5 changes: 5 additions & 0 deletions 5 lib/default.nix

Show comments

View file Edit file Delete file

		@@ -1,3 +1,8 @@
		/* Library of low-level helper functions for nix expressions.
		*
		* Please implement (mostly) exhaustive unit tests
		* for new functions in `./tests.nix'.
		*/
		let
		# trivial, often used functions
Expand Down

5 changes: 5 additions & 0 deletions 5 lib/licenses.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -357,6 +357,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
		fullName = "Lucent Public License v1.02";
		};
		miros = {
		fullname = "MirOS License";
		url = https://opensource.org/licenses/MirOS;
		};
		# spdx.org does not (yet) differentiate between the X11 and Expat versions
		# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
		mit = spdx {
Expand Down

10 changes: 10 additions & 0 deletions 10 lib/tests.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -277,4 +277,14 @@ runTests {
		expected = [ "2001" "db8" "0" "0042" "" "8a2e" "370" "" ];
		};
		testComposeExtensions = {
		expr = let obj = makeExtensible (self: { foo = self.bar; });
		f = self: super: { bar = false; baz = true; };
		g = self: super: { bar = super.baz or false; };
		f_o_g = composeExtensions f g;
		composed = obj.extend f_o_g;
		in composed.foo;
		expected = true;
		};
		}

14 changes: 14 additions & 0 deletions 14 lib/trivial.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -30,6 +30,11 @@ rec {
		/* boolean “and” */
		and = x: y: x && y;
		/* Convert a boolean to a string.
		Note that toString on a bool returns "1" and "".
		*/
		boolToString = b: if b then "true" else "false";
		/* Merge two attribute sets shallowly, right side trumps left
		Example:
Expand Down Expand Up		@@ -80,6 +85,15 @@ rec {
		# argument, but it's nice this way if several uses of `extends` are cascaded.
		extends = f: rattrs: self: let super = rattrs self; in super // f self super;
		# Compose two extending functions of the type expected by 'extends'
		# into one where changes made in the first are available in the
		# 'super' of the second
		composeExtensions =
		f: g: self: super:
		let fApplied = f self super;
		super' = super // fApplied;
		in fApplied // g self super';
		# Create an overridable, recursive attribute set. For example:
		#
		# nix-repl> obj = makeExtensible (self: { })
Expand Down

2 changes: 2 additions & 0 deletions 2 nixos/doc/manual/release-notes/rl-1709.xml

Show comments

View file Edit file Delete file

Expand Up		@@ -35,6 +35,8 @@ following incompatible changes:</para>
		<itemizedlist>
		<listitem>
		<para>
		Top-level <literal>idea</literal> package collection was renamed.
		All JetBrains IDEs are now at <literal>jetbrains</literal>.
		</para>
		</listitem>
		</itemizedlist>
Expand Down

28 changes: 18 additions & 10 deletions 28 nixos/maintainers/scripts/gce/create-gce.sh

Show comments

View file Edit file Delete file

		@@ -1,15 +1,23 @@
		#! /bin/sh -e
		#!/usr/bin/env nix-shell
		#! nix-shell -i bash -p google-cloud-sdk
		BUCKET_NAME=${BUCKET_NAME:-nixos-images}
		export NIX_PATH=nixpkgs=../../../..
		export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/google-compute-image.nix
		export TIMESTAMP=$(date +%Y%m%d%H%M)
		set -euo pipefail
		BUCKET_NAME="${BUCKET_NAME:-nixos-images}"
		TIMESTAMP="$(date +%Y%m%d%H%M)"
		export TIMESTAMP
		nix-build '<nixpkgs/nixos>' \
		-A config.system.build.googleComputeImage --argstr system x86_64-linux -o gce --option extra-binary-caches http://hydra.nixos.org -j 10
		-A config.system.build.googleComputeImage \
		--arg configuration "{ imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; }" \
		--argstr system x86_64-linux \
		-o gce \
		-j 10
		img=$(echo gce/*.tar.gz)
		if ! gsutil ls gs://${BUCKET_NAME}/$(basename $img); then
		gsutil cp $img gs://${BUCKET_NAME}/$(basename $img)
		img_path=$(echo gce/*.tar.gz)
		img_name=$(basename "$img_path")
		img_id=$(echo "$img_name" | sed 's|.raw.tar.gz$||;s|\.|-|g;s|_|-|g')
		if ! gsutil ls "gs://${BUCKET_NAME}/$img_name"; then
		gsutil cp "$img_path" "gs://${BUCKET_NAME}/$img_name"
		fi
		gcloud compute images create $(basename $img .raw.tar.gz | sed 's|\.|-|' | sed 's|_|-|') --source-uri gs://${BUCKET_NAME}/$(basename $img)
		gcloud compute images create "$img_id" --source-uri "gs://${BUCKET_NAME}/$img_name"

2 changes: 1 addition & 1 deletion 2 nixos/modules/config/fonts/fontconfig-penultimate.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -5,7 +5,7 @@ with lib;
		let
		cfg = config.fonts.fontconfig;
		fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
		fcBool = x: "<bool>" + (boolToString x) + "</bool>";
		# back-supported fontconfig version and package
		# version is used for font cache generation
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/config/fonts/fontconfig.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -20,7 +20,7 @@ with lib;
		let cfg = config.fonts.fontconfig;
		fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
		fcBool = x: "<bool>" + (boolToString x) + "</bool>";
		# back-supported fontconfig version and package
		# version is used for font cache generation
Expand Down

9 changes: 8 additions & 1 deletion 9 nixos/modules/security/acme.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -19,6 +19,12 @@ let
		'';
		};
		domain = mkOption {
		type = types.nullOr types.str;
		default = null;
		description = "Domain to fetch certificate for (defaults to the entry name)";
		};
		email = mkOption {
		type = types.nullOr types.str;
		default = null;
Expand Down Expand Up		@@ -157,9 +163,10 @@ in
		servicesLists = mapAttrsToList certToServices cfg.certs;
		certToServices = cert: data:
		let
		domain = if data.domain != null then data.domain else cert;
		cpath = "${cfg.directory}/${cert}";
		rights = if data.allowKeysForGroup then "750" else "700";
		cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ]
		cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
		++ optionals (data.email != null) [ "--email" data.email ]
		++ concatMap (p: [ "-f" p ]) data.plugins
		++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);
Expand Down

14 changes: 7 additions & 7 deletions 14 nixos/modules/services/cluster/kubernetes.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -612,16 +612,16 @@ in {
		--require-kubeconfig \
		--address=${cfg.kubelet.address} \
		--port=${toString cfg.kubelet.port} \
		--register-node=${if cfg.kubelet.registerNode then "true" else "false"} \
		--register-schedulable=${if cfg.kubelet.registerSchedulable then "true" else "false"} \
		--register-node=${boolToString cfg.kubelet.registerNode} \
		--register-schedulable=${boolToString cfg.kubelet.registerSchedulable} \
		${optionalString (cfg.kubelet.tlsCertFile != null)
		"--tls-cert-file=${cfg.kubelet.tlsCertFile}"} \
		${optionalString (cfg.kubelet.tlsKeyFile != null)
		"--tls-private-key-file=${cfg.kubelet.tlsKeyFile}"} \
		--healthz-bind-address=${cfg.kubelet.healthz.bind} \
		--healthz-port=${toString cfg.kubelet.healthz.port} \
		--hostname-override=${cfg.kubelet.hostname} \
		--allow-privileged=${if cfg.kubelet.allowPrivileged then "true" else "false"} \
		--allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \
		--root-dir=${cfg.dataDir} \
		--cadvisor_port=${toString cfg.kubelet.cadvisorPort} \
		${optionalString (cfg.kubelet.clusterDns != "")
Expand Down Expand Up		@@ -670,14 +670,14 @@ in {
		--bind-address=0.0.0.0 \
		${optionalString (cfg.apiserver.advertiseAddress != null)
		"--advertise-address=${cfg.apiserver.advertiseAddress}"} \
		--allow-privileged=${if cfg.apiserver.allowPrivileged then "true" else "false"} \
		--allow-privileged=${boolToString cfg.apiserver.allowPrivileged}\
		${optionalString (cfg.apiserver.tlsCertFile != null)
		"--tls-cert-file=${cfg.apiserver.tlsCertFile}"} \
		${optionalString (cfg.apiserver.tlsKeyFile != null)
		"--tls-private-key-file=${cfg.apiserver.tlsKeyFile}"} \
		${optionalString (cfg.apiserver.tokenAuth != null)
		"--token-auth-file=${cfg.apiserver.tokenAuth}"} \
		--kubelet-https=${if cfg.apiserver.kubeletHttps then "true" else "false"} \
		--kubelet-https=${boolToString cfg.apiserver.kubeletHttps} \
		${optionalString (cfg.apiserver.kubeletClientCaFile != null)
		"--kubelet-certificate-authority=${cfg.apiserver.kubeletClientCaFile}"} \
		${optionalString (cfg.apiserver.kubeletClientCertFile != null)
Expand Down Expand Up		@@ -719,7 +719,7 @@ in {
		ExecStart = ''${cfg.package}/bin/kube-scheduler \
		--address=${cfg.scheduler.address} \
		--port=${toString cfg.scheduler.port} \
		--leader-elect=${if cfg.scheduler.leaderElect then "true" else "false"} \
		--leader-elect=${boolToString cfg.scheduler.leaderElect} \
		--kubeconfig=${kubeconfig} \
		${optionalString cfg.verbose "--v=6"} \
		${optionalString cfg.verbose "--log-flush-frequency=1s"} \
Expand All		@@ -744,7 +744,7 @@ in {
		--address=${cfg.controllerManager.address} \
		--port=${toString cfg.controllerManager.port} \
		--kubeconfig=${kubeconfig} \
		--leader-elect=${if cfg.controllerManager.leaderElect then "true" else "false"} \
		--leader-elect=${boolToString cfg.controllerManager.leaderElect} \
		${if (cfg.controllerManager.serviceAccountKeyFile!=null)
		then "--service-account-private-key-file=${cfg.controllerManager.serviceAccountKeyFile}"
		else "--service-account-private-key-file=/var/run/kubernetes/apiserver.key"} \
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/services/continuous-integration/hydra/default.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -328,7 +328,7 @@ in
		IN_SYSTEMD = "1"; # to get log severity levels
		};
		serviceConfig =
		{ ExecStart = "@${cfg.package}/bin/hydra-queue-runner hydra-queue-runner -v --option build-use-substitutes ${if cfg.useSubstitutes then "true" else "false"}";
		{ ExecStart = "@${cfg.package}/bin/hydra-queue-runner hydra-queue-runner -v --option build-use-substitutes ${boolToString cfg.useSubstitutes}";
		ExecStopPost = "${cfg.package}/bin/hydra-queue-runner --unlock";
		User = "hydra-queue-runner";
		Restart = "always";
Expand Down

8 changes: 4 additions & 4 deletions 8 nixos/modules/services/databases/cassandra.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -21,8 +21,8 @@ let
		cassandraConf = ''
		cluster_name: ${cfg.clusterName}
		num_tokens: 256
		auto_bootstrap: ${if cfg.autoBootstrap then "true" else "false"}
		hinted_handoff_enabled: ${if cfg.hintedHandOff then "true" else "false"}
		auto_bootstrap: ${boolToString cfg.autoBootstrap}
		hinted_handoff_enabled: ${boolToString cfg.hintedHandOff}
		hinted_handoff_throttle_in_kb: ${builtins.toString cfg.hintedHandOffThrottle}
		max_hints_delivery_threads: 2
		max_hint_window_in_ms: 10800000 # 3 hours
Expand Down Expand Up		@@ -62,7 +62,7 @@ let
		rpc_keepalive: true
		rpc_server_type: sync
		thrift_framed_transport_size_in_mb: 15
		incremental_backups: ${if cfg.incrementalBackups then "true" else "false"}
		incremental_backups: ${boolToString cfg.incrementalBackups}
		snapshot_before_compaction: false
		auto_snapshot: true
		column_index_size_in_kb: 64
Expand All		@@ -89,7 +89,7 @@ let
		truststore: ${cfg.trustStorePath}
		truststore_password: ${cfg.trustStorePassword}
		client_encryption_options:
		enabled: ${if cfg.clientEncryption then "true" else "false"}
		enabled: ${boolToString cfg.clientEncryption}
		keystore: ${cfg.keyStorePath}
		keystore_password: ${cfg.keyStorePassword}
		internode_compression: all
Expand Down

2 changes: 0 additions & 2 deletions 2 nixos/modules/services/databases/mongodb.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -4,8 +4,6 @@ with lib;
		let
		b2s = x: if x then "true" else "false";
		cfg = config.services.mongodb;
		mongodb = cfg.package;
Expand Down

5 changes: 2 additions & 3 deletions 5 nixos/modules/services/logging/graylog.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -4,16 +4,15 @@ with lib;
		let
		cfg = config.services.graylog;
		configBool = b: if b then "true" else "false";
		confFile = pkgs.writeText "graylog.conf" ''
		is_master = ${configBool cfg.isMaster}
		is_master = ${boolToString cfg.isMaster}
		node_id_file = ${cfg.nodeIdFile}
		password_secret = ${cfg.passwordSecret}
		root_username = ${cfg.rootUsername}
		root_password_sha2 = ${cfg.rootPasswordSha2}
		elasticsearch_cluster_name = ${cfg.elasticsearchClusterName}
		elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
		elasticsearch_discovery_zen_ping_multicast_enabled = ${boolToString cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
		elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts}
		message_journal_dir = ${cfg.messageJournalDir}
		mongodb_uri = ${cfg.mongodbUri}
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/services/misc/cgminer.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -6,7 +6,7 @@ let
		cfg = config.services.cgminer;
		convType = with builtins;
		v: if isBool v then (if v then "true" else "false") else toString v;
		v: if isBool v then boolToString v else toString v;
		mergedHwConfig =
		mapAttrsToList (n: v: ''"${n}": "${(concatStringsSep "," (map convType v))}"'')
		(foldAttrs (n: a: [n] ++ a) [] cfg.hardware);
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/services/misc/confd.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -12,7 +12,7 @@ let
		nodes = [ ${concatMapStringsSep "," (s: ''"${s}"'') cfg.nodes}, ]
		prefix = "${cfg.prefix}"
		log-level = "${cfg.logLevel}"
		watch = ${if cfg.watch then "true" else "false"}
		watch = ${boolToString cfg.watch}
		'';
		in {
Expand Down

25 changes: 12 additions & 13 deletions 25 nixos/modules/services/misc/matrix-synapse.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -5,9 +5,8 @@ with lib;
		let
		cfg = config.services.matrix-synapse;
		logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
		mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${fromBool r.compress}}'';
		mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${fromBool l.tls}, x_forwarded: ${fromBool l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
		fromBool = x: if x then "true" else "false";
		mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
		mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
		configFile = pkgs.writeText "homeserver.yaml" ''
		${optionalString (cfg.tls_certificate_path != null) ''
		tls_certificate_path: "${cfg.tls_certificate_path}"
Expand All		@@ -18,7 +17,7 @@ tls_private_key_path: "${cfg.tls_private_key_path}"
		${optionalString (cfg.tls_dh_params_path != null) ''
		tls_dh_params_path: "${cfg.tls_dh_params_path}"
		''}
		no_tls: ${fromBool cfg.no_tls}
		no_tls: ${boolToString cfg.no_tls}
		${optionalString (cfg.bind_port != null) ''
		bind_port: ${toString cfg.bind_port}
		''}
Expand All		@@ -30,7 +29,7 @@ bind_host: "${cfg.bind_host}"
		''}
		server_name: "${cfg.server_name}"
		pid_file: "/var/run/matrix-synapse.pid"
		web_client: ${fromBool cfg.web_client}
		web_client: ${boolToString cfg.web_client}
		${optionalString (cfg.public_baseurl != null) ''
		public_baseurl: "${cfg.public_baseurl}"
		''}
Expand Down Expand Up		@@ -58,35 +57,35 @@ media_store_path: "/var/lib/matrix-synapse/media"
		uploads_path: "/var/lib/matrix-synapse/uploads"
		max_upload_size: "${cfg.max_upload_size}"
		max_image_pixels: "${cfg.max_image_pixels}"
		dynamic_thumbnails: ${fromBool cfg.dynamic_thumbnails}
		url_preview_enabled: ${fromBool cfg.url_preview_enabled}
		dynamic_thumbnails: ${boolToString cfg.dynamic_thumbnails}
		url_preview_enabled: ${boolToString cfg.url_preview_enabled}
		${optionalString (cfg.url_preview_enabled == true) ''
		url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist}
		url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist}
		url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist}
		''}
		recaptcha_private_key: "${cfg.recaptcha_private_key}"
		recaptcha_public_key: "${cfg.recaptcha_public_key}"
		enable_registration_captcha: ${fromBool cfg.enable_registration_captcha}
		enable_registration_captcha: ${boolToString cfg.enable_registration_captcha}
		turn_uris: ${builtins.toJSON cfg.turn_uris}
		turn_shared_secret: "${cfg.turn_shared_secret}"
		enable_registration: ${fromBool cfg.enable_registration}
		enable_registration: ${boolToString cfg.enable_registration}
		${optionalString (cfg.registration_shared_secret != null) ''
		registration_shared_secret: "${cfg.registration_shared_secret}"
		''}
		recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
		turn_user_lifetime: "${cfg.turn_user_lifetime}"
		user_creation_max_duration: ${cfg.user_creation_max_duration}
		bcrypt_rounds: ${cfg.bcrypt_rounds}
		allow_guest_access: ${fromBool cfg.allow_guest_access}
		allow_guest_access: ${boolToString cfg.allow_guest_access}
		trusted_third_party_id_servers: ${builtins.toJSON cfg.trusted_third_party_id_servers}
		room_invite_state_types: ${builtins.toJSON cfg.room_invite_state_types}
		${optionalString (cfg.macaroon_secret_key != null) ''
		macaroon_secret_key: "${cfg.macaroon_secret_key}"
		''}
		expire_access_token: ${fromBool cfg.expire_access_token}
		enable_metrics: ${fromBool cfg.enable_metrics}
		report_stats: ${fromBool cfg.report_stats}
		expire_access_token: ${boolToString cfg.expire_access_token}
		enable_metrics: ${boolToString cfg.enable_metrics}
		report_stats: ${boolToString cfg.report_stats}
		signing_key_path: "/var/lib/matrix-synapse/homeserver.signing.key"
		key_refresh_interval: "${cfg.key_refresh_interval}"
		perspectives:
Expand Down

4 changes: 2 additions & 2 deletions 4 nixos/modules/services/misc/nix-daemon.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -41,12 +41,12 @@ let
		build-users-group = nixbld
		build-max-jobs = ${toString (cfg.maxJobs)}
		build-cores = ${toString (cfg.buildCores)}
		build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox}
		build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
		build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
		binary-caches = ${toString cfg.binaryCaches}
		trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
		binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
		auto-optimise-store = ${if cfg.autoOptimiseStore then "true" else "false"}
		auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
		${optionalString cfg.requireSignedBinaryCaches ''
		signed-binary-caches = *
		''}
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/services/misc/taskserver/default.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -128,7 +128,7 @@ let
		certBits = cfg.pki.auto.bits;
		clientExpiration = cfg.pki.auto.expiration.client;
		crlExpiration = cfg.pki.auto.expiration.crl;
		isAutoConfig = if needToCreateCA then "True" else "False";
		isAutoConfig = boolToString needToCreateCA;
		}}" > "$out/main.py"
		cat > "$out/setup.py" <<EOF
		from setuptools import setup
Expand Down

2 changes: 1 addition & 1 deletion 2 nixos/modules/services/monitoring/collectd.nix

Show comments

View file Edit file Delete file

Expand Up		@@ -8,7 +8,7 @@ let
		conf = pkgs.writeText "collectd.conf" ''
		BaseDir "${cfg.dataDir}"
		PIDFile "${cfg.pidFile}"
		AutoLoadPlugin ${if cfg.autoLoadPlugin then "true" else "false"}
		AutoLoadPlugin ${boolToString cfg.autoLoadPlugin}
		Hostname "${config.networking.hostName}"
		LoadPlugin syslog
Expand Down