Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 6fa31bc49c75
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 355d39c02c53
Choose a head ref
27 contributors

Commits on Jul 9, 2017

  1. zipkin-server: init at 1.28.1

    @hectorj
    hectorj committed Jul 9, 2017
    Copy the full SHA
    3fc8337 View commit details

  2. remove extra-line

    @hectorj
    hectorj committed Jul 9, 2017
    Copy the full SHA
    6e9f0f6 View commit details

  3. zipkin-server => zipkin in all-packages

    @hectorj
    hectorj committed Jul 9, 2017
    Copy the full SHA
    8317144 View commit details

Commits on Nov 16, 2017

  1. nixos/nsd: automatic DNSSEC using BIND toolset

    Gregor Kleen committed Nov 16, 2017
    Copy the full SHA
    9826f5c View commit details

Commits on Nov 17, 2017

  1. nixpkgs/bind: use python3

    Gregor Kleen committed Nov 17, 2017
    Copy the full SHA
    a2e40f7 View commit details

Commits on Nov 22, 2017

  1. Update sssd integration with pam as documented by RedHat

    @PsyanticY
    PsyanticY committed Nov 22, 2017
    Copy the full SHA
    de67f50 View commit details

Commits on Nov 24, 2017

  1. boinc service: use an FHS environment 

    While BOINC itself is open source, many of the project applications
it runs are not. Additionally, these project applications are
checksummed before they are run, so they can't be patched. This
means we can't make the project applications find required binaries/libraries
on a NixOS system. The solution is therefore to make said binaries
and libraries appear in the expected locations, by wrapping BOINC
in an FHS-compatible environment [1].

An `extraEnvPackages` is also added to allow more packages to
be added into this environment. The documentation for this option
describes some practical use cases for it.

[1] https://nixos.org/nixpkgs/manual/#sec-fhs-environments

Version 2: fixed Docbook list formatting, minor rewording

Version 3: rebase onto master (9c048f4)

Version 4: fix usage of targetPkgs argument to buildFHSUserEnv
    @kierdavis
    kierdavis committed Nov 24, 2017
    Copy the full SHA
    9fad70f View commit details

Commits on Dec 4, 2017

  1. Add bash to jira PATH: required by health checks.

    @jbgi
    jbgi authored Dec 4, 2017
    Copy the full SHA
    5027f3f View commit details

Commits on Feb 28, 2018

  1. nixos: add the strongswan-swanctl service 

    The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.

Instead of using starter and an ipsec.conf based configuration, the daemon is directly
managed by systemd and configured with the swanctl configuration backend.

See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd

Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.
    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    bd24b3a View commit details

  2. strongswan-swanctl: support strongswan-5.6.1 configuration options 

    I determined which options got changed by executing the following
commands in the strongswan repository:

  git diff -U20 5.6.0..5.6.1 src/swanctl/swanctl.opt
  git diff -U20 5.6.0..5.6.1 conf
    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    7cc5ee2 View commit details

  3. strongswan-swanctl: don't generate options for charon 

    This reduces the number of options from 1152 to 756.
    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    7c94804 View commit details

  4. strongswan-swanctl: support strongswan-5.6.2 configuration options

    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    592a89b View commit details

  5. strongswan-swanctl: fix test

    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    ee95cb8 View commit details

  6. strongswan-swanctl: disable the structured strongswan config for now … 

    …in favour of a literal config

This reduces the number of option by over 600.
    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    018f660 View commit details

  7. strongswan-swanctl: fixed type of 'file' options

    @basvandijk
    basvandijk committed Feb 28, 2018
    Copy the full SHA
    85abad9 View commit details

Commits on Mar 20, 2018

  1. emsciptenStdenv: allow reuse without ./autogen.sh 

    The configure phase of emscriptenStdenv exspects an ./autogen.sh script,
which is anoying when this step is not needed. Good example is
emscriptenPackages.zlib which needs to override configurePhase.
    @ck3d
    ck3d committed Mar 20, 2018
    Copy the full SHA
    38516ba View commit details

Commits on Mar 26, 2018

  1. strongswan-swanctl: actually removed the strongswan parameter files

    @basvandijk
    basvandijk committed Mar 26, 2018
    Copy the full SHA
    e9de38e View commit details

Commits on Apr 9, 2018

  1. dnsdist: init at 1.3.0

    @dasJ
    dasJ committed Apr 9, 2018
    Copy the full SHA
    e729255 View commit details

  2. libminc: 2.3.00 -> 2.3.01 (develop branch)

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    99dc5f4 View commit details

  3. perlPackages.TextFormat: init at 0.60

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    fa2cc0e View commit details

  4. minc-tools: 2.3.00 -> 2.3.01 (develop branch)

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    082b3f1 View commit details

  5. EBTKS: init at 1.6.50 (develop branch)

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    e7d447c View commit details

  6. perlPackages.MNI-Perllib: init at 0.08

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    6186489 View commit details

  7. mni_autoreg: init at 0.99.70

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    bd460f5 View commit details

  8. minc-widgets: init at "1.0.0" (package seems to lack a consistent ver… 

    …sion)
    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    f532f9f View commit details

  9. n3: init at 1.0.20

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    54c543b View commit details

  10. inormalize: init at 1.0.20 (develop branch)

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    e90d1e8 View commit details

  11. address license/version issues for PR #29782

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    cf2aac6 View commit details

  12. itk: enable more MINC support

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    c14342d View commit details

  13. bicpl: init at 2017-09-10

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    c9db4ca View commit details

  14. ezminc: init at 2017-08-29

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    de2f369 View commit details

  15. fix EBTKS version naming

    @bcdarwin
    Ben Darwin authored and bcdarwin committed Apr 9, 2018
    Copy the full SHA
    d094f52 View commit details

  16. arguments: init at 2015-11-30

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    6972e36 View commit details

  17. oobicpl: init at 2016-03-02

    @bcdarwin
    bcdarwin committed Apr 9, 2018
    Copy the full SHA
    c148892 View commit details

Commits on Apr 10, 2018

  1. disable a second libminc test

    @bcdarwin
    bcdarwin committed Apr 10, 2018
    Copy the full SHA
    524b606 View commit details

  2. delete broken alias

    @bcdarwin
    bcdarwin committed Apr 10, 2018
    Copy the full SHA
    1595f3c View commit details

  3. metadata fixes: EBTKS, MNI::Perllib, Text::Format

    Ben Darwin committed Apr 10, 2018
    Copy the full SHA
    12fa2f9 View commit details

  4. elastix: 4.8 -> 4.9.0

    @bcdarwin
    bcdarwin committed Apr 10, 2018
    Copy the full SHA
    efb02d3 View commit details

  5. Merge branch 'minc_ecosystem' of github.com:bcdarwin/nixpkgs into min… 

    …c_ecosystem
    @bcdarwin
    bcdarwin committed Apr 10, 2018
    Copy the full SHA
    1575136 View commit details

  6. c3d: updated rev still won't compile; mark broken

    @bcdarwin
    bcdarwin committed Apr 10, 2018
    Copy the full SHA
    6908f0c View commit details

Commits on Apr 11, 2018

  1. dovecot module: test dovecot's LDA 

    That's apparently not enough to catch the bug I ran into with the update
to 2.3.1, but at least it will check the LDA appears to work.
    @Ekleog
    Ekleog committed Apr 11, 2018
    Copy the full SHA
    4fddb8b View commit details

Commits on Apr 12, 2018

  1. storm: 1.0.1 -> 1.2.1

    @zlatko17
    zlatko17 committed Apr 12, 2018
    Copy the full SHA
    b8b3fea View commit details

Commits on Apr 18, 2018

  1. xxHash: 0.6.3.20171018 -> 0.6.4.20171222 

    Updated version of xxHash features a library target that may be useful
for some packages.
    John Children committed Apr 18, 2018
    Copy the full SHA
    f3cc667 View commit details

  2. zfs: patch exportfs path for sharenfs functionality

    @sorki
    sorki committed Apr 18, 2018
    Copy the full SHA
    1eddfaf View commit details

Commits on Apr 19, 2018

  1. visualvm: 1.3.9 -> 1.4

    @moaxcp
    moaxcp committed Apr 19, 2018
    Copy the full SHA
    a6ddd63 View commit details

  2. xmr-stak: 2.3.0 -> 2.4.3

    Lengyel Balázs committed Apr 19, 2018
    Copy the full SHA
    6f4a114 View commit details

Commits on Apr 20, 2018

  1. xmr-stak: 2.3.0 -> 2.4.3 

    Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/xmr-stak/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/xdp6rb1bvdmpkd77vbqq8dq175dfvrvl-xmr-stak-2.4.3/bin/xmr-stak -h’ got 0 exit code
- ran ‘/nix/store/xdp6rb1bvdmpkd77vbqq8dq175dfvrvl-xmr-stak-2.4.3/bin/xmr-stak --help’ got 0 exit code
- found 2.4.3 with grep in /nix/store/xdp6rb1bvdmpkd77vbqq8dq175dfvrvl-xmr-stak-2.4.3
- directory tree listing: https://gist.github.com/ba044f08ae439ad36ac7e143f14e0fb0
    R. RyanTM committed Apr 20, 2018
    Copy the full SHA
    42f2bd3 View commit details

  2. uftp: 4.9.5 -> 4.9.6 

    Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/uftp/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftpd help’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt -h’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt --help’ got 0 exit code
- ran ‘/nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6/bin/uftp_keymgt help’ got 0 exit code
- found 4.9.6 with grep in /nix/store/97wm1cjgqd5ih45689h2xmqfv7ywv8bi-uftp-4.9.6
- directory tree listing: https://gist.github.com/c08d432d7a238559a904561aa46161bd
    R. RyanTM committed Apr 20, 2018
    Copy the full SHA
    9b40680 View commit details

  3. safeeyes: 2.0.2 -> 2.0.5 

    Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/safeeyes/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/gzc1ivdll8xp7mx7ii0l9xkhfjzw872a-safeeyes-2.0.5/bin/safeeyes -h’ got 0 exit code
- ran ‘/nix/store/gzc1ivdll8xp7mx7ii0l9xkhfjzw872a-safeeyes-2.0.5/bin/safeeyes --help’ got 0 exit code
- found 2.0.5 with grep in /nix/store/gzc1ivdll8xp7mx7ii0l9xkhfjzw872a-safeeyes-2.0.5
- directory tree listing: https://gist.github.com/748ac5c50858dc7c1d5736104b8970b3
    R. RyanTM committed Apr 20, 2018
    Copy the full SHA
    f110d54 View commit details

  4. renpy: 6.99.14.2 -> 6.99.14.3 

    Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/renpy/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 6.99.14.3 with grep in /nix/store/cjp6nqbn7ni65awiwhdgy6z36vwixpag-renpy-6.99.14.3
- directory tree listing: https://gist.github.com/b6c16d6f78583a3c4c384e043a57b07d
    R. RyanTM committed Apr 20, 2018
    Copy the full SHA
    84a0338 View commit details
Showing with 2,890 additions and 135 deletions.
  1. +19 −14 maintainers/scripts/hydra-eval-failures.py
  2. +1 −0 nixos/modules/module-list.nix
  3. +9 −2 nixos/modules/security/pam.nix
  4. +45 −1 nixos/modules/services/computing/boinc/client.nix
  5. +130 −5 nixos/modules/services/networking/nsd.nix
  6. +82 −0 nixos/modules/services/networking/strongswan-swanctl/module.nix
  7. +162 −0 nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix
  8. +82 −0 nixos/modules/services/networking/strongswan-swanctl/param-lib.nix
  9. +1,168 −0 nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix
  10. +1 −0 nixos/release.nix
  11. +16 −3 nixos/tests/dovecot.nix
  12. +148 −0 nixos/tests/strongswan-swanctl.nix
  13. +1 −1 pkgs/applications/altcoins/memorycoin.nix
  14. +2 −2 pkgs/applications/audio/qmmp/default.nix
  15. +4 −3 pkgs/applications/graphics/c3d/default.nix
  16. +2 −2 pkgs/applications/misc/safeeyes/default.nix
  17. +2 −2 pkgs/applications/misc/xmr-stak/default.nix
  18. +32 −0 pkgs/applications/science/biology/EZminc/default.nix
  19. +38 −0 pkgs/applications/science/biology/N3/default.nix
  20. +39 −0 pkgs/applications/science/biology/inormalize/default.nix
  21. +10 −0 pkgs/applications/science/biology/inormalize/lgmask-interp.patch
  22. +10 −0 pkgs/applications/science/biology/inormalize/nu_correct_norm-interp.patch
  23. +17 −10 pkgs/applications/science/biology/minc-tools/default.nix
  24. +34 −0 pkgs/applications/science/biology/minc-widgets/default.nix
  25. +36 −0 pkgs/applications/science/biology/mni_autoreg/default.nix
  26. +2 −2 pkgs/applications/science/biology/picard-tools/default.nix
  27. +2 −2 pkgs/applications/virtualization/singularity/default.nix
  28. +2 −2 pkgs/desktops/mate/caja/default.nix
  29. +2 −2 pkgs/desktops/mate/pluma/default.nix
  30. +3 −2 pkgs/development/compilers/rust/default.nix
  31. +0 −2 pkgs/development/em-modules/generic/default.nix
  32. +2 −2 pkgs/development/interpreters/renpy/default.nix
  33. +32 −0 pkgs/development/libraries/arguments/default.nix
  34. +2 −2 pkgs/development/libraries/gpgme/default.nix
  35. +2 −0 pkgs/development/libraries/itk/default.nix
  36. +22 −11 pkgs/development/libraries/libminc/default.nix
  37. +2 −2 pkgs/development/libraries/pupnp/default.nix
  38. +28 −0 pkgs/development/libraries/science/biology/EBTKS/default.nix
  39. +33 −0 pkgs/development/libraries/science/biology/bicpl/default.nix
  40. +7 −11 pkgs/development/libraries/science/biology/elastix/default.nix
  41. +31 −0 pkgs/development/libraries/science/biology/oobicpl/default.nix
  42. +89 −0 pkgs/development/libraries/science/math/sympow/default.nix
  43. +3 −3 pkgs/development/libraries/xxHash/default.nix
  44. +2 −0 pkgs/development/mobile/cocoapods/Gemfile
  45. +74 −0 pkgs/development/mobile/cocoapods/Gemfile.lock
  46. +17 −0 pkgs/development/mobile/cocoapods/default.nix
  47. +234 −0 pkgs/development/mobile/cocoapods/gemset.nix
  48. +10 −0 pkgs/development/mobile/cocoapods/update
  49. +21 −0 pkgs/development/perl-modules/MNI/default.nix
  50. +13 −0 pkgs/development/perl-modules/MNI/no-stdin.patch
  51. +4 −4 pkgs/development/tools/cloudfoundry-cli/default.nix
  52. +16 −16 pkgs/development/tools/java/visualvm/default.nix
  53. +4 −4 pkgs/games/asc/default.nix
  54. +2 −0 pkgs/os-specific/linux/zfs/default.nix
  55. +3 −4 pkgs/servers/computing/storm/default.nix
  56. +6 −3 pkgs/servers/dns/bind/default.nix
  57. +34 −0 pkgs/servers/dns/dnsdist/default.nix
  58. +2 −1 pkgs/servers/http/4store/default.nix
  59. +26 −0 pkgs/servers/monitoring/zipkin/default.nix
  60. +2 −2 pkgs/servers/uftp/default.nix
  61. +2 −2 pkgs/tools/audio/playerctl/default.nix
  62. +2 −2 pkgs/tools/misc/lf/default.nix
  63. +2 −2 pkgs/tools/misc/lf/deps.nix
  64. +0 −1 pkgs/top-level/aliases.nix
  65. +42 −6 pkgs/top-level/all-packages.nix
  66. +18 −0 pkgs/top-level/perl-packages.nix
33 changes: 19 additions & 14 deletions maintainers/scripts/hydra-eval-failures.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'

# To use, just execute this script with --help to display help.

@@ -16,7 +16,7 @@
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
])
maintainers = json.loads(maintainers_json)
MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
MAINTAINERS = {v: k for k, v in maintainers.items()}


def get_response_text(url):
@@ -45,6 +45,17 @@ def get_maintainers(attr_name):
except:
return []

def print_build(table_row):
a = pq(table_row)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)

maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?

sys.stdout.flush()

@click.command()
@click.option(
@@ -73,23 +84,17 @@ def cli(jobset):

# TODO: aborted evaluations
# TODO: dependency failed without propagated builds
print('\nFailures:')
for tr in d('img[alt="Failed"]').parents('tr'):
a = pq(tr)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')))
print_build(tr)

sys.stdout.flush()

maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?

sys.stdout.flush()
print('\nDependency failures:')
for tr in d('img[alt="Dependency failed"]').parents('tr'):
print_build(tr)


if __name__ == "__main__":
try:
cli()
except:
except Exception as e:
import pdb;pdb.post_mortem()
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
@@ -560,6 +560,7 @@
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/strongswan.nix
./services/networking/strongswan-swanctl/module.nix
./services/networking/stunnel.nix
./services/networking/supplicant.nix
./services/networking/supybot.nix
11 changes: 9 additions & 2 deletions nixos/modules/security/pam.nix
View file
Original file line number Diff line number Diff line change
@@ -234,6 +234,11 @@ let
password, KDE will prompt separately after login.
'';
};
sssdStrictAccess = mkOption {
default = false;
type = types.bool;
description = "enforce sssd access control";
};

enableGnomeKeyring = mkOption {
default = false;
@@ -264,11 +269,13 @@ let
text = mkDefault
(''
# Account management.
account sufficient pam_unix.so
account ${if cfg.sssdStrictAccess then "required" else "sufficient"} pam_unix.so
${optionalString use_ldap
"account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
${optionalString config.services.sssd.enable
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false)
"account sufficient ${pkgs.sssd}/lib/security/pam_sss.so"}
${optionalString (config.services.sssd.enable && cfg.sssdStrictAccess)
"account [default=bad success=ok user_unknown=ignore] ${pkgs.sssd}/lib/security/pam_sss.so"}
${optionalString config.krb5.enable
"account sufficient ${pam_krb5}/lib/security/pam_krb5.so"}
46 changes: 45 additions & 1 deletion nixos/modules/services/computing/boinc/client.nix
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,13 @@ let
cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";

fhsEnv = pkgs.buildFHSUserEnv {
name = "boinc-fhs-env";
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
runScript = "/bin/boinc_client";
};
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";

in
{
options.services.boinc = {
@@ -49,6 +56,43 @@ in
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
'';
};

extraEnvPackages = mkOption {
type = types.listOf types.package;
default = [];
example = "[ pkgs.virtualbox ]";
description = ''
Additional packages to make available in the environment in which
BOINC will run. Common choices are:
<variablelist>
<varlistentry>
<term><varname>pkgs.virtualbox</varname></term>
<listitem><para>
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.ocl-icd</varname></term>
<listitem><para>
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
<listitem><para>
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
</para><para>
Also provides OpenCL drivers for NVIDIA GPUs;
<varname>pkgs.ocl-icd</varname> is also needed in this case.
</para></listitem>
</varlistentry>
</variablelist>
'';
};
};

config = mkIf cfg.enable {
@@ -70,7 +114,7 @@ in
chown boinc ${cfg.dataDir}
'';
script = ''
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
135 changes: 130 additions & 5 deletions nixos/modules/services/networking/nsd.nix
View file
Original file line number Diff line number Diff line change
@@ -250,6 +250,46 @@ let
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
'';
};

dnssec = mkEnableOption "DNSSEC";

dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
zsk = mkOption {
type = keyPolicy;
default = { keySize = 2048;
prePublish = "1w";
postPublish = "1w";
rollPeriod = "1mo";
};
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
default = { keySize = 4096;
prePublish = "1mo";
postPublish = "1mo";
rollPeriod = "0";
};
description = "Key policy for key signing keys";
};
};

maxRefreshSecs = mkOption {
type = types.nullOr types.int;
@@ -367,10 +407,61 @@ let
and stats_noreset.
'';
};
};
};

keyPolicy = types.submodule {
options = {
keySize = mkOption {
type = types.int;
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = "How frequently to change keys";
};
};
};

dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);

dnssec = length (attrNames dnssecZones) != 0;

signZones = optionalString dnssec ''
mkdir -p ${stateDir}/dnssec
chown ${username}:${username} ${stateDir}/dnssec
chmod 0600 ${stateDir}/dnssec
${concatStrings (mapAttrsToList signZone dnssecZones)}
'';
signZone = name: zone: ''
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
'';
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
zone ${name} {
algorithm ${policy.algorithm};
key-size zsk ${toString policy.zsk.keySize};
key-size ksk ${toString policy.ksk.keySize};
keyttl ${policy.keyttl};
pre-publish zsk ${policy.zsk.prePublish};
pre-publish ksk ${policy.ksk.prePublish};
post-publish zsk ${policy.zsk.postPublish};
post-publish ksk ${policy.ksk.postPublish};
roll-period zsk ${policy.zsk.rollPeriod};
roll-period ksk ${policy.ksk.rollPeriod};
coverage ${policy.coverage};
};
'';
in
{
# options are ordered alphanumerically
@@ -380,6 +471,14 @@ in

bind8Stats = mkEnableOption "BIND8 like statistics";

dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = ''
How often to check whether dnssec key rollover is required
'';
};

extraConfig = mkOption {
type = types.str;
default = "";
@@ -741,7 +840,6 @@ in

};


zones = mkOption {
type = types.attrsOf zoneOptions;
default = {};
@@ -785,7 +883,6 @@ in
serverGroup1.
'';
};

};

config = mkIf cfg.enable {
@@ -832,9 +929,9 @@ in
mkdir -m 0700 -p "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var is
automatically generated and will be purged and redeployed
by the nsd.service pre-start script.
Everything in this directory except NSD's state in var and dnssec
is automatically generated and will be purged and redeployed by
the nsd.service pre-start script.
EOF
chown ${username}:${username} -R "${stateDir}/private"
@@ -848,6 +945,34 @@ in
'';
};

nixpkgs.config = mkIf dnssec {
bind.enablePython = true;
};

systemd.timers."nsd-dnssec" = mkIf dnssec {
description = "Automatic DNSSEC key rollover";

wantedBy = [ "nsd.service" ];

timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};

systemd.services."nsd-dnssec" = mkIf dnssec {
description = "DNSSEC key rollover";

wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];

script = signZones;

postStop = ''
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
'';
};

};

meta.maintainers = with lib.maintainers; [ hrdinka ];
Loading