Merge staging-next into staging
This commit is contained in:
commit
79a728d821
57 changed files with 278 additions and 81 deletions
|
@ -377,6 +377,33 @@ Superuser created successfully.
|
|||
notes</link>).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link>
|
||||
no longer defaults to <literal>nogroup</literal>, which was
|
||||
insecure. Out-of-tree modules are likely to require
|
||||
adaptation: instead of
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
users.users.foo = {
|
||||
isSystemUser = true;
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
also create a group for your user:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
users.users.foo = {
|
||||
isSystemUser = true;
|
||||
group = "foo";
|
||||
};
|
||||
users.groups.foo = {};
|
||||
}
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.geoip-updater</literal> was broken and has
|
||||
|
|
|
@ -142,6 +142,25 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)).
|
||||
|
||||
- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of
|
||||
```nix
|
||||
{
|
||||
users.users.foo = {
|
||||
isSystemUser = true;
|
||||
};
|
||||
}
|
||||
```
|
||||
also create a group for your user:
|
||||
```nix
|
||||
{
|
||||
users.users.foo = {
|
||||
isSystemUser = true;
|
||||
group = "foo";
|
||||
};
|
||||
users.groups.foo = {};
|
||||
}
|
||||
```
|
||||
|
||||
- `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable).
|
||||
|
||||
- PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release.
|
||||
|
|
|
@ -123,7 +123,7 @@ let
|
|||
group = mkOption {
|
||||
type = types.str;
|
||||
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
|
||||
default = "nogroup";
|
||||
default = "";
|
||||
description = "The user's primary group.";
|
||||
};
|
||||
|
||||
|
@ -640,6 +640,16 @@ in {
|
|||
Exactly one of users.users.${user.name}.isSystemUser and users.users.${user.name}.isNormalUser must be set.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = user.group != "";
|
||||
message = ''
|
||||
users.users.${user.name}.group is unset. This used to default to
|
||||
nogroup, but this is unsafe. For example you can create a group
|
||||
for this user with:
|
||||
users.users.${user.name}.group = "${user.name}";
|
||||
users.groups.${user.name} = {};
|
||||
'';
|
||||
}
|
||||
]
|
||||
));
|
||||
|
||||
|
|
|
@ -83,14 +83,14 @@ in
|
|||
#fourstore = 42; # dropped in 20.03
|
||||
#fourstorehttp = 43; # dropped in 20.03
|
||||
virtuoso = 44;
|
||||
rtkit = 45;
|
||||
#rtkit = 45; # dynamically allocated 2021-09-03
|
||||
dovecot2 = 46;
|
||||
dovenull2 = 47;
|
||||
prayer = 49;
|
||||
mpd = 50;
|
||||
clamav = 51;
|
||||
fprot = 52;
|
||||
bind = 53;
|
||||
# bind = 53; #dynamically allocated as of 2021-09-03
|
||||
wwwrun = 54;
|
||||
#adm = 55; # unused
|
||||
spamd = 56;
|
||||
|
@ -134,13 +134,13 @@ in
|
|||
firebird = 95;
|
||||
#keys = 96; # unused
|
||||
#haproxy = 97; # dynamically allocated as of 2020-03-11
|
||||
mongodb = 98;
|
||||
#mongodb = 98; #dynamically allocated as of 2021-09-03
|
||||
#openldap = 99; # dynamically allocated as of PR#94610
|
||||
#users = 100; # unused
|
||||
cgminer = 101;
|
||||
munin = 102;
|
||||
logcheck = 103;
|
||||
nix-ssh = 104;
|
||||
#nix-ssh = 104; #dynamically allocated as of 2021-09-03
|
||||
dictd = 105;
|
||||
couchdb = 106;
|
||||
#searx = 107; # dynamically allocated as of 2020-10-27
|
||||
|
@ -149,9 +149,9 @@ in
|
|||
systemd-journal-gateway = 110;
|
||||
#notbit = 111; # unused
|
||||
aerospike = 111;
|
||||
ngircd = 112;
|
||||
#ngircd = 112; #dynamically allocated as of 2021-09-03
|
||||
#btsync = 113; # unused
|
||||
minecraft = 114;
|
||||
#minecraft = 114; #dynamically allocated as of 2021-09-03
|
||||
vault = 115;
|
||||
rippled = 116;
|
||||
murmur = 117;
|
||||
|
@ -169,19 +169,19 @@ in
|
|||
mopidy = 130;
|
||||
#docker = 131; # unused
|
||||
gdm = 132;
|
||||
dhcpd = 133;
|
||||
#dhcpd = 133; # dynamically allocated as of 2021-09-03
|
||||
siproxd = 134;
|
||||
mlmmj = 135;
|
||||
neo4j = 136;
|
||||
#neo4j = 136;# dynamically allocated as of 2021-09-03
|
||||
riemann = 137;
|
||||
riemanndash = 138;
|
||||
radvd = 139;
|
||||
zookeeper = 140;
|
||||
dnsmasq = 141;
|
||||
#radvd = 139;# dynamically allocated as of 2021-09-03
|
||||
#zookeeper = 140;# dynamically allocated as of 2021-09-03
|
||||
#dnsmasq = 141;# dynamically allocated as of 2021-09-03
|
||||
#uhub = 142; # unused
|
||||
yandexdisk = 143;
|
||||
mxisd = 144; # was once collectd
|
||||
consul = 145;
|
||||
#consul = 145;# dynamically allocated as of 2021-09-03
|
||||
mailpile = 146;
|
||||
redmine = 147;
|
||||
#seeks = 148; # removed 2020-06-21
|
||||
|
@ -192,7 +192,7 @@ in
|
|||
systemd-resolve = 153;
|
||||
systemd-timesync = 154;
|
||||
liquidsoap = 155;
|
||||
etcd = 156;
|
||||
#etcd = 156;# dynamically allocated as of 2021-09-03
|
||||
hbase = 158;
|
||||
opentsdb = 159;
|
||||
scollector = 160;
|
||||
|
@ -204,7 +204,7 @@ in
|
|||
tox-bootstrapd = 166;
|
||||
cadvisor = 167;
|
||||
nylon = 168;
|
||||
apache-kafka = 169;
|
||||
#apache-kafka = 169;# dynamically allocated as of 2021-09-03
|
||||
#panamax = 170; # unused
|
||||
exim = 172;
|
||||
#fleet = 173; # unused
|
||||
|
@ -241,7 +241,7 @@ in
|
|||
gateone = 207;
|
||||
namecoin = 208;
|
||||
#lxd = 210; # unused
|
||||
kibana = 211;
|
||||
#kibana = 211;# dynamically allocated as of 2021-09-03
|
||||
xtreemfs = 212;
|
||||
calibre-server = 213;
|
||||
heapster = 214;
|
||||
|
@ -264,7 +264,7 @@ in
|
|||
avahi-autoipd = 231;
|
||||
nntp-proxy = 232;
|
||||
mjpg-streamer = 233;
|
||||
radicale = 234;
|
||||
#radicale = 234;# dynamically allocated as of 2021-09-03
|
||||
hydra-queue-runner = 235;
|
||||
hydra-www = 236;
|
||||
syncthing = 237;
|
||||
|
@ -272,14 +272,14 @@ in
|
|||
taskd = 240;
|
||||
# factorio = 241; # DynamicUser = true
|
||||
# emby = 242; # unusued, removed 2019-05-01
|
||||
graylog = 243;
|
||||
#graylog = 243;# dynamically allocated as of 2021-09-03
|
||||
sniproxy = 244;
|
||||
nzbget = 245;
|
||||
mosquitto = 246;
|
||||
toxvpn = 247;
|
||||
# squeezelite = 248; # DynamicUser = true
|
||||
turnserver = 249;
|
||||
smokeping = 250;
|
||||
#smokeping = 250;# dynamically allocated as of 2021-09-03
|
||||
gocd-agent = 251;
|
||||
gocd-server = 252;
|
||||
terraria = 253;
|
||||
|
@ -554,7 +554,7 @@ in
|
|||
#shout = 206; #unused
|
||||
gateone = 207;
|
||||
namecoin = 208;
|
||||
lxd = 210; # unused
|
||||
#lxd = 210; # unused
|
||||
#kibana = 211;
|
||||
xtreemfs = 212;
|
||||
calibre-server = 213;
|
||||
|
@ -573,7 +573,7 @@ in
|
|||
cfdyndns = 227;
|
||||
pdnsd = 229;
|
||||
octoprint = 230;
|
||||
radicale = 234;
|
||||
#radicale = 234;# dynamically allocated as of 2021-09-03
|
||||
syncthing = 237;
|
||||
caddy = 239;
|
||||
taskd = 240;
|
||||
|
@ -585,7 +585,7 @@ in
|
|||
#toxvpn = 247; # unused
|
||||
#squeezelite = 248; #unused
|
||||
turnserver = 249;
|
||||
smokeping = 250;
|
||||
#smokeping = 250;# dynamically allocated as of 2021-09-03
|
||||
gocd-agent = 251;
|
||||
gocd-server = 252;
|
||||
terraria = 253;
|
||||
|
|
|
@ -35,9 +35,12 @@ with lib;
|
|||
services.dbus.packages = [ pkgs.rtkit ];
|
||||
|
||||
users.users.rtkit =
|
||||
{ uid = config.ids.uids.rtkit;
|
||||
{
|
||||
isSystemUser = true;
|
||||
group = "rtkit";
|
||||
description = "RealtimeKit daemon";
|
||||
};
|
||||
users.groups.rtkit = {};
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -169,6 +169,7 @@ let
|
|||
(map (mkAuthorizedKey cfg false) cfg.authorizedKeys
|
||||
++ map (mkAuthorizedKey cfg true) cfg.authorizedKeysAppendOnly);
|
||||
useDefaultShell = true;
|
||||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
groups.${cfg.group} = { };
|
||||
|
|
|
@ -185,6 +185,7 @@ in
|
|||
users.users = optionalAttrs (cfg.user == "influxdb") {
|
||||
influxdb = {
|
||||
uid = config.ids.uids.influxdb;
|
||||
group = "influxdb";
|
||||
description = "Influxdb daemon user";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -67,7 +67,9 @@ in
|
|||
users.users = optionalAttrs (cfg.user == "memcached") {
|
||||
memcached.description = "Memcached server user";
|
||||
memcached.isSystemUser = true;
|
||||
memcached.group = "memcached";
|
||||
};
|
||||
users.groups = optionalAttrs (cfg.user == "memcached") { memcached = {}; };
|
||||
|
||||
environment.systemPackages = [ memcached ];
|
||||
|
||||
|
|
|
@ -123,9 +123,11 @@ in
|
|||
|
||||
users.users.mongodb = mkIf (cfg.user == "mongodb")
|
||||
{ name = "mongodb";
|
||||
uid = config.ids.uids.mongodb;
|
||||
isSystemUser = true;
|
||||
group = "mongodb";
|
||||
description = "MongoDB server user";
|
||||
};
|
||||
users.groups.mongodb = mkIf (cfg.user == "mongodb") {};
|
||||
|
||||
environment.systemPackages = [ mongodb ];
|
||||
|
||||
|
|
|
@ -651,10 +651,12 @@ in {
|
|||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users.users.neo4j = {
|
||||
uid = config.ids.uids.neo4j;
|
||||
isSystemUser = true;
|
||||
group = "neo4j";
|
||||
description = "Neo4j daemon user";
|
||||
home = cfg.directories.home;
|
||||
};
|
||||
users.groups.neo4j = {};
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
|
|
@ -246,6 +246,7 @@ in {
|
|||
|
||||
users.users.redis = {
|
||||
description = "Redis database user";
|
||||
group = "redis";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.redis = {};
|
||||
|
|
|
@ -167,8 +167,10 @@ in {
|
|||
description = "Minecraft server service user";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.minecraft;
|
||||
isSystemUser = true;
|
||||
group = "minecraft";
|
||||
};
|
||||
users.groups.minecraft = {};
|
||||
|
||||
systemd.services.minecraft-server = {
|
||||
description = "Minecraft Server Service";
|
||||
|
|
|
@ -128,10 +128,12 @@ in
|
|||
|
||||
users.users = mkIf (cfg.user == "graylog") {
|
||||
graylog = {
|
||||
uid = config.ids.uids.graylog;
|
||||
isSystemUser = true;
|
||||
group = "graylog";
|
||||
description = "Graylog server daemon user";
|
||||
};
|
||||
};
|
||||
users.groups = mkIf (cfg.user == "graylog") {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.messageJournalDir}' - ${cfg.user} - - -"
|
||||
|
|
|
@ -165,10 +165,12 @@ in {
|
|||
|
||||
users.users.airsonic = {
|
||||
description = "Airsonic service user";
|
||||
group = "airsonic";
|
||||
name = cfg.user;
|
||||
home = cfg.home;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.airsonic = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -120,10 +120,12 @@ in {
|
|||
environment.systemPackages = [cfg.package];
|
||||
|
||||
users.users.apache-kafka = {
|
||||
uid = config.ids.uids.apache-kafka;
|
||||
isSystemUser = true;
|
||||
group = "apache-kafka";
|
||||
description = "Apache Kafka daemon user";
|
||||
home = head cfg.logDirs;
|
||||
};
|
||||
users.groups.apache-kafka = {};
|
||||
|
||||
systemd.tmpfiles.rules = map (logDir: "d '${logDir}' 0700 apache-kafka - - -") cfg.logDirs;
|
||||
|
||||
|
|
|
@ -151,7 +151,9 @@ in {
|
|||
home = cfg.storagePath;
|
||||
}
|
||||
else {}) // {
|
||||
group = "docker-registry";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.docker-registry = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -187,9 +187,11 @@ in {
|
|||
environment.systemPackages = [ pkgs.etcd ];
|
||||
|
||||
users.users.etcd = {
|
||||
uid = config.ids.uids.etcd;
|
||||
isSystemUser = true;
|
||||
group = "etcd";
|
||||
description = "Etcd daemon user";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
users.groups.etcd = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -44,9 +44,11 @@ in {
|
|||
|
||||
users.users.nix-ssh = {
|
||||
description = "Nix SSH store user";
|
||||
uid = config.ids.uids.nix-ssh;
|
||||
isSystemUser = true;
|
||||
group = "nix-ssh";
|
||||
useDefaultShell = true;
|
||||
};
|
||||
users.groups.nix-ssh = {};
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
|
|
|
@ -148,9 +148,11 @@ in {
|
|||
};
|
||||
|
||||
users.users.zookeeper = {
|
||||
uid = config.ids.uids.zookeeper;
|
||||
isSystemUser = true;
|
||||
group = "zookeeper";
|
||||
description = "Zookeeper daemon user";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
users.groups.zookeeper = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -561,6 +561,7 @@ in {
|
|||
) {
|
||||
users.users.graphite = {
|
||||
uid = config.ids.uids.graphite;
|
||||
group = "graphite";
|
||||
description = "Graphite daemon user";
|
||||
home = dataDir;
|
||||
};
|
||||
|
|
|
@ -258,6 +258,7 @@ in {
|
|||
|
||||
users.users = optionalAttrs (cfg.user == defaultUser) {
|
||||
${defaultUser} = {
|
||||
group = defaultUser;
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -36,6 +36,7 @@ in {
|
|||
groups._tuptime.members = [ "_tuptime" ];
|
||||
users._tuptime = {
|
||||
isSystemUser = true;
|
||||
group = "_tuptime";
|
||||
description = "tuptime database owner";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -193,7 +193,10 @@ in {
|
|||
environment.systemPackages = [ pkgs.orangefs ];
|
||||
|
||||
# orangefs daemon will run as user
|
||||
users.users.orangefs.isSystemUser = true;
|
||||
users.users.orangefs = {
|
||||
isSystemUser = true;
|
||||
group = "orangfs";
|
||||
};
|
||||
users.groups.orangefs = {};
|
||||
|
||||
# To format the file system the config file is needed.
|
||||
|
|
|
@ -229,9 +229,11 @@ in
|
|||
|
||||
users.users.${bindUser} =
|
||||
{
|
||||
uid = config.ids.uids.bind;
|
||||
group = bindUser;
|
||||
description = "BIND daemon user";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.${bindUser} = {};
|
||||
|
||||
systemd.services.bind = {
|
||||
description = "BIND Domain Name Server";
|
||||
|
|
|
@ -159,10 +159,12 @@ in
|
|||
|
||||
users.users.consul = {
|
||||
description = "Consul agent daemon user";
|
||||
uid = config.ids.uids.consul;
|
||||
isSystemUser = true;
|
||||
group = "consul";
|
||||
# The shell is needed for health checks
|
||||
shell = "/run/current-system/sw/bin/bash";
|
||||
};
|
||||
users.groups.consul = {};
|
||||
|
||||
environment = {
|
||||
etc."consul.json".text = builtins.toJSON configOptions;
|
||||
|
|
|
@ -311,6 +311,7 @@ in {
|
|||
{
|
||||
users.users.turnserver =
|
||||
{ uid = config.ids.uids.turnserver;
|
||||
group = "turnserver";
|
||||
description = "coturn TURN server user";
|
||||
};
|
||||
users.groups.turnserver =
|
||||
|
|
|
@ -212,9 +212,11 @@ in
|
|||
|
||||
users = {
|
||||
users.dhcpd = {
|
||||
uid = config.ids.uids.dhcpd;
|
||||
isSystemUser = true;
|
||||
group = "dhcpd";
|
||||
description = "DHCP daemon user";
|
||||
};
|
||||
groups.dhcpd = {};
|
||||
};
|
||||
|
||||
systemd.services = dhcpdService "4" cfg4 // dhcpdService "6" cfg6;
|
||||
|
|
|
@ -87,9 +87,11 @@ in
|
|||
services.dbus.packages = [ dnsmasq ];
|
||||
|
||||
users.users.dnsmasq = {
|
||||
uid = config.ids.uids.dnsmasq;
|
||||
isSystemUser = true;
|
||||
group = "dnsmasq";
|
||||
description = "Dnsmasq daemon user";
|
||||
};
|
||||
users.groups.dnsmasq = {};
|
||||
|
||||
networking.resolvconf = mkIf cfg.resolveLocalQueries {
|
||||
useLocalResolver = mkDefault true;
|
||||
|
|
|
@ -107,6 +107,7 @@ in
|
|||
users.users = optionalAttrs (cfg.user == "git") {
|
||||
git = {
|
||||
uid = config.ids.uids.git;
|
||||
group = "git";
|
||||
description = "Git daemon user";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -190,6 +190,7 @@ in
|
|||
|
||||
users.users.${iodinedUser} = {
|
||||
uid = config.ids.uids.iodined;
|
||||
group = "iodined";
|
||||
description = "Iodine daemon user";
|
||||
};
|
||||
users.groups.iodined.gid = config.ids.gids.iodined;
|
||||
|
|
|
@ -77,7 +77,9 @@ in
|
|||
createHome = true;
|
||||
home = "/var/lib/morty";
|
||||
isSystemUser = true;
|
||||
group = "morty";
|
||||
};
|
||||
users.groups.morty = {};
|
||||
|
||||
systemd.services.morty =
|
||||
{
|
||||
|
|
|
@ -245,8 +245,10 @@ in
|
|||
|
||||
users.users.ncdns = {
|
||||
isSystemUser = true;
|
||||
group = "ncdns";
|
||||
description = "ncdns daemon user";
|
||||
};
|
||||
users.groups.ncdns = {};
|
||||
|
||||
systemd.services.ncdns = {
|
||||
description = "ncdns daemon";
|
||||
|
|
|
@ -464,6 +464,7 @@ in {
|
|||
users.users = {
|
||||
nm-openvpn = {
|
||||
uid = config.ids.uids.nm-openvpn;
|
||||
group = "nm-openvpn";
|
||||
extraGroups = [ "networkmanager" ];
|
||||
};
|
||||
nm-iodine = {
|
||||
|
|
|
@ -52,8 +52,11 @@ in {
|
|||
};
|
||||
|
||||
users.users.ngircd = {
|
||||
uid = config.ids.uids.ngircd;
|
||||
isSystemUser = true;
|
||||
group = "ngircd";
|
||||
description = "ngircd user.";
|
||||
};
|
||||
users.groups.ngircd = {};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -74,7 +74,7 @@ in {
|
|||
users."${cfg.user}" = {
|
||||
description = "Pleroma user";
|
||||
home = cfg.stateDir;
|
||||
extraGroups = [ cfg.group ];
|
||||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
groups."${cfg.group}" = {};
|
||||
|
|
|
@ -140,9 +140,12 @@ in {
|
|||
|
||||
environment.systemPackages = [ pkg ];
|
||||
|
||||
users.users.radicale.uid = config.ids.uids.radicale;
|
||||
users.users.radicale = {
|
||||
isSystemUser = true;
|
||||
group = "radicale";
|
||||
};
|
||||
|
||||
users.groups.radicale.gid = config.ids.gids.radicale;
|
||||
users.groups.radicale = {};
|
||||
|
||||
systemd.services.radicale = {
|
||||
description = "A Simple Calendar and Contact Server";
|
||||
|
|
|
@ -55,9 +55,12 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
|
||||
users.users.radvd =
|
||||
{ uid = config.ids.uids.radvd;
|
||||
{
|
||||
isSystemUser = true;
|
||||
group = "radvd";
|
||||
description = "Router Advertisement Daemon User";
|
||||
};
|
||||
users.groups.radvd = {};
|
||||
|
||||
systemd.services.radvd =
|
||||
{ description = "IPv6 Router Advertisement Daemon";
|
||||
|
|
|
@ -259,7 +259,7 @@ in
|
|||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "smokeping";
|
||||
description = "User that runs smokeping and (optionally) thttpd";
|
||||
description = "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well.";
|
||||
};
|
||||
webService = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -285,11 +285,12 @@ in
|
|||
users.users.${cfg.user} = {
|
||||
isNormalUser = false;
|
||||
isSystemUser = true;
|
||||
uid = config.ids.uids.smokeping;
|
||||
group = cfg.user;
|
||||
description = "smokeping daemon user";
|
||||
home = smokepingHome;
|
||||
createHome = true;
|
||||
};
|
||||
users.groups.${cfg.user} = {};
|
||||
systemd.services.smokeping = {
|
||||
wantedBy = [ "multi-user.target"];
|
||||
serviceConfig = {
|
||||
|
|
|
@ -401,9 +401,12 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
|
||||
users.users.sshd =
|
||||
{ isSystemUser = true;
|
||||
{
|
||||
isSystemUser = true;
|
||||
group = "sshd";
|
||||
description = "SSH privilege separation user";
|
||||
};
|
||||
users.groups.sshd = {};
|
||||
|
||||
services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli";
|
||||
services.openssh.sftpServerExecutable = mkDefault "${cfgc.package}/libexec/sftp-server";
|
||||
|
|
|
@ -32,7 +32,11 @@ with lib;
|
|||
config = mkIf config.services.tinydns.enable {
|
||||
environment.systemPackages = [ pkgs.djbdns ];
|
||||
|
||||
users.users.tinydns.isSystemUser = true;
|
||||
users.users.tinydns = {
|
||||
isSystemUser = true;
|
||||
group = "tinydns";
|
||||
};
|
||||
users.groups.tinydns = {};
|
||||
|
||||
systemd.services.tinydns = {
|
||||
description = "djbdns tinydns server";
|
||||
|
|
|
@ -58,7 +58,9 @@ in
|
|||
security.pam.services.atd = {};
|
||||
|
||||
users.users.atd =
|
||||
{ uid = config.ids.uids.atd;
|
||||
{
|
||||
uid = config.ids.uids.atd;
|
||||
group = "atd";
|
||||
description = "atd user";
|
||||
home = "/var/empty";
|
||||
};
|
||||
|
|
|
@ -199,10 +199,12 @@ in {
|
|||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users.users.kibana = {
|
||||
uid = config.ids.uids.kibana;
|
||||
isSystemUser = true;
|
||||
description = "Kibana service user";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
group = "kibana";
|
||||
};
|
||||
users.groups.kibana = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -82,8 +82,10 @@ in {
|
|||
|
||||
users.users.hockeypuck = {
|
||||
isSystemUser = true;
|
||||
group = "hockeypuck";
|
||||
description = "Hockeypuck user";
|
||||
};
|
||||
users.groups.hockeypuck = {};
|
||||
|
||||
systemd.services.hockeypuck = {
|
||||
description = "Hockeypuck OpenPGP Key Server";
|
||||
|
|
|
@ -172,8 +172,10 @@ in {
|
|||
|
||||
users.users.magnetico = {
|
||||
description = "Magnetico daemons user";
|
||||
group = "magnetico";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.magnetico = {};
|
||||
|
||||
systemd.services.magneticod = {
|
||||
description = "Magnetico DHT crawler";
|
||||
|
|
|
@ -60,6 +60,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
users.users.peerflix.uid = config.ids.uids.peerflix;
|
||||
users.users.peerflix = {
|
||||
isSystemUser = true;
|
||||
group = "peerflix";
|
||||
};
|
||||
users.groups.peerflix = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -114,6 +114,7 @@ in
|
|||
users.users = optionalAttrs (cfg.user == defaultUser) {
|
||||
${defaultUser} = {
|
||||
isSystemUser = true;
|
||||
group = defaultUser;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1056,10 +1056,19 @@ in
|
|||
|
||||
services.dbus.enable = true;
|
||||
|
||||
users.users.systemd-coredump.uid = config.ids.uids.systemd-coredump;
|
||||
users.users.systemd-network.uid = config.ids.uids.systemd-network;
|
||||
users.users.systemd-coredump = {
|
||||
uid = config.ids.uids.systemd-coredump;
|
||||
group = "systemd-coredump";
|
||||
};
|
||||
users.users.systemd-network = {
|
||||
uid = config.ids.uids.systemd-network;
|
||||
group = "systemd-network";
|
||||
};
|
||||
users.groups.systemd-network.gid = config.ids.gids.systemd-network;
|
||||
users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve;
|
||||
users.users.systemd-resolve = {
|
||||
uid = config.ids.uids.systemd-resolve;
|
||||
group = "systemd-resolve";
|
||||
};
|
||||
users.groups.systemd-resolve.gid = config.ids.gids.systemd-resolve;
|
||||
|
||||
# Target for ‘charon send-keys’ to hook into.
|
||||
|
|
|
@ -158,7 +158,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
users.groups.lxd.gid = config.ids.gids.lxd;
|
||||
users.groups.lxd = {};
|
||||
|
||||
users.users.root = {
|
||||
subUidRanges = [ { startUid = 1000000; count = 65536; } ];
|
||||
|
|
|
@ -145,13 +145,22 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
|
|||
# user that is permitted to access the unix socket
|
||||
someuser = {
|
||||
isSystemUser = true;
|
||||
group = "someuser";
|
||||
extraGroups = [
|
||||
config.users.users.unbound.group
|
||||
];
|
||||
};
|
||||
|
||||
# user that is not permitted to access the unix socket
|
||||
unauthorizeduser = { isSystemUser = true; };
|
||||
unauthorizeduser = {
|
||||
isSystemUser = true;
|
||||
group = "unauthorizeduser";
|
||||
};
|
||||
|
||||
};
|
||||
users.groups = {
|
||||
someuser = {};
|
||||
unauthorizeduser = {};
|
||||
};
|
||||
|
||||
# Used for testing configuration reloading
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "lightburn";
|
||||
version = "1.0.00";
|
||||
version = "1.0.01";
|
||||
|
||||
nativeBuildInputs = [
|
||||
p7zip
|
||||
|
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/LightBurnSoftware/deployment/releases/download/${version}/LightBurn-Linux64-v${version}.7z";
|
||||
sha256 = "sha256-jNqLykVQjer2lps1gnw4fd2FH+ZQrzqQILAsl4Z5Hqk=";
|
||||
sha256 = "sha256-UnTZcZjR8edHGflThkiu6OeWJU9x/bH/Ml/CRwWYgFU=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -155,6 +155,23 @@ buildStdenv.mkDerivation ({
|
|||
sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab";
|
||||
})
|
||||
|
||||
# These fix Firefox on sway and other non-Gnome wayland WMs. They should be
|
||||
# removed whenever the following two patches make it onto a release:
|
||||
# 1. https://hg.mozilla.org/mozilla-central/rev/51c13987d1b8
|
||||
# 2. https://hg.mozilla.org/integration/autoland/rev/3b856ecc00e4
|
||||
# This will probably happen in the next point release, but let's be careful
|
||||
# and double check whether it's working on sway on the next v bump.
|
||||
++ lib.optionals (lib.versionAtLeast version "92") [
|
||||
(fetchpatch {
|
||||
url = "https://hg.mozilla.org/integration/autoland/raw-rev/3b856ecc00e4";
|
||||
sha256 = "sha256-d8IRJD6ELC3ZgEs1ES/gy2kTNu/ivoUkUNGMEUoq8r8=";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://hg.mozilla.org/mozilla-central/raw-rev/51c13987d1b8";
|
||||
sha256 = "sha256-C2jcoWLuxW0Ic+Mbh3UpEzxTKZInljqVdcuA9WjspoA=";
|
||||
})
|
||||
]
|
||||
|
||||
++ patches;
|
||||
|
||||
|
||||
|
|
|
@ -147,6 +147,8 @@ let
|
|||
dontPatchELF = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
# The deb file contains a setuid binary, so 'dpkg -x' doesn't work here
|
||||
dpkg --fsys-tarfile $src | tar --extract
|
||||
rm -rf usr/share/lintian
|
||||
|
@ -172,6 +174,8 @@ let
|
|||
substituteInPlace $out/share/applications/slack.desktop \
|
||||
--replace /usr/bin/ $out/bin/ \
|
||||
--replace /usr/share/ $out/share/
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -185,9 +189,11 @@ let
|
|||
sourceRoot = "Slack.app";
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p $out/Applications/Slack.app
|
||||
cp -R . $out/Applications/Slack.app
|
||||
/usr/bin/defaults write com.tinyspeck.slackmacgap SlackNoAutoUpdates -bool YES
|
||||
runHook postInstall
|
||||
'';
|
||||
};
|
||||
in
|
||||
|
|
|
@ -40,6 +40,7 @@ in {
|
|||
renamed="$TMPDIR/${tmpFilename}"
|
||||
mv "$downloadedFile" "$renamed"
|
||||
unpackFile "$renamed"
|
||||
chmod -R +w "$unpackDir"
|
||||
''
|
||||
+ (if stripRoot then ''
|
||||
if [ $(ls "$unpackDir" | wc -l) != 1 ]; then
|
||||
|
|
|
@ -10,13 +10,13 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "dpath";
|
||||
version = "2.0.4";
|
||||
version = "2.0.5";
|
||||
|
||||
disabled = isPy27; # uses python3 imports
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0qjaa4sjw0m4b91mm18074wpkhir3xx7s87qwckmzpfb165gk837";
|
||||
sha256 = "0kk7wl15r305496q13ka4r6n2r13j99rrrpy2b4575j704dk4x7g";
|
||||
};
|
||||
|
||||
# use pytest as nosetests hangs
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
, flex
|
||||
, php
|
||||
, lib, stdenv
|
||||
, installShellFiles
|
||||
}:
|
||||
|
||||
# Make a custom wrapper. If `wrapProgram` is used, arcanist thinks .arc-wrapped is being
|
||||
|
@ -29,7 +30,10 @@ stdenv.mkDerivation {
|
|||
rev = "2565cc7b4d1dbce6bc7a5b3c4e72ae94be4712fe";
|
||||
sha256 = "0jiv4aj4m5750dqw9r8hizjkwiyxk4cg4grkr63sllsa2dpiibxw";
|
||||
};
|
||||
buildInputs = [ bison flex php ];
|
||||
|
||||
buildInputs = [ php ];
|
||||
|
||||
nativeBuildInputs = [ bison flex installShellFiles ];
|
||||
|
||||
postPatch = lib.optionalString stdenv.isAarch64 ''
|
||||
substituteInPlace support/xhpast/Makefile \
|
||||
|
@ -37,18 +41,26 @@ stdenv.mkDerivation {
|
|||
'';
|
||||
|
||||
buildPhase = ''
|
||||
make cleanall -C support/xhpast
|
||||
make xhpast -C support/xhpast
|
||||
runHook preBuild
|
||||
make cleanall -C support/xhpast $makeFlags "''${makeFlagsArray[@]}" -j $NIX_BUILD_CORES
|
||||
make xhpast -C support/xhpast $makeFlags "''${makeFlagsArray[@]}" -j $NIX_BUILD_CORES
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p $out/bin $out/libexec
|
||||
make install -C support/xhpast
|
||||
make cleanall -C support/xhpast
|
||||
make install -C support/xhpast $makeFlags "''${makeFlagsArray[@]}" -j $NIX_BUILD_CORES
|
||||
make cleanall -C support/xhpast $makeFlags "''${makeFlagsArray[@]}" -j $NIX_BUILD_CORES
|
||||
cp -R . $out/libexec/arcanist
|
||||
|
||||
${makeArcWrapper "arc"}
|
||||
${makeArcWrapper "phage"}
|
||||
|
||||
$out/bin/arc shell-complete --generate --
|
||||
installShellCompletion --cmd arc --bash $out/libexec/arcanist/support/shell/rules/bash-rules.sh
|
||||
installShellCompletion --cmd phage --bash $out/libexec/arcanist/support/shell/rules/bash-rules.sh
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
doInstallCheck = true;
|
||||
|
|
|
@ -2,40 +2,41 @@
|
|||
, fetchFromGitHub
|
||||
, mkDerivation
|
||||
, cmake
|
||||
, pkg-config
|
||||
, SDL2
|
||||
, qtbase
|
||||
, epoxy
|
||||
, libarchive
|
||||
, libpcap
|
||||
, libslirp
|
||||
, wrapGAppsHook
|
||||
, pkg-config
|
||||
, qtbase
|
||||
, SDL2
|
||||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "melonDS";
|
||||
version = "0.9.1";
|
||||
version = "0.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Arisotura";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-bvi0Y+zwfEcsZMNxoH85hxwIGn0UIYlg/ZaE6yJ7vlo=";
|
||||
sha256 = "1v8a060gbpx7rdkk2w4hym361l2wip7yjjn8wny1gfsa273k3zy5";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config wrapGAppsHook ];
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [
|
||||
SDL2
|
||||
qtbase
|
||||
epoxy
|
||||
libarchive
|
||||
libpcap
|
||||
libslirp
|
||||
qtbase
|
||||
SDL2
|
||||
];
|
||||
|
||||
cmakeFlags = [ "-UUNIX_PORTABLE" ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://melonds.kuribo64.net/";
|
||||
description = "Work in progress Nintendo DS emulator";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ artemist benley shamilton ];
|
||||
maintainers = with maintainers; [ artemist benley shamilton xfix ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,20 +1,26 @@
|
|||
{ lib, stdenv, fetchurl, ffmpeg, ffmpegSupport ? true, makeWrapper, nixosTests }:
|
||||
{ lib, stdenv, pkgs, fetchurl, ffmpeg, ffmpegSupport ? true, makeWrapper, nixosTests }:
|
||||
|
||||
with lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "navidrome";
|
||||
version = "0.44.1";
|
||||
version = "0.45.1";
|
||||
|
||||
src = fetchurl {
|
||||
|
||||
src = fetchurl (if pkgs.system == "x86_64-linux"
|
||||
then {
|
||||
url = "https://github.com/deluan/navidrome/releases/download/v${version}/navidrome_${version}_Linux_x86_64.tar.gz";
|
||||
sha256 = "sha256-2lnj6aNLPeLwxgyRUQFOQJDsOSMu9Banez8RMMQs74Y=";
|
||||
};
|
||||
sha256 = "sha256-TZcXq51sKoeLPmcRpv4VILDmS6dsS7lxlJzTDH0tEWM=";
|
||||
}
|
||||
else {
|
||||
url = "https://github.com/deluan/navidrome/releases/download/v${version}/navidrome_${version}_Linux_arm64.tar.gz";
|
||||
sha256 = "sha256-Va0DSmemj8hsaywoP6WKo/x+QQzSNwHCpU4VWs5lpbI=";
|
||||
});
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
unpackPhase = ''
|
||||
tar xvf $src navidrome
|
||||
tar xvf $src navidrome
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
|
@ -37,7 +43,7 @@ stdenv.mkDerivation rec {
|
|||
description = "Navidrome Music Server and Streamer compatible with Subsonic/Airsonic";
|
||||
homepage = "https://www.navidrome.org/";
|
||||
license = licenses.gpl3Only;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
platforms = [ "x86_64-linux" "aarch64-linux" ];
|
||||
maintainers = with maintainers; [ aciceri ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue