfl85k4gf25i0";
- };
- dependencies = [
- "mime-types"
- "netrc"
- ];
- };
- "rspec-core" = {
- version = "3.1.7";
- source = {
- type = "gem";
- sha256 = "01bawvln663gffljwzpq3mrpa061cghjbvfbq15jvhmip3csxqc9";
- };
- dependencies = [
- "rspec-support"
- ];
- };
- "rspec-expectations" = {
- version = "3.1.2";
- source = {
- type = "gem";
- sha256 = "0m8d36wng1lpbcs54zhg1rxh63rgj345k3p0h0c06lgknz339nzh";
- };
- dependencies = [
- "diff-lcs"
- "rspec-support"
- ];
- };
- "rspec-mocks" = {
- version = "3.1.3";
- source = {
- type = "gem";
- sha256 = "0gxk5w3klia4zsnp0svxck43xxwwfdqvhr3srv6p30f3m5q6rmzr";
- };
- dependencies = [
- "rspec-support"
- ];
- };
- "rspec-rails" = {
- version = "3.1.0";
- source = {
- type = "gem";
- sha256 = "1b1in3n1dc1bpf9wb3p3b2ynq05iacmr48jxzc73lj4g44ksh3wq";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "railties"
- "rspec-core"
- "rspec-expectations"
- "rspec-mocks"
- "rspec-support"
- ];
- };
- "rspec-support" = {
- version = "3.1.2";
- source = {
- type = "gem";
- sha256 = "14y6v9r9lrh91ry9r79h85v0f3y9ja25w42nv5z9n0bipfcwhprb";
- };
- };
- "safe_yaml" = {
- version = "1.0.4";
- source = {
- type = "gem";
- sha256 = "1hly915584hyi9q9vgd968x2nsi5yag9jyf5kq60lwzi5scr7094";
- };
- };
- "sass" = {
- version = "3.3.9";
- source = {
- type = "gem";
- sha256 = "0k19vj73283i907z4wfkc9qdska2b19z7ps6lcr5s4qzwis1zkmz";
- };
- };
- "simplecov" = {
- version = "0.9.1";
- source = {
- type = "gem";
- sha256 = "06hylxlalaxxldpbaqa54gc52wxdff0fixdvjyzr6i4ygxwzr7yf";
- };
- dependencies = [
- "docile"
- "multi_json"
- "simplecov-html"
- ];
- };
- "simplecov-html" = {
- version = "0.8.0";
- source = {
- type = "gem";
- sha256 = "0jhn3jql73x7hsr00wwv984iyrcg0xhf64s90zaqv2f26blkqfb9";
- };
- };
- "sinatra" = {
- version = "1.4.5";
- source = {
- type = "gem";
- sha256 = "0qyna3wzlnvsz69d21lxcm3ixq7db08mi08l0a88011qi4qq701s";
- };
- dependencies = [
- "rack"
- "rack-protection"
- "tilt"
- ];
- };
- "slop" = {
- version = "3.6.0";
- source = {
- type = "gem";
- sha256 = "00w8g3j7k7kl8ri2cf1m58ckxk8rn350gp4chfscmgv6pq1spk3n";
- };
- };
- "sprockets" = {
- version = "2.12.3";
- source = {
- type = "gem";
- sha256 = "1bn2drr8bc2af359dkfraq0nm0p1pib634kvhwn5lvj3r4vllnn2";
- };
- dependencies = [
- "hike"
- "multi_json"
- "rack"
- "tilt"
- ];
- };
- "sprockets-rails" = {
- version = "2.2.4";
- source = {
- type = "gem";
- sha256 = "172cdg38cqsfgvrncjzj0kziz7kv6b1lx8pccd0blyphs25qf4gc";
- };
- dependencies = [
- "actionpack"
- "activesupport"
- "sprockets"
- ];
- };
- "teaspoon" = {
- version = "0.8.0";
- source = {
- type = "gem";
- sha256 = "1j3brbm9cv5km9d9wzb6q2b3cvc6m254z48h7h77z1w6c5wr0p3z";
- };
- dependencies = [
- "railties"
- ];
- };
- "term-ansicolor" = {
- version = "1.3.0";
- source = {
- type = "gem";
- sha256 = "1a2gw7gmpmx57sdpyhjwl0zn4bqp7jyjz7aslpvvphd075layp4b";
- };
- dependencies = [
- "tins"
- ];
- };
- "therubyracer" = {
- version = "0.12.1";
- source = {
- type = "gem";
- sha256 = "106fqimqyaalh7p6czbl5m2j69z8gv7cm10mjb8bbb2p2vlmqmi6";
- };
- dependencies = [
- "libv8"
- "ref"
- ];
- };
- "thor" = {
- version = "0.19.1";
- source = {
- type = "gem";
- sha256 = "08p5gx18yrbnwc6xc0mxvsfaxzgy2y9i78xq7ds0qmdm67q39y4z";
- };
- };
- "thread_safe" = {
- version = "0.3.4";
- source = {
- type = "gem";
- sha256 = "1cil2zcdzqkyr8zrwhlg7gywryg36j4mxlxw0h0x0j0wjym5nc8n";
- };
- };
- "tilt" = {
- version = "1.4.1";
- source = {
- type = "gem";
- sha256 = "00sr3yy7sbqaq7cb2d2kpycajxqf1b1wr1yy33z4bnzmqii0b0ir";
- };
- };
- "tins" = {
- version = "1.3.3";
- source = {
- type = "gem";
- sha256 = "14jnsg15wakdk1ljh2iv9yvzk8nb7gpzd2zw4yvjikmffqjyqvna";
- };
- };
- "tzinfo" = {
- version = "1.2.2";
- source = {
- type = "gem";
- sha256 = "1c01p3kg6xvy1cgjnzdfq45fggbwish8krd0h864jvbpybyx7cgx";
- };
- dependencies = [
- "thread_safe"
- ];
- };
- "uglifier" = {
- version = "2.5.1";
- source = {
- type = "gem";
- sha256 = "1vihq309mzv9a2i0s8v4imrn1g2kj8z0vr88q3i5b657c4kxzfp0";
- };
- dependencies = [
- "execjs"
- "json"
- ];
- };
- "webmock" = {
- version = "1.20.4";
- source = {
- type = "gem";
- sha256 = "01cz13ybxbbvkpl21bcfv0p9ir8m2zcplx93ps01ma54p25z4mxr";
- };
- dependencies = [
- "addressable"
- "crack"
- ];
- };
- "xpath" = {
- version = "2.0.0";
- source = {
- type = "gem";
- sha256 = "04kcr127l34p7221z13blyl0dvh0bmxwx326j72idayri36a394w";
- };
- dependencies = [
- "nokogiri"
- ];
- };
- "zeroclipboard-rails" = {
- version = "0.1.0";
- source = {
- type = "gem";
- sha256 = "00ixal0a0mxaqsyzp06c6zz4qdwqydy1qv4n7hbyqfhbmsdalcfc";
- };
- dependencies = [
- "railties"
- ];
- };
-}
diff --git a/pkgs/applications/networking/cluster/terraform-provider-ibm/default.nix b/pkgs/applications/networking/cluster/terraform-provider-ibm/default.nix
index 9764e029d27797924c97701b2ea1778a2507e8a9..304df0947acfcc486da642f525f4d0d559ff62fa 100644
--- a/pkgs/applications/networking/cluster/terraform-provider-ibm/default.nix
+++ b/pkgs/applications/networking/cluster/terraform-provider-ibm/default.nix
@@ -12,7 +12,7 @@
buildGoPackage rec {
name = "terraform-provider-ibm-${version}";
- version = "0.8.0";
+ version = "0.9.1";
goPackagePath = "github.com/terraform-providers/terraform-provider-ibm";
subPackages = [ "./" ];
@@ -20,7 +20,7 @@ buildGoPackage rec {
src = fetchFromGitHub {
owner = "IBM-Cloud";
repo = "terraform-provider-ibm";
- sha256 = "1jc1g2jadh02z4lfqnvgqk5cqrzk8pnn3cj3cwsm3ksa8pccf6w4";
+ sha256 = "1j8v7r5lsvrg1afdbwxi8vq665qr47a9pddqgmpkirh99pzixgr6";
rev = "v${version}";
};
diff --git a/pkgs/applications/networking/cluster/terraform/providers/update-all b/pkgs/applications/networking/cluster/terraform/providers/update-all
index 16eb6004e3eef324f19745f512cfc9f036f3c8f6..24695066fa28e0a4a3a905df63cf6714a0f2ba0f 100755
--- a/pkgs/applications/networking/cluster/terraform/providers/update-all
+++ b/pkgs/applications/networking/cluster/terraform/providers/update-all
@@ -58,7 +58,7 @@ cd "$(dirname "$0")"
if [[ -z "${GITHUB_AUTH:-}" ]]; then
cat <<'HELP'
-Missing the GITHUB_AUTH env. Thi is required to work around the 60 request
+Missing the GITHUB_AUTH env. This is required to work around the 60 request
per hour rate-limit.
Go to https://github.com/settings/tokens and create a new token with the
diff --git a/pkgs/applications/networking/ids/snort/default.nix b/pkgs/applications/networking/ids/snort/default.nix
index e3a917a12eb37dd8cfe15c24d2412aeec4bea567..ff19a62ef30614ac4ed97e284258cdcac11b13a4 100644
--- a/pkgs/applications/networking/ids/snort/default.nix
+++ b/pkgs/applications/networking/ids/snort/default.nix
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
meta = {
description = "Network intrusion prevention and detection system (IDS/IPS)";
- homepage = http://www.snort.org;
+ homepage = https://www.snort.org;
maintainers = with stdenv.lib.maintainers; [ aycanirican ];
license = stdenv.lib.licenses.gpl2;
platforms = with stdenv.lib.platforms; linux;
diff --git a/pkgs/applications/networking/ike/default.nix b/pkgs/applications/networking/ike/default.nix
index a5c21e28c3d6b6f6fb234e85b6560f851039a341..7953f35507d1c074e987a932ecd4e4411792cc60 100644
--- a/pkgs/applications/networking/ike/default.nix
+++ b/pkgs/applications/networking/ike/default.nix
@@ -1,8 +1,6 @@
{ stdenv, fetchurl, cmake, openssl, libedit, flex, bison, qt4, makeWrapper
, gcc, nettools, iproute, linuxHeaders }:
-assert stdenv.isLinux;
-
# NOTE: use $out/etc/iked.conf as sample configuration and also set: dhcp_file "/etc/iked.dhcp";
# launch with "iked -f /etc/iked.conf"
diff --git a/pkgs/applications/networking/instant-messengers/baresip/default.nix b/pkgs/applications/networking/instant-messengers/baresip/default.nix
index 538e9a3786be15689bf4cbe327538e2a03f00fb5..eff33643ebcfa4b17c6663b578c0688b62d200a6 100644
--- a/pkgs/applications/networking/instant-messengers/baresip/default.nix
+++ b/pkgs/applications/networking/instant-messengers/baresip/default.nix
@@ -1,6 +1,5 @@
-{stdenv, fetchurl, zlib, openssl, libre, librem, pkgconfig
-, cairo, mpg123, gstreamer, gst-ffmpeg, gst-plugins-base, gst-plugins-bad
-, gst-plugins-good, alsaLib, SDL, libv4l, celt, libsndfile, srtp, ffmpeg
+{stdenv, fetchurl, zlib, openssl, libre, librem, pkgconfig, gst_all_1
+, cairo, mpg123, alsaLib, SDL, libv4l, celt, libsndfile, srtp, ffmpeg
, gsm, speex, portaudio, spandsp, libuuid, ccache, libvpx
}:
stdenv.mkDerivation rec {
@@ -11,11 +10,10 @@ stdenv.mkDerivation rec {
sha256 = "02bf4fwirf3b7h3cr1jqm0xsjzza4fi9kg88424js2l0xywwzpgf";
};
nativeBuildInputs = [ pkgconfig ];
- buildInputs = [zlib openssl libre librem
- cairo mpg123 gstreamer gst-ffmpeg gst-plugins-base gst-plugins-bad gst-plugins-good
+ buildInputs = [zlib openssl libre librem cairo mpg123
alsaLib SDL libv4l celt libsndfile srtp ffmpeg gsm speex portaudio spandsp libuuid
ccache libvpx
- ];
+ ] ++ (with gst_all_1; [ gstreamer gst-libav gst-plugins-base gst-plugins-bad gst-plugins-good ]);
makeFlags = [
"LIBRE_MK=${libre}/share/re/re.mk"
"LIBRE_INC=${libre}/include/re"
@@ -26,7 +24,7 @@ stdenv.mkDerivation rec {
"CCACHE_DISABLE=1"
"USE_ALSA=1" "USE_AMR=1" "USE_CAIRO=1" "USE_CELT=1"
- "USE_CONS=1" "USE_EVDEV=1" "USE_FFMPEG=1" "USE_GSM=1" "USE_GST=1"
+ "USE_CONS=1" "USE_EVDEV=1" "USE_FFMPEG=1" "USE_GSM=1" "USE_GST1=1"
"USE_L16=1" "USE_MPG123=1" "USE_OSS=1" "USE_PLC=1" "USE_VPX=1"
"USE_PORTAUDIO=1" "USE_SDL=1" "USE_SNDFILE=1" "USE_SPEEX=1"
"USE_SPEEX_AEC=1" "USE_SPEEX_PP=1" "USE_SPEEX_RESAMP=1" "USE_SRTP=1"
diff --git a/pkgs/applications/networking/instant-messengers/bitlbee/default.nix b/pkgs/applications/networking/instant-messengers/bitlbee/default.nix
index fa1c64ba0ad75cd85fec3b4db1a09a6e8acac84e..fa3c66e67b61246f3a1424b38f9f7eaefaa05a7a 100644
--- a/pkgs/applications/networking/instant-messengers/bitlbee/default.nix
+++ b/pkgs/applications/networking/instant-messengers/bitlbee/default.nix
@@ -50,6 +50,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl2Plus;
maintainers = with maintainers; [ wkennington pSub ];
- platforms = platforms.gnu; # arbitrary choice
+ platforms = platforms.gnu ++ platforms.linux; # arbitrary choice
};
}
diff --git a/pkgs/applications/networking/instant-messengers/discord/default.nix b/pkgs/applications/networking/instant-messengers/discord/default.nix
index 76d68880263657211ae2340841d3cf50e2d3000a..6801edb9767c034c227f0471725fb6b4780503ce 100644
--- a/pkgs/applications/networking/instant-messengers/discord/default.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/default.nix
@@ -7,12 +7,12 @@
stdenv.mkDerivation rec {
pname = "discord";
- version = "0.0.4";
+ version = "0.0.5";
name = "${pname}-${version}";
src = fetchurl {
url = "https://cdn.discordapp.com/apps/linux/${version}/${pname}-${version}.tar.gz";
- sha256 = "1alw9rkv1vv0s1w33hd9ab1cgj7iqd7ad9kvn1d55gyki28f8qlb";
+ sha256 = "067gb72qsxrzfma04njkbqbmsvwnnyhw4k9igg5769jkxay68i1g";
};
nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/applications/networking/instant-messengers/franz/default.nix b/pkgs/applications/networking/instant-messengers/franz/default.nix
index c2e6528e637ee832f76f5465253be908f7e46468..95e01e586ec2ada87e9715fc9e2ec8d7c1e0972b 100644
--- a/pkgs/applications/networking/instant-messengers/franz/default.nix
+++ b/pkgs/applications/networking/instant-messengers/franz/default.nix
@@ -66,7 +66,7 @@ in stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "A free messaging app that combines chat & messaging services into one application";
- homepage = http://meetfranz.com;
+ homepage = https://meetfranz.com;
license = licenses.free;
maintainers = [ maintainers.gnidorah ];
platforms = ["i686-linux" "x86_64-linux"];
diff --git a/pkgs/applications/networking/instant-messengers/gajim/default.nix b/pkgs/applications/networking/instant-messengers/gajim/default.nix
index 3fd8b932283ec7e9f0796d7c99bfe47f415d395d..a1c81f3f00206abda3b9f2758c3c0177f21428e2 100644
--- a/pkgs/applications/networking/instant-messengers/gajim/default.nix
+++ b/pkgs/applications/networking/instant-messengers/gajim/default.nix
@@ -17,11 +17,11 @@ with lib;
buildPythonApplication rec {
name = "gajim-${version}";
majorVersion = "1.0";
- version = "${majorVersion}.1";
+ version = "${majorVersion}.2";
src = fetchurl {
url = "https://gajim.org/downloads/${majorVersion}/gajim-${version}.tar.bz2";
- sha256 = "16ynws10vhx6rhjjjmzw6iyb3hc19823xhx4gsb14hrc7l8vzd1c";
+ sha256 = "0wyyy3wrk7ka5xrsbafnajzf7iacg8vg3hi16pl4c5p104hdhjdw";
};
postPatch = ''
diff --git a/pkgs/applications/networking/instant-messengers/jitsi/default.nix b/pkgs/applications/networking/instant-messengers/jitsi/default.nix
index 1d03c2f47c89a212792a1b9f6c4fcf8c165251c3..681a8119ac033e112ea9bab3256cb223e80473e3 100644
--- a/pkgs/applications/networking/instant-messengers/jitsi/default.nix
+++ b/pkgs/applications/networking/instant-messengers/jitsi/default.nix
@@ -3,8 +3,6 @@
, alsaLib, dbus_libs, gtk2, libpulseaudio, openssl, xorg
}:
-assert stdenv.isLinux;
-
stdenv.mkDerivation rec {
name = "jitsi-${version}";
version = "2.10.5550";
diff --git a/pkgs/applications/networking/instant-messengers/nheko/default.nix b/pkgs/applications/networking/instant-messengers/nheko/default.nix
index 8405769582f7ef759b3a3a983bf1859fb3b2d2ab..688ac6d10d6fc61f763b25f4df48b9ea3a8806ef 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/default.nix
+++ b/pkgs/applications/networking/instant-messengers/nheko/default.nix
@@ -17,8 +17,8 @@ let
src = fetchFromGitHub {
owner = "mujx";
repo = "matrix-structs";
- rev = "91bb2b85a75d664007ef81aeb500d35268425922";
- sha256 = "1v544pv18sd91gdrhbk0nm54fggprsvwwrkjmxa59jrvhwdk7rsx";
+ rev = "690080daa3bc1984297c4d7103cde9ea07e2e0b7";
+ sha256 = "0l6mncpdbjmrzp5a3q1jv0sxf7bwl5ljslrcjca1j2bjjbqb61bz";
};
postUnpack = ''
@@ -47,13 +47,13 @@ let
in
stdenv.mkDerivation rec {
name = "nheko-${version}";
- version = "0.3.1";
+ version = "0.4.0";
src = fetchFromGitHub {
owner = "mujx";
repo = "nheko";
rev = "v${version}";
- sha256 = "1dqd698p6wicz0x1lb6mzlwcp68sjkivanb9lwz3yy1mlmy8i3jn";
+ sha256 = "1yg6bk193mqj99x3sy0f20x3ggpl0ahrp36w6hhx7pyw5qm17342";
};
# This patch is likely not strictly speaking needed, but will help detect when
diff --git a/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch b/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
index 661ae756a4dde6dd73cf2eb0749301a469a87e6c..a3425a78045435ba3382012eb12c454ca063678b 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
+++ b/pkgs/applications/networking/instant-messengers/nheko/external-deps.patch
@@ -54,7 +54,7 @@ index cef00f6..e69de29 100644
- MatrixStructs
-
- GIT_REPOSITORY https://github.com/mujx/matrix-structs
-- GIT_TAG 91bb2b85a75d664007ef81aeb500d35268425922
+- GIT_TAG 690080daa3bc1984297c4d7103cde9ea07e2e0b7
-
- BUILD_IN_SOURCE 1
- SOURCE_DIR ${MATRIX_STRUCTS_ROOT}
diff --git a/pkgs/applications/networking/instant-messengers/qtox/default.nix b/pkgs/applications/networking/instant-messengers/qtox/default.nix
index bbad5a68180727751ca8a252dd60af821415d7d7..f7a56d47dbfa793a2c873d0398882b39ff9e7f00 100644
--- a/pkgs/applications/networking/instant-messengers/qtox/default.nix
+++ b/pkgs/applications/networking/instant-messengers/qtox/default.nix
@@ -1,19 +1,23 @@
-{ mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig,
- libtoxcore,
- libpthreadstubs, libXdmcp, libXScrnSaver,
- qtbase, qtsvg, qttools, qttranslations,
- ffmpeg, filter-audio, libexif, libsodium, libopus,
- libvpx, openal, pcre, qrencode, sqlcipher }:
-
-mkDerivation rec {
+{ stdenv, mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig
+, libtoxcore
+, libpthreadstubs, libXdmcp, libXScrnSaver
+, qtbase, qtsvg, qttools, qttranslations
+, ffmpeg, filter-audio, libexif, libsodium, libopus
+, libvpx, openal, pcre, qrencode, sqlcipher
+, AVFoundation ? null }:
+
+let
+ version = "1.15.0";
+ rev = "v${version}";
+
+in mkDerivation rec {
name = "qtox-${version}";
- version = "1.13.0";
src = fetchFromGitHub {
owner = "qTox";
repo = "qTox";
- rev = "v${version}";
- sha256 = "08x71p23d0sp0w11k8z3wf3k56iclmdq9x652n8ggidgyrdi9f6y";
+ sha256 = "1garwnlmg452b0bwx36rsh08s15q3zylb26l01iiwg4l9vcaldh9";
+ inherit rev;
};
buildInputs = [
@@ -22,17 +26,18 @@ mkDerivation rec {
qtbase qtsvg qttranslations
ffmpeg filter-audio libexif libopus libsodium
libvpx openal pcre qrencode sqlcipher
- ];
+ ] ++ lib.optionals stdenv.isDarwin [ AVFoundation] ;
nativeBuildInputs = [ cmake pkgconfig qttools ];
enableParallelBuilding = true;
cmakeFlags = [
- "-DGIT_DESCRIBE=${version}"
+ "-DGIT_DESCRIBE=${rev}"
"-DENABLE_STATUSNOTIFIER=False"
"-DENABLE_GTK_SYSTRAY=False"
"-DENABLE_APPINDICATOR=False"
+ "-DTIMESTAMP=1"
];
meta = with lib; {
diff --git a/pkgs/applications/networking/instant-messengers/quaternion/default.nix b/pkgs/applications/networking/instant-messengers/quaternion/default.nix
index 768ab24c2f390c9c625b49ba90c1c3260ac6c35c..6c716cc3e1c05093cf6d3c263e3bc41884683765 100644
--- a/pkgs/applications/networking/instant-messengers/quaternion/default.nix
+++ b/pkgs/applications/networking/instant-messengers/quaternion/default.nix
@@ -2,24 +2,21 @@
stdenv.mkDerivation rec {
name = "quaternion-${version}";
- version = "0.0.5";
-
- # libqmatrixclient doesn't support dynamic linking as of 0.2 so we simply pull in the source
+ version = "0.0.9";
src = fetchFromGitHub {
owner = "QMatrixClient";
repo = "Quaternion";
rev = "v${version}";
- sha256 = "14xmaq446aggqhpcilahrw2mr5gf2mlr1xzyp7r6amrnmnqsyxrd";
+ sha256 = "0zdpll953a7biwnklhgmgg3k2vz7j58lc1nmfkmvsfcj1fmdf408";
};
buildInputs = [ qtbase qtquickcontrols libqmatrixclient ];
nativeBuildInputs = [ cmake ];
- enableParallelBuilding = true;
-
- # take the source from libqmatrixclient
+ # libqmatrixclient is now compiled as a dynamic library but quarternion cannot use it yet
+ # https://github.com/QMatrixClient/Quaternion/issues/239
postPatch = ''
rm -rf lib
ln -s ${libqmatrixclient.src} lib
diff --git a/pkgs/applications/networking/instant-messengers/ratox/default.nix b/pkgs/applications/networking/instant-messengers/ratox/default.nix
index 5d004db60e3ad10dc51bb7383cbdbc9209d2a885..add337d3f0856467b5af06eae9bf5efa3d040c17 100644
--- a/pkgs/applications/networking/instant-messengers/ratox/default.nix
+++ b/pkgs/applications/networking/instant-messengers/ratox/default.nix
@@ -5,22 +5,24 @@ with stdenv.lib;
let
configFile = optionalString (conf!=null) (builtins.toFile "config.h" conf);
-in
-stdenv.mkDerivation rec {
- name = "ratox-0.4";
+in stdenv.mkDerivation rec {
+ name = "ratox-0.4.20180303";
src = fetchgit {
url = "git://git.2f30.org/ratox.git";
- rev = "0db821b7bd566f6cfdc0cc5a7bbcc3e5e92adb4c";
- sha256 = "0wmf8hydbcq4bkpsld9vnqw4zfzf3f04vhgwy17nd4p5p389fbl5";
+ rev = "269f7f97fb374a8f9c0b82195c21de15b81ddbbb";
+ sha256 = "0bpn37h8jvsqd66fkba8ky42nydc8acawa5x31yxqlxc8mc66k74";
};
- patches = [ ./ldlibs.patch ];
-
buildInputs = [ libtoxcore ];
- preConfigure = optionalString (conf!=null) "cp ${configFile} config.def.h";
+ preConfigure = ''
+ substituteInPlace config.mk \
+ --replace '-lsodium -lopus -lvpx ' ""
+
+ ${optionalString (conf!=null) "cp ${configFile} config.def.h"}
+ '';
makeFlags = [ "PREFIX=$(out)" ];
diff --git a/pkgs/applications/networking/instant-messengers/ratox/ldlibs.patch b/pkgs/applications/networking/instant-messengers/ratox/ldlibs.patch
deleted file mode 100644
index 1406e714310709085c440b3a779decf911b281b7..0000000000000000000000000000000000000000
--- a/pkgs/applications/networking/instant-messengers/ratox/ldlibs.patch
+++ /dev/null
@@ -1,5 +0,0 @@
---- a/config.mk
-+++ b/config.mk
-@@ -13 +13 @@ LDFLAGS = -L/usr/local/lib
--LDLIBS = -ltoxcore -ltoxav -ltoxencryptsave -lsodium -lopus -lvpx -lm -lpthread
-+LDLIBS = -ltoxcore -ltoxav -ltoxencryptsave -lm -lpthread
diff --git a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix
index 0d3342e6668793a02f2df88430bbab735496f5f8..4946c065492f3b6ff99919b7d3b5164337ee7fcb 100644
--- a/pkgs/applications/networking/instant-messengers/riot/riot-web.nix
+++ b/pkgs/applications/networking/instant-messengers/riot/riot-web.nix
@@ -3,11 +3,11 @@
let configFile = writeText "riot-config.json" conf; in
stdenv.mkDerivation rec {
name= "riot-web-${version}";
- version = "0.14.0";
+ version = "0.14.2";
src = fetchurl {
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
- sha256 = "0san8d3dghjkqqv0ypampgl7837mxk9w64ci6fzy1k5d5dmdgvsi";
+ sha256 = "1qma49a6lvr9anrry3vbhjhvy06bgapknnvbdljnbb3l9c99nmxi";
};
installPhase = ''
diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
index d524be287cd22c5fa8e62c9b9cfa6f1ad875fedc..479b89bcecbd160f141de80d95d7b6ec59baa4ad 100644
--- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
@@ -40,13 +40,13 @@ in
stdenv.mkDerivation rec {
name = "signal-desktop-${version}";
- version = "1.7.1";
+ version = "1.9.0";
src =
if stdenv.system == "x86_64-linux" then
fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
- sha256 = "02zx8ynbvvs260mrvqbsg0fi561da4ni3i9f4bjh53vqn92vhvvq";
+ sha256 = "18i9chyarpcw369rqyldckkln1lxy5g9qy9f5gy5gsz9y5qngxqa";
}
else
throw "Signal for Desktop is not currently supported on ${stdenv.system}";
@@ -81,7 +81,7 @@ in
description = "Signal Private Messenger for the Desktop.";
homepage = https://signal.org/;
license = lib.licenses.gpl3;
- maintainers = [ lib.maintainers.ixmatus ];
+ maintainers = with lib.maintainers; [ ixmatus primeos ];
platforms = [
"x86_64-linux"
];
diff --git a/pkgs/applications/networking/instant-messengers/stride/default.nix b/pkgs/applications/networking/instant-messengers/stride/default.nix
index 0bcf3493d29eefde6b26247f576ff346ae466f8a..9df816dd8907f747255349fe1aea1fd7f3d6af05 100644
--- a/pkgs/applications/networking/instant-messengers/stride/default.nix
+++ b/pkgs/applications/networking/instant-messengers/stride/default.nix
@@ -33,12 +33,12 @@ let
] + ":${stdenv.cc.cc.lib}/lib64";
in
stdenv.mkDerivation rec {
- version = "1.8.18";
+ version = "1.17.82";
name = "stride-${version}";
src = fetchurl {
url = "https://packages.atlassian.com/stride-apt-client/pool/stride_${version}_amd64.deb";
- sha256 = "0hpj3i3xbvckxm7fphqqb3scb31w2cg4riwp593y0gnbivpc0hym";
+ sha256 = "0lx61gdhw0kv4f9fwbfg69yq52dsp4db7c4li25d6wn11qanzqhy";
};
dontBuild = true;
diff --git a/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix
index 2d880bef753e51682c13326a7c884cbd388adf0e..4fa4967c898e38c95e8ba276a3bd06c72ee41edf 100644
--- a/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix
@@ -22,6 +22,6 @@ stdenv.mkDerivation rec {
homepage = https://telepathy.freedesktop.org/components/telepathy-gabble/;
description = "Jabber/XMPP connection manager for the Telepathy framework";
license = licenses.lgpl21Plus;
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/networking/instant-messengers/telepathy/haze/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/haze/default.nix
index a1669183bb3b7302d28f062664e001bca35dd240..89be42781a4c97363358477399daacbb52e85b15 100644
--- a/pkgs/applications/networking/instant-messengers/telepathy/haze/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telepathy/haze/default.nix
@@ -24,6 +24,6 @@ stdenv.mkDerivation rec {
meta = {
description = "A Telepathy connection manager based on libpurple";
- platforms = stdenv.lib.platforms.gnu; # Random choice
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # Random choice
};
}
diff --git a/pkgs/applications/networking/instant-messengers/telepathy/idle/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/idle/default.nix
index 7894554eee4f80070170d491dcc1fb2beb028ce6..4607961cdf08bb8f65865bb79b34baaa85d3edce 100644
--- a/pkgs/applications/networking/instant-messengers/telepathy/idle/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telepathy/idle/default.nix
@@ -21,6 +21,6 @@ stdenv.mkDerivation rec {
meta = {
description = "IRC connection manager for the Telepathy framework";
license = stdenv.lib.licenses.lgpl21;
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix
index 111970ab71126d77fe8c326fa50af93dd54d6572..1791a7ff1ddc4874be948ba4af6b3bafd79d6353 100644
--- a/pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://telepathy.freedesktop.org/releases/${project}/${name}.tar.bz2";
- sha256 = "18i00l8lnp5dghqmgmpxnn0is2a20pkisxy0sb78hnd2dz0z6xnl";
+ sha256 = "1bjx85k7jyfi5pvl765fzc7q2iz9va51anrc2djv7caksqsdbjlg";
};
nativeBuildInputs = [
@@ -31,6 +31,6 @@ stdenv.mkDerivation rec {
homepage = https://telepathy.freedesktop.org/components/telepathy-logger/;
license = licenses.lgpl21;
maintainers = with maintainers; [ jtojnar ];
- platforms = platforms.gnu; # Arbitrary choice
+ platforms = platforms.gnu ++ platforms.linux; # Arbitrary choice
};
}
diff --git a/pkgs/applications/networking/instant-messengers/telepathy/salut/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/salut/default.nix
index e060eaabf2819069ef49ed9016779e5647bd7142..17cd20c09cbda5bd72a7cdd64e628ed8224735a1 100644
--- a/pkgs/applications/networking/instant-messengers/telepathy/salut/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telepathy/salut/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Link-local XMPP connection manager for Telepathy";
- platforms = platforms.gnu; # Random choice
+ platforms = platforms.gnu ++ platforms.linux; # Random choice
maintainers = [ maintainers.lethalman ];
};
}
diff --git a/pkgs/applications/networking/instant-messengers/toxic/default.nix b/pkgs/applications/networking/instant-messengers/toxic/default.nix
index 4934a737405833fa59245932b94c4f590b987813..8a45e988c07dd3203c726be20deb57c2f96dd631 100644
--- a/pkgs/applications/networking/instant-messengers/toxic/default.nix
+++ b/pkgs/applications/networking/instant-messengers/toxic/default.nix
@@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "toxic-${version}";
- version = "0.7.2";
+ version = "0.8.2";
src = fetchFromGitHub {
owner = "Tox";
repo = "toxic";
rev = "v${version}";
- sha256 = "1kws6bx5va1wc0k6pqihrla91vicxk4zqghvxiylgfbjr1jnkvwc";
+ sha256 = "0fwmk945nip98m3md58y3ibjmzfq25hns3xf0bmbc6fjpww8d5p5";
};
makeFlags = [ "PREFIX=$(out)"];
diff --git a/pkgs/applications/networking/instant-messengers/utox/default.nix b/pkgs/applications/networking/instant-messengers/utox/default.nix
index 9c208dd52a83ff837d93ef3ada2b83f9557420d1..e139904fee53bb0551b76e94bf9baa436b366ccb 100644
--- a/pkgs/applications/networking/instant-messengers/utox/default.nix
+++ b/pkgs/applications/networking/instant-messengers/utox/default.nix
@@ -1,16 +1,18 @@
-{ stdenv, fetchFromGitHub, cmake, pkgconfig, libtoxcore, filter-audio, dbus, libvpx, libX11, openal, freetype, libv4l
-, libXrender, fontconfig, libXext, libXft, utillinux, git, libsodium, libopus, check }:
+{ stdenv, lib, fetchFromGitHub, check, cmake, pkgconfig
+, libtoxcore, filter-audio, dbus, libvpx, libX11, openal, freetype, libv4l
+, libXrender, fontconfig, libXext, libXft, utillinux, libsodium, libopus }:
stdenv.mkDerivation rec {
name = "utox-${version}";
- version = "0.16.1";
+ version = "0.17.0";
src = fetchFromGitHub {
owner = "uTox";
repo = "uTox";
rev = "v${version}";
- sha256 = "0ak10925v67yaga2pw9yzp0xkb5j1181srfjdyqpd29v8mi9j828";
+ sha256 = "12wbq883il7ikldayh8hm0cjfrkp45vn05xx9s1jbfz6gmkidyar";
+ fetchSubmodules = true;
};
buildInputs = [
@@ -20,16 +22,20 @@ stdenv.mkDerivation rec {
];
nativeBuildInputs = [
- cmake git pkgconfig check
+ check cmake pkgconfig
];
cmakeFlags = [
- "-DENABLE_UPDATER=OFF"
- ] ++ stdenv.lib.optional (!doCheck) "-DENABLE_TESTS=OFF";
+ "-DENABLE_AUTOUPDATE=OFF"
+ ] ++ lib.optional (doCheck) "-DENABLE_TESTS=ON";
- doCheck = true;
+ doCheck = stdenv.isLinux;
- checkTarget = "test";
+ checkPhase = ''
+ runHook preCheck
+ ctest -VV
+ runHook postCheck
+ '';
meta = with stdenv.lib; {
description = "Lightweight Tox client";
diff --git a/pkgs/applications/networking/instant-messengers/viber/default.nix b/pkgs/applications/networking/instant-messengers/viber/default.nix
index 3c164820019b6c4b396bf343e75e8c20f81cf793..781912f665d5d894dda760fc3cf254cfc291fdf6 100644
--- a/pkgs/applications/networking/instant-messengers/viber/default.nix
+++ b/pkgs/applications/networking/instant-messengers/viber/default.nix
@@ -3,8 +3,6 @@
libpulseaudio, libxml2, libxslt, libGLU_combined, nspr, nss, openssl, systemd, wayland, xorg, zlib, ...
}:
-assert stdenv.system == "x86_64-linux";
-
stdenv.mkDerivation rec {
name = "viber-${version}";
version = "7.0.0.1035";
@@ -99,7 +97,7 @@ stdenv.mkDerivation rec {
homepage = http://www.viber.com;
description = "An instant messaging and Voice over IP (VoIP) app";
license = stdenv.lib.licenses.unfree;
- platforms = stdenv.lib.platforms.linux;
+ platforms = [ "x86_64-linux" ];
maintainers = with stdenv.lib.maintainers; [ jagajaga ];
};
diff --git a/pkgs/applications/networking/instant-messengers/weechat-matrix-bridge/default.nix b/pkgs/applications/networking/instant-messengers/weechat-matrix-bridge/default.nix
index f1338bc0df3532fbab6fdadd91053055fce20c08..85faebf95a3dd8aad6b2bc133c7f88c6693fb6ed 100644
--- a/pkgs/applications/networking/instant-messengers/weechat-matrix-bridge/default.nix
+++ b/pkgs/applications/networking/instant-messengers/weechat-matrix-bridge/default.nix
@@ -1,12 +1,12 @@
{ stdenv, curl, fetchFromGitHub, cjson, olm, luaffi }:
stdenv.mkDerivation {
- name = "weechat-matrix-bridge-2017-03-28";
+ name = "weechat-matrix-bridge-2018-01-10";
src = fetchFromGitHub {
owner = "torhve";
repo = "weechat-matrix-protocol-script";
- rev = "0052e7275ae149dc5241226391c9b1889ecc3c6b";
- sha256 = "14x58jd44g08sfnp1gx74gq2na527v5jjpsvv1xx4b8mixwy20hi";
+ rev = "a8e4ce04665c09ee7f24d6b319cd85cfb56dfbd7";
+ sha256 = "0822xcxvwanwm8qbzqhn3f1m6hhxs29pyf8lnv6v29bl8136vcq3";
};
patches = [
diff --git a/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix b/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
index 9e946152c192c0d98fb802faf5cb6818a4c8ef18..f0123024fe2f6dd456985d06fa646c6ccce46c0d 100644
--- a/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
@@ -61,7 +61,7 @@ in
};
desktopItem = makeDesktopItem {
- name = "Wire";
+ name = "wire-desktop";
exec = "wire-desktop %U";
icon = "wire-desktop";
comment = "Secure messenger for everyone";
diff --git a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix
index 03b4b980929c807b80444960c28349d977239e5c..692a43629355f7a8083c0406a8b681eabf501c61 100644
--- a/pkgs/applications/networking/instant-messengers/zoom-us/default.nix
+++ b/pkgs/applications/networking/instant-messengers/zoom-us/default.nix
@@ -1,14 +1,14 @@
{ stdenv, fetchurl, system, makeWrapper, makeDesktopItem,
- alsaLib, dbus, glib, gstreamer, fontconfig, freetype, libpulseaudio, libxml2,
- libxslt, libGLU_combined, nspr, nss, sqlite, utillinux, zlib, xorg, udev, expat, libv4l }:
+ alsaLib, dbus, glib, fontconfig, freetype, libpulseaudio,
+ utillinux, zlib, xorg, udev, sqlite, expat, libv4l, procps, libGL }:
let
- version = "2.0.106600.0904";
+ version = "2.0.123200.0405";
srcs = {
x86_64-linux = fetchurl {
url = "https://zoom.us/client/${version}/zoom_x86_64.tar.xz";
- sha256 = "1dcr0rqgjingjqbqv37hqjhhwy8axnjyirrnmjk44b5xnh239w9s";
+ sha256 = "1ifwa2xf5mw1ll2j1f39qd7mpyxpc6xj3650dmlnxf525dsm573z";
};
};
@@ -17,25 +17,21 @@ in stdenv.mkDerivation {
src = srcs.${system};
- buildInputs = [ makeWrapper ];
+ nativeBuildInputs = [ makeWrapper ];
libPath = stdenv.lib.makeLibraryPath [
alsaLib
- dbus
+ expat
glib
- gstreamer
- fontconfig
freetype
+ libGL
libpulseaudio
- libxml2
- libxslt
- nspr
- nss
+ zlib
+ dbus
+ fontconfig
sqlite
utillinux
- zlib
udev
- expat
xorg.libX11
xorg.libSM
@@ -79,6 +75,7 @@ in stdenv.mkDerivation {
makeWrapper $packagePath/zoom $out/bin/zoom-us \
--prefix LD_LIBRARY_PATH : "$packagePath:$libPath" \
--prefix LD_PRELOAD : "${libv4l}/lib/v4l1compat.so" \
+ --prefix PATH : "${procps}/bin" \
--set QT_PLUGIN_PATH "$packagePath/platforms" \
--set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \
--set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale"
diff --git a/pkgs/applications/networking/insync/default.nix b/pkgs/applications/networking/insync/default.nix
index cf3725c35e3d555eea1e3cc58c32b06f1489d51e..e718dc6562fb3f494f3d695cb44d25380cf0f152 100644
--- a/pkgs/applications/networking/insync/default.nix
+++ b/pkgs/applications/networking/insync/default.nix
@@ -2,12 +2,12 @@
stdenv.mkDerivation rec {
name = "insync-${version}";
- version = "1.3.22.36179";
+ version = "1.4.5.37069";
src =
if stdenv.system == "x86_64-linux" then
fetchurl {
url = "http://s.insynchq.com/builds/insync-portable_${version}_amd64.tar.bz2";
- sha256 = "0jmycpbmfvvpilcycyg6zgpjz6449bs17d2w4jx7m1rvzmpkk140";
+ sha256 = "0mkqgpq4isngkj20c0ygmxf4cj975d446svhwvl3cqdrjkjm1ybd";
}
else
throw "${name} is not supported on ${stdenv.system}";
diff --git a/pkgs/applications/networking/irc/irssi/default.nix b/pkgs/applications/networking/irc/irssi/default.nix
index b03673a00b667162f17517b393c254b1115233f0..b5bab3585c5f5ba3dcdce1c34756fab252e21bd8 100644
--- a/pkgs/applications/networking/irc/irssi/default.nix
+++ b/pkgs/applications/networking/irc/irssi/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
];
meta = {
- homepage = http://irssi.org;
+ homepage = https://irssi.org;
description = "A terminal based IRC client";
platforms = stdenv.lib.platforms.unix;
maintainers = with stdenv.lib.maintainers; [ lovek323 ];
diff --git a/pkgs/applications/networking/irc/quassel/default.nix b/pkgs/applications/networking/irc/quassel/default.nix
index 7c685b9df6b9bf92fca6bc63b1adcd23be38858e..739842bbec3ab04da31c756d90bf5f720475c513 100644
--- a/pkgs/applications/networking/irc/quassel/default.nix
+++ b/pkgs/applications/networking/irc/quassel/default.nix
@@ -24,8 +24,6 @@ let
buildCore = monolithic || daemon;
in
-assert stdenv.isLinux;
-
assert monolithic -> !client && !daemon;
assert client || daemon -> !monolithic;
assert !buildClient -> !withKDE; # KDE is used by the client only
diff --git a/pkgs/applications/networking/irc/quassel/source.nix b/pkgs/applications/networking/irc/quassel/source.nix
index f3941ee976e4b27dc542b4d15d02f2b887b6668a..20daba788997e4fb13d0f4bf422128b0e5df81d8 100644
--- a/pkgs/applications/networking/irc/quassel/source.nix
+++ b/pkgs/applications/networking/irc/quassel/source.nix
@@ -1,9 +1,9 @@
{ fetchurl }:
rec {
- version = "0.12.4";
+ version = "0.12.5";
src = fetchurl {
url = "https://github.com/quassel/quassel/archive/${version}.tar.gz";
- sha256 = "0q2qlhy1d6glw9pwxgcgwvspd1mkk3yi6m21dx9gnj86bxas2qs2";
+ sha256 = "04f42x87a4wkj3va3wnmj2jl7ikqqa7d7nmypqpqwalzpzk7kxwv";
};
}
diff --git a/pkgs/applications/networking/irc/weechat/default.nix b/pkgs/applications/networking/irc/weechat/default.nix
index b2ea28f0cf8579d55f90cebb4fb40ba57b1b6c82..dec933489af9f936e8475b71a45b8f6beed05c2f 100644
--- a/pkgs/applications/networking/irc/weechat/default.nix
+++ b/pkgs/applications/networking/irc/weechat/default.nix
@@ -29,12 +29,12 @@ let
weechat =
assert lib.all (p: p.enabled -> ! (builtins.elem null p.buildInputs)) plugins;
stdenv.mkDerivation rec {
- version = "2.0";
+ version = "2.1";
name = "weechat-${version}";
src = fetchurl {
url = "http://weechat.org/files/src/weechat-${version}.tar.bz2";
- sha256 = "0jd1l67k2k44xmfv0a71im3j4v0gss3a6bd5s84nj3f7lqnfmqdn";
+ sha256 = "0fq68wgynv2c3319gmzi0lz4ln4yrrk755y5mbrlr7fc1sx7ffd8";
};
outputs = [ "out" "man" ] ++ map (p: p.name) enabledPlugins;
diff --git a/pkgs/applications/networking/mailreaders/notmuch/default.nix b/pkgs/applications/networking/mailreaders/notmuch/default.nix
index d89219cce5f32b22ea25afdbea5f6bbbaf2a8f7d..13add2690db3aa794f8aa71c18a250296bca0c58 100644
--- a/pkgs/applications/networking/mailreaders/notmuch/default.nix
+++ b/pkgs/applications/networking/mailreaders/notmuch/default.nix
@@ -12,7 +12,7 @@
with stdenv.lib;
stdenv.mkDerivation rec {
- version = "0.26.1";
+ version = "0.26.2";
name = "notmuch-${version}";
passthru = {
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://notmuchmail.org/releases/${name}.tar.gz";
- sha256 = "0dx8nhdmkaqabxcgxfa757m99fi395y76h9ynx8539yh9m7y9xyk";
+ sha256 = "0fqf6wwvqlccq9qdnd0mky7fx0kbkczd28blf045s0vsvdjii70h";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix b/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix
index 9dbc99cac7d0e091482bf72fa588439779aca279..759cf74ba9d0e9c5451b8ac778aa4c28da6b1fbe 100644
--- a/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix
+++ b/pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix
@@ -43,8 +43,6 @@
, gnupg
}:
-assert stdenv.isLinux;
-
# imports `version` and `sources`
with (import ./release_sources.nix);
diff --git a/pkgs/applications/networking/ndppd/default.nix b/pkgs/applications/networking/ndppd/default.nix
index 5314d3668eb049dc93f8c1bcf7f350c33eee60da..a5eb9021048e49bdac0b8520866512857fdde21a 100644
--- a/pkgs/applications/networking/ndppd/default.nix
+++ b/pkgs/applications/networking/ndppd/default.nix
@@ -1,6 +1,11 @@
-{ stdenv, fetchFromGitHub, gzip, ... }:
+{ stdenv, fetchFromGitHub, fetchurl, gzip, ... }:
-stdenv.mkDerivation rec {
+let
+ serviceFile = fetchurl {
+ url = "https://raw.githubusercontent.com/DanielAdolfsson/ndppd/f37e8eb33dc68b3385ecba9b36a5efd92755580f/ndppd.service";
+ sha256 = "1zf54pzjfj9j9gr48075njqrgad4myd3dqmhvzxmjy4gjy9ixmyh";
+ };
+in stdenv.mkDerivation rec {
name = "ndppd-${version}";
version = "0.2.5";
@@ -19,6 +24,16 @@ stdenv.mkDerivation rec {
substituteInPlace Makefile --replace /bin/gzip ${gzip}/bin/gzip
'';
+ postInstall = ''
+ mkdir -p $out/etc
+ cp ndppd.conf-dist $out/etc/ndppd.conf
+
+ mkdir -p $out/lib/systemd/system
+ # service file needed for our module is not in release yet
+ substitute ${serviceFile} $out/lib/systemd/system/ndppd.service \
+ --replace /usr/sbin/ndppd $out/sbin/ndppd
+ '';
+
meta = {
description = "A daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces";
homepage = https://github.com/DanielAdolfsson/ndppd;
diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix
index 0b8a584fc6a623426477d9b3c043543516a72042..74d59c05ec91f2003d8e5b2eb0577f88af02449c 100644
--- a/pkgs/applications/networking/newsreaders/liferea/default.nix
+++ b/pkgs/applications/networking/newsreaders/liferea/default.nix
@@ -6,13 +6,13 @@
let
pname = "liferea";
- version = "1.12.2";
+ version = "1.12.3";
in stdenv.mkDerivation rec {
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/lwindolf/${pname}/releases/download/v${version}/${name}.tar.bz2";
- sha256 = "18mz1drp6axvjbr9jdw3i0ijl3l2m191198p4c93qnm7g96ldh15";
+ sha256 = "0wm2c8qrgnadq63fivai53xm7vl05wgxc0nk39jcriscdikzqpcg";
};
nativeBuildInputs = [ wrapGAppsHook python3Packages.wrapPython intltool pkgconfig ];
diff --git a/pkgs/applications/networking/p2p/gnunet/default.nix b/pkgs/applications/networking/p2p/gnunet/default.nix
index d18342177243630878c5b511851d546a6defcb33..e15c3588c2988545a66ad6730701c5a1e68ce1d9 100644
--- a/pkgs/applications/networking/p2p/gnunet/default.nix
+++ b/pkgs/applications/networking/p2p/gnunet/default.nix
@@ -73,6 +73,6 @@ stdenv.mkDerivation rec {
license = licenses.gpl2Plus;
maintainers = with maintainers; [ viric vrthra ];
- platforms = platforms.gnu;
+ platforms = platforms.gnu ++ platforms.linux;
};
}
diff --git a/pkgs/applications/networking/p2p/gnunet/git.nix b/pkgs/applications/networking/p2p/gnunet/git.nix
new file mode 100644
index 0000000000000000000000000000000000000000..9763c0ee97fa8eeb7adddfda8d5d6ecba672d0ca
--- /dev/null
+++ b/pkgs/applications/networking/p2p/gnunet/git.nix
@@ -0,0 +1,92 @@
+{ stdenv, fetchgit, libextractor, libmicrohttpd, libgcrypt
+, zlib, gmp, curl, libtool, adns, sqlite, pkgconfig
+, libxml2, ncurses, gettext, libunistring, libidn
+, makeWrapper, autoconf, automake, texinfo, which
+, withVerbose ? false }:
+
+let
+ rev = "ce2864cfaa27e55096b480bf35db5f8cee2a5e7e";
+in
+stdenv.mkDerivation rec {
+ name = "gnunet-git-${rev}";
+
+ src = fetchgit {
+ url = https://gnunet.org/git/gnunet.git;
+ inherit rev;
+ sha256 = "0gbw920m9v4b3425c0d1h7drgl2m1fni1bwjn4fwqnyz7kdqzsgl";
+ };
+
+ buildInputs = [
+ libextractor libmicrohttpd libgcrypt gmp curl libtool
+ zlib adns sqlite libxml2 ncurses libidn
+ pkgconfig gettext libunistring makeWrapper
+ autoconf automake texinfo which
+ ];
+
+ configureFlags = stdenv.lib.optional withVerbose "--enable-logging=verbose ";
+
+ preConfigure = ''
+ # Brute force: since nix-worker chroots don't provide
+ # /etc/{resolv.conf,hosts}, replace all references to `localhost'
+ # by their IPv4 equivalent.
+ for i in $(find . \( -name \*.c -or -name \*.conf \) \
+ -exec grep -l '\' {} \;)
+ do
+ echo "$i: substituting \`127.0.0.1' to \`localhost'..."
+ sed -i "$i" -e's/\/127.0.0.1/g'
+ done
+
+ # Make sure the tests don't rely on `/tmp', for the sake of chroot
+ # builds.
+ for i in $(find . \( -iname \*test\*.c -or -name \*.conf \) \
+ -exec grep -l /tmp {} \;)
+ do
+ echo "$i: replacing references to \`/tmp' by \`$TMPDIR'..."
+ substituteInPlace "$i" --replace "/tmp" "$TMPDIR"
+ done
+
+ # Ensure NSS installation works fine
+ configureFlags="$configureFlags --with-nssdir=$out/lib"
+
+ sh contrib/pogen.sh
+ sh bootstrap
+ '';
+
+ doCheck = false;
+
+ /* FIXME: Tests must be run this way, but there are still a couple of
+ failures.
+
+ postInstall =
+ '' export GNUNET_PREFIX="$out"
+ export PATH="$out/bin:$PATH"
+ make -k check
+ '';
+ */
+
+ meta = {
+ description = "GNUnet, GNU's decentralized anonymous and censorship-resistant P2P framework";
+
+ longDescription = ''
+ GNUnet is a framework for secure peer-to-peer networking that
+ does not use any centralized or otherwise trusted services. A
+ first service implemented on top of the networking layer
+ allows anonymous censorship-resistant file-sharing. Anonymity
+ is provided by making messages originating from a peer
+ indistinguishable from messages that the peer is routing. All
+ peers act as routers and use link-encrypted connections with
+ stable bandwidth utilization to communicate with each other.
+ GNUnet uses a simple, excess-based economic model to allocate
+ resources. Peers in GNUnet monitor each others behavior with
+ respect to resource usage; peers that contribute to the
+ network are rewarded with better service.
+ '';
+
+ homepage = https://gnunet.org/;
+
+ license = stdenv.lib.licenses.gpl2Plus;
+
+ maintainers = with stdenv.lib.maintainers; [ viric ];
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
+ };
+}
diff --git a/pkgs/applications/networking/p2p/gnunet/svn.nix b/pkgs/applications/networking/p2p/gnunet/svn.nix
index 8c8d95169c87e6967d8ea4604bbf4b0c4ea14283..688bb11acd035acaf84367d279ccc6590591f38b 100644
--- a/pkgs/applications/networking/p2p/gnunet/svn.nix
+++ b/pkgs/applications/networking/p2p/gnunet/svn.nix
@@ -88,6 +88,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = with stdenv.lib.maintainers; [ viric ];
- platforms = stdenv.lib.platforms.gnu;
+ platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux;
};
}
diff --git a/pkgs/applications/networking/p2p/qbittorrent/default.nix b/pkgs/applications/networking/p2p/qbittorrent/default.nix
index 90d68a96e5c0324a784df93d66a9beda399d38ff..b2e9333beb3eed5e7b3489846bc4b01fd2226255 100644
--- a/pkgs/applications/networking/p2p/qbittorrent/default.nix
+++ b/pkgs/applications/networking/p2p/qbittorrent/default.nix
@@ -10,11 +10,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "qbittorrent-${version}";
- version = "4.0.4";
+ version = "4.1.0";
src = fetchurl {
url = "mirror://sourceforge/qbittorrent/${name}.tar.xz";
- sha256 = "13sw0sdw2agm49plp9xvkg6wva274drpvgz76dqj4j2kfxx9s2jk";
+ sha256 = "0fdr74sc31x421sb69vlgal1hxpccjxxk8hrrzz9f5bg4jv895pw";
};
nativeBuildInputs = [ pkgconfig which ];
diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix
index cf825b724962ecbf1aaf70090bd32cbbda14298e..d8fc1d840d2be8def0221428f821040821780153 100644
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@@ -10,11 +10,11 @@ let inherit (stdenv.lib) optional optionals optionalString; in
stdenv.mkDerivation rec {
name = "transmission-" + optionalString enableGTK3 "gtk-" + version;
- version = "2.93";
+ version = "2.94";
src = fetchurl {
- url = "https://github.com/transmission/transmission-releases/raw/master/transmission-2.93.tar.xz";
- sha256 = "8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b";
+ url = "https://github.com/transmission/transmission-releases/raw/master/transmission-2.94.tar.xz";
+ sha256 = "0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m";
};
nativeBuildInputs = [ pkgconfig ]
diff --git a/pkgs/applications/networking/sync/rclone/default.nix b/pkgs/applications/networking/sync/rclone/default.nix
index aa2a971b15f660808052ffa3231068ef6b5e4f95..405ff2fde7358e138f3d70a07897e6b05849475d 100644
--- a/pkgs/applications/networking/sync/rclone/default.nix
+++ b/pkgs/applications/networking/sync/rclone/default.nix
@@ -2,7 +2,7 @@
buildGoPackage rec {
name = "rclone-${version}";
- version = "1.40";
+ version = "1.41";
goPackagePath = "github.com/ncw/rclone";
@@ -10,7 +10,7 @@ buildGoPackage rec {
owner = "ncw";
repo = "rclone";
rev = "v${version}";
- sha256 = "01q9g5g4va1s91xzvxpq8lj9jcrbl66cik383cpxwmcv04qcqgw9";
+ sha256 = "0kvqzrj7kbr9mhg023lkvk320qhkf4widcv6yph1cx701935brhr";
};
outputs = [ "bin" "out" "man" ];
diff --git a/pkgs/applications/networking/syncthing-gtk/default.nix b/pkgs/applications/networking/syncthing-gtk/default.nix
index ae715aa4321c0afb6e543b21ce03c2053a4dd8e5..4db546651dd951395c9a8218c9c3b74c20660329 100644
--- a/pkgs/applications/networking/syncthing-gtk/default.nix
+++ b/pkgs/applications/networking/syncthing-gtk/default.nix
@@ -1,14 +1,14 @@
-{ stdenv, fetchFromGitHub, libnotify, librsvg, psmisc, gtk3, substituteAll, syncthing, wrapGAppsHook, gnome3, buildPythonApplication, dateutil, pyinotify, pygobject3, bcrypt, gobjectIntrospection }:
+{ stdenv, fetchFromGitHub, libnotify, librsvg, darwin, psmisc, gtk3, libappindicator-gtk3, substituteAll, syncthing, wrapGAppsHook, gnome3, buildPythonApplication, dateutil, pyinotify, pygobject3, bcrypt, gobjectIntrospection }:
buildPythonApplication rec {
- version = "0.9.2.7";
+ version = "0.9.3.1";
name = "syncthing-gtk-${version}";
src = fetchFromGitHub {
owner = "syncthing";
repo = "syncthing-gtk";
rev = "v${version}";
- sha256 = "08k7vkibia85klwjxbnzk67h4pphrizka5v9zxwvvv3cisjiclc2";
+ sha256 = "15bh9i0j0g7hrqsz22px8g2bg0xj4lsn81rziznh9fxxx5b9v9bb";
};
nativeBuildInputs = [
@@ -18,8 +18,8 @@ buildPythonApplication rec {
];
buildInputs = [
- gtk3 librsvg
- libnotify
+ gtk3 librsvg libappindicator-gtk3
+ libnotify gnome3.adwaita-icon-theme
# Schemas with proxy configuration
gnome3.gsettings-desktop-schemas
];
@@ -32,7 +32,7 @@ buildPythonApplication rec {
./disable-syncthing-binary-configuration.patch
(substituteAll {
src = ./paths.patch;
- killall = "${psmisc}/bin/killall";
+ killall = "${if stdenv.isDarwin then darwin.shell_cmds else psmisc}/bin/killall";
syncthing = "${syncthing}/bin/syncthing";
})
];
diff --git a/pkgs/applications/networking/syncthing-gtk/disable-syncthing-binary-configuration.patch b/pkgs/applications/networking/syncthing-gtk/disable-syncthing-binary-configuration.patch
index 6c516e98acb1ee7d94fff36123b4226b44c07ec9..14c2b62e6e3877f0b9846e24fdd4bfc7f34e33fe 100644
--- a/pkgs/applications/networking/syncthing-gtk/disable-syncthing-binary-configuration.patch
+++ b/pkgs/applications/networking/syncthing-gtk/disable-syncthing-binary-configuration.patch
@@ -1,5 +1,5 @@
---- a/find-daemon.glade
-+++ b/find-daemon.glade
+--- a/glade/find-daemon.glade
++++ b/glade/find-daemon.glade
@@ -112,6 +112,7 @@