Merge remote-tracking branch 'origin/master' into staging.

lib/maintainers.nix

@@ -5,12 +5,12 @@
      alphabetically sorted.  */
 
   _1126 = "Christian Lask <[email protected]>";
+  abbradar = "Nikolay Amiantov <[email protected]>";
   aforemny = "Alexander Foremny <[email protected]>";
   ak = "Alexander Kjeldaas <[email protected]>";
   akc = "Anders Claesson <[email protected]>";
   algorith = "Dries Van Daele <[email protected]>";
   all = "Nix Committers <[email protected]>";
-  abbradar = "Nikolay Amiantov <[email protected]>";
   amiddelk = "Arie Middelkoop <[email protected]>";
   amorsillo = "Andrew Morsillo <[email protected]>";
   AndersonTorres = "Anderson Torres <[email protected]>";
@@ -46,8 +46,8 @@
   coroa = "Jonas Hörsch <[email protected]>";
   cstrahan = "Charles Strahan <[email protected]>";
   DamienCassou = "Damien Cassou <[email protected]>";
-  DerGuteMoritz = "Moritz Heidkamp <[email protected]>";
   dbohdan = "Danyil Bohdan <[email protected]>";
+  DerGuteMoritz = "Moritz Heidkamp <[email protected]>";
   dmalikov = "Dmitry Malikov <[email protected]>";
   doublec = "Chris Double <[email protected]>";
   ederoyd46 = "Matthew Brown <[email protected]>";
@@ -104,6 +104,7 @@
   offline = "Jaka Hudoklin <[email protected]>";
   orbitz = "Malcolm Matalka <[email protected]>";
   page = "Carles Pagès <[email protected]>";
+  pashev = "Igor Pashev <[email protected]>";
   phreedom = "Evgeny Egorochkin <[email protected]>";
   pierron = "Nicolas B. Pierron <[email protected]>";
   piotr = "Piotr Pietraszkiewicz <[email protected]>";
@@ -139,8 +140,8 @@
   tomberek = "Thomas Bereknyei <[email protected]>";
   tstrobel = "Thomas Strobel <[email protected]>";
   ttuegel = "Thomas Tuegel <[email protected]>";
-  twey = "James ‘Twey’ Kay <[email protected]>";
   tv = "Tomislav Viljetić <[email protected]>";
+  twey = "James ‘Twey’ Kay <[email protected]>";
   urkud = "Yury G. Kudryashov <[email protected]>";
   vandenoever = "Jos van den Oever <[email protected]>";
   vbgl = "Vincent Laporte <[email protected]>";

lib/modules.nix

@@ -58,7 +58,7 @@ rec {
     if m ? config || m ? options then
       let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
       if badAttrs != {} then
-        throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'."
+        throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
       else
         { file = m._file or file;
           key = toString m.key or key;

maintainers/scripts/travis-nox-review-pr.sh

@@ -32,9 +32,7 @@ elif [[ $1 == build ]]; then
         nix-build pkgs/top-level/release.nix -A tarball
     else
         echo "=== Checking PR"
-        # The current HEAD is the PR merged into origin/master, so we compare
-        # against origin/master
-        nox-review wip --against origin/master
+        nox-review pr ${TRAVIS_PULL_REQUEST}
     fi
 else
     echo "$0: Unknown option $1" >&2

nixos/modules/config/update-users-groups.pl

@@ -6,6 +6,15 @@
 make_path("/var/lib/nixos", { mode => 0755 });
 
 
+sub hashPassword {
+    my ($password) = @_;
+    my $salt = "";
+    my @chars = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
+    $salt .= $chars[rand 64] for (1..8);
+    return crypt($password, '$6$' . $salt . '$');
+}
+
+
 # Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
 # /etc/login.defs.
 sub allocId {
@@ -174,6 +183,8 @@ sub parseUser {
         } else {
             warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
         }
+    } elsif (defined $u->{password}) {
+        $u->{hashedPassword} = hashPassword($u->{password});
     }
 
     $u->{fakePassword} = $existing->{fakePassword} // "x";
@@ -208,32 +219,21 @@ sub parseUser {
 
 foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
     chomp $line;
-    my ($name, $password, @rest) = split(':', $line, -9);
+    my ($name, $hashedPassword, @rest) = split(':', $line, -9);
     my $u = $usersOut{$name};;
     next if !defined $u;
-    $password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
-    push @shadowNew, join(":", $name, $password, @rest) . "\n";
+    $hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
+    push @shadowNew, join(":", $name, $hashedPassword, @rest) . "\n";
     $shadowSeen{$name} = 1;
 }
 
 foreach my $u (values %usersOut) {
     next if defined $shadowSeen{$u->{name}};
-    my $password = "!";
-    $password = $u->{hashedPassword} if defined $u->{hashedPassword};
+    my $hashedPassword = "!";
+    $hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword};
     # FIXME: set correct value for sp_lstchg.
-    push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n";
+    push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
 }
 
 write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
 rename("/etc/shadow.tmp", "/etc/shadow") or die;
-
-
-# Call chpasswd to apply password. FIXME: generate the hashes directly
-# and merge into the /etc/shadow updating above.
-foreach my $u (@{$spec->{users}}) {
-    if (defined $u->{password}) {
-        my $pid = open(PW, "| chpasswd") or die;
-        print PW "$u->{name}:$u->{password}\n";
-        close PW or die "unable to change password of user ‘$u->{name}’: $?\n";
-    }
-}

nixos/modules/security/sudo.nix

@@ -46,6 +46,14 @@ in
           <filename>sudoers</filename> file.
         '';
     };
+
+    security.sudo.extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Extra configuration text appended to <filename>sudoers</filename>.
+      '';
+    };
   };
 
 
@@ -55,7 +63,8 @@ in
 
     security.sudo.configFile =
       ''
-        # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
+        # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
+        # and security.sudo.extraConfig instead.
 
         # Environment variables to keep for root and %wheel.
         Defaults:root,%wheel env_keep+=TERMINFO_DIRS
@@ -69,6 +78,7 @@ in
 
         # Users in the "wheel" group can do anything.
         %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
+        ${cfg.extraConfig}
       '';
 
     security.setuidPrograms = [ "sudo" "sudoedit" ];

nixos/modules/services/misc/gitolite.nix

@@ -15,14 +15,21 @@ in
         default = false;
         description = ''
           Enable gitolite management under the
-          <literal>gitolite</literal> user. The Gitolite home
-          directory is <literal>/var/lib/gitolite</literal>. After
+          <literal>gitolite</literal> user. After
           switching to a configuration with Gitolite enabled, you can
           then run <literal>git clone
           gitolite@host:gitolite-admin.git</literal> to manage it further.
         '';
       };
 
+      dataDir = mkOption {
+        type = types.str;
+        default = "/var/lib/gitolite";
+        description = ''
+          Gitolite home directory (used to store all the repositories).
+        '';
+      };
+
       adminPubkey = mkOption {
         type = types.str;
         description = ''
@@ -45,7 +52,7 @@ in
   config = mkIf cfg.enable {
     users.extraUsers.gitolite = {
       description     = "Gitolite user";
-      home            = "/var/lib/gitolite";
+      home            = cfg.dataDir;
       createHome      = true;
       uid             = config.ids.uids.gitolite;
       useDefaultShell = true;
@@ -61,7 +68,7 @@ in
 
       path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
       script = ''
-        cd /var/lib/gitolite
+        cd ${cfg.dataDir}
         mkdir -p .gitolite/logs
         if [ ! -d repositories ]; then
           gitolite setup -pk ${pubkeyFile}

nixos/modules/services/misc/nix-daemon.nix

@@ -36,6 +36,7 @@ let
         # /etc/nixos/configuration.nix.  Do not edit it!
         build-users-group = nixbld
         build-max-jobs = ${toString (cfg.maxJobs)}
+        build-cores = ${toString (cfg.buildCores)}
         build-use-chroot = ${if cfg.useChroot then "true" else "false"}
         build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
         binary-caches = ${toString cfg.binaryCaches}
@@ -74,6 +75,19 @@ in
         ";
       };
 
+      buildCores = mkOption {
+        type = types.int;
+        default = 1;
+        example = 64;
+        description = ''
+          This option defines the maximum number of concurrent tasks during
+          one build. It affects, e.g., -j option for make. The default is 1.
+          Some builds may become non-deterministic with this option; use with
+          care! Packages will only be affected if enableParallelBuilding is
+          set for them.
+        '';
+      };
+
       useChroot = mkOption {
         type = types.bool;
         default = false;

nixos/modules/services/monitoring/graphite.nix

@@ -306,7 +306,7 @@ in {
         example = literalExample ''
           {
             GRAPHITE_USERNAME = "user";
-            GRAPHITE_PASSWORD = "pass"; 
+            GRAPHITE_PASSWORD = "pass";
           }
         '';
       };
@@ -344,7 +344,7 @@ in {
               name: Test
         '';
         example = literalExample ''
-          pushbullet_key: pushbullet_api_key 
+          pushbullet_key: pushbullet_api_key
           alerts:
             - target: stats.seatgeek.app.deal_quality.venue_info_cache.hit
               warning: .5
@@ -456,7 +456,7 @@ in {
       environment.systemPackages = [ pkgs.python27Packages.graphite_web ];
     })
 
-    (mkIf cfg.api.enable { 
+    (mkIf cfg.api.enable {
       systemd.services.graphiteApi = {
         description = "Graphite Api Interface";
         wantedBy = [ "multi-user.target" ];
@@ -472,7 +472,7 @@ in {
           ExecStart = ''
             ${pkgs.python27Packages.waitress}/bin/waitress-serve \
             --host=${cfg.api.host} --port=${toString cfg.api.port} \
-            graphite_api.app:app 
+            graphite_api.app:app
           '';
           User = "graphite";
           Group = "graphite";
@@ -501,7 +501,7 @@ in {
           ExecStart = "${pkgs.seyren}/bin/seyren -httpPort ${toString cfg.seyren.port}";
           WorkingDirectory = dataDir;
           User = "graphite";
-          Group = "graphite"; 
+          Group = "graphite";
         };
         preStart = ''
           if ! test -e ${dataDir}/db-created; then
@@ -526,7 +526,7 @@ in {
         serviceConfig = {
           ExecStart = "${pkgs.pythonPackages.graphite_pager}/bin/graphite-pager --config ${pagerConfig}";
           User = "graphite";
-          Group = "graphite"; 
+          Group = "graphite";
         };
       };
 
@@ -535,14 +535,16 @@ in {
       environment.systemPackages = [ pkgs.pythonPackages.graphite_pager ];
     })
 
-    {
-      users.extraUsers = singleton {
-        name = "graphite";
-        uid = config.ids.uids.graphite;
-        description = "Graphite daemon user";
-        home = dataDir;
-      };
-      users.extraGroups.graphite.gid = config.ids.gids.graphite;
-    }
+    # Disabled: Don't create this user unconditionally!
+    #
+    # {
+    #   users.extraUsers = singleton {
+    #     name = "graphite";
+    #     uid = config.ids.uids.graphite;
+    #     description = "Graphite daemon user";
+    #     home = dataDir;
+    #   };
+    #   users.extraGroups.graphite.gid = config.ids.gids.graphite;
+    # }
   ];
 }

nixos/modules/services/networking/nat.nix

@@ -157,9 +157,9 @@ in
 
     boot = {
       kernelModules = [ "nf_nat_ftp" ];
-      kernel.sysctl = mkOverride 99 {
-        "net.ipv4.conf.all.forwarding" = true;
-        "net.ipv4.conf.default.forwarding" = true;
+      kernel.sysctl = {
+        "net.ipv4.conf.all.forwarding" = mkOverride 99 true;
+        "net.ipv4.conf.default.forwarding" = mkOverride 99 true;
       };
     };
 

pkgs/applications/audio/easytag/default.nix

@@ -1,28 +1,28 @@
-{ stdenv, fetchurl, pkgconfig, intltool, gtk, glib, libid3tag, id3lib, taglib
-, libvorbis, libogg, flac, itstool, libxml2
+{ stdenv, fetchurl, pkgconfig, intltool, gtk3, glib, libid3tag, id3lib, taglib
+, libvorbis, libogg, flac, itstool, libxml2, gsettings_desktop_schemas
+, makeWrapper, gnome_icon_theme
 }:
 
 stdenv.mkDerivation rec {
   name = "easytag-${version}";
-  version = "2.2.4";
+  version = "2.3.1";
 
   src = fetchurl {
-    url = "mirror://gnome/sources/easytag/2.2/${name}.tar.xz";
-    sha256 = "14f0s0l28fwxnc37aw1imal2xcg9ykq35mx2j9gaqzz02ymjk0s5";
+    url = "mirror://gnome/sources/easytag/2.3/${name}.tar.xz";
+    sha256 = "19cdx4hma4nl38m1zrc3mq9cjg6knw970abk5anhg7cvpc1371s7";
   };
 
-  preConfigure = ''
-    # pkg-config v0.23 should be enough.
-    sed -i -e '/_pkg_min_version=0.24/s/24/23/' \
-           -e 's/have_mp3=no/have_mp3=yes/' \
-           -e 's/ID3TAG_DEPS="id3tag"/ID3TAG_DEPS=""/' configure
+  preFixup = ''
+    wrapProgram $out/bin/easytag \
+      --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH:$out/share"
   '';
 
   NIX_LDFLAGS = "-lid3tag -lz";
 
+  nativeBuildInputs = [ makeWrapper ];
   buildInputs = [
-    pkgconfig intltool gtk glib libid3tag id3lib taglib libvorbis libogg flac
-    itstool libxml2
+    pkgconfig intltool gtk3 glib libid3tag id3lib taglib libvorbis libogg flac
+    itstool libxml2 gsettings_desktop_schemas gnome_icon_theme
   ];
 
   meta = {

pkgs/applications/editors/focuswriter/default.nix

@@ -0,0 +1,25 @@
+{stdenv, fetchurl, qt4, pkgconfig, hunspell}:
+
+stdenv.mkDerivation rec {
+  name = "focuswriter-${version}";
+  version = "1.5.3";
+
+  src = fetchurl {
+    url = http://gottcode.org/focuswriter/focuswriter-1.5.3-src.tar.bz2;
+    sha256 = "1i58jxbiy95ijf81g8c3gwxhcg3irzssna3wv7vhrd57g4lcfj0w";
+  };
+
+  buildInputs = [ qt4 pkgconfig hunspell ];
+
+  configurePhase = "qmake PREFIX=/";
+
+  installPhase = "make install INSTALL_ROOT=$out";
+
+  meta = {
+    description = "Simple, distraction-free writing environment";
+    license = stdenv.lib.licenses.gpl2;
+    maintainers = [ stdenv.lib.maintainers.madjar ];
+    platforms = stdenv.lib.platforms.all;
+    homepage = "http://gottcode.org/focuswriter/";
+  };
+}