mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 20:39:04 +02:00
Merge branch 'master' into mix2nix_0.1.9
This commit is contained in:
commit
1071e31103
20
.github/CODEOWNERS
vendored
20
.github/CODEOWNERS
vendored
|
@ -20,7 +20,7 @@
|
|||
|
||||
# Libraries
|
||||
/lib @infinisil
|
||||
/lib/systems @alyssais @ericson2314 @amjoseph-nixpkgs
|
||||
/lib/systems @alyssais @ericson2314
|
||||
/lib/generators.nix @infinisil @Profpatsch
|
||||
/lib/cli.nix @infinisil @Profpatsch
|
||||
/lib/debug.nix @infinisil @Profpatsch
|
||||
|
@ -41,17 +41,17 @@
|
|||
/pkgs/top-level/stage.nix @Ericson2314
|
||||
/pkgs/top-level/splice.nix @Ericson2314
|
||||
/pkgs/top-level/release-cross.nix @Ericson2314
|
||||
/pkgs/stdenv/generic @Ericson2314 @amjoseph-nixpkgs
|
||||
/pkgs/stdenv/generic @Ericson2314
|
||||
/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @piegamesde
|
||||
/pkgs/stdenv/cross @Ericson2314 @amjoseph-nixpkgs
|
||||
/pkgs/build-support/cc-wrapper @Ericson2314 @amjoseph-nixpkgs
|
||||
/pkgs/stdenv/cross @Ericson2314
|
||||
/pkgs/build-support/cc-wrapper @Ericson2314
|
||||
/pkgs/build-support/bintools-wrapper @Ericson2314
|
||||
/pkgs/build-support/setup-hooks @Ericson2314
|
||||
/pkgs/build-support/setup-hooks/auto-patchelf.sh @layus
|
||||
/pkgs/build-support/setup-hooks/auto-patchelf.py @layus
|
||||
/pkgs/pkgs-lib @infinisil
|
||||
## Format generators/serializers
|
||||
/pkgs/pkgs-lib/formats/libconfig @ckiee
|
||||
/pkgs/pkgs-lib/formats/libconfig @ckiee @h7x4
|
||||
|
||||
# pkgs/by-name
|
||||
/pkgs/test/nixpkgs-check-by-name @infinisil
|
||||
|
@ -84,7 +84,6 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
|||
/nixos/README.md @infinisil
|
||||
/pkgs/README.md @infinisil
|
||||
/maintainers/README.md @infinisil
|
||||
/maintainers/* @piegamesde @Janik-Haag
|
||||
|
||||
# User-facing development documentation
|
||||
/doc/development.md @infinisil
|
||||
|
@ -158,7 +157,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
|||
/doc/languages-frameworks/rust.section.md @zowoq @winterqt @figsoda
|
||||
|
||||
# C compilers
|
||||
/pkgs/development/compilers/gcc @amjoseph-nixpkgs
|
||||
/pkgs/development/compilers/gcc
|
||||
/pkgs/development/compilers/llvm @RaitoBezarius
|
||||
/pkgs/development/compilers/emscripten @raitobezarius
|
||||
/doc/languages-frameworks/emscripten.section.md @raitobezarius
|
||||
|
@ -220,6 +219,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
|
|||
/nixos/modules/services/networking/ntp @thoughtpolice
|
||||
|
||||
# Network
|
||||
/pkgs/tools/networking/octodns @Janik-Haag
|
||||
/pkgs/tools/networking/kea/default.nix @mweinelt
|
||||
/pkgs/tools/networking/babeld/default.nix @mweinelt
|
||||
/nixos/modules/services/networking/babeld.nix @mweinelt
|
||||
|
@ -325,6 +325,9 @@ pkgs/applications/version-management/forgejo @bendlas @emilylange
|
|||
/pkgs/build-support/node/fetch-npm-deps @lilyinstarlight @winterqt
|
||||
/doc/languages-frameworks/javascript.section.md @lilyinstarlight @winterqt
|
||||
|
||||
# environment.noXlibs option aka NoX
|
||||
/nixos/modules/config/no-x-libs.nix @SuperSandro2000
|
||||
|
||||
# OCaml
|
||||
/pkgs/build-support/ocaml @ulrikstrid
|
||||
/pkgs/development/compilers/ocaml @ulrikstrid
|
||||
|
@ -340,9 +343,6 @@ nixos/tests/zfs.nix @raitobezarius
|
|||
/pkgs/development/compilers/zig @figsoda
|
||||
/doc/hooks/zig.section.md @figsoda
|
||||
|
||||
# Linux Kernel
|
||||
pkgs/os-specific/linux/kernel/manual-config.nix @amjoseph-nixpkgs
|
||||
|
||||
# Buildbot
|
||||
nixos/modules/services/continuous-integration/buildbot @Mic92 @zowoq
|
||||
nixos/tests/buildbot.nix @Mic92 @zowoq
|
||||
|
|
4
.github/workflows/basic-eval.yml
vendored
4
.github/workflows/basic-eval.yml
vendored
|
@ -19,8 +19,8 @@ jobs:
|
|||
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
|
||||
with:
|
||||
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
||||
name: nixpkgs-ci
|
||||
|
|
25
.github/workflows/check-by-name.yml
vendored
25
.github/workflows/check-by-name.yml
vendored
|
@ -4,11 +4,19 @@
|
|||
# When you make changes to this workflow, also update pkgs/test/nixpkgs-check-by-name/scripts/run-local.sh adequately
|
||||
name: Check pkgs/by-name
|
||||
|
||||
# The pre-built tool is fetched from a channel,
|
||||
# making it work predictable on all PRs.
|
||||
# The tool is pinned to a pre-built version on Hydra,
|
||||
# see pkgs/test/nixpkgs-check-by-name/scripts/README.md
|
||||
on:
|
||||
# Using pull_request_target instead of pull_request avoids having to approve first time contributors
|
||||
pull_request_target
|
||||
pull_request_target:
|
||||
# This workflow depends on the base branch of the PR,
|
||||
# but changing the base branch is not included in the default trigger events,
|
||||
# which would be `opened`, `synchronize` or `reopened`.
|
||||
# Instead it causes an `edited` event, so we need to add it explicitly here
|
||||
# While `edited` is also triggered when the PR title/body is changed,
|
||||
# this PR action is fairly quick, and PR's don't get edited that often,
|
||||
# so it shouldn't be a problem
|
||||
types: [opened, synchronize, reopened, edited]
|
||||
|
||||
permissions:
|
||||
# We need this permission to cancel the workflow run if there's a merge conflict
|
||||
|
@ -90,9 +98,14 @@ jobs:
|
|||
base=$(mktemp -d)
|
||||
git worktree add "$base" "$(git rev-parse HEAD^1)"
|
||||
echo "base=$base" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- name: Fetching the tool
|
||||
run: pkgs/test/nixpkgs-check-by-name/scripts/fetch-tool.sh "$GITHUB_BASE_REF" result
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
- name: Fetching the pinned tool
|
||||
# Update the pinned version using pkgs/test/nixpkgs-check-by-name/scripts/update-pinned-tool.sh
|
||||
run: |
|
||||
# Get the direct /nix/store path from the pin to avoid having to evaluate Nixpkgs
|
||||
toolPath=$(jq -r '."ci-path"' pkgs/test/nixpkgs-check-by-name/scripts/pinned-tool.json)
|
||||
# This asks the substituter for the path, which should be there because Hydra will have pre-built and pushed it
|
||||
nix-store --realise "$toolPath" --add-root result
|
||||
- name: Running nixpkgs-check-by-name
|
||||
run: |
|
||||
if result/bin/nixpkgs-check-by-name --base "$base" .; then
|
||||
|
|
|
@ -16,7 +16,7 @@ jobs:
|
|||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
|
|
2
.github/workflows/editorconfig.yml
vendored
2
.github/workflows/editorconfig.yml
vendored
|
@ -28,7 +28,7 @@ jobs:
|
|||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
# nixpkgs commit is pinned so that it doesn't break
|
||||
# editorconfig-checker 2.4.0
|
||||
|
|
4
.github/workflows/manual-nixos.yml
vendored
4
.github/workflows/manual-nixos.yml
vendored
|
@ -18,11 +18,11 @@ jobs:
|
|||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
- uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13
|
||||
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
|
||||
with:
|
||||
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
||||
name: nixpkgs-ci
|
||||
|
|
4
.github/workflows/manual-nixpkgs.yml
vendored
4
.github/workflows/manual-nixpkgs.yml
vendored
|
@ -19,11 +19,11 @@ jobs:
|
|||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
# explicitly enable sandbox
|
||||
extra_nix_config: sandbox = true
|
||||
- uses: cachix/cachix-action@6a2e08b5ebf7a9f285ff57b1870a4262b06e0bee # v13
|
||||
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
|
||||
with:
|
||||
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
||||
name: nixpkgs-ci
|
||||
|
|
42
.github/workflows/nix-parse.yml
vendored
Normal file
42
.github/workflows/nix-parse.yml
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
name: "Check whether nix files are parseable"
|
||||
|
||||
permissions: read-all
|
||||
|
||||
on:
|
||||
# avoids approving first time contributors
|
||||
pull_request_target:
|
||||
branches-ignore:
|
||||
- 'release-**'
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
- name: Get list of changed files from PR
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
gh api \
|
||||
repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
|
||||
| jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
|
||||
> "$HOME/changed_files"
|
||||
if [[ -s "$HOME/changed_files" ]]; then
|
||||
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
|
||||
fi
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
||||
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixpkgs-unstable
|
||||
- name: Parse all changed or added nix files
|
||||
run: |
|
||||
ret=0
|
||||
while IFS= read -r file; do
|
||||
out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
|
||||
done < "$HOME/changed_files"
|
||||
exit "$ret"
|
||||
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
|
6
.github/workflows/periodic-merge-24h.yml
vendored
6
.github/workflows/periodic-merge-24h.yml
vendored
|
@ -35,10 +35,6 @@ jobs:
|
|||
pairs:
|
||||
- from: master
|
||||
into: haskell-updates
|
||||
- from: release-23.05
|
||||
into: staging-next-23.05
|
||||
- from: staging-next-23.05
|
||||
into: staging-23.05
|
||||
- from: release-23.11
|
||||
into: staging-next-23.11
|
||||
- from: staging-next-23.11
|
||||
|
@ -56,7 +52,7 @@ jobs:
|
|||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Comment on failure
|
||||
uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
|
||||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
|
||||
if: ${{ failure() }}
|
||||
with:
|
||||
issue-number: 105153
|
||||
|
|
2
.github/workflows/periodic-merge-6h.yml
vendored
2
.github/workflows/periodic-merge-6h.yml
vendored
|
@ -50,7 +50,7 @@ jobs:
|
|||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Comment on failure
|
||||
uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
|
||||
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
|
||||
if: ${{ failure() }}
|
||||
with:
|
||||
issue-number: 105153
|
||||
|
|
|
@ -17,7 +17,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
|
||||
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixpkgs-unstable
|
||||
- name: setup
|
||||
|
|
|
@ -323,7 +323,7 @@ All the review template samples provided in this section are generic and meant a
|
|||
|
||||
To get more information about how to review specific parts of Nixpkgs, refer to the documents linked to in the [overview section][overview].
|
||||
|
||||
If a pull request contains documentation changes that might require feedback from the documentation team, ping @NixOS/documentation-team on the pull request.
|
||||
If a pull request contains documentation changes that might require feedback from the documentation team, ping [@NixOS/documentation-reviewers](https://github.com/orgs/nixos/teams/documentation-reviewers) on the pull request.
|
||||
|
||||
If you consider having enough knowledge and experience in a topic and would like to be a long-term reviewer for related submissions, please contact the current reviewers for that topic. They will give you information about the reviewing process. The main reviewers for a topic can be hard to find as there is no list, but checking past pull requests to see who reviewed or git-blaming the code to see who committed to that topic can give some hints.
|
||||
|
||||
|
@ -378,7 +378,7 @@ The staging workflow exists to batch Hydra builds of many packages together.
|
|||
It works by directing commits that cause [mass rebuilds][mass-rebuild] to a separate `staging` branch that isn't directly built by Hydra.
|
||||
Regularly, the `staging` branch is _manually_ merged into a `staging-next` branch to be built by Hydra using the [`nixpkgs:staging-next` jobset](https://hydra.nixos.org/jobset/nixpkgs/staging-next).
|
||||
The `staging-next` branch should then only receive direct commits in order to fix Hydra builds.
|
||||
Once it is verified that there are no major regressions, it is merged into `master` using [a pull requests](https://github.com/NixOS/nixpkgs/pulls?q=head%3Astaging-next).
|
||||
Once it is verified that there are no major regressions, it is merged into `master` using [a pull request](https://github.com/NixOS/nixpkgs/pulls?q=head%3Astaging-next).
|
||||
This is done manually in order to ensure it's a good use of Hydra's computing resources.
|
||||
By keeping the `staging-next` branch separate from `staging`, this batching does not block developers from merging changes into `staging`.
|
||||
|
||||
|
|
169
doc/README.md
169
doc/README.md
|
@ -71,6 +71,11 @@ If you **omit a link text** for a link pointing to a section, the text will be s
|
|||
|
||||
This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/using/syntax.html#targets-and-cross-referencing).
|
||||
|
||||
|
||||
#### HTML
|
||||
|
||||
Inlining HTML is not allowed. Parts of the documentation gets rendered to various non-HTML formats, such as man pages in the case of NixOS manual.
|
||||
|
||||
#### Roles
|
||||
|
||||
If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``. The references will turn into links when a mapping exists in [`doc/manpage-urls.json`](./manpage-urls.json).
|
||||
|
@ -157,26 +162,33 @@ watermelon
|
|||
|
||||
In an effort to keep the Nixpkgs manual in a consistent style, please follow the conventions below, unless they prevent you from properly documenting something.
|
||||
In that case, please open an issue about the particular documentation convention and tag it with a "needs: documentation" label.
|
||||
When needed, each convention explain why it exists, so you can make a decision whether to follow it or not based on your particular case.
|
||||
Note that these conventions are about the **structure** of the manual (and its source files), not about the content that goes in it.
|
||||
You, as the writer of documentation, are still in charge of its content.
|
||||
|
||||
- Put each sentence in its own line.
|
||||
This makes reviewing documentation much easier, since GitHub's review system is based on lines.
|
||||
This makes reviews and suggestions much easier, since GitHub's review system is based on lines.
|
||||
It also helps identifying long sentences at a glance.
|
||||
|
||||
- Use the admonitions syntax for any callouts and examples (see [section above](#admonitions)).
|
||||
- Use the [admonition syntax](#admonitions) for callouts and examples.
|
||||
|
||||
- If you provide an example involving Nix code, make your example into a fully-working package (something that can be passed to `pkgs.callPackage`).
|
||||
This will help others quickly test that the example works, and will also make it easier if we start automatically testing all example code to make sure it works.
|
||||
For example, instead of providing something like:
|
||||
- Provide at least one example per function, and make examples self-contained.
|
||||
This is easier to understand for beginners.
|
||||
It also helps with testing that it actually works – especially once we introduce automation.
|
||||
|
||||
```
|
||||
Example code should be such that it can be passed to `pkgs.callPackage`.
|
||||
Instead of something like:
|
||||
|
||||
```nix
|
||||
pkgs.dockerTools.buildLayeredImage {
|
||||
name = "hello";
|
||||
contents = [ pkgs.hello ];
|
||||
}
|
||||
```
|
||||
|
||||
Provide something like:
|
||||
Write something like:
|
||||
|
||||
```
|
||||
```nix
|
||||
{ dockerTools, hello }:
|
||||
dockerTools.buildLayeredImage {
|
||||
name = "hello";
|
||||
|
@ -184,22 +196,153 @@ In that case, please open an issue about the particular documentation convention
|
|||
}
|
||||
```
|
||||
|
||||
- Use [definition lists](#definition-lists) to document function arguments, and the attributes of such arguments. For example:
|
||||
- When showing inputs/outputs of any [REPL](https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop), such as a shell or the Nix REPL, use a format as you'd see in the REPL, while trying to visually separate inputs from outputs.
|
||||
This means that for a shell, you should use a format like the following:
|
||||
```shell
|
||||
$ nix-build -A hello '<nixpkgs>' \
|
||||
--option require-sigs false \
|
||||
--option trusted-substituters file:///tmp/hello-cache \
|
||||
--option substituters file:///tmp/hello-cache
|
||||
/nix/store/zhl06z4lrfrkw5rp0hnjjfrgsclzvxpm-hello-2.12.1
|
||||
```
|
||||
Note how the input is preceded by `$` on the first line and indented on subsequent lines, and how the output is provided as you'd see on the shell.
|
||||
|
||||
For the Nix REPL, you should use a format like the following:
|
||||
```shell
|
||||
nix-repl> builtins.attrNames { a = 1; b = 2; }
|
||||
[ "a" "b" ]
|
||||
```
|
||||
Note how the input is preceded by `nix-repl>` and the output is provided as you'd see on the Nix REPL.
|
||||
|
||||
- When documenting functions or anything that has inputs/outputs and example usage, use nested headings to clearly separate inputs, outputs, and examples.
|
||||
Keep examples as the last nested heading, and link to the examples wherever applicable in the documentation.
|
||||
|
||||
The purpose of this convention is to provide a familiar structure for navigating the manual, so any reader can expect to find content related to inputs in an "inputs" heading, examples in an "examples" heading, and so on.
|
||||
An example:
|
||||
```
|
||||
## buildImage
|
||||
|
||||
Some explanation about the function here.
|
||||
Describe a particular scenario, and point to [](#ex-dockerTools-buildImage), which is an example demonstrating it.
|
||||
|
||||
### Inputs
|
||||
|
||||
Documentation for the inputs of `buildImage`.
|
||||
Perhaps even point to [](#ex-dockerTools-buildImage) again when talking about something specifically linked to it.
|
||||
|
||||
### Passthru outputs
|
||||
|
||||
Documentation for any passthru outputs of `buildImage`.
|
||||
|
||||
### Examples
|
||||
|
||||
Note that this is the last nested heading in the `buildImage` section.
|
||||
|
||||
:::{.example #ex-dockerTools-buildImage}
|
||||
|
||||
# Using `buildImage`
|
||||
|
||||
Example of how to use `buildImage` goes here.
|
||||
|
||||
:::
|
||||
```
|
||||
|
||||
- Use [definition lists](#definition-lists) to document function arguments, and the attributes of such arguments as well as their [types](https://nixos.org/manual/nix/stable/language/values).
|
||||
For example:
|
||||
|
||||
```markdown
|
||||
# pkgs.coolFunction
|
||||
|
||||
Description of what `coolFunction` does.
|
||||
|
||||
## Inputs
|
||||
|
||||
`coolFunction` expects a single argument which should be an attribute set, with the following possible attributes:
|
||||
|
||||
`name`
|
||||
`name` (String)
|
||||
|
||||
: The name of the resulting image.
|
||||
|
||||
`tag` _optional_
|
||||
`tag` (String; _optional_)
|
||||
|
||||
: Tag of the generated image.
|
||||
|
||||
_Default value:_ the output path's hash.
|
||||
|
||||
_Default:_ the output path's hash.
|
||||
```
|
||||
|
||||
#### Examples
|
||||
|
||||
To define a referenceable figure use the following fencing:
|
||||
|
||||
```markdown
|
||||
:::{.example #an-attribute-set-example}
|
||||
# An attribute set example
|
||||
|
||||
You can add text before
|
||||
|
||||
```nix
|
||||
{ a = 1; b = 2;}
|
||||
```
|
||||
|
||||
and after code fencing
|
||||
:::
|
||||
```
|
||||
|
||||
Defining examples through the `example` fencing class adds them to a "List of Examples" section after the Table of Contents.
|
||||
Though this is not shown in the rendered documentation on nixos.org.
|
||||
|
||||
#### Figures
|
||||
|
||||
To define a referencable figure use the following fencing:
|
||||
|
||||
```markdown
|
||||
::: {.figure #nixos-logo}
|
||||
# NixOS Logo
|
||||
![NixOS logo](./nixos_logo.png)
|
||||
:::
|
||||
```
|
||||
|
||||
Defining figures through the `figure` fencing class adds them to a `List of Figures` after the `Table of Contents`.
|
||||
Though this is not shown in the rendered documentation on nixos.org.
|
||||
|
||||
#### Footnotes
|
||||
|
||||
To add a foonote explanation, use the following syntax:
|
||||
|
||||
```markdown
|
||||
Sometimes it's better to add context [^context] in a footnote.
|
||||
|
||||
[^context]: This explanation will be rendered at the end of the chapter.
|
||||
```
|
||||
|
||||
#### Inline comments
|
||||
|
||||
Inline comments are supported with following syntax:
|
||||
|
||||
```markdown
|
||||
<!-- This is an inline comment -->
|
||||
```
|
||||
|
||||
The comments will not be rendered in the rendered HTML.
|
||||
|
||||
#### Link reference definitions
|
||||
|
||||
Links can reference a label, for example, to make the link target reusable:
|
||||
|
||||
```markdown
|
||||
::: {.note}
|
||||
Reference links can also be used to [shorten URLs][url-id] and keep the markdown readable.
|
||||
:::
|
||||
|
||||
[url-id]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/doc/README.md
|
||||
```
|
||||
|
||||
This syntax is taken from [CommonMark](https://spec.commonmark.org/0.30/#link-reference-definitions).
|
||||
|
||||
#### Typographic replacements
|
||||
|
||||
Typographic replacements are enabled. Check the [list of possible replacement patterns check](https://github.com/executablebooks/markdown-it-py/blob/3613e8016ecafe21709471ee0032a90a4157c2d1/markdown_it/rules_core/replacements.py#L1-L15).
|
||||
|
||||
## Getting help
|
||||
|
||||
If you need documentation-specific help or reviews, ping [@NixOS/documentation-reviewers](https://github.com/orgs/nixos/teams/documentation-reviewers) on your pull request.
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -29,6 +29,10 @@ pkgs.mkShell {
|
|||
|
||||
... all the attributes of `stdenv.mkDerivation`.
|
||||
|
||||
## Variants {#sec-pkgs-mkShell-variants}
|
||||
|
||||
`pkgs.mkShellNoCC` is a variant that uses `stdenvNoCC` instead of `stdenv` as base environment. This is useful if no C compiler is needed in the shell environment.
|
||||
|
||||
## Building the shell {#sec-pkgs-mkShell-building}
|
||||
|
||||
This derivation output will contain a text file that contains a reference to
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# Trivial build helpers {#chap-trivial-builders}
|
||||
|
||||
Nixpkgs provides a couple of functions that help with building derivations. The most important one, `stdenv.mkDerivation`, has already been documented above. The following functions wrap `stdenv.mkDerivation`, making it easier to use in certain cases.
|
||||
Nixpkgs provides a variety of wrapper functions that help build commonly useful derivations.
|
||||
Like [`stdenv.mkDerivation`](#sec-using-stdenv), each of these build helpers creates a derivation, but the arguments passed are different (usually simpler) from those required by `stdenv.mkDerivation`.
|
||||
|
||||
## `runCommand` {#trivial-builder-runCommand}
|
||||
|
||||
|
@ -58,63 +59,416 @@ Variant of `runCommand` that forces the derivation to be built locally, it is no
|
|||
This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g., just copying some files to a different location or adding symlinks) because there the `system` is usually the same as `builtins.currentSystem`.
|
||||
:::
|
||||
|
||||
## `writeTextFile`, `writeText`, `writeTextDir`, `writeScript`, `writeScriptBin` {#trivial-builder-writeText}
|
||||
## Writing text files {#trivial-builder-text-writing}
|
||||
|
||||
These functions write `text` to the Nix store. This is useful for creating scripts from Nix expressions. `writeTextFile` takes an attribute set and expects two arguments, `name` and `text`. `name` corresponds to the name used in the Nix store path. `text` will be the contents of the file. You can also set `executable` to true to make this file have the executable bit set.
|
||||
Nixpkgs provides the following functions for producing derivations which write text files or executable scripts into the Nix store.
|
||||
They are useful for creating files from Nix expression, and are all implemented as convenience wrappers around `writeTextFile`.
|
||||
|
||||
Many more commands wrap `writeTextFile` including `writeText`, `writeTextDir`, `writeScript`, and `writeScriptBin`. These are convenience functions over `writeTextFile`.
|
||||
Each of these functions will cause a derivation to be produced.
|
||||
When you coerce the result of each of these functions to a string with [string interpolation](https://nixos.org/manual/nix/stable/language/string-interpolation) or [`builtins.toString`](https://nixos.org/manual/nix/stable/language/builtins#builtins-toString), it will evaluate to the [store path](https://nixos.org/manual/nix/stable/store/store-path) of this derivation.
|
||||
|
||||
:::: {.note}
|
||||
Some of these functions will put the resulting files within a directory inside the [derivation output](https://nixos.org/manual/nix/stable/language/derivations#attr-outputs).
|
||||
If you need to refer to the resulting files somewhere else in a Nix expression, append their path to the derivation's store path.
|
||||
|
||||
For example, if the file destination is a directory:
|
||||
|
||||
```nix
|
||||
my-file = writeTextFile {
|
||||
name = "my-file";
|
||||
text = ''
|
||||
Contents of File
|
||||
'';
|
||||
destination = "/share/my-file";
|
||||
}
|
||||
```
|
||||
|
||||
Remember to append "/share/my-file" to the resulting store path when using it elsewhere:
|
||||
|
||||
```nix
|
||||
writeShellScript "evaluate-my-file.sh" ''
|
||||
cat ${my-file}/share/my-file
|
||||
'';
|
||||
```
|
||||
::::
|
||||
|
||||
### `writeTextFile` {#trivial-builder-writeTextFile}
|
||||
|
||||
Write a text file to the Nix store.
|
||||
|
||||
`writeTextFile` takes an attribute set with the following possible attributes:
|
||||
|
||||
`name` (String)
|
||||
|
||||
: Corresponds to the name used in the Nix store path identifier.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
`executable` (Bool, _optional_)
|
||||
|
||||
: Make this file have the executable bit set.
|
||||
|
||||
Default: `false`
|
||||
|
||||
`destination` (String, _optional_)
|
||||
|
||||
: A subpath under the derivation's output path into which to put the file.
|
||||
Subdirectories are created automatically when the derivation is realised.
|
||||
|
||||
By default, the store path itself will be a file containing the text contents.
|
||||
|
||||
Default: `""`
|
||||
|
||||
`checkPhase` (String, _optional_)
|
||||
|
||||
: Commands to run after generating the file.
|
||||
|
||||
Default: `""`
|
||||
|
||||
`meta` (Attribute set, _optional_)
|
||||
|
||||
: Additional metadata for the derivation.
|
||||
|
||||
Default: `{}`
|
||||
|
||||
`allowSubstitutes` (Bool, _optional_)
|
||||
|
||||
: Whether to allow substituting from a binary cache.
|
||||
Passed through to [`allowSubsitutes`](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-allowSubstitutes) of the underlying call to `builtins.derivation`.
|
||||
|
||||
It defaults to `false`, as running the derivation's simple `builder` executable locally is assumed to be faster than network operations.
|
||||
Set it to true if the `checkPhase` step is expensive.
|
||||
|
||||
Default: `false`
|
||||
|
||||
`preferLocalBuild` (Bool, _optional_)
|
||||
|
||||
: Whether to prefer building locally, even if faster [remote build machines](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-substituters) are available.
|
||||
|
||||
Passed through to [`preferLocalBuild`](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-preferLocalBuild) of the underlying call to `builtins.derivation`.
|
||||
|
||||
It defaults to `true` for the same reason `allowSubstitutes` defaults to `false`.
|
||||
|
||||
Default: `true`
|
||||
|
||||
The resulting store path will include some variation of the name, and it will be a file unless `destination` is used, in which case it will be a directory.
|
||||
|
||||
::: {.example #ex-writeTextFile}
|
||||
# Usage 1 of `writeTextFile`
|
||||
|
||||
Write `my-file` to `/nix/store/<store path>/some/subpath/my-cool-script`, making it executable.
|
||||
Also run a check on the resulting file in a `checkPhase`, and supply values for the less-used options.
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-cool-script";
|
||||
text = ''
|
||||
#!/bin/sh
|
||||
echo "This is my cool script!"
|
||||
'';
|
||||
executable = true;
|
||||
destination = "/some/subpath/my-cool-script";
|
||||
checkPhase = ''
|
||||
${pkgs.shellcheck}/bin/shellcheck $out/some/subpath/my-cool-script
|
||||
'';
|
||||
meta = {
|
||||
license = pkgs.lib.licenses.cc0;
|
||||
};
|
||||
allowSubstitutes = true;
|
||||
preferLocalBuild = false;
|
||||
};
|
||||
```
|
||||
:::
|
||||
|
||||
::: {.example #ex2-writeTextFile}
|
||||
# Usage 2 of `writeTextFile`
|
||||
|
||||
Write the string `Contents of File` to `/nix/store/<store path>`.
|
||||
See also the [](#trivial-builder-writeText) helper function.
|
||||
|
||||
Here are a few examples:
|
||||
```nix
|
||||
# Writes my-file to /nix/store/<store path>
|
||||
writeTextFile {
|
||||
name = "my-file";
|
||||
text = ''
|
||||
Contents of File
|
||||
'';
|
||||
}
|
||||
# See also the `writeText` helper function below.
|
||||
```
|
||||
:::
|
||||
|
||||
# Writes executable my-file to /nix/store/<store path>/bin/my-file
|
||||
::: {.example #ex3-writeTextFile}
|
||||
# Usage 3 of `writeTextFile`
|
||||
|
||||
Write an executable script `my-script` to `/nix/store/<store path>/bin/my-script`.
|
||||
See also the [](#trivial-builder-writeScriptBin) helper function.
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-script";
|
||||
text = ''
|
||||
echo "hi"
|
||||
'';
|
||||
executable = true;
|
||||
destination = "/bin/my-script";
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
### `writeText` {#trivial-builder-writeText}
|
||||
|
||||
Write a text file to the Nix store
|
||||
|
||||
`writeText` takes the following arguments:
|
||||
a string.
|
||||
|
||||
`name` (String)
|
||||
|
||||
: The name used in the Nix store path.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The store path will include the name, and it will be a file.
|
||||
|
||||
::: {.example #ex-writeText}
|
||||
# Usage of `writeText`
|
||||
|
||||
Write the string `Contents of File` to `/nix/store/<store path>`:
|
||||
|
||||
```nix
|
||||
writeText "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-file";
|
||||
text = ''
|
||||
Contents of File
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
### `writeTextDir` {#trivial-builder-writeTextDir}
|
||||
|
||||
Write a text file within a subdirectory of the Nix store.
|
||||
|
||||
`writeTextDir` takes the following arguments:
|
||||
|
||||
`path` (String)
|
||||
|
||||
: The destination within the Nix store path under which to create the file.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The store path will be a directory.
|
||||
|
||||
::: {.example #ex-writeTextDir}
|
||||
# Usage of `writeTextDir`
|
||||
|
||||
Write the string `Contents of File` to `/nix/store/<store path>/share/my-file`:
|
||||
|
||||
```nix
|
||||
writeTextDir "share/my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-file";
|
||||
text = ''
|
||||
Contents of File
|
||||
'';
|
||||
destination = "share/my-file";
|
||||
}
|
||||
```
|
||||
|
||||
### `writeScript` {#trivial-builder-writeScript}
|
||||
|
||||
Write an executable script file to the Nix store.
|
||||
|
||||
`writeScript` takes the following arguments:
|
||||
|
||||
`name` (String)
|
||||
|
||||
: The name used in the Nix store path.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The created file is marked as executable.
|
||||
The store path will include the name, and it will be a file.
|
||||
|
||||
::: {.example #ex-writeScript}
|
||||
# Usage of `writeScript`
|
||||
|
||||
Write the string `Contents of File` to `/nix/store/<store path>` and make the file executable.
|
||||
|
||||
```nix
|
||||
writeScript "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-file";
|
||||
text = ''
|
||||
Contents of File
|
||||
'';
|
||||
executable = true;
|
||||
destination = "/bin/my-file";
|
||||
}
|
||||
# Writes contents of file to /nix/store/<store path>
|
||||
writeText "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
# Writes contents of file to /nix/store/<store path>/share/my-file
|
||||
writeTextDir "share/my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
# Writes my-file to /nix/store/<store path> and makes executable
|
||||
writeScript "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
# Writes my-file to /nix/store/<store path>/bin/my-file and makes executable.
|
||||
writeScriptBin "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
# Writes my-file to /nix/store/<store path> and makes executable.
|
||||
writeShellScript "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
# Writes my-file to /nix/store/<store path>/bin/my-file and makes executable.
|
||||
writeShellScriptBin "my-file"
|
||||
''
|
||||
Contents of File
|
||||
'';
|
||||
```
|
||||
|
||||
### `writeScriptBin` {#trivial-builder-writeScriptBin}
|
||||
|
||||
Write a script within a `bin` subirectory of a directory in the Nix store.
|
||||
This is for consistency with the convention of software packages placing executables under `bin`.
|
||||
|
||||
`writeScriptBin` takes the following arguments:
|
||||
|
||||
`name` (String)
|
||||
|
||||
: The name used in the Nix store path and within the file created under the store path.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The created file is marked as executable.
|
||||
The file's contents will be put into `/nix/store/<store path>/bin/<name>`.
|
||||
The store path will include the the name, and it will be a directory.
|
||||
|
||||
::: {.example #ex-writeScriptBin}
|
||||
# Usage of `writeScriptBin`
|
||||
|
||||
```nix
|
||||
writeScriptBin "my-script"
|
||||
''
|
||||
echo "hi"
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-script";
|
||||
text = ''
|
||||
echo "hi"
|
||||
'';
|
||||
executable = true;
|
||||
destination = "bin/my-script"
|
||||
}
|
||||
```
|
||||
|
||||
### `writeShellScript` {#trivial-builder-writeShellScript}
|
||||
|
||||
Write a Bash script to the store.
|
||||
|
||||
`writeShellScript` takes the following arguments:
|
||||
|
||||
`name` (String)
|
||||
|
||||
: The name used in the Nix store path.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The created file is marked as executable.
|
||||
The store path will include the name, and it will be a file.
|
||||
|
||||
This function is almost exactly like [](#trivial-builder-writeScript), except that it prepends to the file a [shebang](https://en.wikipedia.org/wiki/Shebang_%28Unix%29) line that points to the version of Bash used in Nixpkgs.
|
||||
<!-- this cannot be changed in practice, so there is no point pretending it's somehow generic -->
|
||||
|
||||
::: {.example #ex-writeShellScript}
|
||||
# Usage of `writeShellScript`
|
||||
|
||||
```nix
|
||||
writeShellScript "my-script"
|
||||
''
|
||||
echo "hi"
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-script";
|
||||
text = ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
echo "hi"
|
||||
'';
|
||||
executable = true;
|
||||
}
|
||||
```
|
||||
|
||||
### `writeShellScriptBin` {#trivial-builder-writeShellScriptBin}
|
||||
|
||||
Write a Bash script to a "bin" subdirectory of a directory in the Nix store.
|
||||
|
||||
`writeShellScriptBin` takes the following arguments:
|
||||
|
||||
`name` (String)
|
||||
|
||||
: The name used in the Nix store path and within the file generated under the store path.
|
||||
|
||||
`text` (String)
|
||||
|
||||
: The contents of the file.
|
||||
|
||||
The file's contents will be put into `/nix/store/<store path>/bin/<name>`.
|
||||
The store path will include the the name, and it will be a directory.
|
||||
|
||||
This function is a combination of [](#trivial-builder-writeShellScript) and [](#trivial-builder-writeScriptBin).
|
||||
|
||||
::: {.example #ex-writeShellScriptBin}
|
||||
# Usage of `writeShellScriptBin`
|
||||
|
||||
```nix
|
||||
writeShellScriptBin "my-script"
|
||||
''
|
||||
echo "hi"
|
||||
'';
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
```nix
|
||||
writeTextFile {
|
||||
name = "my-script";
|
||||
text = ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
echo "hi"
|
||||
'';
|
||||
executable = true;
|
||||
destination = "bin/my-script"
|
||||
}
|
||||
```
|
||||
|
||||
## `concatTextFile`, `concatText`, `concatScript` {#trivial-builder-concatText}
|
||||
|
@ -148,9 +502,14 @@ concatScript "my-file" [ file1 file2 ]
|
|||
|
||||
## `writeShellApplication` {#trivial-builder-writeShellApplication}
|
||||
|
||||
This can be used to easily produce a shell script that has some dependencies (`runtimeInputs`). It automatically sets the `PATH` of the script to contain all of the listed inputs, sets some sanity shellopts (`errexit`, `nounset`, `pipefail`), and checks the resulting script with [`shellcheck`](https://github.com/koalaman/shellcheck).
|
||||
`writeShellApplication` is similar to `writeShellScriptBin` and `writeScriptBin` but supports runtime dependencies with `runtimeInputs`.
|
||||
Writes an executable shell script to `/nix/store/<store path>/bin/<name>` and checks its syntax with [`shellcheck`](https://github.com/koalaman/shellcheck) and the `bash`'s `-n` option.
|
||||
Some basic Bash options are set by default (`errexit`, `nounset`, and `pipefail`), but can be overridden with `bashOptions`.
|
||||
|
||||
For example, look at the following code:
|
||||
Extra arguments may be passed to `stdenv.mkDerivation` by setting `derivationArgs`; note that variables set in this manner will be set when the shell script is _built,_ not when it's run.
|
||||
Runtime environment variables can be set with the `runtimeEnv` argument.
|
||||
|
||||
For example, the following shell application can refer to `curl` directly, rather than needing to write `${curl}/bin/curl`:
|
||||
|
||||
```nix
|
||||
writeShellApplication {
|
||||
|
@ -164,10 +523,6 @@ writeShellApplication {
|
|||
}
|
||||
```
|
||||
|
||||
Unlike with normal `writeShellScriptBin`, there is no need to manually write out `${curl}/bin/curl`, setting the PATH
|
||||
was handled by `writeShellApplication`. Moreover, the script is being checked with `shellcheck` for more strict
|
||||
validation.
|
||||
|
||||
## `symlinkJoin` {#trivial-builder-symlinkJoin}
|
||||
|
||||
This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within.
|
||||
|
|
|
@ -25,6 +25,7 @@ let
|
|||
{ name = "gvariant"; description = "GVariant formatted string serialization functions"; }
|
||||
{ name = "customisation"; description = "Functions to customise (derivation-related) functions, derivatons, or attribute sets"; }
|
||||
{ name = "meta"; description = "functions for derivation metadata"; }
|
||||
{ name = "derivations"; description = "miscellaneous derivation-specific functions"; }
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ stdenv.mkDerivation {
|
|||
mkdir -p "$out"
|
||||
|
||||
cat > "$out/index.md" << 'EOF'
|
||||
```{=include=} sections
|
||||
```{=include=} sections auto-id-prefix=auto-generated
|
||||
EOF
|
||||
|
||||
${lib.concatMapStrings ({ name, baseName ? name, description }: ''
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
# Python {#setup-hook-python}
|
||||
|
||||
Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable.
|
||||
Adds the `python.sitePackages` subdirectory (i.e. `lib/pythonX.Y/site-packages`) of each build input to the `PYTHONPATH` environment variable.
|
||||
|
|
|
@ -216,7 +216,7 @@ in packages.mixRelease {
|
|||
Setup will require the following steps:
|
||||
|
||||
- Move your secrets to runtime environment variables. For more information refer to the [runtime.exs docs](https://hexdocs.pm/mix/Mix.Tasks.Release.html#module-runtime-configuration). On a fresh Phoenix build that would mean that both `DATABASE_URL` and `SECRET_KEY` need to be moved to `runtime.exs`.
|
||||
- `cd assets` and `nix-shell -p node2nix --run node2nix --development` will generate a Nix expression containing your frontend dependencies
|
||||
- `cd assets` and `nix-shell -p node2nix --run "node2nix --development"` will generate a Nix expression containing your frontend dependencies
|
||||
- commit and push those changes
|
||||
- you can now `nix-build .`
|
||||
- To run the release, set the `RELEASE_TMP` environment variable to a directory that your program has write access to. It will be used to store the BEAM settings.
|
||||
|
|
|
@ -80,6 +80,8 @@ Do _not_ use `dart run <package_name>`, as this will attempt to download depende
|
|||
|
||||
### Usage with nix-shell {#ssec-dart-applications-nix-shell}
|
||||
|
||||
#### Using dependencies from the Nix store {#ssec-dart-applications-nix-shell-deps}
|
||||
|
||||
As `buildDartApplication` provides dependencies instead of `pub get`, Dart needs to be explicitly told where to find them.
|
||||
|
||||
Run the following commands in the source directory to configure Dart appropriately.
|
||||
|
@ -103,6 +105,9 @@ flutter.buildFlutterApplication {
|
|||
pname = "firmware-updater";
|
||||
version = "unstable-2023-04-30";
|
||||
|
||||
# To build for the Web, use the targetFlutterPlatform argument.
|
||||
# targetFlutterPlatform = "web";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "canonical";
|
||||
repo = "firmware-updater";
|
||||
|
@ -117,4 +122,15 @@ flutter.buildFlutterApplication {
|
|||
|
||||
### Usage with nix-shell {#ssec-dart-flutter-nix-shell}
|
||||
|
||||
See the [Dart documentation](#ssec-dart-applications-nix-shell) for nix-shell instructions.
|
||||
Flutter-specific `nix-shell` usage notes are included here. See the [Dart documentation](#ssec-dart-applications-nix-shell) for general `nix-shell` instructions.
|
||||
|
||||
#### Entering the shell {#ssec-dart-flutter-nix-shell-enter}
|
||||
|
||||
By default, dependencies for only the `targetFlutterPlatform` are available in the
|
||||
build environment. This is useful for keeping closures small, but be problematic
|
||||
during development. It's common, for example, to build Web apps for Linux during
|
||||
development to take advantage of native features such as stateful hot reload.
|
||||
|
||||
To enter a shell with all the usual target platforms available, use the `multiShell` attribute.
|
||||
|
||||
e.g. `nix-shell '<nixpkgs>' -A fluffychat-web.multiShell`.
|
||||
|
|
|
@ -144,7 +144,7 @@ in buildDotnetModule rec {
|
|||
|
||||
projectReferences = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
|
||||
|
||||
dotnet-sdk = dotnetCorePackages.sdk_6.0;
|
||||
dotnet-sdk = dotnetCorePackages.sdk_6_0;
|
||||
dotnet-runtime = dotnetCorePackages.runtime_6_0;
|
||||
|
||||
executables = [ "foo" ]; # This wraps "$out/lib/$pname/foo" to `$out/bin/foo`.
|
||||
|
|
|
@ -86,9 +86,9 @@ One advantage is that when `pkgs.zlib` is updated, it will automatically update
|
|||
|
||||
postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
|
||||
substituteInPlace configure \
|
||||
--replace '/usr/bin/libtool' 'ar' \
|
||||
--replace 'AR="libtool"' 'AR="ar"' \
|
||||
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
|
||||
--replace-fail '/usr/bin/libtool' 'ar' \
|
||||
--replace-fail 'AR="libtool"' 'AR="ar"' \
|
||||
--replace-fail 'ARFLAGS="-o"' 'ARFLAGS="-r"'
|
||||
'';
|
||||
})
|
||||
```
|
||||
|
|
|
@ -70,39 +70,42 @@ compilers like this:
|
|||
```console
|
||||
$ nix-env -f '<nixpkgs>' -qaP -A haskell.compiler
|
||||
haskell.compiler.ghc810 ghc-8.10.7
|
||||
haskell.compiler.ghc88 ghc-8.8.4
|
||||
haskell.compiler.ghc90 ghc-9.0.2
|
||||
haskell.compiler.ghc924 ghc-9.2.4
|
||||
haskell.compiler.ghc925 ghc-9.2.5
|
||||
haskell.compiler.ghc926 ghc-9.2.6
|
||||
haskell.compiler.ghc92 ghc-9.2.7
|
||||
haskell.compiler.ghc942 ghc-9.4.2
|
||||
haskell.compiler.ghc943 ghc-9.4.3
|
||||
haskell.compiler.ghc94 ghc-9.4.4
|
||||
haskell.compiler.ghcHEAD ghc-9.7.20221224
|
||||
haskell.compiler.ghc8102Binary ghc-binary-8.10.2
|
||||
haskell.compiler.ghc8102BinaryMinimal ghc-binary-8.10.2
|
||||
haskell.compiler.ghc8107BinaryMinimal ghc-binary-8.10.7
|
||||
haskell.compiler.ghc927 ghc-9.2.7
|
||||
haskell.compiler.ghc92 ghc-9.2.8
|
||||
haskell.compiler.ghc945 ghc-9.4.5
|
||||
haskell.compiler.ghc946 ghc-9.4.6
|
||||
haskell.compiler.ghc947 ghc-9.4.7
|
||||
haskell.compiler.ghc94 ghc-9.4.8
|
||||
haskell.compiler.ghc963 ghc-9.6.3
|
||||
haskell.compiler.ghc96 ghc-9.6.4
|
||||
haskell.compiler.ghc98 ghc-9.8.1
|
||||
haskell.compiler.ghcHEAD ghc-9.9.20231121
|
||||
haskell.compiler.ghc8107Binary ghc-binary-8.10.7
|
||||
haskell.compiler.ghc865Binary ghc-binary-8.6.5
|
||||
haskell.compiler.ghc924Binary ghc-binary-9.2.4
|
||||
haskell.compiler.ghc924BinaryMinimal ghc-binary-9.2.4
|
||||
haskell.compiler.integer-simple.ghc810 ghc-integer-simple-8.10.7
|
||||
haskell.compiler.integer-simple.ghc8107 ghc-integer-simple-8.10.7
|
||||
haskell.compiler.integer-simple.ghc88 ghc-integer-simple-8.8.4
|
||||
haskell.compiler.integer-simple.ghc884 ghc-integer-simple-8.8.4
|
||||
haskell.compiler.integer-simple.ghc810 ghc-integer-simple-8.10.7
|
||||
haskell.compiler.native-bignum.ghc90 ghc-native-bignum-9.0.2
|
||||
haskell.compiler.native-bignum.ghc902 ghc-native-bignum-9.0.2
|
||||
haskell.compiler.native-bignum.ghc924 ghc-native-bignum-9.2.4
|
||||
haskell.compiler.native-bignum.ghc925 ghc-native-bignum-9.2.5
|
||||
haskell.compiler.native-bignum.ghc926 ghc-native-bignum-9.2.6
|
||||
haskell.compiler.native-bignum.ghc92 ghc-native-bignum-9.2.7
|
||||
haskell.compiler.native-bignum.ghc927 ghc-native-bignum-9.2.7
|
||||
haskell.compiler.native-bignum.ghc942 ghc-native-bignum-9.4.2
|
||||
haskell.compiler.native-bignum.ghc943 ghc-native-bignum-9.4.3
|
||||
haskell.compiler.native-bignum.ghc94 ghc-native-bignum-9.4.4
|
||||
haskell.compiler.native-bignum.ghc944 ghc-native-bignum-9.4.4
|
||||
haskell.compiler.native-bignum.ghcHEAD ghc-native-bignum-9.7.20221224
|
||||
haskell.compiler.native-bignum.ghc92 ghc-native-bignum-9.2.8
|
||||
haskell.compiler.native-bignum.ghc928 ghc-native-bignum-9.2.8
|
||||
haskell.compiler.native-bignum.ghc945 ghc-native-bignum-9.4.5
|
||||
haskell.compiler.native-bignum.ghc946 ghc-native-bignum-9.4.6
|
||||
haskell.compiler.native-bignum.ghc947 ghc-native-bignum-9.4.7
|
||||
haskell.compiler.native-bignum.ghc94 ghc-native-bignum-9.4.8
|
||||
haskell.compiler.native-bignum.ghc948 ghc-native-bignum-9.4.8
|
||||
haskell.compiler.native-bignum.ghc963 ghc-native-bignum-9.6.3
|
||||
haskell.compiler.native-bignum.ghc96 ghc-native-bignum-9.6.4
|
||||
haskell.compiler.native-bignum.ghc964 ghc-native-bignum-9.6.4
|
||||
haskell.compiler.native-bignum.ghc98 ghc-native-bignum-9.8.1
|
||||
haskell.compiler.native-bignum.ghc981 ghc-native-bignum-9.8.1
|
||||
haskell.compiler.native-bignum.ghcHEAD ghc-native-bignum-9.9.20231121
|
||||
haskell.compiler.ghcjs ghcjs-8.10.7
|
||||
```
|
||||
|
||||
|
@ -1226,10 +1229,12 @@ in
|
|||
in
|
||||
|
||||
{
|
||||
haskell = lib.recursiveUpdate prev.haskell {
|
||||
compiler.${ghcName} = prev.haskell.compiler.${ghcName}.override {
|
||||
# Unfortunately, the GHC setting is named differently for historical reasons
|
||||
enableProfiledLibs = enableProfiling;
|
||||
haskell = prev.haskell // {
|
||||
compiler = prev.haskell.compiler // {
|
||||
${ghcName} = prev.haskell.compiler.${ghcName}.override {
|
||||
# Unfortunately, the GHC setting is named differently for historical reasons
|
||||
enableProfiledLibs = enableProfiling;
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
|
@ -1241,31 +1246,33 @@ in
|
|||
in
|
||||
|
||||
{
|
||||
haskell = lib.recursiveUpdate prev.haskell {
|
||||
packages.${ghcName} = prev.haskell.packages.${ghcName}.override {
|
||||
overrides = hfinal: hprev: {
|
||||
mkDerivation = args: hprev.mkDerivation (args // {
|
||||
# Since we are forcing our ideas upon mkDerivation, this change will
|
||||
# affect every package in the package set.
|
||||
enableLibraryProfiling = enableProfiling;
|
||||
haskell = prev.haskell // {
|
||||
packages = prev.haskell.packages // {
|
||||
${ghcName} = prev.haskell.packages.${ghcName}.override {
|
||||
overrides = hfinal: hprev: {
|
||||
mkDerivation = args: hprev.mkDerivation (args // {
|
||||
# Since we are forcing our ideas upon mkDerivation, this change will
|
||||
# affect every package in the package set.
|
||||
enableLibraryProfiling = enableProfiling;
|
||||
|
||||
# To actually use profiling on an executable, executable profiling
|
||||
# needs to be enabled for the executable you want to profile. You
|
||||
# can either do this globally or…
|
||||
enableExecutableProfiling = enableProfiling;
|
||||
});
|
||||
# To actually use profiling on an executable, executable profiling
|
||||
# needs to be enabled for the executable you want to profile. You
|
||||
# can either do this globally or…
|
||||
enableExecutableProfiling = enableProfiling;
|
||||
});
|
||||
|
||||
# …only for the package that contains an executable you want to profile.
|
||||
# That saves on unnecessary rebuilds for packages that you only depend
|
||||
# on for their library, but also contain executables (e.g. pandoc).
|
||||
my-executable = haskellLib.enableExecutableProfiling hprev.my-executable;
|
||||
# …only for the package that contains an executable you want to profile.
|
||||
# That saves on unnecessary rebuilds for packages that you only depend
|
||||
# on for their library, but also contain executables (e.g. pandoc).
|
||||
my-executable = haskellLib.enableExecutableProfiling hprev.my-executable;
|
||||
|
||||
# If you are disabling profiling to save on build time, but want to
|
||||
# retain the ability to substitute from the binary cache. Drop the
|
||||
# override for mkDerivation above and instead have an override like
|
||||
# this for the specific packages you are building locally and want
|
||||
# to make cheaper to build.
|
||||
my-library = haskellLib.disableLibraryProfiling hprev.my-library;
|
||||
# If you are disabling profiling to save on build time, but want to
|
||||
# retain the ability to substitute from the binary cache. Drop the
|
||||
# override for mkDerivation above and instead have an override like
|
||||
# this for the specific packages you are building locally and want
|
||||
# to make cheaper to build.
|
||||
my-library = haskellLib.disableLibraryProfiling hprev.my-library;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
47
doc/languages-frameworks/idris2.section.md
Normal file
47
doc/languages-frameworks/idris2.section.md
Normal file
|
@ -0,0 +1,47 @@
|
|||
# Idris2 {#sec-idris2}
|
||||
|
||||
In addition to exposing the Idris2 compiler itself, Nixpkgs exposes an `idris2Packages.buildIdris` helper to make it a bit more ergonomic to build Idris2 executables or libraries.
|
||||
|
||||
The `buildIdris` function takes an attribute set that defines at a minimum the `src` and `ipkgName` of the package to be built and any `idrisLibraries` required to build it. The `src` is the same source you're familiar with and the `ipkgName` must be the name of the `ipkg` file for the project (omitting the `.ipkg` extension). The `idrisLibraries` is a list of other library derivations created with `buildIdris`. You can optionally specify other derivation properties as needed but sensible defaults for `configurePhase`, `buildPhase`, and `installPhase` are provided.
|
||||
|
||||
Importantly, `buildIdris` does not create a single derivation but rather an attribute set with two properties: `executable` and `library`. The `executable` property is a derivation and the `library` property is a function that will return a derivation for the library with or without source code included. Source code need not be included unless you are aiming to use IDE or LSP features that are able to jump to definitions within an editor.
|
||||
|
||||
A simple example of a fully packaged library would be the [`LSP-lib`](https://github.com/idris-community/LSP-lib) found in the `idris-community` GitHub organization.
|
||||
```nix
|
||||
{ fetchFromGitHub, idris2Packages }:
|
||||
let lspLibPkg = idris2Packages.buildIdris {
|
||||
ipkgName = "lsp-lib";
|
||||
src = fetchFromGitHub {
|
||||
owner = "idris-community";
|
||||
repo = "LSP-lib";
|
||||
rev = "main";
|
||||
hash = "sha256-EvSyMCVyiy9jDZMkXQmtwwMoLaem1GsKVFqSGNNHHmY=";
|
||||
};
|
||||
idrisLibraries = [ ];
|
||||
};
|
||||
in lspLibPkg.library
|
||||
```
|
||||
|
||||
The above results in a derivation with the installed library results (with sourcecode).
|
||||
|
||||
A slightly more involved example of a fully packaged executable would be the [`idris2-lsp`](https://github.com/idris-community/idris2-lsp) which is an Idris2 language server that uses the `LSP-lib` found above.
|
||||
```nix
|
||||
{ callPackage, fetchFromGitHub, idris2Packages }:
|
||||
|
||||
# Assuming the previous example lives in `lsp-lib.nix`:
|
||||
let lspLib = callPackage ./lsp-lib.nix { };
|
||||
lspPkg = idris2Packages.buildIdris {
|
||||
ipkgName = "idris2-lsp";
|
||||
src = fetchFromGitHub {
|
||||
owner = "idris-community";
|
||||
repo = "idris2-lsp";
|
||||
rev = "main";
|
||||
hash = "sha256-vQTzEltkx7uelDtXOHc6QRWZ4cSlhhm5ziOqWA+aujk=";
|
||||
};
|
||||
idrisLibraries = [(idris2Packages.idris2Api { }) (lspLib { })];
|
||||
};
|
||||
in lspPkg.executable
|
||||
```
|
||||
|
||||
The above uses the default value of `withSource = false` for both of the two required Idris libraries that the `idris2-lsp` executable depends on. `idris2Api` in the above derivation comes built in with `idris2Packages`. This library exposes many of the otherwise internal APIs of the Idris2 compiler.
|
||||
|
|
@ -21,6 +21,7 @@ go.section.md
|
|||
haskell.section.md
|
||||
hy.section.md
|
||||
idris.section.md
|
||||
idris2.section.md
|
||||
ios.section.md
|
||||
java.section.md
|
||||
javascript.section.md
|
||||
|
|
|
@ -354,6 +354,7 @@ mkYarnPackage rec {
|
|||
|
||||
- The `echo 9` steps comes from this answer: <https://stackoverflow.com/a/49139496>
|
||||
- Exporting the headers in `npm_config_nodedir` comes from this issue: <https://github.com/nodejs/node-gyp/issues/1191#issuecomment-301243919>
|
||||
- `offlineCache` (described [above](#javascript-yarn2nix-preparation)) must be specified to avoid [Import From Derivation](#ssec-import-from-derivation) (IFD) when used inside Nixpkgs.
|
||||
|
||||
## Outside Nixpkgs {#javascript-outside-nixpkgs}
|
||||
|
||||
|
|
|
@ -26,6 +26,17 @@ It is important to import Qt modules directly, that is: `qtbase`, `qtdeclarative
|
|||
|
||||
Additionally all Qt packages must include `wrapQtAppsHook` in `nativeBuildInputs`, or you must explicitly set `dontWrapQtApps`.
|
||||
|
||||
`pkgs.callPackage` does not provide injections for `qtbase` or the like.
|
||||
Instead you want to either use `pkgs.libsForQt5.callPackage`, or `pkgs.qt6Packages.callPackage`, depending on the Qt version you want to use.
|
||||
|
||||
For example (from [here](https://github.com/NixOS/nixpkgs/blob/2f9286912cb215969ece465147badf6d07aa43fe/pkgs/top-level/all-packages.nix#L30106))
|
||||
|
||||
```nix
|
||||
zeal-qt5 = libsForQt5.callPackage ../data/documentation/zeal { };
|
||||
zeal-qt6 = qt6Packages.callPackage ../data/documentation/zeal { };
|
||||
zeal = zeal-qt5;
|
||||
```
|
||||
|
||||
## Locating runtime dependencies {#qt-runtime-dependencies}
|
||||
|
||||
Qt applications must be wrapped to find runtime dependencies.
|
||||
|
|
|
@ -44,21 +44,22 @@ rustPlatform.buildRustPackage rec {
|
|||
}
|
||||
```
|
||||
|
||||
`buildRustPackage` requires either the `cargoSha256` or the
|
||||
`cargoHash` attribute which is computed over all crate sources of this
|
||||
package. `cargoHash256` is used for traditional Nix SHA-256 hashes,
|
||||
such as the one in the example above. `cargoHash` should instead be
|
||||
used for [SRI](https://www.w3.org/TR/SRI/) hashes. For example:
|
||||
|
||||
Exception: If the application has cargo `git` dependencies, the `cargoHash`/`cargoSha256`
|
||||
approach will not work, and you will need to copy the `Cargo.lock` file of the application
|
||||
to nixpkgs and continue with the next section for specifying the options of the`cargoLock`
|
||||
section.
|
||||
`buildRustPackage` requires either the `cargoHash` or the `cargoSha256`
|
||||
attribute which is computed over all crate sources of this package.
|
||||
`cargoSha256` is used for traditional Nix SHA-256 hashes. `cargoHash` should
|
||||
instead be used for [SRI](https://www.w3.org/TR/SRI/) hashes and should be
|
||||
preferred. For example:
|
||||
|
||||
```nix
|
||||
cargoHash = "sha256-l1vL2ZdtDRxSGvP0X/l3nMw8+6WF67KPutJEzUROjg8=";
|
||||
```
|
||||
|
||||
Exception: If the application has cargo `git` dependencies, the `cargoHash`/`cargoSha256`
|
||||
approach will not work, and you will need to copy the `Cargo.lock` file of the application
|
||||
to nixpkgs and continue with the next section for specifying the options of the `cargoLock`
|
||||
section.
|
||||
|
||||
|
||||
Both types of hashes are permitted when contributing to nixpkgs. The
|
||||
Cargo hash is obtained by inserting a fake checksum into the
|
||||
expression and building the package once. The correct checksum can
|
||||
|
@ -700,7 +701,7 @@ with import <nixpkgs> {};
|
|||
hello = attrs: lib.optionalAttrs (lib.versionAtLeast attrs.version "1.0") {
|
||||
postPatch = ''
|
||||
substituteInPlace lib/zoneinfo.rs \
|
||||
--replace "/usr/share/zoneinfo" "${tzdata}/share/zoneinfo"
|
||||
--replace-fail "/usr/share/zoneinfo" "${tzdata}/share/zoneinfo"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -12,20 +12,6 @@ Both functions have an argument `kernelPatches` which should be a list of `{name
|
|||
|
||||
The kernel derivation created with `pkgs.buildLinux` exports an attribute `features` specifying whether optional functionality is or isn’t enabled. This is used in NixOS to implement kernel-specific behaviour.
|
||||
|
||||
:::{.example #ex-skip-package-from-kernel-feature}
|
||||
|
||||
# Skipping an external package because of a kernel feature
|
||||
|
||||
For instance, if the kernel has the `iwlwifi` feature (i.e., has built-in support for Intel wireless chipsets), then NixOS doesn’t have to build the external `iwlwifi` package:
|
||||
|
||||
```nix
|
||||
modulesTree = [kernel]
|
||||
++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
|
||||
++ ...;
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
If you are using a kernel packaged in Nixpkgs, you can customize it by overriding its arguments. For details on how each argument affects the generated kernel, refer to [the `pkgs.buildLinux` source code](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/generic.nix).
|
||||
|
||||
:::{.example #ex-overriding-kernel-derivation}
|
||||
|
|
|
@ -27,18 +27,18 @@ With these expressions the Nix package manager can build binary packages.
|
|||
Packages, including the Nix packages collection, are distributed through
|
||||
[channels](https://nixos.org/nix/manual/#sec-channels). The collection is
|
||||
distributed for users of Nix on non-NixOS distributions through the channel
|
||||
`nixpkgs`. Users of NixOS generally use one of the `nixos-*` channels, e.g.
|
||||
`nixos-22.11`, which includes all packages and modules for the stable NixOS
|
||||
`nixpkgs-unstable`. Users of NixOS generally use one of the `nixos-*` channels,
|
||||
e.g. `nixos-22.11`, which includes all packages and modules for the stable NixOS
|
||||
22.11. Stable NixOS releases are generally only given
|
||||
security updates. More up to date packages and modules are available via the
|
||||
`nixos-unstable` channel.
|
||||
|
||||
Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs
|
||||
repository, although both do lag the `master` branch by generally
|
||||
Both `nixos-unstable` and `nixpkgs-unstable` follow the `master` branch of the
|
||||
nixpkgs repository, although both do lag the `master` branch by generally
|
||||
[a couple of days](https://status.nixos.org/). Updates to a channel are
|
||||
distributed as soon as all tests for that channel pass, e.g.
|
||||
[this table](https://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents)
|
||||
shows the status of tests for the `nixpkgs` channel.
|
||||
shows the status of tests for the `nixpkgs-unstable` channel.
|
||||
|
||||
The tests are conducted by a cluster called [Hydra](https://nixos.org/hydra/),
|
||||
which also builds binary packages from the Nix expressions in Nixpkgs for
|
||||
|
@ -46,5 +46,5 @@ which also builds binary packages from the Nix expressions in Nixpkgs for
|
|||
The binaries are made available via a [binary cache](https://cache.nixos.org).
|
||||
|
||||
The current Nix expressions of the channels are available in the
|
||||
[`nixpkgs`](https://github.com/NixOS/nixpkgs) repository in branches
|
||||
[nixpkgs repository](https://github.com/NixOS/nixpkgs) in branches
|
||||
that correspond to the channel names (e.g. `nixos-22.11-small`).
|
||||
|
|
|
@ -54,7 +54,7 @@ Some common issues when packaging software for Darwin:
|
|||
# ...
|
||||
prePatch = ''
|
||||
substituteInPlace Makefile \
|
||||
--replace '/usr/bin/xcrun clang' clang
|
||||
--replace-fail '/usr/bin/xcrun clang' clang
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
|
|
@ -230,9 +230,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
postInstall = ''
|
||||
substituteInPlace $out/bin/solo5-virtio-mkimage \
|
||||
--replace "/usr/lib/syslinux" "${syslinux}/share/syslinux" \
|
||||
--replace "/usr/share/syslinux" "${syslinux}/share/syslinux" \
|
||||
--replace "cp " "cp --no-preserve=mode "
|
||||
--replace-fail "/usr/lib/syslinux" "${syslinux}/share/syslinux" \
|
||||
--replace-fail "/usr/share/syslinux" "${syslinux}/share/syslinux" \
|
||||
--replace-fail "cp " "cp --no-preserve=mode "
|
||||
|
||||
wrapProgram $out/bin/solo5-virtio-mkimage \
|
||||
--prefix PATH : ${lib.makeBinPath [ dosfstools mtools parted syslinux ]}
|
||||
|
@ -475,11 +475,11 @@ A script to be run by `maintainers/scripts/update.nix` when the package is match
|
|||
```nix
|
||||
passthru.updateScript = writeScript "update-zoom-us" ''
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl pcre common-updater-scripts
|
||||
#!nix-shell -i bash -p curl pcre2 common-updater-scripts
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcregrep -o1 '/(([0-9]\.?)+)/')"
|
||||
version="$(curl -sI https://zoom.us/client/latest/zoom_x86_64.tar.xz | grep -Fi 'Location:' | pcre2grep -o1 '/(([0-9]\.?)+)/')"
|
||||
update-source-version zoom-us "$version"
|
||||
'';
|
||||
```
|
||||
|
@ -1253,9 +1253,20 @@ postInstall = ''
|
|||
|
||||
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:
|
||||
|
||||
#### `--replace` \<s1\> \<s2\> {#fun-substitute-replace}
|
||||
#### `--replace-fail` \<s1\> \<s2\> {#fun-substitute-replace-fail}
|
||||
|
||||
Replace every occurrence of the string \<s1\> by \<s2\>.
|
||||
Will error if no change is made.
|
||||
|
||||
#### `--replace-warn` \<s1\> \<s2\> {#fun-substitute-replace-warn}
|
||||
|
||||
Replace every occurrence of the string \<s1\> by \<s2\>.
|
||||
Will print a warning if no change is made.
|
||||
|
||||
#### `--replace-quiet` \<s1\> \<s2\> {#fun-substitute-replace-quiet}
|
||||
|
||||
Replace every occurrence of the string \<s1\> by \<s2\>.
|
||||
Will do nothing if no change can be made.
|
||||
|
||||
#### `--subst-var` \<varName\> {#fun-substitute-subst-var}
|
||||
|
||||
|
@ -1269,8 +1280,8 @@ Example:
|
|||
|
||||
```shell
|
||||
substitute ./foo.in ./foo.out \
|
||||
--replace /usr/bin/bar $bar/bin/bar \
|
||||
--replace "a string containing spaces" "some other text" \
|
||||
--replace-fail /usr/bin/bar $bar/bin/bar \
|
||||
--replace-fail "a string containing spaces" "some other text" \
|
||||
--subst-var someVar
|
||||
```
|
||||
|
||||
|
|
|
@ -116,7 +116,7 @@ let
|
|||
inherit (self.customisation) overrideDerivation makeOverridable
|
||||
callPackageWith callPackagesWith extendDerivation hydraJob
|
||||
makeScope makeScopeWithSplicing makeScopeWithSplicing';
|
||||
inherit (self.derivations) lazyDerivation;
|
||||
inherit (self.derivations) lazyDerivation optionalDrvAttr;
|
||||
inherit (self.meta) addMetaAttrs dontDistribute setName updateName
|
||||
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
|
||||
hiPrioSet getLicenseFromSpdxId getExe getExe';
|
||||
|
|
|
@ -98,4 +98,30 @@ in
|
|||
# `lazyDerivation` caller knew a shortcut, be taken from there.
|
||||
meta = args.meta or checked.meta;
|
||||
} // passthru;
|
||||
|
||||
/* Conditionally set a derivation attribute.
|
||||
|
||||
Because `mkDerivation` sets `__ignoreNulls = true`, a derivation
|
||||
attribute set to `null` will not impact the derivation output hash.
|
||||
Thus, this function passes through its `value` argument if the `cond`
|
||||
is `true`, but returns `null` if not.
|
||||
|
||||
Type: optionalDrvAttr :: Bool -> a -> a | Null
|
||||
|
||||
Example:
|
||||
(stdenv.mkDerivation {
|
||||
name = "foo";
|
||||
x = optionalDrvAttr true 1;
|
||||
y = optionalDrvAttr false 1;
|
||||
}).drvPath == (stdenv.mkDerivation {
|
||||
name = "foo";
|
||||
x = 1;
|
||||
}).drvPath
|
||||
=> true
|
||||
*/
|
||||
optionalDrvAttr =
|
||||
# Condition
|
||||
cond:
|
||||
# Attribute value
|
||||
value: if cond then value else null;
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ let
|
|||
isAttrs
|
||||
isPath
|
||||
isString
|
||||
nixVersion
|
||||
pathExists
|
||||
readDir
|
||||
split
|
||||
|
@ -17,6 +18,7 @@ let
|
|||
attrNames
|
||||
attrValues
|
||||
mapAttrs
|
||||
optionalAttrs
|
||||
zipAttrsWith
|
||||
;
|
||||
|
||||
|
@ -56,6 +58,7 @@ let
|
|||
substring
|
||||
stringLength
|
||||
hasSuffix
|
||||
versionAtLeast
|
||||
;
|
||||
|
||||
inherit (lib.trivial)
|
||||
|
@ -840,6 +843,10 @@ rec {
|
|||
# https://github.com/NixOS/nix/commit/55cefd41d63368d4286568e2956afd535cb44018
|
||||
_fetchGitSubmodulesMinver = "2.4";
|
||||
|
||||
# Support for `builtins.fetchGit` with `shallow = true` was introduced in 2.4
|
||||
# https://github.com/NixOS/nix/commit/d1165d8791f559352ff6aa7348e1293b2873db1c
|
||||
_fetchGitShallowMinver = "2.4";
|
||||
|
||||
# Mirrors the contents of a Nix store path relative to a local path as a file set.
|
||||
# Some notes:
|
||||
# - The store path is read at evaluation time.
|
||||
|
@ -894,7 +901,17 @@ rec {
|
|||
# However a simpler alternative still would be [a builtins.gitLsFiles](https://github.com/NixOS/nix/issues/2944).
|
||||
fetchResult = fetchGit ({
|
||||
url = path;
|
||||
} // extraFetchGitAttrs);
|
||||
}
|
||||
# In older Nix versions, repositories were always assumed to be deep clones, which made `fetchGit` fail for shallow clones
|
||||
# For newer versions this was fixed, but the `shallow` flag is required.
|
||||
# The only behavioral difference is that for shallow clones, `fetchGit` doesn't return a `revCount`,
|
||||
# which we don't need here, so it's fine to always pass it.
|
||||
|
||||
# Unfortunately this means older Nix versions get a poor error message for shallow repositories, and there's no good way to improve that.
|
||||
# Checking for `.git/shallow` doesn't seem worth it, especially since that's more of an implementation detail,
|
||||
# and would also require more code to handle worktrees where `.git` is a file.
|
||||
// optionalAttrs (versionAtLeast nixVersion _fetchGitShallowMinver) { shallow = true; }
|
||||
// extraFetchGitAttrs);
|
||||
in
|
||||
# We can identify local working directories by checking for .git,
|
||||
# see https://git-scm.com/docs/gitrepository-layout#_description.
|
||||
|
|
|
@ -1439,6 +1439,19 @@ if [[ -n "$fetchGitSupportsSubmodules" ]]; then
|
|||
fi
|
||||
rm -rf -- *
|
||||
|
||||
# shallow = true is not supported on all Nix versions
|
||||
# and older versions don't support shallow clones at all
|
||||
if [[ "$(nix-instantiate --eval --expr "$prefixExpression (versionAtLeast builtins.nixVersion _fetchGitShallowMinver)")" == true ]]; then
|
||||
createGitRepo full
|
||||
# Extra commit such that there's a commit that won't be in the shallow clone
|
||||
git -C full commit --allow-empty -q -m extra
|
||||
git clone -q --depth 1 "file://${PWD}/full" shallow
|
||||
cd shallow
|
||||
checkGitTracked
|
||||
cd ..
|
||||
rm -rf -- *
|
||||
fi
|
||||
|
||||
# Go through all stages of Git files
|
||||
# See https://www.git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository
|
||||
|
||||
|
|
|
@ -337,6 +337,11 @@ in mkLicense lset) ({
|
|||
fullName = "Creative Commons Attribution 1.0";
|
||||
};
|
||||
|
||||
cc-by-20 = {
|
||||
spdxId = "CC-BY-2.0";
|
||||
fullName = "Creative Commons Attribution 2.0";
|
||||
};
|
||||
|
||||
cc-by-30 = {
|
||||
spdxId = "CC-BY-3.0";
|
||||
fullName = "Creative Commons Attribution 3.0";
|
||||
|
|
|
@ -62,7 +62,8 @@ rec {
|
|||
|
||||
is32bit = { cpu = { bits = 32; }; };
|
||||
is64bit = { cpu = { bits = 64; }; };
|
||||
isILP32 = map (a: { abi = { abi = a; }; }) [ "n32" "ilp32" "x32" ];
|
||||
isILP32 = [ { cpu = { family = "wasm"; bits = 32; }; } ] ++
|
||||
map (a: { abi = { abi = a; }; }) [ "n32" "ilp32" "x32" ];
|
||||
isBigEndian = { cpu = { significantByte = significantBytes.bigEndian; }; };
|
||||
isLittleEndian = { cpu = { significantByte = significantBytes.littleEndian; }; };
|
||||
|
||||
|
|
|
@ -1902,7 +1902,7 @@ runTests {
|
|||
expected = true;
|
||||
};
|
||||
|
||||
# lazyDerivation
|
||||
# DERIVATIONS
|
||||
|
||||
testLazyDerivationIsLazyInDerivationForAttrNames = {
|
||||
expr = attrNames (lazyDerivation {
|
||||
|
@ -1955,6 +1955,24 @@ runTests {
|
|||
expected = derivation;
|
||||
};
|
||||
|
||||
testOptionalDrvAttr = let
|
||||
mkDerivation = args: derivation (args // {
|
||||
builder = "builder";
|
||||
system = "system";
|
||||
__ignoreNulls = true;
|
||||
});
|
||||
in {
|
||||
expr = (mkDerivation {
|
||||
name = "foo";
|
||||
x = optionalDrvAttr true 1;
|
||||
y = optionalDrvAttr false 1;
|
||||
}).drvPath;
|
||||
expected = (mkDerivation {
|
||||
name = "foo";
|
||||
x = 1;
|
||||
}).drvPath;
|
||||
};
|
||||
|
||||
testTypeDescriptionInt = {
|
||||
expr = (with types; int).description;
|
||||
expected = "signed integer";
|
||||
|
|
|
@ -101,6 +101,7 @@ checkConfigError 'It seems as if you.re trying to declare an option by placing i
|
|||
checkConfigError 'It seems as if you.re trying to declare an option by placing it into .config. rather than .options.' config.nest.wrong2 ./error-mkOption-in-config.nix
|
||||
checkConfigError 'The option .sub.wrong2. does not exist. Definition values:' config.sub ./error-mkOption-in-submodule-config.nix
|
||||
checkConfigError '.*This can happen if you e.g. declared your options in .types.submodule.' config.sub ./error-mkOption-in-submodule-config.nix
|
||||
checkConfigError '.*A definition for option .bad. is not of type .non-empty .list of .submodule...\.' config.bad ./error-nonEmptyListOf-submodule.nix
|
||||
|
||||
# types.pathInStore
|
||||
checkConfigOutput '".*/store/0lz9p8xhf89kb1c1kk6jxrzskaiygnlh-bash-5.2-p15.drv"' config.pathInStore.ok1 ./types.nix
|
||||
|
|
7
lib/tests/modules/error-nonEmptyListOf-submodule.nix
Normal file
7
lib/tests/modules/error-nonEmptyListOf-submodule.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
options.bad = lib.mkOption {
|
||||
type = lib.types.nonEmptyListOf (lib.types.submodule { });
|
||||
default = [ ];
|
||||
};
|
||||
}
|
|
@ -189,7 +189,7 @@ in {
|
|||
they take effect as soon as the oldest release reaches end of life. */
|
||||
oldestSupportedRelease =
|
||||
# Update on master only. Do not backport.
|
||||
2305;
|
||||
2311;
|
||||
|
||||
/* Whether a feature is supported in all supported releases (at the time of
|
||||
release branch-off, if applicable). See `oldestSupportedRelease`. */
|
||||
|
|
|
@ -557,6 +557,7 @@ rec {
|
|||
in list // {
|
||||
description = "non-empty ${optionDescriptionPhrase (class: class == "noun") list}";
|
||||
emptyValue = { }; # no .value attr, meaning unset
|
||||
substSubModules = m: nonEmptyListOf (elemType.substSubModules m);
|
||||
};
|
||||
|
||||
attrsOf = elemType: mkOptionType rec {
|
||||
|
|
|
@ -60,6 +60,18 @@
|
|||
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
|
||||
*/
|
||||
{
|
||||
_0b11stan = {
|
||||
name = "Tristan Auvinet Pinaudeau";
|
||||
email = "tristan@tic.sh";
|
||||
github = "0b11stan";
|
||||
githubId = 27831931;
|
||||
};
|
||||
_0nyr = {
|
||||
email = "onyr.maintainer@gmail.com";
|
||||
github = "0nyr";
|
||||
githubId = 47721040;
|
||||
name = "Florian Rascoussier";
|
||||
};
|
||||
_0qq = {
|
||||
email = "0qqw0qqw@gmail.com";
|
||||
github = "0qq";
|
||||
|
@ -1288,6 +1300,7 @@
|
|||
a-n-n-a-l-e-e = {
|
||||
github = "a-n-n-a-l-e-e";
|
||||
githubId = 150648636;
|
||||
matrix = "@a-n-n-a-l-e-e:matrix.org";
|
||||
name = "annalee";
|
||||
};
|
||||
anoa = {
|
||||
|
@ -1407,6 +1420,20 @@
|
|||
fingerprint = "7083 E268 4BFD 845F 2B84 9E74 B695 8918 ED23 32CE";
|
||||
}];
|
||||
};
|
||||
applejag = {
|
||||
email = "applejag.luminance905@passmail.com";
|
||||
github = "applejag";
|
||||
githubId = 2477952;
|
||||
name = "Kalle Fagerberg";
|
||||
keys = [
|
||||
{
|
||||
fingerprint = "F68E 6DB3 79FB 1FF0 7C72 6479 9874 DEDD 3592 5ED0";
|
||||
}
|
||||
{
|
||||
fingerprint = "8DDB 3994 0A34 4FE5 4F3B 3E77 F161 001D EE78 1051";
|
||||
}
|
||||
];
|
||||
};
|
||||
applePrincess = {
|
||||
email = "appleprincess@appleprincess.io";
|
||||
github = "applePrincess";
|
||||
|
@ -1416,6 +1443,11 @@
|
|||
fingerprint = "BF8B F725 DA30 E53E 7F11 4ED8 AAA5 0652 F047 9205";
|
||||
}];
|
||||
};
|
||||
appsforartists = {
|
||||
github = "appsforartists";
|
||||
githubId = 926648;
|
||||
name = "Brenton Simpson";
|
||||
};
|
||||
apraga = {
|
||||
email = "alexis.praga@proton.me";
|
||||
github = "apraga";
|
||||
|
@ -1884,6 +1916,12 @@
|
|||
githubId = 1217745;
|
||||
name = "Aldwin Vlasblom";
|
||||
};
|
||||
averagebit = {
|
||||
email = "averagebit@pm.me";
|
||||
github = "averagebit";
|
||||
githubId = 97070581;
|
||||
name = "averagebit";
|
||||
};
|
||||
averelld = {
|
||||
email = "averell+nixos@rxd4.com";
|
||||
github = "averelld";
|
||||
|
@ -2552,6 +2590,12 @@
|
|||
githubId = 52386117;
|
||||
name = "Blusk";
|
||||
};
|
||||
bmanuel = {
|
||||
name = "Benjamin Manuel";
|
||||
email = "ben@benmanuel.com";
|
||||
github = "bmanuel";
|
||||
githubId = 3662307;
|
||||
};
|
||||
bmilanov = {
|
||||
name = "Biser Milanov";
|
||||
email = "bmilanov11+nixpkgs@gmail.com";
|
||||
|
@ -2769,6 +2813,12 @@
|
|||
githubId = 40476330;
|
||||
name = "brokenpip3";
|
||||
};
|
||||
brpaz = {
|
||||
email = "oss@brunopaz.dev";
|
||||
github = "brpaz";
|
||||
githubId = 184563;
|
||||
name = "Bruno Paz";
|
||||
};
|
||||
bryanasdev000 = {
|
||||
email = "bryanasdev000@gmail.com";
|
||||
matrix = "@bryanasdev000:matrix.org";
|
||||
|
@ -2867,12 +2917,6 @@
|
|||
githubId = 382011;
|
||||
name = "c4605";
|
||||
};
|
||||
caadar = {
|
||||
email = "v88m@posteo.net";
|
||||
github = "caadar";
|
||||
githubId = 15320726;
|
||||
name = "Car Cdr";
|
||||
};
|
||||
caarlos0 = {
|
||||
name = "Carlos A Becker";
|
||||
email = "carlos@becker.software";
|
||||
|
@ -3015,6 +3059,12 @@
|
|||
fingerprint = "8BC7 74E4 A2EC 7507 3B61 A647 0BBB 1C8B 1C36 39EE";
|
||||
}];
|
||||
};
|
||||
carloscraveiro = {
|
||||
email = "carlos.craveiro@usp.br";
|
||||
github = "CarlosCraveiro";
|
||||
githubId = 85318248;
|
||||
name = "Carlos Henrique Craveiro Aquino Veras";
|
||||
};
|
||||
carlosdagos = {
|
||||
email = "m@cdagostino.io";
|
||||
github = "carlosdagos";
|
||||
|
@ -3227,6 +3277,9 @@
|
|||
github = "LostAttractor";
|
||||
githubId = 46527539;
|
||||
name = "ChaosAttractor";
|
||||
keys = [{
|
||||
fingerprint = "A137 4415 DB7C 6439 10EA 5BF1 0FEE 4E47 5940 E125";
|
||||
}];
|
||||
};
|
||||
charlesbaynham = {
|
||||
email = "charlesbaynham@gmail.com";
|
||||
|
@ -3306,6 +3359,13 @@
|
|||
githubId = 4526429;
|
||||
name = "Philipp Dargel";
|
||||
};
|
||||
chito = {
|
||||
email = "iamchito@protonmail.com";
|
||||
github = "chitochi";
|
||||
githubId = 153365419;
|
||||
matrix = "@chito:nichijou.dev";
|
||||
name = "Chito";
|
||||
};
|
||||
chivay = {
|
||||
email = "hubert.jasudowicz@gmail.com";
|
||||
github = "chivay";
|
||||
|
@ -3405,8 +3465,7 @@
|
|||
};
|
||||
chuangzhu = {
|
||||
name = "Chuang Zhu";
|
||||
email = "chuang@melty.land";
|
||||
matrix = "@chuangzhu:matrix.org";
|
||||
email = "nixos@chuang.cz";
|
||||
github = "chuangzhu";
|
||||
githubId = 31200881;
|
||||
keys = [{
|
||||
|
@ -3530,6 +3589,12 @@
|
|||
githubId = 46303707;
|
||||
name = "Christian Lütke-Stetzkamp";
|
||||
};
|
||||
clr-cera = {
|
||||
email = "clrcera05@gmail.com";
|
||||
github = "clr-cera";
|
||||
githubId = 93736542;
|
||||
name = "Clr";
|
||||
};
|
||||
cmacrae = {
|
||||
email = "hi@cmacr.ae";
|
||||
github = "cmacrae";
|
||||
|
@ -4333,6 +4398,15 @@
|
|||
githubId = 3179832;
|
||||
name = "D. Bohdan";
|
||||
};
|
||||
dbrgn = {
|
||||
email = "nix@dbrgn.ch";
|
||||
github = "dbrgn";
|
||||
githubId = 105168;
|
||||
name = "Danilo B.";
|
||||
keys = [{
|
||||
fingerprint = "20EE 002D 778A E197 EF7D 0D2C B993 FF98 A90C 9AB1";
|
||||
}];
|
||||
};
|
||||
dbrock = {
|
||||
email = "daniel@brockman.se";
|
||||
github = "dbrock";
|
||||
|
@ -4669,12 +4743,28 @@
|
|||
githubId = 13730968;
|
||||
name = "Justin Restivo";
|
||||
};
|
||||
dietmarw = {
|
||||
name = "Dietmar Winkler";
|
||||
email = "dietmar.winkler@dwe.no";
|
||||
github = "dietmarw";
|
||||
githubId = 9332;
|
||||
};
|
||||
diffumist = {
|
||||
email = "git@diffumist.me";
|
||||
github = "Diffumist";
|
||||
githubId = 32810399;
|
||||
name = "Diffumist";
|
||||
};
|
||||
diogotcorreia = {
|
||||
name = "Diogo Correia";
|
||||
email = "me@diogotc.com";
|
||||
matrix = "@dtc:diogotc.com";
|
||||
github = "diogotcorreia";
|
||||
githubId = 7467891;
|
||||
keys = [{
|
||||
fingerprint = "111F 91B7 5F61 99D8 985B 4C70 12CF 31FD FF17 2B77";
|
||||
}];
|
||||
};
|
||||
diogox = {
|
||||
name = "Diogo Xavier";
|
||||
github = "diogox";
|
||||
|
@ -5212,6 +5302,13 @@
|
|||
github = "edlimerkaj";
|
||||
githubId = 71988351;
|
||||
};
|
||||
edmundmiller = {
|
||||
name = "Edmund Miller";
|
||||
email = "git@edmundmiller.dev";
|
||||
matrix = "@emiller:beeper.com";
|
||||
github = "edmundmiller";
|
||||
githubId = 20095261;
|
||||
};
|
||||
edrex = {
|
||||
email = "ericdrex@gmail.com";
|
||||
github = "edrex";
|
||||
|
@ -5222,6 +5319,12 @@
|
|||
matrix = "@edrex:matrix.org";
|
||||
name = "Eric Drechsel";
|
||||
};
|
||||
edswordsmith = {
|
||||
email = "eduardo.espadeiro@tecnico.ulisboa.pt";
|
||||
github = "EdSwordsmith";
|
||||
githubId = 22300113;
|
||||
name = "Eduardo Espadeiro";
|
||||
};
|
||||
eduarrrd = {
|
||||
email = "e.bachmakov@gmail.com";
|
||||
github = "eduarrrd";
|
||||
|
@ -5429,6 +5532,12 @@
|
|||
githubId = 428026;
|
||||
name = "embr";
|
||||
};
|
||||
emilioziniades = {
|
||||
email = "emilioziniades@protonmail.com";
|
||||
github = "emilioziniades";
|
||||
githubId = 75438244;
|
||||
name = "Emilio Ziniades";
|
||||
};
|
||||
emily = {
|
||||
email = "nixpkgs@emily.moe";
|
||||
github = "emilazy";
|
||||
|
@ -6767,6 +6876,12 @@
|
|||
githubId = 127353;
|
||||
name = "Geoffrey Huntley";
|
||||
};
|
||||
gigahawk = {
|
||||
email = "Jasper Chan";
|
||||
name = "jasperchan515@gmail.com";
|
||||
github = "Gigahawk";
|
||||
githubId = 10356230;
|
||||
};
|
||||
gigglesquid = {
|
||||
email = "jack.connors@protonmail.com";
|
||||
github = "gigglesquid";
|
||||
|
@ -6873,6 +6988,12 @@
|
|||
email = "nix@quidecco.pl";
|
||||
name = "Isidor Zeuner";
|
||||
};
|
||||
gmacon = {
|
||||
name = "George Macon";
|
||||
matrix = "@gmacon:matrix.org";
|
||||
github = "gmacon";
|
||||
githubId = 238853;
|
||||
};
|
||||
gmemstr = {
|
||||
email = "git@gmem.ca";
|
||||
github = "gmemstr";
|
||||
|
@ -7387,6 +7508,12 @@
|
|||
githubId = 1401179;
|
||||
name = "Guanpeng Xu";
|
||||
};
|
||||
herbetom = {
|
||||
email = "nixos@tomherbers.de";
|
||||
github = "herbetom";
|
||||
githubId = 15121114;
|
||||
name = "Tom Herbers";
|
||||
};
|
||||
hexa = {
|
||||
email = "hexa@darmstadt.ccc.de";
|
||||
matrix = "@hexa:lossy.network";
|
||||
|
@ -9995,6 +10122,12 @@
|
|||
githubId = 264372;
|
||||
name = "Jan van den Berg";
|
||||
};
|
||||
koppor = {
|
||||
email = "kopp.dev@gmail.com";
|
||||
github = "koppor";
|
||||
githubId = 1366654;
|
||||
name = "Oliver Kopp";
|
||||
};
|
||||
koral = {
|
||||
email = "koral@mailoo.org";
|
||||
github = "k0ral";
|
||||
|
@ -10085,6 +10218,13 @@
|
|||
githubId = 22116767;
|
||||
name = "Kritnich";
|
||||
};
|
||||
krloer = {
|
||||
email = "kriloneri@gmail.com";
|
||||
github = "krloer";
|
||||
githubId = 45591621;
|
||||
name = "Kristoffer Longva Eriksen";
|
||||
matrix = "@krisleri:pvv.ntnu.no";
|
||||
};
|
||||
kroell = {
|
||||
email = "nixosmainter@makroell.de";
|
||||
github = "rokk4";
|
||||
|
@ -10295,6 +10435,12 @@
|
|||
githubId = 21087104;
|
||||
name = "Laurent Fainsin";
|
||||
};
|
||||
lavafroth = {
|
||||
email = "lavafroth@protonmail.com";
|
||||
github = "lavafroth";
|
||||
githubId = 107522312;
|
||||
name = "Himadri Bhattacharjee";
|
||||
};
|
||||
layus = {
|
||||
email = "layus.on@gmail.com";
|
||||
github = "layus";
|
||||
|
@ -10421,6 +10567,14 @@
|
|||
githubId = 31388299;
|
||||
name = "Leonardo Eugênio";
|
||||
};
|
||||
leo248 = {
|
||||
github ="leo248";
|
||||
githubId = 95365184;
|
||||
keys = [{
|
||||
fingerprint = "81E3 418D C1A2 9687 2C4D 96DC BB1A 818F F295 26D2";
|
||||
}];
|
||||
name = "leo248";
|
||||
};
|
||||
leo60228 = {
|
||||
email = "leo@60228.dev";
|
||||
matrix = "@leo60228:matrix.org";
|
||||
|
@ -10519,6 +10673,15 @@
|
|||
githubId = 1769386;
|
||||
name = "Liam Diprose";
|
||||
};
|
||||
liassica = {
|
||||
email = "git-commit.jingle869@aleeas.com";
|
||||
github = "Liassica";
|
||||
githubId = 115422798;
|
||||
name = "Liassica";
|
||||
keys = [{
|
||||
fingerprint = "83BE 3033 6164 B971 FA82 7036 0D34 0E59 4980 7BDD";
|
||||
}];
|
||||
};
|
||||
liberatys = {
|
||||
email = "liberatys@hey.com";
|
||||
name = "Nick Anthony Flueckiger";
|
||||
|
@ -11152,6 +11315,15 @@
|
|||
githubId = 42545625;
|
||||
name = "Maas Lalani";
|
||||
};
|
||||
mabster314 = {
|
||||
name = "Max Haland";
|
||||
email = "max@haland.org";
|
||||
github = "mabster314";
|
||||
githubId = 5741741;
|
||||
keys = [{
|
||||
fingerprint = "71EF 8F1F 0C24 8B4D 5CDC 1B47 74B3 D790 77EE 37A8";
|
||||
}];
|
||||
};
|
||||
macalinao = {
|
||||
email = "me@ianm.com";
|
||||
name = "Ian Macalinao";
|
||||
|
@ -11295,6 +11467,12 @@
|
|||
githubId = 346094;
|
||||
name = "Michael Alyn Miller";
|
||||
};
|
||||
mandos = {
|
||||
email = "marek.maksimczyk@mandos.net.pl";
|
||||
github = "mandos";
|
||||
githubId = 115060;
|
||||
name = "Marek Maksimczyk";
|
||||
};
|
||||
mangoiv = {
|
||||
email = "contact@mangoiv.com";
|
||||
github = "mangoiv";
|
||||
|
@ -11333,6 +11511,12 @@
|
|||
githubId = 1651325;
|
||||
name = "maralorn";
|
||||
};
|
||||
marble = {
|
||||
email = "nixpkgs@computer-in.love";
|
||||
github = "cyber-murmel";
|
||||
githubId = 30078229;
|
||||
name = "marble";
|
||||
};
|
||||
marcovergueira = {
|
||||
email = "vergueira.marco@gmail.com";
|
||||
github = "marcovergueira";
|
||||
|
@ -11613,6 +11797,12 @@
|
|||
githubId = 279868;
|
||||
name = "Matti Kariluoma";
|
||||
};
|
||||
mattpolzin = {
|
||||
email = "matt.polzin@gmail.com";
|
||||
github = "mattpolzin";
|
||||
githubId = 2075353;
|
||||
name = "Matt Polzin";
|
||||
};
|
||||
matt-snider = {
|
||||
email = "matt.snider@protonmail.com";
|
||||
github = "matt-snider";
|
||||
|
@ -11879,6 +12069,12 @@
|
|||
githubId = 4641445;
|
||||
name = "Carlo Nucera";
|
||||
};
|
||||
medv = {
|
||||
email = "mikhail.advent@gmail.com";
|
||||
github = "medv";
|
||||
githubId = 1631737;
|
||||
name = "Mikhail Medvedev";
|
||||
};
|
||||
megheaiulian = {
|
||||
email = "iulian.meghea@gmail.com";
|
||||
github = "megheaiulian";
|
||||
|
@ -12045,6 +12241,12 @@
|
|||
github = "michaelBelsanti";
|
||||
githubId = 62124625;
|
||||
};
|
||||
michaelBrunner = {
|
||||
email = "michael.brunn3r@gmail.com";
|
||||
name = "Michael Brunner";
|
||||
github = "MichaelBrunn3r";
|
||||
githubId = 19626539;
|
||||
};
|
||||
michaelCTS = {
|
||||
email = "michael.vogel@cts.co";
|
||||
name = "Michael Vogel";
|
||||
|
@ -12235,6 +12437,12 @@
|
|||
githubId = 92937;
|
||||
name = "Breland Miley";
|
||||
};
|
||||
minersebas = {
|
||||
email = "scherthan_sebastian@web.de";
|
||||
github = "MinerSebas";
|
||||
githubId = 66798382;
|
||||
name = "Sebastian Maximilian Scherthan";
|
||||
};
|
||||
minijackson = {
|
||||
email = "minijackson@riseup.net";
|
||||
github = "minijackson";
|
||||
|
@ -12319,6 +12527,12 @@
|
|||
fingerprint = "7088 C742 1873 E0DB 97FF 17C2 245C AB70 B4C2 25E9";
|
||||
}];
|
||||
};
|
||||
mistydemeo = {
|
||||
email = "misty@axo.dev";
|
||||
github = "mistydemeo";
|
||||
githubId = 780485;
|
||||
name = "Misty De Méo";
|
||||
};
|
||||
misuzu = {
|
||||
email = "bakalolka@gmail.com";
|
||||
github = "misuzu";
|
||||
|
@ -12956,6 +13170,12 @@
|
|||
githubId = 1222539;
|
||||
name = "Roman Naumann";
|
||||
};
|
||||
nanotwerp = {
|
||||
email = "nanotwerp@gmail.com";
|
||||
github = "nanotwerp";
|
||||
githubId = 17240342;
|
||||
name = "Nano Twerpus";
|
||||
};
|
||||
naphta = {
|
||||
github = "naphta";
|
||||
githubId = 6709831;
|
||||
|
@ -14275,6 +14495,12 @@
|
|||
githubId = 15645854;
|
||||
name = "Brad Christensen";
|
||||
};
|
||||
patwid = {
|
||||
email = "patrick.widmer@tbwnet.ch";
|
||||
github = "patwid";
|
||||
githubId = 25278658;
|
||||
name = "Patrick Widmer";
|
||||
};
|
||||
paulsmith = {
|
||||
email = "paulsmith@pobox.com";
|
||||
github = "paulsmith";
|
||||
|
@ -14351,6 +14577,12 @@
|
|||
github = "pbsds";
|
||||
githubId = 140964;
|
||||
};
|
||||
pca006132 = {
|
||||
name = "pca006132";
|
||||
email = "john.lck40@gmail.com";
|
||||
github = "pca006132";
|
||||
githubId = 12198657;
|
||||
};
|
||||
pcarrier = {
|
||||
email = "pc@rrier.ca";
|
||||
github = "pcarrier";
|
||||
|
@ -14534,6 +14766,12 @@
|
|||
githubId = 5737016;
|
||||
name = "Philipp Schuster";
|
||||
};
|
||||
phlip9 = {
|
||||
email = "philiphayes9@gmail.com";
|
||||
github = "phlip9";
|
||||
githubId = 918989;
|
||||
name = "Philip Hayes";
|
||||
};
|
||||
Phlogistique = {
|
||||
email = "noe.rubinstein@gmail.com";
|
||||
github = "Phlogistique";
|
||||
|
@ -14962,6 +15200,16 @@
|
|||
githubId = 11898437;
|
||||
name = "Florian Ströger";
|
||||
};
|
||||
presto8 = {
|
||||
name = "Preston Hunt";
|
||||
email = "me@prestonhunt.com";
|
||||
matrix = "@presto8:matrix.org";
|
||||
github = "presto8";
|
||||
githubId = 246631;
|
||||
keys = [{
|
||||
fingerprint = "3E46 7EF1 54AA A1D0 C7DF A694 E45C B17F 1940 CA52";
|
||||
}];
|
||||
};
|
||||
priegger = {
|
||||
email = "philipp@riegger.name";
|
||||
github = "priegger";
|
||||
|
@ -15264,7 +15512,7 @@
|
|||
name = "Jonathan Wright";
|
||||
};
|
||||
quantenzitrone = {
|
||||
email = "quantenzitrone@protonmail.com";
|
||||
email = "nix@dev.quantenzitrone.eu";
|
||||
github = "quantenzitrone";
|
||||
githubId = 74491719;
|
||||
matrix = "@quantenzitrone:matrix.org";
|
||||
|
@ -15462,6 +15710,16 @@
|
|||
githubId = 1891350;
|
||||
name = "Michael Raskin";
|
||||
};
|
||||
ratcornu = {
|
||||
email = "ratcornu@skaven.org";
|
||||
github = "RatCornu";
|
||||
githubId = 98173832;
|
||||
name = "Balthazar Patiachvili";
|
||||
matrix = "@ratcornu:skweel.skaven.org";
|
||||
keys = [{
|
||||
fingerprint = "1B91 F087 3D06 1319 D3D0 7F91 FA47 BDA2 6048 9ADA";
|
||||
}];
|
||||
};
|
||||
ratsclub = {
|
||||
email = "victor@freire.dev.br";
|
||||
github = "ratsclub";
|
||||
|
@ -15687,6 +15945,11 @@
|
|||
githubId = 811827;
|
||||
name = "Gabriel Lievano";
|
||||
};
|
||||
rgri = {
|
||||
name = "shortcut";
|
||||
github = "rgri";
|
||||
githubId = 45253749;
|
||||
};
|
||||
rgrinberg = {
|
||||
name = "Rudi Grinberg";
|
||||
email = "me@rgrinberg.com";
|
||||
|
@ -15950,7 +16213,7 @@
|
|||
name = "Robert Walter";
|
||||
};
|
||||
roconnor = {
|
||||
email = "roconnor@theorem.ca";
|
||||
email = "roconnor@r6.ca";
|
||||
github = "roconnor";
|
||||
githubId = 852967;
|
||||
name = "Russell O'Connor";
|
||||
|
@ -16620,12 +16883,6 @@
|
|||
fingerprint = "E173 237A C782 296D 98F5 ADAC E13D FD4B 4712 7951";
|
||||
}];
|
||||
};
|
||||
scubed2 = {
|
||||
email = "scubed2@gmail.com";
|
||||
github = "scubed2";
|
||||
githubId = 7401858;
|
||||
name = "Sterling Stein";
|
||||
};
|
||||
sdier = {
|
||||
email = "scott@dier.name";
|
||||
matrix = "@sdier:matrix.org";
|
||||
|
@ -17230,6 +17487,17 @@
|
|||
githubId = 3789764;
|
||||
name = "skykanin";
|
||||
};
|
||||
skyrina = {
|
||||
email = "sorryu02@gmail.com";
|
||||
github = "skyrina";
|
||||
githubId = 116099351;
|
||||
name = "Skylar";
|
||||
};
|
||||
slam-bert = {
|
||||
github = "slam-bert";
|
||||
githubId = 106779009;
|
||||
name = "Slambert";
|
||||
};
|
||||
slbtty = {
|
||||
email = "shenlebantongying@gmail.com";
|
||||
github = "shenlebantongying";
|
||||
|
@ -18412,6 +18680,15 @@
|
|||
fingerprint = "D2A2 F0A1 E7A8 5E6F B711 DEE5 63A4 4817 A52E AB7B";
|
||||
}];
|
||||
};
|
||||
theaninova = {
|
||||
name = "Thea Schöbl";
|
||||
email = "dev@theaninova.de";
|
||||
github = "Theaninova";
|
||||
githubId = 19289296;
|
||||
keys = [{
|
||||
fingerprint = "6C9E EFC5 1AE0 0131 78DE B9C8 68FF FB1E C187 88CA";
|
||||
}];
|
||||
};
|
||||
the-argus = {
|
||||
email = "i.mcfarlane2002@gmail.com";
|
||||
github = "the-argus";
|
||||
|
@ -19211,6 +19488,11 @@
|
|||
githubId = 1607770;
|
||||
name = "Ulrik Strid";
|
||||
};
|
||||
umlx5h = {
|
||||
github = "umlx5h";
|
||||
githubId = 20206121;
|
||||
name = "umlx5h";
|
||||
};
|
||||
unclamped = {
|
||||
name = "Maru";
|
||||
email = "clear6860@tutanota.com";
|
||||
|
@ -20248,6 +20530,22 @@
|
|||
githubId = 13489144;
|
||||
name = "Calle Rosenquist";
|
||||
};
|
||||
xbz = {
|
||||
email = "renatochavez7@gmail.com";
|
||||
github = "Xbz-24";
|
||||
githubId = 68678258;
|
||||
name = "Renato German Chavez Chicoma";
|
||||
};
|
||||
xddxdd = {
|
||||
email = "b980120@hotmail.com";
|
||||
github = "xddxdd";
|
||||
githubId = 5778879;
|
||||
keys = [
|
||||
{ fingerprint = "2306 7C13 B6AE BDD7 C0BB 5673 27F3 1700 E751 EC22"; }
|
||||
{ fingerprint = "B195 E8FB 873E 6020 DCD1 C0C6 B50E C319 385F CB0D"; }
|
||||
];
|
||||
name = "Yuhui Xu";
|
||||
};
|
||||
xdhampus = {
|
||||
name = "Hampus";
|
||||
github = "xdHampus";
|
||||
|
@ -20268,7 +20566,6 @@
|
|||
};
|
||||
xfix = {
|
||||
email = "kamila@borowska.pw";
|
||||
matrix = "@xfix:matrix.org";
|
||||
github = "KamilaBorowska";
|
||||
githubId = 1297598;
|
||||
name = "Kamila Borowska";
|
||||
|
@ -20442,6 +20739,13 @@
|
|||
githubId = 11229748;
|
||||
name = "Lin Yinfeng";
|
||||
};
|
||||
yisraeldov = {
|
||||
email = "lebow@lebowtech.com";
|
||||
name = "Yisrael Dov Lebow";
|
||||
github = "yisraeldov";
|
||||
githubId = 138219;
|
||||
matrix = "@yisraeldov:matrix.org";
|
||||
};
|
||||
yisuidenghua = {
|
||||
email = "bileiner@gmail.com";
|
||||
name = "Milena Yisui";
|
||||
|
@ -20881,6 +21185,12 @@
|
|||
githubId = 81353;
|
||||
name = "Alexandre Macabies";
|
||||
};
|
||||
zoriya = {
|
||||
email = "zoe.roux@zoriya.dev";
|
||||
github = "zoriya";
|
||||
githubId = 32224410;
|
||||
name = "Zoe Roux";
|
||||
};
|
||||
zowoq = {
|
||||
github = "zowoq";
|
||||
githubId = 59103226;
|
||||
|
|
85
maintainers/scripts/bootstrap-files/README.md
Normal file
85
maintainers/scripts/bootstrap-files/README.md
Normal file
|
@ -0,0 +1,85 @@
|
|||
# Bootstrap files
|
||||
|
||||
Currently `nixpkgs` builds most of it's packages using bootstrap seed
|
||||
binaries (without the reliance on external inputs):
|
||||
|
||||
- `bootstrap-tools`: an archive with the compiler toolchain and other
|
||||
helper tools enough to build the rest of the `nixpkgs`.
|
||||
- initial binaries needed to unpack `bootstrap-tools.*`. On `linux`
|
||||
it's just `busybox`, on `darwin` it's `sh`, `bzip2`, `mkdir` and
|
||||
`cpio`. These binaries can be executed directly from the store.
|
||||
|
||||
These are called "bootstrap files".
|
||||
|
||||
Bootstrap files should always be fetched from hydra and uploaded to
|
||||
`tarballs.nixos.org` to guarantee that all the binaries were built from
|
||||
the code committed into `nixpkgs` repository.
|
||||
|
||||
The uploads to `tarballs.nixos.org` are done by `@lovesegfault` today.
|
||||
|
||||
This document describes the procedure of updating bootstrap files in
|
||||
`nixpkgs`.
|
||||
|
||||
## How to request the bootstrap seed update
|
||||
|
||||
To get the tarballs updated let's use an example `i686-unknown-linux-gnu`
|
||||
target:
|
||||
|
||||
1. Create a local update:
|
||||
|
||||
```
|
||||
$ maintainers/scripts/bootstrap-files/refresh-tarballs.bash --commit --targets=i686-unknown-linux-gnu
|
||||
```
|
||||
|
||||
2. Test the update locally. I'll build local `hello` derivation with
|
||||
the result:
|
||||
|
||||
```
|
||||
$ nix-build -A hello --argstr system i686-linux
|
||||
```
|
||||
|
||||
To validate cross-targets `binfmt` `NixOS` helper can be useful.
|
||||
For `riscv64-unknown-linux-gnu` the `/etc/nixox/configuraqtion.nix`
|
||||
entry would be `boot.binfmt.emulatedSystems = [ "riscv64-linux" ]`.
|
||||
|
||||
3. Propose the commit as a PR to update bootstrap tarballs, tag people
|
||||
who can help you test the updated architecture and once reviewed tag
|
||||
`@lovesegfault` to upload the tarballs.
|
||||
|
||||
## Bootstrap files job definitions
|
||||
|
||||
There are two types of bootstrap files:
|
||||
|
||||
- natively built `stdenvBootstrapTools.build` hydra jobs in
|
||||
[`nixpkgs:trunk`](https://hydra.nixos.org/jobset/nixpkgs/trunk#tabs-jobs)
|
||||
jobset. Incomplete list of examples is:
|
||||
|
||||
* `aarch64-unknown-linux-musl.nix`
|
||||
* `i686-unknown-linux-gnu.nix`
|
||||
|
||||
These are Tier 1 hydra platforms.
|
||||
|
||||
- cross-built by `bootstrapTools.build` hydra jobs in
|
||||
[`nixpkgs:cross-trunk`](https://hydra.nixos.org/jobset/nixpkgs/cross-trunk#tabs-jobs)
|
||||
jobset. Incomplete list of examples is:
|
||||
|
||||
* `mips64el-unknown-linux-gnuabi64.nix`
|
||||
* `mips64el-unknown-linux-gnuabin32.nix`
|
||||
* `mipsel-unknown-linux-gnu.nix`
|
||||
* `powerpc64le-unknown-linux-gnu.nix`
|
||||
* `riscv64-unknown-linux-gnu.nix`
|
||||
|
||||
These are usually Tier 2 and lower targets.
|
||||
|
||||
The `.build` job contains `/on-server/` subdirectory with binaries to
|
||||
be uploaded to `tarballs.nixos.org`.
|
||||
The files are uploaded to `tarballs.nixos.org` by writers to `S3` store.
|
||||
|
||||
## TODOs
|
||||
|
||||
- `pkgs/stdenv/darwin` file layout is slightly different from
|
||||
`pkgs/stdenv/linux`. Once `linux` seed update becomes a routine we can
|
||||
bring `darwin` in sync if it's feasible.
|
||||
- `darwin` definition of `.build` `on-server/` directory layout differs
|
||||
and should be updated.
|
||||
|
282
maintainers/scripts/bootstrap-files/refresh-tarballs.bash
Executable file
282
maintainers/scripts/bootstrap-files/refresh-tarballs.bash
Executable file
|
@ -0,0 +1,282 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell --pure
|
||||
#! nix-shell -i bash
|
||||
#! nix-shell -p curl cacert
|
||||
#! nix-shell -p git
|
||||
#! nix-shell -p nix
|
||||
#! nix-shell -p jq
|
||||
|
||||
# How the refresher works:
|
||||
#
|
||||
# For a given list of <targets>:
|
||||
# 1. fetch latest successful '.build` job
|
||||
# 2. fetch oldest evaluation that contained that '.build', extract nixpkgs commit
|
||||
# 3. fetch all the `.build` artifacts from '$out/on-server/' directory
|
||||
# 4. calculate hashes and craft the commit message with the details on
|
||||
# how to upload the result to 'tarballs.nixos.org'
|
||||
|
||||
usage() {
|
||||
cat >&2 <<EOF
|
||||
Usage:
|
||||
$0 [ --commit ] --targets=<target>[,<target>,...]
|
||||
|
||||
The tool must be ran from the root directory of 'nixpkgs' repository.
|
||||
|
||||
Synopsis:
|
||||
'refresh-tarballs.bash' script fetches latest bootstrapFiles built
|
||||
by hydra, registers them in 'nixpkgs' and provides commands to
|
||||
upload seed files to 'tarballs.nixos.org'.
|
||||
|
||||
This is usually done in the following cases:
|
||||
|
||||
1. Single target fix: current bootstrap files for a single target
|
||||
are problematic for some reason (target-specific bug). In this
|
||||
case we can refresh just that target as:
|
||||
|
||||
\$ $0 --commit --targets=i686-unknown-linux-gnu
|
||||
|
||||
2. Routine refresh: all bootstrap files should be refreshed to avoid
|
||||
debugging problems that only occur on very old binaries.
|
||||
|
||||
\$ $0 --commit --all-targets
|
||||
|
||||
To get help on uploading refreshed binaries to 'tarballs.nixos.org'
|
||||
please have a look at <maintainers/scripts/bootstrap-files/README.md>.
|
||||
EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
# log helpers
|
||||
|
||||
die() {
|
||||
echo "ERROR: $*" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
info() {
|
||||
echo "INFO: $*" >&2
|
||||
}
|
||||
|
||||
[[ ${#@} -eq 0 ]] && usage
|
||||
|
||||
# known targets
|
||||
|
||||
NATIVE_TARGETS=(
|
||||
aarch64-unknown-linux-gnu
|
||||
aarch64-unknown-linux-musl
|
||||
i686-unknown-linux-gnu
|
||||
x86_64-unknown-linux-gnu
|
||||
x86_64-unknown-linux-musl
|
||||
|
||||
# TODO: add darwin here once a few prerequisites are satisfied:
|
||||
# - bootstrap-files are factored out into a separate file
|
||||
# - the build artifacts are factored out into an `on-server`
|
||||
# directory. Right onw if does not match `linux` layout.
|
||||
#
|
||||
#aarch64-apple-darwin
|
||||
#x86_64-apple-darwin
|
||||
)
|
||||
|
||||
is_native() {
|
||||
local t target=$1
|
||||
for t in "${NATIVE_TARGETS[@]}"; do
|
||||
[[ $t == $target ]] && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
CROSS_TARGETS=(
|
||||
armv5tel-unknown-linux-gnueabi
|
||||
armv6l-unknown-linux-gnueabihf
|
||||
armv6l-unknown-linux-musleabihf
|
||||
armv7l-unknown-linux-gnueabihf
|
||||
mips64el-unknown-linux-gnuabi64
|
||||
mips64el-unknown-linux-gnuabin32
|
||||
mipsel-unknown-linux-gnu
|
||||
powerpc64le-unknown-linux-gnu
|
||||
riscv64-unknown-linux-gnu
|
||||
)
|
||||
|
||||
is_cross() {
|
||||
local t target=$1
|
||||
for t in "${CROSS_TARGETS[@]}"; do
|
||||
[[ $t == $target ]] && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# collect passed options
|
||||
|
||||
targets=()
|
||||
commit=no
|
||||
|
||||
for arg in "$@"; do
|
||||
case "$arg" in
|
||||
--all-targets)
|
||||
targets+=(
|
||||
${CROSS_TARGETS[@]}
|
||||
${NATIVE_TARGETS[@]}
|
||||
)
|
||||
;;
|
||||
--targets=*)
|
||||
# Convert "--targets=a,b,c" to targets=(a b c) bash array.
|
||||
comma_targets=${arg#--targets=}
|
||||
targets+=(${comma_targets//,/ })
|
||||
;;
|
||||
--commit)
|
||||
commit=yes
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
for target in "${targets[@]}"; do
|
||||
# Native and cross jobsets differ a bit. We'll have to pick the
|
||||
# one based on target name:
|
||||
if is_native $target; then
|
||||
jobset=nixpkgs/trunk
|
||||
job="stdenvBootstrapTools.${target}.build"
|
||||
elif is_cross $target; then
|
||||
jobset=nixpkgs/cross-trunk
|
||||
job="bootstrapTools.${target}.build"
|
||||
else
|
||||
die "'$target' is not present in either of 'NATIVE_TARGETS' or 'CROSS_TARGETS'. Please add one."
|
||||
fi
|
||||
|
||||
# 'nixpkgs' prefix where we will write new tarball hashes
|
||||
case "$target" in
|
||||
*linux*) nixpkgs_prefix="pkgs/stdenv/linux" ;;
|
||||
*darwin*) nixpkgs_prefix="pkgs/stdenv/darwin" ;;
|
||||
*) die "don't know where to put '$target'" ;;
|
||||
esac
|
||||
|
||||
# We enforce s3 prefix for all targets here. This slightly differs
|
||||
# from manual uploads targets where names were chosen inconsistently.
|
||||
s3_prefix="stdenv/$target"
|
||||
|
||||
# resolve 'latest' build to the build 'id', construct the link.
|
||||
latest_build_uri="https://hydra.nixos.org/job/$jobset/$job/latest"
|
||||
latest_build="$target.latest-build"
|
||||
info "Fetching latest successful build from '${latest_build_uri}'"
|
||||
curl -s -H "Content-Type: application/json" -L "$latest_build_uri" > "$latest_build"
|
||||
[[ $? -ne 0 ]] && die "Failed to fetch latest successful build"
|
||||
latest_build_id=$(jq '.id' < "$latest_build")
|
||||
[[ $? -ne 0 ]] && die "Did not find 'id' in latest build"
|
||||
build_uri="https://hydra.nixos.org/build/${latest_build_id}"
|
||||
|
||||
# We pick oldest jobset evaluation and extract the 'nicpkgs' commit.
|
||||
#
|
||||
# We use oldest instead of latest to make the result more stable
|
||||
# across unrelated 'nixpkgs' updates. Ideally two subsequent runs of
|
||||
# this refresher should produce the same output (provided there are
|
||||
# no bootstrapTools updates committed between the two runs).
|
||||
oldest_eval_id=$(jq '.jobsetevals|min' < "$latest_build")
|
||||
[[ $? -ne 0 ]] && die "Did not find 'jobsetevals' in latest build"
|
||||
eval_uri="https://hydra.nixos.org/eval/${oldest_eval_id}"
|
||||
eval_meta="$target.eval-meta"
|
||||
info "Fetching oldest eval details from '${eval_uri}' (can take a minute)"
|
||||
curl -s -H "Content-Type: application/json" -L "${eval_uri}" > "$eval_meta"
|
||||
[[ $? -ne 0 ]] && die "Failed to fetch eval metadata"
|
||||
nixpkgs_revision=$(jq --raw-output ".jobsetevalinputs.nixpkgs.revision" < "$eval_meta")
|
||||
[[ $? -ne 0 ]] && die "Failed to fetch revision"
|
||||
|
||||
# Extract the build paths out of the build metadata
|
||||
drvpath=$(jq --raw-output '.drvpath' < "${latest_build}")
|
||||
[[ $? -ne 0 ]] && die "Did not find 'drvpath' in latest build"
|
||||
outpath=$(jq --raw-output '.buildoutputs.out.path' < "${latest_build}")
|
||||
[[ $? -ne 0 ]] && die "Did not find 'buildoutputs' in latest build"
|
||||
build_timestamp=$(jq --raw-output '.timestamp' < "${latest_build}")
|
||||
[[ $? -ne 0 ]] && die "Did not find 'timestamp' in latest build"
|
||||
build_time=$(TZ=UTC LANG=C date --date="@${build_timestamp}" --rfc-email)
|
||||
[[ $? -ne 0 ]] && die "Failed to format timestamp"
|
||||
|
||||
info "Fetching bootstrap tools to calculate hashes from '${outpath}'"
|
||||
nix-store --realize "$outpath"
|
||||
[[ $? -ne 0 ]] && die "Failed to fetch '${outpath}' from hydra"
|
||||
|
||||
fnames=()
|
||||
|
||||
target_file="${nixpkgs_prefix}/bootstrap-files/${target}.nix"
|
||||
info "Writing '${target_file}'"
|
||||
{
|
||||
# header
|
||||
cat <<EOF
|
||||
# Autogenerated by maintainers/scripts/bootstrap-files/refresh-tarballs.bash as:
|
||||
# $ ./refresh-tarballs.bash --targets=${target}
|
||||
#
|
||||
# Metadata:
|
||||
# - nixpkgs revision: ${nixpkgs_revision}
|
||||
# - hydra build: ${latest_build_uri}
|
||||
# - resolved hydra build: ${build_uri}
|
||||
# - instantiated derivation: ${drvpath}
|
||||
# - output directory: ${outpath}
|
||||
# - build time: ${build_time}
|
||||
{
|
||||
EOF
|
||||
for p in "${outpath}/on-server"/*; do
|
||||
fname=$(basename "$p")
|
||||
fnames+=("$fname")
|
||||
case "$fname" in
|
||||
bootstrap-tools.tar.xz) attr=bootstrapTools ;;
|
||||
busybox) attr=$fname ;;
|
||||
*) die "Don't know how to map '$fname' to attribute name. Please update me."
|
||||
esac
|
||||
|
||||
executable_arg=
|
||||
executable_nix=
|
||||
if [[ -x "$p" ]]; then
|
||||
executable_arg="--executable"
|
||||
executable_nix=" executable = true;"
|
||||
fi
|
||||
sha256=$(nix-prefetch-url $executable_arg --name "$fname" "file://$p")
|
||||
[[ $? -ne 0 ]] && die "Failed to get the hash for '$p'"
|
||||
sri=$(nix-hash --to-sri "sha256:$sha256")
|
||||
[[ $? -ne 0 ]] && die "Failed to convert '$sha256' hash to an SRI form"
|
||||
|
||||
# individual file entries
|
||||
cat <<EOF
|
||||
$attr = import <nix/fetchurl.nix> {
|
||||
url = "http://tarballs.nixos.org/${s3_prefix}/${nixpkgs_revision}/$fname";
|
||||
hash = "${sri}";$(printf "\n%s" "${executable_nix}")
|
||||
};
|
||||
EOF
|
||||
done
|
||||
# footer
|
||||
cat <<EOF
|
||||
}
|
||||
EOF
|
||||
} > "${target_file}"
|
||||
|
||||
target_file_commit_msg=${target}.commit_message
|
||||
cat > "$target_file_commit_msg" <<EOF
|
||||
${nixpkgs_prefix}: update ${target} bootstrap-files
|
||||
|
||||
sha256sum of files to be uploaded:
|
||||
|
||||
$(
|
||||
echo "$ sha256sum ${outpath}/on-server/*"
|
||||
sha256sum ${outpath}/on-server/*
|
||||
)
|
||||
|
||||
Suggested commands to upload files to 'tarballs.nixos.org':
|
||||
|
||||
$ nix-store --realize ${outpath}
|
||||
$ aws s3 cp --recursive --acl public-read ${outpath}/on-server/ s3://nixpkgs-tarballs/${s3_prefix}/${nixpkgs_revision}
|
||||
$ aws s3 cp --recursive s3://nixpkgs-tarballs/${s3_prefix}/${nixpkgs_revision} ./
|
||||
$ sha256sum ${fnames[*]}
|
||||
$ sha256sum ${outpath}/on-server/*
|
||||
EOF
|
||||
|
||||
cat "$target_file_commit_msg"
|
||||
if [[ $commit == yes ]]; then
|
||||
git commit "${target_file}" -F "$target_file_commit_msg"
|
||||
else
|
||||
info "DRY RUN: git commit ${target_file} -F $target_file_commit_msg"
|
||||
fi
|
||||
rm -- "$target_file_commit_msg"
|
||||
|
||||
# delete temp files
|
||||
rm -- "$latest_build" "$eval_meta"
|
||||
done
|
|
@ -307,6 +307,20 @@ with lib.maintainers; {
|
|||
shortName = "Flying Circus employees";
|
||||
};
|
||||
|
||||
formatter = {
|
||||
members = [
|
||||
piegames
|
||||
infinisil
|
||||
das_j
|
||||
tomberek
|
||||
_0x4A6F
|
||||
# Not in the maintainer list
|
||||
# Sereja313
|
||||
];
|
||||
scope = "Tentative Nix formatter team to be established in https://github.com/NixOS/rfcs/pull/166";
|
||||
shortName = "Nix formatter team";
|
||||
};
|
||||
|
||||
freedesktop = {
|
||||
members = [ jtojnar ];
|
||||
scope = "Maintain Freedesktop.org packages for graphical desktop.";
|
||||
|
|
|
@ -77,7 +77,7 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
|
|||
|
||||
There are several ways to change the configuration of the container.
|
||||
First, on the host, you can edit
|
||||
`/var/lib/container/name/etc/nixos/configuration.nix`, and run
|
||||
`/var/lib/nixos-containers/foo/etc/nixos/configuration.nix`, and run
|
||||
|
||||
```ShellSession
|
||||
# nixos-container update foo
|
||||
|
|
|
@ -92,6 +92,24 @@ To use your custom kernel package in your NixOS configuration, set
|
|||
boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel;
|
||||
```
|
||||
|
||||
## Rust {#sec-linux-rust}
|
||||
|
||||
The Linux kernel does not have Rust language support enabled by
|
||||
default. For kernel versions 6.7 or newer, experimental Rust support
|
||||
can be enabled. In a NixOS configuration, set:
|
||||
|
||||
```nix
|
||||
boot.kernelPatches = [
|
||||
{
|
||||
name = "Rust Support";
|
||||
patch = null;
|
||||
features = {
|
||||
rust = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
```
|
||||
|
||||
## Developing kernel modules {#sec-linux-config-developing-modules}
|
||||
|
||||
This section was moved to the [Nixpkgs manual](https://nixos.org/nixpkgs/manual#sec-linux-kernel-developing-modules).
|
||||
|
|
|
@ -29,6 +29,7 @@ profiles/graphical.section.md
|
|||
profiles/hardened.section.md
|
||||
profiles/headless.section.md
|
||||
profiles/installation-device.section.md
|
||||
profiles/perlless.section.md
|
||||
profiles/minimal.section.md
|
||||
profiles/qemu-guest.section.md
|
||||
```
|
||||
|
|
11
nixos/doc/manual/configuration/profiles/perlless.section.md
Normal file
11
nixos/doc/manual/configuration/profiles/perlless.section.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Perlless {#sec-perlless}
|
||||
|
||||
::: {.warning}
|
||||
If you enable this profile, you will NOT be able to switch to a new
|
||||
configuration and thus you will not be able to rebuild your system with
|
||||
nixos-rebuild!
|
||||
:::
|
||||
|
||||
Render your system completely perlless (i.e. without the perl interpreter). This
|
||||
includes a mechanism so that your build fails if it contains a Nix store path
|
||||
that references the string "perl".
|
|
@ -38,8 +38,6 @@ The file system can be configured in NixOS via the usual [fileSystems](#opt-file
|
|||
Here's a typical setup:
|
||||
```nix
|
||||
{
|
||||
system.fsPackages = [ pkgs.sshfs ];
|
||||
|
||||
fileSystems."/mnt/my-dir" = {
|
||||
device = "my-user@example.com:/my-dir/";
|
||||
fsType = "sshfs";
|
||||
|
|
|
@ -89,3 +89,18 @@ A user can be deleted using `userdel`:
|
|||
The flag `-r` deletes the user's home directory. Accounts can be
|
||||
modified using `usermod`. Unix groups can be managed using `groupadd`,
|
||||
`groupmod` and `groupdel`.
|
||||
|
||||
## Create users and groups with `systemd-sysusers` {#sec-systemd-sysusers}
|
||||
|
||||
::: {.note}
|
||||
This is experimental.
|
||||
:::
|
||||
|
||||
Instead of using a custom perl script to create users and groups, you can use
|
||||
systemd-sysusers:
|
||||
|
||||
```nix
|
||||
systemd.sysusers.enable = true;
|
||||
```
|
||||
|
||||
The primary benefit of this is to remove a dependency on perl.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Contributing to this manual {#chap-contributing}
|
||||
|
||||
The [DocBook] and CommonMark sources of the NixOS manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
|
||||
The sources of the NixOS manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
|
||||
This manual uses the [Nixpkgs manual syntax](https://nixos.org/manual/nixpkgs/unstable/#sec-contributing-markup).
|
||||
|
||||
You can quickly check your edits with the following:
|
||||
|
|
36
nixos/doc/manual/development/etc-overlay.section.md
Normal file
36
nixos/doc/manual/development/etc-overlay.section.md
Normal file
|
@ -0,0 +1,36 @@
|
|||
# `/etc` via overlay filesystem {#sec-etc-overlay}
|
||||
|
||||
::: {.note}
|
||||
This is experimental and requires a kernel version >= 6.6 because it uses
|
||||
new overlay features and relies on the new mount API.
|
||||
:::
|
||||
|
||||
Instead of using a custom perl script to activate `/etc`, you activate it via an
|
||||
overlay filesystem:
|
||||
|
||||
```nix
|
||||
system.etc.overlay.enable = true;
|
||||
```
|
||||
|
||||
Using an overlay has two benefits:
|
||||
|
||||
1. it removes a dependency on perl
|
||||
2. it makes activation faster (up to a few seconds)
|
||||
|
||||
By default, the `/etc` overlay is mounted writable (i.e. there is a writable
|
||||
upper layer). However, you can also mount `/etc` immutably (i.e. read-only) by
|
||||
setting:
|
||||
|
||||
```nix
|
||||
system.etc.overlay.mutable = false;
|
||||
```
|
||||
|
||||
The overlay is atomically replaced during system switch. However, files that
|
||||
have been modified will NOT be overwritten. This is the biggest change compared
|
||||
to the perl-based system.
|
||||
|
||||
If you manually make changes to `/etc` on your system and then switch to a new
|
||||
configuration where `system.etc.overlay.mutable = false;`, you will not be able
|
||||
to see the previously made changes in `/etc` anymore. However the changes are
|
||||
not completely gone, they are still in the upperdir of the previous overlay in
|
||||
`/.rw-etc/upper`.
|
|
@ -63,3 +63,42 @@ checks:
|
|||
is **restart**ed with the others. If it is set, both the service and the
|
||||
socket are **stop**ped and the socket is **start**ed, leaving socket
|
||||
activation to start the service when it's needed.
|
||||
|
||||
## Sysinit reactivation {#sec-sysinit-reactivation}
|
||||
|
||||
[`sysinit.target`](https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#sysinit.target)
|
||||
is a systemd target that encodes system initialization (i.e. early startup). A
|
||||
few units that need to run very early in the bootup process are ordered to
|
||||
finish before this target is reached. Probably the most notable one of these is
|
||||
`systemd-tmpfiles-setup.service`. We will refer to these units as "sysinit
|
||||
units".
|
||||
|
||||
"Normal" systemd units, by default, are ordered AFTER `sysinit.target`. In
|
||||
other words, these "normal" units expect all services ordered before
|
||||
`sysinit.target` to have finished without explicity declaring this dependency
|
||||
relationship for each dependency. See the [systemd
|
||||
bootup](https://www.freedesktop.org/software/systemd/man/latest/bootup.html)
|
||||
for more details on the bootup process.
|
||||
|
||||
When restarting both a unit ordered before `sysinit.target` as well as one
|
||||
after, this presents a problem because they would be started at the same time
|
||||
as they do not explicitly declare their dependency relations.
|
||||
|
||||
To solve this, NixOS has an artificial `sysinit-reactivation.target` which
|
||||
allows you to ensure that services ordered before `sysinit.target` are
|
||||
restarted correctly. This applies both to the ordering between these sysinit
|
||||
services as well as ensuring that sysinit units are restarted before "normal"
|
||||
units.
|
||||
|
||||
To make an existing sysinit service restart correctly during system switch, you
|
||||
have to declare:
|
||||
|
||||
```nix
|
||||
systemd.services.my-sysinit = {
|
||||
requiredBy = [ "sysinit-reactivation.target" ];
|
||||
before = [ "sysinit-reactivation.target" ];
|
||||
restartTriggers = [ config.environment.etc."my-sysinit.d".source ];
|
||||
};
|
||||
```
|
||||
|
||||
You need to configure appropriate `restartTriggers` specific to your service.
|
||||
|
|
|
@ -37,7 +37,7 @@ of actions is always the same:
|
|||
- Forget about the failed state of units (`systemctl reset-failed`)
|
||||
- Reload systemd (`systemctl daemon-reload`)
|
||||
- Reload systemd user instances (`systemctl --user daemon-reload`)
|
||||
- Set up tmpfiles (`systemd-tmpfiles --create`)
|
||||
- Reactivate sysinit (`systemctl restart sysinit-reactivation.target`)
|
||||
- Reload units (`systemctl reload`)
|
||||
- Restart units (`systemctl restart`)
|
||||
- Start units (`systemctl start`)
|
||||
|
@ -56,4 +56,5 @@ explained in the next sections.
|
|||
unit-handling.section.md
|
||||
activation-script.section.md
|
||||
non-switchable-systems.section.md
|
||||
etc-overlay.section.md
|
||||
```
|
||||
|
|
|
@ -7,7 +7,7 @@ worthy contribution to the project.
|
|||
|
||||
## Building the Manual {#sec-writing-docs-building-the-manual}
|
||||
|
||||
The DocBook sources of the [](#book-nixos-manual) are in the
|
||||
The sources of the [](#book-nixos-manual) are in the
|
||||
[`nixos/doc/manual`](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual)
|
||||
subdirectory of the Nixpkgs repository.
|
||||
|
||||
|
@ -29,65 +29,3 @@ nix-build nixos/release.nix -A manual.x86_64-linux
|
|||
When this command successfully finishes, it will tell you where the
|
||||
manual got generated. The HTML will be accessible through the `result`
|
||||
symlink at `./result/share/doc/nixos/index.html`.
|
||||
|
||||
## Editing DocBook XML {#sec-writing-docs-editing-docbook-xml}
|
||||
|
||||
For general information on how to write in DocBook, see [DocBook 5: The
|
||||
Definitive Guide](https://tdg.docbook.org/tdg/5.1/).
|
||||
|
||||
Emacs nXML Mode is very helpful for editing DocBook XML because it
|
||||
validates the document as you write, and precisely locates errors. To
|
||||
use it, see [](#sec-emacs-docbook-xml).
|
||||
|
||||
[Pandoc](https://pandoc.org/) can generate DocBook XML from a multitude of
|
||||
formats, which makes a good starting point. Here is an example of Pandoc
|
||||
invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML:
|
||||
|
||||
```ShellSession
|
||||
pandoc -f markdown_github -t docbook5 docs.md -o my-section.md
|
||||
```
|
||||
|
||||
Pandoc can also quickly convert a single `section.xml` to HTML, which is
|
||||
helpful when drafting.
|
||||
|
||||
Sometimes writing valid DocBook is too difficult. In this case,
|
||||
submit your documentation updates in a [GitHub
|
||||
Issue](https://github.com/NixOS/nixpkgs/issues/new) and someone will
|
||||
handle the conversion to XML for you.
|
||||
|
||||
## Creating a Topic {#sec-writing-docs-creating-a-topic}
|
||||
|
||||
You can use an existing topic as a basis for the new topic or create a
|
||||
topic from scratch.
|
||||
|
||||
Keep the following guidelines in mind when you create and add a topic:
|
||||
|
||||
- The NixOS [`book`](https://tdg.docbook.org/tdg/5.0/book.html)
|
||||
element is in `nixos/doc/manual/manual.xml`. It includes several
|
||||
[`parts`](https://tdg.docbook.org/tdg/5.0/book.html) which are in
|
||||
subdirectories.
|
||||
|
||||
- Store the topic file in the same directory as the `part` to which it
|
||||
belongs. If your topic is about configuring a NixOS module, then the
|
||||
XML file can be stored alongside the module definition `nix` file.
|
||||
|
||||
- If you include multiple words in the file name, separate the words
|
||||
with a dash. For example: `ipv6-config.xml`.
|
||||
|
||||
- Make sure that the `xml:id` value is unique. You can use abbreviations
|
||||
if the ID is too long. For example: `nixos-config`.
|
||||
|
||||
- Determine whether your topic is a chapter or a section. If you are
|
||||
unsure, open an existing topic file and check whether the main
|
||||
element is chapter or section.
|
||||
|
||||
## Adding a Topic to the Book {#sec-writing-docs-adding-a-topic}
|
||||
|
||||
Open the parent CommonMark file and add a line to the list of
|
||||
chapters with the file name of the topic that you created. If you
|
||||
created a `section`, you add the file to the `chapter` file. If you created
|
||||
a `chapter`, you add the file to the `part` file.
|
||||
|
||||
If the topic is about configuring a NixOS module, it can be
|
||||
automatically included in the manual by using the `meta.doc` attribute.
|
||||
See [](#sec-meta-attributes) for an explanation.
|
||||
|
|
|
@ -10,7 +10,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment.
|
||||
|
||||
- `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_testing`, and is therefore no longer available.
|
||||
- `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_latest`, and is therefore no longer available.
|
||||
|
||||
- NixOS now installs a stub ELF loader that prints an informative error message when users attempt to run binaries not made for NixOS.
|
||||
- This can be disabled through the `environment.stub-ld.enable` option.
|
||||
|
@ -18,31 +18,65 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- Julia environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`.
|
||||
|
||||
- A new option `systemd.sysusers.enable` was added. If enabled, users and
|
||||
groups are created with systemd-sysusers instead of with a custom perl script.
|
||||
|
||||
- A new option `system.etc.overlay.enable` was added. If enabled, `/etc` is
|
||||
mounted via an overlayfs instead of being created by a custom perl script.
|
||||
|
||||
- It is now possible to have a completely perlless system (i.e. a system
|
||||
without perl). Previously, the NixOS activation depended on two perl scripts
|
||||
which can now be replaced via an opt-in mechanism. To make your system
|
||||
perlless, you can use the new perlless profile:
|
||||
```
|
||||
{ modulesPath, ... }: {
|
||||
imports = [ "${modulesPath}/profiles/perlless.nix" ];
|
||||
}
|
||||
```
|
||||
|
||||
## New Services {#sec-release-24.05-new-services}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- [Handheld Daemon](https://github.com/hhd-dev/hhd), support for gaming handhelds like the Legion Go, ROG Ally, and GPD Win. Available as [services.handheld-daemon](#opt-services.handheld-daemon.enable).
|
||||
|
||||
- [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable).
|
||||
|
||||
- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable)
|
||||
|
||||
- [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
|
||||
|
||||
- systemd's gateway, upload, and remote services, which provides ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable).
|
||||
|
||||
- [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable).
|
||||
|
||||
- [pretalx](https://github.com/pretalx/pretalx), a conference planning tool. Available as [services.pretalx](#opt-services.pretalx.enable).
|
||||
|
||||
- [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training.
|
||||
|
||||
- [ollama](https://ollama.ai), server for running large language models locally.
|
||||
|
||||
- [hebbot](https://github.com/haecker-felix/hebbot), a Matrix bot to generate "This Week in X" like blog posts. Available as [services.hebbot](#opt-services.hebbot.enable).
|
||||
|
||||
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
|
||||
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares.
|
||||
|
||||
- [Suwayomi Server](https://github.com/Suwayomi/Suwayomi-Server), a free and open source manga reader server that runs extensions built for [Tachiyomi](https://tachiyomi.org). Available as [services.suwayomi-server](#opt-services.suwayomi-server.enable).
|
||||
|
||||
- [ping_exporter](https://github.com/czerwonk/ping_exporter), a Prometheus exporter for ICMP echo requests. Available as [services.prometheus.exporters.ping](#opt-services.prometheus.exporters.ping.enable).
|
||||
|
||||
- [TigerBeetle](https://tigerbeetle.com/), a distributed financial accounting database designed for mission critical safety and performance. Available as [services.tigerbeetle](#opt-services.tigerbeetle.enable).
|
||||
|
||||
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
|
||||
|
||||
- [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).
|
||||
|
||||
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable)
|
||||
|
||||
- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer.
|
||||
|
||||
- [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -61,14 +95,32 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
|
||||
- `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details.
|
||||
|
||||
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
|
||||
This was done so that secrets aren't stored in the world-readable nix store.
|
||||
To migrate, you will have create a file with the same exact string, and change
|
||||
your module options to point to that file. For example, `services.aria2.rpcSecret =
|
||||
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
|
||||
where the file `secret_file` contains the string `mysecret`.
|
||||
|
||||
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
|
||||
|
||||
- `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
|
||||
|
||||
- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the freeform type and option named `services.paperless.settings`.
|
||||
|
||||
- The legacy and long deprecated systemd target `network-interfaces.target` has been removed. Use `network.target` instead.
|
||||
|
||||
- `mkosi` was updated to v19. Parts of the user interface have changed. Consult the
|
||||
[release notes](https://github.com/systemd/mkosi/releases/tag/v19) for a list of changes.
|
||||
- `services.frp.settings` now generates the frp configuration file in TOML format as [recommended by upstream](https://github.com/fatedier/frp#configuration-files), instead of the legacy INI format. This has also introduced other changes in the configuration file structure and options.
|
||||
- The `settings.common` section in the configuration is no longer valid and all the options form inside it now goes directly under `settings`.
|
||||
- The `_` separating words in the configuration options is removed so the options are now in camel case. For example: `server_addr` becomes `serverAddr`, `server_port` becomes `serverPort` etc.
|
||||
- Proxies are now defined with a new option `settings.proxies` which takes a list of proxies.
|
||||
- Consult the [upstream documentation](https://github.com/fatedier/frp#example-usage) for more details on the changes.
|
||||
|
||||
- `mkosi` was updated to v20. Parts of the user interface have changed. Consult the
|
||||
release notes of [v19](https://github.com/systemd/mkosi/releases/tag/v19) and
|
||||
[v20](https://github.com/systemd/mkosi/releases/tag/v20) for a list of changes.
|
||||
|
||||
- The `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200).
|
||||
|
||||
- `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block.
|
||||
Example:
|
||||
|
@ -96,19 +148,45 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
- If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default.
|
||||
- Please note that an upgrade from v26 (or older) to v28 directly is not possible. Please upgrade to `nextcloud27` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud27;`](options.html#opt-services.nextcloud.package).
|
||||
|
||||
- The vendored third party libraries have been mostly removed from `cudaPackages.nsight_systems`, which we now only ship for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`.
|
||||
|
||||
- The `cudaPackages` package scope has been updated to `cudaPackages_12`.
|
||||
|
||||
- `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.
|
||||
|
||||
- `xxd` has been moved from `vim` default output to its own output to reduce closure size. The canonical way to reference it across all platforms is `unixtools.xxd`.
|
||||
|
||||
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
|
||||
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
|
||||
|
||||
- A warning has been added for services that are
|
||||
`after = [ "network-online.target" ]` but do not depend on it (e.g. using
|
||||
`wants`), because the dependency that `multi-user.target` has on
|
||||
`network-online.target` is planned for removal.
|
||||
|
||||
- `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used.
|
||||
Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory.
|
||||
|
||||
- `networking.iproute2.enable` now does not set `environment.etc."iproute2/rt_tables".text`.
|
||||
|
||||
Setting `environment.etc."iproute2/{CONFIG_FILE_NAME}".text` will override the whole configuration file instead of appending it to the upstream configuration file.
|
||||
|
||||
`CONFIG_FILE_NAME` includes `bpf_pinning`, `ematch_map`, `group`, `nl_protos`, `rt_dsfield`, `rt_protos`, `rt_realms`, `rt_scopes`, and `rt_tables`.
|
||||
|
||||
- `netbox` was updated to v3.7. `services.netbox.package` still defaults
|
||||
to v3.6 if `stateVersion` is earlier than 24.05. Refer to upstream's breaking
|
||||
changes [for
|
||||
v3.7.0](https://github.com/netbox-community/netbox/releases/tag/v3.7.0) and
|
||||
upgrade NetBox by changing `services.netbox.package`. Database migrations
|
||||
will be run automatically.
|
||||
|
||||
- The executable file names for `firefox-devedition`, `firefox-beta`, `firefox-esr` now matches their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher.
|
||||
|
||||
- switch-to-configuration does not directly call systemd-tmpfiles anymore.
|
||||
Instead, the new artificial sysinit-reactivation.target is introduced which
|
||||
allows to restart multiple services that are ordered before sysinit.target
|
||||
and respect the ordering between the services.
|
||||
|
||||
- The `systemd.oomd` module behavior is changed as:
|
||||
|
||||
- Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
|
||||
|
@ -123,6 +201,33 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
- `security.pam.enableSSHAgentAuth` now requires `services.openssh.authorizedKeysFiles` to be non-empty,
|
||||
which is the case when `services.openssh.enable` is true. Previously, `pam_ssh_agent_auth` silently failed to work.
|
||||
|
||||
- The configuration format for `services.prometheus.exporters.snmp` changed with release 0.23.0.
|
||||
The module now includes an optional config check, that is enabled by default, to make the change obvious before any deployment.
|
||||
More information about the configuration syntax change is available in the [upstream repository](https://github.com/prometheus/snmp_exporter/blob/b75fc6b839ee3f3ccbee68bee55f1ae99555084a/auth-split-migration.md).
|
||||
|
||||
- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
|
||||
|
||||
- The `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes:
|
||||
|
||||
- The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named.
|
||||
|
||||
- JVM arguments should now be provided with the `--jvm-arg` flag instead of setting `JAVA_OPTS`.
|
||||
|
||||
- The `-data` path is no longer required to run the package, and will be set to point to a folder in `$TMP` if missing.
|
||||
|
||||
- `nomad` has been updated - note that HashiCorp recommends updating one minor version at a time. Please check [their upgrade guide](https://developer.hashicorp.com/nomad/docs/upgrade) for information on safely updating clusters and potential breaking changes.
|
||||
|
||||
- `nomad` is now Nomad 1.7.x.
|
||||
|
||||
- `nomad_1_4` has been removed, as it is now unsupported upstream.
|
||||
|
||||
- The `livebook` package is now built as a `mix release` instead of an `escript`.
|
||||
This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments.
|
||||
This has the further implication that the `livebook` service configuration has changed:
|
||||
|
||||
- The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter.
|
||||
Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead.
|
||||
|
||||
## Other Notable Changes {#sec-release-24.05-notable-changes}
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -147,24 +252,31 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
|
||||
- [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0.
|
||||
|
||||
- The following options of the Nextcloud module were moved into [`services.nextcloud.extraOptions`](#opt-services.nextcloud.extraOptions) and renamed to match the name from Nextcloud's `config.php`:
|
||||
- `logLevel` -> [`loglevel`](#opt-services.nextcloud.extraOptions.loglevel),
|
||||
- `logType` -> [`log_type`](#opt-services.nextcloud.extraOptions.log_type),
|
||||
- `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.extraOptions.default_phone_region),
|
||||
- `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.extraOptions.overwriteprotocol),
|
||||
- `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.extraOptions.skeletondirectory),
|
||||
- `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.extraOptions._profile.enabled_),
|
||||
- `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains) and
|
||||
- `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.extraOptions.trusted_proxies).
|
||||
- The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`:
|
||||
- `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel),
|
||||
- `logType` -> [`log_type`](#opt-services.nextcloud.settings.log_type),
|
||||
- `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.settings.default_phone_region),
|
||||
- `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.settings.overwriteprotocol),
|
||||
- `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.settings.skeletondirectory),
|
||||
- `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.settings._profile.enabled_),
|
||||
- `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and
|
||||
- `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies).
|
||||
|
||||
- The option [`services.nextcloud.config.dbport`] of the Nextcloud module was removed to match upstream.
|
||||
The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost).
|
||||
|
||||
- `stdenv`: The `--replace` flag in `substitute`, `substituteInPlace`, `substituteAll`, `substituteAllStream`, and `substituteStream` is now deprecated if favor of the new `--replace-fail`, `--replace-warn` and `--replace-quiet`. The deprecated `--replace` equates to `--replace-warn`.
|
||||
|
||||
- New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
|
||||
The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime.
|
||||
|
||||
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing
|
||||
non-child processes. This means you will not be able to attach gdb to an
|
||||
existing process, but will need to start that process from gdb (so it is a
|
||||
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
|
||||
|
||||
- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
|
||||
|
||||
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
||||
`globalRedirect` can now have redirect codes other than 301 through
|
||||
`redirectCode`.
|
||||
|
@ -180,12 +292,16 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
- `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module
|
||||
(such as msmtp or Postfix). It no longer requires using a special ZFS build with email support.
|
||||
|
||||
- `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore.
|
||||
|
||||
- The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`.
|
||||
|
||||
- Gitea 1.21 upgrade has several breaking changes, including:
|
||||
- Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`
|
||||
- New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.
|
||||
|
||||
- The `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
|
||||
|
||||
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
|
||||
|
||||
- The `btrbk` module now automatically selects and provides required compression
|
||||
|
@ -193,5 +309,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
replaces the need for the `extraPackages` option, this option will be
|
||||
deprecated in future releases.
|
||||
|
||||
- The `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`.
|
||||
|
||||
- YouTrack is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details.
|
||||
|
||||
- QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS).
|
||||
The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform.
|
||||
|
||||
|
|
|
@ -110,6 +110,7 @@ let
|
|||
withExtraAttrs = configuration: configuration // {
|
||||
inherit extraArgs;
|
||||
inherit (configuration._module.args) pkgs;
|
||||
inherit lib;
|
||||
extendModules = args: withExtraAttrs (configuration.extendModules args);
|
||||
};
|
||||
in
|
||||
|
|
|
@ -360,9 +360,13 @@ in rec {
|
|||
};
|
||||
};
|
||||
|
||||
commonUnitText = def: ''
|
||||
commonUnitText = def: lines: ''
|
||||
[Unit]
|
||||
${attrsToSection def.unitConfig}
|
||||
'' + lines + lib.optionalString (def.wantedBy != [ ]) ''
|
||||
|
||||
[Install]
|
||||
WantedBy=${concatStringsSep " " def.wantedBy}
|
||||
'';
|
||||
|
||||
targetToUnit = name: def:
|
||||
|
@ -376,7 +380,7 @@ in rec {
|
|||
|
||||
serviceToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def + ''
|
||||
text = commonUnitText def (''
|
||||
[Service]
|
||||
'' + (let env = cfg.globalEnvironment // def.environment;
|
||||
in concatMapStrings (n:
|
||||
|
@ -392,63 +396,57 @@ in rec {
|
|||
'' else "")
|
||||
+ optionalString (def ? stopIfChanged && !def.stopIfChanged) ''
|
||||
X-StopIfChanged=false
|
||||
'' + attrsToSection def.serviceConfig;
|
||||
'' + attrsToSection def.serviceConfig);
|
||||
};
|
||||
|
||||
socketToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Socket]
|
||||
${attrsToSection def.socketConfig}
|
||||
${concatStringsSep "\n" (map (s: "ListenStream=${s}") def.listenStreams)}
|
||||
${concatStringsSep "\n" (map (s: "ListenDatagram=${s}") def.listenDatagrams)}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Socket]
|
||||
${attrsToSection def.socketConfig}
|
||||
${concatStringsSep "\n" (map (s: "ListenStream=${s}") def.listenStreams)}
|
||||
${concatStringsSep "\n" (map (s: "ListenDatagram=${s}") def.listenDatagrams)}
|
||||
'';
|
||||
};
|
||||
|
||||
timerToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Timer]
|
||||
${attrsToSection def.timerConfig}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Timer]
|
||||
${attrsToSection def.timerConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
pathToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Path]
|
||||
${attrsToSection def.pathConfig}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Path]
|
||||
${attrsToSection def.pathConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
mountToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Mount]
|
||||
${attrsToSection def.mountConfig}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Mount]
|
||||
${attrsToSection def.mountConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
automountToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Automount]
|
||||
${attrsToSection def.automountConfig}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Automount]
|
||||
${attrsToSection def.automountConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
sliceToUnit = name: def:
|
||||
{ inherit (def) aliases wantedBy requiredBy enable overrideStrategy;
|
||||
text = commonUnitText def +
|
||||
''
|
||||
[Slice]
|
||||
${attrsToSection def.sliceConfig}
|
||||
'';
|
||||
text = commonUnitText def ''
|
||||
[Slice]
|
||||
${attrsToSection def.sliceConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
# Create a directory that contains systemd definition files from an attrset
|
||||
|
|
|
@ -768,6 +768,32 @@ class Machine:
|
|||
self.booted = False
|
||||
self.connected = False
|
||||
|
||||
def wait_for_qmp_event(
|
||||
self, event_filter: Callable[[dict[str, Any]], bool], timeout: int = 60 * 10
|
||||
) -> dict[str, Any]:
|
||||
"""
|
||||
Wait for a QMP event which you can filter with the `event_filter` function.
|
||||
The function takes as an input a dictionary of the event and if it returns True, we return that event,
|
||||
if it does not, we wait for the next event and retry.
|
||||
|
||||
It will skip all events received in the meantime, if you want to keep them,
|
||||
you have to do the bookkeeping yourself and store them somewhere.
|
||||
|
||||
By default, it will wait up to 10 minutes, `timeout` is in seconds.
|
||||
"""
|
||||
if self.qmp_client is None:
|
||||
raise RuntimeError("QMP API is not ready yet, is the VM ready?")
|
||||
|
||||
start = time.time()
|
||||
while True:
|
||||
evt = self.qmp_client.wait_for_event(timeout=timeout)
|
||||
if event_filter(evt):
|
||||
return evt
|
||||
|
||||
elapsed = time.time() - start
|
||||
if elapsed >= timeout:
|
||||
raise TimeoutError
|
||||
|
||||
def get_tty_text(self, tty: str) -> str:
|
||||
status, output = self.execute(
|
||||
f"fold -w$(stty -F /dev/tty{tty} size | "
|
||||
|
|
|
@ -109,6 +109,7 @@ rec {
|
|||
recurse = prefix: item:
|
||||
if item ? ${attr} then
|
||||
nameValuePair prefix item.${attr}
|
||||
else if isDerivation item then []
|
||||
else if isAttrs item then
|
||||
map (name:
|
||||
let
|
||||
|
|
|
@ -9,17 +9,17 @@
|
|||
|
||||
# This file is made to be used as follow:
|
||||
#
|
||||
# $ nix-instantiate ./option-usage.nix --argstr testOption service.xserver.enable -A txtContent --eval
|
||||
# $ nix-instantiate ./option-usages.nix --argstr testOption service.xserver.enable -A txtContent --eval
|
||||
#
|
||||
# or
|
||||
#
|
||||
# $ nix-build ./option-usage.nix --argstr testOption service.xserver.enable -A txt -o service.xserver.enable._txt
|
||||
# $ nix-build ./option-usages.nix --argstr testOption service.xserver.enable -A txt -o service.xserver.enable._txt
|
||||
#
|
||||
# Other targets exists such as `dotContent`, `dot`, and `pdf`. If you are
|
||||
# looking for the option usage of multiple options, you can provide a list
|
||||
# as argument.
|
||||
#
|
||||
# $ nix-build ./option-usage.nix --arg testOptions \
|
||||
# $ nix-build ./option-usages.nix --arg testOptions \
|
||||
# '["boot.loader.gummiboot.enable" "boot.loader.gummiboot.timeout"]' \
|
||||
# -A txt -o gummiboot.list
|
||||
#
|
||||
|
|
|
@ -37,6 +37,7 @@ with lib;
|
|||
ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; };
|
||||
gjs = super.gjs.overrideAttrs { doCheck = false; installTests = false; }; # avoid test dependency on gtk3
|
||||
gobject-introspection = super.gobject-introspection.override { x11Support = false; };
|
||||
gpg-tui = super.gpg-tui.override { x11Support = false; };
|
||||
gpsd = super.gpsd.override { guiSupport = false; };
|
||||
graphviz = super.graphviz-nox;
|
||||
gst_all_1 = super.gst_all_1 // {
|
||||
|
|
|
@ -214,7 +214,8 @@ in
|
|||
''
|
||||
# Create the required /bin/sh symlink; otherwise lots of things
|
||||
# (notably the system() function) won't work.
|
||||
mkdir -m 0755 -p /bin
|
||||
mkdir -p /bin
|
||||
chmod 0755 /bin
|
||||
ln -sfn "${cfg.binsh}" /bin/.sh.tmp
|
||||
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh
|
||||
'';
|
||||
|
|
|
@ -685,7 +685,7 @@ in {
|
|||
shadow.gid = ids.gids.shadow;
|
||||
};
|
||||
|
||||
system.activationScripts.users = {
|
||||
system.activationScripts.users = if !config.systemd.sysusers.enable then {
|
||||
supportsDryActivation = true;
|
||||
text = ''
|
||||
install -m 0700 -d /root
|
||||
|
@ -694,7 +694,7 @@ in {
|
|||
${pkgs.perl.withPackages (p: [ p.FileSlurp p.JSON ])}/bin/perl \
|
||||
-w ${./update-users-groups.pl} ${spec}
|
||||
'';
|
||||
};
|
||||
} else ""; # keep around for backwards compatibility
|
||||
|
||||
system.activationScripts.update-lingering = let
|
||||
lingerDir = "/var/lib/systemd/linger";
|
||||
|
@ -711,7 +711,9 @@ in {
|
|||
'';
|
||||
|
||||
# Warn about user accounts with deprecated password hashing schemes
|
||||
system.activationScripts.hashes = {
|
||||
# This does not work when the users and groups are created by
|
||||
# systemd-sysusers because the users are created too late then.
|
||||
system.activationScripts.hashes = if !config.systemd.sysusers.enable then {
|
||||
deps = [ "users" ];
|
||||
text = ''
|
||||
users=()
|
||||
|
@ -729,7 +731,7 @@ in {
|
|||
printf ' - %s\n' "''${users[@]}"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
} else ""; # keep around for backwards compatibility
|
||||
|
||||
# for backwards compatibility
|
||||
system.activationScripts.groups = stringAfter [ "users" ] "";
|
||||
|
|
|
@ -12,6 +12,10 @@ in
|
|||
Add your user to the corectrl group to run corectrl without needing to enter your password
|
||||
'');
|
||||
|
||||
package = mkPackageOption pkgs "corectrl" {
|
||||
extraDescription = "Useful for overriding the configuration options used for the package.";
|
||||
};
|
||||
|
||||
gpuOverclock = {
|
||||
enable = mkEnableOption (lib.mdDoc ''
|
||||
GPU overclocking
|
||||
|
@ -32,9 +36,9 @@ in
|
|||
|
||||
config = mkIf cfg.enable (lib.mkMerge [
|
||||
{
|
||||
environment.systemPackages = [ pkgs.corectrl ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
services.dbus.packages = [ pkgs.corectrl ];
|
||||
services.dbus.packages = [ cfg.package ];
|
||||
|
||||
users.groups.corectrl = { };
|
||||
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
, systemd
|
||||
, fakeroot
|
||||
, util-linux
|
||||
|
||||
# filesystem tools
|
||||
, dosfstools
|
||||
, mtools
|
||||
, e2fsprogs
|
||||
|
@ -18,13 +20,19 @@
|
|||
, btrfs-progs
|
||||
, xfsprogs
|
||||
|
||||
# compression tools
|
||||
, zstd
|
||||
, xz
|
||||
|
||||
# arguments
|
||||
, name
|
||||
, imageFileBasename
|
||||
, compression
|
||||
, fileSystems
|
||||
, partitions
|
||||
, split
|
||||
, seed
|
||||
, definitionsDirectory
|
||||
, sectorSize
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -52,14 +60,25 @@ let
|
|||
};
|
||||
|
||||
fileSystemTools = builtins.concatMap (f: fileSystemToolMapping."${f}") fileSystems;
|
||||
|
||||
compressionPkg = {
|
||||
"zstd" = zstd;
|
||||
"xz" = xz;
|
||||
}."${compression.algorithm}";
|
||||
|
||||
compressionCommand = {
|
||||
"zstd" = "zstd --no-progress --threads=0 -${toString compression.level}";
|
||||
"xz" = "xz --keep --verbose --threads=0 -${toString compression.level}";
|
||||
}."${compression.algorithm}";
|
||||
in
|
||||
|
||||
runCommand name
|
||||
runCommand imageFileBasename
|
||||
{
|
||||
nativeBuildInputs = [
|
||||
systemd
|
||||
fakeroot
|
||||
util-linux
|
||||
compressionPkg
|
||||
] ++ fileSystemTools;
|
||||
} ''
|
||||
amendedRepartDefinitions=$(${amendRepartDefinitions} ${partitions} ${definitionsDirectory})
|
||||
|
@ -67,6 +86,7 @@ runCommand name
|
|||
mkdir -p $out
|
||||
cd $out
|
||||
|
||||
echo "Building image with systemd-repart..."
|
||||
unshare --map-root-user fakeroot systemd-repart \
|
||||
--dry-run=no \
|
||||
--empty=create \
|
||||
|
@ -75,6 +95,18 @@ runCommand name
|
|||
--definitions="$amendedRepartDefinitions" \
|
||||
--split="${lib.boolToString split}" \
|
||||
--json=pretty \
|
||||
image.raw \
|
||||
${lib.optionalString (sectorSize != null) "--sector-size=${toString sectorSize}"} \
|
||||
${imageFileBasename}.raw \
|
||||
| tee repart-output.json
|
||||
|
||||
# Compression is implemented in the same derivation as opposed to in a
|
||||
# separate derivation to allow users to save disk space. Disk images are
|
||||
# already very space intensive so we want to allow users to mitigate this.
|
||||
if ${lib.boolToString compression.enable}; then
|
||||
for f in ${imageFileBasename}*; do
|
||||
echo "Compressing $f with ${compression.algorithm}..."
|
||||
# Keep the original file when compressing and only delete it afterwards
|
||||
${compressionCommand} $f && rm $f
|
||||
done
|
||||
fi
|
||||
''
|
||||
|
|
|
@ -66,7 +66,53 @@ in
|
|||
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = lib.mdDoc "The name of the image.";
|
||||
description = lib.mdDoc ''
|
||||
Name of the image.
|
||||
|
||||
If this option is unset but config.system.image.id is set,
|
||||
config.system.image.id is used as the default value.
|
||||
'';
|
||||
};
|
||||
|
||||
version = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = config.system.image.version;
|
||||
defaultText = lib.literalExpression "config.system.image.version";
|
||||
description = lib.mdDoc "Version of the image";
|
||||
};
|
||||
|
||||
imageFileBasename = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
readOnly = true;
|
||||
description = lib.mdDoc ''
|
||||
Basename of the image filename without any extension (e.g. `image_1`).
|
||||
'';
|
||||
};
|
||||
|
||||
imageFile = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
readOnly = true;
|
||||
description = lib.mdDoc ''
|
||||
Filename of the image including all extensions (e.g `image_1.raw` or
|
||||
`image_1.raw.zst`).
|
||||
'';
|
||||
};
|
||||
|
||||
compression = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Image compression");
|
||||
|
||||
algorithm = lib.mkOption {
|
||||
type = lib.types.enum [ "zstd" "xz" ];
|
||||
default = "zstd";
|
||||
description = lib.mdDoc "Compression algorithm";
|
||||
};
|
||||
|
||||
level = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = lib.mdDoc ''
|
||||
Compression level. The available range depends on the used algorithm.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
seed = lib.mkOption {
|
||||
|
@ -89,6 +135,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
sectorSize = lib.mkOption {
|
||||
type = with lib.types; nullOr int;
|
||||
default = 512;
|
||||
example = lib.literalExpression "4096";
|
||||
description = lib.mdDoc ''
|
||||
The sector size of the disk image produced by systemd-repart. This
|
||||
value must be a power of 2 between 512 and 4096.
|
||||
'';
|
||||
};
|
||||
|
||||
package = lib.mkPackageOption pkgs "systemd-repart" {
|
||||
# We use buildPackages so that repart images are built with the build
|
||||
# platform's systemd, allowing for cross-compiled systems to work.
|
||||
|
@ -131,6 +187,32 @@ in
|
|||
|
||||
config = {
|
||||
|
||||
image.repart =
|
||||
let
|
||||
version = config.image.repart.version;
|
||||
versionInfix = if version != null then "_${version}" else "";
|
||||
compressionSuffix = lib.optionalString cfg.compression.enable
|
||||
{
|
||||
"zstd" = ".zst";
|
||||
"xz" = ".xz";
|
||||
}."${cfg.compression.algorithm}";
|
||||
in
|
||||
{
|
||||
name = lib.mkIf (config.system.image.id != null) (lib.mkOptionDefault config.system.image.id);
|
||||
imageFileBasename = cfg.name + versionInfix;
|
||||
imageFile = cfg.imageFileBasename + ".raw" + compressionSuffix;
|
||||
|
||||
compression = {
|
||||
# Generally default to slightly faster than default compression
|
||||
# levels under the assumption that most of the building will be done
|
||||
# for development and release builds will be customized.
|
||||
level = lib.mkOptionDefault {
|
||||
"zstd" = 3;
|
||||
"xz" = 3;
|
||||
}."${cfg.compression.algorithm}";
|
||||
};
|
||||
};
|
||||
|
||||
system.build.image =
|
||||
let
|
||||
fileSystems = lib.filter
|
||||
|
@ -160,7 +242,7 @@ in
|
|||
in
|
||||
pkgs.callPackage ./repart-image.nix {
|
||||
systemd = cfg.package;
|
||||
inherit (cfg) name split seed;
|
||||
inherit (cfg) imageFileBasename compression split seed sectorSize;
|
||||
inherit fileSystems definitionsDirectory partitions;
|
||||
};
|
||||
|
||||
|
|
|
@ -28,6 +28,8 @@ let
|
|||
DOCUMENTATION_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/learn.html";
|
||||
SUPPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/community.html";
|
||||
BUG_REPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://github.com/NixOS/nixpkgs/issues";
|
||||
IMAGE_ID = lib.optionalString (config.system.image.id != null) config.system.image.id;
|
||||
IMAGE_VERSION = lib.optionalString (config.system.image.version != null) config.system.image.version;
|
||||
} // lib.optionalAttrs (cfg.variant_id != null) {
|
||||
VARIANT_ID = cfg.variant_id;
|
||||
};
|
||||
|
@ -110,6 +112,38 @@ in
|
|||
example = "installer";
|
||||
};
|
||||
|
||||
image = {
|
||||
|
||||
id = lib.mkOption {
|
||||
type = types.nullOr (types.strMatching "^[a-z0-9._-]+$");
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Image identifier.
|
||||
|
||||
This corresponds to the IMAGE_ID field in os-release. See the
|
||||
upstream docs for more details on valid characters for this field:
|
||||
https://www.freedesktop.org/software/systemd/man/latest/os-release.html#IMAGE_ID=
|
||||
|
||||
You would only want to set this option if you're build NixOS appliance images.
|
||||
'';
|
||||
};
|
||||
|
||||
version = lib.mkOption {
|
||||
type = types.nullOr (types.strMatching "^[a-z0-9._-]+$");
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Image version.
|
||||
|
||||
This corresponds to the IMAGE_VERSION field in os-release. See the
|
||||
upstream docs for more details on valid characters for this field:
|
||||
https://www.freedesktop.org/software/systemd/man/latest/os-release.html#IMAGE_VERSION=
|
||||
|
||||
You would only want to set this option if you're build NixOS appliance images.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
stateVersion = mkOption {
|
||||
type = types.str;
|
||||
# TODO Remove this and drop the default of the option so people are forced to set it.
|
||||
|
|
|
@ -139,6 +139,7 @@
|
|||
./programs/_1password-gui.nix
|
||||
./programs/_1password.nix
|
||||
./programs/adb.nix
|
||||
./programs/alvr.nix
|
||||
./programs/appgate-sdp.nix
|
||||
./programs/atop.nix
|
||||
./programs/ausweisapp.nix
|
||||
|
@ -195,7 +196,6 @@
|
|||
./programs/haguichi.nix
|
||||
./programs/hamster.nix
|
||||
./programs/htop.nix
|
||||
./programs/hyprland.nix
|
||||
./programs/iay.nix
|
||||
./programs/iftop.nix
|
||||
./programs/i3lock.nix
|
||||
|
@ -215,6 +215,7 @@
|
|||
./programs/minipro.nix
|
||||
./programs/miriway.nix
|
||||
./programs/mosh.nix
|
||||
./programs/mouse-actions.nix
|
||||
./programs/msmtp.nix
|
||||
./programs/mtr.nix
|
||||
./programs/nano.nix
|
||||
|
@ -273,6 +274,7 @@
|
|||
./programs/wavemon.nix
|
||||
./programs/wayland/cardboard.nix
|
||||
./programs/wayland/labwc.nix
|
||||
./programs/wayland/hyprland.nix
|
||||
./programs/wayland/river.nix
|
||||
./programs/wayland/sway.nix
|
||||
./programs/wayland/waybar.nix
|
||||
|
@ -446,6 +448,7 @@
|
|||
./services/databases/postgresql.nix
|
||||
./services/databases/redis.nix
|
||||
./services/databases/surrealdb.nix
|
||||
./services/databases/tigerbeetle.nix
|
||||
./services/databases/victoriametrics.nix
|
||||
./services/desktops/accountsservice.nix
|
||||
./services/desktops/ayatana-indicators.nix
|
||||
|
@ -506,7 +509,7 @@
|
|||
./services/editors/haste.nix
|
||||
./services/editors/infinoted.nix
|
||||
./services/finance/odoo.nix
|
||||
./services/games/asf.nix
|
||||
./services/games/archisteamfarm.nix
|
||||
./services/games/crossfire-server.nix
|
||||
./services/games/deliantra-server.nix
|
||||
./services/games/factorio.nix
|
||||
|
@ -532,6 +535,7 @@
|
|||
./services/hardware/fancontrol.nix
|
||||
./services/hardware/freefall.nix
|
||||
./services/hardware/fwupd.nix
|
||||
./services/hardware/handheld-daemon.nix
|
||||
./services/hardware/hddfancontrol.nix
|
||||
./services/hardware/illum.nix
|
||||
./services/hardware/interception-tools.nix
|
||||
|
@ -633,6 +637,7 @@
|
|||
./services/matrix/appservice-irc.nix
|
||||
./services/matrix/conduit.nix
|
||||
./services/matrix/dendrite.nix
|
||||
./services/matrix/hebbot.nix
|
||||
./services/matrix/maubot.nix
|
||||
./services/matrix/mautrix-facebook.nix
|
||||
./services/matrix/mautrix-telegram.nix
|
||||
|
@ -832,6 +837,7 @@
|
|||
./services/monitoring/riemann-dash.nix
|
||||
./services/monitoring/riemann-tools.nix
|
||||
./services/monitoring/riemann.nix
|
||||
./services/monitoring/rustdesk-server.nix
|
||||
./services/monitoring/scollector.nix
|
||||
./services/monitoring/smartd.nix
|
||||
./services/monitoring/snmpd.nix
|
||||
|
@ -849,6 +855,7 @@
|
|||
./services/monitoring/vmagent.nix
|
||||
./services/monitoring/vmalert.nix
|
||||
./services/monitoring/vnstat.nix
|
||||
./services/monitoring/watchdogd.nix
|
||||
./services/monitoring/zabbix-agent.nix
|
||||
./services/monitoring/zabbix-proxy.nix
|
||||
./services/monitoring/zabbix-server.nix
|
||||
|
@ -1044,6 +1051,7 @@
|
|||
./services/networking/ntopng.nix
|
||||
./services/networking/ntp/chrony.nix
|
||||
./services/networking/ntp/ntpd.nix
|
||||
./services/networking/ntp/ntpd-rs.nix
|
||||
./services/networking/ntp/openntpd.nix
|
||||
./services/networking/nullidentdmod.nix
|
||||
./services/networking/nylon.nix
|
||||
|
@ -1055,6 +1063,7 @@
|
|||
./services/networking/openvpn.nix
|
||||
./services/networking/ostinato.nix
|
||||
./services/networking/owamp.nix
|
||||
./services/networking/pyload.nix
|
||||
./services/networking/pdns-recursor.nix
|
||||
./services/networking/pdnsd.nix
|
||||
./services/networking/peroxide.nix
|
||||
|
@ -1230,6 +1239,7 @@
|
|||
./services/system/saslauthd.nix
|
||||
./services/system/self-deploy.nix
|
||||
./services/system/systembus-notify.nix
|
||||
./services/system/systemd-lock-handler.nix
|
||||
./services/system/uptimed.nix
|
||||
./services/system/zram-generator.nix
|
||||
./services/torrent/deluge.nix
|
||||
|
@ -1334,10 +1344,12 @@
|
|||
./services/web-apps/plantuml-server.nix
|
||||
./services/web-apps/plausible.nix
|
||||
./services/web-apps/powerdns-admin.nix
|
||||
./services/web-apps/pretalx.nix
|
||||
./services/web-apps/prosody-filer.nix
|
||||
./services/web-apps/restya-board.nix
|
||||
./services/web-apps/rimgo.nix
|
||||
./services/web-apps/sftpgo.nix
|
||||
./services/web-apps/suwayomi-server.nix
|
||||
./services/web-apps/rss-bridge.nix
|
||||
./services/web-apps/selfoss.nix
|
||||
./services/web-apps/shiori.nix
|
||||
|
@ -1465,6 +1477,7 @@
|
|||
./system/boot/stratisroot.nix
|
||||
./system/boot/modprobe.nix
|
||||
./system/boot/networkd.nix
|
||||
./system/boot/uki.nix
|
||||
./system/boot/unl0kr.nix
|
||||
./system/boot/plymouth.nix
|
||||
./system/boot/resolved.nix
|
||||
|
@ -1485,6 +1498,7 @@
|
|||
./system/boot/systemd/repart.nix
|
||||
./system/boot/systemd/shutdown.nix
|
||||
./system/boot/systemd/sysupdate.nix
|
||||
./system/boot/systemd/sysusers.nix
|
||||
./system/boot/systemd/tmpfiles.nix
|
||||
./system/boot/systemd/user.nix
|
||||
./system/boot/systemd/userdbd.nix
|
||||
|
@ -1512,6 +1526,7 @@
|
|||
./tasks/filesystems/nfs.nix
|
||||
./tasks/filesystems/ntfs.nix
|
||||
./tasks/filesystems/reiserfs.nix
|
||||
./tasks/filesystems/sshfs.nix
|
||||
./tasks/filesystems/squashfs.nix
|
||||
./tasks/filesystems/unionfs-fuse.nix
|
||||
./tasks/filesystems/vboxsf.nix
|
||||
|
|
|
@ -39,14 +39,17 @@ with lib;
|
|||
security.apparmor.killUnconfinedConfinables = mkDefault true;
|
||||
|
||||
boot.kernelParams = [
|
||||
# Slab/slub sanity checks, redzoning, and poisoning
|
||||
"slub_debug=FZP"
|
||||
# Don't merge slabs
|
||||
"slab_nomerge"
|
||||
|
||||
# Overwrite free'd memory
|
||||
# Overwrite free'd pages
|
||||
"page_poison=1"
|
||||
|
||||
# Enable page allocator randomization
|
||||
"page_alloc.shuffle=1"
|
||||
|
||||
# Disable debugfs
|
||||
"debugfs=off"
|
||||
];
|
||||
|
||||
boot.blacklistedKernelModules = [
|
||||
|
|
|
@ -39,6 +39,9 @@ with lib;
|
|||
# Allow the user to log in as root without a password.
|
||||
users.users.root.initialHashedPassword = "";
|
||||
|
||||
# Don't require sudo/root to `reboot` or `poweroff`.
|
||||
security.polkit.enable = true;
|
||||
|
||||
# Allow passwordless sudo from nixos user
|
||||
security.sudo = {
|
||||
enable = mkDefault true;
|
||||
|
|
31
nixos/modules/profiles/perlless.nix
Normal file
31
nixos/modules/profiles/perlless.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
# WARNING: If you enable this profile, you will NOT be able to switch to a new
|
||||
# configuration and thus you will not be able to rebuild your system with
|
||||
# nixos-rebuild!
|
||||
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
# Disable switching to a new configuration. This is not a necessary
|
||||
# limitation of a perlless system but just a current one. In the future,
|
||||
# perlless switching might be possible.
|
||||
system.switch.enable = lib.mkDefault false;
|
||||
|
||||
# Remove perl from activation
|
||||
boot.initrd.systemd.enable = lib.mkDefault true;
|
||||
system.etc.overlay.enable = lib.mkDefault true;
|
||||
systemd.sysusers.enable = lib.mkDefault true;
|
||||
|
||||
# Random perl remnants
|
||||
system.disableInstallerTools = lib.mkDefault true;
|
||||
programs.less.lessopen = lib.mkDefault null;
|
||||
programs.command-not-found.enable = lib.mkDefault false;
|
||||
boot.enableContainers = lib.mkDefault false;
|
||||
environment.defaultPackages = lib.mkDefault [ ];
|
||||
documentation.info.enable = lib.mkDefault false;
|
||||
|
||||
# Check that the system does not contain a Nix store path that contains the
|
||||
# string "perl".
|
||||
system.forbiddenDependenciesRegex = "perl";
|
||||
|
||||
}
|
35
nixos/modules/programs/alvr.nix
Normal file
35
nixos/modules/programs/alvr.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.alvr;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.alvr = {
|
||||
enable = mkEnableOption (lib.mdDoc "ALVR, the VR desktop streamer");
|
||||
|
||||
package = mkPackageOption pkgs "alvr" { };
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Whether to open the default ports in the firewall for the ALVR server.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ 9943 9944 ];
|
||||
allowedUDPPorts = [ 9943 9944 ];
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ passivelemon ];
|
||||
}
|
|
@ -90,6 +90,8 @@ in
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.groups.gamemode = { };
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
|
|
@ -9,6 +9,7 @@ in
|
|||
{
|
||||
options = {
|
||||
programs.light = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
|
@ -17,11 +18,60 @@ in
|
|||
and udev rules granting access to members of the "video" group.
|
||||
'';
|
||||
};
|
||||
|
||||
brightnessKeys = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable brightness control with keyboard keys.
|
||||
|
||||
This is mainly useful for minimalistic (desktop) environments. You
|
||||
may want to leave this disabled if you run a feature-rich desktop
|
||||
environment such as KDE, GNOME or Xfce as those handle the
|
||||
brightness keys themselves. However, enabling brightness control
|
||||
with this setting makes the control independent of X, so the keys
|
||||
work in non-graphical ttys, so you might want to consider using this
|
||||
instead of the default offered by the desktop environment.
|
||||
|
||||
Enabling this will turn on {option}`services.actkbd`.
|
||||
'';
|
||||
};
|
||||
|
||||
step = mkOption {
|
||||
type = types.int;
|
||||
default = 10;
|
||||
description = ''
|
||||
The percentage value by which to increase/decrease brightness.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.light ];
|
||||
services.udev.packages = [ pkgs.light ];
|
||||
services.actkbd = mkIf cfg.brightnessKeys.enable {
|
||||
enable = true;
|
||||
bindings = let
|
||||
light = "${pkgs.light}/bin/light";
|
||||
step = toString cfg.brightnessKeys.step;
|
||||
in [
|
||||
{
|
||||
keys = [ 224 ];
|
||||
events = [ "key" ];
|
||||
# Use minimum brightness 0.1 so the display won't go totally black.
|
||||
command = "${light} -N 0.1 && ${light} -U ${step}";
|
||||
}
|
||||
{
|
||||
keys = [ 225 ];
|
||||
events = [ "key" ];
|
||||
command = "${light} -A ${step}";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
15
nixos/modules/programs/mouse-actions.nix
Normal file
15
nixos/modules/programs/mouse-actions.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.programs.mouse-actions;
|
||||
in
|
||||
{
|
||||
options.programs.mouse-actions = {
|
||||
enable = lib.mkEnableOption ''
|
||||
mouse-actions udev rules. This is a prerequisite for using mouse-actions without being root.
|
||||
'';
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.udev.packages = [ pkgs.mouse-actions ];
|
||||
};
|
||||
}
|
36
nixos/modules/programs/nautilus-open-any-terminal.nix
Normal file
36
nixos/modules/programs/nautilus-open-any-terminal.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.programs.nautilus-open-any-terminal;
|
||||
in
|
||||
{
|
||||
options.programs.nautilus-open-any-terminal = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "nautilus-open-any-terminal");
|
||||
|
||||
terminal = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
The terminal emulator to add to context-entry of nautilus. Supported terminal
|
||||
emulators are listed in https://github.com/Stunkymonkey/nautilus-open-any-terminal#supported-terminal-emulators.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
gnome.nautilus-python
|
||||
nautilus-open-any-terminal
|
||||
];
|
||||
programs.dconf = lib.optionalAttrs (cfg.terminal != null) {
|
||||
enable = true;
|
||||
profiles.user.databases = [{
|
||||
settings."com/github/stunkymonkey/nautilus-open-any-terminal".terminal = cfg.terminal;
|
||||
lockAll = true;
|
||||
}];
|
||||
};
|
||||
};
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ stunkymonkey linsui ];
|
||||
};
|
||||
}
|
|
@ -78,11 +78,15 @@ in
|
|||
else settingsFormat.generate "regreet.toml" cfg.settings;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = let
|
||||
group = config.users.users.${config.services.greetd.settings.default_session.user}.group;
|
||||
in [
|
||||
"d /var/log/regreet 0755 greeter ${group} - -"
|
||||
"d /var/cache/regreet 0755 greeter ${group} - -"
|
||||
];
|
||||
systemd.tmpfiles.settings."10-regreet" = let
|
||||
defaultConfig = {
|
||||
user = "greeter";
|
||||
group = config.users.users.${config.services.greetd.settings.default_session.user}.group;
|
||||
mode = "0755";
|
||||
};
|
||||
in {
|
||||
"/var/log/regreet".d = defaultConfig;
|
||||
"/var/cache/regreet".d = defaultConfig;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@ let
|
|||
''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')"
|
||||
export XAUTHORITY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^XAUTHORITY=\(.*\)/\1/; t; d')"
|
||||
export WAYLAND_DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^WAYLAND_DISPLAY=\(.*\)/\1/; t; d')"
|
||||
exec ${cfg.askPassword} "$@"
|
||||
'';
|
||||
|
|
|
@ -72,7 +72,7 @@ services.nginx = {
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
```
|
||||
|
||||
## Using ACME certificates in Apache/httpd {#module-security-acme-httpd}
|
||||
|
@ -111,7 +111,7 @@ services.nginx = {
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
# Alternative config for Apache
|
||||
users.users.wwwrun.extraGroups = [ "acme" ];
|
||||
services.httpd = {
|
||||
|
@ -131,7 +131,7 @@ services.httpd = {
|
|||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
```
|
||||
|
||||
Now you need to configure ACME to generate a certificate.
|
||||
|
@ -181,7 +181,7 @@ services.bind = {
|
|||
extraConfig = "allow-update { key rfc2136key.example.com.; };";
|
||||
}
|
||||
];
|
||||
}
|
||||
};
|
||||
|
||||
# Now we can configure ACME
|
||||
security.acme.acceptTerms = true;
|
||||
|
@ -271,7 +271,7 @@ services.nginx = {
|
|||
acmeRoot = null;
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
```
|
||||
|
||||
And that's it! Next time your configuration is rebuilt, or when
|
||||
|
|
|
@ -897,10 +897,10 @@ in {
|
|||
certs = attrValues cfg.certs;
|
||||
in [
|
||||
{
|
||||
assertion = cfg.email != null || all (certOpts: certOpts.email != null) certs;
|
||||
assertion = cfg.defaults.email != null || all (certOpts: certOpts.email != null) certs;
|
||||
message = ''
|
||||
You must define `security.acme.certs.<name>.email` or
|
||||
`security.acme.email` to register with the CA. Note that using
|
||||
`security.acme.defaults.email` to register with the CA. Note that using
|
||||
many different addresses for certs may trigger account rate limits.
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -867,9 +867,6 @@ let
|
|||
{ name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = {
|
||||
no-autostart = cfg.gnupg.noAutostart;
|
||||
}; }
|
||||
{ name = "cgfs"; enable = config.virtualisation.lxc.lxcfs.enable; control = "optional"; modulePath = "${pkgs.lxc}/lib/security/pam_cgfs.so"; args = [
|
||||
"-c" "all"
|
||||
]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -172,6 +172,13 @@ static int make_caps_ambient(const char *self_path) {
|
|||
int main(int argc, char **argv) {
|
||||
ASSERT(argc >= 1);
|
||||
|
||||
// argv[0] goes into a lot of places, to a far greater degree than other elements
|
||||
// of argv. glibc has had buffer overflows relating to argv[0], eg CVE-2023-6246.
|
||||
// Since we expect the wrappers to be invoked from either $PATH or /run/wrappers/bin,
|
||||
// there should be no reason to pass any particularly large values here, so we can
|
||||
// be strict for strictness' sake.
|
||||
ASSERT(strlen(argv[0]) < 512);
|
||||
|
||||
int debug = getenv(wrapper_debug) != NULL;
|
||||
|
||||
// Drop insecure environment variables explicitly
|
||||
|
|
|
@ -168,7 +168,7 @@ in
|
|||
echo "$PW"
|
||||
# Retype password:
|
||||
echo "$PW"
|
||||
) | ${cfg.package}/bin/pgadmin4-setup
|
||||
) | ${cfg.package}/bin/pgadmin4-cli setup-db
|
||||
'';
|
||||
|
||||
restartTriggers = [
|
||||
|
|
|
@ -64,6 +64,7 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
systemd = {
|
||||
services.gmediarender = {
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
description = "gmediarender server daemon";
|
||||
|
|
|
@ -26,6 +26,7 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
systemd.services.jmusicbot = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
description = "Discord music bot that's easy to set up and run yourself!";
|
||||
serviceConfig = mkMerge [{
|
||||
|
|
|
@ -70,9 +70,10 @@ in {
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' - mopidy mopidy - -"
|
||||
];
|
||||
systemd.tmpfiles.settings."10-mopidy".${cfg.dataDir}.d = {
|
||||
user = "mopidy";
|
||||
group = "mopidy";
|
||||
};
|
||||
|
||||
systemd.services.mopidy = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
@ -53,6 +53,7 @@ in {
|
|||
RuntimeDirectory = "navidrome";
|
||||
RootDirectory = "/run/navidrome";
|
||||
ReadWritePaths = "";
|
||||
BindPaths = lib.optional (cfg.settings ? DataFolder) cfg.settings.DataFolder;
|
||||
BindReadOnlyPaths = [
|
||||
# navidrome uses online services to download additional album metadata / covers
|
||||
"${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
|
@ -50,6 +50,7 @@ in
|
|||
|
||||
systemd.services.spotifyd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" "sound.target" ];
|
||||
description = "spotifyd, a Spotify playing daemon";
|
||||
environment.SHELL = "/bin/sh";
|
||||
|
|
|
@ -50,6 +50,7 @@ in {
|
|||
description = "Standalone MPD Web GUI written in C";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
|
|
|
@ -267,7 +267,7 @@ in {
|
|||
|
||||
systemd.services.buildbot-master = {
|
||||
description = "Buildbot Continuous Integration Server.";
|
||||
after = [ "network-online.target" ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = cfg.packages ++ cfg.pythonPackages python.pkgs;
|
||||
environment.PYTHONPATH = "${python.withPackages (self: cfg.pythonPackages self ++ [ package ])}/${python.sitePackages}";
|
||||
|
|
|
@ -188,6 +188,7 @@ in
|
|||
nameValuePair "gitea-runner-${escapeSystemdPath name}" {
|
||||
inherit (instance) enable;
|
||||
description = "Gitea Actions Runner";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
] ++ optionals (wantsDocker) [
|
||||
|
|
|
@ -153,6 +153,7 @@ with lib;
|
|||
type = types.attrs;
|
||||
description = lib.mdDoc ''
|
||||
Modify the systemd service. Can be used to, e.g., adjust the sandboxing options.
|
||||
See {manpage}`systemd.exec(5)` for more options.
|
||||
'';
|
||||
example = {
|
||||
ProtectHome = false;
|
||||
|
|
|
@ -393,6 +393,7 @@ in
|
|||
systemd.services.hydra-evaluator =
|
||||
{ wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "hydra-init.service" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "hydra-init.service" "network.target" "network-online.target" ];
|
||||
path = with pkgs; [ hydra-package nettools jq ];
|
||||
restartTriggers = [ hydraConf ];
|
||||
|
|
|
@ -143,7 +143,7 @@ in
|
|||
# ConnectionTimeout = 180
|
||||
|
||||
#RemoteServiceName = gds_db
|
||||
RemoteServicePort = ${cfg.port}
|
||||
RemoteServicePort = ${toString cfg.port}
|
||||
|
||||
# randomly choose port for server Event Notification
|
||||
#RemoteAuxPort = 0
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue