diff options
Diffstat (limited to 'nixos')
77 files changed, 437 insertions, 139 deletions
diff --git a/nixos/doc/manual/configuration/configuration.xml b/nixos/doc/manual/configuration/configuration.xml index caba8fb1f4ad..fb3f1498a9b7 100644 --- a/nixos/doc/manual/configuration/configuration.xml +++ b/nixos/doc/manual/configuration/configuration.xml @@ -28,6 +28,7 @@ effect after you run <command>nixos-rebuild</command>.</para> <xi:include href="postgresql.xml" /> <xi:include href="gitlab.xml" /> <xi:include href="acme.xml" /> +<xi:include href="input-methods.xml" /> <!-- Apache; libvirtd virtualisation --> diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index 746ddc071b6a..69da1f948829 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -44,7 +44,7 @@ let echo "for hints about the offending path)." exit 1 fi - ${libxslt}/bin/xsltproc \ + ${libxslt.bin}/bin/xsltproc \ --stringparam revision '${revision}' \ -o $out ${./options-to-docbook.xsl} $optionsXML ''; @@ -58,6 +58,7 @@ let cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml cp ${../../modules/services/misc/gitlab.xml} configuration/gitlab.xml cp ${../../modules/security/acme.xml} configuration/acme.xml + cp ${../../modules/i18n/input-method/default.xml} configuration/input-methods.xml ln -s ${optionsDocBook} options-db.xml echo "${version}" > version ''; diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index 1528c8a72463..620c3e362a65 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -63,11 +63,11 @@ has the following highlights:</para> <itemizedlist> <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/fcitx.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/ibus.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/nabi.nix</literal></para></listitem> - <listitem><para><literal>i18n/inputMethod/uim.nix</literal></para></listitem> + <listitem><para><literal>i18n/input-method/default.nix</literal></para></listitem> + <listitem><para><literal>i18n/input-method/fcitx.nix</literal></para></listitem> + <listitem><para><literal>i18n/input-method/ibus.nix</literal></para></listitem> + <listitem><para><literal>i18n/input-method/nabi.nix</literal></para></listitem> + <listitem><para><literal>i18n/input-method/uim.nix</literal></para></listitem> <listitem><para><literal>programs/fish.nix</literal></para></listitem> <listitem><para><literal>security/acme.nix</literal></para></listitem> <listitem><para><literal>security/audit.nix</literal></para></listitem> diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index 8ac0a31f2875..37d6518fd8d7 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -543,7 +543,7 @@ sub waitForX { retry sub { my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'"); return 0 if $status != 0; - ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1"); + ($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]"); return 1 if $status == 0; } }); diff --git a/nixos/modules/config/debug-info.nix b/nixos/modules/config/debug-info.nix index a096a9809cee..17cb862d2916 100644 --- a/nixos/modules/config/debug-info.nix +++ b/nixos/modules/config/debug-info.nix @@ -38,7 +38,7 @@ with lib; # environment.pathsToLink, and we can't have both. #environment.pathsToLink = [ "/lib/debug/.build-id" ]; - environment.outputsToLink = + environment.extraOutputsToInstall = optional config.environment.enableDebugInfo "debug"; }; diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index e078a75b295c..1eaebe4b2bbd 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -236,7 +236,7 @@ with lib; # Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig. # Otherwise specify only font directories. environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source = - "${pkgs.fontconfig}/etc/fonts/fonts.conf"; + "${pkgs.fontconfig.out}/etc/fonts/fonts.conf"; environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text = let diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index ca498ca499eb..0c4f4cbfa5c6 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -148,7 +148,7 @@ in "protocols".source = pkgs.iana_etc + "/etc/protocols"; # /etc/rpc: RPC program numbers. - "rpc".source = pkgs.glibc + "/etc/rpc"; + "rpc".source = pkgs.glibc.out + "/etc/rpc"; # /etc/hosts: Hostname-to-IP mappings. "hosts".text = diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix index 8b4ad796d0d5..642aedc3f242 100644 --- a/nixos/modules/config/pulseaudio.nix +++ b/nixos/modules/config/pulseaudio.nix @@ -26,7 +26,7 @@ let # are built with PulseAudio support (like KDE). clientConf = writeText "client.conf" '' autospawn=${if nonSystemWide then "yes" else "no"} - ${optionalString nonSystemWide "daemon-binary=${cfg.package}/bin/pulseaudio"} + ${optionalString nonSystemWide "daemon-binary=${cfg.package.out}/bin/pulseaudio"} ''; # Write an /etc/asound.conf that causes all ALSA applications to @@ -130,11 +130,11 @@ in { source = clientConf; }; - hardware.pulseaudio.configFile = mkDefault "${cfg.package}/etc/pulse/default.pa"; + hardware.pulseaudio.configFile = mkDefault "${cfg.package.out}/etc/pulse/default.pa"; } (mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [ cfg.package.out ]; environment.etc = singleton { target = "asound.conf"; @@ -195,7 +195,7 @@ in { environment.PULSE_RUNTIME_PATH = stateDir; serviceConfig = { Type = "notify"; - ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; + ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index f510b58842e4..d7815324c4c4 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -73,11 +73,11 @@ in description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>."; }; - outputsToLink = mkOption { + extraOutputsToInstall = mkOption { type = types.listOf types.str; - default = []; - example = [ "doc" ]; - description = "List of package outputs to be symlinked into <filename>/run/current-system/sw</filename>."; + default = [ ]; + example = [ "doc" "info" "docdev" ]; + description = "List of additional package outputs to be symlinked into <filename>/run/current-system/sw</filename>."; }; }; @@ -123,9 +123,10 @@ in system.path = pkgs.buildEnv { name = "system-path"; paths = config.environment.systemPackages; - inherit (config.environment) pathsToLink outputsToLink; + inherit (config.environment) pathsToLink extraOutputsToInstall; ignoreCollisions = true; # !!! Hacky, should modularise. + # outputs TODO: note that the tools will often not be linked by default postBuild = '' if [ -x $out/bin/update-mime-database -a -w $out/share/mime ]; then diff --git a/nixos/modules/i18n/inputMethod/default.nix b/nixos/modules/i18n/input-method/default.nix index 7e6a25bfb084..7e6a25bfb084 100644 --- a/nixos/modules/i18n/inputMethod/default.nix +++ b/nixos/modules/i18n/input-method/default.nix diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml new file mode 100644 index 000000000000..c55ac1ec2456 --- /dev/null +++ b/nixos/modules/i18n/input-method/default.xml @@ -0,0 +1,131 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="module-services-input-methods"> + +<title>Input Methods</title> + +<para>Input methods are an operating system component that allows any data, such + as keyboard strokes or mouse movements, to be received as input. In this way + users can enter characters and symbols not found on their input devices. Using + an input method is obligatory for any language that has more graphemes than + there are keys on the keyboard.</para> + +<para>The following input methods are available in NixOS:</para> + +<itemizedlist> + <listitem><para>IBus: The intelligent input bus.</para></listitem> + <listitem><para>Fcitx: A customizable lightweight input + method.</para></listitem> + <listitem><para>Nabi: A Korean input method based on XIM.</para></listitem> + <listitem><para>Uim: The universal input method, is a library with a XIM + bridge.</para></listitem> +</itemizedlist> + +<section><title>IBus</title> + +<para>IBus is an Intelligent Input Bus. It provides full featured and user + friendly input method user interface.</para> + +<para>The following snippet can be used to configure IBus:</para> + +<programlisting> +i18n.inputMethod = { + enabled = "ibus"; + ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; +}; +</programlisting> + +<para><literal>i18n.inputMethod.ibus.engines</literal> is optional and can be + used to add extra IBus engines.</para> + +<para>Available extra IBus engines are:</para> + +<itemizedlist> + <listitem><para>Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a + system for Japanese input method. It converts Hiragana text to Kana Kanji + mixed text.</para></listitem> + <listitem><para>Hangul (<literal>ibus-engines.hangul</literal>): Korean input + method.</para></listitem> + <listitem><para>m17n (<literal>ibus-engines.m17n</literal>): m17n is an input + method that uses input methods and corresponding icons in the m17n + database.</para></listitem> + <listitem><para>mozc (<literal>ibus-engines.mozc</literal>): A Japanese input + method from Google.</para></listitem> + <listitem><para>Table (<literal>ibus-engines.table</literal>): An input method + that load tables of input methods.</para></listitem> + <listitem><para>table-others (<literal>ibus-engines.table-others</literal>): + Various table-based input methods.</para></listitem> +</itemizedlist> +</section> + +<section><title>Fcitx</title> + +<para>Fcitx is an input method framework with extension support. It has three + built-in Input Method Engine, Pinyin, QuWei and Table-based input + methods.</para> +<para>The following snippet can be used to configure Fcitx:</para> + +<programlisting> +i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; +}; +</programlisting> + +<para><literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be + used to add extra Fcitx engines.</para> + +<para>Available extra Fcitx engines are:</para> + +<itemizedlist> + <listitem><para>Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a + system for Japanese input method. It converts Hiragana text to Kana Kanji + mixed text.</para></listitem> + <listitem><para>Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is + an intelligent Zhuyin input method. It is one of the most popular input + methods among Traditional Chinese Unix users.</para></listitem> + <listitem><para>Hangul (<literal>fcitx-engines.hangul</literal>): Korean input + method.</para></listitem> + <listitem><para>m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input + method that uses input methods and corresponding icons in the m17n + database.</para></listitem> + <listitem><para>mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input + method from Google.</para></listitem> + <listitem><para>table-others (<literal>fcitx-engines.table-others</literal>): + Various table-based input methods.</para></listitem> +</itemizedlist> +</section> + +<section><title>Nabi</title> + +<para>Nabi is an easy to use Korean X input method. It allows you to enter + phonetic Korean characters (hangul) and pictographic Korean characters + (hanja).</para> +<para>The following snippet can be used to configure Nabi:</para> + +<programlisting> +i18n.inputMethod = { + enabled = "nabi"; +}; +</programlisting> +</section> + +<section><title>Uim</title> + +<para>Uim (short for "universal input method") is a multilingual input method + framework. Applications can use it through so-called bridges.</para> +<para>The following snippet can be used to configure uim:</para> + +<programlisting> +i18n.inputMethod = { + enabled = "uim"; +}; +</programlisting> + +<para>Note: The <literal>i18n.inputMethod.uim.toolbar</literal> option can be + used to choose uim toolbar.</para> + +</section> +</chapter> diff --git a/nixos/modules/i18n/inputMethod/fcitx.nix b/nixos/modules/i18n/input-method/fcitx.nix index 8e31743504f1..8e31743504f1 100644 --- a/nixos/modules/i18n/inputMethod/fcitx.nix +++ b/nixos/modules/i18n/input-method/fcitx.nix diff --git a/nixos/modules/i18n/inputMethod/ibus.nix b/nixos/modules/i18n/input-method/ibus.nix index bb80f43634d3..bb80f43634d3 100644 --- a/nixos/modules/i18n/inputMethod/ibus.nix +++ b/nixos/modules/i18n/input-method/ibus.nix diff --git a/nixos/modules/i18n/inputMethod/nabi.nix b/nixos/modules/i18n/input-method/nabi.nix index c6708365effa..c6708365effa 100644 --- a/nixos/modules/i18n/inputMethod/nabi.nix +++ b/nixos/modules/i18n/input-method/nabi.nix diff --git a/nixos/modules/i18n/inputMethod/uim.nix b/nixos/modules/i18n/input-method/uim.nix index f8a3e560656d..f8a3e560656d 100644 --- a/nixos/modules/i18n/inputMethod/uim.nix +++ b/nixos/modules/i18n/input-method/uim.nix diff --git a/nixos/modules/installer/tools/auto-upgrade.nix b/nixos/modules/installer/tools/auto-upgrade.nix index 2da330f9b571..79ccb5c3d18a 100644 --- a/nixos/modules/installer/tools/auto-upgrade.nix +++ b/nixos/modules/installer/tools/auto-upgrade.nix @@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in HOME = "/root"; }; - path = [ pkgs.gnutar pkgs.xz config.nix.package ]; + path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ]; script = '' ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags} diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index d3005cdfd6f7..8e75f8d3c40a 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -474,7 +474,7 @@ my $hwConfig = <<EOF; boot.kernelModules = [$kernelModules ]; boot.extraModulePackages = [$modulePackages ]; $fsAndSwap - nix.maxJobs = $cpus; + nix.maxJobs = lib.mkDefault $cpus; ${\join "", (map { " $_\n" } (uniq @attrs))}} EOF diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 3f2c735b2216..c3bade2ee6b9 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -260,6 +260,7 @@ hydra-www = 236; syncthing = 237; mfi = 238; + caddy = 239; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -491,6 +492,7 @@ radicale = 234; syncthing = 237; #mfi = 238; # unused + caddy = 239; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 19c8db1039b6..a23e787bd08e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -41,11 +41,11 @@ ./hardware/video/nvidia.nix ./hardware/video/ati.nix ./hardware/video/webcam/facetimehd.nix - ./i18n/inputMethod/default.nix - ./i18n/inputMethod/fcitx.nix - ./i18n/inputMethod/ibus.nix - ./i18n/inputMethod/nabi.nix - ./i18n/inputMethod/uim.nix + ./i18n/input-method/default.nix + ./i18n/input-method/fcitx.nix + ./i18n/input-method/ibus.nix + ./i18n/input-method/nabi.nix + ./i18n/input-method/uim.nix ./installer/tools/auto-upgrade.nix ./installer/tools/nixos-checkout.nix ./installer/tools/tools.nix @@ -434,6 +434,7 @@ ./services/ttys/kmscon.nix ./services/web-apps/pump.io.nix ./services/web-servers/apache-httpd/default.nix + ./services/web-servers/caddy.nix ./services/web-servers/fcgiwrap.nix ./services/web-servers/jboss/default.nix ./services/web-servers/lighttpd/cgit.nix diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b8057cadce25..20a1f7f1ed8c 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -35,7 +35,7 @@ # Tools to create / manipulate filesystems. pkgs.ntfsprogs # for resizing NTFS partitions pkgs.dosfstools - pkgs.xfsprogs + pkgs.xfsprogs.bin pkgs.jfsutils pkgs.f2fs-tools diff --git a/nixos/modules/programs/man.nix b/nixos/modules/programs/man.nix index b28506538049..201144ccb451 100644 --- a/nixos/modules/programs/man.nix +++ b/nixos/modules/programs/man.nix @@ -23,7 +23,7 @@ with lib; environment.pathsToLink = [ "/share/man" ]; - environment.outputsToLink = [ "man" ]; + environment.extraOutputsToInstall = [ "man" ]; }; diff --git a/nixos/modules/programs/xfs_quota.nix b/nixos/modules/programs/xfs_quota.nix index 90b6304fa999..648fd9a8a94f 100644 --- a/nixos/modules/programs/xfs_quota.nix +++ b/nixos/modules/programs/xfs_quota.nix @@ -89,8 +89,8 @@ in nameValuePair "xfs_quota-${name}" { description = "Setup xfs_quota for project ${name}"; script = '' - ${pkgs.xfsprogs}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem} - ${pkgs.xfsprogs}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem} + ${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem} + ${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem} ''; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/security/apparmor-suid.nix b/nixos/modules/security/apparmor-suid.nix index b89b379ae666..d766f6badfc7 100644 --- a/nixos/modules/security/apparmor-suid.nix +++ b/nixos/modules/security/apparmor-suid.nix @@ -28,9 +28,9 @@ with lib; capability setuid, network inet raw, - ${pkgs.glibc}/lib/*.so mr, - ${pkgs.libcap}/lib/libcap.so* mr, - ${pkgs.attr}/lib/libattr.so* mr, + ${pkgs.glibc.out}/lib/*.so mr, + ${pkgs.libcap.out}/lib/libcap.so* mr, + ${pkgs.attr.out}/lib/libattr.so* mr, ${pkgs.iputils}/bin/ping mixr, /var/setuid-wrappers/ping.real r, diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index 95b659d96f0f..507f81bbf073 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -59,9 +59,9 @@ in config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.polkit ]; + environment.systemPackages = [ pkgs.polkit.bin pkgs.polkit.out ]; - systemd.packages = [ pkgs.polkit ]; + systemd.packages = [ pkgs.polkit.out ]; systemd.services.polkit.restartTriggers = [ config.system.path ]; systemd.services.polkit.unitConfig.X-StopIfChanged = false; @@ -79,7 +79,7 @@ in ${cfg.extraConfig} ''; #TODO: validation on compilation (at least against typos) - services.dbus.packages = [ pkgs.polkit ]; + services.dbus.packages = [ pkgs.polkit.out ]; security.pam.services.polkit-1 = {}; @@ -90,7 +90,7 @@ in owner = "root"; group = "root"; setuid = true; - source = "${pkgs.polkit}/lib/polkit-1/polkit-agent-helper-1"; + source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1"; } ]; diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix index 2a289dc402ce..7d69f9b1183d 100644 --- a/nixos/modules/security/setuid-wrappers.nix +++ b/nixos/modules/security/setuid-wrappers.nix @@ -8,12 +8,12 @@ let setuidWrapper = pkgs.stdenv.mkDerivation { name = "setuid-wrapper"; - buildCommand = '' + unpackPhase = "true"; + installPhase = '' mkdir -p $out/bin cp ${./setuid-wrapper.c} setuid-wrapper.c gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \ setuid-wrapper.c -o $out/bin/setuid-wrapper - strip -S $out/bin/setuid-wrapper ''; }; diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index cfb1cd773c7f..6fd39e68b1d9 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -161,11 +161,11 @@ in { ''; postStart = '' - until ${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do + until ${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do sleep 10 done while true ; do - index=`${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}` + index=`${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}` if [[ !("$index" =~ 'Please wait while Jenkins is restarting' || "$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then exit 0 diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 6fd901a00559..9e86559dda04 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -87,7 +87,7 @@ in mkdir -p ${cfg.dataDir} chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ''; - serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; + serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; }; users.extraUsers.openldap = diff --git a/nixos/modules/services/desktops/gnome3/gvfs.nix b/nixos/modules/services/desktops/gnome3/gvfs.nix index c4f41a6125c7..a07cdadbb12b 100644 --- a/nixos/modules/services/desktops/gnome3/gvfs.nix +++ b/nixos/modules/services/desktops/gnome3/gvfs.nix @@ -37,7 +37,7 @@ in services.dbus.packages = [ gnome3.gvfs ]; - services.udev.packages = [ pkgs.libmtp ]; + services.udev.packages = [ pkgs.libmtp.bin ]; }; diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index e267aeee030c..8e883ed7775f 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -72,7 +72,7 @@ let run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="[^/$]' | sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) for i in $import_progs $run_progs; do - if [[ ! -x ${pkgs.udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then + if [[ ! -x ${udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then echo "FAIL" echo "$i is called in udev rules but not installed by udev" exit 1 diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix index 739d76fbf1f5..2198842a4511 100644 --- a/nixos/modules/services/hardware/upower.nix +++ b/nixos/modules/services/hardware/upower.nix @@ -51,7 +51,7 @@ in systemd.services.upower = { description = "Power Management Daemon"; - path = [ pkgs.glib ]; # needed for gdbus + path = [ pkgs.glib.out ]; # needed for gdbus serviceConfig = { Type = "dbus"; BusName = "org.freedesktop.UPower"; diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index 0a0e160a7cc3..add339f9bdfe 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -65,7 +65,7 @@ in { }; postStart = '' - until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do sleep 1; done ''; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index e079a5d80d4c..911f79e5756a 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -358,7 +358,7 @@ in systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; systemd.services.nix-daemon = - { path = [ nix pkgs.openssl pkgs.utillinux config.programs.ssh.package ] + { path = [ nix pkgs.openssl.bin pkgs.utillinux config.programs.ssh.package ] ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars diff --git a/nixos/modules/services/misc/subsonic.nix b/nixos/modules/services/misc/subsonic.nix index 020d53a481de..c1ebe418f727 100644 --- a/nixos/modules/services/misc/subsonic.nix +++ b/nixos/modules/services/misc/subsonic.nix @@ -97,7 +97,7 @@ in transcoders = mkOption { type = types.listOf types.path; - default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ]; + default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; description = '' List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside diff --git a/nixos/modules/services/misc/svnserve.nix b/nixos/modules/services/misc/svnserve.nix index 37dd133e137d..c74befac749d 100644 --- a/nixos/modules/services/misc/svnserve.nix +++ b/nixos/modules/services/misc/svnserve.nix @@ -38,7 +38,7 @@ in after = [ "network-interfaces.target" ]; wantedBy = [ "multi-user.target" ]; preStart = "mkdir -p ${cfg.svnBaseDir}"; - script = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; + script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; }; }; } diff --git a/nixos/modules/services/monitoring/cadvisor.nix b/nixos/modules/services/monitoring/cadvisor.nix index 425e0ee9230f..a67df158be47 100644 --- a/nixos/modules/services/monitoring/cadvisor.nix +++ b/nixos/modules/services/monitoring/cadvisor.nix @@ -71,7 +71,7 @@ in { after = [ "network.target" "docker.service" "influxdb.service" ]; postStart = mkBefore '' - until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do sleep 1; done ''; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 7104a5796f76..e50728aff8f8 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -509,7 +509,7 @@ in { }; in "${aenv}/${pkgs.python.sitePackages}"; GRAPHITE_API_CONFIG = graphiteApiConfig; - LD_LIBRARY_PATH = "${pkgs.cairo}/lib"; + LD_LIBRARY_PATH = "${pkgs.cairo.out}/lib"; }; serviceConfig = { ExecStart = '' diff --git a/nixos/modules/services/network-filesystems/tahoe.nix b/nixos/modules/services/network-filesystems/tahoe.nix index ab441339a560..d4b6c05e9432 100644 --- a/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixos/modules/services/network-filesystems/tahoe.nix @@ -26,6 +26,15 @@ in The port on which the introducer will listen. ''; }; + tub.location = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The external location that the introducer should listen on. + + If specified, the port should be included. + ''; + }; package = mkOption { default = pkgs.tahoelafs; defaultText = "pkgs.tahoelafs"; @@ -60,6 +69,18 @@ in system to listen on a different port. ''; }; + tub.location = mkOption { + default = null; + type = types.nullOr types.str; + description = '' + The external location that the node should listen on. + + This is the setting to tweak if there are multiple interfaces + and you want to alter which interface Tahoe is advertising. + + If specified, the port should be included. + ''; + }; web.port = mkOption { default = 3456; type = types.int; @@ -144,6 +165,8 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} + ${optionalString (settings.tub.location != null) + "tub.location = ${settings.tub.location}"} ''; }); # Actually require Tahoe, so that we will have it installed. @@ -209,6 +232,8 @@ in [node] nickname = ${settings.nickname} tub.port = ${toString settings.tub.port} + ${optionalString (settings.tub.location != null) + "tub.location = ${settings.tub.location}"} # This is a Twisted endpoint. Twisted Web doesn't work on # non-TCP. ~ C. web.port = tcp:${toString settings.web.port} diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 886bfc30468e..61305f5a755e 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -151,7 +151,7 @@ in /etc/group r, ${config.environment.etc."nsswitch.conf".source} r, - ${pkgs.glibc}/lib/*.so mr, + ${pkgs.glibc.out}/lib/*.so mr, ${pkgs.tzdata}/share/zoneinfo/** r, network inet stream, @@ -159,12 +159,12 @@ in network inet dgram, network inet6 dgram, - ${pkgs.gcc.cc}/lib/libssp.so.* mr, - ${pkgs.libsodium}/lib/libsodium.so.* mr, + ${pkgs.gcc.cc.lib}/lib/libssp.so.* mr, + ${pkgs.libsodium.out}/lib/libsodium.so.* mr, ${pkgs.systemd}/lib/libsystemd.so.* mr, - ${pkgs.xz}/lib/liblzma.so.* mr, - ${pkgs.libgcrypt}/lib/libgcrypt.so.* mr, - ${pkgs.libgpgerror}/lib/libgpg-error.so.* mr, + ${pkgs.xz.out}/lib/liblzma.so.* mr, + ${pkgs.libgcrypt.out}/lib/libgcrypt.so.* mr, + ${pkgs.libgpgerror.out}/lib/libgpg-error.so.* mr, ${pkgs.libcap}/lib/libcap.so.* mr, ${pkgs.lz4}/lib/liblz4.so.* mr, ${pkgs.attr}/lib/libattr.so.* mr, diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index 15ec9be80121..0cbf57314c4b 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -8,7 +8,7 @@ let homeDir = "/var/lib/i2pd"; - extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; + extip = "EXTIP=\$(${pkgs.curl.bin}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; toYesNo = b: if b then "yes" else "no"; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 880a1d361dfe..8f6881441cf7 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -50,7 +50,7 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ config.nix.package pkgs.bzip2 ]; + path = [ config.nix.package pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index f069fe7bec96..3664c2857739 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -6,6 +6,21 @@ let cfg = config.services.shout; shoutHome = "/var/lib/shout"; + defaultConfig = pkgs.runCommand "config.js" {} '' + EDITOR=true ${pkgs.shout}/bin/shout config --home $PWD + mv config.js $out + ''; + + finalConfigFile = if (cfg.configFile != null) then cfg.configFile else '' + var _ = require('${pkgs.shout}/lib/node_modules/shout/node_modules/lodash') + + module.exports = _.merge( + {}, + require('${defaultConfig}'), + ${builtins.toJSON cfg.config} + ) + ''; + in { options.services.shout = { enable = mkEnableOption "Shout web IRC client"; @@ -35,8 +50,31 @@ in { type = types.nullOr types.lines; default = null; description = '' - Contents of Shout's <filename>config.js</filename> file. If left empty, - Shout will generate from its defaults at first startup. + Contents of Shout's <filename>config.js</filename> file. + + Used for backward compatibility, recommended way is now to use + the <literal>config</literal> option. + + Documentation: http://shout-irc.com/docs/server/configuration.html + ''; + }; + + config = mkOption { + default = {}; + type = types.attrs; + example = { + displayNetwork = false; + defaults = { + name = "Your Network"; + host = "localhost"; + port = 6697; + }; + }; + description = '' + Shout <filename>config.js</filename> contents as attribute set (will be + converted to JSON to generate the configuration file). + + The options defined here will be merged to the default configuration file. Documentation: http://shout-irc.com/docs/server/configuration.html ''; @@ -57,11 +95,7 @@ in { wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; - preStart = if isNull cfg.configFile then "" - else '' - ln -sf ${pkgs.writeText "config.js" cfg.configFile} \ - ${shoutHome}/config.js - ''; + preStart = "ln -sf ${pkgs.writeText "config.js" finalConfigFile} ${shoutHome}/config.js"; script = concatStringsSep " " [ "${pkgs.shout}/bin/shout" (if cfg.private then "--private" else "--public") diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 9e122dc7beac..29166be2399b 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -14,21 +14,21 @@ let additionalBackends = pkgs.runCommand "additional-cups-backends" { } '' mkdir -p $out - if [ ! -e ${cups}/lib/cups/backend/smb ]; then + if [ ! -e ${cups.out}/lib/cups/backend/smb ]; then mkdir -p $out/lib/cups/backend ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb fi # Provide support for printing via HTTPS. - if [ ! -e ${cups}/lib/cups/backend/https ]; then + if [ ! -e ${cups.out}/lib/cups/backend/https ]; then mkdir -p $out/lib/cups/backend - ln -sv ${cups}/lib/cups/backend/ipp $out/lib/cups/backend/https + ln -sv ${cups.out}/lib/cups/backend/ipp $out/lib/cups/backend/https fi ''; # Here we can enable additional backends, filters, etc. that are not # part of CUPS itself, e.g. the SMB backend is part of Samba. Since - # we can't update ${cups}/lib/cups itself, we create a symlink tree + # we can't update ${cups.out}/lib/cups itself, we create a symlink tree # here and add the additional programs. The ServerBin directive in # cupsd.conf tells cupsd to use this tree. bindir = pkgs.buildEnv { diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index 31332489a784..c51a42b8e9c1 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -148,7 +148,7 @@ in { if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi ''; postStart = mkBefore '' - until ${pkgs.curl}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do + until ${pkgs.curl.bin}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do sleep 1 done ''; diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index ba34eb25169c..327993443048 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -121,7 +121,7 @@ in security.setuidOwners = singleton { program = "dbus-daemon-launch-helper"; - source = "${pkgs.dbus_daemon}/libexec/dbus-daemon-launch-helper"; + source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper"; owner = "root"; group = "messagebus"; setuid = true; diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix index 3c0d2043ed5d..d98ef8a306d5 100644 --- a/nixos/modules/services/system/nscd.nix +++ b/nixos/modules/services/system/nscd.nix @@ -64,14 +64,14 @@ in restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source ]; serviceConfig = - { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${cfgFile}"; + { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd -f ${cfgFile}"; Type = "forking"; PIDFile = "/run/nscd/nscd.pid"; Restart = "always"; ExecReload = - [ "${pkgs.glibc}/sbin/nscd --invalidate passwd" - "${pkgs.glibc}/sbin/nscd --invalidate group" - "${pkgs.glibc}/sbin/nscd --invalidate hosts" + [ "${pkgs.glibc.bin}/sbin/nscd --invalidate passwd" + "${pkgs.glibc.bin}/sbin/nscd --invalidate group" + "${pkgs.glibc.bin}/sbin/nscd --invalidate hosts" ]; }; @@ -79,7 +79,7 @@ in # its pid. So wait until it's ready. postStart = '' - while ! ${pkgs.glibc}/sbin/nscd -g -f ${cfgFile} > /dev/null; do + while ! ${pkgs.glibc.bin}/sbin/nscd -g -f ${cfgFile} > /dev/null; do sleep 0.2 done ''; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index 7718a721763c..c2220cb0cff7 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -113,21 +113,21 @@ in #include <abstractions/base> #include <abstractions/nameservice> - ${pkgs.glibc}/lib/*.so mr, - ${pkgs.libevent}/lib/libevent*.so* mr, - ${pkgs.curl}/lib/libcurl*.so* mr, - ${pkgs.openssl}/lib/libssl*.so* mr, - ${pkgs.openssl}/lib/libcrypto*.so* mr, - ${pkgs.zlib}/lib/libz*.so* mr, - ${pkgs.libssh2}/lib/libssh2*.so* mr, + ${pkgs.glibc.out}/lib/*.so mr, + ${pkgs.libevent.out}/lib/libevent*.so* mr, + ${pkgs.curl.out}/lib/libcurl*.so* mr, + ${pkgs.openssl.out}/lib/libssl*.so* mr, + ${pkgs.openssl.out}/lib/libcrypto*.so* mr, + ${pkgs.zlib.out}/lib/libz*.so* mr, + ${pkgs.libssh2.out}/lib/libssh2*.so* mr, ${pkgs.systemd}/lib/libsystemd*.so* mr, - ${pkgs.xz}/lib/liblzma*.so* mr, - ${pkgs.libgcrypt}/lib/libgcrypt*.so* mr, - ${pkgs.libgpgerror}/lib/libgpg-error*.so* mr, - ${pkgs.libnghttp2}/lib/libnghttp2*.so* mr, - ${pkgs.c-ares}/lib/libcares*.so* mr, - ${pkgs.libcap}/lib/libcap*.so* mr, - ${pkgs.attr}/lib/libattr*.so* mr, + ${pkgs.xz.out}/lib/liblzma*.so* mr, + ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr, + ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr, + ${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr, + ${pkgs.c-ares.out}/lib/libcares*.so* mr, + ${pkgs.libcap.out}/lib/libcap*.so* mr, + ${pkgs.attr.out}/lib/libattr*.so* mr, ${pkgs.lz4}/lib/liblz4*.so* mr, @{PROC}/sys/kernel/random/uuid r, diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index fdbd61c85e65..7953729c00cd 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -6,13 +6,13 @@ let mainCfg = config.services.httpd; - httpd = mainCfg.package; + httpd = mainCfg.package.out; version24 = !versionOlder httpd.version "2.4"; httpdConf = mainCfg.configFile; - php = pkgs.php.override { apacheHttpd = httpd; }; + php = pkgs.php.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix index a9ec20ae8471..94e85f1f4289 100644 --- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix +++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix @@ -333,7 +333,7 @@ let 'version' => '${config.package.version}', - 'openssl' => '${pkgs.openssl}/bin/openssl' + 'openssl' => '${pkgs.openssl.bin}/bin/openssl' ); diff --git a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix b/nixos/modules/services/web-servers/apache-httpd/phabricator.nix index e4e3aac8d411..efd4a7b5f0fb 100644 --- a/nixos/modules/services/web-servers/apache-httpd/phabricator.nix +++ b/nixos/modules/services/web-servers/apache-httpd/phabricator.nix @@ -39,7 +39,7 @@ in { "${pkgs.diffutils}" ] ++ (if config.mercurial then ["${pkgs.mercurial}"] else []) ++ - (if config.subversion then ["${pkgs.subversion}"] else []) ++ + (if config.subversion then ["${pkgs.subversion.out}"] else []) ++ (if config.git then ["${pkgs.git}"] else []); startupScript = pkgs.writeScript "activatePhabricator" '' diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix new file mode 100644 index 000000000000..0d2612aaa66b --- /dev/null +++ b/nixos/modules/services/web-servers/caddy.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.caddy; + configFile = pkgs.writeText "Caddyfile" cfg.config; +in +{ + options.services.caddy = { + enable = mkEnableOption "Caddy web server"; + + config = mkOption { + description = "Verbatim Caddyfile to use"; + }; + + email = mkOption { + default = ""; + type = types.string; + description = "Email address (for Let's Encrypt certificate)"; + }; + + dataDir = mkOption { + default = "/var/lib/caddy"; + type = types.path; + description = "The data directory, for storing certificates."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.caddy = { + description = "Caddy web server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.caddy}/bin/caddy -conf=${configFile} -email=${cfg.email}"; + Type = "simple"; + User = "caddy"; + Group = "caddy"; + AmbientCapabilities = "cap_net_bind_service"; + }; + }; + + users.extraUsers.caddy = { + group = "caddy"; + uid = config.ids.uids.caddy; + home = cfg.dataDir; + createHome = true; + }; + + users.extraGroups.caddy.gid = config.ids.uids.caddy; + }; +} diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index be7700424bc6..b112fc2422a7 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -166,7 +166,7 @@ in { }; environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" - "${gnome3.glib_networking}/lib/gio/modules" + "${gnome3.glib_networking.out}/lib/gio/modules" "${gnome3.gvfs}/lib/gio/modules" ]; environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath ++ (removePackagesByName gnome3.optionalPackages config.environment.gnome3.excludePackages); diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index 71361bae82dc..4f74d5732af5 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -62,13 +62,13 @@ in ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ''} - exec ${kde5.plasma-workspace}/bin/startkde + exec startkde ''; }; security.setuidOwners = singleton { program = "kcheckpass"; - source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass"; + source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; owner = "root"; group = "root"; setuid = true; @@ -171,12 +171,12 @@ in # Enable GTK applications to load SVG icons environment.variables = mkIf (lib.hasAttr "breeze-icons" kde5) { - GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; + GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; }; fonts.fonts = [ (kde5.oxygen-fonts or pkgs.noto-fonts) ]; - programs.ssh.askPassword = "${kde5.ksshaskpass}/bin/ksshaskpass"; + programs.ssh.askPassword = "${kde5.ksshaskpass.out}/bin/ksshaskpass"; # Enable helpful DBus services. services.udisks2.enable = true; diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 7dffdfc2b36c..be634fc259a2 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -45,7 +45,7 @@ let ${optionalString cfg.startDbusSession '' if test -z "$DBUS_SESSION_BUS_ADDRESS"; then - exec ${pkgs.dbus.tools}/bin/dbus-launch --exit-with-session "$0" "$sessionType" + exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "$sessionType" fi ''} @@ -55,11 +55,11 @@ let # Start PulseAudio if enabled. ${optionalString (config.hardware.pulseaudio.enable) '' ${optionalString (!config.hardware.pulseaudio.systemWide) - "${config.hardware.pulseaudio.package}/bin/pulseaudio --start" + "${config.hardware.pulseaudio.package.out}/bin/pulseaudio --start" } # Publish access credentials in the root window. - ${config.hardware.pulseaudio.package}/bin/pactl load-module module-x11-publish "display=$DISPLAY" + ${config.hardware.pulseaudio.package.out}/bin/pactl load-module module-x11-publish "display=$DISPLAY" ''} # Tell systemd about our $DISPLAY. This is needed by the @@ -275,7 +275,7 @@ in }; config = { - services.xserver.displayManager.xserverBin = "${xorg.xorgserver}/bin/X"; + services.xserver.displayManager.xserverBin = "${xorg.xorgserver.out}/bin/X"; }; imports = [ diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index f5b6c20c5a05..543dd628ce66 100644 --- a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -24,9 +24,9 @@ let # This wrapper ensures that we actually get themes makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \ $out/greeter \ - --prefix PATH : "${pkgs.glibc}/bin" \ - --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ - --set GTK_PATH "${theme}:${pkgs.gtk3}" \ + --prefix PATH : "${pkgs.glibc.bin}/bin" \ + --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ + --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \ --set GTK_EXE_PREFIX "${theme}" \ --set GTK_DATA_PREFIX "${theme}" \ --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \ diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix index 4d61afe0eaeb..7a17a222bcab 100644 --- a/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixos/modules/services/x11/display-managers/sddm.nix @@ -48,7 +48,7 @@ let [XDisplay] MinimumVT=${toString xcfg.tty} ServerPath=${xserverWrapper} - XephyrPath=${pkgs.xorg.xorgserver}/bin/Xephyr + XephyrPath=${pkgs.xorg.xorgserver.out}/bin/Xephyr SessionCommand=${dmcfg.session.script} SessionDir=${dmcfg.session.desktops} XauthPath=${pkgs.xorg.xauth}/bin/xauth diff --git a/nixos/modules/services/x11/terminal-server.nix b/nixos/modules/services/x11/terminal-server.nix index 4d5dbd604159..09d0ab077515 100644 --- a/nixos/modules/services/x11/terminal-server.nix +++ b/nixos/modules/services/x11/terminal-server.nix @@ -41,7 +41,7 @@ with lib; { description = "Terminal Server"; path = - [ pkgs.xorgserver pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth + [ pkgs.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash ]; diff --git a/nixos/modules/services/x11/window-managers/metacity.nix b/nixos/modules/services/x11/window-managers/metacity.nix index 3e5229be634f..2957ad91be45 100644 --- a/nixos/modules/services/x11/window-managers/metacity.nix +++ b/nixos/modules/services/x11/window-managers/metacity.nix @@ -20,7 +20,7 @@ in services.xserver.windowManager.session = singleton { name = "metacity"; start = '' - env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ + env LD_LIBRARY_PATH=${xorg.libX11.out}/lib:${xorg.libXext.out}/lib:/usr/lib/ # !!! Hack: load the schemas for Metacity. GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */ diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 70df18b40209..dcf9f820f59c 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -456,7 +456,7 @@ in ]); environment.systemPackages = - [ xorg.xorgserver + [ xorg.xorgserver.out xorg.xrandr xorg.xrdb xorg.setxkbmap @@ -466,6 +466,7 @@ in xorg.xsetroot xorg.xinput xorg.xprop + xorg.xauth pkgs.xterm pkgs.xdg_utils ] @@ -493,7 +494,7 @@ in XKB_BINDIR = "${xorg.xkbcomp}/bin"; # Needed for the Xkb extension. XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. LD_LIBRARY_PATH = concatStringsSep ":" ( - [ "${xorg.libX11}/lib" "${xorg.libXext}/lib" ] + [ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" ] ++ concatLists (catAttrs "libPath" cfg.drivers)); } // cfg.displayManager.job.environment; @@ -513,8 +514,7 @@ in }; services.xserver.displayManager.xserverArgs = - [ "-ac" - "-terminate" + [ "-terminate" "-config ${configFile}" "-xkbdir" "${cfg.xkbDir}" ] ++ optional (cfg.display != null) ":${toString cfg.display}" @@ -525,7 +525,7 @@ in services.xserver.modules = concatLists (catAttrs "modules" cfg.drivers) ++ - [ xorg.xorgserver + [ xorg.xorgserver.out xorg.xf86inputevdev ]; diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 854fa2f40b69..9d61d64f7553 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -12,7 +12,8 @@ let ''; }); - path = + path = map # outputs TODO? + (pkg: (pkg.bin or (pkg.out or pkg))) [ pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.glibc # needed for getent pkgs.shadow diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 59bff5472e84..77a82547031a 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -436,9 +436,9 @@ in ${optionalString luks.yubikeySupport '' copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo - copy_bin_and_libs ${pkgs.openssl}/bin/openssl + copy_bin_and_libs ${pkgs.openssl.bin}/bin/openssl - cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto + cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl.out}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto strip -s pbkdf2-sha512 copy_bin_and_libs pbkdf2-sha512 diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 7b13a305f035..7e84dd204773 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -80,7 +80,7 @@ let ${config.boot.initrd.extraUtilsCommands} # Copy ld manually since it isn't detected correctly - cp -pv ${pkgs.glibc}/lib/ld*.so.? $out/lib + cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib # Copy all of the needed libraries for the binaries for BIN in $(find $out/{bin,sbin} -type f); do diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index c0ef4e02d1ff..b67f42a017e6 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -7,11 +7,14 @@ let kernel = config.boot.kernelPackages.kernel; activateConfiguration = config.system.activationScripts.script; - readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} '' - mkdir -p $out/bin - cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint - strip -s $out/bin/readonly-mountpoint - ''; + readonlyMountpoint = pkgs.stdenv.mkDerivation { + name = "readonly-mountpoint"; + unpackPhase = "true"; + installPhase = '' + mkdir -p $out/bin + cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint + ''; + }; bootStage2 = pkgs.substituteAll { src = ./stage-2-init.sh; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index a3c83521c354..3f497566ff11 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -472,6 +472,13 @@ in ''; }; + systemd.generator-packages = mkOption { + default = []; + type = types.listOf types.package; + example = literalExample "[ pkgs.systemd-cryptsetup-generator ]"; + description = "Packages providing systemd generators."; + }; + systemd.defaultUnit = mkOption { default = "multi-user.target"; type = types.str; @@ -628,7 +635,18 @@ in environment.systemPackages = [ systemd ]; - environment.etc = { + environment.etc = let + # generate contents for /etc/systemd/system-generators from + # systemd.generators and systemd.generator-packages + generators = pkgs.runCommand "system-generators" { packages = cfg.generator-packages; } '' + mkdir -p $out + for package in $packages + do + ln -s $package/lib/systemd/system-generators/* $out/ + done; + ${concatStrings (mapAttrsToList (generator: target: "ln -s ${target} $out/${generator};\n") cfg.generators)} + ''; + in ({ "systemd/system".source = generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants; "systemd/user".source = generateUnits "user" cfg.user.units upstreamUserUnits []; @@ -667,7 +685,9 @@ in ${concatStringsSep "\n" cfg.tmpfiles.rules} ''; - } // mapAttrs' (n: v: nameValuePair "systemd/system-generators/${n}" {"source"=v;}) cfg.generators; + + "systemd/system-generators" = { source = generators; }; + }); system.activationScripts.systemd = stringAfter [ "groups" ] '' diff --git a/nixos/modules/tasks/filesystems/unionfs-fuse.nix b/nixos/modules/tasks/filesystems/unionfs-fuse.nix index 3e38bffa3ba2..1dcc4c87e3ce 100644 --- a/nixos/modules/tasks/filesystems/unionfs-fuse.nix +++ b/nixos/modules/tasks/filesystems/unionfs-fuse.nix @@ -18,9 +18,9 @@ boot.initrd.postDeviceCommands = '' # Hacky!!! fuse hard-codes the path to mount - mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin - ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin - ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin + mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin + ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin + ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin ''; }) diff --git a/nixos/modules/tasks/filesystems/xfs.nix b/nixos/modules/tasks/filesystems/xfs.nix index d7c3930f4a3c..c6a90bcf1a51 100644 --- a/nixos/modules/tasks/filesystems/xfs.nix +++ b/nixos/modules/tasks/filesystems/xfs.nix @@ -11,13 +11,13 @@ in { config = mkIf (any (fs: fs == "xfs") config.boot.supportedFilesystems) { - system.fsPackages = [ pkgs.xfsprogs ]; + system.fsPackages = [ pkgs.xfsprogs.bin ]; boot.initrd.availableKernelModules = mkIf inInitrd [ "xfs" "crc32c" ]; boot.initrd.extraUtilsCommands = mkIf inInitrd '' - copy_bin_and_libs ${pkgs.xfsprogs}/sbin/fsck.xfs + copy_bin_and_libs ${pkgs.xfsprogs.bin}/bin/fsck.xfs ''; # Trick just to set 'sh' after the extraUtils nuke-refs. diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix index a025aee7cfeb..9733bd6fac46 100644 --- a/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixos/modules/virtualisation/virtualbox-guest.nix @@ -66,7 +66,7 @@ in services.xserver.displayManager.sessionCommands = '' - PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver ]}:$PATH \ + PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver.out ]}:$PATH \ ${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all ''; diff --git a/nixos/tests/cadvisor.nix b/nixos/tests/cadvisor.nix index 1644cb856cec..c55b08c0e924 100644 --- a/nixos/tests/cadvisor.nix +++ b/nixos/tests/cadvisor.nix @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ... } : { services.cadvisor.storageDriver = "influxdb"; services.influxdb.enable = true; systemd.services.influxdb.postStart = mkAfter '' - ${pkgs.curl}/bin/curl -X POST 'http://localhost:8086/db?u=root&p=root' \ + ${pkgs.curl.bin}/bin/curl -X POST 'http://localhost:8086/db?u=root&p=root' \ -d '{"name": "root"}' ''; }; diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix index ded8275000af..93aeb60e456a 100644 --- a/nixos/tests/common/user-account.nix +++ b/nixos/tests/common/user-account.nix @@ -1,9 +1,14 @@ { lib, ... }: -{ users.extraUsers = lib.singleton +{ users.extraUsers.alice = { isNormalUser = true; - name = "alice"; description = "Alice Foobar"; password = "foobar"; }; + + users.extraUsers.bob = + { isNormalUser = true; + description = "Bob Foobar"; + password = "foobar"; + }; } diff --git a/nixos/tests/gnome3-gdm.nix b/nixos/tests/gnome3-gdm.nix index 1c07ddf79c2e..42425b57ba33 100644 --- a/nixos/tests/gnome3-gdm.nix +++ b/nixos/tests/gnome3-gdm.nix @@ -32,6 +32,7 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow(qr/Terminal/); $machine->sleep(20); $machine->screenshot("screen"); diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index 714b35503706..50e7f4eace3b 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -27,6 +27,7 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow(qr/Terminal/); $machine->mustSucceed("timeout 900 bash -c 'journalctl -f|grep -m 1 \"GNOME Shell started\"'"); $machine->sleep(10); diff --git a/nixos/tests/i3wm.nix b/nixos/tests/i3wm.nix index 627a150f641b..4685992d7a05 100644 --- a/nixos/tests/i3wm.nix +++ b/nixos/tests/i3wm.nix @@ -13,6 +13,8 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = { nodes, ... }: '' $machine->waitForX; + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow(qr/first configuration/); $machine->sleep(1); $machine->screenshot("started"); diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 05c3f267eb93..48d5fecad921 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -108,8 +108,8 @@ let $machine->waitUntilSucceeds("cat /proc/swaps | grep -q /dev"); # Check whether the channel works. - $machine->succeed("nix-env -iA nixos.coreutils >&2"); - $machine->succeed("type -tP ls | tee /dev/stderr") =~ /.nix-profile/ + $machine->succeed("nix-env -iA nixos.procps >&2"); + $machine->succeed("type -tP ps | tee /dev/stderr") =~ /.nix-profile/ or die "nix-env failed"; # We need to a writable nix-store on next boot. diff --git a/nixos/tests/kde4.nix b/nixos/tests/kde4.nix index dc61658cd1c4..2693fb4fbf0a 100644 --- a/nixos/tests/kde4.nix +++ b/nixos/tests/kde4.nix @@ -41,11 +41,13 @@ import ./make-test.nix ({ pkgs, ... }: { pkgs.kde4.kdenetwork pkgs.kde4.kdetoys pkgs.kde4.kdewebdev + pkgs.xorg.xmessage ]; }; - testScript = '' + testScript = '' $machine->waitUntilSucceeds("pgrep plasma-desktop"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow(qr/plasma-desktop/); # Check that logging in has given the user ownership of devices. @@ -62,7 +64,7 @@ import ./make-test.nix ({ pkgs, ... }: { $machine->sleep(10); - $machine->screenshot("screen"); + $machine->screenshot("screen"); ''; }) diff --git a/nixos/tests/lightdm.nix b/nixos/tests/lightdm.nix index f30f9062dcde..97ec79406b88 100644 --- a/nixos/tests/lightdm.nix +++ b/nixos/tests/lightdm.nix @@ -22,6 +22,8 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->waitForText(qr/${user.description}/); $machine->screenshot("lightdm"); $machine->sendChars("${user.password}\n"); + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow("^IceWM "); ''; }) diff --git a/nixos/tests/sddm-kde5.nix b/nixos/tests/sddm-kde5.nix index 476cb732e252..f97a6d12b63c 100644 --- a/nixos/tests/sddm-kde5.nix +++ b/nixos/tests/sddm-kde5.nix @@ -24,6 +24,8 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = { nodes, ... }: '' startAll; + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow("^IceWM "); ''; }) diff --git a/nixos/tests/sddm.nix b/nixos/tests/sddm.nix index e11b5714d5c2..22a9e1bd2c7c 100644 --- a/nixos/tests/sddm.nix +++ b/nixos/tests/sddm.nix @@ -23,6 +23,8 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = { nodes, ... }: '' startAll; + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow("^IceWM "); ''; }) diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index c131ef7dc8cd..c8b18f122658 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -15,11 +15,15 @@ import ./make-test.nix ({ pkgs, ...} : { services.xserver.displayManager.auto.user = "alice"; services.xserver.desktopManager.xfce.enable = true; + + environment.systemPackages = [ pkgs.xorg.xmessage ]; }; testScript = '' $machine->waitForX; + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->waitForWindow(qr/xfce4-panel/); $machine->sleep(10); @@ -30,5 +34,9 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->waitForWindow(qr/Terminal/); $machine->sleep(10); $machine->screenshot("screen"); + + # Ensure that the X server does proper access control. + $machine->mustFail("su - bob -c 'DISPLAY=:0.0 xmessage Foo'"); + $machine->mustFail("su - bob -c 'DISPLAY=:0 xmessage Foo'"); ''; }) |