diff options
28 files changed, 851 insertions, 207 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index c710f8dc3ea..602cd5bdd94 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -93,6 +93,11 @@ github = "adolfogc"; name = "Adolfo E. GarcĂa Castro"; }; + aepsil0n = { + email = "eduard.bopp@aepsil0n.de"; + github = "aepsil0n"; + name = "Eduard Bopp"; + }; aespinosa = { email = "allan.espinosa@outlook.com"; github = "aespinosa"; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 3d626bf515a..5242444a60b 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -37,7 +37,15 @@ with lib; (mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ]) (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ]) (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ]) - (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ]) + (mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ]) + (mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ]) + (mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ]) + (mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ]) + (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") + (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") + (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ]) (mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ]) (mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ]) diff --git a/nixos/modules/services/databases/neo4j.nix b/nixos/modules/services/databases/neo4j.nix index 5015618c424..5533182c311 100644 --- a/nixos/modules/services/databases/neo4j.nix +++ b/nixos/modules/services/databases/neo4j.nix @@ -1,32 +1,87 @@ -{ config, lib, pkgs, ... }: +{ config, options, lib, pkgs, ... }: with lib; let cfg = config.services.neo4j; + certDirOpt = options.services.neo4j.directories.certificates; + isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500; + + sslPolicies = mapAttrsToList ( + name: conf: '' + dbms.ssl.policy.${name}.allow_key_generation=${boolToString conf.allowKeyGeneration} + dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory} + ${optionalString (conf.ciphers != null) '' + dbms.ssl.policy.${name}.ciphers=${concatStringsSep "," conf.ciphers} + ''} + dbms.ssl.policy.${name}.client_auth=${conf.clientAuth} + ${if length (splitString "/" conf.privateKey) > 1 then + ''dbms.ssl.policy.${name}.private_key=${conf.privateKey}'' + else + ''dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}'' + } + ${if length (splitString "/" conf.privateKey) > 1 then + ''dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}'' + else + ''dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}'' + } + dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir} + dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions} + dbms.ssl.policy.${name}.trust_all=${boolToString conf.trustAll} + dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir} + '' + ) cfg.ssl.policies; serverConfig = pkgs.writeText "neo4j.conf" '' - dbms.directories.data=${cfg.dataDir}/data - dbms.directories.certificates=${cfg.certDir} - dbms.directories.logs=${cfg.dataDir}/logs - dbms.directories.plugins=${cfg.dataDir}/plugins - dbms.connector.http.type=HTTP - dbms.connector.http.enabled=true - dbms.connector.http.address=${cfg.listenAddress}:${toString cfg.port} - ${optionalString cfg.enableBolt '' - dbms.connector.bolt.type=BOLT - dbms.connector.bolt.enabled=true - dbms.connector.bolt.tls_level=OPTIONAL - dbms.connector.bolt.address=${cfg.listenAddress}:${toString cfg.boltPort} + # General + dbms.allow_upgrade=${boolToString cfg.allowUpgrade} + dbms.connectors.default_listen_address=${cfg.defaultListenAddress} + dbms.read_only=${boolToString cfg.readOnly} + ${optionalString (cfg.workerCount > 0) '' + dbms.threads.worker_count=${toString cfg.workerCount} ''} - ${optionalString cfg.enableHttps '' - dbms.connector.https.type=HTTP - dbms.connector.https.enabled=true - dbms.connector.https.encryption=TLS - dbms.connector.https.address=${cfg.listenAddress}:${toString cfg.httpsPort} + + # Directories + dbms.directories.certificates=${cfg.directories.certificates} + dbms.directories.data=${cfg.directories.data} + dbms.directories.logs=${cfg.directories.home}/logs + dbms.directories.plugins=${cfg.directories.plugins} + ${optionalString (cfg.constrainLoadCsv) '' + dbms.directories.import=${cfg.directories.imports} ''} - dbms.shell.enabled=true - ${cfg.extraServerConfig} + + # HTTP Connector + ${optionalString (cfg.http.enable) '' + dbms.connector.http.enabled=${boolToString cfg.http.enable} + dbms.connector.http.listen_address=${cfg.http.listenAddress} + ''} + ${optionalString (!cfg.http.enable) '' + # It is not possible to disable the HTTP connector. To fully prevent + # clients from connecting to HTTP, block the HTTP port (7474 by default) + # via firewall. listen_address is set to the loopback interface to + # prevent remote clients from connecting. + dbms.connector.http.listen_address=127.0.0.1 + ''} + + # HTTPS Connector + dbms.connector.https.enabled=${boolToString cfg.https.enable} + dbms.connector.https.listen_address=${cfg.https.listenAddress} + https.ssl_policy=${cfg.https.sslPolicy} + + # BOLT Connector + dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable} + dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress} + bolt.ssl_policy=${cfg.bolt.sslPolicy} + dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel} + + # neo4j-shell + dbms.shell.enabled=${boolToString cfg.shell.enable} + + # SSL Policies + ${concatStringsSep "\n" sslPolicies} + + # Default retention policy from neo4j.conf + dbms.tx_log.rotation.retention_policy=1 days # Default JVM parameters from neo4j.conf dbms.jvm.additional=-XX:+UseG1GC @@ -36,8 +91,14 @@ let dbms.jvm.additional=-XX:+TrustFinalNonStaticFields dbms.jvm.additional=-XX:+DisableExplicitGC dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 - + dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball + + # Usage Data Collector + dbms.udc.enabled=${boolToString cfg.udc.enable} + + # Extra Configuration + ${cfg.extraServerConfig} ''; in { @@ -45,105 +106,547 @@ in { ###### interface options.services.neo4j = { + enable = mkOption { - description = "Whether to enable neo4j."; + type = types.bool; default = false; + description = '' + Whether to enable Neo4j Community Edition. + ''; + }; + + allowUpgrade = mkOption { type = types.bool; + default = false; + description = '' + Allow upgrade of Neo4j database files from an older version. + ''; + }; + + constrainLoadCsv = mkOption { + type = types.bool; + default = true; + description = '' + Sets the root directory for file URLs used with the Cypher + <literal>LOAD CSV</literal> clause to be that defined by + <option>directories.imports</option>. It restricts + access to only those files within that directory and its + subdirectories. + </para> + <para> + Setting this option to <literal>false</literal> introduces + possible security problems. + ''; + }; + + defaultListenAddress = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Default network interface to listen for incoming connections. To + listen for connections on all interfaces, use "0.0.0.0". + </para> + <para> + Specifies the default IP address and address part of connector + specific <option>listenAddress</option> options. To bind specific + connectors to a specific network interfaces, specify the entire + <option>listenAddress</option> option for that connector. + ''; + }; + + extraServerConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Extra configuration for Neo4j Community server. Refer to the + <link xlink:href="https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/">complete reference</link> + of Neo4j configuration settings. + ''; }; package = mkOption { - description = "Neo4j package to use."; + type = types.package; default = pkgs.neo4j; defaultText = "pkgs.neo4j"; - type = types.package; + description = '' + Neo4j package to use. + ''; }; - listenAddress = mkOption { - description = "Neo4j listen address."; - default = "127.0.0.1"; - type = types.str; + readOnly = mkOption { + type = types.bool; + default = false; + description = '' + Only allow read operations from this Neo4j instance. + ''; }; - port = mkOption { - description = "Neo4j port to listen for HTTP traffic."; - default = 7474; - type = types.int; + workerCount = mkOption { + type = types.ints.between 0 44738; + default = 0; + description = '' + Number of Neo4j worker threads, where the default of + <literal>0</literal> indicates a worker count equal to the number of + available processors. + ''; }; - enableBolt = mkOption { - description = "Enable bolt for Neo4j."; - default = true; - type = types.bool; + bolt = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Enable the BOLT connector for Neo4j. Setting this option to + <literal>false</literal> will stop Neo4j from listening for incoming + connections on the BOLT port (7687 by default). + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7687"; + description = '' + Neo4j listen address for BOLT traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; + + sslPolicy = mkOption { + type = types.str; + default = "legacy"; + description = '' + Neo4j SSL policy for BOLT traffic. + </para> + <para> + The legacy policy is a special policy which is not defined in + the policy configuration section, but rather derives from + <option>directories.certificates</option> and + associated files (by default: <filename>neo4j.key</filename> and + <filename>neo4j.cert</filename>). Its use will be deprecated. + </para> + <para> + Note: This connector must be configured to support/require + SSL/TLS for the legacy policy to actually be utilized. See + <option>bolt.tlsLevel</option>. + ''; + }; + + tlsLevel = mkOption { + type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ]; + default = "OPTIONAL"; + description = '' + SSL/TSL requirement level for BOLT traffic. + ''; + }; }; - boltPort = mkOption { - description = "Neo4j port to listen for BOLT traffic."; - default = 7687; - type = types.int; + directories = { + certificates = mkOption { + type = types.path; + default = "${cfg.directories.home}/certificates"; + description = '' + Directory for storing certificates to be used by Neo4j for + TLS connections. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read/write permissions are + given to the Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + Note that changing this directory from its default will prevent + the directory structure required for each SSL policy from being + automatically generated. A policy's directory structure as defined by + its <option>baseDirectory</option>,<option>revokedDir</option> and + <option>trustedDir</option> must then be setup manually. The + existence of these directories is mandatory, as well as the presence + of the certificate file and the private key. Ensure the correct + permissions are set on these directories and files. + ''; + }; + + data = mkOption { + type = types.path; + default = "${cfg.directories.home}/data"; + description = '' + Path of the data directory. You must not configure more than one + Neo4j installation to use the same data directory. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read/write permissions are + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + home = mkOption { + type = types.path; + default = "/var/lib/neo4j"; + description = '' + Path of the Neo4j home directory. Other default directories are + subdirectories of this path. This directory will be created if + non-existent, and its ownership will be <command>chown</command> to + the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + imports = mkOption { + type = types.path; + default = "${cfg.directories.home}/import"; + description = '' + The root directory for file URLs used with the Cypher + <literal>LOAD CSV</literal> clause. Only meaningful when + <option>constrainLoadCvs</option> is set to + <literal>true</literal>. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read permission is + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + plugins = mkOption { + type = types.path; + default = "${cfg.directories.home}/plugins"; + description = '' + Path of the database plugin directory. Compiled Java JAR files that + contain database procedures will be loaded if they are placed in + this directory. + </para> + <para> + When setting this directory to something other than its default, + ensure the directory's existence, and that read permission is + given to the Neo4j daemon user <literal>neo4j</literal>. + ''; + }; }; - enableHttps = mkOption { - description = "Enable https for Neo4j."; - default = false; - type = types.bool; + http = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + The HTTP connector is required for Neo4j, and cannot be disabled. + Setting this option to <literal>false</literal> will force the HTTP + connector's <option>listenAddress</option> to the loopback + interface to prevent connection of remote clients. To prevent all + clients from connecting, block the HTTP port (7474 by default) by + firewall. + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7474"; + description = '' + Neo4j listen address for HTTP traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; }; - httpsPort = mkOption { - description = "Neo4j port to listen for HTTPS traffic."; - default = 7473; - type = types.int; + https = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Enable the HTTPS connector for Neo4j. Setting this option to + <literal>false</literal> will stop Neo4j from listening for incoming + connections on the HTTPS port (7473 by default). + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = ":7473"; + description = '' + Neo4j listen address for HTTPS traffic. The listen address is + expressed in the format <literal><ip-address>:<port-number></literal>. + ''; + }; + + sslPolicy = mkOption { + type = types.str; + default = "legacy"; + description = '' + Neo4j SSL policy for HTTPS traffic. + </para> + <para> + The legacy policy is a special policy which is not defined in the + policy configuration section, but rather derives from + <option>directories.certificates</option> and + associated files (by default: <filename>neo4j.key</filename> and + <filename>neo4j.cert</filename>). Its use will be deprecated. + ''; + }; }; - certDir = mkOption { - description = "Neo4j TLS certificates directory."; - default = "${cfg.dataDir}/certificates"; - type = types.path; + shell = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable a remote shell server which Neo4j Shell clients can log in to. + Only applicable to <command>neo4j-shell</command>. + ''; + }; }; - dataDir = mkOption { - description = "Neo4j data directory."; - default = "/var/lib/neo4j"; - type = types.path; + ssl.policies = mkOption { + type = with types; attrsOf (submodule ({ name, config, options, ... }: { + options = { + + allowKeyGeneration = mkOption { + type = types.bool; + default = false; + description = '' + Allows the generation of a private key and associated self-signed + certificate. Only performed when both objects cannot be found for + this policy. It is recommended to turn this off again after keys + have been generated. + </para> + <para> + The public certificate is required to be duplicated to the + directory holding trusted certificates as defined by the + <option>trustedDir</option> option. + </para> + <para> + Keys should in general be generated and distributed offline by a + trusted certificate authority and not by utilizing this mode. + ''; + }; + + baseDirectory = mkOption { + type = types.path; + default = "${cfg.directories.certificates}/${name}"; + description = '' + The mandatory base directory for cryptographic objects of this + policy. This path is only automatically generated when this + option as well as <option>directories.certificates</option> are + left at their default. Ensure read/write permissions are given + to the Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + It is also possible to override each individual + configuration with absolute paths. See the + <option>privateKey</option> and <option>publicCertificate</option> + policy options. + ''; + }; + + ciphers = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + Restrict the allowed ciphers of this policy to those defined + here. The default ciphers are those of the JVM platform. + ''; + }; + + clientAuth = mkOption { + type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ]; + default = "REQUIRE"; + description = '' + The client authentication stance for this policy. + ''; + }; + + privateKey = mkOption { + type = types.str; + default = "private.key"; + description = '' + The name of private PKCS #8 key file for this policy to be found + in the <option>baseDirectory</option>, or the absolute path to + the key file. It is mandatory that a key can be found or generated. + ''; + }; + + publicCertificate = mkOption { + type = types.str; + default = "public.crt"; + description = '' + The name of public X.509 certificate (chain) file in PEM format + for this policy to be found in the <option>baseDirectory</option>, + or the absolute path to the certificate file. It is mandatory + that a certificate can be found or generated. + </para> + <para> + The public certificate is required to be duplicated to the + directory holding trusted certificates as defined by the + <option>trustedDir</option> option. + ''; + }; + + revokedDir = mkOption { + type = types.path; + default = "${config.baseDirectory}/revoked"; + description = '' + Path to directory of CRLs (Certificate Revocation Lists) in + PEM format. Must be an absolute path. The existence of this + directory is mandatory and will need to be created manually when: + setting this option to something other than its default; setting + either this policy's <option>baseDirectory</option> or + <option>directories.certificates</option> to something other than + their default. Ensure read/write permissions are given to the + Neo4j daemon user <literal>neo4j</literal>. + ''; + }; + + tlsVersions = mkOption { + type = types.listOf types.str; + default = [ "TLSv1.2" ]; + description = '' + Restrict the TLS protocol versions of this policy to those + defined here. + ''; + }; + + trustAll = mkOption { + type = types.bool; + default = false; + description = '' + Makes this policy trust all remote parties. Enabling this is not + recommended and the policy's trusted directory will be ignored. + Use of this mode is discouraged. It would offer encryption but + no security. + ''; + }; + + trustedDir = mkOption { + type = types.path; + default = "${config.baseDirectory}/trusted"; + description = '' + Path to directory of X.509 certificates in PEM format for + trusted parties. Must be an absolute path. The existence of this + directory is mandatory and will need to be created manually when: + setting this option to something other than its default; setting + either this policy's <option>baseDirectory</option> or + <option>directories.certificates</option> to something other than + their default. Ensure read/write permissions are given to the + Neo4j daemon user <literal>neo4j</literal>. + </para> + <para> + The public certificate as defined by + <option>publicCertificate</option> is required to be duplicated + to this directory. + ''; + }; + + directoriesToCreate = mkOption { + type = types.listOf types.path; + internal = true; + readOnly = true; + description = '' + Directories of this policy that will be created automatically + when the certificates directory is left at its default value. + This includes all options of type path that are left at their + default value. + ''; + }; + + }; + + config.directoriesToCreate = optionals + (certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500) + (map (opt: opt.value) (filter isDefaultPathOption (attrValues options))); + + })); + default = {}; + description = '' + Defines the SSL policies for use with Neo4j connectors. Each attribute + of this set defines a policy, with the attribute name defining the name + of the policy and its namespace. Refer to the operations manual section + on Neo4j's + <link xlink:href="https://neo4j.com/docs/operations-manual/current/security/ssl-framework/">SSL Framework</link> + for further details. + ''; }; - extraServerConfig = mkOption { - description = "Extra configuration for neo4j server."; - default = ""; - type = types.lines; + udc = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable the Usage Data Collector which Neo4j uses to collect usage + data. Refer to the operations manual section on the + <link xlink:href="https://neo4j.com/docs/operations-manual/current/configuration/usage-data-collector/">Usage Data Collector</link> + for more information. + ''; + }; }; + }; ###### implementation - config = mkIf cfg.enable { - systemd.services.neo4j = { - description = "Neo4j Daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment = { - NEO4J_HOME = "${cfg.package}/share/neo4j"; - NEO4J_CONF = "${cfg.dataDir}/conf"; - }; - serviceConfig = { - ExecStart = "${cfg.package}/bin/neo4j console"; - User = "neo4j"; - PermissionsStartOnly = true; - LimitNOFILE = 40000; - }; - preStart = '' - mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf,logs} - ln -fs ${serverConfig} ${cfg.dataDir}/conf/neo4j.conf - if [ "$(id -u)" = 0 ]; then chown -R neo4j ${cfg.dataDir}; fi - ''; - }; + config = + let + # Assertion helpers + policyNameList = attrNames cfg.ssl.policies; + validPolicyNameList = [ "legacy" ] ++ policyNameList; + validPolicyNameString = concatStringsSep ", " validPolicyNameList; + + # Capture various directories left at their default so they can be created. + defaultDirectoriesToCreate = map (opt: opt.value) (filter isDefaultPathOption (attrValues options.services.neo4j.directories)); + policyDirectoriesToCreate = concatMap (pol: pol.directoriesToCreate) (attrValues cfg.ssl.policies); + in + + mkIf cfg.enable { + assertions = [ + { assertion = !elem "legacy" policyNameList; + message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; } + { assertion = elem cfg.bolt.sslPolicy validPolicyNameList; + message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } + { assertion = elem cfg.https.sslPolicy validPolicyNameList; + message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } + ]; + + systemd.services.neo4j = { + description = "Neo4j Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + NEO4J_HOME = "${cfg.package}/share/neo4j"; + NEO4J_CONF = "${cfg.directories.home}/conf"; + }; + serviceConfig = { + ExecStart = "${cfg.package}/bin/neo4j console"; + User = "neo4j"; + PermissionsStartOnly = true; + LimitNOFILE = 40000; + }; + + preStart = '' + # Directories Setup + # Always ensure home exists with nested conf, logs directories. + mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs} - environment.systemPackages = [ cfg.package ]; + # Create other sub-directories and policy directories that have been left at their default. + ${concatMapStringsSep "\n" ( + dir: '' + mkdir -m 0700 -p ${dir} + '') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)} - users.users = singleton { - name = "neo4j"; - uid = config.ids.uids.neo4j; - description = "Neo4j daemon user"; - home = cfg.dataDir; + # Place the configuration where Neo4j can find it. + ln -fs ${serverConfig} ${cfg.directories.home}/conf/neo4j.conf + + # Ensure neo4j user ownership + chown -R neo4j ${cfg.directories.home} + ''; + }; + + environment.systemPackages = [ cfg.package ]; + + users.users = singleton { + name = "neo4j"; + uid = config.ids.uids.neo4j; + description = "Neo4j daemon user"; + home = cfg.directories.home; + }; }; + + meta = { + maintainers = with lib.maintainers; [ patternspandemic ]; }; } diff --git a/pkgs/applications/science/math/clp/default.nix b/pkgs/applications/science/math/clp/default.nix index daa9a53c59a..4899ebe42d7 100644 --- a/pkgs/applications/science/math/clp/default.nix +++ b/pkgs/applications/science/math/clp/default.nix @@ -1,24 +1,22 @@ { stdenv, fetchurl, zlib }: stdenv.mkDerivation rec { - version = "1.16.11"; - name = "clp-${version}"; - src = fetchurl { - url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz"; - sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm"; - }; + version = "1.16.11"; + name = "clp-${version}"; + src = fetchurl { + url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz"; + sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm"; + }; - propagatedBuildInputs = [ zlib ]; + propagatedBuildInputs = [ zlib ]; - doCheck = true; + doCheck = true; - checkTarget = "test"; - - meta = { - license = stdenv.lib.licenses.epl10; - homepage = https://projects.coin-or.org/Clp; - description = "An open-source linear programming solver written in C++"; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.vbgl ]; - }; + meta = { + license = stdenv.lib.licenses.epl10; + homepage = https://projects.coin-or.org/Clp; + description = "An open-source linear programming solver written in C++"; + platforms = stdenv.lib.platforms.all; + maintainers = [ stdenv.lib.maintainers.vbgl ]; + }; } diff --git a/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix b/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix new file mode 100644 index 00000000000..60953d99ac2 --- /dev/null +++ b/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix @@ -0,0 +1,35 @@ +{ stdenv, fetchurl, pkgconfig, intltool, gobjectIntrospection, wrapGAppsHook, gjs, glib, gtk3, gdk_pixbuf, gst_all_1, gnome3 }: + +let + pname = "gnome-sound-recorder"; + version = "3.28.1"; +in stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz"; + sha256 = "0y0srj1hvr1waa35p6dj1r1mlgcsscc0i99jni50ijp4zb36fjqy"; + }; + + nativeBuildInputs = [ pkgconfig intltool gobjectIntrospection wrapGAppsHook ]; + buildInputs = [ gjs glib gtk3 gdk_pixbuf ] ++ (with gst_all_1; [ gstreamer.dev gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad ]); + + # TODO: fix this in gstreamer + # TODO: make stdenv.lib.getBin respect outputBin + PKG_CONFIG_GSTREAMER_1_0_TOOLSDIR = "${gst_all_1.gstreamer.dev}/bin"; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + attrPath = "gnome3.${pname}"; + }; + }; + + meta = with stdenv.lib; { + description = "A simple and modern sound recorder"; + homepage = https://wiki.gnome.org/Apps/SoundRecorder; + license = licenses.gpl2Plus; + maintainers = gnome3.maintainers; + platforms = platforms.linux; + }; +} diff --git a/pkgs/desktops/gnome-3/default.nix b/pkgs/desktops/gnome-3/default.nix index 9d62bead40d..b456ff6c95f 100644 --- a/pkgs/desktops/gnome-3/default.nix +++ b/pkgs/desktops/gnome-3/default.nix @@ -289,6 +289,8 @@ lib.makeScope pkgs.newScope (self: with self; { gnome-power-manager = callPackage ./apps/gnome-power-manager { }; + gnome-sound-recorder = callPackage ./apps/gnome-sound-recorder { }; + gnome-weather = callPackage ./apps/gnome-weather { }; nautilus-sendto = callPackage ./apps/nautilus-sendto { }; diff --git a/pkgs/development/haskell-modules/configuration-nix.nix b/pkgs/development/haskell-modules/configuration-nix.nix index 2e3a8e1c867..86494e9323b 100644 --- a/pkgs/development/haskell-modules/configuration-nix.nix +++ b/pkgs/development/haskell-modules/configuration-nix.nix @@ -421,16 +421,6 @@ self: super: builtins.intersectAttrs super { # so disable this on Darwin only ${if pkgs.stdenv.isDarwin then null else "GLUT"} = addPkgconfigDepend (appendPatch super.GLUT ./patches/GLUT.patch) pkgs.freeglut; - idris = overrideCabal super.idris (drv: { - # https://github.com/idris-lang/Idris-dev/issues/2499 - librarySystemDepends = (drv.librarySystemDepends or []) ++ [pkgs.gmp]; - - # tests and build run executable, so need to set LD_LIBRARY_PATH - preBuild = '' - export LD_LIBRARY_PATH="$PWD/dist/build:$LD_LIBRARY_PATH" - ''; - }); - libsystemd-journal = overrideCabal super.libsystemd-journal (old: { librarySystemDepends = old.librarySystemDepends or [] ++ [ pkgs.systemd ]; }); diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix index d1304c79694..c68d84bdb8a 100644 --- a/pkgs/development/haskell-modules/generic-builder.nix +++ b/pkgs/development/haskell-modules/generic-builder.nix @@ -160,6 +160,9 @@ let "--enable-library-for-ghci" # TODO: Should this be configurable? ] ++ optionals (enableDeadCodeElimination && (stdenv.lib.versionOlder "8.0.1" ghc.version)) [ "--ghc-option=-split-sections" + ] ++ optionals dontStrip [ + "--disable-library-stripping" + "--disable-executable-stripping" ] ++ optionals isGhcjs [ "--ghcjs" ] ++ optionals isCross ([ diff --git a/pkgs/development/idris-modules/build-idris-package.nix b/pkgs/development/idris-modules/build-idris-package.nix index 7168eb2c956..3ed1404fef7 100644 --- a/pkgs/development/idris-modules/build-idris-package.nix +++ b/pkgs/development/idris-modules/build-idris-package.nix @@ -20,7 +20,7 @@ let }; in stdenv.mkDerivation ({ - name = "${name}-${version}"; + name = "idris-${name}-${version}"; buildInputs = [ idris-with-packages gmp ] ++ extraBuildInputs; propagatedBuildInputs = allIdrisDeps; diff --git a/pkgs/development/interpreters/clojure/default.nix b/pkgs/development/interpreters/clojure/default.nix index 4843653e5dc..4ea149d1137 100644 --- a/pkgs/development/interpreters/clojure/default.nix +++ b/pkgs/development/interpreters/clojure/default.nix @@ -13,7 +13,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "prefix" ]; - installPhase = '' + installPhase = let + binPath = stdenv.lib.makeBinPath [ rlwrap jdk ]; + in '' mkdir -p $prefix/libexec cp clojure-tools-${version}.jar $prefix/libexec cp {,example-}deps.edn $prefix @@ -21,8 +23,8 @@ stdenv.mkDerivation rec { substituteInPlace clojure --replace PREFIX $prefix install -Dt $out/bin clj clojure - wrapProgram $out/bin/clj --suffix PATH ${rlwrap}/bin - wrapProgram $out/bin/clojure --suffix PATH ${jdk}/bin + wrapProgram $out/bin/clj --prefix PATH : ${binPath} + wrapProgram $out/bin/clojure --prefix PATH : ${binPath} ''; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix index bc70c5ab237..3d9027db160 100644 --- a/pkgs/development/libraries/ffmpeg/generic.nix +++ b/pkgs/development/libraries/ffmpeg/generic.nix @@ -26,7 +26,7 @@ * see `ffmpeg-full' for an ffmpeg build with all features included. * * Need fixes to support Darwin: - * libvpx pulseaudio + * pulseaudio * * Known issues: * 0.6 - fails to compile (unresolved) (so far, only disabling a number of @@ -58,6 +58,8 @@ let disDarwinOrArmFix = origArg: minVer: fixArg: if ((isDarwin || isAarch32) && reqMin minVer) then fixArg else origArg; vaapiSupport = reqMin "0.6" && ((isLinux || isFreeBSD) && !isAarch32); + + vpxSupport = reqMin "0.6" && !isAarch32; in assert openglSupport -> libGLU_combined != null; @@ -130,7 +132,7 @@ stdenv.mkDerivation rec { (ifMinVer "0.6" (enableFeature vaapiSupport "vaapi")) "--enable-vdpau" "--enable-libvorbis" - (disDarwinOrArmFix (ifMinVer "0.6" "--enable-libvpx") "0.6" "--disable-libvpx") + (ifMinVer "0.6" (enableFeature vpxSupport "libvpx")) (ifMinVer "2.4" "--enable-lzma") (ifMinVer "2.2" (enableFeature openglSupport "opengl")) (disDarwinOrArmFix (ifMinVer "0.9" "--enable-libpulse") "0.9" "--disable-libpulse") @@ -159,7 +161,8 @@ stdenv.mkDerivation rec { bzip2 fontconfig freetype gnutls libiconv lame libass libogg libtheora libvdpau libvorbis lzma soxr x264 x265 xvidcore zlib libopus ] ++ optional openglSupport libGLU_combined - ++ optionals (!isDarwin && !isAarch32) [ libvpx libpulseaudio ] # Need to be fixed on Darwin and ARM + ++ optional vpxSupport libvpx + ++ optionals (!isDarwin && !isAarch32) [ libpulseaudio ] # Need to be fixed on Darwin and ARM ++ optional ((isLinux || isFreeBSD) && !isAarch32) libva ++ optional isLinux alsaLib ++ optionals isDarwin darwinFrameworks diff --git a/pkgs/development/libraries/libcouchbase/default.nix b/pkgs/development/libraries/libcouchbase/default.nix index 6531a4cd9ed..347e3218c1d 100644 --- a/pkgs/development/libraries/libcouchbase/default.nix +++ b/pkgs/development/libraries/libcouchbase/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ libevent openssl ]; - doCheck = (!stdenv.isDarwin); + doCheck = !stdenv.isDarwin; checkPhase = "ctest"; meta = with stdenv.lib; { diff --git a/pkgs/development/python-modules/parsy/default.nix b/pkgs/development/python-modules/parsy/default.nix new file mode 100644 index 00000000000..4183f30caad --- /dev/null +++ b/pkgs/development/python-modules/parsy/default.nix @@ -0,0 +1,26 @@ +{ lib, buildPythonPackage, fetchPypi, pythonOlder, pytest }: + +buildPythonPackage rec { + pname = "parsy"; + version = "1.2.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "0mdqg07x5ybmbmj55x75gyhfcjrn7ml0cf3z0jwbskx845j31m6x"; + }; + + checkInputs = [ pytest ]; + + checkPhase = '' + py.test test/ + ''; + + disabled = pythonOlder "3.4"; + + meta = with lib; { + homepage = https://github.com/python-parsy/parsy; + description = "Easy-to-use parser combinators, for parsing in pure Python"; + license = [ licenses.mit ]; + maintainers = with maintainers; [ aepsil0n ]; + }; +} diff --git a/pkgs/development/tools/build-managers/doit/default.nix b/pkgs/development/tools/build-managers/doit/default.nix index e6ec8c2a80c..c6ed406840d 100644 --- a/pkgs/development/tools/build-managers/doit/default.nix +++ b/pkgs/development/tools/build-managers/doit/default.nix @@ -22,10 +22,10 @@ in python3Packages.buildPythonApplication { doCheck = false; checkPhase = "py.test"; - meta = { + meta = with stdenv.lib; { homepage = http://pydoit.org/; description = "A task management & automation tool"; - license = stdenv.lib.licenses.mit; + license = licenses.mit; longDescription = '' doit is a modern open-source build-tool written in python designed to be simple to use and flexible to deal with complex @@ -33,6 +33,7 @@ in python3Packages.buildPythonApplication { custom work-flows where there is no out-of-the-box solution available. ''; - platforms = stdenv.lib.platforms.all; + maintainers = with maintainers; [ pSub ]; + platforms = platforms.all; }; } diff --git a/pkgs/development/tools/vagrant/Gemfile.lock b/pkgs/development/tools/vagrant/Gemfile.lock index 8991bd9eb54..2a1515fd143 100644 --- a/pkgs/development/tools/vagrant/Gemfile.lock +++ b/pkgs/development/tools/vagrant/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - vagrant (2.1.1) + vagrant (2.1.2) childprocess (~> 0.6.0) erubis (~> 2.7.0) hashicorp-checkpoint (~> 0.1.5) @@ -25,8 +25,6 @@ PATH rest-client (>= 1.6.0, < 3.0) ruby_dep (<= 1.3.1) wdm (~> 0.1.0) - win32-file (~> 0.8.1) - win32-file-security (~> 1.0.10) winrm (~> 2.1) winrm-elevated (~> 1.1) winrm-fs (~> 1.0) @@ -47,8 +45,6 @@ GEM erubis (2.7.0) fake_ftp (0.1.1) ffi (1.9.23) - ffi-win32-extensions (1.0.3) - ffi gssapi (1.2.0) ffi (>= 1.0.1) gyoku (1.3.1) @@ -119,16 +115,6 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff - win32-file (0.8.1) - ffi - ffi-win32-extensions - win32-file-stat (>= 1.4.0) - win32-file-security (1.0.10) - ffi - ffi-win32-extensions - win32-file-stat (1.5.5) - ffi - ffi-win32-extensions winrm (2.2.3) builder (>= 2.1.2) erubis (~> 2.7) @@ -160,4 +146,4 @@ DEPENDENCIES webmock (~> 2.3.1) BUNDLED WITH - 1.14.6 + 1.16.2 diff --git a/pkgs/development/tools/vagrant/default.nix b/pkgs/development/tools/vagrant/default.nix index 886706ed30b..fe75c9fd208 100644 --- a/pkgs/development/tools/vagrant/default.nix +++ b/pkgs/development/tools/vagrant/default.nix @@ -1,6 +1,10 @@ { lib, fetchurl, buildRubyGem, bundlerEnv, ruby, libarchive }: let + # NOTE: bumping the version and updating the hash is insufficient; + # you must copy a fresh Gemfile.lock from the vagrant source, + # and use bundix to generate a new gemset.nix. + # Do not change the existing Gemfile. version = "2.1.2"; url = "https://github.com/hashicorp/vagrant/archive/v${version}.tar.gz"; sha256 = "0fb90v43d30whhyjlgb9mmy93ccbpr01pz97kp5hrg3wfd7703b1"; diff --git a/pkgs/development/tools/vagrant/gemset.nix b/pkgs/development/tools/vagrant/gemset.nix index 867927cdc24..598f5cc6723 100644 --- a/pkgs/development/tools/vagrant/gemset.nix +++ b/pkgs/development/tools/vagrant/gemset.nix @@ -75,15 +75,6 @@ }; version = "1.9.23"; }; - ffi-win32-extensions = { - dependencies = ["ffi"]; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1ywkkbr3bpi2ais2jr8yrsqwwrm48jg262anmdkcb9if95vajx7l"; - type = "gem"; - }; - version = "1.0.3"; - }; gssapi = { dependencies = ["ffi"]; source = { @@ -406,7 +397,7 @@ version = "0.0.7.5"; }; vagrant = { - dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "win32-file" "win32-file-security" "winrm" "winrm-elevated" "winrm-fs"]; + dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "winrm" "winrm-elevated" "winrm-fs"]; }; vagrant-spec = { dependencies = ["childprocess" "log4r" "rspec" "thor"]; @@ -436,33 +427,6 @@ }; version = "2.3.2"; }; - win32-file = { - dependencies = ["ffi" "ffi-win32-extensions" "win32-file-stat"]; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0mjylzv4bbnxyjqf7hnd9ghcs5xr2sv8chnmkqdi2cc6pya2xax0"; - type = "gem"; - }; - version = "0.8.1"; - }; - win32-file-security = { - dependencies = ["ffi" "ffi-win32-extensions"]; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0lpq821a1hrxmm0ki5c34wijzhn77g4ny76v698ixwg853y2ir9r"; - type = "gem"; - }; - version = "1.0.10"; - }; - win32-file-stat = { - dependencies = ["ffi" "ffi-win32-extensions"]; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0lc3yajcb8xxabvj9qian938k60ixydvs3ixl5fldi0nlvnvk468"; - type = "gem"; - }; - version = "1.5.5"; - }; winrm = { dependencies = ["builder" "erubis" "gssapi" "gyoku" "httpclient" "logging" "nori" "rubyntlm"]; source = { diff --git a/pkgs/tools/admin/aws-rotate-key/default.nix b/pkgs/tools/admin/aws-rotate-key/default.nix new file mode 100644 index 00000000000..cffb67e7d6c --- /dev/null +++ b/pkgs/tools/admin/aws-rotate-key/default.nix @@ -0,0 +1,25 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "aws-rotate-key-${version}"; + version = "1.0.0"; + + goPackagePath = "github.com/Fullscreen/aws-rotate-key"; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "Fullscreen"; + repo = "aws-rotate-key"; + sha256 = "13q7rns65cj8b4i0s75dbswijpra9z74b462zribwfjdm29by5k1"; + }; + + goDeps = ./deps.nix; + + meta = with stdenv.lib; { + description = "Easily rotate your AWS key"; + homepage = https://github.com/Fullscreen/aws-rotate-key; + license = licenses.mit; + maintainers = [maintainers.mbode]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/admin/aws-rotate-key/deps.nix b/pkgs/tools/admin/aws-rotate-key/deps.nix new file mode 100644 index 00000000000..680a18e7e2d --- /dev/null +++ b/pkgs/tools/admin/aws-rotate-key/deps.nix @@ -0,0 +1,29 @@ +[ + { + goPackagePath = "github.com/go-ini/ini"; + fetch = { + type = "git"; + url = "https://github.com/go-ini/ini"; + rev = "af26abd521cd7697481572fdbc4a53cbea3dde1b"; + sha256 = "1yribbqy9i4i70dfg3yrjhkn3n0fywpr3kismn2mvi882mm01pxz"; + }; + } + { + goPackagePath = "github.com/jmespath/go-jmespath"; + fetch = { + type = "git"; + url = "https://github.com/jmespath/go-jmespath"; + rev = "c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5"; + sha256 = "1r6w7ydx8ydryxk3sfhzsk8m6f1nsik9jg3i1zhi69v4kfl4d5cz"; + }; + } + { + goPackagePath = "github.com/aws/aws-sdk-go"; + fetch = { + type = "git"; + url = "https://github.com/aws/aws-sdk-go"; + rev = "f844700ba2a387dfee7ab3679e7544b5dbd6d394"; + sha256 = "0s9100bzqj58nnax3dxfgi5qr4rbaa53cb0cj3s58k9jc9z6270m"; + }; + } +] diff --git a/pkgs/tools/admin/bluemix-cli/default.nix b/pkgs/tools/admin/bluemix-cli/default.nix index 2c24728fab9..7ae54aab4b9 100644 --- a/pkgs/tools/admin/bluemix-cli/default.nix +++ b/pkgs/tools/admin/bluemix-cli/default.nix @@ -2,16 +2,30 @@ stdenv.mkDerivation rec { name = "bluemix-cli-${version}"; - version = "0.6.6"; + version = "0.8.0"; - src = fetchurl { - name = "linux64.tar.gz"; - url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64"; - sha256 = "1swjawc4szqrl0wgjcb4na1hbxylaqp2mp53lxsbfbk1db0c3y85"; - }; + src = + if stdenv.system == "i686-linux" then + fetchurl { + name = "linux32-${version}.tar.gz"; + url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux32"; + sha256 = "1ryngbjlw59x33rfd32bcz49r93a1q1g92jh7xmi9vydgqnzsifh"; + } + else + fetchurl { + name = "linux64-${version}.tar.gz"; + url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64"; + sha256 = "056zbaca430ldcn0s86vy40m5abvwpfrmvqybbr6fjwfv9zngywx"; + } + ; installPhase = '' - install -m755 -D --target $out/bin bin/bluemix bin/bluemix-analytics bin/cfcli/cf + install -m755 -D -t $out/bin bin/ibmcloud bin/ibmcloud-analytics + install -m755 -D -t $out/bin/cfcli bin/cfcli/cf + ln -sv $out/bin/ibmcloud $out/bin/bx + ln -sv $out/bin/ibmcloud $out/bin/bluemix + install -D -t "$out/etc/bash_completion.d" bx/bash_autocomplete + install -D -t "$out/share/zsh/site-functions" bx/zsh_autocomplete ''; meta = with lib; { @@ -19,7 +33,7 @@ stdenv.mkDerivation rec { homepage = "https://console.bluemix.net/docs/cli/index.html"; downloadPage = "https://console.bluemix.net/docs/cli/reference/bluemix_cli/download_cli.html#download_install"; license = licenses.unfree; - maintainers = [ maintainers.tazjin ]; - platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.tazjin maintainers.jensbin ]; + platforms = [ "x86_64-linux" "i686-linux" ]; }; } diff --git a/pkgs/tools/graphics/ibniz/default.nix b/pkgs/tools/graphics/ibniz/default.nix new file mode 100644 index 00000000000..11fad25b85a --- /dev/null +++ b/pkgs/tools/graphics/ibniz/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchurl, SDL }: + +stdenv.mkDerivation rec { + name = "ibniz-${version}"; + version = "1.18"; + + src = fetchurl { + url = "http://www.pelulamu.net/ibniz/${name}.tar.gz"; + sha256 = "10b4dka8zx7y84m1a58z9j2vly8mz9aw9wn8z9vx9av739j95wp2"; + }; + + buildInputs = [ SDL ]; + + installPhase = '' + mkdir -p $out/bin + cp ibniz $out/bin + ''; + + meta = with stdenv.lib; { + description = "Virtual machine designed for extremely compact low-level audiovisual programs"; + homepage = "http://www.pelulamu.net/ibniz/"; + license = licenses.zlib; + platforms = platforms.linux; + maintainers = [ maintainers.dezgeg ]; + }; +} diff --git a/pkgs/tools/misc/mmake/default.nix b/pkgs/tools/misc/mmake/default.nix index ce8ad76ba82..c6f9f4749b3 100644 --- a/pkgs/tools/misc/mmake/default.nix +++ b/pkgs/tools/misc/mmake/default.nix @@ -17,7 +17,13 @@ buildGoPackage rec { meta = with stdenv.lib; { homepage = https://github.com/tj/mmake; - description = "Mmake is a small program which wraps make to provide additional functionality, such as user-friendly help output, remote includes, and eventually more. It otherwise acts as a pass-through to standard make."; + description = "A small program which wraps make to provide additional functionality"; + longDescription = '' + Mmake is a small program which wraps make to provide additional + functionality, such as user-friendly help output, remote + includes, and eventually more. It otherwise acts as a + pass-through to standard make. + ''; license = licenses.mit; platforms = platforms.all; maintainers = [ maintainers.gabesoft ]; diff --git a/pkgs/tools/misc/toilet/default.nix b/pkgs/tools/misc/toilet/default.nix index 2b240e022d8..10e481b7664 100644 --- a/pkgs/tools/misc/toilet/default.nix +++ b/pkgs/tools/misc/toilet/default.nix @@ -12,10 +12,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libcaca ]; - meta = { + meta = with stdenv.lib; { description = "Display large colourful characters in text mode"; homepage = http://caca.zoy.org/wiki/toilet; - license = stdenv.lib.licenses.wtfpl; - platforms = stdenv.lib.platforms.all; + license = licenses.wtfpl; + maintainers = with maintainers; [ pSub ]; + platforms = platforms.all; }; } diff --git a/pkgs/tools/text/aha/default.nix b/pkgs/tools/text/aha/default.nix index d8c42a0f20d..89319ac492f 100644 --- a/pkgs/tools/text/aha/default.nix +++ b/pkgs/tools/text/aha/default.nix @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { ''; homepage = https://github.com/theZiz/aha; license = with licenses; [ lgpl2Plus mpl11 ]; + maintainers = with maintainers; [ pSub ]; platforms = platforms.linux; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e815305b539..c1957bd65be 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -555,6 +555,8 @@ with pkgs; awslogs = callPackage ../tools/admin/awslogs { }; + aws-rotate-key = callPackage ../tools/admin/aws-rotate-key { }; + aws_shell = pythonPackages.callPackage ../tools/admin/aws_shell { }; aws-sam-cli = callPackage ../development/tools/aws-sam-cli { }; @@ -3087,6 +3089,8 @@ with pkgs; iannix = libsForQt5.callPackage ../applications/audio/iannix { }; + ibniz = callPackage ../tools/graphics/ibniz { }; + icecast = callPackage ../servers/icecast { }; darkice = callPackage ../tools/audio/darkice { }; @@ -6646,20 +6650,7 @@ with pkgs; icedtea_web = icedtea8_web; idrisPackages = callPackage ../development/idris-modules { - - idris-no-deps = - let - inherit (self.haskell) lib; - haskellPackages = self.haskellPackages.override { - overrides = self: super: { - binary = lib.dontCheck self.binary_0_8_5_1; - parsers = lib.dontCheck super.parsers; - semigroupoids = lib.dontCheck super.semigroupoids; - trifecta = lib.dontCheck super.trifecta; - }; - }; - in - haskellPackages.idris; + idris-no-deps = haskellPackages.idris; }; idris = idrisPackages.with-packages [ idrisPackages.base ] ; @@ -9139,7 +9130,6 @@ with pkgs; game-music-emu = if stdenv.isDarwin then null else game-music-emu; libjack2 = if stdenv.isDarwin then null else libjack2; libmodplug = if stdenv.isDarwin then null else libmodplug; - libvpx = if stdenv.isDarwin then null else libvpx; openal = if stdenv.isDarwin then null else openal; libpulseaudio = if stdenv.isDarwin then null else libpulseaudio; samba = if stdenv.isDarwin then null else samba; diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index ede0a70b438..e4f63e2347e 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -11955,6 +11955,25 @@ let self = _self // overrides; _self = with self; { }; }; + PerconaToolkit = buildPerlPackage rec { + name = "Percona-Toolkit-3.0.11"; + src = fetchFromGitHub { + owner = "percona"; + repo = "percona-toolkit"; + rev = "6e5c5c5e6db0a32c6951c8f798c4547539cdab87"; + sha256 = "18wxvp7psqrx0zdvg47azrals572hv9fx1s3p0q65s87lnk3q63l"; + }; + outputs = [ "out" ]; + buildInputs = [ DBDmysql DBI DigestMD5 IOSocketSSL TermReadKey TimeHiRes ]; + meta = { + description = ''Collection of advanced command-line tools to perform a variety of MySQL and system tasks.''; + homepage = http://www.percona.com/software/percona-toolkit; + license = with stdenv.lib.licenses; [ lgpl2 ]; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ izorkin ]; + }; + }; + Perl5lib = buildPerlPackage rec { name = "perl5lib-1.02"; src = fetchurl { diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index de4966ec953..43d9f110a75 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1855,6 +1855,8 @@ in { ''; }; + parsy = callPackage ../development/python-modules/parsy { }; + portpicker = callPackage ../development/python-modules/portpicker { }; pkginfo = callPackage ../development/python-modules/pkginfo { }; diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix index 81f0874ca12..5553c4d5265 100644 --- a/pkgs/top-level/release.nix +++ b/pkgs/top-level/release.nix @@ -166,6 +166,7 @@ let } // (mapTestOn ((packagePlatforms pkgs) // rec { haskell.compiler = packagePlatforms pkgs.haskell.compiler; haskellPackages = packagePlatforms pkgs.haskellPackages; + idrisPackages = packagePlatforms pkgs.idrisPackages; # Language packages disabled in https://github.com/NixOS/nixpkgs/commit/ccd1029f58a3bb9eca32d81bf3f33cb4be25cc66 |