diff options
Diffstat (limited to 'nixos')
31 files changed, 154 insertions, 260 deletions
diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index 58c447c76db6..9339ba78ff0c 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -149,6 +149,7 @@ rec { { key = "run-in-machine"; networking.hostName = "client"; nix.readOnlyStore = false; + virtualisation.writableStore = false; } ]; diff --git a/nixos/modules/hardware/network/intel-2030.nix b/nixos/modules/hardware/network/intel-2030.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-2030.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-2100bg.nix b/nixos/modules/hardware/network/intel-2100bg.nix deleted file mode 100644 index 0ec81474ad3e..000000000000 --- a/nixos/modules/hardware/network/intel-2100bg.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - ###### interface - - options = { - - networking.enableIntel2100BGFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the Intel - PRO/Wireless 2100BG to be loaded automatically. This is - required if you want to use this device. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableIntel2100BGFirmware { - - hardware.enableRedistributableFirmware = true; - - }; - -} diff --git a/nixos/modules/hardware/network/intel-3945abg.nix b/nixos/modules/hardware/network/intel-3945abg.nix deleted file mode 100644 index 27a3f228b7d1..000000000000 --- a/nixos/modules/hardware/network/intel-3945abg.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - - ###### interface - - options = { - - networking.enableIntel3945ABGFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - This option enables automatic loading of the firmware for the Intel - PRO/Wireless 3945ABG. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableIntel3945ABGFirmware { - - hardware.enableRedistributableFirmware = true; - - }; - -} diff --git a/nixos/modules/hardware/network/intel-4965agn.nix b/nixos/modules/hardware/network/intel-4965agn.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-4965agn.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-5000.nix b/nixos/modules/hardware/network/intel-5000.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-5000.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-5150.nix b/nixos/modules/hardware/network/intel-5150.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-5150.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000.nix b/nixos/modules/hardware/network/intel-6000.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000g2a.nix b/nixos/modules/hardware/network/intel-6000g2a.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000g2a.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/intel-6000g2b.nix b/nixos/modules/hardware/network/intel-6000g2b.nix deleted file mode 100644 index c92b7a0509d0..000000000000 --- a/nixos/modules/hardware/network/intel-6000g2b.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - hardware.enableRedistributableFirmware = true; -} diff --git a/nixos/modules/hardware/network/ralink.nix b/nixos/modules/hardware/network/ralink.nix deleted file mode 100644 index 36182e2cb996..000000000000 --- a/nixos/modules/hardware/network/ralink.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, lib, ...}: - -{ - - ###### interface - - options = { - - networking.enableRalinkFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the RT73 NIC. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableRalinkFirmware { - hardware.enableRedistributableFirmware = true; - }; - -} diff --git a/nixos/modules/hardware/network/rtl8192c.nix b/nixos/modules/hardware/network/rtl8192c.nix deleted file mode 100644 index bf328c2d3224..000000000000 --- a/nixos/modules/hardware/network/rtl8192c.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, lib, ...}: - -{ - - ###### interface - - options = { - - networking.enableRTL8192cFirmware = lib.mkOption { - default = false; - type = lib.types.bool; - description = '' - Turn on this option if you want firmware for the RTL8192c (and related) NICs. - ''; - }; - - }; - - - ###### implementation - - config = lib.mkIf config.networking.enableRTL8192cFirmware { - hardware.enableRedistributableFirmware = true; - }; - -} diff --git a/nixos/modules/installer/scan/detected.nix b/nixos/modules/installer/scan/detected.nix index e72c78532943..7e181acb93b1 100644 --- a/nixos/modules/installer/scan/detected.nix +++ b/nixos/modules/installer/scan/detected.nix @@ -6,8 +6,7 @@ with lib; { config = mkDefault { - # Wireless card firmware - networking.enableIntel2200BGFirmware = true; - networking.enableIntel3945ABGFirmware = true; + # Common firmware, i.e. for wifi cards + hardware.enableRedistributableFirmware = true; }; } diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index cb75845baaf7..7d9d9984cf28 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -297,6 +297,8 @@ rslsync = 279; minio = 280; kanboard = 281; + pykms = 282; + kodi = 283; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -563,6 +565,8 @@ rslsync = 279; minio = 280; kanboard = 281; + pykms = 282; + kodi = 283; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ee796242c1a2..a8cb957ffe21 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -35,11 +35,6 @@ ./hardware/ksm.nix ./hardware/mcelog.nix ./hardware/network/b43.nix - ./hardware/network/intel-2100bg.nix - ./hardware/network/intel-2200bg.nix - ./hardware/network/intel-3945abg.nix - ./hardware/network/ralink.nix - ./hardware/network/rtl8192c.nix ./hardware/nitrokey.nix ./hardware/opengl.nix ./hardware/pcmcia.nix @@ -136,8 +131,6 @@ ./security/rtkit.nix ./security/wrappers/default.nix ./security/sudo.nix - ./service-managers/docker.nix - ./service-managers/trivial.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix ./services/amqp/activemq/default.nix @@ -333,6 +326,7 @@ ./services/misc/parsoid.nix ./services/misc/phd.nix ./services/misc/plex.nix + ./services/misc/pykms.nix ./services/misc/radarr.nix ./services/misc/redmine.nix ./services/misc/rippled.nix diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix index 6e6ae98e19fc..3c7e516c497f 100644 --- a/nixos/modules/profiles/all-hardware.nix +++ b/nixos/modules/profiles/all-hardware.nix @@ -41,15 +41,12 @@ # Virtio (QEMU, KVM etc.) support. "virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console" - + # VMware support. "mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock" # Hyper-V support. "hv_storvsc" - - # Keyboards - "usbhid" "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat" ]; # Include lots of firmware. diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index deff4067957a..b1b3f67a41d0 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -11,7 +11,11 @@ with lib; (mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]) (mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]) - (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) + (mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ]) (mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ] diff --git a/nixos/modules/service-managers/docker.nix b/nixos/modules/service-managers/docker.nix deleted file mode 100644 index 8e9c763b18af..000000000000 --- a/nixos/modules/service-managers/docker.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.docker-containers; - - containerModule = { - script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - }; - - toContainer = name: value: pkgs.dockerTools.buildImage { - inherit name; - config = { - Cmd = [ value.script ]; - }; - }; -in { - options.docker-containers = mkOption { - default = {}; - type = with types; attrsOf (types.submodule containerModule); - description = "Definition of docker containers"; - }; - - config.system.build.toplevel-docker = lib.mapAttrs toContainer cfg; -} diff --git a/nixos/modules/service-managers/trivial.nix b/nixos/modules/service-managers/trivial.nix deleted file mode 100644 index 77e615d1e2e2..000000000000 --- a/nixos/modules/service-managers/trivial.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.trivial-services; - - serviceModule.options = { - script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - - environment = mkOption { - default = {}; - type = types.attrs; # FIXME - example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; - description = "Environment variables passed to the service's processes."; - }; - }; - - launcher = name: value: pkgs.writeScript name '' - #!${pkgs.stdenv.shell} -eu - - ${pkgs.writeScript "${name}-entry" value.script} - ''; -in { - options.trivial-services = mkOption { - default = {}; - type = with types; attrsOf (types.submodule serviceModule); - description = "Definition of trivial services"; - }; - - config.system.build.toplevel-trivial = lib.mapAttrs launcher cfg; -} diff --git a/nixos/modules/services/misc/plex.nix b/nixos/modules/services/misc/plex.nix index e37b486375bd..46221ace3084 100644 --- a/nixos/modules/services/misc/plex.nix +++ b/nixos/modules/services/misc/plex.nix @@ -137,7 +137,7 @@ in User = cfg.user; Group = cfg.group; PermissionsStartOnly = "true"; - ExecStart = "/bin/sh -c ${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server"; + ExecStart = "\"${cfg.package}/usr/lib/plexmediaserver/Plex Media Server\""; KillSignal = "SIGQUIT"; Restart = "on-failure"; }; diff --git a/nixos/modules/services/misc/pykms.nix b/nixos/modules/services/misc/pykms.nix new file mode 100644 index 000000000000..897e856e2a2d --- /dev/null +++ b/nixos/modules/services/misc/pykms.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.pykms; + + home = "/var/lib/pykms"; + + services = { + serviceConfig = { + Restart = "on-failure"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + PrivateTmp = true; + ProtectSystem = "full"; + ProtectHome = true; + }; + }; + +in { + + options = { + services.pykms = rec { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the PyKMS service."; + }; + + listenAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "The IP address on which to listen."; + }; + + port = mkOption { + type = types.int; + default = 1688; + description = "The port on which to listen."; + }; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Show verbose output."; + }; + + openFirewallPort = mkOption { + type = types.bool; + default = false; + description = "Whether the listening port should be opened automatically."; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ]; + + systemd.services = { + pykms = services // { + description = "Python KMS"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = with pkgs; { + User = "pykms"; + Group = "pykms"; + ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db"; + ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}"; + WorkingDirectory = home; + MemoryLimit = "64M"; + }; + }; + }; + + users = { + extraUsers.pykms = { + name = "pykms"; + group = "pykms"; + home = home; + createHome = true; + uid = config.ids.uids.pykms; + description = "PyKMS daemon user"; + }; + + extraGroups.pykms = { + gid = config.ids.gids.pykms; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index d0683b877801..546d27069232 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -115,10 +115,5 @@ in { wireless.enable = true; networkmanager.enable = false; }; - - powerManagement.resumeCommands = '' - systemctl restart connman - ''; - }; } diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index f782be97f6fa..379203cd1ab6 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -18,10 +18,13 @@ let '') ips} '') cfg.domainServers)} - # djbdns contains an outdated list of root servers; - # if one was not provided in config, provide a current list - if [ ! -e servers/@ ]; then - awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@ + # if a list of root servers was not provided in config, copy it + # over. (this is also done by dnscache-conf, but we 'rm -rf + # /var/lib/dnscache/root' below & replace it wholesale with this, + # so we have to ensure servers/@ exists ourselves.) + if [ ! -e $out/servers/@ ]; then + # symlink does not work here, due chroot + cp ${pkgs.djbdns}/etc/dnsroots.global $out/servers/@; fi ''; diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 68a814b23053..9bd88ca1707b 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -95,18 +95,18 @@ let ip46tables -N nixos-fw-log-refuse ${optionalString cfg.logRefusedConnections '' - ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "rejected connection: " + ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " ''} ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ - -j LOG --log-level info --log-prefix "rejected broadcast: " + -j LOG --log-level info --log-prefix "refused broadcast: " ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ - -j LOG --log-level info --log-prefix "rejected multicast: " + -j LOG --log-level info --log-prefix "refused multicast: " ''} ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse ${optionalString cfg.logRefusedPackets '' ip46tables -A nixos-fw-log-refuse \ - -j LOG --log-level info --log-prefix "rejected packet: " + -j LOG --log-level info --log-prefix "refused packet: " ''} ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse diff --git a/nixos/modules/services/security/hologram-server.nix b/nixos/modules/services/security/hologram-server.nix index 8315c9ea5d61..e267fed27955 100644 --- a/nixos/modules/services/security/hologram-server.nix +++ b/nixos/modules/services/security/hologram-server.nix @@ -23,8 +23,6 @@ let stats = cfg.statsAddress; listen = cfg.listenAddress; }); - - script = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; in { options = { services.hologram-server = { @@ -96,15 +94,9 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - inherit script; - }; - - docker-containers.hologram-server = { - inherit script; - }; - - trivial-services.hologram-server = { - inherit script; + serviceConfig = { + ExecStart = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; + }; }; }; } diff --git a/nixos/modules/services/security/sshguard.nix b/nixos/modules/services/security/sshguard.nix index 5a183443f71d..7f09e8893c4d 100644 --- a/nixos/modules/services/security/sshguard.nix +++ b/nixos/modules/services/security/sshguard.nix @@ -89,7 +89,7 @@ in { environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ]; - environment.etc."sshguard.conf".text = let + environment.etc."sshguard.conf".text = let list_services = ( name: "-t ${name} "); in '' BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset" diff --git a/nixos/modules/services/x11/compton.nix b/nixos/modules/services/x11/compton.nix index 56bc66b71796..42ceeb819806 100644 --- a/nixos/modules/services/x11/compton.nix +++ b/nixos/modules/services/x11/compton.nix @@ -7,7 +7,12 @@ let cfg = config.services.compton; - configFile = pkgs.writeText "compton.conf" + configFile = let + opacityRules = optionalString (length cfg.opacityRules != 0) + (concatStringsSep "\n" + (map (a: "opacity-rule = [ \"${a}\" ];") cfg.opacityRules) + ); + in pkgs.writeText "compton.conf" (optionalString cfg.fade '' # fading fading = true; @@ -30,7 +35,9 @@ let active-opacity = ${cfg.activeOpacity}; inactive-opacity = ${cfg.inactiveOpacity}; menu-opacity = ${cfg.menuOpacity}; - + + ${opacityRules} + # other options backend = ${toJSON cfg.backend}; vsync = ${toJSON cfg.vSync}; @@ -155,6 +162,14 @@ in { ''; }; + opacityRules = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Opacity rules to be handled by compton. + ''; + }; + backend = mkOption { type = types.str; default = "glx"; diff --git a/nixos/modules/services/x11/desktop-managers/mate.nix b/nixos/modules/services/x11/desktop-managers/mate.nix index 7a95ac6549d8..ab8a0a48b483 100644 --- a/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixos/modules/services/x11/desktop-managers/mate.nix @@ -72,6 +72,7 @@ in ]; services.gnome3.gnome-keyring.enable = true; + services.upower.enable = config.powerManagement.enable; environment.pathsToLink = [ "/share" ]; }; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index f099117f4777..d7e72c4a7aec 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -142,7 +142,8 @@ in kde-gtk-config breeze-gtk - phonon-backend-gstreamer + libsForQt56.phonon-backend-gstreamer + libsForQt5.phonon-backend-gstreamer ] ++ lib.optionals cfg.enableQt4Support [ breeze-qt4 pkgs.phonon-backend-gstreamer ] diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index cf70a891c0ca..4db9631743e3 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -193,11 +193,6 @@ in "sd_mod" "sr_mod" - # Standard IDE stuff. - "ide_cd" - "ide_disk" - "ide_generic" - # SD cards and internal eMMC drives. "mmc_block" @@ -211,21 +206,11 @@ in "xhci_hcd" "xhci_pci" "usbhid" - "hid_generic" "hid_lenovo" - "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat" + "hid_generic" "hid_lenovo" "hid_apple" "hid_roccat" # Misc. keyboard stuff. "pcips2" "atkbd" "i8042" - # Temporary fix for https://github.com/NixOS/nixpkgs/issues/18451 - # Remove as soon as upstream gets fixed - marking it: - # TODO - # FIXME - "i8042" - - # To wait for SCSI devices to appear. - "scsi_wait_scan" - # Needed by the stage 2 init script. "rtc_cmos" ]; diff --git a/nixos/tests/run-in-machine.nix b/nixos/tests/run-in-machine.nix index d1102f8d4073..a6dfece44a92 100644 --- a/nixos/tests/run-in-machine.nix +++ b/nixos/tests/run-in-machine.nix @@ -2,7 +2,16 @@ with import ../lib/testing.nix { inherit system; }; -runInMachine { - drv = pkgs.hello; - machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ }; -} +let + output = runInMachine { + drv = pkgs.hello; + machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ }; + }; +in pkgs.runCommand "verify-output" { inherit output; } '' + if [ ! -e "$output/bin/hello" ]; then + echo "Derivation built using runInMachine produced incorrect output:" >&2 + ls -laR "$output" >&2 + exit 1 + fi + "$output/bin/hello" > "$out" +'' |