Merge master into staging
This commit is contained in:
commit
12949bf84a
28 changed files with 863 additions and 219 deletions
|
@ -93,6 +93,11 @@
|
|||
github = "adolfogc";
|
||||
name = "Adolfo E. García Castro";
|
||||
};
|
||||
aepsil0n = {
|
||||
email = "eduard.bopp@aepsil0n.de";
|
||||
github = "aepsil0n";
|
||||
name = "Eduard Bopp";
|
||||
};
|
||||
aespinosa = {
|
||||
email = "allan.espinosa@outlook.com";
|
||||
github = "aespinosa";
|
||||
|
|
|
@ -37,7 +37,15 @@ with lib;
|
|||
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
|
||||
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
|
||||
(mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
|
||||
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
|
||||
(mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ])
|
||||
|
|
|
@ -1,32 +1,87 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, options, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.neo4j;
|
||||
certDirOpt = options.services.neo4j.directories.certificates;
|
||||
isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500;
|
||||
|
||||
sslPolicies = mapAttrsToList (
|
||||
name: conf: ''
|
||||
dbms.ssl.policy.${name}.allow_key_generation=${boolToString conf.allowKeyGeneration}
|
||||
dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory}
|
||||
${optionalString (conf.ciphers != null) ''
|
||||
dbms.ssl.policy.${name}.ciphers=${concatStringsSep "," conf.ciphers}
|
||||
''}
|
||||
dbms.ssl.policy.${name}.client_auth=${conf.clientAuth}
|
||||
${if length (splitString "/" conf.privateKey) > 1 then
|
||||
''dbms.ssl.policy.${name}.private_key=${conf.privateKey}''
|
||||
else
|
||||
''dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}''
|
||||
}
|
||||
${if length (splitString "/" conf.privateKey) > 1 then
|
||||
''dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}''
|
||||
else
|
||||
''dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}''
|
||||
}
|
||||
dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir}
|
||||
dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions}
|
||||
dbms.ssl.policy.${name}.trust_all=${boolToString conf.trustAll}
|
||||
dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir}
|
||||
''
|
||||
) cfg.ssl.policies;
|
||||
|
||||
serverConfig = pkgs.writeText "neo4j.conf" ''
|
||||
dbms.directories.data=${cfg.dataDir}/data
|
||||
dbms.directories.certificates=${cfg.certDir}
|
||||
dbms.directories.logs=${cfg.dataDir}/logs
|
||||
dbms.directories.plugins=${cfg.dataDir}/plugins
|
||||
dbms.connector.http.type=HTTP
|
||||
dbms.connector.http.enabled=true
|
||||
dbms.connector.http.address=${cfg.listenAddress}:${toString cfg.port}
|
||||
${optionalString cfg.enableBolt ''
|
||||
dbms.connector.bolt.type=BOLT
|
||||
dbms.connector.bolt.enabled=true
|
||||
dbms.connector.bolt.tls_level=OPTIONAL
|
||||
dbms.connector.bolt.address=${cfg.listenAddress}:${toString cfg.boltPort}
|
||||
# General
|
||||
dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
|
||||
dbms.connectors.default_listen_address=${cfg.defaultListenAddress}
|
||||
dbms.read_only=${boolToString cfg.readOnly}
|
||||
${optionalString (cfg.workerCount > 0) ''
|
||||
dbms.threads.worker_count=${toString cfg.workerCount}
|
||||
''}
|
||||
${optionalString cfg.enableHttps ''
|
||||
dbms.connector.https.type=HTTP
|
||||
dbms.connector.https.enabled=true
|
||||
dbms.connector.https.encryption=TLS
|
||||
dbms.connector.https.address=${cfg.listenAddress}:${toString cfg.httpsPort}
|
||||
|
||||
# Directories
|
||||
dbms.directories.certificates=${cfg.directories.certificates}
|
||||
dbms.directories.data=${cfg.directories.data}
|
||||
dbms.directories.logs=${cfg.directories.home}/logs
|
||||
dbms.directories.plugins=${cfg.directories.plugins}
|
||||
${optionalString (cfg.constrainLoadCsv) ''
|
||||
dbms.directories.import=${cfg.directories.imports}
|
||||
''}
|
||||
dbms.shell.enabled=true
|
||||
${cfg.extraServerConfig}
|
||||
|
||||
# HTTP Connector
|
||||
${optionalString (cfg.http.enable) ''
|
||||
dbms.connector.http.enabled=${boolToString cfg.http.enable}
|
||||
dbms.connector.http.listen_address=${cfg.http.listenAddress}
|
||||
''}
|
||||
${optionalString (!cfg.http.enable) ''
|
||||
# It is not possible to disable the HTTP connector. To fully prevent
|
||||
# clients from connecting to HTTP, block the HTTP port (7474 by default)
|
||||
# via firewall. listen_address is set to the loopback interface to
|
||||
# prevent remote clients from connecting.
|
||||
dbms.connector.http.listen_address=127.0.0.1
|
||||
''}
|
||||
|
||||
# HTTPS Connector
|
||||
dbms.connector.https.enabled=${boolToString cfg.https.enable}
|
||||
dbms.connector.https.listen_address=${cfg.https.listenAddress}
|
||||
https.ssl_policy=${cfg.https.sslPolicy}
|
||||
|
||||
# BOLT Connector
|
||||
dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
|
||||
dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
|
||||
bolt.ssl_policy=${cfg.bolt.sslPolicy}
|
||||
dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
|
||||
|
||||
# neo4j-shell
|
||||
dbms.shell.enabled=${boolToString cfg.shell.enable}
|
||||
|
||||
# SSL Policies
|
||||
${concatStringsSep "\n" sslPolicies}
|
||||
|
||||
# Default retention policy from neo4j.conf
|
||||
dbms.tx_log.rotation.retention_policy=1 days
|
||||
|
||||
# Default JVM parameters from neo4j.conf
|
||||
dbms.jvm.additional=-XX:+UseG1GC
|
||||
|
@ -36,8 +91,14 @@ let
|
|||
dbms.jvm.additional=-XX:+TrustFinalNonStaticFields
|
||||
dbms.jvm.additional=-XX:+DisableExplicitGC
|
||||
dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048
|
||||
|
||||
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
|
||||
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
|
||||
|
||||
# Usage Data Collector
|
||||
dbms.udc.enabled=${boolToString cfg.udc.enable}
|
||||
|
||||
# Extra Configuration
|
||||
${cfg.extraServerConfig}
|
||||
'';
|
||||
|
||||
in {
|
||||
|
@ -45,105 +106,547 @@ in {
|
|||
###### interface
|
||||
|
||||
options.services.neo4j = {
|
||||
|
||||
enable = mkOption {
|
||||
description = "Whether to enable neo4j.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable Neo4j Community Edition.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
description = "Neo4j package to use.";
|
||||
default = pkgs.neo4j;
|
||||
defaultText = "pkgs.neo4j";
|
||||
type = types.package;
|
||||
allowUpgrade = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allow upgrade of Neo4j database files from an older version.
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
description = "Neo4j listen address.";
|
||||
default = "127.0.0.1";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
description = "Neo4j port to listen for HTTP traffic.";
|
||||
default = 7474;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
enableBolt = mkOption {
|
||||
description = "Enable bolt for Neo4j.";
|
||||
constrainLoadCsv = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Sets the root directory for file URLs used with the Cypher
|
||||
<literal>LOAD CSV</literal> clause to be that defined by
|
||||
<option>directories.imports</option>. It restricts
|
||||
access to only those files within that directory and its
|
||||
subdirectories.
|
||||
</para>
|
||||
<para>
|
||||
Setting this option to <literal>false</literal> introduces
|
||||
possible security problems.
|
||||
'';
|
||||
};
|
||||
|
||||
boltPort = mkOption {
|
||||
description = "Neo4j port to listen for BOLT traffic.";
|
||||
default = 7687;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
enableHttps = mkOption {
|
||||
description = "Enable https for Neo4j.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
httpsPort = mkOption {
|
||||
description = "Neo4j port to listen for HTTPS traffic.";
|
||||
default = 7473;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
certDir = mkOption {
|
||||
description = "Neo4j TLS certificates directory.";
|
||||
default = "${cfg.dataDir}/certificates";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
description = "Neo4j data directory.";
|
||||
default = "/var/lib/neo4j";
|
||||
type = types.path;
|
||||
defaultListenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
Default network interface to listen for incoming connections. To
|
||||
listen for connections on all interfaces, use "0.0.0.0".
|
||||
</para>
|
||||
<para>
|
||||
Specifies the default IP address and address part of connector
|
||||
specific <option>listenAddress</option> options. To bind specific
|
||||
connectors to a specific network interfaces, specify the entire
|
||||
<option>listenAddress</option> option for that connector.
|
||||
'';
|
||||
};
|
||||
|
||||
extraServerConfig = mkOption {
|
||||
description = "Extra configuration for neo4j server.";
|
||||
default = "";
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra configuration for Neo4j Community server. Refer to the
|
||||
<link xlink:href="https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/">complete reference</link>
|
||||
of Neo4j configuration settings.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.neo4j;
|
||||
defaultText = "pkgs.neo4j";
|
||||
description = ''
|
||||
Neo4j package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
readOnly = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Only allow read operations from this Neo4j instance.
|
||||
'';
|
||||
};
|
||||
|
||||
workerCount = mkOption {
|
||||
type = types.ints.between 0 44738;
|
||||
default = 0;
|
||||
description = ''
|
||||
Number of Neo4j worker threads, where the default of
|
||||
<literal>0</literal> indicates a worker count equal to the number of
|
||||
available processors.
|
||||
'';
|
||||
};
|
||||
|
||||
bolt = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable the BOLT connector for Neo4j. Setting this option to
|
||||
<literal>false</literal> will stop Neo4j from listening for incoming
|
||||
connections on the BOLT port (7687 by default).
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = ":7687";
|
||||
description = ''
|
||||
Neo4j listen address for BOLT traffic. The listen address is
|
||||
expressed in the format <literal><ip-address>:<port-number></literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
sslPolicy = mkOption {
|
||||
type = types.str;
|
||||
default = "legacy";
|
||||
description = ''
|
||||
Neo4j SSL policy for BOLT traffic.
|
||||
</para>
|
||||
<para>
|
||||
The legacy policy is a special policy which is not defined in
|
||||
the policy configuration section, but rather derives from
|
||||
<option>directories.certificates</option> and
|
||||
associated files (by default: <filename>neo4j.key</filename> and
|
||||
<filename>neo4j.cert</filename>). Its use will be deprecated.
|
||||
</para>
|
||||
<para>
|
||||
Note: This connector must be configured to support/require
|
||||
SSL/TLS for the legacy policy to actually be utilized. See
|
||||
<option>bolt.tlsLevel</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
tlsLevel = mkOption {
|
||||
type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ];
|
||||
default = "OPTIONAL";
|
||||
description = ''
|
||||
SSL/TSL requirement level for BOLT traffic.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
directories = {
|
||||
certificates = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.directories.home}/certificates";
|
||||
description = ''
|
||||
Directory for storing certificates to be used by Neo4j for
|
||||
TLS connections.
|
||||
</para>
|
||||
<para>
|
||||
When setting this directory to something other than its default,
|
||||
ensure the directory's existence, and that read/write permissions are
|
||||
given to the Neo4j daemon user <literal>neo4j</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Note that changing this directory from its default will prevent
|
||||
the directory structure required for each SSL policy from being
|
||||
automatically generated. A policy's directory structure as defined by
|
||||
its <option>baseDirectory</option>,<option>revokedDir</option> and
|
||||
<option>trustedDir</option> must then be setup manually. The
|
||||
existence of these directories is mandatory, as well as the presence
|
||||
of the certificate file and the private key. Ensure the correct
|
||||
permissions are set on these directories and files.
|
||||
'';
|
||||
};
|
||||
|
||||
data = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.directories.home}/data";
|
||||
description = ''
|
||||
Path of the data directory. You must not configure more than one
|
||||
Neo4j installation to use the same data directory.
|
||||
</para>
|
||||
<para>
|
||||
When setting this directory to something other than its default,
|
||||
ensure the directory's existence, and that read/write permissions are
|
||||
given to the Neo4j daemon user <literal>neo4j</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
home = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/neo4j";
|
||||
description = ''
|
||||
Path of the Neo4j home directory. Other default directories are
|
||||
subdirectories of this path. This directory will be created if
|
||||
non-existent, and its ownership will be <command>chown</command> to
|
||||
the Neo4j daemon user <literal>neo4j</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
imports = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.directories.home}/import";
|
||||
description = ''
|
||||
The root directory for file URLs used with the Cypher
|
||||
<literal>LOAD CSV</literal> clause. Only meaningful when
|
||||
<option>constrainLoadCvs</option> is set to
|
||||
<literal>true</literal>.
|
||||
</para>
|
||||
<para>
|
||||
When setting this directory to something other than its default,
|
||||
ensure the directory's existence, and that read permission is
|
||||
given to the Neo4j daemon user <literal>neo4j</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.directories.home}/plugins";
|
||||
description = ''
|
||||
Path of the database plugin directory. Compiled Java JAR files that
|
||||
contain database procedures will be loaded if they are placed in
|
||||
this directory.
|
||||
</para>
|
||||
<para>
|
||||
When setting this directory to something other than its default,
|
||||
ensure the directory's existence, and that read permission is
|
||||
given to the Neo4j daemon user <literal>neo4j</literal>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
http = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
The HTTP connector is required for Neo4j, and cannot be disabled.
|
||||
Setting this option to <literal>false</literal> will force the HTTP
|
||||
connector's <option>listenAddress</option> to the loopback
|
||||
interface to prevent connection of remote clients. To prevent all
|
||||
clients from connecting, block the HTTP port (7474 by default) by
|
||||
firewall.
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = ":7474";
|
||||
description = ''
|
||||
Neo4j listen address for HTTP traffic. The listen address is
|
||||
expressed in the format <literal><ip-address>:<port-number></literal>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
https = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable the HTTPS connector for Neo4j. Setting this option to
|
||||
<literal>false</literal> will stop Neo4j from listening for incoming
|
||||
connections on the HTTPS port (7473 by default).
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = ":7473";
|
||||
description = ''
|
||||
Neo4j listen address for HTTPS traffic. The listen address is
|
||||
expressed in the format <literal><ip-address>:<port-number></literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
sslPolicy = mkOption {
|
||||
type = types.str;
|
||||
default = "legacy";
|
||||
description = ''
|
||||
Neo4j SSL policy for HTTPS traffic.
|
||||
</para>
|
||||
<para>
|
||||
The legacy policy is a special policy which is not defined in the
|
||||
policy configuration section, but rather derives from
|
||||
<option>directories.certificates</option> and
|
||||
associated files (by default: <filename>neo4j.key</filename> and
|
||||
<filename>neo4j.cert</filename>). Its use will be deprecated.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
shell = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable a remote shell server which Neo4j Shell clients can log in to.
|
||||
Only applicable to <command>neo4j-shell</command>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
ssl.policies = mkOption {
|
||||
type = with types; attrsOf (submodule ({ name, config, options, ... }: {
|
||||
options = {
|
||||
|
||||
allowKeyGeneration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allows the generation of a private key and associated self-signed
|
||||
certificate. Only performed when both objects cannot be found for
|
||||
this policy. It is recommended to turn this off again after keys
|
||||
have been generated.
|
||||
</para>
|
||||
<para>
|
||||
The public certificate is required to be duplicated to the
|
||||
directory holding trusted certificates as defined by the
|
||||
<option>trustedDir</option> option.
|
||||
</para>
|
||||
<para>
|
||||
Keys should in general be generated and distributed offline by a
|
||||
trusted certificate authority and not by utilizing this mode.
|
||||
'';
|
||||
};
|
||||
|
||||
baseDirectory = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.directories.certificates}/${name}";
|
||||
description = ''
|
||||
The mandatory base directory for cryptographic objects of this
|
||||
policy. This path is only automatically generated when this
|
||||
option as well as <option>directories.certificates</option> are
|
||||
left at their default. Ensure read/write permissions are given
|
||||
to the Neo4j daemon user <literal>neo4j</literal>.
|
||||
</para>
|
||||
<para>
|
||||
It is also possible to override each individual
|
||||
configuration with absolute paths. See the
|
||||
<option>privateKey</option> and <option>publicCertificate</option>
|
||||
policy options.
|
||||
'';
|
||||
};
|
||||
|
||||
ciphers = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
description = ''
|
||||
Restrict the allowed ciphers of this policy to those defined
|
||||
here. The default ciphers are those of the JVM platform.
|
||||
'';
|
||||
};
|
||||
|
||||
clientAuth = mkOption {
|
||||
type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ];
|
||||
default = "REQUIRE";
|
||||
description = ''
|
||||
The client authentication stance for this policy.
|
||||
'';
|
||||
};
|
||||
|
||||
privateKey = mkOption {
|
||||
type = types.str;
|
||||
default = "private.key";
|
||||
description = ''
|
||||
The name of private PKCS #8 key file for this policy to be found
|
||||
in the <option>baseDirectory</option>, or the absolute path to
|
||||
the key file. It is mandatory that a key can be found or generated.
|
||||
'';
|
||||
};
|
||||
|
||||
publicCertificate = mkOption {
|
||||
type = types.str;
|
||||
default = "public.crt";
|
||||
description = ''
|
||||
The name of public X.509 certificate (chain) file in PEM format
|
||||
for this policy to be found in the <option>baseDirectory</option>,
|
||||
or the absolute path to the certificate file. It is mandatory
|
||||
that a certificate can be found or generated.
|
||||
</para>
|
||||
<para>
|
||||
The public certificate is required to be duplicated to the
|
||||
directory holding trusted certificates as defined by the
|
||||
<option>trustedDir</option> option.
|
||||
'';
|
||||
};
|
||||
|
||||
revokedDir = mkOption {
|
||||
type = types.path;
|
||||
default = "${config.baseDirectory}/revoked";
|
||||
description = ''
|
||||
Path to directory of CRLs (Certificate Revocation Lists) in
|
||||
PEM format. Must be an absolute path. The existence of this
|
||||
directory is mandatory and will need to be created manually when:
|
||||
setting this option to something other than its default; setting
|
||||
either this policy's <option>baseDirectory</option> or
|
||||
<option>directories.certificates</option> to something other than
|
||||
their default. Ensure read/write permissions are given to the
|
||||
Neo4j daemon user <literal>neo4j</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
tlsVersions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "TLSv1.2" ];
|
||||
description = ''
|
||||
Restrict the TLS protocol versions of this policy to those
|
||||
defined here.
|
||||
'';
|
||||
};
|
||||
|
||||
trustAll = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Makes this policy trust all remote parties. Enabling this is not
|
||||
recommended and the policy's trusted directory will be ignored.
|
||||
Use of this mode is discouraged. It would offer encryption but
|
||||
no security.
|
||||
'';
|
||||
};
|
||||
|
||||
trustedDir = mkOption {
|
||||
type = types.path;
|
||||
default = "${config.baseDirectory}/trusted";
|
||||
description = ''
|
||||
Path to directory of X.509 certificates in PEM format for
|
||||
trusted parties. Must be an absolute path. The existence of this
|
||||
directory is mandatory and will need to be created manually when:
|
||||
setting this option to something other than its default; setting
|
||||
either this policy's <option>baseDirectory</option> or
|
||||
<option>directories.certificates</option> to something other than
|
||||
their default. Ensure read/write permissions are given to the
|
||||
Neo4j daemon user <literal>neo4j</literal>.
|
||||
</para>
|
||||
<para>
|
||||
The public certificate as defined by
|
||||
<option>publicCertificate</option> is required to be duplicated
|
||||
to this directory.
|
||||
'';
|
||||
};
|
||||
|
||||
directoriesToCreate = mkOption {
|
||||
type = types.listOf types.path;
|
||||
internal = true;
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Directories of this policy that will be created automatically
|
||||
when the certificates directory is left at its default value.
|
||||
This includes all options of type path that are left at their
|
||||
default value.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config.directoriesToCreate = optionals
|
||||
(certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500)
|
||||
(map (opt: opt.value) (filter isDefaultPathOption (attrValues options)));
|
||||
|
||||
}));
|
||||
default = {};
|
||||
description = ''
|
||||
Defines the SSL policies for use with Neo4j connectors. Each attribute
|
||||
of this set defines a policy, with the attribute name defining the name
|
||||
of the policy and its namespace. Refer to the operations manual section
|
||||
on Neo4j's
|
||||
<link xlink:href="https://neo4j.com/docs/operations-manual/current/security/ssl-framework/">SSL Framework</link>
|
||||
for further details.
|
||||
'';
|
||||
};
|
||||
|
||||
udc = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the Usage Data Collector which Neo4j uses to collect usage
|
||||
data. Refer to the operations manual section on the
|
||||
<link xlink:href="https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/">Usage Data Collector</link>
|
||||
for more information.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.neo4j = {
|
||||
description = "Neo4j Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
NEO4J_HOME = "${cfg.package}/share/neo4j";
|
||||
NEO4J_CONF = "${cfg.dataDir}/conf";
|
||||
config =
|
||||
let
|
||||
# Assertion helpers
|
||||
policyNameList = attrNames cfg.ssl.policies;
|
||||
validPolicyNameList = [ "legacy" ] ++ policyNameList;
|
||||
validPolicyNameString = concatStringsSep ", " validPolicyNameList;
|
||||
|
||||
# Capture various directories left at their default so they can be created.
|
||||
defaultDirectoriesToCreate = map (opt: opt.value) (filter isDefaultPathOption (attrValues options.services.neo4j.directories));
|
||||
policyDirectoriesToCreate = concatMap (pol: pol.directoriesToCreate) (attrValues cfg.ssl.policies);
|
||||
in
|
||||
|
||||
mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = !elem "legacy" policyNameList;
|
||||
message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; }
|
||||
{ assertion = elem cfg.bolt.sslPolicy validPolicyNameList;
|
||||
message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
|
||||
{ assertion = elem cfg.https.sslPolicy validPolicyNameList;
|
||||
message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
|
||||
];
|
||||
|
||||
systemd.services.neo4j = {
|
||||
description = "Neo4j Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
environment = {
|
||||
NEO4J_HOME = "${cfg.package}/share/neo4j";
|
||||
NEO4J_CONF = "${cfg.directories.home}/conf";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/neo4j console";
|
||||
User = "neo4j";
|
||||
PermissionsStartOnly = true;
|
||||
LimitNOFILE = 40000;
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
# Directories Setup
|
||||
# Always ensure home exists with nested conf, logs directories.
|
||||
mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs}
|
||||
|
||||
# Create other sub-directories and policy directories that have been left at their default.
|
||||
${concatMapStringsSep "\n" (
|
||||
dir: ''
|
||||
mkdir -m 0700 -p ${dir}
|
||||
'') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)}
|
||||
|
||||
# Place the configuration where Neo4j can find it.
|
||||
ln -fs ${serverConfig} ${cfg.directories.home}/conf/neo4j.conf
|
||||
|
||||
# Ensure neo4j user ownership
|
||||
chown -R neo4j ${cfg.directories.home}
|
||||
'';
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/neo4j console";
|
||||
User = "neo4j";
|
||||
PermissionsStartOnly = true;
|
||||
LimitNOFILE = 40000;
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users.users = singleton {
|
||||
name = "neo4j";
|
||||
uid = config.ids.uids.neo4j;
|
||||
description = "Neo4j daemon user";
|
||||
home = cfg.directories.home;
|
||||
};
|
||||
preStart = ''
|
||||
mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf,logs}
|
||||
ln -fs ${serverConfig} ${cfg.dataDir}/conf/neo4j.conf
|
||||
if [ "$(id -u)" = 0 ]; then chown -R neo4j ${cfg.dataDir}; fi
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users.users = singleton {
|
||||
name = "neo4j";
|
||||
uid = config.ids.uids.neo4j;
|
||||
description = "Neo4j daemon user";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ patternspandemic ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,24 +1,22 @@
|
|||
{ stdenv, fetchurl, zlib }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.16.11";
|
||||
name = "clp-${version}";
|
||||
src = fetchurl {
|
||||
url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz";
|
||||
sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm";
|
||||
};
|
||||
version = "1.16.11";
|
||||
name = "clp-${version}";
|
||||
src = fetchurl {
|
||||
url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz";
|
||||
sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ zlib ];
|
||||
propagatedBuildInputs = [ zlib ];
|
||||
|
||||
doCheck = true;
|
||||
doCheck = true;
|
||||
|
||||
checkTarget = "test";
|
||||
|
||||
meta = {
|
||||
license = stdenv.lib.licenses.epl10;
|
||||
homepage = https://projects.coin-or.org/Clp;
|
||||
description = "An open-source linear programming solver written in C++";
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
maintainers = [ stdenv.lib.maintainers.vbgl ];
|
||||
};
|
||||
meta = {
|
||||
license = stdenv.lib.licenses.epl10;
|
||||
homepage = https://projects.coin-or.org/Clp;
|
||||
description = "An open-source linear programming solver written in C++";
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
maintainers = [ stdenv.lib.maintainers.vbgl ];
|
||||
};
|
||||
}
|
||||
|
|
35
pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix
Normal file
35
pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ stdenv, fetchurl, pkgconfig, intltool, gobjectIntrospection, wrapGAppsHook, gjs, glib, gtk3, gdk_pixbuf, gst_all_1, gnome3 }:
|
||||
|
||||
let
|
||||
pname = "gnome-sound-recorder";
|
||||
version = "3.28.1";
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
|
||||
sha256 = "0y0srj1hvr1waa35p6dj1r1mlgcsscc0i99jni50ijp4zb36fjqy";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig intltool gobjectIntrospection wrapGAppsHook ];
|
||||
buildInputs = [ gjs glib gtk3 gdk_pixbuf ] ++ (with gst_all_1; [ gstreamer.dev gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad ]);
|
||||
|
||||
# TODO: fix this in gstreamer
|
||||
# TODO: make stdenv.lib.getBin respect outputBin
|
||||
PKG_CONFIG_GSTREAMER_1_0_TOOLSDIR = "${gst_all_1.gstreamer.dev}/bin";
|
||||
|
||||
passthru = {
|
||||
updateScript = gnome3.updateScript {
|
||||
packageName = pname;
|
||||
attrPath = "gnome3.${pname}";
|
||||
};
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A simple and modern sound recorder";
|
||||
homepage = https://wiki.gnome.org/Apps/SoundRecorder;
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = gnome3.maintainers;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -289,6 +289,8 @@ lib.makeScope pkgs.newScope (self: with self; {
|
|||
|
||||
gnome-power-manager = callPackage ./apps/gnome-power-manager { };
|
||||
|
||||
gnome-sound-recorder = callPackage ./apps/gnome-sound-recorder { };
|
||||
|
||||
gnome-weather = callPackage ./apps/gnome-weather { };
|
||||
|
||||
nautilus-sendto = callPackage ./apps/nautilus-sendto { };
|
||||
|
|
|
@ -421,16 +421,6 @@ self: super: builtins.intersectAttrs super {
|
|||
# so disable this on Darwin only
|
||||
${if pkgs.stdenv.isDarwin then null else "GLUT"} = addPkgconfigDepend (appendPatch super.GLUT ./patches/GLUT.patch) pkgs.freeglut;
|
||||
|
||||
idris = overrideCabal super.idris (drv: {
|
||||
# https://github.com/idris-lang/Idris-dev/issues/2499
|
||||
librarySystemDepends = (drv.librarySystemDepends or []) ++ [pkgs.gmp];
|
||||
|
||||
# tests and build run executable, so need to set LD_LIBRARY_PATH
|
||||
preBuild = ''
|
||||
export LD_LIBRARY_PATH="$PWD/dist/build:$LD_LIBRARY_PATH"
|
||||
'';
|
||||
});
|
||||
|
||||
libsystemd-journal = overrideCabal super.libsystemd-journal (old: {
|
||||
librarySystemDepends = old.librarySystemDepends or [] ++ [ pkgs.systemd ];
|
||||
});
|
||||
|
|
|
@ -160,6 +160,9 @@ let
|
|||
"--enable-library-for-ghci" # TODO: Should this be configurable?
|
||||
] ++ optionals (enableDeadCodeElimination && (stdenv.lib.versionOlder "8.0.1" ghc.version)) [
|
||||
"--ghc-option=-split-sections"
|
||||
] ++ optionals dontStrip [
|
||||
"--disable-library-stripping"
|
||||
"--disable-executable-stripping"
|
||||
] ++ optionals isGhcjs [
|
||||
"--ghcjs"
|
||||
] ++ optionals isCross ([
|
||||
|
|
|
@ -20,7 +20,7 @@ let
|
|||
};
|
||||
in
|
||||
stdenv.mkDerivation ({
|
||||
name = "${name}-${version}";
|
||||
name = "idris-${name}-${version}";
|
||||
|
||||
buildInputs = [ idris-with-packages gmp ] ++ extraBuildInputs;
|
||||
propagatedBuildInputs = allIdrisDeps;
|
||||
|
|
|
@ -13,7 +13,9 @@ stdenv.mkDerivation rec {
|
|||
|
||||
outputs = [ "out" "prefix" ];
|
||||
|
||||
installPhase = ''
|
||||
installPhase = let
|
||||
binPath = stdenv.lib.makeBinPath [ rlwrap jdk ];
|
||||
in ''
|
||||
mkdir -p $prefix/libexec
|
||||
cp clojure-tools-${version}.jar $prefix/libexec
|
||||
cp {,example-}deps.edn $prefix
|
||||
|
@ -21,8 +23,8 @@ stdenv.mkDerivation rec {
|
|||
substituteInPlace clojure --replace PREFIX $prefix
|
||||
|
||||
install -Dt $out/bin clj clojure
|
||||
wrapProgram $out/bin/clj --suffix PATH ${rlwrap}/bin
|
||||
wrapProgram $out/bin/clojure --suffix PATH ${jdk}/bin
|
||||
wrapProgram $out/bin/clj --prefix PATH : ${binPath}
|
||||
wrapProgram $out/bin/clojure --prefix PATH : ${binPath}
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
* see `ffmpeg-full' for an ffmpeg build with all features included.
|
||||
*
|
||||
* Need fixes to support Darwin:
|
||||
* libvpx pulseaudio
|
||||
* pulseaudio
|
||||
*
|
||||
* Known issues:
|
||||
* 0.6 - fails to compile (unresolved) (so far, only disabling a number of
|
||||
|
@ -58,6 +58,8 @@ let
|
|||
disDarwinOrArmFix = origArg: minVer: fixArg: if ((isDarwin || isAarch32) && reqMin minVer) then fixArg else origArg;
|
||||
|
||||
vaapiSupport = reqMin "0.6" && ((isLinux || isFreeBSD) && !isAarch32);
|
||||
|
||||
vpxSupport = reqMin "0.6" && !isAarch32;
|
||||
in
|
||||
|
||||
assert openglSupport -> libGLU_combined != null;
|
||||
|
@ -130,7 +132,7 @@ stdenv.mkDerivation rec {
|
|||
(ifMinVer "0.6" (enableFeature vaapiSupport "vaapi"))
|
||||
"--enable-vdpau"
|
||||
"--enable-libvorbis"
|
||||
(disDarwinOrArmFix (ifMinVer "0.6" "--enable-libvpx") "0.6" "--disable-libvpx")
|
||||
(ifMinVer "0.6" (enableFeature vpxSupport "libvpx"))
|
||||
(ifMinVer "2.4" "--enable-lzma")
|
||||
(ifMinVer "2.2" (enableFeature openglSupport "opengl"))
|
||||
(disDarwinOrArmFix (ifMinVer "0.9" "--enable-libpulse") "0.9" "--disable-libpulse")
|
||||
|
@ -159,7 +161,8 @@ stdenv.mkDerivation rec {
|
|||
bzip2 fontconfig freetype gnutls libiconv lame libass libogg libtheora
|
||||
libvdpau libvorbis lzma soxr x264 x265 xvidcore zlib libopus
|
||||
] ++ optional openglSupport libGLU_combined
|
||||
++ optionals (!isDarwin && !isAarch32) [ libvpx libpulseaudio ] # Need to be fixed on Darwin and ARM
|
||||
++ optional vpxSupport libvpx
|
||||
++ optionals (!isDarwin && !isAarch32) [ libpulseaudio ] # Need to be fixed on Darwin and ARM
|
||||
++ optional ((isLinux || isFreeBSD) && !isAarch32) libva
|
||||
++ optional isLinux alsaLib
|
||||
++ optionals isDarwin darwinFrameworks
|
||||
|
|
|
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
buildInputs = [ libevent openssl ];
|
||||
|
||||
doCheck = (!stdenv.isDarwin);
|
||||
doCheck = !stdenv.isDarwin;
|
||||
checkPhase = "ctest";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
26
pkgs/development/python-modules/parsy/default.nix
Normal file
26
pkgs/development/python-modules/parsy/default.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ lib, buildPythonPackage, fetchPypi, pythonOlder, pytest }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "parsy";
|
||||
version = "1.2.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0mdqg07x5ybmbmj55x75gyhfcjrn7ml0cf3z0jwbskx845j31m6x";
|
||||
};
|
||||
|
||||
checkInputs = [ pytest ];
|
||||
|
||||
checkPhase = ''
|
||||
py.test test/
|
||||
'';
|
||||
|
||||
disabled = pythonOlder "3.4";
|
||||
|
||||
meta = with lib; {
|
||||
homepage = https://github.com/python-parsy/parsy;
|
||||
description = "Easy-to-use parser combinators, for parsing in pure Python";
|
||||
license = [ licenses.mit ];
|
||||
maintainers = with maintainers; [ aepsil0n ];
|
||||
};
|
||||
}
|
|
@ -22,10 +22,10 @@ in python3Packages.buildPythonApplication {
|
|||
doCheck = false;
|
||||
checkPhase = "py.test";
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://pydoit.org/;
|
||||
description = "A task management & automation tool";
|
||||
license = stdenv.lib.licenses.mit;
|
||||
license = licenses.mit;
|
||||
longDescription = ''
|
||||
doit is a modern open-source build-tool written in python
|
||||
designed to be simple to use and flexible to deal with complex
|
||||
|
@ -33,6 +33,7 @@ in python3Packages.buildPythonApplication {
|
|||
custom work-flows where there is no out-of-the-box solution
|
||||
available.
|
||||
'';
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
maintainers = with maintainers; [ pSub ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ GIT
|
|||
PATH
|
||||
remote: .
|
||||
specs:
|
||||
vagrant (2.1.1)
|
||||
vagrant (2.1.2)
|
||||
childprocess (~> 0.6.0)
|
||||
erubis (~> 2.7.0)
|
||||
hashicorp-checkpoint (~> 0.1.5)
|
||||
|
@ -25,8 +25,6 @@ PATH
|
|||
rest-client (>= 1.6.0, < 3.0)
|
||||
ruby_dep (<= 1.3.1)
|
||||
wdm (~> 0.1.0)
|
||||
win32-file (~> 0.8.1)
|
||||
win32-file-security (~> 1.0.10)
|
||||
winrm (~> 2.1)
|
||||
winrm-elevated (~> 1.1)
|
||||
winrm-fs (~> 1.0)
|
||||
|
@ -47,8 +45,6 @@ GEM
|
|||
erubis (2.7.0)
|
||||
fake_ftp (0.1.1)
|
||||
ffi (1.9.23)
|
||||
ffi-win32-extensions (1.0.3)
|
||||
ffi
|
||||
gssapi (1.2.0)
|
||||
ffi (>= 1.0.1)
|
||||
gyoku (1.3.1)
|
||||
|
@ -119,16 +115,6 @@ GEM
|
|||
addressable (>= 2.3.6)
|
||||
crack (>= 0.3.2)
|
||||
hashdiff
|
||||
win32-file (0.8.1)
|
||||
ffi
|
||||
ffi-win32-extensions
|
||||
win32-file-stat (>= 1.4.0)
|
||||
win32-file-security (1.0.10)
|
||||
ffi
|
||||
ffi-win32-extensions
|
||||
win32-file-stat (1.5.5)
|
||||
ffi
|
||||
ffi-win32-extensions
|
||||
winrm (2.2.3)
|
||||
builder (>= 2.1.2)
|
||||
erubis (~> 2.7)
|
||||
|
@ -160,4 +146,4 @@ DEPENDENCIES
|
|||
webmock (~> 2.3.1)
|
||||
|
||||
BUNDLED WITH
|
||||
1.14.6
|
||||
1.16.2
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ lib, fetchurl, buildRubyGem, bundlerEnv, ruby, libarchive }:
|
||||
|
||||
let
|
||||
# NOTE: bumping the version and updating the hash is insufficient;
|
||||
# you must copy a fresh Gemfile.lock from the vagrant source,
|
||||
# and use bundix to generate a new gemset.nix.
|
||||
# Do not change the existing Gemfile.
|
||||
version = "2.1.2";
|
||||
url = "https://github.com/hashicorp/vagrant/archive/v${version}.tar.gz";
|
||||
sha256 = "0fb90v43d30whhyjlgb9mmy93ccbpr01pz97kp5hrg3wfd7703b1";
|
||||
|
|
|
@ -75,15 +75,6 @@
|
|||
};
|
||||
version = "1.9.23";
|
||||
};
|
||||
ffi-win32-extensions = {
|
||||
dependencies = ["ffi"];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "1ywkkbr3bpi2ais2jr8yrsqwwrm48jg262anmdkcb9if95vajx7l";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.0.3";
|
||||
};
|
||||
gssapi = {
|
||||
dependencies = ["ffi"];
|
||||
source = {
|
||||
|
@ -406,7 +397,7 @@
|
|||
version = "0.0.7.5";
|
||||
};
|
||||
vagrant = {
|
||||
dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "win32-file" "win32-file-security" "winrm" "winrm-elevated" "winrm-fs"];
|
||||
dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "winrm" "winrm-elevated" "winrm-fs"];
|
||||
};
|
||||
vagrant-spec = {
|
||||
dependencies = ["childprocess" "log4r" "rspec" "thor"];
|
||||
|
@ -436,33 +427,6 @@
|
|||
};
|
||||
version = "2.3.2";
|
||||
};
|
||||
win32-file = {
|
||||
dependencies = ["ffi" "ffi-win32-extensions" "win32-file-stat"];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0mjylzv4bbnxyjqf7hnd9ghcs5xr2sv8chnmkqdi2cc6pya2xax0";
|
||||
type = "gem";
|
||||
};
|
||||
version = "0.8.1";
|
||||
};
|
||||
win32-file-security = {
|
||||
dependencies = ["ffi" "ffi-win32-extensions"];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0lpq821a1hrxmm0ki5c34wijzhn77g4ny76v698ixwg853y2ir9r";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.0.10";
|
||||
};
|
||||
win32-file-stat = {
|
||||
dependencies = ["ffi" "ffi-win32-extensions"];
|
||||
source = {
|
||||
remotes = ["https://rubygems.org"];
|
||||
sha256 = "0lc3yajcb8xxabvj9qian938k60ixydvs3ixl5fldi0nlvnvk468";
|
||||
type = "gem";
|
||||
};
|
||||
version = "1.5.5";
|
||||
};
|
||||
winrm = {
|
||||
dependencies = ["builder" "erubis" "gssapi" "gyoku" "httpclient" "logging" "nori" "rubyntlm"];
|
||||
source = {
|
||||
|
|
25
pkgs/tools/admin/aws-rotate-key/default.nix
Normal file
25
pkgs/tools/admin/aws-rotate-key/default.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ stdenv, buildGoPackage, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
name = "aws-rotate-key-${version}";
|
||||
version = "1.0.0";
|
||||
|
||||
goPackagePath = "github.com/Fullscreen/aws-rotate-key";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
rev = "v${version}";
|
||||
owner = "Fullscreen";
|
||||
repo = "aws-rotate-key";
|
||||
sha256 = "13q7rns65cj8b4i0s75dbswijpra9z74b462zribwfjdm29by5k1";
|
||||
};
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Easily rotate your AWS key";
|
||||
homepage = https://github.com/Fullscreen/aws-rotate-key;
|
||||
license = licenses.mit;
|
||||
maintainers = [maintainers.mbode];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
29
pkgs/tools/admin/aws-rotate-key/deps.nix
generated
Normal file
29
pkgs/tools/admin/aws-rotate-key/deps.nix
generated
Normal file
|
@ -0,0 +1,29 @@
|
|||
[
|
||||
{
|
||||
goPackagePath = "github.com/go-ini/ini";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/go-ini/ini";
|
||||
rev = "af26abd521cd7697481572fdbc4a53cbea3dde1b";
|
||||
sha256 = "1yribbqy9i4i70dfg3yrjhkn3n0fywpr3kismn2mvi882mm01pxz";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/jmespath/go-jmespath";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/jmespath/go-jmespath";
|
||||
rev = "c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5";
|
||||
sha256 = "1r6w7ydx8ydryxk3sfhzsk8m6f1nsik9jg3i1zhi69v4kfl4d5cz";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/aws/aws-sdk-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/aws/aws-sdk-go";
|
||||
rev = "f844700ba2a387dfee7ab3679e7544b5dbd6d394";
|
||||
sha256 = "0s9100bzqj58nnax3dxfgi5qr4rbaa53cb0cj3s58k9jc9z6270m";
|
||||
};
|
||||
}
|
||||
]
|
|
@ -2,16 +2,30 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "bluemix-cli-${version}";
|
||||
version = "0.6.6";
|
||||
version = "0.8.0";
|
||||
|
||||
src = fetchurl {
|
||||
name = "linux64.tar.gz";
|
||||
url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64";
|
||||
sha256 = "1swjawc4szqrl0wgjcb4na1hbxylaqp2mp53lxsbfbk1db0c3y85";
|
||||
};
|
||||
src =
|
||||
if stdenv.system == "i686-linux" then
|
||||
fetchurl {
|
||||
name = "linux32-${version}.tar.gz";
|
||||
url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux32";
|
||||
sha256 = "1ryngbjlw59x33rfd32bcz49r93a1q1g92jh7xmi9vydgqnzsifh";
|
||||
}
|
||||
else
|
||||
fetchurl {
|
||||
name = "linux64-${version}.tar.gz";
|
||||
url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64";
|
||||
sha256 = "056zbaca430ldcn0s86vy40m5abvwpfrmvqybbr6fjwfv9zngywx";
|
||||
}
|
||||
;
|
||||
|
||||
installPhase = ''
|
||||
install -m755 -D --target $out/bin bin/bluemix bin/bluemix-analytics bin/cfcli/cf
|
||||
install -m755 -D -t $out/bin bin/ibmcloud bin/ibmcloud-analytics
|
||||
install -m755 -D -t $out/bin/cfcli bin/cfcli/cf
|
||||
ln -sv $out/bin/ibmcloud $out/bin/bx
|
||||
ln -sv $out/bin/ibmcloud $out/bin/bluemix
|
||||
install -D -t "$out/etc/bash_completion.d" bx/bash_autocomplete
|
||||
install -D -t "$out/share/zsh/site-functions" bx/zsh_autocomplete
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -19,7 +33,7 @@ stdenv.mkDerivation rec {
|
|||
homepage = "https://console.bluemix.net/docs/cli/index.html";
|
||||
downloadPage = "https://console.bluemix.net/docs/cli/reference/bluemix_cli/download_cli.html#download_install";
|
||||
license = licenses.unfree;
|
||||
maintainers = [ maintainers.tazjin ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
maintainers = [ maintainers.tazjin maintainers.jensbin ];
|
||||
platforms = [ "x86_64-linux" "i686-linux" ];
|
||||
};
|
||||
}
|
||||
|
|
26
pkgs/tools/graphics/ibniz/default.nix
Normal file
26
pkgs/tools/graphics/ibniz/default.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ stdenv, fetchurl, SDL }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ibniz-${version}";
|
||||
version = "1.18";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.pelulamu.net/ibniz/${name}.tar.gz";
|
||||
sha256 = "10b4dka8zx7y84m1a58z9j2vly8mz9aw9wn8z9vx9av739j95wp2";
|
||||
};
|
||||
|
||||
buildInputs = [ SDL ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp ibniz $out/bin
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Virtual machine designed for extremely compact low-level audiovisual programs";
|
||||
homepage = "http://www.pelulamu.net/ibniz/";
|
||||
license = licenses.zlib;
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.dezgeg ];
|
||||
};
|
||||
}
|
|
@ -17,7 +17,13 @@ buildGoPackage rec {
|
|||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://github.com/tj/mmake;
|
||||
description = "Mmake is a small program which wraps make to provide additional functionality, such as user-friendly help output, remote includes, and eventually more. It otherwise acts as a pass-through to standard make.";
|
||||
description = "A small program which wraps make to provide additional functionality";
|
||||
longDescription = ''
|
||||
Mmake is a small program which wraps make to provide additional
|
||||
functionality, such as user-friendly help output, remote
|
||||
includes, and eventually more. It otherwise acts as a
|
||||
pass-through to standard make.
|
||||
'';
|
||||
license = licenses.mit;
|
||||
platforms = platforms.all;
|
||||
maintainers = [ maintainers.gabesoft ];
|
||||
|
|
|
@ -12,10 +12,11 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ libcaca ];
|
||||
|
||||
meta = {
|
||||
meta = with stdenv.lib; {
|
||||
description = "Display large colourful characters in text mode";
|
||||
homepage = http://caca.zoy.org/wiki/toilet;
|
||||
license = stdenv.lib.licenses.wtfpl;
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
license = licenses.wtfpl;
|
||||
maintainers = with maintainers; [ pSub ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
homepage = https://github.com/theZiz/aha;
|
||||
license = with licenses; [ lgpl2Plus mpl11 ];
|
||||
maintainers = with maintainers; [ pSub ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -555,6 +555,8 @@ with pkgs;
|
|||
|
||||
awslogs = callPackage ../tools/admin/awslogs { };
|
||||
|
||||
aws-rotate-key = callPackage ../tools/admin/aws-rotate-key { };
|
||||
|
||||
aws_shell = pythonPackages.callPackage ../tools/admin/aws_shell { };
|
||||
|
||||
aws-sam-cli = callPackage ../development/tools/aws-sam-cli { };
|
||||
|
@ -3087,6 +3089,8 @@ with pkgs;
|
|||
|
||||
iannix = libsForQt5.callPackage ../applications/audio/iannix { };
|
||||
|
||||
ibniz = callPackage ../tools/graphics/ibniz { };
|
||||
|
||||
icecast = callPackage ../servers/icecast { };
|
||||
|
||||
darkice = callPackage ../tools/audio/darkice { };
|
||||
|
@ -6646,20 +6650,7 @@ with pkgs;
|
|||
icedtea_web = icedtea8_web;
|
||||
|
||||
idrisPackages = callPackage ../development/idris-modules {
|
||||
|
||||
idris-no-deps =
|
||||
let
|
||||
inherit (self.haskell) lib;
|
||||
haskellPackages = self.haskellPackages.override {
|
||||
overrides = self: super: {
|
||||
binary = lib.dontCheck self.binary_0_8_5_1;
|
||||
parsers = lib.dontCheck super.parsers;
|
||||
semigroupoids = lib.dontCheck super.semigroupoids;
|
||||
trifecta = lib.dontCheck super.trifecta;
|
||||
};
|
||||
};
|
||||
in
|
||||
haskellPackages.idris;
|
||||
idris-no-deps = haskellPackages.idris;
|
||||
};
|
||||
|
||||
idris = idrisPackages.with-packages [ idrisPackages.base ] ;
|
||||
|
@ -9139,7 +9130,6 @@ with pkgs;
|
|||
game-music-emu = if stdenv.isDarwin then null else game-music-emu;
|
||||
libjack2 = if stdenv.isDarwin then null else libjack2;
|
||||
libmodplug = if stdenv.isDarwin then null else libmodplug;
|
||||
libvpx = if stdenv.isDarwin then null else libvpx;
|
||||
openal = if stdenv.isDarwin then null else openal;
|
||||
libpulseaudio = if stdenv.isDarwin then null else libpulseaudio;
|
||||
samba = if stdenv.isDarwin then null else samba;
|
||||
|
|
|
@ -11955,6 +11955,25 @@ let self = _self // overrides; _self = with self; {
|
|||
};
|
||||
};
|
||||
|
||||
PerconaToolkit = buildPerlPackage rec {
|
||||
name = "Percona-Toolkit-3.0.11";
|
||||
src = fetchFromGitHub {
|
||||
owner = "percona";
|
||||
repo = "percona-toolkit";
|
||||
rev = "6e5c5c5e6db0a32c6951c8f798c4547539cdab87";
|
||||
sha256 = "18wxvp7psqrx0zdvg47azrals572hv9fx1s3p0q65s87lnk3q63l";
|
||||
};
|
||||
outputs = [ "out" ];
|
||||
buildInputs = [ DBDmysql DBI DigestMD5 IOSocketSSL TermReadKey TimeHiRes ];
|
||||
meta = {
|
||||
description = ''Collection of advanced command-line tools to perform a variety of MySQL and system tasks.'';
|
||||
homepage = http://www.percona.com/software/percona-toolkit;
|
||||
license = with stdenv.lib.licenses; [ lgpl2 ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
maintainers = with stdenv.lib.maintainers; [ izorkin ];
|
||||
};
|
||||
};
|
||||
|
||||
Perl5lib = buildPerlPackage rec {
|
||||
name = "perl5lib-1.02";
|
||||
src = fetchurl {
|
||||
|
|
|
@ -1855,6 +1855,8 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
parsy = callPackage ../development/python-modules/parsy { };
|
||||
|
||||
portpicker = callPackage ../development/python-modules/portpicker { };
|
||||
|
||||
pkginfo = callPackage ../development/python-modules/pkginfo { };
|
||||
|
|
|
@ -166,6 +166,7 @@ let
|
|||
} // (mapTestOn ((packagePlatforms pkgs) // rec {
|
||||
haskell.compiler = packagePlatforms pkgs.haskell.compiler;
|
||||
haskellPackages = packagePlatforms pkgs.haskellPackages;
|
||||
idrisPackages = packagePlatforms pkgs.idrisPackages;
|
||||
|
||||
# Language packages disabled in https://github.com/NixOS/nixpkgs/commit/ccd1029f58a3bb9eca32d81bf3f33cb4be25cc66
|
||||
|
||||
|
|
Loading…
Reference in a new issue