From 5339e045194c5ad482250c0271959a5fd9f97db2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Sun, 2 Jan 2022 17:23:58 +0100 Subject: nios: Add sentinel module --- .gitignore | 1 + flake.lock | 23 +- flake.nix | 69 +- medkit-configuration.nix | 55 + medkit.nix | 45 + nixos/default.nix | 4 + nixos/modules/sentinel-fwlogs.nix | 37 + nixos/modules/sentinel-minipot.nix | 73 ++ nixos/modules/sentinel.nix | 53 + nixos/modules/turris-board.nix | 95 ++ nixos/nixos-modules-minfake.nix | 37 + nixos/nixos-modules.nix | 1067 ++++++++++++++++++++ pkgs/default.nix | 24 +- pkgs/libraries/base64c/default.nix | 7 +- .../0001-tests-cmzq-try-to-fix-test-failure.patch | 31 + pkgs/libraries/logc-libs/default.nix | 7 +- .../0001-configure.ac-fix-cross-compilation.patch | 28 + pkgs/libraries/logc/default.nix | 10 +- pkgs/libraries/paho-mqtt-c/default.nix | 1 - pkgs/sentinel/certgen/default.nix | 23 + pkgs/sentinel/dynfw-client/default.nix | 26 + pkgs/sentinel/faillogs/default.nix | 7 +- pkgs/sentinel/fwlogs/default.nix | 8 +- pkgs/sentinel/minipot/default.nix | 7 +- pkgs/sentinel/proxy/default.nix | 13 +- 25 files changed, 1720 insertions(+), 31 deletions(-) create mode 100644 .gitignore create mode 100644 medkit-configuration.nix create mode 100644 medkit.nix create mode 100644 nixos/default.nix create mode 100644 nixos/modules/sentinel-fwlogs.nix create mode 100644 nixos/modules/sentinel-minipot.nix create mode 100644 nixos/modules/sentinel.nix create mode 100644 nixos/modules/turris-board.nix create mode 100644 nixos/nixos-modules-minfake.nix create mode 100644 nixos/nixos-modules.nix create mode 100644 pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch create mode 100644 pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch create mode 100644 pkgs/sentinel/certgen/default.nix create mode 100644 pkgs/sentinel/dynfw-client/default.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fcfc4a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result* diff --git a/flake.lock b/flake.lock index 4777cb3..f6108d4 100644 --- a/flake.lock +++ b/flake.lock @@ -2,31 +2,32 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "id": "flake-utils", + "type": "indirect" } }, "nixpkgs": { "locked": { - "lastModified": 1641076644, - "narHash": "sha256-4x90qQM4wOfPAzdMnN1BnzVp7eO6wle+F5NmVkJ48qM=", + "lastModified": 1648648646, + "narHash": "sha256-pHAq/GvsP7zRHkUTCs+4d31C0IEtTIuC6/TFASIA+zg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fd74961da9fe2640ad2fbd960c3af08246e6749", + "rev": "efea022d6fe0da84aa6613d4ddeafb80de713457", "type": "github" }, "original": { - "id": "nixpkgs", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" } }, "root": { diff --git a/flake.nix b/flake.nix index 30f1a38..331bf79 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,68 @@ { description = "Turris flake"; - inputs.flake-utils.url = "github:numtide/flake-utils"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11"; - outputs = { self, nixpkgs, flake-utils }: - flake-utils.lib.eachSystem flake-utils.lib.allSystems (system: rec { - packages = import ./pkgs { - nixlib = nixpkgs.lib; - nixpkgs = nixpkgs.legacyPackages.${system}; + outputs = { self, flake-utils, nixpkgs }: { + + overlays.default = final: prev: import ./pkgs { nixpkgs = prev; }; + overlay = self.overlays.default; # Backward compatibility + + nixosModules = import ./nixos; + nixosModule = { + imports = builtins.attrValues self.nixosModules; + nixpkgs.overlays = [ self.overlay ]; }; - }); + + lib = { + # The full NixOS system + nixturrisSystem = {board, modules ? [], override ? {}}: let + pkgs = if board == "omnia" + then nixpkgs.legacyPackages.armv7l-linux + else nixpkgs.legacyPackages.aarch64-linux; + in nixpkgs.lib.nixosSystem ({ + system = pkgs.system; + modules = [ + self.nixosModule + { turris.board = board; } + ] ++ modules; + } // override); + # The minimalized system to decrease amount of ram needed for rebuild + # TODO this does not work right now as it requires just load of work to do + nixturrisMinSystem = {modules, ...} @args: + self.lib.nixturrisSystem (args // { + modules = modules ++ [ ./nixos/nixos-modules-minfake.nix ]; + override = { + baseModules = import ./nixos/nixos-modules.nix nixpkgs; + }; + }); + }; + + } // flake-utils.lib.eachSystem (flake-utils.lib.defaultSystems ++ ["armv7l-linux"]) ( + system: { + packages = let + + createMedkit = board: (self.lib.nixturrisSystem { + board = board; + modules = [ (import ./medkit.nix board) ]; + }).config.system.build.tarball; + + in { + + medkit-mox = createMedkit "mox"; + medkit-omnia = createMedkit "omnia"; + + } // flake-utils.lib.filterPackages system (flake-utils.lib.flattenTree ( + import ./pkgs { nixpkgs = nixpkgs.legacyPackages."${system}"; } + )); + + # The legacyPackages imported as overlay allows us to use pkgsCross to + # cross-compile those packages. + legacyPackages = import nixpkgs { + inherit system; + overlays = [ self.overlay ]; + crossOverlays = [ self.overlay ]; + }; + } + ); } diff --git a/medkit-configuration.nix b/medkit-configuration.nix new file mode 100644 index 0000000..cb287b1 --- /dev/null +++ b/medkit-configuration.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: { + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.kernelParams = [ + "earlyprintk" "console=ttyMV0,115200" "earlycon=ar3700_uart,0xd0012000" + "boot.shell_on_fail" + ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.supportedFilesystems = [ "btrfs" "vfat" "ntfs" ]; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; + swapDevices = [{ + device = "/dev/mmcblk1p2"; + priority = 0; + }]; + + fileSystems = { + "/" = { + device = "/dev/mmcblk1p1"; + fsType = "btrfs"; + }; + }; + + networking.hostName = "nixturris"; + + i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "cs_CZ.UTF-8/UTF-8"]; + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; + + programs.vim.defaultEditor = true; + + #services.sentinel.enable = true; + + services.openssh = { + enable = true; + passwordAuthentication = true; + permitRootLogin = "yes"; + }; + + environment.systemPackages = with pkgs; [ + nixos-option + htop + ]; + + users = { + mutableUsers = false; + users.root.password = "nixturris"; + }; + +} diff --git a/medkit.nix b/medkit.nix new file mode 100644 index 0000000..aa93080 --- /dev/null +++ b/medkit.nix @@ -0,0 +1,45 @@ +board: { config, lib, pkgs, modulesPath, ... }: { + imports = [ + "${toString modulesPath}/installer/cd-dvd/system-tarball.nix" + ]; + + boot.consoleLogLevel = lib.mkDefault 7; + turris.device = "/dev/mmcblk1"; # TODO this is for mox and sd card only + + # Allow access to the root account right after installation + users = { + mutableUsers = false; + users.root.password = "nixturris"; + }; + + # TODO we have to generate the hardware specific configuration on first boot + tarball.contents = [ + { source = pkgs.writeText "default-nixturris-flake" '' + { + inputs.nixturris.url = "git+git://cynerd.cz/nixturris.git"; + outputs = { self, nixturris }: { + nixosConfigurations.nixturris = nixturris.lib.nixturrisSystem { + board = "${board}"; + modules = [({ config, lib, pkgs, ... }: { + # Optionally place your configuration here + })]; + }; + }; + } + ''; + target = "/etc/nixos/flake.nix"; + } + { source = pkgs.writeText "medkit-extlinux" '' + DEFAULT nixos-default + TIMEOUT 0 + LABEL nixos-default + MENU LABEL NixOS - Default + FDTDIR /run/current-system/dtbs + LINUX /run/current-system/kernel + INITRD /run/current-system/initrd + APPEND init=${config.system.build.toplevel}/init ${builtins.toString config.boot.kernelParams} + ''; + target = "/boot/extlinux/extlinux.conf"; + } + ]; +} diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..ae8c367 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,4 @@ +{ + turris-board = import ./modules/turris-board.nix; + sentinel = import ./modules/sentinel.nix; +} diff --git a/nixos/modules/sentinel-fwlogs.nix b/nixos/modules/sentinel-fwlogs.nix new file mode 100644 index 0000000..b7b056a --- /dev/null +++ b/nixos/modules/sentinel-fwlogs.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + imports = [ ./sentinel.nix ]; + + + options = { + + services.sentinel.fwlogs = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable the Turris Sentinel Firewall logs collector. + The services.sentinel.enable has to be enabled as well. + ''; + }; + }; + }; + + + config = mkIf config.services.sentinel.enable && config.services.sentinel.fwlogs.enable { + environment.systemPackages = [ pkgs.sentinel-fwlogs ]; + + systemd.services.sentinel-fwlogs = { + description = "Turris Sentinel Firewall Logs"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.sentinel-fwlogs ]; + serviceConfig.ExecStart = "${pkgs.sentinel-fwlogs}/bin/sentinel-fwlogs"; + }; + + }; + +} diff --git a/nixos/modules/sentinel-minipot.nix b/nixos/modules/sentinel-minipot.nix new file mode 100644 index 0000000..f0b022e --- /dev/null +++ b/nixos/modules/sentinel-minipot.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cnf = config.sentinel.minipot; + inherit (pkgs) sentinel-minipot; + + minipotOpts = { name, port }: { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable the Turris Sentinel ${name} Minipot. + The services.sentinel.enable and service.sentinel.minipot.enable have to be enabled as well. + ''; + }; + port = mkOption { + type = types.port; + default = port; + description = "The port ${name} minipot should bind to."; + }; + }; + +in { + + imports = [ ./sentinel.nix ]; + + + options = { + services.sentinel.minipot = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable the Turris Sentinel Minipot system. + The services.sentinel.enable has to be enabled as well. + ''; + }; + + http = minipotOpts { name = "HTTP"; port = 80805; }; + ftp = minipotOpts { name = "FTP"; port = 80805; }; + smtp = minipotOpts { name = "SMTP"; port = 80805; }; + telnet = minipotOpts { name = "Telnet"; port = 80805; }; + }; + }; + + + config = mkIf config.services.sentinel.enable && cnf.enable { + assertions = [ + { + assertion = cnf.http.enable || cnf.ftp.enable || cnf.smtp.enable || cnf.telnet.enable; + message = "Sentinel minipot requires at least one of the protocols to be enabled"; + } + ]; + + environment.systemPackages = [ sentinel-minipot ]; + + systemd.services.sentinel-minipot = { + description = "Turris Sentinel Minipot"; + wantedBy = [ "multi-user.target" ]; + path = [ sentinel-minipot ]; + serviceConfig.ExecStart = "${sentinel-minipot}/bin/sentinel-minipot" + + optionalString cnf.http.enable " --http=${cnf.http.port}" + + optionalString cnf.ftp.enable " --ftp=${cnf.ftp.port}" + + optionalString cnf.smtp.enable " --smtp=${cnf.smtp.port}" + + optionalString cnf.telnet.enable " --telnet=${cnf.telnet.port}"; + }; + + }; + +} diff --git a/nixos/modules/sentinel.nix b/nixos/modules/sentinel.nix new file mode 100644 index 0000000..5362524 --- /dev/null +++ b/nixos/modules/sentinel.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + + services.sentinel = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the Turris Sentinel attact prevention system. + ''; + }; + deviceToken = mkOption { + type = types.str; + description = '' + Turris Sentinel token. You can use `sentinel-device-token -c` to get new one. + ''; + }; + + faillogs = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable the Turris Sentinel fail logs collector. + The services.sentinel.enable has to be enabled as well. + ''; + }; + }; + }; + + }; + + + config = mkIf config.services.sentinel.enable { + environment.systemPackages = [ pkgs.sentinel-proxy ]; + #environment.etc.cups.source = "/var/lib/cups"; + + #systemd.services.sentinel-proxy = { + # description = "Turris Sentinel proxy"; + # wantedBy = [ "multi-user.target" ]; + # path = [ sentinel-proxy ]; + # serviceConfig.ExecStart = "${sentinel-proxy}/bin/sentinel-proxy -f "; + #}; + + }; + +} diff --git a/nixos/modules/turris-board.nix b/nixos/modules/turris-board.nix new file mode 100644 index 0000000..4b8aa0d --- /dev/null +++ b/nixos/modules/turris-board.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + turris.board = mkOption { + type = types.enum [ "omnia" "mox" ]; + description = "The unique Turris board identifier."; + }; + + turris.device = mkOption { + type = types.str; + example = "/dev/mmcblk0"; + description = "The device used to boot the Turris system."; + }; + }; + + config = { + assertions = [{ + assertion = config.turris.board != null; + message = "Turris board has to be specified"; + }]; + + # We do not need Grub as U-Boot supports boot using extlinux like file + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + # Use early print to the serial console + boot.kernelParams = [ + "earlyprintk" "console=ttyMV0,115200" "earlycon=ar3700_uart,0xd0012000" + "boot.shell_on_fail" + ]; + + # Use the latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + + # The supported deployment is on BTRFS + boot.supportedFilesystems = [ "btrfs" ]; + + # Cover nix memory consumption peaks by compressing the RAM + zramSwap = { + enable = true; + memoryPercent = 100; + }; + # Nix is really memory hungry so we have to sometimes also use swap device. + # We expect that to be the second partition on the root device. + swapDevices = [{ + device = config.turris.device + "p2"; + priority = 0; + }]; + + fileSystems = { + # Root filesystem is expected to be on: + # Mox: SD card + # Omnia: internam MMC storage + "/" = { + device = config.turris.device + "p1"; + fsType = "btrfs"; + }; + }; + + # The default hostname + # TODO set this only if not already set + networking.hostName = "nixturris"; + + # Enable flakes for nix as we are using that instead of legacy setup + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; + + # Allow root access over SSH + # TODO allow disable as it is nice only for initial setup + services.openssh = { + enable = true; + passwordAuthentication = true; + permitRootLogin = "yes"; + }; + + # Set default editor + # TODO probably switch to nano later on + programs.vim.defaultEditor = true; + + # The additional administration packages + environment.systemPackages = with pkgs; [ + (pkgs.nixos-rebuild.override { nix = config.nix.package.out; }) + git # This is required to access the repository + htop + ]; + + # No need for installer tools in standard system + system.disableInstallerTools = true; + }; +} diff --git a/nixos/nixos-modules-minfake.nix b/nixos/nixos-modules-minfake.nix new file mode 100644 index 0000000..e7836cb --- /dev/null +++ b/nixos/nixos-modules-minfake.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = let + + mkFake = {type, default}: mkOption { + type = type; + default = default; + description = "The module this option was part of was removed as part of Turris trim"; + }; + mkFakeList = type: mkFake { + type = types.listOf type; + default = []; + }; + + mkFakeDisable = mkOption { + type = types.bool; + default = false; + description = "The in default disabled option that was removed as part of Turris trim"; + }; + + in { + + services.xserver.enable = mkFakeDisable; + services.xserver.displayManager.hiddenUsers = mkFakeList types.str; + services.xserver.startGnuPGAgent = mkFakeDisable; + + }; + + config = { + }; +} + + diff --git a/nixos/nixos-modules.nix b/nixos/nixos-modules.nix new file mode 100644 index 0000000..37c8819 --- /dev/null +++ b/nixos/nixos-modules.nix @@ -0,0 +1,1067 @@ +# The trim down list of all NixOS modules +nixpkgs: +let + nixpkgsPrefix = path: "${nixpkgs + "/nixos/modules/" + path}"; +in map nixpkgsPrefix [ + "config/debug-info.nix" + "config/fonts/fontconfig.nix" + "config/fonts/fonts.nix" + "config/fonts/ghostscript.nix" + "config/xdg/autostart.nix" + "config/xdg/icons.nix" + "config/xdg/menus.nix" + "config/xdg/mime.nix" + "config/xdg/portal.nix" + "config/xdg/portals/wlr.nix" + "config/appstream.nix" + "config/console.nix" + "config/xdg/sounds.nix" + "config/gtk/gtk-icon-cache.nix" + "config/gnu.nix" + "config/i18n.nix" + "config/iproute2.nix" + "config/krb5/default.nix" + "config/ldap.nix" + "config/locale.nix" + "config/malloc.nix" + "config/networking.nix" + "config/no-x-libs.nix" + "config/nsswitch.nix" + "config/power-management.nix" + "config/pulseaudio.nix" + "config/qt5.nix" + "config/resolvconf.nix" + "config/shells-environment.nix" + "config/swap.nix" + "config/sysctl.nix" + "config/system-environment.nix" + "config/system-path.nix" + "config/terminfo.nix" + "config/unix-odbc-drivers.nix" + "config/users-groups.nix" + "config/vte.nix" + "config/zram.nix" + "hardware/acpilight.nix" + "hardware/all-firmware.nix" + "hardware/bladeRF.nix" + "hardware/brillo.nix" + "hardware/ckb-next.nix" + "hardware/cpu/amd-microcode.nix" + "hardware/cpu/intel-microcode.nix" + "hardware/corectrl.nix" + "hardware/digitalbitbox.nix" + "hardware/device-tree.nix" + "hardware/gkraken.nix" + "hardware/flirc.nix" + "hardware/i2c.nix" + "hardware/hackrf.nix" + "hardware/sensor/hddtemp.nix" + "hardware/sensor/iio.nix" + "hardware/keyboard/teck.nix" + "hardware/keyboard/zsa.nix" + "hardware/ksm.nix" + "hardware/ledger.nix" + "hardware/logitech.nix" + "hardware/mcelog.nix" + "hardware/network/ath-user-regd.nix" + "hardware/network/b43.nix" + "hardware/network/intel-2200bg.nix" + "hardware/nitrokey.nix" + "hardware/opengl.nix" + "hardware/openrazer.nix" + "hardware/pcmcia.nix" + "hardware/printers.nix" + "hardware/raid/hpsa.nix" + "hardware/rtl-sdr.nix" + "hardware/steam-hardware.nix" + "hardware/system-76.nix" + "hardware/tuxedo-keyboard.nix" + "hardware/ubertooth.nix" + "hardware/usb-wwan.nix" + "hardware/onlykey/default.nix" + "hardware/opentabletdriver.nix" + "hardware/sata.nix" + "hardware/wooting.nix" + "hardware/uinput.nix" + "hardware/xpadneo.nix" + "installer/tools/tools.nix" + "misc/assertions.nix" + "misc/crashdump.nix" + "misc/documentation.nix" + "misc/extra-arguments.nix" + "misc/ids.nix" + "misc/lib.nix" + "misc/label.nix" + "misc/locate.nix" + "misc/meta.nix" + "misc/nixpkgs.nix" + "misc/passthru.nix" + "misc/version.nix" + "misc/nixops-autoluks.nix" + "programs/adb.nix" + "programs/appgate-sdp.nix" + "programs/atop.nix" + "programs/autojump.nix" + "programs/bandwhich.nix" + "programs/bash/bash.nix" + "programs/bash/bash-completion.nix" + "programs/bash/ls-colors.nix" + "programs/bash/undistract-me.nix" + "programs/bash-my-aws.nix" + "programs/bcc.nix" + "programs/browserpass.nix" + "programs/calls.nix" + "programs/captive-browser.nix" + "programs/ccache.nix" + "programs/cdemu.nix" + "programs/clickshare.nix" + "programs/cnping.nix" + "programs/command-not-found/command-not-found.nix" + "programs/criu.nix" + "programs/dconf.nix" + "programs/digitalbitbox/default.nix" + "programs/dmrconfig.nix" + "programs/environment.nix" + "programs/extra-container.nix" + "programs/feedbackd.nix" + "programs/file-roller.nix" + "programs/firejail.nix" + "programs/fish.nix" + "programs/flashrom.nix" + "programs/flexoptix-app.nix" + "programs/freetds.nix" + "programs/fuse.nix" + "programs/gamemode.nix" + "programs/git.nix" + "programs/gnupg.nix" + "programs/hamster.nix" + "programs/htop.nix" + "programs/iftop.nix" + "programs/iotop.nix" + "programs/java.nix" + "programs/kbdlight.nix" + "programs/less.nix" + "programs/liboping.nix" + "programs/light.nix" + "programs/mosh.nix" + "programs/mininet.nix" + "programs/msmtp.nix" + "programs/mtr.nix" + "programs/nano.nix" + "programs/neovim.nix" + "programs/nm-applet.nix" + "programs/npm.nix" + "programs/noisetorch.nix" + "programs/oblogout.nix" + "programs/partition-manager.nix" + "programs/plotinus.nix" + "programs/proxychains.nix" + "programs/qt5ct.nix" + "programs/screen.nix" + "programs/sedutil.nix" + "programs/seahorse.nix" + "programs/slock.nix" + "programs/shadow.nix" + "programs/spacefm.nix" + "programs/singularity.nix" + "programs/ssh.nix" + "programs/ssmtp.nix" + "programs/sysdig.nix" + "programs/systemtap.nix" + "programs/system-config-printer.nix" + "services/desktops/system-config-printer.nix" + "programs/thefuck.nix" + "programs/tilp2.nix" + "programs/tmux.nix" + "programs/traceroute.nix" + "programs/tsm-client.nix" + "programs/turbovnc.nix" + "programs/udevil.nix" + "programs/usbtop.nix" + "programs/vim.nix" + "programs/wavemon.nix" + "programs/waybar.nix" + "programs/weylus.nix" + "programs/wireshark.nix" + "programs/wshowkeys.nix" + "programs/xfs_quota.nix" + "programs/xonsh.nix" + "programs/xss-lock.nix" + "programs/yabar.nix" + "programs/zmap.nix" + "programs/zsh/oh-my-zsh.nix" + "programs/zsh/zsh.nix" + "programs/zsh/zsh-autoenv.nix" + "programs/zsh/zsh-autosuggestions.nix" + "programs/zsh/zsh-syntax-highlighting.nix" + "rename.nix" + "security/acme.nix" + "security/apparmor.nix" + "security/audit.nix" + "security/auditd.nix" + "security/ca.nix" + "security/dhparams.nix" + "security/duosec.nix" + "security/google_oslogin.nix" + "security/lock-kernel-modules.nix" + "security/misc.nix" + "security/oath.nix" + "security/pam.nix" + "security/pam_usb.nix" + "security/pam_mount.nix" + "security/polkit.nix" + "security/rngd.nix" + "security/rtkit.nix" + "security/wrappers/default.nix" + "security/sudo.nix" + "security/doas.nix" + "security/systemd-confinement.nix" + "security/tpm2.nix" + "services/admin/meshcentral.nix" + "services/admin/oxidized.nix" + "services/admin/salt/master.nix" + "services/admin/salt/minion.nix" + "services/amqp/activemq/default.nix" + "services/amqp/rabbitmq.nix" + "services/audio/alsa.nix" + "services/audio/botamusique.nix" + "services/audio/hqplayerd.nix" + "services/audio/icecast.nix" + "services/audio/jack.nix" + "services/audio/jmusicbot.nix" + "services/audio/liquidsoap.nix" + "services/audio/mpd.nix" + "services/audio/mpdscribble.nix" + "services/audio/mopidy.nix" + "services/audio/networkaudiod.nix" + "services/audio/roon-bridge.nix" + "services/audio/navidrome.nix" + "services/audio/roon-server.nix" + "services/audio/slimserver.nix" + "services/audio/snapserver.nix" + "services/audio/squeezelite.nix" + "services/audio/spotifyd.nix" + "services/audio/ympd.nix" + "services/backup/automysqlbackup.nix" + "services/backup/bacula.nix" + "services/backup/borgbackup.nix" + "services/backup/borgmatic.nix" + "services/backup/btrbk.nix" + "services/backup/duplicati.nix" + "services/backup/duplicity.nix" + "services/backup/mysql-backup.nix" + "services/backup/postgresql-backup.nix" + "services/backup/postgresql-wal-receiver.nix" + "services/backup/restic.nix" + "services/backup/restic-rest-server.nix" + "services/backup/rsnapshot.nix" + "services/backup/sanoid.nix" + "services/backup/syncoid.nix" + "services/backup/tarsnap.nix" + "services/backup/tsm.nix" + "services/backup/zfs-replication.nix" + "services/backup/znapzend.nix" + "services/blockchain/ethereum/geth.nix" + "services/backup/zrepl.nix" + "services/cluster/hadoop/default.nix" + "services/cluster/k3s/default.nix" + "services/cluster/kubernetes/addons/dns.nix" + "services/cluster/kubernetes/addons/dashboard.nix" + "services/cluster/kubernetes/addon-manager.nix" + "services/cluster/kubernetes/apiserver.nix" + "services/cluster/kubernetes/controller-manager.nix" + "services/cluster/kubernetes/default.nix" + "services/cluster/kubernetes/flannel.nix" + "services/cluster/kubernetes/kubelet.nix" + "services/cluster/kubernetes/pki.nix" + "services/cluster/kubernetes/proxy.nix" + "services/cluster/kubernetes/scheduler.nix" + "services/cluster/spark/default.nix" + "services/computing/boinc/client.nix" + "services/computing/foldingathome/client.nix" + "services/computing/slurm/slurm.nix" + "services/computing/torque/mom.nix" + "services/computing/torque/server.nix" + "services/continuous-integration/buildbot/master.nix" + "services/continuous-integration/buildbot/worker.nix" + "services/continuous-integration/buildkite-agents.nix" + "services/continuous-integration/hail.nix" + "services/continuous-integration/hercules-ci-agent/default.nix" + "services/continuous-integration/hydra/default.nix" + "services/continuous-integration/github-runner.nix" + "services/continuous-integration/gitlab-runner.nix" + "services/continuous-integration/gocd-agent/default.nix" + "services/continuous-integration/gocd-server/default.nix" + "services/continuous-integration/jenkins/default.nix" + "services/continuous-integration/jenkins/job-builder.nix" + "services/continuous-integration/jenkins/slave.nix" + "services/databases/aerospike.nix" + "services/databases/cassandra.nix" + "services/databases/clickhouse.nix" + "services/databases/cockroachdb.nix" + "services/databases/couchdb.nix" + "services/databases/firebird.nix" + "services/databases/foundationdb.nix" + "services/databases/hbase.nix" + "services/databases/influxdb.nix" + "services/databases/influxdb2.nix" + "services/databases/memcached.nix" + "services/databases/monetdb.nix" + "services/databases/mongodb.nix" + "services/databases/mysql.nix" + "services/databases/neo4j.nix" + "services/databases/openldap.nix" + "services/databases/opentsdb.nix" + "services/databases/pgmanage.nix" + "services/databases/postgresql.nix" + "services/databases/redis.nix" + "services/databases/riak.nix" + "services/databases/victoriametrics.nix" + "services/databases/virtuoso.nix" + "services/desktops/geoclue2.nix" + "services/development/bloop.nix" + "services/development/blackfire.nix" + "services/development/distccd.nix" + "services/development/hoogle.nix" + "services/development/jupyter/default.nix" + "services/development/jupyterhub/default.nix" + "services/development/lorri.nix" + "services/display-managers/greetd.nix" + "services/editors/emacs.nix" + "services/editors/infinoted.nix" + "services/finance/odoo.nix" + "services/hardware/acpid.nix" + "services/hardware/actkbd.nix" + "services/hardware/auto-cpufreq.nix" + "services/hardware/bluetooth.nix" + "services/hardware/bolt.nix" + "services/hardware/brltty.nix" + "services/hardware/ddccontrol.nix" + "services/hardware/fancontrol.nix" + "services/hardware/freefall.nix" + "services/hardware/fwupd.nix" + "services/hardware/illum.nix" + "services/hardware/interception-tools.nix" + "services/hardware/irqbalance.nix" + "services/hardware/joycond.nix" + "services/hardware/lcd.nix" + "services/hardware/lirc.nix" + "services/hardware/nvidia-optimus.nix" + "services/hardware/pcscd.nix" + "services/hardware/pommed.nix" + "services/hardware/power-profiles-daemon.nix" + "services/hardware/rasdaemon.nix" + "services/hardware/ratbagd.nix" + "services/hardware/sane.nix" + "services/hardware/sane_extra_backends/brscan4.nix" + "services/hardware/sane_extra_backends/brscan5.nix" + "services/hardware/sane_extra_backends/dsseries.nix" + "services/hardware/spacenavd.nix" + "services/hardware/tcsd.nix" + "services/hardware/tlp.nix" + "services/hardware/thinkfan.nix" + "services/hardware/throttled.nix" + "services/hardware/trezord.nix" + "services/hardware/triggerhappy.nix" + "services/hardware/udev.nix" + "services/hardware/udisks2.nix" + "services/hardware/upower.nix" + "services/hardware/usbmuxd.nix" + "services/hardware/thermald.nix" + "services/hardware/undervolt.nix" + "services/hardware/vdr.nix" + "services/hardware/xow.nix" + "services/logging/SystemdJournal2Gelf.nix" + "services/logging/awstats.nix" + "services/logging/filebeat.nix" + "services/logging/fluentd.nix" + "services/logging/graylog.nix" + "services/logging/heartbeat.nix" + "services/logging/journalbeat.nix" + "services/logging/journaldriver.nix" + "services/logging/journalwatch.nix" + "services/logging/klogd.nix" + "services/logging/logcheck.nix" + "services/logging/logrotate.nix" + "services/logging/logstash.nix" + "services/logging/promtail.nix" + "services/logging/rsyslogd.nix" + "services/logging/syslog-ng.nix" + "services/logging/syslogd.nix" + "services/logging/vector.nix" + "services/mail/clamsmtp.nix" + "services/mail/davmail.nix" + "services/mail/dkimproxy-out.nix" + "services/mail/dovecot.nix" + "services/mail/dspam.nix" + "services/mail/exim.nix" + "services/mail/mail.nix" + "services/mail/mailcatcher.nix" + "services/mail/mailhog.nix" + "services/mail/mailman.nix" + "services/mail/mlmmj.nix" + "services/mail/offlineimap.nix" + "services/mail/opendkim.nix" + "services/mail/opensmtpd.nix" + "services/mail/pfix-srsd.nix" + "services/mail/postfix.nix" + "services/mail/postfixadmin.nix" + "services/mail/postsrsd.nix" + "services/mail/postgrey.nix" + "services/mail/spamassassin.nix" + "services/mail/rspamd.nix" + "services/mail/rss2email.nix" + "services/mail/roundcube.nix" + "services/mail/sympa.nix" + "services/mail/nullmailer.nix" + "services/matrix/mjolnir.nix" + "services/matrix/pantalaimon.nix" + "services/misc/ananicy.nix" + "services/misc/airsonic.nix" + "services/misc/ankisyncd.nix" + "services/misc/apache-kafka.nix" + "services/misc/autofs.nix" + "services/misc/autorandr.nix" + "services/misc/bazarr.nix" + "services/misc/beanstalkd.nix" + "services/misc/bees.nix" + "services/misc/bepasty.nix" + "services/misc/canto-daemon.nix" + "services/misc/calibre-server.nix" + "services/misc/cfdyndns.nix" + "services/misc/clipmenu.nix" + "services/misc/clipcat.nix" + "services/misc/cpuminer-cryptonight.nix" + "services/misc/cgminer.nix" + "services/misc/confd.nix" + "services/misc/couchpotato.nix" + "services/misc/dendrite.nix" + "services/misc/devmon.nix" + "services/misc/dictd.nix" + "services/misc/duckling.nix" + "services/misc/dwm-status.nix" + "services/misc/dysnomia.nix" + "services/misc/disnix.nix" + "services/misc/docker-registry.nix" + "services/misc/domoticz.nix" + "services/misc/errbot.nix" + "services/misc/etcd.nix" + "services/misc/etebase-server.nix" + "services/misc/etesync-dav.nix" + "services/misc/ethminer.nix" + "services/misc/exhibitor.nix" + "services/misc/felix.nix" + "services/misc/freeswitch.nix" + "services/misc/fstrim.nix" + "services/misc/gammu-smsd.nix" + "services/misc/geoipupdate.nix" + "services/misc/gitea.nix" + "services/misc/gitlab.nix" + "services/misc/gitolite.nix" + "services/misc/gitweb.nix" + "services/misc/gogs.nix" + "services/misc/gollum.nix" + "services/misc/gpsd.nix" + "services/misc/headphones.nix" + "services/misc/greenclip.nix" + "services/misc/home-assistant.nix" + "services/misc/ihaskell.nix" + "services/misc/irkerd.nix" + "services/misc/jackett.nix" + "services/misc/jellyfin.nix" + "services/misc/klipper.nix" + "services/misc/logkeys.nix" + "services/misc/leaps.nix" + "services/misc/lidarr.nix" + "services/misc/libreddit.nix" + "services/misc/lifecycled.nix" + "services/misc/mame.nix" + "services/misc/matrix-appservice-discord.nix" + "services/misc/matrix-appservice-irc.nix" + "services/misc/matrix-synapse.nix" + "services/misc/mautrix-facebook.nix" + "services/misc/mautrix-telegram.nix" + "services/misc/mbpfan.nix" + "services/misc/mediatomb.nix" + "services/misc/metabase.nix" + "services/misc/moonraker.nix" + "services/misc/mwlib.nix" + "services/misc/mx-puppet-discord.nix" + "services/misc/n8n.nix" + "services/misc/nitter.nix" + "services/misc/nix-daemon.nix" + "services/misc/nix-gc.nix" + "services/misc/nix-optimise.nix" + "services/misc/nix-ssh-serve.nix" + "services/misc/novacomd.nix" + "services/misc/nzbget.nix" + "services/misc/nzbhydra2.nix" + "services/misc/octoprint.nix" + "services/misc/ombi.nix" + "services/misc/osrm.nix" + "services/misc/owncast.nix" + "services/misc/packagekit.nix" + "services/misc/paperless-ng.nix" + "services/misc/parsoid.nix" + "services/misc/plex.nix" + "services/misc/plikd.nix" + "services/misc/podgrab.nix" + "services/misc/prowlarr.nix" + "services/misc/tautulli.nix" + "services/misc/pinnwand.nix" + "services/misc/pykms.nix" + "services/misc/radarr.nix" + "services/misc/redmine.nix" + "services/misc/rippled.nix" + "services/misc/ripple-data-api.nix" + "services/misc/serviio.nix" + "services/misc/safeeyes.nix" + "services/misc/sdrplay.nix" + "services/misc/sickbeard.nix" + "services/misc/signald.nix" + "services/misc/siproxd.nix" + "services/misc/snapper.nix" + "services/misc/sonarr.nix" + "services/misc/sourcehut" + "services/misc/spice-vdagentd.nix" + "services/misc/ssm-agent.nix" + "services/misc/sssd.nix" + "services/misc/subsonic.nix" + "services/misc/sundtek.nix" + "services/misc/svnserve.nix" + "services/misc/synergy.nix" + "services/misc/sysprof.nix" + "services/misc/taskserver" + "services/misc/tiddlywiki.nix" + "services/misc/tp-auto-kbbl.nix" + "services/misc/tzupdate.nix" + "services/misc/uhub.nix" + "services/misc/weechat.nix" + "services/misc/xmr-stak.nix" + "services/misc/xmrig.nix" + "services/misc/zigbee2mqtt.nix" + "services/misc/zoneminder.nix" + "services/misc/zookeeper.nix" + "services/monitoring/alerta.nix" + "services/monitoring/apcupsd.nix" + "services/monitoring/arbtt.nix" + "services/monitoring/bosun.nix" + "services/monitoring/cadvisor.nix" + "services/monitoring/collectd.nix" + "services/monitoring/das_watchdog.nix" + "services/monitoring/datadog-agent.nix" + "services/monitoring/dd-agent/dd-agent.nix" + "services/monitoring/do-agent.nix" + "services/monitoring/fusion-inventory.nix" + "services/monitoring/grafana.nix" + "services/monitoring/grafana-image-renderer.nix" + "services/monitoring/grafana-reporter.nix" + "services/monitoring/graphite.nix" + "services/monitoring/hdaps.nix" + "services/monitoring/heapster.nix" + "services/monitoring/incron.nix" + "services/monitoring/kapacitor.nix" + "services/monitoring/loki.nix" + "services/monitoring/longview.nix" + "services/monitoring/mackerel-agent.nix" + "services/monitoring/metricbeat.nix" + "services/monitoring/monit.nix" + "services/monitoring/munin.nix" + "services/monitoring/nagios.nix" + "services/monitoring/netdata.nix" + "services/monitoring/parsedmarc.nix" + "services/monitoring/prometheus/default.nix" + "services/monitoring/prometheus/alertmanager.nix" + "services/monitoring/prometheus/exporters.nix" + "services/monitoring/prometheus/pushgateway.nix" + "services/monitoring/prometheus/xmpp-alerts.nix" + "services/monitoring/riemann.nix" + "services/monitoring/riemann-dash.nix" + "services/monitoring/riemann-tools.nix" + "services/monitoring/scollector.nix" + "services/monitoring/smartd.nix" + "services/monitoring/sysstat.nix" + "services/monitoring/teamviewer.nix" + "services/monitoring/telegraf.nix" + "services/monitoring/thanos.nix" + "services/monitoring/tuptime.nix" + "services/monitoring/unifi-poller.nix" + "services/monitoring/ups.nix" + "services/monitoring/uptime.nix" + "services/monitoring/vnstat.nix" + "services/monitoring/zabbix-agent.nix" + "services/monitoring/zabbix-proxy.nix" + "services/monitoring/zabbix-server.nix" + "services/network-filesystems/cachefilesd.nix" + "services/network-filesystems/davfs2.nix" + "services/network-filesystems/drbd.nix" + "services/network-filesystems/glusterfs.nix" + "services/network-filesystems/kbfs.nix" + "services/network-filesystems/ipfs.nix" + "services/network-filesystems/litestream/default.nix" + "services/network-filesystems/netatalk.nix" + "services/network-filesystems/nfsd.nix" + "services/network-filesystems/openafs/client.nix" + "services/network-filesystems/openafs/server.nix" + "services/network-filesystems/orangefs/server.nix" + "services/network-filesystems/orangefs/client.nix" + "services/network-filesystems/rsyncd.nix" + "services/network-filesystems/samba.nix" + "services/network-filesystems/samba-wsdd.nix" + "services/network-filesystems/tahoe.nix" + "services/network-filesystems/diod.nix" + "services/network-filesystems/u9fs.nix" + "services/network-filesystems/webdav.nix" + "services/network-filesystems/yandex-disk.nix" + "services/network-filesystems/xtreemfs.nix" + "services/network-filesystems/ceph.nix" + "services/networking/3proxy.nix" + "services/networking/adguardhome.nix" + "services/networking/amuled.nix" + "services/networking/antennas.nix" + "services/networking/aria2.nix" + "services/networking/asterisk.nix" + "services/networking/atftpd.nix" + "services/networking/avahi-daemon.nix" + "services/networking/babeld.nix" + "services/networking/bee.nix" + "services/networking/bee-clef.nix" + "services/networking/biboumi.nix" + "services/networking/bind.nix" + "services/networking/bitcoind.nix" + "services/networking/autossh.nix" + "services/networking/bird.nix" + "services/networking/bitlbee.nix" + "services/networking/blockbook-frontend.nix" + "services/networking/charybdis.nix" + "services/networking/cjdns.nix" + "services/networking/cntlm.nix" + "services/networking/connman.nix" + "services/networking/consul.nix" + "services/networking/coredns.nix" + "services/networking/corerad.nix" + "services/networking/coturn.nix" + "services/networking/croc.nix" + "services/networking/dante.nix" + "services/networking/ddclient.nix" + "services/networking/dhcpcd.nix" + "services/networking/dhcpd.nix" + "services/networking/dnscache.nix" + "services/networking/dnscrypt-proxy2.nix" + "services/networking/dnscrypt-wrapper.nix" + "services/networking/dnsdist.nix" + "services/networking/dnsmasq.nix" + "services/networking/doh-proxy-rust.nix" + "services/networking/ncdns.nix" + "services/networking/nomad.nix" + "services/networking/ejabberd.nix" + "services/networking/epmd.nix" + "services/networking/ergo.nix" + "services/networking/eternal-terminal.nix" + "services/networking/fakeroute.nix" + "services/networking/ferm.nix" + "services/networking/firefox/sync-server.nix" + "services/networking/fireqos.nix" + "services/networking/firewall.nix" + "services/networking/flannel.nix" + "services/networking/freenet.nix" + "services/networking/freeradius.nix" + "services/networking/gateone.nix" + "services/networking/gdomap.nix" + "services/networking/ghostunnel.nix" + "services/networking/git-daemon.nix" + "services/networking/globalprotect-vpn.nix" + "services/networking/gnunet.nix" + "services/networking/go-neb.nix" + "services/networking/go-shadowsocks2.nix" + "services/networking/gobgpd.nix" + "services/networking/gogoclient.nix" + "services/networking/gvpe.nix" + "services/networking/hans.nix" + "services/networking/haproxy.nix" + "services/networking/hostapd.nix" + "services/networking/htpdate.nix" + "services/networking/hylafax/default.nix" + "services/networking/i2pd.nix" + "services/networking/i2p.nix" + "services/networking/icecream/scheduler.nix" + "services/networking/icecream/daemon.nix" + "services/networking/inspircd.nix" + "services/networking/iodine.nix" + "services/networking/iperf3.nix" + "services/networking/ircd-hybrid/default.nix" + "services/networking/iscsi/initiator.nix" + "services/networking/iscsi/root-initiator.nix" + "services/networking/iscsi/target.nix" + "services/networking/iwd.nix" + "services/networking/jibri/default.nix" + "services/networking/jicofo.nix" + "services/networking/jitsi-videobridge.nix" + "services/networking/kea.nix" + "services/networking/keepalived/default.nix" + "services/networking/keybase.nix" + "services/networking/knot.nix" + "services/networking/kresd.nix" + "services/networking/lambdabot.nix" + "services/networking/libreswan.nix" + "services/networking/lldpd.nix" + "services/networking/logmein-hamachi.nix" + "services/networking/lxd-image-server.nix" + "services/networking/mailpile.nix" + "services/networking/magic-wormhole-mailbox-server.nix" + "services/networking/matterbridge.nix" + "services/networking/mjpg-streamer.nix" + "services/networking/minidlna.nix" + "services/networking/miniupnpd.nix" + "services/networking/mosquitto.nix" + "services/networking/monero.nix" + "services/networking/morty.nix" + "services/networking/miredo.nix" + "services/networking/mstpd.nix" + "services/networking/mtprotoproxy.nix" + "services/networking/mullvad-vpn.nix" + "services/networking/multipath.nix" + "services/networking/murmur.nix" + "services/networking/mxisd.nix" + "services/networking/namecoind.nix" + "services/networking/nar-serve.nix" + "services/networking/nat.nix" + "services/networking/nats.nix" + "services/networking/ndppd.nix" + "services/networking/nebula.nix" + "services/networking/networkmanager.nix" + "services/networking/nextdns.nix" + "services/networking/nftables.nix" + "services/networking/ngircd.nix" + "services/networking/nghttpx/default.nix" + "services/networking/nix-serve.nix" + "services/networking/nix-store-gcs-proxy.nix" + "services/networking/nixops-dns.nix" + "services/networking/nntp-proxy.nix" + "services/networking/nsd.nix" + "services/networking/ntopng.nix" + "services/networking/ntp/chrony.nix" + "services/networking/ntp/ntpd.nix" + "services/networking/ntp/openntpd.nix" + "services/networking/nullidentdmod.nix" + "services/networking/nylon.nix" + "services/networking/ocserv.nix" + "services/networking/ofono.nix" + "services/networking/oidentd.nix" + "services/networking/onedrive.nix" + "services/networking/openfire.nix" + "services/networking/openvpn.nix" + "services/networking/ostinato.nix" + "services/networking/owamp.nix" + "services/networking/pdnsd.nix" + "services/networking/pixiecore.nix" + "services/networking/pleroma.nix" + "services/networking/polipo.nix" + "services/networking/powerdns.nix" + "services/networking/pdns-recursor.nix" + "services/networking/pppd.nix" + "services/networking/pptpd.nix" + "services/networking/prayer.nix" + "services/networking/privoxy.nix" + "services/networking/prosody.nix" + "services/networking/quassel.nix" + "services/networking/quorum.nix" + "services/networking/quicktun.nix" + "services/networking/racoon.nix" + "services/networking/radicale.nix" + "services/networking/radvd.nix" + "services/networking/rdnssd.nix" + "services/networking/redsocks.nix" + "services/networking/resilio.nix" + "services/networking/robustirc-bridge.nix" + "services/networking/rpcbind.nix" + "services/networking/rxe.nix" + "services/networking/sabnzbd.nix" + "services/networking/seafile.nix" + "services/networking/searx.nix" + "services/networking/skydns.nix" + "services/networking/shadowsocks.nix" + "services/networking/shairport-sync.nix" + "services/networking/shellhub-agent.nix" + "services/networking/shorewall.nix" + "services/networking/shorewall6.nix" + "services/networking/shout.nix" + "services/networking/sniproxy.nix" + "services/networking/smartdns.nix" + "services/networking/smokeping.nix" + "services/networking/softether.nix" + "services/networking/solanum.nix" + "services/networking/soju.nix" + "services/networking/spacecookie.nix" + "services/networking/spiped.nix" + "services/networking/squid.nix" + "services/networking/sslh.nix" + "services/networking/ssh/lshd.nix" + "services/networking/ssh/sshd.nix" + "services/networking/strongswan.nix" + "services/networking/strongswan-swanctl/module.nix" + "services/networking/stunnel.nix" + "services/networking/stubby.nix" + "services/networking/supplicant.nix" + "services/networking/supybot.nix" + "services/networking/syncthing.nix" + "services/networking/syncthing-relay.nix" + "services/networking/syncplay.nix" + "services/networking/tailscale.nix" + "services/networking/tcpcrypt.nix" + "services/networking/teamspeak3.nix" + "services/networking/tedicross.nix" + "services/networking/thelounge.nix" + "services/networking/tinc.nix" + "services/networking/tinydns.nix" + "services/networking/tftpd.nix" + "services/networking/trickster.nix" + "services/networking/tox-bootstrapd.nix" + "services/networking/tox-node.nix" + "services/networking/toxvpn.nix" + "services/networking/tvheadend.nix" + "services/networking/ucarp.nix" + "services/networking/unbound.nix" + "services/networking/unifi.nix" + "services/video/unifi-video.nix" + "services/networking/v2ray.nix" + "services/networking/vsftpd.nix" + "services/networking/wasabibackend.nix" + "services/networking/websockify.nix" + "services/networking/wg-quick.nix" + "services/networking/wireguard.nix" + "services/networking/wpa_supplicant.nix" + "services/networking/xandikos.nix" + "services/networking/xinetd.nix" + "services/networking/xl2tpd.nix" + "services/networking/x2goserver.nix" + "services/networking/xrdp.nix" + "services/networking/yggdrasil.nix" + "services/networking/zerobin.nix" + "services/networking/zeronet.nix" + "services/networking/zerotierone.nix" + "services/networking/znc/default.nix" + "services/printing/cupsd.nix" + "services/scheduling/atd.nix" + "services/scheduling/cron.nix" + "services/scheduling/fcron.nix" + "services/search/elasticsearch.nix" + "services/search/elasticsearch-curator.nix" + "services/search/hound.nix" + "services/search/kibana.nix" + "services/search/meilisearch.nix" + "services/search/solr.nix" + "services/security/certmgr.nix" + "services/security/cfssl.nix" + "services/security/clamav.nix" + "services/security/fail2ban.nix" + "services/security/fprintd.nix" + "services/security/fprot.nix" + "services/security/haka.nix" + "services/security/haveged.nix" + "services/security/hockeypuck.nix" + "services/security/hologram-server.nix" + "services/security/hologram-agent.nix" + "services/security/munge.nix" + "services/security/nginx-sso.nix" + "services/security/oauth2_proxy.nix" + "services/security/oauth2_proxy_nginx.nix" + "services/security/opensnitch.nix" + "services/security/privacyidea.nix" + "services/security/physlock.nix" + "services/security/shibboleth-sp.nix" + "services/security/sks.nix" + "services/security/sshguard.nix" + "services/security/step-ca.nix" + "services/security/tor.nix" + "services/security/torify.nix" + "services/security/torsocks.nix" + "services/security/usbguard.nix" + "services/security/vault.nix" + "services/security/vaultwarden/default.nix" + "services/security/yubikey-agent.nix" + "services/system/cloud-init.nix" + "services/system/dbus.nix" + "services/system/earlyoom.nix" + "services/system/localtime.nix" + "services/system/kerberos/default.nix" + "services/system/nscd.nix" + "services/system/saslauthd.nix" + "services/system/self-deploy.nix" + "services/system/uptimed.nix" + "services/torrent/deluge.nix" + "services/torrent/flexget.nix" + "services/torrent/magnetico.nix" + "services/torrent/opentracker.nix" + "services/torrent/peerflix.nix" + "services/torrent/rtorrent.nix" + "services/torrent/transmission.nix" + "services/ttys/getty.nix" + "services/ttys/gpm.nix" + "services/ttys/kmscon.nix" + "services/web-apps/atlassian/confluence.nix" + "services/web-apps/atlassian/crowd.nix" + "services/web-apps/atlassian/jira.nix" + "services/web-apps/bookstack.nix" + "services/web-apps/calibre-web.nix" + "services/web-apps/code-server.nix" + "services/web-apps/convos.nix" + "services/web-apps/cryptpad.nix" + "services/web-apps/dex.nix" + "services/web-apps/discourse.nix" + "services/web-apps/documize.nix" + "services/web-apps/dokuwiki.nix" + "services/web-apps/engelsystem.nix" + "services/web-apps/fluidd.nix" + "services/web-apps/galene.nix" + "services/web-apps/gerrit.nix" + "services/web-apps/gotify-server.nix" + "services/web-apps/grocy.nix" + "services/web-apps/hedgedoc.nix" + "services/web-apps/hledger-web.nix" + "services/web-apps/icingaweb2/icingaweb2.nix" + "services/web-apps/icingaweb2/module-monitoring.nix" + "services/web-apps/ihatemoney" + "services/web-apps/isso.nix" + "services/web-apps/jirafeau.nix" + "services/web-apps/jitsi-meet.nix" + "services/web-apps/keycloak.nix" + "services/web-apps/lemmy.nix" + "services/web-apps/invidious.nix" + "services/web-apps/limesurvey.nix" + "services/web-apps/mastodon.nix" + "services/web-apps/mattermost.nix" + "services/web-apps/mediawiki.nix" + "services/web-apps/miniflux.nix" + "services/web-apps/moodle.nix" + "services/web-apps/nextcloud.nix" + "services/web-apps/nexus.nix" + "services/web-apps/node-red.nix" + "services/web-apps/pict-rs.nix" + "services/web-apps/peertube.nix" + "services/web-apps/plantuml-server.nix" + "services/web-apps/plausible.nix" + "services/web-apps/pgpkeyserver-lite.nix" + "services/web-apps/matomo.nix" + "services/web-apps/moinmoin.nix" + "services/web-apps/openwebrx.nix" + "services/web-apps/restya-board.nix" + "services/web-apps/sogo.nix" + "services/web-apps/rss-bridge.nix" + "services/web-apps/tt-rss.nix" + "services/web-apps/trac.nix" + "services/web-apps/trilium.nix" + "services/web-apps/selfoss.nix" + "services/web-apps/shiori.nix" + "services/web-apps/vikunja.nix" + "services/web-apps/virtlyst.nix" + "services/web-apps/wiki-js.nix" + "services/web-apps/whitebophir.nix" + "services/web-apps/wordpress.nix" + "services/web-apps/youtrack.nix" + "services/web-apps/zabbix.nix" + "services/web-servers/apache-httpd/default.nix" + "services/web-servers/caddy/default.nix" + "services/web-servers/darkhttpd.nix" + "services/web-servers/fcgiwrap.nix" + "services/web-servers/hitch/default.nix" + "services/web-servers/hydron.nix" + "services/web-servers/jboss/default.nix" + "services/web-servers/lighttpd/cgit.nix" + "services/web-servers/lighttpd/collectd.nix" + "services/web-servers/lighttpd/default.nix" + "services/web-servers/lighttpd/gitweb.nix" + "services/web-servers/mighttpd2.nix" + "services/web-servers/minio.nix" + "services/web-servers/molly-brown.nix" + "services/web-servers/nginx/default.nix" + "services/web-servers/nginx/gitweb.nix" + "services/web-servers/phpfpm/default.nix" + "services/web-servers/pomerium.nix" + "services/web-servers/unit/default.nix" + "services/web-servers/shellinabox.nix" + "services/web-servers/tomcat.nix" + "services/web-servers/traefik.nix" + "services/web-servers/trafficserver/default.nix" + "services/web-servers/ttyd.nix" + "services/web-servers/uwsgi.nix" + "services/web-servers/varnish/default.nix" + "services/web-servers/zope2.nix" + "system/activation/activation-script.nix" + "system/activation/top-level.nix" + "system/boot/binfmt.nix" + "system/boot/emergency-mode.nix" + "system/boot/grow-partition.nix" + "system/boot/initrd-network.nix" + "system/boot/initrd-ssh.nix" + "system/boot/initrd-openvpn.nix" + "system/boot/kernel.nix" + "system/boot/kexec.nix" + "system/boot/loader/efi.nix" + "system/boot/loader/generations-dir/generations-dir.nix" + "system/boot/loader/generic-extlinux-compatible" + "system/boot/loader/grub/grub.nix" + "system/boot/loader/grub/ipxe.nix" + "system/boot/loader/grub/memtest.nix" + "system/boot/loader/init-script/init-script.nix" + "system/boot/loader/loader.nix" + "system/boot/loader/raspberrypi/raspberrypi.nix" + "system/boot/loader/systemd-boot/systemd-boot.nix" + "system/boot/luksroot.nix" + "system/boot/modprobe.nix" + "system/boot/networkd.nix" + "system/boot/plymouth.nix" + "system/boot/resolved.nix" + "system/boot/shutdown.nix" + "system/boot/stage-1.nix" + "system/boot/stage-2.nix" + "system/boot/systemd.nix" + "system/boot/systemd-nspawn.nix" + "system/boot/timesyncd.nix" + "system/boot/tmp.nix" + "system/etc/etc.nix" + "tasks/auto-upgrade.nix" + "tasks/bcache.nix" + "tasks/cpu-freq.nix" + "tasks/encrypted-devices.nix" + "tasks/filesystems.nix" + "tasks/filesystems/bcachefs.nix" + "tasks/filesystems/btrfs.nix" + "tasks/filesystems/cifs.nix" + "tasks/filesystems/ecryptfs.nix" + "tasks/filesystems/exfat.nix" + "tasks/filesystems/ext.nix" + "tasks/filesystems/f2fs.nix" + "tasks/filesystems/jfs.nix" + "tasks/filesystems/nfs.nix" + "tasks/filesystems/ntfs.nix" + "tasks/filesystems/reiserfs.nix" + "tasks/filesystems/unionfs-fuse.nix" + "tasks/filesystems/vboxsf.nix" + "tasks/filesystems/vfat.nix" + "tasks/filesystems/xfs.nix" + "tasks/filesystems/zfs.nix" + "tasks/lvm.nix" + "tasks/network-interfaces.nix" + "tasks/network-interfaces-systemd.nix" + "tasks/network-interfaces-scripted.nix" + "tasks/scsi-link-power-management.nix" + "tasks/snapraid.nix" + "tasks/swraid.nix" + "tasks/powertop.nix" + "testing/service-runner.nix" + "virtualisation/anbox.nix" + "virtualisation/container-config.nix" + "virtualisation/containerd.nix" + "virtualisation/containers.nix" + "virtualisation/nixos-containers.nix" + "virtualisation/cri-o.nix" + "virtualisation/docker.nix" + "virtualisation/ecs-agent.nix" + "virtualisation/libvirtd.nix" + "virtualisation/lxc.nix" + "virtualisation/lxcfs.nix" + "virtualisation/lxd.nix" + "virtualisation/openvswitch.nix" + "virtualisation/qemu-guest-agent.nix" +] diff --git a/pkgs/default.nix b/pkgs/default.nix index 0bdc99f..13d0fc6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,9 +1,15 @@ -{ nixlib, nixpkgs }: +{ nixpkgs ? , nixlib ? nixpkgs.lib }: let pkgs = nixpkgs // turrispkgs; callPackage = nixlib.callPackageWith pkgs; + armv7lDisableCheck = pkg: if nixpkgs.system != "armv7l-linux" then pkg + else pkg.overrideAttrs (oldAttrs: { + doCheck = false; + doInstallCheck = false; + }); + turrispkgs = with pkgs; { bootstrapHook = callPackage ( { makeSetupHook, autoconf, autoconf-archive, automake, gettext, libtool }: @@ -20,16 +26,32 @@ let rev = "v" + version; sha256 = "1swjzs2249wvnqx2zvxwd7d1z22kd3512xxfvq002cvgbq78ka9a"; }; + patches = []; }); logc-libs = callPackage ./libraries/logc-libs { }; base64c = callPackage ./libraries/base64c { }; paho-mqtt-c = callPackage ./libraries/paho-mqtt-c { }; + sentinel-certgen = python3Packages.callPackage ./sentinel/certgen { }; + #sentinel-dynfw-client = python3Packages.callPackage ./sentinel/dynfw-client { }; sentinel-proxy = callPackage ./sentinel/proxy { }; sentinel-minipot = callPackage ./sentinel/minipot { }; sentinel-fwlogs = callPackage ./sentinel/fwlogs { }; sentinel-faillogs = callPackage ./sentinel/faillogs { }; + # Overrides to get armv7 to work + bison = armv7lDisableCheck nixpkgs.bison; + findutils = armv7lDisableCheck nixpkgs.findutils; + libuv = armv7lDisableCheck nixpkgs.libuv; + p11-kit = armv7lDisableCheck nixpkgs.p11-kit; + elfutils = armv7lDisableCheck nixpkgs.elfutils; + glib = armv7lDisableCheck nixpkgs.glib; + rustc = armv7lDisableCheck nixpkgs.rustc; + mdbook = armv7lDisableCheck nixpkgs.mdbook; + ell = armv7lDisableCheck nixpkgs.ell; + polkit = armv7lDisableCheck nixpkgs.polkit; + udisks2 = armv7lDisableCheck nixpkgs.udisks2; + udisks = udisks2; }; in turrispkgs diff --git a/pkgs/libraries/base64c/default.nix b/pkgs/libraries/base64c/default.nix index ec89a4b..9cb6def 100644 --- a/pkgs/libraries/base64c/default.nix +++ b/pkgs/libraries/base64c/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config +, check }: stdenv.mkDerivation rec { @@ -8,7 +9,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/base64c"; description = "Base64 encoding/decoding library for C"; - platforms = with platforms; linux; license = licenses.mit; }; @@ -19,4 +19,9 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [bootstrapHook pkg-config]; + depsBuildBuild = [check]; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch b/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch new file mode 100644 index 0000000..349bf91 --- /dev/null +++ b/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch @@ -0,0 +1,31 @@ +From ecd66fc7d0079093fc56c16233c1fb2e88879df3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= +Date: Thu, 24 Feb 2022 17:52:59 +0100 +Subject: [PATCH] tests/cmzq: try to fix test failure + +The errno seems to be possibly set by logc_czmq_init and thus we have to +reset errno after that. +--- + tests/czmq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/czmq.c b/tests/czmq.c +index b6244d1..f25ab07 100644 +--- a/tests/czmq.c ++++ b/tests/czmq.c +@@ -10,11 +10,11 @@ char *stderr_data; + size_t stderr_len; + + void f_setup() { +- errno = 0; + orig_stderr = stderr; + stderr = open_memstream(&stderr_data, &stderr_len); + logc_czmq_init(); + log_set_level(log_czmq, LL_DEBUG); ++ errno = 0; + } + void f_teardown() { + ck_assert_int_eq(errno, 0); +-- +2.35.1 + diff --git a/pkgs/libraries/logc-libs/default.nix b/pkgs/libraries/logc-libs/default.nix index 1fe7a18..f8e4a57 100644 --- a/pkgs/libraries/logc-libs/default.nix +++ b/pkgs/libraries/logc-libs/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config , logc, czmq, libevent +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/logc-libs"; description = "Logging for C"; - platforms = with platforms; linux; license = licenses.mit; }; @@ -21,4 +21,9 @@ stdenv.mkDerivation rec { buildInputs = [logc czmq libevent]; nativeBuildInputs = [bootstrapHook pkg-config]; + depsBuildBuild = [check]; + + doCheck = false; # TODO the test fails due to errno being set by czmq for some reason + doInstallCheck = false; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch b/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch new file mode 100644 index 0000000..3c0fafe --- /dev/null +++ b/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch @@ -0,0 +1,28 @@ +From 7105fb9859f4d3264dbaaee5dc7596c561dc3e1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= +Date: Tue, 4 Jan 2022 18:38:38 +0100 +Subject: [PATCH] configure.ac: fix cross compilation + +The AC_CHECK_FILE is not supported when cross compiling. We can just use +plain AS_IF with test for the same effect. +--- + CHANGELOG.md | 1 + + configure.ac | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5946a53..b6d42ea 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -18,7 +18,7 @@ PKG_INSTALLDIR + AX_CHECK_COMPILE_FLAG([-std=c11], , AC_MSG_ERROR([Compiler with C11 standard support is required])) + AX_APPEND_FLAG([-std=c11]) + +-AC_CHECK_FILE([${0%/*}/bootstrap],[ ++AS_IF([test -x "${0%/*}/bootstrap" ],[ + AC_PATH_PROG([GPERF], [gperf]) + AS_IF([test -z "$GPERF"], [AC_MSG_ERROR([Missing gperf generator])]) + ]) +-- +2.35.1 + diff --git a/pkgs/libraries/logc/default.nix b/pkgs/libraries/logc/default.nix index 784efd7..6ffd8f4 100644 --- a/pkgs/libraries/logc/default.nix +++ b/pkgs/libraries/logc/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config, gperf , libconfig +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/logc"; description = "Logging for C"; - platforms = with platforms; linux; license = licenses.mit; }; @@ -18,7 +18,15 @@ stdenv.mkDerivation rec { rev = "v" + version; sha256 = "15nplgjgg6dxryy4yzbj4524y77ci0syi970rmbr955m9vxvhrib"; }; + patches = [ + ./0001-configure.ac-fix-cross-compilation.patch + ]; buildInputs = [libconfig]; nativeBuildInputs = [bootstrapHook pkg-config gperf]; + depsBuildBuild = [check]; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/libraries/paho-mqtt-c/default.nix b/pkgs/libraries/paho-mqtt-c/default.nix index 07db14d..545af96 100644 --- a/pkgs/libraries/paho-mqtt-c/default.nix +++ b/pkgs/libraries/paho-mqtt-c/default.nix @@ -9,7 +9,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://eclipse.org/paho"; description = "An Eclipse Paho C client library for MQTT"; - platforms = with platforms; linux; license = licenses.epl20; }; diff --git a/pkgs/sentinel/certgen/default.nix b/pkgs/sentinel/certgen/default.nix new file mode 100644 index 0000000..bc0b35c --- /dev/null +++ b/pkgs/sentinel/certgen/default.nix @@ -0,0 +1,23 @@ +{ buildPythonApplication, lib, fetchgit +, python3 +, ipset +}: + +buildPythonApplication rec { + pname = "sentinel-dynfw-client"; + version = "6.2"; + meta = with lib; { + homepage = "https://gitlab.nic.cz/turris/sentinel/certgen"; + description = "Sentinel automated passwords and certificates retrieval"; + license = licenses.gpl3; + }; + + src = fetchgit { + url = "https://gitlab.nic.cz/turris/sentinel/certgen.git"; + rev = "v" + version; + sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb"; + }; + + # TODO we are missing crypto-wrapper + buildInputs = with python3.pkgs; [six requests cryptography]; +} diff --git a/pkgs/sentinel/dynfw-client/default.nix b/pkgs/sentinel/dynfw-client/default.nix new file mode 100644 index 0000000..b059b6d --- /dev/null +++ b/pkgs/sentinel/dynfw-client/default.nix @@ -0,0 +1,26 @@ +{ buildPythonApplication, lib, fetchgit +, ipset +}: + +buildPythonApplication rec { + pname = "sentinel-dynfw-client"; + version = "1.4.0"; + meta = with lib; { + homepage = "https://gitlab.nic.cz/turris/sentinel/dynfw-client"; + description = "Dynamic firewall client"; + platforms = platforms.linux; + license = licenses.gpl3; + }; + + src = fetchgit { + url = "https://gitlab.nic.cz/turris/sentinel/dynfw-client.git"; + rev = "v" + version; + sha256 = "1g0wbhsjzifvdfvig6922cl3yfj1f96yvg11s4vgiaxca9yspcmp"; + }; + + buildInputs = [ipset]; + preConfigure = '' + ls + find -type f | xargs sed -i 's#/usr/sbin/ipset#${ipset}#g' + ''; +} diff --git a/pkgs/sentinel/faillogs/default.nix b/pkgs/sentinel/faillogs/default.nix index d4bfa6b..4b3a2d3 100644 --- a/pkgs/sentinel/faillogs/default.nix +++ b/pkgs/sentinel/faillogs/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config, gperf , logc, logc-libs, libevent, czmq, msgpack, libconfig +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/sentinel/faillogs"; description = "Failed login attempt logs collector"; - platforms = with platforms; linux; license = licenses.gpl3; }; @@ -21,4 +21,9 @@ stdenv.mkDerivation rec { buildInputs = [logc logc-libs libevent czmq msgpack libconfig]; nativeBuildInputs = [bootstrapHook pkg-config gperf]; + depsBuildBuild = [check]; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/sentinel/fwlogs/default.nix b/pkgs/sentinel/fwlogs/default.nix index c388a76..6c9d529 100644 --- a/pkgs/sentinel/fwlogs/default.nix +++ b/pkgs/sentinel/fwlogs/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config , czmq, msgpack, logc-0_1, logc-libs, libconfig, libnetfilter_log +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/sentinel/fwlogs"; description = "Firewall logs collector"; - platforms = with platforms; linux; + platforms = platforms.linux; license = licenses.gpl3; }; @@ -21,4 +22,9 @@ stdenv.mkDerivation rec { buildInputs = [czmq msgpack logc-0_1 logc-libs libconfig libnetfilter_log]; nativeBuildInputs = [bootstrapHook pkg-config]; + depsBuildBuild = [check]; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/sentinel/minipot/default.nix b/pkgs/sentinel/minipot/default.nix index 89b93f6..1f26074 100644 --- a/pkgs/sentinel/minipot/default.nix +++ b/pkgs/sentinel/minipot/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit , bootstrapHook, pkg-config, gperf , czmq, msgpack, libevent, base64c, logc-0_1, logc-libs +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/sentinel/minipot"; description = "Firewall logs collector"; - platforms = with platforms; linux; license = licenses.gpl3; }; @@ -21,4 +21,9 @@ stdenv.mkDerivation rec { buildInputs = [czmq msgpack libevent base64c logc-0_1 logc-libs]; nativeBuildInputs = [bootstrapHook pkg-config gperf]; + depsBuildBuild = [check]; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } diff --git a/pkgs/sentinel/proxy/default.nix b/pkgs/sentinel/proxy/default.nix index 5de2836..a3b6bf2 100644 --- a/pkgs/sentinel/proxy/default.nix +++ b/pkgs/sentinel/proxy/default.nix @@ -1,6 +1,7 @@ { stdenv, lib, fetchgit -, autoconf, autoconf-archive, automake, libtool, pkgconfig, gperf +, bootstrapHook, pkg-config, gperf , openssl, zlib, czmq, libconfig, msgpack, paho-mqtt-c +, check }: stdenv.mkDerivation rec { @@ -9,7 +10,6 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://gitlab.nic.cz/turris/sentinel/proxy"; description = "Main MQTT Sentinel client. Proxy that lives on the router and relays messages received from ZMQ to uplink server over MQTT channel."; - platforms = with platforms; linux; license = licenses.gpl3; }; @@ -20,9 +20,12 @@ stdenv.mkDerivation rec { }; buildInputs = [openssl zlib czmq libconfig msgpack paho-mqtt-c]; - nativeBuildInputs = [ - autoconf autoconf-archive automake libtool pkgconfig gperf - ]; + nativeBuildInputs = [bootstrapHook pkg-config gperf]; + depsBuildBuild = [check]; preConfigure = "./bootstrap"; + + doCheck = true; + doInstallCheck = true; + configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests"; } -- cgit v1.2.3