diff options
| author | Jonathan Ringer <jonringer117@gmail.com> | 2022-02-08 21:19:24 -0800 |
|---|---|---|
| committer | Jonathan Ringer <jonringer117@gmail.com> | 2022-02-08 21:19:24 -0800 |
| commit | 5df08e00cd308a9a1630656d02ef75ba89b861ed (patch) | |
| tree | 9f15d3f5793b359617fe1c66d298b14c4a4344ee /nixos | |
| parent | 335510eb84fa270800feef5bfef6efb6ef907f8a (diff) | |
| parent | d818fd7e7115f0e0a3d821d454f818d7003ffa36 (diff) | |
| download | nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar.gz nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar.bz2 nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar.lz nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar.xz nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.tar.zst nixlib-5df08e00cd308a9a1630656d02ef75ba89b861ed.zip | |
Merge remote-tracking branch 'origin/master' into staging-next
Conflicts: pkgs/development/python-modules/opensimplex/default.nix pkgs/development/python-modules/pygame-gui/default.nix pkgs/top-level/aliases.nix pkgs/top-level/python-aliases.nix
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 22 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 8 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/programs/command-not-found/command-not-found.pl | 40 | ||||
| -rw-r--r-- | nixos/modules/rename.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/hardware/udev.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/services/misc/autorandr.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/misc/packagekit.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/networking/firewall.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/system/cloud-init.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/shellinabox.nix | 122 | ||||
| -rw-r--r-- | nixos/modules/system/boot/stage-1.nix | 3 |
12 files changed, 80 insertions, 132 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 7783d5f09a2a..695a920b63aa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -242,6 +242,19 @@ </listitem> <listitem> <para> + <literal>pkgs.ghc.withPackages</literal> as well as + <literal>haskellPackages.ghcWithPackages</literal> etc. now + needs be overridden directly, as opposed to overriding the + result of calling it. Additionally, the + <literal>withLLVM</literal> parameter has been renamed to + <literal>useLLVM</literal>. So instead of + <literal>(ghc.withPackages (p: [])).override { withLLVM = true; }</literal>, + one needs to use + <literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>. + </para> + </listitem> + <listitem> + <para> <literal>pkgs.emacsPackages.orgPackages</literal> is removed because org elpa is deprecated. The packages in the top level of <literal>pkgs.emacsPackages</literal>, such as org and @@ -319,6 +332,15 @@ </listitem> <listitem> <para> + <literal>buildGoModule</literal> was updated to use + <literal>go_1_17</literal>, third party derivations that + specify >= go 1.17 in the main <literal>go.mod</literal> + will need to regenerate their <literal>vendorSha256</literal> + hash. + </para> + </listitem> + <listitem> + <para> The <literal>gnome-passwordsafe</literal> package updated to <link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version 6.x</link> and renamed to <literal>gnome-secrets</literal>. diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index da4aaf5a2b5e..0655c2649901 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -81,6 +81,12 @@ In addition to numerous new and upgraded packages, this release has the followin instead to ensure cross compilation keeps working (or switch to `haskellPackages.callPackage`). +- `pkgs.ghc.withPackages` as well as `haskellPackages.ghcWithPackages` etc. + now needs be overridden directly, as opposed to overriding the result of + calling it. Additionally, the `withLLVM` parameter has been renamed to + `useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`, + one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`. + - `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated. The packages in the top level of `pkgs.emacsPackages`, such as org and org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and @@ -105,6 +111,8 @@ In addition to numerous new and upgraded packages, this release has the followin - The `writers.writePython2` and corresponding `writers.writePython2Bin` convenience functions to create executable Python 2 scripts in the store were removed in preparation of removal of the Python 2 interpreter. Scripts have to be converted to Python 3 for use with `writers.writePython3` or `writers.writePyPy2` needs to be used. +- `buildGoModule` was updated to use `go_1_17`, third party derivations that specify >= go 1.17 in the main `go.mod` will need to regenerate their `vendorSha256` hash. + - The `gnome-passwordsafe` package updated to [version 6.x](https://gitlab.gnome.org/World/secrets/-/tags/6.0) and renamed to `gnome-secrets`. - If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index cbc650249127..70964ad80f73 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1075,7 +1075,6 @@ ./services/web-servers/phpfpm/default.nix ./services/web-servers/pomerium.nix ./services/web-servers/unit/default.nix - ./services/web-servers/shellinabox.nix ./services/web-servers/tomcat.nix ./services/web-servers/traefik.nix ./services/web-servers/trafficserver/default.nix diff --git a/nixos/modules/programs/command-not-found/command-not-found.pl b/nixos/modules/programs/command-not-found/command-not-found.pl index 220d057b7f4f..72e246c81ae9 100644 --- a/nixos/modules/programs/command-not-found/command-not-found.pl +++ b/nixos/modules/programs/command-not-found/command-not-found.pl @@ -21,11 +21,24 @@ my $res = $dbh->selectall_arrayref( "select package from Programs where system = ? and name = ?", { Slice => {} }, $system, $program); -if (!defined $res || scalar @$res == 0) { +my $len = !defined $res ? 0 : scalar @$res; + +if ($len == 0) { print STDERR "$program: command not found\n"; -} elsif (scalar @$res == 1) { +} elsif ($len == 1) { my $package = @$res[0]->{package}; if ($ENV{"NIX_AUTO_RUN"} // "") { + if ($ENV{"NIX_AUTO_RUN_INTERACTIVE"} // "") { + while (1) { + print STDERR "'$program' from package '$package' will be run, confirm? [yn]: "; + chomp(my $comfirm = <STDIN>); + if (lc $comfirm eq "n") { + exit 0; + } elsif (lc $comfirm eq "y") { + last; + } + } + } exec("nix-shell", "-p", $package, "--run", shell_quote("exec", @ARGV)); } else { print STDERR <<EOF; @@ -35,11 +48,30 @@ ephemeral shell by typing: EOF } } else { - print STDERR <<EOF; + if ($ENV{"NIX_AUTO_RUN"} // "") { + print STDERR "Select a package that provides '$program':\n"; + for my $i (0 .. $len - 1) { + print STDERR " [", $i + 1, "]: @$res[$i]->{package}\n"; + } + my $choice = 0; + while (1) { # exec will break this loop + no warnings "numeric"; + print STDERR "Your choice [1-${len}]: "; + # 0 can be invalid user input like non-number string + # so we start from 1 + $choice = <STDIN> + 0; + if (1 <= $choice && $choice <= $len) { + exec("nix-shell", "-p", @$res[$choice - 1]->{package}, + "--run", shell_quote("exec", @ARGV)); + } + } + } else { + print STDERR <<EOF; The program '$program' is not in your PATH. It is provided by several packages. You can make it available in an ephemeral shell by typing one of the following: EOF - print STDERR " nix-shell -p $_->{package}\n" foreach @$res; + print STDERR " nix-shell -p $_->{package}\n" foreach @$res; + } } exit 127; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 17ec13b770a8..1315a2e13681 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -88,6 +88,8 @@ with lib; The racoon module has been removed, because the software project was abandoned upstream. '') + (mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.") + # Do NOT add any option renames here, see top of the file ]; } diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index d48b5444677c..61448af2d33b 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -317,7 +317,8 @@ in (isYes "NET") ]; - boot.extraModprobeConfig = "options firmware_class path=${config.hardware.firmware}/lib/firmware"; + # We don't place this into `extraModprobeConfig` so that stage-1 ramdisk doesn't bloat. + environment.etc."modprobe.d/firmware.conf".text = "options firmware_class path=${config.hardware.firmware}/lib/firmware"; system.activationScripts.udevd = '' diff --git a/nixos/modules/services/misc/autorandr.nix b/nixos/modules/services/misc/autorandr.nix index 95cee5046e81..a65c5c9d11cf 100644 --- a/nixos/modules/services/misc/autorandr.nix +++ b/nixos/modules/services/misc/autorandr.nix @@ -43,6 +43,7 @@ in { ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}"; Type = "oneshot"; RemainAfterExit = false; + KillMode = "process"; }; }; diff --git a/nixos/modules/services/misc/packagekit.nix b/nixos/modules/services/misc/packagekit.nix index 93bd206bd983..9191078ef9ca 100644 --- a/nixos/modules/services/misc/packagekit.nix +++ b/nixos/modules/services/misc/packagekit.nix @@ -13,7 +13,7 @@ let (iniFmt.generate "PackageKit.conf" (recursiveUpdate { Daemon = { - DefaultBackend = "test_nop"; + DefaultBackend = "nix"; KeepCache = false; }; } @@ -35,7 +35,7 @@ let in { imports = [ - (mkRemovedOptionModule [ "services" "packagekit" "backend" ] "The only backend that doesn't blow up is `test_nop`.") + (mkRemovedOptionModule [ "services" "packagekit" "backend" ] "Always set to Nix.") ]; options.services.packagekit = { @@ -62,6 +62,8 @@ in services.dbus.packages = with pkgs; [ packagekit ]; + environment.systemPackages = with pkgs; [ packagekit ]; + systemd.packages = with pkgs; [ packagekit ]; environment.etc = listToAttrs (map diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index ff023a888f26..2aa3be16f6e9 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -326,7 +326,7 @@ in type = types.package; default = pkgs.iptables; defaultText = literalExpression "pkgs.iptables"; - example = literalExpression "pkgs.iptables-nftables-compat"; + example = literalExpression "pkgs.iptables-legacy"; description = '' The iptables package to use for running the firewall service." diff --git a/nixos/modules/services/system/cloud-init.nix b/nixos/modules/services/system/cloud-init.nix index d05dfcfc42d8..8c6a6e294ebb 100644 --- a/nixos/modules/services/system/cloud-init.nix +++ b/nixos/modules/services/system/cloud-init.nix @@ -143,7 +143,7 @@ in "sshd.service" "sshd-keygen.service" ]; after = [ "network-online.target" "cloud-init-local.service" ]; before = [ "sshd.service" "sshd-keygen.service" ]; - requires = [ "network.target "]; + requires = [ "network.target"]; path = path; serviceConfig = { Type = "oneshot"; diff --git a/nixos/modules/services/web-servers/shellinabox.nix b/nixos/modules/services/web-servers/shellinabox.nix deleted file mode 100644 index c7c51f873eba..000000000000 --- a/nixos/modules/services/web-servers/shellinabox.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.shellinabox; - - # If a certificate file is specified, shellinaboxd requires - # a file descriptor to retrieve it - fd = "3"; - createFd = optionalString (cfg.certFile != null) "${fd}<${cfg.certFile}"; - - # Command line arguments for the shellinabox daemon - args = [ "--background" ] - ++ optional (! cfg.enableSSL) "--disable-ssl" - ++ optional (cfg.certFile != null) "--cert-fd=${fd}" - ++ optional (cfg.certDirectory != null) "--cert=${cfg.certDirectory}" - ++ cfg.extraOptions; - - # Command to start shellinaboxd - cmd = "${pkgs.shellinabox}/bin/shellinaboxd ${concatStringsSep " " args}"; - - # Command to start shellinaboxd if certFile is specified - wrappedCmd = "${pkgs.bash}/bin/bash -c 'exec ${createFd} && ${cmd}'"; - -in - -{ - - ###### interface - - options = { - services.shellinabox = { - enable = mkEnableOption "shellinabox daemon"; - - user = mkOption { - type = types.str; - default = "root"; - description = '' - User to run shellinaboxd as. If started as root, the server drops - privileges by changing to nobody, unless overridden by the - <literal>--user</literal> option. - ''; - }; - - enableSSL = mkOption { - type = types.bool; - default = false; - description = '' - Whether or not to enable SSL (https) support. - ''; - }; - - certDirectory = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/certs"; - description = '' - The daemon will look in this directory far any certificates. - If the browser negotiated a Server Name Identification the daemon - will look for a matching certificate-SERVERNAME.pem file. If no SNI - handshake takes place, it will fall back on using the certificate in the - certificate.pem file. - - If no suitable certificate is installed, shellinaboxd will attempt to - create a new self-signed certificate. This will only succeed if, after - dropping privileges, shellinaboxd has write permissions for this - directory. - ''; - }; - - certFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/certificate.pem"; - description = "Path to server SSL certificate."; - }; - - extraOptions = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "--port=443" "--service /:LOGIN" ]; - description = '' - A list of strings to be appended to the command line arguments - for shellinaboxd. Please see the manual page - <link xlink:href="https://code.google.com/p/shellinabox/wiki/shellinaboxd_man"/> - for a full list of available arguments. - ''; - }; - - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - - assertions = - [ { assertion = cfg.enableSSL == true - -> cfg.certDirectory != null || cfg.certFile != null; - message = "SSL is enabled for shellinabox, but no certDirectory or certFile has been specefied."; } - { assertion = ! (cfg.certDirectory != null && cfg.certFile != null); - message = "Cannot set both certDirectory and certFile for shellinabox."; } - ]; - - systemd.services.shellinaboxd = { - description = "Shellinabox Web Server Daemon"; - - wantedBy = [ "multi-user.target" ]; - requires = [ "sshd.service" ]; - after = [ "sshd.service" ]; - - serviceConfig = { - Type = "forking"; - User = "${cfg.user}"; - ExecStart = "${if cfg.certFile == null then "${cmd}" else "${wrappedCmd}"}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - }; - }; - }; -} diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 9c684fbada2c..1575c0257d1c 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -350,6 +350,9 @@ let ''; symlink = "/etc/modprobe.d/ubuntu.conf"; } + { object = config.environment.etc."modprobe.d/nixos.conf".source; + symlink = "/etc/modprobe.d/nixos.conf"; + } { object = pkgs.kmod-debian-aliases; symlink = "/etc/modprobe.d/debian.conf"; } |