commit 32fbbc6f9bb1bbda436bbcc4e7bc613c9148221b · tjh.dev/nixpkgs

-3

.github/FUNDING.yml

··· 1 - # These are supported funding model platforms 2 - 3 - open_collective: nixos

+32 -19

doc/package-specific-user-notes.xml

··· 409 409 </section> 410 410 411 411 <section xml:id="sec-citrix"> 412 - <title>Citrix Receiver</title> 412 + <title>Citrix Receiver & Citrix Workspace App</title> 413 413 414 414 <para> 415 - The <link xlink:href="https://www.citrix.com/products/receiver/">Citrix 416 - Receiver</link> is a remote desktop viewer which provides access to 415 + <note> 416 + <para> 417 + Please note that the <literal>citrix_receiver</literal> package has been deprecated since its 418 + development was <link xlink:href="https://docs.citrix.com/en-us/citrix-workspace-app.html">discontinued by upstream</link> 419 + and will be replaced by <link xlink:href="https://www.citrix.com/products/workspace-app/">the citrix workspace app</link>. 420 + </para> 421 + </note> 422 + <link xlink:href="https://www.citrix.com/products/receiver/">Citrix Receiver</link> and 423 + <link xlink:href="https://www.citrix.com/products/workspace-app/">Citrix Workspace App</link> 424 + are a remote desktop viewers which provide access to 417 425 <link xlink:href="https://www.citrix.com/products/xenapp-xendesktop/">XenDesktop</link> 418 426 installations. 419 427 </para> ··· 423 431 424 432 <para> 425 433 The tarball archive needs to be downloaded manually as the license 426 - agreements of the vendor need to be accepted first. This is available at 427 - the 428 - <link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">download 429 - page at citrix.com</link>. Then run <literal>nix-prefetch-url 430 - file://$PWD/linuxx64-$version.tar.gz</literal>. With the archive available 434 + agreements of the vendor for 435 + <link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">Citrix Receiver</link> 436 + or <link xlink:href="https://www.citrix.de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html">Citrix Workspace</link> 437 + need to be accepted first. 438 + Then run <command>nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz</command>. 439 + With the archive available 431 440 in the store the package can be built and installed with Nix. 432 441 </para> 433 442 434 - <para> 435 - <emphasis>Note: it's recommended to install <literal>Citrix 436 - Receiver</literal> using <literal>nix-env -i</literal> or globally to 437 - ensure that the <literal>.desktop</literal> files are installed properly 438 - into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't be possible to 439 - open <literal>.ica</literal> files automatically from the browser to start 440 - a Citrix connection.</emphasis> 441 - </para> 443 + <warning> 444 + <title>Caution with <command>nix-shell</command> installs</title> 445 + <para> 446 + It's recommended to install <literal>Citrix Receiver</literal> 447 + and/or <literal>Citrix Workspace</literal> using 448 + <literal>nix-env -i</literal> or globally to 449 + ensure that the <literal>.desktop</literal> files are installed properly 450 + into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't be possible to 451 + open <literal>.ica</literal> files automatically from the browser to start 452 + a Citrix connection. 453 + </para> 454 + </warning> 442 455 </section> 443 456 444 457 <section xml:id="sec-citrix-custom-certs"> 445 458 <title>Custom certificates</title> 446 459 447 460 <para> 448 - The <literal>Citrix Receiver</literal> in <literal>nixpkgs</literal> trusts 449 - several certificates 461 + The <literal>Citrix Receiver</literal> and <literal>Citrix Workspace App</literal> 462 + in <literal>nixpkgs</literal> trust several certificates 450 463 <link xlink:href="https://curl.haxx.se/docs/caextract.html">from the 451 464 Mozilla database</link> by default. However several companies using Citrix 452 465 might require their own corporate certificate. On distros with imperative ··· 459 472 <programlisting> 460 473 <![CDATA[with import <nixpkgs> { config.allowUnfree = true; }; 461 474 let extraCerts = [ ./custom-cert-1.pem ./custom-cert-2.pem /* ... */ ]; in 462 - citrix_receiver.override { 475 + citrix_workspace.override { # the same applies for `citrix_receiver` if used. 463 476 inherit extraCerts; 464 477 }]]> 465 478 </programlisting>

+42

maintainers/maintainer-list.nix

··· 333 333 github = "andersk"; 334 334 name = "Anders Kaseorg"; 335 335 }; 336 + anderslundstedt = { 337 + email = "git@anderslundstedt.se"; 338 + github = "anderslundstedt"; 339 + name = "Anders Lundstedt"; 340 + }; 336 341 AndersonTorres = { 337 342 email = "torres.anderson.85@protonmail.com"; 338 343 github = "AndersonTorres"; ··· 1147 1152 email = "oliver@codersoffortune.net"; 1148 1153 github = "cwoac"; 1149 1154 name = "Oliver Matthews"; 1155 + }; 1156 + cypherpunk2140 = { 1157 + email = "stefan.mihaila@pm.me"; 1158 + github = "cypherpunk2140"; 1159 + name = "Ștefan D. Mihăilă"; 1160 + keys = [ 1161 + { longkeyid = "rsa4096/6E68A39BF16A3ECB"; 1162 + fingerprint = "CBC9 C7CC 51F0 4A61 3901 C723 6E68 A39B F16A 3ECB"; 1163 + } 1164 + { longkeyid = "rsa4096/6220AD7846220A52"; 1165 + fingerprint = "7EAB 1447 5BBA 7DDE 7092 7276 6220 AD78 4622 0A52"; 1166 + } 1167 + ]; 1150 1168 }; 1151 1169 dalance = { 1152 1170 email = "dalance@gmail.com"; ··· 2119 2137 github = "henrytill"; 2120 2138 name = "Henry Till"; 2121 2139 }; 2140 + herberteuler = { 2141 + email = "herberteuler@gmail.com"; 2142 + github = "herberteuler"; 2143 + name = "Guanpeng Xu"; 2144 + }; 2122 2145 hhm = { 2123 2146 email = "heehooman+nixpkgs@gmail.com"; 2124 2147 github = "hhm0"; ··· 2284 2307 email = "jhyphenkeck@gmail.com"; 2285 2308 github = "j-keck"; 2286 2309 name = "Jürgen Keck"; 2310 + }; 2311 + j03 = { 2312 + email = "github@johannesloetzsch.de"; 2313 + github = "johannesloetzsch"; 2314 + name = "Johannes Lötzsch"; 2287 2315 }; 2288 2316 jagajaga = { 2289 2317 email = "ars.seroka@gmail.com"; ··· 2573 2601 github = "jraygauthier"; 2574 2602 name = "Raymond Gauthier"; 2575 2603 }; 2604 + jtobin = { 2605 + email = "jared@jtobin.io"; 2606 + github = "jtobin"; 2607 + name = "Jared Tobin"; 2608 + }; 2576 2609 jtojnar = { 2577 2610 email = "jtojnar@gmail.com"; 2578 2611 github = "jtojnar"; ··· 2940 2973 email = "linusarver@gmail.com"; 2941 2974 github = "listx"; 2942 2975 name = "Linus Arver"; 2976 + }; 2977 + livnev = { 2978 + email = "lev@liv.nev.org.uk"; 2979 + github = "livnev"; 2980 + name = "Lev Livnev"; 2981 + keys = [{ 2982 + longkeyid = "rsa2048/0x68FF81E6A7850F49"; 2983 + fingerprint = "74F5 E5CC 19D3 B5CB 608F 6124 68FF 81E6 A785 0F49"; 2984 + }]; 2943 2985 }; 2944 2986 luis = { 2945 2987 email = "luis.nixos@gmail.com";

+30 -3

nixos/doc/manual/release-notes/rl-1909.xml

··· 149 149 </listitem> 150 150 <listitem> 151 151 <para> 152 - Several of the apache subservices have been replaced with full NixOS 153 - modules including LimeSurvey, WordPress, and Zabbix. 154 - These modules can be enabled using the <option>services.limesurvey.enable</option>, 152 + The httpd service no longer attempts to start the postgresql service. If you have come to depend 153 + on this behaviour then you can preserve the behavior with the following configuration: 154 + <literal>systemd.services.httpd.after = [ "postgresql.service" ];</literal> 155 + </para> 156 + <para> 157 + The option <option>services.httpd.extraSubservices</option> has been 158 + marked as deprecated. You may still use this feature, but it will be 159 + removed in a future release of NixOS. You are encouraged to convert any 160 + httpd subservices you may have written to a full NixOS module. 161 + </para> 162 + <para> 163 + Most of the httpd subservices packaged with NixOS have been replaced with 164 + full NixOS modules including LimeSurvey, WordPress, and Zabbix. These 165 + modules can be enabled using the <option>services.limesurvey.enable</option>, 155 166 <option>services.wordpress.enable</option>, and <option>services.zabbixWeb.enable</option> options. 156 167 </para> 157 168 </listitem> ··· 193 204 <para> 194 205 The setopt declarations will be evaluated at the end of <literal>/etc/zshrc</literal>, so any code in <xref linkend="opt-programs.zsh.interactiveShellInit" />, 195 206 <xref linkend="opt-programs.zsh.loginShellInit" /> and <xref linkend="opt-programs.zsh.promptInit" /> may break if it relies on those options being set. 207 + </para> 208 + </listitem> 209 + <listitem> 210 + <para> 211 + The <literal>prometheus-nginx-exporter</literal> package now uses the offical exporter provided by NGINX Inc. 212 + Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, 213 + have a look at the <link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official repo</link>. 196 214 </para> 197 215 </listitem> 198 216 </itemizedlist> ··· 345 363 <listitem> 346 364 <para> 347 365 The <literal>tomcat-connector</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs. 366 + </para> 367 + </listitem> 368 + <listitem> 369 + <para> 370 + It's now possible to change configuration in 371 + <link linkend="opt-services.nextcloud.enable">services.nextcloud</link> after the initial deploy 372 + since all config parameters are persisted in an additional config file generated by the module. 373 + Previously core configuration like database parameters were set using their imperative 374 + installer after creating <literal>/var/lib/nextcloud</literal>. 348 375 </para> 349 376 </listitem> 350 377 </itemizedlist>

+1 -1

nixos/modules/config/no-x-libs.nix

··· 34 34 networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; }; 35 35 networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; 36 36 networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; 37 - pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt = null; }; 37 + pinentry = super.pinentry.override { gtk2 = null; gcr = null; qt4 = null; qt5 = null; }; 38 38 gobject-introspection = super.gobject-introspection.override { x11Support = false; }; 39 39 })); 40 40 };

+3

nixos/modules/module-list.nix

··· 198 198 ./services/audio/slimserver.nix 199 199 ./services/audio/snapserver.nix 200 200 ./services/audio/squeezelite.nix 201 + ./services/audio/spotifyd.nix 201 202 ./services/audio/ympd.nix 202 203 ./services/backup/automysqlbackup.nix 203 204 ./services/backup/bacula.nix ··· 422 423 ./services/misc/gollum.nix 423 424 ./services/misc/gpsd.nix 424 425 ./services/misc/headphones.nix 426 + ./services/misc/greenclip.nix 425 427 ./services/misc/home-assistant.nix 426 428 ./services/misc/ihaskell.nix 427 429 ./services/misc/irkerd.nix ··· 691 693 ./services/networking/tcpcrypt.nix 692 694 ./services/networking/teamspeak3.nix 693 695 ./services/networking/tedicross.nix 696 + ./services/networking/thelounge.nix 694 697 ./services/networking/tinc.nix 695 698 ./services/networking/tinydns.nix 696 699 ./services/networking/tftpd.nix

+42

nixos/modules/services/audio/spotifyd.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.spotifyd; 7 + spotifydConf = pkgs.writeText "spotifyd.conf" cfg.config; 8 + in 9 + { 10 + options = { 11 + services.spotifyd = { 12 + enable = mkEnableOption "spotifyd, a Spotify playing daemon"; 13 + 14 + config = mkOption { 15 + default = ""; 16 + type = types.lines; 17 + description = '' 18 + Configuration for Spotifyd. For syntax and directives, see 19 + https://github.com/Spotifyd/spotifyd#Configuration. 20 + ''; 21 + }; 22 + }; 23 + }; 24 + 25 + config = mkIf cfg.enable { 26 + systemd.services.spotifyd = { 27 + wantedBy = [ "multi-user.target" ]; 28 + after = [ "network-online.target" "sound.target" ]; 29 + description = "spotifyd, a Spotify playing daemon"; 30 + serviceConfig = { 31 + ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --cache_path /var/cache/spotifyd --config ${spotifydConf}"; 32 + Restart = "always"; 33 + RestartSec = 12; 34 + DynamicUser = true; 35 + CacheDirectory = "spotifyd"; 36 + SupplementaryGroups = ["audio"]; 37 + }; 38 + }; 39 + }; 40 + 41 + meta.maintainers = [ maintainers.anderslundstedt ]; 42 + }

+1 -1

nixos/modules/services/databases/postgresql.xml

··· 52 52 53 53 <para> 54 54 By default, PostgreSQL stores its databases in 55 - <filename>/var/db/postgresql</filename>. You can override this using 55 + <filename>/var/lib/postgresql/$psqlSchema</filename>. You can override this using 56 56 <xref linkend="opt-services.postgresql.dataDir"/>, e.g. 57 57 <programlisting> 58 58 <xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";

+1

nixos/modules/services/misc/gitlab.nix

··· 585 585 after = [ "network.target" ]; 586 586 wantedBy = [ "multi-user.target" ]; 587 587 path = with pkgs; [ 588 + exiftool 588 589 gitAndTools.git 589 590 gnutar 590 591 gzip

+31

nixos/modules/services/misc/greenclip.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.greenclip; 7 + in { 8 + 9 + options.services.greenclip = { 10 + enable = mkEnableOption "Greenclip daemon"; 11 + 12 + package = mkOption { 13 + type = types.package; 14 + default = pkgs.haskellPackages.greenclip; 15 + defaultText = "pkgs.haskellPackages.greenclip"; 16 + description = "greenclip derivation to use."; 17 + }; 18 + }; 19 + 20 + config = mkIf cfg.enable { 21 + systemd.user.services.greenclip = { 22 + enable = true; 23 + description = "greenclip daemon"; 24 + wantedBy = [ "graphical-session.target" ]; 25 + after = [ "graphical-session.target" ]; 26 + serviceConfig.ExecStart = "${cfg.package}/bin/greenclip daemon"; 27 + }; 28 + 29 + environment.systemPackages = [ cfg.package ]; 30 + }; 31 + }

+32 -24

nixos/modules/services/monitoring/prometheus/exporters.nix

··· 1 - { config, pkgs, lib, ... }: 2 - 3 - with lib; 1 + { config, pkgs, lib, options, ... }: 4 2 5 3 let 4 + inherit (lib) concatStrings foldl foldl' genAttrs literalExample maintainers 5 + mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption 6 + optional types; 7 + 6 8 cfg = config.services.prometheus.exporters; 7 9 8 10 # each attribute in `exporterOpts` is expected to have specified: ··· 17 19 # Note that `extraOpts` is optional, but a script for the exporter's 18 20 # systemd service must be provided by specifying either 19 21 # `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart` 20 - exporterOpts = { 21 - blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; }; 22 - collectd = import ./exporters/collectd.nix { inherit config lib pkgs; }; 23 - dnsmasq = import ./exporters/dnsmasq.nix { inherit config lib pkgs; }; 24 - dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; }; 25 - fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; }; 26 - json = import ./exporters/json.nix { inherit config lib pkgs; }; 27 - minio = import ./exporters/minio.nix { inherit config lib pkgs; }; 28 - nginx = import ./exporters/nginx.nix { inherit config lib pkgs; }; 29 - node = import ./exporters/node.nix { inherit config lib pkgs; }; 30 - postfix = import ./exporters/postfix.nix { inherit config lib pkgs; }; 31 - snmp = import ./exporters/snmp.nix { inherit config lib pkgs; }; 32 - surfboard = import ./exporters/surfboard.nix { inherit config lib pkgs; }; 33 - tor = import ./exporters/tor.nix { inherit config lib pkgs; }; 34 - unifi = import ./exporters/unifi.nix { inherit config lib pkgs; }; 35 - varnish = import ./exporters/varnish.nix { inherit config lib pkgs; }; 36 - bind = import ./exporters/bind.nix { inherit config lib pkgs; }; 37 - wireguard = import ./exporters/wireguard.nix { inherit config lib pkgs; }; 38 - }; 22 + 23 + exporterOpts = genAttrs [ 24 + "bind" 25 + "blackbox" 26 + "collectd" 27 + "dnsmasq" 28 + "dovecot" 29 + "fritzbox" 30 + "json" 31 + "minio" 32 + "nginx" 33 + "node" 34 + "postfix" 35 + "snmp" 36 + "surfboard" 37 + "tor" 38 + "unifi" 39 + "varnish" 40 + "wireguard" 41 + ] (name: 42 + import (./. + "/exporters/${name}.nix") { inherit config lib pkgs options; } 43 + ); 39 44 40 45 mkExporterOpts = ({ name, port }: { 41 46 enable = mkEnableOption "the prometheus ${name} exporter"; ··· 97 102 }; 98 103 }); 99 104 100 - mkSubModule = { name, port, extraOpts, ... }: { 105 + mkSubModule = { name, port, extraOpts, imports }: { 101 106 ${name} = mkOption { 102 107 type = types.submodule { 108 + inherit imports; 103 109 options = (mkExporterOpts { 104 110 inherit name port; 105 111 } // extraOpts); ··· 112 118 mkSubModules = (foldl' (a: b: a//b) {} 113 119 (mapAttrsToList (name: opts: mkSubModule { 114 120 inherit name; 115 - inherit (opts) port serviceOpts; 121 + inherit (opts) port; 116 122 extraOpts = opts.extraOpts or {}; 123 + imports = opts.imports or []; 117 124 }) exporterOpts) 118 125 ); 119 126 120 127 mkExporterConf = { name, conf, serviceOpts }: 121 128 mkIf conf.enable { 129 + warnings = conf.warnings or []; 122 130 networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ 123 131 "ip46tables -A nixos-fw ${conf.firewallFilter} " 124 132 "-m comment --comment ${name}-exporter -j nixos-fw-accept"

+40 -2

nixos/modules/services/monitoring/prometheus/exporters.xml

··· 17 17 exporter</link>, it provides hardware and OS metrics from the host it's 18 18 running on. The exporter could be configured as follows: 19 19 <programlisting> 20 - services.promtheus.exporters.node = { 20 + services.prometheus.exporters.node = { 21 21 enable = true; 22 22 enabledCollectors = [ 23 23 "logind" ··· 113 113 specific options and configuration: 114 114 <programlisting> 115 115 # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix 116 - { config, lib, pkgs }: 116 + { config, lib, pkgs, options }: 117 117 118 118 with lib; 119 119 ··· 184 184 </listitem> 185 185 </itemizedlist> 186 186 </section> 187 + <section xml:id="module-services-prometheus-exporters-update-exporter-module"> 188 + <title>Updating an exporter module</title> 189 + <para> 190 + Should an exporter option change at some point, it is possible to add 191 + information about the change to the exporter definition similar to 192 + <literal>nixpkgs/nixos/modules/rename.nix</literal>: 193 + <programlisting> 194 + { config, lib, pkgs, options }: 195 + 196 + with lib; 197 + 198 + let 199 + cfg = config.services.prometheus.exporters.nginx; 200 + in 201 + { 202 + port = 9113; 203 + extraOpts = { 204 + # additional module options 205 + # ... 206 + }; 207 + serviceOpts = { 208 + # service configuration 209 + # ... 210 + }; 211 + imports = [ 212 + # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath' 213 + (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) 214 + 215 + # removed option 'services.prometheus.exporters.nginx.insecure' 216 + (mkRemovedOptionModule [ "insecure" ] '' 217 + This option was replaced by 'prometheus.exporters.nginx.sslVerify' which defaults to true. 218 + '') 219 + ({ options.warnings = options.warnings; }) 220 + ]; 221 + } 222 + </programlisting> 223 + </para> 224 + </section> 187 225 </chapter>

+1 -1

nixos/modules/services/monitoring/prometheus/exporters/bind.nix