diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-03-11 00:43:18 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-03-11 00:43:18 +0000 |
| commit | a6dea5a6f496ea38f56e3c3b4c5d628361cc029f (patch) | |
| tree | 8300ad67b0135e6816ab38a6ac6f8fdaeccda2f0 /nixpkgs/nixos | |
| parent | 8779e0045c9f218caeb1dd1bcdc87e2715ed5be5 (diff) | |
| parent | 5d3fd3674a66c5b1ada63e2eace140519849c967 (diff) | |
| download | nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar.gz nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar.bz2 nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar.lz nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar.xz nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.tar.zst nixlib-a6dea5a6f496ea38f56e3c3b4c5d628361cc029f.zip | |
Merge commit '5d3fd3674a66c5b1ada63e2eace140519849c967'
Diffstat (limited to 'nixpkgs/nixos')
39 files changed, 572 insertions, 133 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/wireless.xml b/nixpkgs/nixos/doc/manual/configuration/wireless.xml index f7e99ff0e35c..dda2193dd93a 100644 --- a/nixpkgs/nixos/doc/manual/configuration/wireless.xml +++ b/nixpkgs/nixos/doc/manual/configuration/wireless.xml @@ -36,8 +36,25 @@ </para> <para> - If you are using WPA2 the <command>wpa_passphrase</command> tool might be - useful to generate the <literal>wpa_supplicant.conf</literal>. + If you are using WPA2 you can generate pskRaw key using + <command>wpa_passphrase</command>: +<screen> +$ wpa_passphrase ESSID PSK +network={ + ssid="echelon" + #psk="abcdefgh" + psk=dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435 +} +</screen> +<programlisting> +<xref linkend="opt-networking.wireless.networks"/> = { + echelon = { + pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435"; + }; +} +</programlisting> + or you can use it to directly generate the + <literal>wpa_supplicant.conf</literal>: <screen> # wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf</screen> After you have edited the <literal>wpa_supplicant.conf</literal>, you need to diff --git a/nixpkgs/nixos/doc/manual/default.nix b/nixpkgs/nixos/doc/manual/default.nix index 02b91773f5da..4e0d486e94c8 100644 --- a/nixpkgs/nixos/doc/manual/default.nix +++ b/nixpkgs/nixos/doc/manual/default.nix @@ -327,6 +327,7 @@ in rec { # Generate manpages. mkdir -p $out/share/man xsltproc --nonet \ + --maxdepth 6000 \ --param man.output.in.separate.dir 1 \ --param man.output.base.dir "'$out/share/man/'" \ --param man.endnotes.are.numbered 0 \ diff --git a/nixpkgs/nixos/doc/manual/installation/installing.xml b/nixpkgs/nixos/doc/manual/installation/installing.xml index 8e94f946c5ee..f4f8d470f802 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing.xml +++ b/nixpkgs/nixos/doc/manual/installation/installing.xml @@ -378,6 +378,10 @@ the grub menu. </para> <para> + If you need to configure networking for your machine the configuration + options are described in <xref linkend="sec-networking"/>. + </para> + <para> Another critical option is <option>fileSystems</option>, specifying the file systems that need to be mounted by NixOS. However, you typically don’t need to set it yourself, because diff --git a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml index b6a247286d4b..654b5f4b2840 100644 --- a/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixpkgs/nixos/doc/manual/man-nixos-rebuild.xml @@ -39,6 +39,10 @@ </arg> <arg choice='plain'> + <option>edit</option> + </arg> + + <arg choice='plain'> <option>build-vm</option> </arg> @@ -190,6 +194,16 @@ $ nix-build /path/to/nixpkgs/nixos -A system </varlistentry> <varlistentry> <term> + <option>edit</option> + </term> + <listitem> + <para> + Opens <filename>configuration.nix</filename> in the default editor. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <option>build-vm</option> </term> <listitem> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1903.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1903.xml index 78fb52371715..bccd6bce4edd 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1903.xml @@ -184,6 +184,20 @@ </listitem> <listitem> <para> + The <varname>buildPythonPackage</varname> function now sets <varname>strictDeps = true</varname> + to help distinguish between native and non-native dependencies in order to + improve cross-compilation compatibility. Note however that this may break + user expressions. + </para> + </listitem> + <listitem> + <para> + The <varname>buildPythonPackage</varname> function now sets <varname>LANG = C.UTF-8</varname> + to enable Unicode support. The <varname>glibcLocales</varname> package is no longer needed as a build input. + </para> + </listitem> + <listitem> + <para> The Syncthing state and configuration data has been moved from <varname>services.syncthing.dataDir</varname> to the newly defined <varname>services.syncthing.configDir</varname>, which default to @@ -465,6 +479,11 @@ been removed. </para> </listitem> + <listitem> + <para> + <literal>graylog</literal> has been upgraded from version 2.* to 3.*. Some setups making use of extraConfig (especially those exposing Graylog via reverse proxies) need to be updated as upstream removed/replaced some settings. See <link xlink:href="http://docs.graylog.org/en/3.0/pages/upgrade/graylog-3.0.html#simplified-http-interface-configuration">Upgrading Graylog</link> for details. + </para> + </listitem> </itemizedlist> </section> @@ -658,6 +677,14 @@ This may break some older applications that still rely on those symbols. An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>. </para> + <para> + The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>. + </para> + </listitem> + <listitem> + <para> + A new subcommand <command>nixos-rebuild edit</command> was added. + </para> </listitem> </itemizedlist> </section> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1909.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1909.xml index baf08d70bfb0..f54592b6bf6c 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1909.xml @@ -51,7 +51,17 @@ <itemizedlist> <listitem> - <para /> + <para> + The <option>documentation</option> module gained an option named + <option>documentation.nixos.includeAllModules</option> which makes the generated + <citerefentry><refentrytitle>configuration.nix</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> manual page include all options from all NixOS modules + included in a given <literal>configuration.nix</literal> configuration file. Currently, it is + set to <literal>false</literal> by default as enabling it frequently prevents evaluation. But + the plan is to eventually have it set to <literal>true</literal> by default. Please set it to + <literal>true</literal> now in your <literal>configuration.nix</literal> and fix all the bugs + it uncovers. + </para> </listitem> </itemizedlist> </section> diff --git a/nixpkgs/nixos/lib/eval-config.nix b/nixpkgs/nixos/lib/eval-config.nix index 5f05b037bdde..77490ca3762a 100644 --- a/nixpkgs/nixos/lib/eval-config.nix +++ b/nixpkgs/nixos/lib/eval-config.nix @@ -51,7 +51,7 @@ in rec { # system configuration. inherit (lib.evalModules { inherit prefix check; - modules = modules ++ extraModules ++ baseModules ++ [ pkgsModule ]; + modules = baseModules ++ extraModules ++ [ pkgsModule ] ++ modules; args = extraArgs; specialArgs = { modulesPath = builtins.toString ../modules; } // specialArgs; @@ -60,7 +60,7 @@ in rec { # These are the extra arguments passed to every module. In # particular, Nixpkgs is passed through the "pkgs" argument. extraArgs = extraArgs_ // { - inherit modules baseModules; + inherit baseModules extraModules modules; }; inherit (config._module.args) pkgs; diff --git a/nixpkgs/nixos/modules/config/no-x-libs.nix b/nixpkgs/nixos/modules/config/no-x-libs.nix index 37e66c645429..9d2023477020 100644 --- a/nixpkgs/nixos/modules/config/no-x-libs.nix +++ b/nixpkgs/nixos/modules/config/no-x-libs.nix @@ -34,7 +34,7 @@ with lib; networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; - pinentry = super.pinentry_ncurses; + pinentry = super.pinentry.override { gtk2 = null; qt = null; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; }; })); }; diff --git a/nixpkgs/nixos/modules/hardware/video/nvidia.nix b/nixpkgs/nixos/modules/hardware/video/nvidia.nix index 6ba8130af71f..80ea7bc5d5c9 100644 --- a/nixpkgs/nixos/modules/hardware/video/nvidia.nix +++ b/nixpkgs/nixos/modules/hardware/video/nvidia.nix @@ -172,6 +172,11 @@ in environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] ++ lib.filter (p: p != null) [ nvidia_x11.persistenced ]; + systemd.tmpfiles.rules = optional config.virtualisation.docker.enableNvidia + "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin" + ++ optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia) + "L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced"; + boot.extraModulePackages = [ nvidia_x11.bin ]; # nvidia-uvm is required by CUDA applications. diff --git a/nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh b/nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh index 27e5b5d8c704..6a08c9b4c6c6 100644 --- a/nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh @@ -267,6 +267,14 @@ if [ -n "$rollback" -o "$action" = dry-build ]; then buildNix= fi +nixSystem() { + machine="$(uname -m)" + if [[ "$machine" =~ i.86 ]]; then + machine=i686 + fi + echo $machine-linux +} + prebuiltNix() { machine="$1" if [ "$machine" = x86_64 ]; then @@ -286,7 +294,9 @@ if [ -n "$buildNix" ]; then nixDrv= if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then - nixStorePath="$(prebuiltNix "$(uname -m)")" + if ! nixStorePath="$(nix-instantiate --eval '<nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix>' -A $(nixSystem) | sed -e 's/^"//' -e 's/"$//')"; then + nixStorePath="$(prebuiltNix "$(uname -m)")" + fi if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \ --option extra-binary-caches https://cache.nixos.org/; then echo "warning: don't know how to get latest Nix" >&2 diff --git a/nixpkgs/nixos/modules/misc/documentation.nix b/nixpkgs/nixos/modules/misc/documentation.nix index 9b2e1235b748..834ac0de9121 100644 --- a/nixpkgs/nixos/modules/misc/documentation.nix +++ b/nixpkgs/nixos/modules/misc/documentation.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, baseModules, ... }: +{ config, lib, pkgs, baseModules, extraModules, modules, ... }: with lib; @@ -6,6 +6,8 @@ let cfg = config.documentation; + manualModules = baseModules ++ optionals cfg.nixos.includeAllModules (extraModules ++ modules); + /* For the purpose of generating docs, evaluate options with each derivation in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}". It isn't perfect, but it seems to cover a vast majority of use cases. @@ -18,7 +20,7 @@ let options = let scrubbedEval = evalModules { - modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules; + modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ manualModules; args = (config._module.args) // { modules = [ ]; }; specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; }; }; @@ -146,6 +148,17 @@ in ''; }; + nixos.includeAllModules = mkOption { + type = types.bool; + default = false; + description = '' + Whether the generated NixOS's documentation should include documentation for all + the options from all the NixOS modules included in the current + <literal>configuration.nix</literal>. Disabling this will make the manual + generator to ignore options defined outside of <literal>baseModules</literal>. + ''; + }; + }; }; diff --git a/nixpkgs/nixos/modules/module-list.nix b/nixpkgs/nixos/modules/module-list.nix index da09f528fb9f..01c2f674c675 100644 --- a/nixpkgs/nixos/modules/module-list.nix +++ b/nixpkgs/nixos/modules/module-list.nix @@ -189,6 +189,7 @@ ./services/backup/duplicati.nix ./services/backup/crashplan.nix ./services/backup/crashplan-small-business.nix + ./services/backup/duplicity.nix ./services/backup/mysql-backup.nix ./services/backup/postgresql-backup.nix ./services/backup/restic.nix @@ -268,6 +269,7 @@ ./services/desktops/gnome3/gnome-online-accounts.nix ./services/desktops/gnome3/gnome-remote-desktop.nix ./services/desktops/gnome3/gnome-online-miners.nix + ./services/desktops/gnome3/gnome-settings-daemon.nix ./services/desktops/gnome3/gnome-terminal-server.nix ./services/desktops/gnome3/gnome-user-share.nix ./services/desktops/gnome3/gpaste.nix @@ -529,6 +531,7 @@ ./services/networking/cntlm.nix ./services/networking/connman.nix ./services/networking/consul.nix + ./services/networking/coredns.nix ./services/networking/coturn.nix ./services/networking/dante.nix ./services/networking/ddclient.nix diff --git a/nixpkgs/nixos/modules/programs/fish.nix b/nixpkgs/nixos/modules/programs/fish.nix index 03d6c26c8c87..bcb5a3f341b5 100644 --- a/nixpkgs/nixos/modules/programs/fish.nix +++ b/nixpkgs/nixos/modules/programs/fish.nix @@ -172,7 +172,7 @@ in programs.fish.interactiveShellInit = '' # add completions generated by NixOS to $fish_complete_path begin - # joins with null byte to acommodate all characters in paths, then respectively gets all paths before / after the first one including "generated_completions", + # joins with null byte to acommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions", # splits by null byte, and then removes all empty lines produced by using 'string' set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".") set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".") @@ -182,13 +182,28 @@ in environment.etc."fish/generated_completions".source = let + patchedGenerator = pkgs.stdenv.mkDerivation { + name = "fish_patched-completion-generator"; + srcs = [ + "${pkgs.fish}/share/fish/tools/create_manpage_completions.py" + "${pkgs.fish}/share/fish/tools/deroff.py" + ]; + unpackCmd = "cp $curSrc $(basename $curSrc)"; + sourceRoot = "."; + patches = [ ./fish_completion-generator.patch ]; # to prevent collisions of identical completion files + dontBuild = true; + installPhase = '' + mkdir -p $out + cp * $out/ + ''; + preferLocalBuild = true; + allowSubstitutes = false; + }; generateCompletions = package: pkgs.runCommand - "${package.name}-fish-completions" + "${package.name}_fish-completions" ( { - src = package; - nativeBuildInputs = [ pkgs.python3 ]; - buildInputs = [ pkgs.fish ]; + inherit package; preferLocalBuild = true; allowSubstitutes = false; } @@ -196,13 +211,14 @@ in ) '' mkdir -p $out - if [ -d $src/share/man ]; then - find $src/share/man -type f | xargs python ${pkgs.fish}/share/fish/tools/create_manpage_completions.py --directory $out >/dev/null + if [ -d $package/share/man ]; then + find $package/share/man -type f | xargs ${pkgs.python3.interpreter} ${patchedGenerator}/create_manpage_completions.py --directory $out >/dev/null fi ''; in pkgs.buildEnv { - name = "system-fish-completions"; + name = "system_fish-completions"; + ignoreCollisions = true; paths = map generateCompletions config.environment.systemPackages; }; diff --git a/nixpkgs/nixos/modules/programs/fish_completion-generator.patch b/nixpkgs/nixos/modules/programs/fish_completion-generator.patch new file mode 100644 index 000000000000..a8c797d185a6 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/fish_completion-generator.patch @@ -0,0 +1,11 @@ +--- a/create_manpage_completions.py ++++ b/create_manpage_completions.py +@@ -776,8 +776,6 @@ def parse_manpage_at_path(manpage_path, output_directory): + + built_command_output.insert(0, "# " + CMDNAME) + +- # Output the magic word Autogenerated so we can tell if we can overwrite this +- built_command_output.insert(1, "# Autogenerated from man page " + manpage_path) + # built_command_output.insert(2, "# using " + parser.__class__.__name__) # XXX MISATTRIBUTES THE CULPABILE PARSER! Was really using Type2 but reporting TypeDeroffManParser + + for line in built_command_output: diff --git a/nixpkgs/nixos/modules/services/backup/duplicity.nix b/nixpkgs/nixos/modules/services/backup/duplicity.nix new file mode 100644 index 000000000000..a8d564248623 --- /dev/null +++ b/nixpkgs/nixos/modules/services/backup/duplicity.nix @@ -0,0 +1,141 @@ +{ config, lib, pkgs, ...}: + +with lib; + +let + cfg = config.services.duplicity; + + stateDirectory = "/var/lib/duplicity"; + + localTarget = if hasPrefix "file://" cfg.targetUrl + then removePrefix "file://" cfg.targetUrl else null; + +in { + options.services.duplicity = { + enable = mkEnableOption "backups with duplicity"; + + root = mkOption { + type = types.path; + default = "/"; + description = '' + Root directory to backup. + ''; + }; + + include = mkOption { + type = types.listOf types.str; + default = []; + example = [ "/home" ]; + description = '' + List of paths to include into the backups. See the FILE SELECTION + section in <citerefentry><refentrytitle>duplicity</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> for details on the syntax. + ''; + }; + + exclude = mkOption { + type = types.listOf types.str; + default = []; + description = '' + List of paths to exclude from backups. See the FILE SELECTION section in + <citerefentry><refentrytitle>duplicity</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> for details on the syntax. + ''; + }; + + targetUrl = mkOption { + type = types.str; + example = "s3://host:port/prefix"; + description = '' + Target url to backup to. See the URL FORMAT section in + <citerefentry><refentrytitle>duplicity</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> for supported urls. + ''; + }; + + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path of a file containing secrets (gpg passphrase, access key...) in + the format of EnvironmentFile as described by + <citerefentry><refentrytitle>systemd.exec</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. For example: + <programlisting> + PASSPHRASE=<replaceable>...</replaceable> + AWS_ACCESS_KEY_ID=<replaceable>...</replaceable> + AWS_SECRET_ACCESS_KEY=<replaceable>...</replaceable> + </programlisting> + ''; + }; + + frequency = mkOption { + type = types.nullOr types.str; + default = "daily"; + description = '' + Run duplicity with the given frequency (see + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> for the format). + If null, do not run automatically. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = [ "--full-if-older-than" "1M" ]; + description = '' + Extra command-line flags passed to duplicity. See + <citerefentry><refentrytitle>duplicity</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd = { + services.duplicity = { + description = "backup files with duplicity"; + + environment.HOME = stateDirectory; + + serviceConfig = { + ExecStart = '' + ${pkgs.duplicity}/bin/duplicity ${escapeShellArgs ( + [ + cfg.root + cfg.targetUrl + "--archive-dir" stateDirectory + ] + ++ concatMap (p: [ "--include" p ]) cfg.include + ++ concatMap (p: [ "--exclude" p ]) cfg.exclude + ++ cfg.extraFlags)} + ''; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = "read-only"; + StateDirectory = baseNameOf stateDirectory; + } // optionalAttrs (localTarget != null) { + ReadWritePaths = localTarget; + } // optionalAttrs (cfg.secretFile != null) { + EnvironmentFile = cfg.secretFile; + }; + } // optionalAttrs (cfg.frequency != null) { + startAt = cfg.frequency; + }; + + tmpfiles.rules = optional (localTarget != null) "d ${localTarget} 0700 root root -"; + }; + + assertions = singleton { + # Duplicity will fail if the last file selection option is an include. It + # is not always possible to detect but this simple case can be caught. + assertion = cfg.include != [] -> cfg.exclude != [] || cfg.extraFlags != []; + message = '' + Duplicity will fail if you only specify included paths ("Because the + default is to include all files, the expression is redundant. Exiting + because this probably isn't what you meant.") + ''; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix new file mode 100644 index 000000000000..dbf0f4e9b118 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktops/gnome3/gnome-settings-daemon.nix @@ -0,0 +1,45 @@ +# GNOME Settings Daemon + +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.gnome3.gnome-settings-daemon; + +in + +{ + + ###### interface + + options = { + + services.gnome3.gnome-settings-daemon = { + + enable = mkEnableOption "GNOME Settings Daemon."; + + # There are many forks of gnome-settings-daemon + package = mkOption { + type = types.package; + default = pkgs.gnome3.gnome-settings-daemon; + description = "Which gnome-settings-daemon package to use."; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [ cfg.package ]; + + services.udev.packages = [ cfg.package ]; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/hardware/thinkfan.nix b/nixpkgs/nixos/modules/services/hardware/thinkfan.nix index d17121ca1c5b..7c105e99ca54 100644 --- a/nixpkgs/nixos/modules/services/hardware/thinkfan.nix +++ b/nixpkgs/nixos/modules/services/hardware/thinkfan.nix @@ -47,6 +47,8 @@ let ${cfg.levels} ''; + thinkfan = pkgs.thinkfan.override { smartSupport = cfg.smartSupport; }; + in { options = { @@ -61,6 +63,15 @@ in { ''; }; + smartSupport = mkOption { + type = types.bool; + default = false; + description = '' + Whether to build thinkfan with SMART support to read temperatures + directly from hard disks. + ''; + }; + sensors = mkOption { type = types.lines; default = '' @@ -77,7 +88,7 @@ in { Which may be provided by any hwmon drivers (keyword hwmon) - S.M.A.R.T. (since 0.9 and requires the USE_ATASMART compilation flag) + S.M.A.R.T. (requires smartSupport to be enabled) Which reads the temperature directly from the hard disk using libatasmart (keyword atasmart) @@ -125,18 +136,17 @@ in { config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.thinkfan ]; + environment.systemPackages = [ thinkfan ]; systemd.services.thinkfan = { description = "Thinkfan"; after = [ "basic.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.thinkfan ]; - serviceConfig.ExecStart = "${pkgs.thinkfan}/bin/thinkfan -n -c ${configFile}"; + path = [ thinkfan ]; + serviceConfig.ExecStart = "${thinkfan}/bin/thinkfan -n -c ${configFile}"; }; boot.extraModprobeConfig = "options thinkpad_acpi experimental=1 fan_control=1"; }; - } diff --git a/nixpkgs/nixos/modules/services/mail/rmilter.nix b/nixpkgs/nixos/modules/services/mail/rmilter.nix index 492c64583219..466365b6b305 100644 --- a/nixpkgs/nixos/modules/services/mail/rmilter.nix +++ b/nixpkgs/nixos/modules/services/mail/rmilter.nix @@ -8,7 +8,7 @@ let postfixCfg = config.services.postfix; cfg = config.services.rmilter; - inetSocket = addr: port: "inet:[${toString port}@${addr}]"; + inetSocket = addr: port: "inet:${addr}:${toString port}"; unixSocket = sock: "unix:${sock}"; systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path @@ -97,7 +97,7 @@ in bindSocket.address = mkOption { type = types.str; - default = "::1"; + default = "[::1]"; example = "0.0.0.0"; description = '' Inet address to listen on. diff --git a/nixpkgs/nixos/modules/services/misc/home-assistant.nix b/nixpkgs/nixos/modules/services/misc/home-assistant.nix index 95a7f2ea989b..7f8d31bcf0b8 100644 --- a/nixpkgs/nixos/modules/services/misc/home-assistant.nix +++ b/nixpkgs/nixos/modules/services/misc/home-assistant.nix @@ -9,13 +9,13 @@ let configJSON = pkgs.writeText "configuration.json" (builtins.toJSON (if cfg.applyDefaultConfig then (recursiveUpdate defaultConfig cfg.config) else cfg.config)); - configFile = pkgs.runCommand "configuration.yaml" { } '' + configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } '' ${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out ''; lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json" (builtins.toJSON cfg.lovelaceConfig); - lovelaceConfigFile = pkgs.runCommand "ui-lovelace.yaml" { } '' + lovelaceConfigFile = pkgs.runCommand "ui-lovelace.yaml" { preferLocalBuild = true; } '' ${pkgs.remarshal}/bin/json2yaml -i ${lovelaceConfigJSON} -o $out ''; @@ -29,14 +29,24 @@ let # platform = "luftdaten"; # ... # } ]; + # + # Beginning with 0.87 Home Assistant is migrating their components to the + # scheme "platform.subComponent", e.g. "hue.light" instead of "light.hue". + # See https://developers.home-assistant.io/blog/2019/02/19/the-great-migration.html. + # Hence, we also check whether we find an entry in the config when interpreting + # the first part of the path as the component. useComponentPlatform = component: let path = splitString "." component; + # old: platform is the last part of path parentConfig = attrByPath (init path) null cfg.config; platform = last path; - in isList parentConfig && any - (item: item.platform or null == platform) - parentConfig; + # new: platform is the first part of the path + parentConfig' = attrByPath (tail path) null cfg.config; + platform' = head path; + in + (isList parentConfig && any (item: item.platform or null == platform) parentConfig) + || (isList parentConfig' && any (item: item.platform or null == platform') parentConfig'); # Returns whether component is used in config useComponent = component: diff --git a/nixpkgs/nixos/modules/services/misc/redmine.nix b/nixpkgs/nixos/modules/services/misc/redmine.nix index 98e9c8953c84..c38138d7c978 100644 --- a/nixpkgs/nixos/modules/services/misc/redmine.nix +++ b/nixpkgs/nixos/modules/services/misc/redmine.nix @@ -234,10 +234,33 @@ in environment.systemPackages = [ cfg.package ]; + # create symlinks for the basic directory layout the redmine package expects + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/config' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/files' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/plugins' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/public' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/public/plugin_assets' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/public/themes' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -" + + "d /run/redmine - - - - -" + "d /run/redmine/public - - - - -" + "L+ /run/redmine/config - - - - ${cfg.stateDir}/config" + "L+ /run/redmine/files - - - - ${cfg.stateDir}/files" + "L+ /run/redmine/log - - - - ${cfg.stateDir}/log" + "L+ /run/redmine/plugins - - - - ${cfg.stateDir}/plugins" + "L+ /run/redmine/public/plugin_assets - - - - ${cfg.stateDir}/public/plugin_assets" + "L+ /run/redmine/public/themes - - - - ${cfg.stateDir}/public/themes" + "L+ /run/redmine/tmp - - - - ${cfg.stateDir}/tmp" + ]; + systemd.services.redmine = { after = [ "network.target" (if cfg.database.type == "mysql2" then "mysql.service" else "postgresql.service") ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = "${cfg.package}/share/redmine"; environment.RAILS_ENV = "production"; environment.RAILS_CACHE = "${cfg.stateDir}/cache"; environment.REDMINE_LANG = "en"; @@ -252,28 +275,16 @@ in subversion ]; preStart = '' - # ensure cache directory exists for db:migrate command - mkdir -p "${cfg.stateDir}/cache" - - # create the basic directory layout the redmine package expects - mkdir -p /run/redmine/public - - for i in config files log plugins tmp; do - mkdir -p "${cfg.stateDir}/$i" - ln -fs "${cfg.stateDir}/$i" /run/redmine/ - done - - for i in plugin_assets themes; do - mkdir -p "${cfg.stateDir}/public/$i" - ln -fs "${cfg.stateDir}/public/$i" /run/redmine/public/ - done - + rm -rf "${cfg.stateDir}/plugins/"* + rm -rf "${cfg.stateDir}/public/themes/"* # start with a fresh config directory # the config directory is copied instead of linked as some mutable data is stored in there - rm -rf "${cfg.stateDir}/config/"* + find "${cfg.stateDir}/config" ! -name "secret_token.rb" -type f -exec rm -f {} + cp -r ${cfg.package}/share/redmine/config.dist/* "${cfg.stateDir}/config/" + chmod -R u+w "${cfg.stateDir}/config" + # link in the application configuration ln -fs ${configurationYml} "${cfg.stateDir}/config/configuration.yml" @@ -282,7 +293,6 @@ in # link in all user specified themes - rm -rf "${cfg.stateDir}/public/themes/"* for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do ln -fs $theme/* "${cfg.stateDir}/public/themes" done @@ -292,16 +302,11 @@ in # link in all user specified plugins - rm -rf "${cfg.stateDir}/plugins/"* for plugin in ${concatStringsSep " " (mapAttrsToList unpackPlugin cfg.plugins)}; do ln -fs $plugin/* "${cfg.stateDir}/plugins/''${plugin##*-redmine-plugin-}" done - # ensure correct permissions for most files - chmod -R ug+rwX,o-rwx+x "${cfg.stateDir}/" - - # handle database.passwordFile & permissions DBPASS=$(head -n1 ${cfg.database.passwordFile}) cp -f ${databaseYml} "${cfg.stateDir}/config/database.yml" @@ -315,25 +320,13 @@ in chmod 440 "${cfg.stateDir}/config/initializers/secret_token.rb" fi - - # ensure everything is owned by ${cfg.user} - chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}" - - # execute redmine required commands prior to starting the application - # NOTE: su required in case using mysql socket authentication - /run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake db:migrate' - /run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake redmine:plugins:migrate' - /run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake redmine:load_default_data' - - - # log files don't exist until after first command has been executed - # correct ownership of files generated by calling exec rake ... - chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}/log" + ${bundle} exec rake db:migrate + ${bundle} exec rake redmine:plugins:migrate + ${bundle} exec rake redmine:load_default_data ''; serviceConfig = { - PermissionsStartOnly = true; # preStart must be run as root Type = "simple"; User = cfg.user; Group = cfg.group; @@ -348,7 +341,6 @@ in { name = "redmine"; group = cfg.group; home = cfg.stateDir; - createHome = true; uid = config.ids.uids.redmine; }); diff --git a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix index a4d29d45bacf..b4ac0ca184db 100644 --- a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix @@ -202,7 +202,7 @@ in { }; }; config = mkIf cfg.enable { - environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps ]; + environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ]; users.extraUsers.datadog = { description = "Datadog Agent User"; @@ -216,7 +216,7 @@ in { systemd.services = let makeService = attrs: recursiveUpdate { - path = [ datadogPkg pkgs.python pkgs.sysstat pkgs.procps ]; + path = [ datadogPkg pkgs.python pkgs.sysstat pkgs.procps pkgs.iproute ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "datadog"; @@ -260,7 +260,7 @@ in { path = [ ]; script = '' export DD_API_KEY=$(head -n 1 ${cfg.apiKeyFile}) - ${pkgs.datadog-trace-agent}/bin/trace-agent -config /etc/datadog-agent/datadog.yaml + ${datadogPkg}/bin/trace-agent -config /etc/datadog-agent/datadog.yaml ''; }); diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix index 43b4a41eaf33..7d790b6b590b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -106,7 +106,8 @@ in { type = types.str; default = ""; description = '' - Address to listen on for the web interface and API. + Address to listen on for the web interface and API. Empty string will listen on all interfaces. + "localhost" will listen on 127.0.0.1 (but not ::1). ''; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix index 93d2d7fcd975..79c4b7aee066 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix @@ -155,7 +155,7 @@ in }; programs = mkOption { default = getBin pkgs.openafs; - defaultText = "config.boot.kernelPackages.openafs"; + defaultText = "getBin pkgs.openafs"; type = types.package; description = "OpenAFS programs package. MUST match the kernel module package!"; }; diff --git a/nixpkgs/nixos/modules/services/networking/coredns.nix b/nixpkgs/nixos/modules/services/networking/coredns.nix new file mode 100644 index 000000000000..afb2b547a465 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/coredns.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.coredns; + configFile = pkgs.writeText "Corefile" cfg.config; +in { + options.services.coredns = { + enable = mkEnableOption "Coredns dns server"; + + config = mkOption { + default = ""; + example = '' + . { + whoami + } + ''; + type = types.lines; + description = "Verbatim Corefile to use. See <link xlink:href=\"https://coredns.io/manual/toc/#configuration\"/> for details."; + }; + + package = mkOption { + default = pkgs.coredns; + defaultText = "pkgs.coredns"; + type = types.package; + description = "Coredns package to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.coredns = { + description = "Coredns dns server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + LimitNPROC = 512; + LimitNOFILE = 1048576; + CapabilityBoundingSet = "cap_net_bind_service"; + AmbientCapabilities = "cap_net_bind_service"; + NoNewPrivileges = true; + DynamicUser = true; + ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID"; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/mosquitto.nix b/nixpkgs/nixos/modules/services/networking/mosquitto.nix index 332dc541345e..9974cbd89d1e 100644 --- a/nixpkgs/nixos/modules/services/networking/mosquitto.nix +++ b/nixpkgs/nixos/modules/services/networking/mosquitto.nix @@ -17,7 +17,6 @@ let ''; mosquittoConf = pkgs.writeText "mosquitto.conf" '' - pid_file /run/mosquitto/pid acl_file ${aclFile} persistence true allow_anonymous ${boolToString cfg.allowAnonymous} @@ -196,15 +195,15 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - Type = "forking"; + Type = "notify"; + NotifyAccess = "main"; User = "mosquitto"; Group = "mosquitto"; RuntimeDirectory = "mosquitto"; WorkingDirectory = cfg.dataDir; Restart = "on-failure"; - ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf} -d"; + ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - PIDFile = "/run/mosquitto/pid"; }; preStart = '' rm -f ${cfg.dataDir}/passwd @@ -214,7 +213,7 @@ in if c.hashedPassword != null then "echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd" else optionalString (c.password != null) - "${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} ${c.password}" + "${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'" ) cfg.users); }; diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index 49d8836b8ad2..498e3fdb23af 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -5,14 +5,18 @@ with lib; let cfg = config.services.nextcloud; + phpPackage = pkgs.php73; + phpPackages = pkgs.php73Packages; + toKeyValue = generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault {} " = "; }; phpOptionsExtensions = '' - ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} - ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} - ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + ${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} + extension=${phpPackages.imagick}/lib/php/extensions/imagick.so zend_extension = opcache.so opcache.enable = 1 ''; @@ -94,18 +98,6 @@ in { ''; }; - phpPackages = mkOption { - type = types.attrs; - default = pkgs.php71Packages; - defaultText = "pkgs.php71Packages"; - description = '' - Overridable attribute of the PHP packages set to use. If any caching - module is enabled, it will be taken from here. Therefore it should - match the version of PHP given to - <literal>services.phpfpm.phpPackage</literal>. - ''; - }; - phpOptions = mkOption { type = types.attrsOf types.str; default = { @@ -223,6 +215,19 @@ in { <literal>services.nextcloud.hostname</literal> here. ''; }; + + overwriteProtocol = mkOption { + type = types.nullOr (types.enum [ "http" "https" ]); + default = null; + example = "https"; + + description = '' + Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud + uses the currently used protocol by default, but when behind a reverse-proxy, + it may use <literal>http</literal> for everything although Nextcloud + may be served via HTTPS. + ''; + }; }; caching = { @@ -287,6 +292,7 @@ in { ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} 'log_type' => 'syslog', 'log_level' => '${builtins.toString cfg.logLevel}', + ${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} ]; ''; occInstallCmd = let @@ -359,14 +365,14 @@ in { }; services.phpfpm = { - phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php71; pools.nextcloud = let phpAdminValues = (toKeyValue (foldr (a: b: a // b) {} (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) phpOptions))); in { + phpOptions = phpOptionsExtensions; + phpPackage = phpPackage; listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx @@ -407,7 +413,7 @@ in { }; "/" = { priority = 200; - extraConfig = "rewrite ^ /index.php$uri;"; + extraConfig = "rewrite ^ /index.php$request_uri;"; }; "~ ^/store-apps" = { priority = 201; @@ -444,22 +450,23 @@ in { fastcgi_read_timeout 120s; ''; }; - "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; - "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' + try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; access_log off; ''; "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + try_files $uri /index.php$request_uri; access_log off; ''; }; @@ -469,10 +476,12 @@ in { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; + fastcgi_hide_header X-Powered-By; gzip on; gzip_vary on; gzip_comp_level 4; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix index f688bec1426d..1c9fbe048f84 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix @@ -194,11 +194,12 @@ let then filter (x: x.ssl) defaultListen else defaultListen; - listenString = { addr, port, ssl, ... }: + listenString = { addr, port, ssl, extraParameters ? [], ... }: "listen ${addr}:${toString port} " + optionalString ssl "ssl " + optionalString (ssl && vhost.http2) "http2 " + optionalString vhost.default "default_server " + + optionalString (extraParameters != []) (concatStringsSep " " extraParameters) + ";"; redirectListen = filter (x: !x.ssl) defaultListen; @@ -491,8 +492,8 @@ in sslProtocols = mkOption { type = types.str; - default = "TLSv1.2"; - example = "TLSv1 TLSv1.1 TLSv1.2"; + default = "TLSv1.2 TLSv1.3"; + example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"; description = "Allowed TLS protocol versions."; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix index 6a50d8ed5cd4..15b933c984a6 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -31,6 +31,7 @@ with lib; addr = mkOption { type = str; description = "IP address."; }; port = mkOption { type = int; description = "Port number."; default = 80; }; ssl = mkOption { type = bool; description = "Enable SSL."; default = false; }; + extraParameters = mkOption { type = listOf str; description = "Extra parameters of this listen directive."; default = []; example = [ "reuseport" "deferred" ]; }; }; }); default = []; example = [ diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix index 6255dce8276f..ea01749349de 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -133,6 +133,7 @@ in { services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-online-accounts.enable = mkDefault true; services.gnome3.gnome-remote-desktop.enable = mkDefault true; + services.gnome3.gnome-settings-daemon.enable = true; services.gnome3.gnome-terminal-server.enable = mkDefault true; services.gnome3.gnome-user-share.enable = mkDefault true; services.gnome3.gvfs.enable = true; @@ -153,7 +154,6 @@ in { hardware.bluetooth.enable = mkDefault true; services.hardware.bolt.enable = mkDefault true; services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center - services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; systemd.packages = [ pkgs.gnome3.vino ]; services.flatpak.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix index 4d2fafd14961..bf6685ff7eac 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix @@ -56,9 +56,6 @@ in export XDG_MENU_PREFIX=mate- - # Find the mouse - export XCURSOR_PATH=~/.icons:${config.system.path}/share/icons - # Let caja find extensions export CAJA_EXTENSION_DIRS=$CAJA_EXTENSION_DIRS''${CAJA_EXTENSION_DIRS:+:}${config.system.path}/lib/caja/extensions-2.0 @@ -78,9 +75,6 @@ in # Add mate-control-center paths to some XDG variables because its schemas are needed by mate-settings-daemon, and mate-settings-daemon is a dependency for mate-control-center (that is, they are mutually recursive) ${addToXDGDirs pkgs.mate.mate-control-center} - # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ - ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update - ${pkgs.mate.mate-session-manager}/bin/mate-session ${optionalString cfg.debug "--debug"} & waitPID=$! ''; @@ -90,18 +84,27 @@ in pkgs.mate.basePackages ++ (pkgs.gnome3.removePackagesByName pkgs.mate.extraPackages - config.environment.mate.excludePackages); - - services.dbus.packages = [ - pkgs.gnome3.dconf - pkgs.at-spi2-core - ]; - + config.environment.mate.excludePackages) ++ + [ + pkgs.desktop-file-utils + pkgs.glib + pkgs.gtk3.out + pkgs.shared-mime-info + pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ + ]; + + programs.dconf.enable = true; + services.gnome3.at-spi2-core.enable = true; services.gnome3.gnome-keyring.enable = true; + services.gnome3.gnome-settings-daemon.enable = true; + services.gnome3.gnome-settings-daemon.package = pkgs.mate.mate-settings-daemon; + services.gnome3.gvfs.enable = true; services.upower.enable = config.powerManagement.enable; security.pam.services."mate-screensaver".unixAuth = true; + environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gnome3.gvfs}/lib/gio/modules" ]; + environment.pathsToLink = [ "/share" ]; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index 0f49439bf7c8..31bbbd558292 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -117,11 +117,12 @@ in services.gnome3.file-roller.enable = true; # TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully services.gnome3.gnome-keyring.enable = true; + services.gnome3.gnome-settings-daemon.enable = true; + services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon; services.gnome3.gvfs.enable = true; services.gnome3.rygel.enable = true; services.gsignond.enable = true; services.gsignond.plugins = with pkgs.gsignondPlugins; [ lastfm mail oauth ]; - services.udev.packages = [ pkgs.pantheon.elementary-settings-daemon ]; services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; services.xserver.libinput.enable = mkDefault true; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix index 704cc78c1528..ace9dd5321be 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -163,6 +163,8 @@ in libsForQt56.phonon-backend-gstreamer libsForQt5.phonon-backend-gstreamer + + xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ] ++ lib.optionals cfg.enableQt4Support [ pkgs.phonon-backend-gstreamer ] @@ -175,9 +177,9 @@ in ++ lib.optional config.services.colord.enable colord-kde ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]; - environment.pathsToLink = [ + environment.pathsToLink = [ # FIXME: modules should link subdirs of `/share` rather than relying on this - "/share" + "/share" ]; environment.etc = singleton { diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix index dabf09418da7..6852154378d7 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -53,7 +53,7 @@ in # Supplies some abstract icons such as: # utilities-terminal, accessories-text-editor - gnome3.defaultIconTheme + gnome3.adwaita-icon-theme hicolor-icon-theme tango-icon-theme diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index 772cc95e84e5..5b280b024233 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -96,8 +96,8 @@ in package = mkOption { type = types.package; - default = pkgs.gnome3.defaultIconTheme; - defaultText = "pkgs.gnome3.defaultIconTheme"; + default = pkgs.gnome3.adwaita-icon-theme; + defaultText = "pkgs.gnome3.adwaita-icon-theme"; description = '' The package path that contains the icon theme given in the name option. ''; @@ -116,8 +116,8 @@ in cursorTheme = { package = mkOption { - default = pkgs.gnome3.defaultIconTheme; - defaultText = "pkgs.gnome3.defaultIconTheme"; + default = pkgs.gnome3.adwaita-icon-theme; + defaultText = "pkgs.gnome3.adwaita-icon-theme"; description = '' The package path that contains the cursor theme given in the name option. ''; diff --git a/nixpkgs/nixos/modules/services/x11/xserver.nix b/nixpkgs/nixos/modules/services/x11/xserver.nix index d84ab3ced6f2..c4d5b6a9cdec 100644 --- a/nixpkgs/nixos/modules/services/x11/xserver.nix +++ b/nixpkgs/nixos/modules/services/x11/xserver.nix @@ -61,7 +61,9 @@ let ''; description = '' Extra lines to append to the <literal>Monitor</literal> section - verbatim. + verbatim. Available options are documented in the MONITOR section in + <citerefentry><refentrytitle>xorg.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. ''; }; }; @@ -633,7 +635,7 @@ in environment.pathsToLink = [ "/share/X11" ]; - xdg = { + xdg = { autostart.enable = true; menus.enable = true; mime.enable = true; diff --git a/nixpkgs/nixos/modules/virtualisation/docker.nix b/nixpkgs/nixos/modules/virtualisation/docker.nix index a1a32c1c59a1..4ee84c5268e6 100644 --- a/nixpkgs/nixos/modules/virtualisation/docker.nix +++ b/nixpkgs/nixos/modules/virtualisation/docker.nix @@ -52,6 +52,15 @@ in ''; }; + enableNvidia = + mkOption { + type = types.bool; + default = false; + description = '' + Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers. + ''; + }; + liveRestore = mkOption { type = types.bool; @@ -140,7 +149,8 @@ in ###### implementation config = mkIf cfg.enable (mkMerge [{ - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ cfg.package ] + ++ optional cfg.enableNvidia pkgs.nvidia-docker; users.groups.docker.gid = config.ids.gids.docker; systemd.packages = [ cfg.package ]; @@ -157,6 +167,7 @@ in --log-driver=${cfg.logDriver} \ ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \ ${optionalString cfg.liveRestore "--live-restore" } \ + ${optionalString cfg.enableNvidia "--add-runtime nvidia=${pkgs.nvidia-docker}/bin/nvidia-container-runtime" } \ ${cfg.extraOptions} '']; ExecReload=[ @@ -165,7 +176,8 @@ in ]; }; - path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs); + path = [ pkgs.kmod ] ++ optional (cfg.storageDriver == "zfs") pkgs.zfs + ++ optional cfg.enableNvidia pkgs.nvidia-docker; }; systemd.sockets.docker = { @@ -179,7 +191,6 @@ in }; }; - systemd.services.docker-prune = { description = "Prune docker resources"; @@ -194,7 +205,15 @@ in startAt = optional cfg.autoPrune.enable cfg.autoPrune.dates; }; + + assertions = [ + { assertion = cfg.enableNvidia -> config.hardware.opengl.driSupport32Bit or false; + message = "Option enableNvidia requires 32bit support libraries"; + }]; } + (mkIf cfg.enableNvidia { + environment.etc."nvidia-container-runtime/config.toml".source = "${pkgs.nvidia-docker}/etc/config.toml"; + }) ]); imports = [ diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 65227857a38e..2ddb54bcc3d7 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -74,6 +74,7 @@ in ferm = handleTest ./ferm.nix {}; firefox = handleTest ./firefox.nix {}; firewall = handleTest ./firewall.nix {}; + fish = handleTest ./fish.nix {}; flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; flatpak = handleTest ./flatpak.nix {}; fsck = handleTest ./fsck.nix {}; diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index 58f106314ab3..399e4d4e428f 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -34,8 +34,8 @@ import ./make-test.nix ({ pkgs, ... }: { # To test the pullImage tool $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'"); - $docker->succeed("docker run --rm nixos/nix:1.11 nix-store --version"); - $docker->succeed("docker rmi nixos/nix:1.11"); + $docker->succeed("docker run --rm nixos/nix:2.2.1 nix-store --version"); + $docker->succeed("docker rmi nixos/nix:2.2.1"); # To test runAsRoot and entry point $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'"); diff --git a/nixpkgs/nixos/tests/fish.nix b/nixpkgs/nixos/tests/fish.nix new file mode 100644 index 000000000000..97c4e8e37ac1 --- /dev/null +++ b/nixpkgs/nixos/tests/fish.nix @@ -0,0 +1,21 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "fish"; + + machine = + { pkgs, ... }: + + { + programs.fish.enable = true; + environment.systemPackages = with pkgs; [ + coreutils + procps # kill collides with coreutils' to test https://github.com/NixOS/nixpkgs/issues/56432 + ]; + }; + + testScript = + '' + $machine->waitForFile("/etc/fish/generated_completions/coreutils.fish"); + $machine->waitForFile("/etc/fish/generated_completions/kill.fish"); + $machine->succeed("fish -ic 'echo \$fish_complete_path' | grep -q '/share/fish/completions /etc/fish/generated_completions /root/.local/share/fish/generated_completions\$'"); + ''; +}) |