Project import generated by Copybara.

GitOrigin-RevId: 78cd22c1b8604de423546cd49bfe264b786eca13
This commit is contained in:
Default email 2022-01-03 17:56:52 +01:00
parent d79265ddad
commit 2495e3f88b
1007 changed files with 10657 additions and 19342 deletions

View file

@ -233,6 +233,7 @@
/pkgs/applications/blockchains @mmahut @RaghavSood
# Go
/doc/languages-frameworks/go.section.md @kalbasit @Mic92 @zowoq
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
/pkgs/development/go-modules @kalbasit @Mic92 @zowoq
/pkgs/development/go-packages @kalbasit @Mic92 @zowoq
@ -248,3 +249,6 @@
/pkgs/development/compilers/nim @ehmry
/pkgs/development/nim-packages @ehmry
/pkgs/top-level/nim-packages.nix @ehmry
# terraform providers
/pkgs/applications/networking/cluster/terraform-providers @zowoq

View file

@ -3,6 +3,7 @@
.*.swp
.*.swo
.idea/
.vscode/
outputs/
result
result-*

View file

@ -1,6 +1,5 @@
--[[
Turns a manpage reference into a link, when a mapping is defined
in the unix-man-urls.lua file.
Turns a manpage reference into a link, when a mapping is defined below.
]]
local man_urls = {

View file

@ -55,7 +55,7 @@ Additionally, the following syntax extensions are currently used:
- []{#ssec-contributing-markup-inline-roles}
If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``, which will turn into {manpage}`nix.conf(5)`.
The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/unix-man-urls.lua`.
The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/link-unix-man-references.lua`.
This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/syntax/syntax.html#roles-an-in-line-extension-point). Though, the feature originates from [reStructuredText](https://www.sphinx-doc.org/en/master/usage/restructuredtext/roles.html#role-manpage) with slightly different syntax.

View file

@ -246,11 +246,21 @@ If the branch is already in a broken state, please refrain from adding extra new
### Stable release branches {#submitting-changes-stable-release-branches}
For cherry-picking a commit to a stable release branch (“backporting”), use `git cherry-pick -x <original commit>` so that the original commit id is included in the commit.
The same staging workflow applies to stable release branches, but the main branch is called `release-*` instead of `master`.
Add a reason for the backport by using `git cherry-pick -xe <original commit>` instead when it is not obvious from the original commit message. It is not needed when it's a minor version update that includes security and bug fixes but don't add new features or when the commit fixes an otherwise broken package.
Example branch names: `release-21.11`, `staging-21.11`, `staging-next-21.11`.
For backporting Pull Requests to stable branches, assign label `backport <branch>` to the original Pull Requests and automation should take care of the rest once the Pull Requests is merged.
Most changes added to the stable release branches are cherry-picked (“backported”) from the `master` and staging branches.
#### Automatically backporting a Pull Request {#submitting-changes-stable-release-branches-automatic-backports}
Assign label `backport <branch>` (e.g. `backport release-21.11`) to the PR and a backport PR is automatically created after the PR is merged.
#### Manually backporting changes {#submitting-changes-stable-release-branches-manual-backports}
Cherry-pick changes via `git cherry-pick -x <original commit>` so that the original commit id is included in the commit message.
Add a reason for the backport when it is not obvious from the original commit message. You can do this by cherry picking with `git cherry-pick -xe <original commit>`, which allows editing the commit message. This is not needed for minor version updates that include security and bug fixes but don't add new features or when the commit fixes an otherwise broken package.
Here is an example of a cherry-picked commit message with good reason description:

View file

@ -29,8 +29,6 @@ pet = buildGoModule rec {
vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
runVend = true;
meta = with lib; {
description = "Simple command-line snippet manager, written in Go";
homepage = "https://github.com/knqyf263/pet";

View file

@ -1170,6 +1170,17 @@
githubId = 56650223;
name = "Artturi N";
};
azahi = {
email = "azahi@teknik.io";
matrix = "@azahi:matrix.org";
github = "azahi";
githubId = 22211000;
name = "Azat Bahawi";
keys = [{
longkeyid = "rsa2048/0xB40FCB6608BBE3B6";
fingerprint = "E9F3 483F 31C7 29B4 4CA2 7C38 B40F CB66 08BB E3B6";
}];
};
ayazhafiz = {
email = "ayaz.hafiz.1@gmail.com";
github = "ayazhafiz";
@ -1877,6 +1888,13 @@
githubId = 495429;
name = "Claas Augner";
};
cawilliamson = {
email = "home@chrisaw.com";
github = "cawilliamson";
githubId = 1141769;
matrix = "@cawilliamson:nixos.dev";
name = "Christopher A. Williamson";
};
cbley = {
email = "claudio.bley@gmail.com";
github = "avdv";
@ -2070,12 +2088,6 @@
githubId = 399718;
name = "Chris Martin";
};
chrisaw = {
email = "home@chrisaw.com";
github = "cawilliamson";
githubId = 1141769;
name = "Christopher A. Williamson";
};
chrisjefferson = {
email = "chris@bubblescope.net";
github = "chrisjefferson";
@ -3125,6 +3137,16 @@
githubId = 10198051;
name = "Drew Risinger";
};
drperceptron = {
email = "92106371+drperceptron@users.noreply.github.com";
github = "drperceptron";
githubId = 92106371;
name = "Dr Perceptron";
keys = [{
longkeyid = "rsa4096/0x95EB6DFF26D1CEB0";
fingerprint = "7E38 89D9 B1A8 B381 C8DE A15F 95EB 6DFF 26D1 CEB0";
}];
};
drupol = {
name = "Pol Dellaiera";
email = "pol.dellaiera@protonmail.com";
@ -8636,7 +8658,7 @@
};
noreferences = {
email = "norkus@norkus.net";
github = "noreferences";
github = "jozuas";
githubId = 13085275;
name = "Juozas Norkus";
};
@ -11037,6 +11059,13 @@
githubId = 26806;
name = "Scott Olson";
};
SomeoneSerge = {
email = "sergei.kozlukov@aalto.fi";
matrix = "@ss:someonex.net";
github = "SomeoneSerge";
githubId = 9720532;
name = "Sergei K";
};
sondr3 = {
email = "nilsen.sondre@gmail.com";
github = "sondr3";
@ -11163,6 +11192,12 @@
githubId = 7512804;
name = "Martin Langlotz";
};
steamwalker = {
email = "steamwalker@xs4all.nl";
github = "steamwalker";
githubId = 94006354;
name = "steamwalker";
};
steell = {
email = "steve@steellworks.com";
github = "Steell";
@ -11600,6 +11635,12 @@
githubId = 280235;
name = "Terje Larsen";
};
terrorjack = {
email = "astrohavoc@gmail.com";
github = "TerrorJack";
githubId = 3889585;
name = "Cheng Shao";
};
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
@ -11795,6 +11836,13 @@
githubId = 1618946;
name = "Tiago Castro";
};
tilcreator = {
name = "Tilman Jackel";
email = "contact.nixos@tc-j.de";
matrix = "@tilcreator:matrix.org";
github = "TilCreator";
githubId = 18621411;
};
tilpner = {
email = "till@hoeppner.ws";
github = "tilpner";
@ -12851,6 +12899,12 @@
githubId = 2242427;
name = "Yoann Ono";
};
yana = {
email = "yana@riseup.net";
github = "alpakido";
githubId = 1643293;
name = "Yana Timoshenko";
};
yarny = {
email = "41838844+Yarny0@users.noreply.github.com";
github = "Yarny0";
@ -12870,12 +12924,6 @@
githubId = 73759599;
name = "Lara A.";
};
yegortimoshenko = {
email = "yegortimoshenko@riseup.net";
github = "yegortimoshenko";
githubId = 1643293;
name = "Yegor Timoshenko";
};
yesbox = {
email = "jesper.geertsen.jonsson@gmail.com";
github = "yesbox";
@ -13434,6 +13482,12 @@
github = "zeri42";
githubId = 68825133;
};
zombiezen = {
name = "Ross Light";
email = "ross@zombiezen.com";
github = "zombiezen";
githubId = 181535;
};
zseri = {
name = "zseri";
email = "zseri.devel@ytrizja.de";

View file

@ -273,13 +273,6 @@
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a

View file

@ -30,6 +30,14 @@
PHP 8.1 is now available
</para>
</listitem>
<listitem>
<para>
Mattermost has been updated to version 6.2. Migrations may
take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade
notes</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-new-services">
@ -51,6 +59,14 @@
<link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://conduit.rs/">matrix-conduit</link>,
a simple, fast and reliable chat server powered by matrix.
Available as
<link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
@ -59,6 +75,13 @@
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>,
a bouncer-style Matrix IRC bridge. Available as
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
@ -66,6 +89,21 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -109,6 +147,13 @@
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
(<literal>services.moinmoin</literal>) has been removed,
because Python 2 is being retired from nixpkgs.
</para>
</listitem>
<listitem>
<para>
The <literal>wafHook</literal> hook now honors
@ -169,6 +214,20 @@
~100MB for python itself).
</para>
</listitem>
<listitem>
<para>
<literal>documentation.man</literal> has been refactored to
support choosing a man implementation other than GNUs
<literal>man-db</literal>. For this,
<literal>documentation.man.manualPages</literal> has been
renamed to
<literal>documentation.man.man-db.manualPages</literal>. If
you want to use the new alternative man implementation
<literal>mandoc</literal>, add
<literal>documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }</literal>
to your configuration.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
@ -244,7 +303,7 @@
<listitem>
<para>
The option
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
<link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy

View file

@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

View file

@ -13,15 +13,26 @@ In addition to numerous new and upgraded packages, this release has the followin
- PHP 8.1 is now available
- Mattermost has been updated to version 6.2. Migrations may take a while,
see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release).
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable).
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -43,6 +54,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
- `pkgs.claws-mail-gtk2`, representing Claws Mail's older release version three, was removed in order to get rid of Python 2.
@ -62,6 +75,8 @@ In addition to numerous new and upgraded packages, this release has the followin
This has the added benefit to reduce the closure size of `ipython` from ~400MB to ~160MB
(including ~100MB for python itself).
- `documentation.man` has been refactored to support choosing a man implementation other than GNU's `man-db`. For this, `documentation.man.manualPages` has been renamed to `documentation.man.man-db.manualPages`. If you want to use the new alternative man implementation `mandoc`, add `documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }` to your configuration.
## Other Notable Changes {#sec-release-22.05-notable-changes}
- The option [services.redis.servers](#opt-services.redis.servers) was added
@ -97,7 +112,7 @@ In addition to numerous new and upgraded packages, this release has the followin
will now correctly remove those domains during rebuild/renew.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
[programs.ssh.enableAskPassword](#opt-programs.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.

View file

@ -74,10 +74,6 @@ let
];
};
# list of man outputs currently active intended for use as default values
# for man-related options, thus "man" is included unconditionally.
activeManOutputs = [ "man" ] ++ lib.optionals cfg.dev.enable [ "devman" ];
in
{
@ -107,8 +103,8 @@ in
type = types.bool;
default = true;
description = ''
Whether to install manual pages and the <command>man</command> command.
This also includes "man" outputs.
Whether to install manual pages.
This also includes <literal>man</literal> outputs.
'';
};
@ -116,27 +112,18 @@ in
type = types.bool;
default = false;
description = ''
Whether to generate the manual page index caches using
<literal>mandb(8)</literal>. This allows searching for a page or
keyword using utilities like <literal>apropos(1)</literal>.
'';
};
man.manualPages = mkOption {
type = types.path;
default = pkgs.buildEnv {
name = "man-paths";
paths = config.environment.systemPackages;
pathsToLink = [ "/share/man" ];
extraOutputsToInstall = activeManOutputs;
ignoreCollisions = true;
};
defaultText = literalDocBook "all man pages in <option>config.environment.systemPackages</option>";
description = ''
The manual pages to generate caches for if <option>generateCaches</option>
is enabled. Must be a path to a directory with man pages under
<literal>/share/man</literal>; see the source for an example.
Advanced users can make this a content-addressed derivation to save a few rebuilds.
Whether to generate the manual page index caches.
This allows searching for a page or
keyword using utilities like
<citerefentry>
<refentrytitle>apropos</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>
and the <literal>-k</literal> option of
<citerefentry>
<refentrytitle>man</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>.
'';
};
@ -220,30 +207,22 @@ in
};
config = mkIf cfg.enable (mkMerge [
{
assertions = [
{
assertion = !(cfg.man.man-db.enable && cfg.man.mandoc.enable);
message = ''
man-db and mandoc can't be used as the default man page viewer at the same time!
'';
}
];
}
# The actual implementation for this lives in man-db.nix or mandoc.nix,
# depending on which backend is active.
(mkIf cfg.man.enable {
environment.systemPackages = [ pkgs.man-db ];
environment.pathsToLink = [ "/share/man" ];
environment.extraOutputsToInstall = activeManOutputs;
environment.etc."man_db.conf".text =
let
manualCache = pkgs.runCommandLocal "man-cache" { } ''
echo "MANDB_MAP ${cfg.man.manualPages}/share/man $out" > man.conf
${pkgs.man-db}/bin/mandb -C man.conf -psc >/dev/null 2>&1
'';
in
''
# Manual pages paths for NixOS
MANPATH_MAP /run/current-system/sw/bin /run/current-system/sw/share/man
MANPATH_MAP /run/wrappers/bin /run/current-system/sw/share/man
${optionalString cfg.man.generateCaches ''
# Generated manual pages cache for NixOS (immutable)
MANDB_MAP /run/current-system/sw/share/man ${manualCache}
''}
# Manual pages caches for NixOS
MANDB_MAP /run/current-system/sw/share/man /var/cache/man/nixos
'';
environment.extraOutputsToInstall = [ "man" ] ++ optional cfg.dev.enable "devman";
})
(mkIf cfg.info.enable {

View file

@ -296,7 +296,7 @@ in
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
# couchpotato = 267; # unused, removed 2022-01-01
gogs = 268;
#pdns-recursor = 269; # dynamically allocated as of 2020-20-18
#kresd = 270; # switched to "knot-resolver" with dynamic ID
@ -603,7 +603,7 @@ in
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
# couchpotato = 267; # unused, removed 2022-01-01
gogs = 268;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
#rpc = 271; # unused

View file

@ -0,0 +1,73 @@
{ config, pkgs, lib, ... }:
let
cfg = config.documentation.man.man-db;
in
{
options = {
documentation.man.man-db = {
enable = lib.mkEnableOption "man-db as the default man page viewer" // {
default = config.documentation.man.enable;
defaultText = lib.literalExpression "config.documentation.man.enable";
example = false;
};
manualPages = lib.mkOption {
type = lib.types.path;
default = pkgs.buildEnv {
name = "man-paths";
paths = config.environment.systemPackages;
pathsToLink = [ "/share/man" ];
extraOutputsToInstall = [ "man" ]
++ lib.optionals config.documentation.dev.enable [ "devman" ];
ignoreCollisions = true;
};
defaultText = lib.literalDocBook "all man pages in <option>config.environment.systemPackages</option>";
description = ''
The manual pages to generate caches for if <option>documentation.man.generateCaches</option>
is enabled. Must be a path to a directory with man pages under
<literal>/share/man</literal>; see the source for an example.
Advanced users can make this a content-addressed derivation to save a few rebuilds.
'';
};
package = lib.mkOption {
type = lib.types.package;
default = pkgs.man-db;
defaultText = lib.literalExpression "pkgs.man-db";
description = ''
The <literal>man-db</literal> derivation to use. Useful to override
configuration options used for the package.
'';
};
};
};
imports = [
(lib.mkRenamedOptionModule [ "documentation" "man" "manualPages" ] [ "documentation" "man" "man-db" "manualPages" ])
];
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.etc."man_db.conf".text =
let
manualCache = pkgs.runCommandLocal "man-cache" { } ''
echo "MANDB_MAP ${cfg.manualPages}/share/man $out" > man.conf
${cfg.package}/bin/mandb -C man.conf -psc >/dev/null 2>&1
'';
in
''
# Manual pages paths for NixOS
MANPATH_MAP /run/current-system/sw/bin /run/current-system/sw/share/man
MANPATH_MAP /run/wrappers/bin /run/current-system/sw/share/man
${lib.optionalString config.documentation.man.generateCaches ''
# Generated manual pages cache for NixOS (immutable)
MANDB_MAP /run/current-system/sw/share/man ${manualCache}
''}
# Manual pages caches for NixOS
MANDB_MAP /run/current-system/sw/share/man /var/cache/man/nixos
'';
};
}

View file

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }:
let
makewhatis = "${lib.getBin cfg.package}/bin/makewhatis";
cfg = config.documentation.man.mandoc;
in {
meta.maintainers = [ lib.maintainers.sternenseemann ];
options = {
documentation.man.mandoc = {
enable = lib.mkEnableOption "mandoc as the default man page viewer";
manPath = lib.mkOption {
type = with lib.types; listOf str;
default = [ "share/man" ];
example = lib.literalExpression "[ \"share/man\" \"share/man/fr\" ]";
description = ''
Change the manpath, i. e. the directories where
<citerefentry><refentrytitle>man</refentrytitle><manvolnum>1</manvolnum></citerefentry>
looks for section-specific directories of man pages.
You only need to change this setting if you want extra man pages
(e. g. in non-english languages). All values must be strings that
are a valid path from the target prefix (without including it).
The first value given takes priority.
'';
};
package = lib.mkOption {
type = lib.types.package;
default = pkgs.mandoc;
defaultText = lib.literalExpression "pkgs.mandoc";
description = ''
The <literal>mandoc</literal> derivation to use. Useful to override
configuration options used for the package.
'';
};
};
};
config = lib.mkIf cfg.enable {
environment = {
systemPackages = [ cfg.package ];
# tell mandoc about man pages
etc."man.conf".text = lib.concatMapStrings (path: ''
manpath /run/current-system/sw/${path}
'') cfg.manPath;
# create mandoc.db for whatis(1), apropos(1) and man(1) -k
# TODO(@sternenseemman): fix symlinked directories not getting indexed,
# see: https://inbox.vuxu.org/mandoc-tech/20210906171231.GF83680@athene.usta.de/T/#e85f773c1781e3fef85562b2794f9cad7b2909a3c
extraSetup = lib.mkIf config.documentation.man.generateCaches ''
${makewhatis} -T utf8 ${
lib.concatMapStringsSep " " (path: "\"$out/${path}\"") cfg.manPath
}
'';
};
};
}

View file

@ -108,6 +108,8 @@
./misc/lib.nix
./misc/label.nix
./misc/locate.nix
./misc/man-db.nix
./misc/mandoc.nix
./misc/meta.nix
./misc/nixpkgs.nix
./misc/passthru.nix
@ -509,7 +511,6 @@
./services/misc/cpuminer-cryptonight.nix
./services/misc/cgminer.nix
./services/misc/confd.nix
./services/misc/couchpotato.nix
./services/misc/dendrite.nix
./services/misc/devmon.nix
./services/misc/dictd.nix
@ -554,6 +555,7 @@
./services/misc/mame.nix
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-conduit.nix
./services/misc/matrix-synapse.nix
./services/misc/mautrix-facebook.nix
./services/misc/mautrix-telegram.nix
@ -561,7 +563,6 @@
./services/misc/mediatomb.nix
./services/misc/metabase.nix
./services/misc/moonraker.nix
./services/misc/mwlib.nix
./services/misc/mx-puppet-discord.nix
./services/misc/n8n.nix
./services/misc/nitter.nix
@ -737,7 +738,6 @@
./services/networking/eternal-terminal.nix
./services/networking/fakeroute.nix
./services/networking/ferm.nix
./services/networking/firefox/sync-server.nix
./services/networking/fireqos.nix
./services/networking/firewall.nix
./services/networking/flannel.nix
@ -1027,13 +1027,11 @@
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
./services/web-apps/openwebrx.nix
./services/web-apps/restya-board.nix
./services/web-apps/sogo.nix
./services/web-apps/rss-bridge.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/trilium.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix

View file

@ -74,8 +74,10 @@ in {
</para>
<para>
You will get file collisions if you put the actual application binary in
the global environment and applications started via .desktop files are
not wrapped if they specify the absolute path to the binary.
the global environment (such as by adding the application package to
<code>environment.systemPackages</code>), and applications started via
.desktop files are not wrapped if they specify the absolute path to the
binary.
'';
};
};

View file

@ -20,10 +20,11 @@ with lib;
(mkRemovedOptionModule [ "fonts" "fontconfig" "penultimate" ] "The corresponding package has removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
(mkRemovedOptionModule [ "services" "chronos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "couchpotato" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "deepin" ] "The corresponding packages were removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
@ -37,6 +38,7 @@ with lib;
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''

View file

@ -244,8 +244,6 @@ in
security.apparmor.includes."nixos/security.wrappers" = ''
include "${pkgs.apparmorRulesFromClosure { name="security.wrappers"; } [
securityWrapper
pkgs.stdenv.cc.cc
pkgs.stdenv.cc.libc
]}"
'';

View file

@ -95,6 +95,10 @@ in
};
};
systemd.tmpfiles.rules = mkIf cfg.privateRepos [
"f ${cfg.dataDir}/.htpasswd 0700 restic restic -"
];
users.users.restic = {
group = "restic";
home = cfg.dataDir;

View file

@ -4,8 +4,9 @@ with lib;
let
cfg = config.services.logrotate;
inherit (config.users) groups;
pathOpts = {
pathOpts = { name, ... }: {
options = {
enable = mkOption {
type = types.bool;
@ -16,10 +17,19 @@ let
'';
};
path = mkOption {
name = mkOption {
type = types.str;
internal = true;
};
path = mkOption {
type = with types; either str (listOf str);
default = name;
defaultText = "attribute name";
description = ''
The path to log files to be rotated.
Spaces are allowed and normal shell quoting rules apply,
with ', ", and \ characters supported.
'';
};
@ -74,6 +84,7 @@ let
};
};
config.name = name;
config.extraConfig = ''
missingok
notifempty
@ -82,7 +93,7 @@ let
mkConf = pathOpts: ''
# generated by NixOS using the `services.logrotate.paths.${pathOpts.name}` attribute set
"${pathOpts.path}" {
${concatMapStringsSep " " (path: ''"${path}"'') (toList pathOpts.path)} {
${optionalString (pathOpts.user != null || pathOpts.group != null) "su ${pathOpts.user} ${pathOpts.group}"}
${pathOpts.frequency}
rotate ${toString pathOpts.keep}
@ -90,7 +101,7 @@ let
}
'';
paths = sortProperties (mapAttrsToList (name: pathOpts: pathOpts // { name = name; }) (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
paths = sortProperties (attrValues (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
configFile = pkgs.writeText "logrotate.conf" (concatStringsSep "\n" ((map mkConf paths) ++ [ cfg.extraConfig ]));
in
@ -152,17 +163,34 @@ in
}
) cfg.paths;
services.logrotate = {
paths = {
"/var/log/btmp" = {
frequency = mkDefault "monthly";
keep = mkDefault 1;
extraConfig = ''
create 0660 root ${groups.utmp.name}
'';
};
"/var/log/wtmp" = {
frequency = mkDefault "monthly";
keep = mkDefault 1;
extraConfig = ''
create 0664 root ${groups.utmp.name}
'';
};
};
};
systemd.services.logrotate = {
description = "Logrotate Service";
wantedBy = [ "multi-user.target" ];
startAt = "hourly";
script = ''
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
serviceConfig = {
Restart = "no";
User = "root";
ExecStart = "${pkgs.logrotate}/sbin/logrotate ${configFile}";
};
};
};

View file

@ -3,9 +3,16 @@
with lib;
let
name = "maddy";
cfg = config.services.maddy;
defaultConfig = ''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in production!
tls off
auth.pass_table local_authdb {
@ -131,22 +138,34 @@ let
in {
options = {
services.maddy = {
enable = mkEnableOption "Maddy, a free an open source mail server";
user = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the user under which maddy will run. If not specified, a
default user will be created.
User account under which maddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists before the maddy service starts.
</para></note>
'';
};
group = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the group under which maddy will run. If not specified, a
default group will be created.
Group account under which maddy runs.
<note><para>
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the group exists before the maddy service starts.
</para></note>
'';
};
@ -158,6 +177,7 @@ in {
Hostname to use. It should be FQDN.
'';
};
primaryDomain = mkOption {
default = "localhost";
type = with types; uniq string;
@ -166,6 +186,7 @@ in {
Primary MX domain to use. It should be FQDN.
'';
};
localDomains = mkOption {
type = with types; listOf str;
default = ["$(primary_domain)"];
@ -178,11 +199,18 @@ in {
Define list of allowed domains.
'';
};
config = mkOption {
type = with types; nullOr lines;
default = defaultConfig;
description = ''
Server configuration.
Server configuration, see
<link xlink:href="https://maddy.email">https://maddy.email</link> for
more information. The default configuration of this module will setup
minimal maddy instance for mail transfer without TLS encryption.
<note><para>
This should not be used in a production environment.
</para></note>
'';
};
@ -203,9 +231,11 @@ in {
packages = [ pkgs.maddy ];
services.maddy = {
serviceConfig = {
User = "${cfg.user}";
Group = "${cfg.group}";
User = cfg.user;
Group = cfg.group;
StateDirectory = [ "maddy" ];
};
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
wantedBy = [ "multi-user.target" ];
};
};
@ -220,20 +250,16 @@ in {
'';
};
users.users = optionalAttrs (cfg.user == "maddy") {
maddy = {
description = "Maddy service user";
group = cfg.group;
home = "/var/lib/maddy";
createHome = true;
users.users = optionalAttrs (cfg.user == name) {
${name} = {
isSystemUser = true;
group = cfg.group;
description = "Maddy mail transfer agent user";
};
};
users.groups = mkIf (cfg.group == "maddy") {
maddy = pkgs.lib.mkForce {
name = cfg.group;
};
users.groups = optionalAttrs (cfg.group == name) {
${cfg.group} = { };
};
networking.firewall = mkIf cfg.openFirewall {

View file

@ -1,42 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.couchpotato;
in
{
options = {
services.couchpotato = {
enable = mkEnableOption "CouchPotato Server";
};
};
config = mkIf cfg.enable {
systemd.services.couchpotato = {
description = "CouchPotato Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "couchpotato";
Group = "couchpotato";
StateDirectory = "couchpotato";
ExecStart = "${pkgs.couchpotato}/bin/couchpotato";
Restart = "on-failure";
};
};
users.users.couchpotato =
{ group = "couchpotato";
home = "/var/lib/couchpotato/";
description = "CouchPotato daemon user";
uid = config.ids.uids.couchpotato;
};
users.groups.couchpotato =
{ gid = config.ids.gids.couchpotato; };
};
}

View file

@ -0,0 +1,208 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.heisenbridge;
pkg = config.services.heisenbridge.package;
bin = "${pkg}/bin/heisenbridge";
jsonType = (pkgs.formats.json { }).type;
registrationFile = "/var/lib/heisenbridge/registration.yml";
# JSON is a proper subset of YAML
bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON {
id = "heisenbridge";
url = cfg.registrationUrl;
# Don't specify as_token and hs_token
rate_limited = false;
sender_localpart = "heisenbridge";
namespaces = cfg.namespaces;
});
in
{
options.services.heisenbridge = {
enable = mkEnableOption "the Matrix<->IRC bridge";
package = mkOption {
type = types.package;
default = pkgs.heisenbridge;
defaultText = "pkgs.heisenbridge";
example = "pkgs.heisenbridge.override { = ; }";
description = ''
Package of the application to run, exposed for overriding purposes.
'';
};
homeserver = mkOption {
type = types.str;
description = "The URL to the home server for client-server API calls";
example = "http://localhost:8008";
};
registrationUrl = mkOption {
type = types.str;
description = ''
The URL where the application service is listening for HS requests, from the Matrix HS perspective.#
The default value assumes the bridge runs on the same host as the home server, in the same network.
'';
example = "https://matrix.example.org";
default = "http://${cfg.address}:${toString cfg.port}";
defaultText = "http://$${cfg.address}:$${toString cfg.port}";
};
address = mkOption {
type = types.str;
description = "Address to listen on. IPv6 does not seem to be supported.";
default = "127.0.0.1";
example = "0.0.0.0";
};
port = mkOption {
type = types.port;
description = "The port to listen on";
default = 9898;
};
debug = mkOption {
type = types.bool;
description = "More verbose logging. Recommended during initial setup.";
default = false;
};
owner = mkOption {
type = types.nullOr types.str;
description = ''
Set owner MXID otherwise first talking local user will claim the bridge
'';
default = null;
example = "@admin:example.org";
};
namespaces = mkOption {
description = "Configure the 'namespaces' section of the registration.yml for the bridge and the server";
# TODO link to Matrix documentation of the format
type = types.submodule {
freeformType = jsonType;
};
default = {
users = [
{
regex = "@irc_.*";
exclusive = true;
}
];
aliases = [ ];
rooms = [ ];
};
};
identd.enable = mkEnableOption "identd service support";
identd.port = mkOption {
type = types.port;
description = "identd listen port";
default = 113;
};
extraArgs = mkOption {
type = types.listOf types.str;
description = "Heisenbridge is configured over the command line. Append extra arguments here";
default = [ ];
};
};
config = mkIf cfg.enable {
systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge";
before = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ];
preStart = ''
umask 077
set -e -u -o pipefail
if ! [ -f "${registrationFile}" ]; then
# Generate registration file if not present (actually, we only care about the tokens in it)
${bin} --generate --config ${registrationFile}
fi
# Overwrite the registration file with our generated one (the config may have changed since then),
# but keep the tokens. Two step procedure to be failure safe
${pkgs.yq}/bin/yq --slurp \
'.[0] + (.[1] | {as_token, hs_token})' \
${bridgeConfig} \
${registrationFile} \
> ${registrationFile}.new
mv -f ${registrationFile}.new ${registrationFile}
# Grant Synapse access to the registration
if ${getBin pkgs.glibc}/bin/getent group matrix-synapse > /dev/null; then
chgrp -v matrix-synapse ${registrationFile}
chmod -v g+r ${registrationFile}
fi
'';
serviceConfig = rec {
Type = "simple";
ExecStart = lib.concatStringsSep " " (
[
bin
(if cfg.debug then "-vvv" else "-v")
"--config"
registrationFile
"--listen-address"
(lib.escapeShellArg cfg.address)
"--listen-port"
(toString cfg.port)
]
++ (lib.optionals (cfg.owner != null) [
"--owner"
(lib.escapeShellArg cfg.owner)
])
++ (lib.optionals cfg.identd.enable [
"--identd"
"--identd-port"
(toString cfg.identd.port)
])
++ [
(lib.escapeShellArg cfg.homeserver)
]
++ (map (lib.escapeShellArg) cfg.extraArgs)
);
ProtectHome = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "heisenbridge";
StateDirectoryMode = "755";
User = "heisenbridge";
Group = "heisenbridge";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};
};
users.groups.heisenbridge = {};
users.users.heisenbridge = {
description = "Service user for the Heisenbridge";
group = "heisenbridge";
isSystemUser = true;
};
};
meta.maintainers = [ lib.maintainers.piegames ];
}

View file

@ -0,0 +1,140 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.matrix-conduit;
format = pkgs.formats.toml {};
configFile = format.generate "conduit.toml" cfg.settings;
in
{
meta.maintainers = with maintainers; [ pstn piegames ];
options.services.matrix-conduit = {
enable = mkEnableOption "matrix-conduit";
extraEnvironment = mkOption {
type = types.attrsOf types.str;
description = "Extra Environment variables to pass to the conduit server.";
default = {};
example = { RUST_BACKTRACE="yes"; };
};
package = mkOption {
type = types.package;
default = pkgs.matrix-conduit;
defaultText = "pkgs.matrix-conduit";
example = "pkgs.matrix-conduit";
description = ''
Package of the conduit matrix server to use.
'';
};
settings = mkOption {
type = types.submodule {
freeformType = format.type;
options = {
global.server_name = mkOption {
type = types.str;
example = "example.com";
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
};
global.port = mkOption {
type = types.port;
default = 6167;
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
};
global.max_request_size = mkOption {
type = types.ints.positive;
default = 20000000;
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
};
global.allow_registration = mkOption {
type = types.bool;
default = false;
description = "Whether new users can register on this server.";
};
global.allow_encryption = mkOption {
type = types.bool;
default = true;
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
};
global.allow_federation = mkOption {
type = types.bool;
default = true;
description = ''
Whether this server federates with other servers.
'';
};
global.trusted_servers = mkOption {
type = types.listOf types.str;
default = [ "matrix.org" ];
description = "Servers trusted with signing server keys.";
};
global.address = mkOption {
type = types.str;
default = "::1";
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
};
global.database_path = mkOption {
type = types.str;
default = "/var/lib/matrix-conduit/";
readOnly = true;
description = ''
Path to the conduit database, the directory where conduit will save its data.
Note that due to using the DynamicUser feature of systemd, this value should not be changed
and is set to be read only.
'';
};
};
};
default = {};
description = ''
Generates the conduit.toml configuration file. Refer to
<link xlink:href="https://gitlab.com/famedly/conduit/-/blob/master/conduit-example.toml"/>
for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir.
'';
};
};
config = mkIf cfg.enable {
systemd.services.conduit = {
description = "Conduit Matrix Server";
documentation = [ "https://gitlab.com/famedly/conduit/" ];
wantedBy = [ "multi-user.target" ];
environment = lib.mkMerge ([
{ CONDUIT_CONFIG = configFile; }
cfg.extraEnvironment
]);
serviceConfig = {
DynamicUser = true;
User = "conduit";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
StateDirectory = "matrix-conduit";
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
};
};
};
}

View file

@ -1,264 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.mwlib;
opt = options.services.mwlib;
pypkgs = pkgs.python27Packages;
inherit (pypkgs) python mwlib;
user = mkOption {
default = "nobody";
type = types.str;
description = "User to run as.";
};
in
{
options.services.mwlib = {
nserve = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable nserve. Nserve is a HTTP
server. The Collection extension is talking to
that program directly. Nserve uses at least
one qserve instance in order to distribute
and manage jobs.
'';
}; # nserve.enable
port = mkOption {
default = 8899;
type = types.port;
description = "Specify port to listen on.";
}; # nserve.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # nserve.address
qserve = mkOption {
default = [ "${cfg.qserve.address}:${toString cfg.qserve.port}" ];
defaultText = literalExpression ''
[ "''${config.${opt.qserve.address}}:''${toString config.${opt.qserve.port}}"
]'';
type = types.listOf types.str;
description = "Register qserve instance.";
}; # nserve.qserve
inherit user;
}; # nserve
qserve = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
A job queue server used to distribute and manage
jobs. You should start one qserve instance
for each machine that is supposed to render pdf
files. Unless youre operating the Wikipedia
installation, one machine should suffice.
'';
}; # qserve.enable
port = mkOption {
default = 14311;
type = types.port;
description = "Specify port to listen on.";
}; # qserve.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # qserve.address
datadir = mkOption {
default = "/var/lib/mwlib-qserve";
type = types.path;
description = "qserve data directory (FIXME: unused?)";
}; # qserve.datadir
allow = mkOption {
default = [ "127.0.0.1" ];
type = types.listOf types.str;
description = "List of allowed client IPs. Empty means any.";
}; # qserve.allow
inherit user;
}; # qserve
nslave = {
enable = mkOption {
default = cfg.qserve.enable;
defaultText = literalExpression "config.${opt.qserve.enable}";
type = types.bool;
description = ''
Pulls new jobs from exactly one qserve instance
and calls the zip and render programs
in order to download article collections and
convert them to different output formats. Nslave
uses a cache directory to store the generated
documents. Nslave also starts an internal http
server serving the content of the cache directory.
'';
}; # nslave.enable
cachedir = mkOption {
default = "/var/cache/mwlib-nslave";
type = types.path;
description = "Directory to store generated documents.";
}; # nslave.cachedir
numprocs = mkOption {
default = 10;
type = types.int;
description = "Number of parallel jobs to be executed.";
}; # nslave.numprocs
http = mkOption {
default = {};
description = ''
Internal http server serving the content of the cache directory.
You have to enable it, or use your own way for serving files
and set the http.url option accordingly.
'';
type = types.submodule ({ config, options, ... }: {
options = {
enable = mkOption {
default = true;
type = types.bool;
description = "Enable internal http server.";
}; # nslave.http.enable
port = mkOption {
default = 8898;
type = types.port;
description = "Port to listen to when serving files from cache.";
}; # nslave.http.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # nslave.http.address
url = mkOption {
default = "http://localhost:${toString config.port}/cache";
defaultText = literalExpression ''"http://localhost:''${toString config.${options.port}}/cache"'';
type = types.str;
description = ''
Specify URL for accessing generated files from cache.
The Collection extension of Mediawiki won't be able to
download files without it.
'';
}; # nslave.http.url
};
}); # types.submodule
}; # nslave.http
inherit user;
}; # nslave
}; # options.services
config = {
systemd.services.mwlib-nserve = mkIf cfg.nserve.enable
{
description = "mwlib network interface";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "mwlib-qserve.service" ];
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/nserve"
"--port ${toString cfg.nserve.port}"
"--interface ${cfg.nserve.address}"
] ++ cfg.nserve.qserve
);
User = cfg.nserve.user;
};
}; # systemd.services.mwlib-nserve
systemd.services.mwlib-qserve = mkIf cfg.qserve.enable
{
description = "mwlib job queue server";
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -pv '${cfg.qserve.datadir}'
chown -Rc ${cfg.qserve.user}:`id -ng ${cfg.qserve.user}` '${cfg.qserve.datadir}'
chmod -Rc u=rwX,go= '${cfg.qserve.datadir}'
'';
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/mw-qserve"
"-p ${toString cfg.qserve.port}"
"-i ${cfg.qserve.address}"
"-d ${cfg.qserve.datadir}"
] ++ map (a: "-a ${a}") cfg.qserve.allow
);
User = cfg.qserve.user;
PermissionsStartOnly = true;
};
}; # systemd.services.mwlib-qserve
systemd.services.mwlib-nslave = mkIf cfg.nslave.enable
{
description = "mwlib worker";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -pv '${cfg.nslave.cachedir}'
chown -Rc ${cfg.nslave.user}:`id -ng ${cfg.nslave.user}` '${cfg.nslave.cachedir}'
chmod -Rc u=rwX,go= '${cfg.nslave.cachedir}'
'';
path = with pkgs; [ imagemagick pdftk ];
environment = {
PYTHONPATH = concatMapStringsSep ":"
(m: "${pypkgs.${m}}/lib/${python.libPrefix}/site-packages")
[ "mwlib-rl" "mwlib-ext" "pygments" "pyfribidi" ];
};
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/nslave"
"--cachedir ${cfg.nslave.cachedir}"
"--numprocs ${toString cfg.nslave.numprocs}"
"--url ${cfg.nslave.http.url}"
] ++ (
if cfg.nslave.http.enable then
[
"--serve-files-port ${toString cfg.nslave.http.port}"
"--serve-files-address ${cfg.nslave.http.address}"
] else
[
"--no-serve-files"
]
));
User = cfg.nslave.user;
PermissionsStartOnly = true;
};
}; # systemd.services.mwlib-nslave
}; # config
}

View file

@ -51,7 +51,7 @@ in
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];

View file

@ -1,183 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.firefox.syncserver;
defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db";
defaultSqlUri = "sqlite:///${defaultDbLocation}";
syncServerIni = pkgs.writeText "syncserver.ini" ''
[DEFAULT]
overrides = ${cfg.privateConfig}
[server:main]
use = egg:gunicorn
host = ${cfg.listen.address}
port = ${toString cfg.listen.port}
[app:main]
use = egg:syncserver
[syncserver]
public_url = ${cfg.publicUrl}
${optionalString (cfg.sqlUri != "") "sqluri = ${cfg.sqlUri}"}
allow_new_users = ${boolToString cfg.allowNewUsers}
[browserid]
backend = tokenserver.verifiers.LocalVerifier
audiences = ${removeSuffix "/" cfg.publicUrl}
'';
user = "syncserver";
group = "syncserver";
in
{
meta.maintainers = with lib.maintainers; [ nadrieril ];
options = {
services.firefox.syncserver = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable a Firefox Sync Server, this give the opportunity to
Firefox users to store all synchronized data on their own server. To use this
server, Firefox users should visit the <option>about:config</option>, and
replicate the following change
<screen>
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
</screen>
where <option>http://localhost:5000/</option> corresponds to the
public url of the server.
'';
};
listen.address = mkOption {
type = types.str;
default = "127.0.0.1";
example = "0.0.0.0";
description = ''
Address on which the sync server listen to.
'';
};
listen.port = mkOption {
type = types.port;
default = 5000;
description = ''
Port on which the sync server listen to.
'';
};
publicUrl = mkOption {
type = types.str;
default = "http://localhost:5000/";
example = "http://sync.example.com/";
description = ''
Public URL with which firefox users can use to access the sync server.
'';
};
allowNewUsers = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow new-user signups on the server. Only request by
existing accounts will be honored.
'';
};
sqlUri = mkOption {
type = types.str;
default = defaultSqlUri;
example = "postgresql://scott:tiger@localhost/test";
description = ''
The location of the database. This URL is composed of
<option>dialect[+driver]://user:password@host/dbname[?key=value..]</option>,
where <option>dialect</option> is a database name such as
<option>mysql</option>, <option>oracle</option>, <option>postgresql</option>,
etc., and <option>driver</option> the name of a DBAPI, such as
<option>psycopg2</option>, <option>pyodbc</option>, <option>cx_oracle</option>,
etc. The <link
xlink:href="http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html#database-urls">
SQLAlchemy documentation</link> provides more examples and describe the syntax of
the expected URL.
'';
};
privateConfig = mkOption {
type = types.str;
default = "/etc/firefox/syncserver-secret.ini";
description = ''
The private config file is used to extend the generated config with confidential
information, such as the <option>syncserver.sqlUri</option> setting if it contains a
password, and the <option>syncserver.secret</option> setting is used by the server to
generate cryptographically-signed authentication tokens.
If this file does not exist, then it is created with a generated
<option>syncserver.secret</option> settings.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.syncserver = {
after = [ "network.target" ];
description = "Firefox Sync Server";
wantedBy = [ "multi-user.target" ];
path = [
pkgs.coreutils
(pkgs.python.withPackages (ps: [ pkgs.syncserver ps.gunicorn ]))
];
serviceConfig = {
User = user;
Group = group;
PermissionsStartOnly = true;
};
preStart = ''
if ! test -e ${cfg.privateConfig}; then
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
chmod 600 ${cfg.privateConfig}
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
chmod 600 ${cfg.privateConfig}
chmod 755 $(dirname ${cfg.privateConfig})
chown ${user}:${group} ${cfg.privateConfig}
'' + optionalString (cfg.sqlUri == defaultSqlUri) ''
if ! test -e $(dirname ${defaultDbLocation}); then
mkdir -m 700 -p $(dirname ${defaultDbLocation})
chown ${user}:${group} $(dirname ${defaultDbLocation})
fi
# Move previous database file if it exists
oldDb="/var/db/firefox-sync-server.db"
if test -f $oldDb; then
mv $oldDb ${defaultDbLocation}
chown ${user}:${group} ${defaultDbLocation}
fi
'';
script = ''
gunicorn --paste ${syncServerIni}
'';
};
users.users.${user} = {
inherit group;
isSystemUser = true;
};
users.groups.${group} = {};
};
}

View file

@ -224,7 +224,7 @@ let
i2pdSh = pkgs.writeScriptBin "i2pd" ''
#!/bin/sh
exec ${pkgs.i2pd}/bin/i2pd \
exec ${cfg.package}/bin/i2pd \
${if cfg.address == null then "" else "--host="+cfg.address} \
--service \
--conf=${i2pdConf} \
@ -253,6 +253,15 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.i2pd;
defaultText = literalExpression "pkgs.i2pd";
description = ''
i2pd package to use.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error"];
default = "error";

View file

@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
{
options.services.tetrd.enable = lib.mkEnableOption pkgs.tetrd.meta.description;
config = lib.mkIf config.services.tetrd.enable {
environment = {
systemPackages = [ pkgs.tetrd ];
etc."resolv.conf".source = "/etc/tetrd/resolv.conf";
};
systemd = {
tmpfiles.rules = [ "f /etc/tetrd/resolv.conf - - -" ];
services.tetrd = {
description = pkgs.tetrd.meta.description;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.tetrd}/opt/Tetrd/bin/tetrd";
Restart = "always";
RuntimeDirectory = "tetrd";
RootDirectory = "/run/tetrd";
DynamicUser = true;
UMask = "006";
DeviceAllow = "usb_device";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateMounts = true;
PrivateNetwork = lib.mkDefault false;
PrivateTmp = true;
PrivateUsers = lib.mkDefault false;
ProtectClock = lib.mkDefault false;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@obsolete"
"~@pkey"
"~@raw-io"
"~@reboot"
"~@swap"
"~@sync"
];
BindReadOnlyPaths = [
builtins.storeDir
"/etc/ssl"
"/etc/static/ssl"
"${pkgs.nettools}/bin/route:/usr/bin/route"
"${pkgs.nettools}/bin/ifconfig:/usr/bin/ifconfig"
];
BindPaths = [
"/etc/tetrd/resolv.conf:/etc/resolv.conf"
"/run"
"/var/log"
];
CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
AmbientCapabilities = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
};
};
};
};
}

View file

@ -6,23 +6,95 @@ let
cfg = config.services.mattermost;
defaultConfig = builtins.fromJSON (builtins.replaceStrings [ "\\u0026" ] [ "&" ]
(readFile "${pkgs.mattermost}/config/config.json")
);
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
mattermostConf = foldl recursiveUpdate defaultConfig
[ { ServiceSettings.SiteURL = cfg.siteUrl;
postgresPackage = config.services.postgresql.package;
createDb = {
statePath ? cfg.statePath,
localDatabaseUser ? cfg.localDatabaseUser,
localDatabasePassword ? cfg.localDatabasePassword,
localDatabaseName ? cfg.localDatabaseName,
useSudo ? true
}: ''
if ! test -e ${escapeShellArg "${statePath}/.db-created"}; then
${lib.optionalString useSudo "${pkgs.sudo}/bin/sudo -u ${escapeShellArg config.services.postgresql.superUser} \\"}
${postgresPackage}/bin/psql postgres -c \
"CREATE ROLE ${localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${localDatabasePassword}'"
${lib.optionalString useSudo "${pkgs.sudo}/bin/sudo -u ${escapeShellArg config.services.postgresql.superUser} \\"}
${postgresPackage}/bin/createdb \
--owner ${escapeShellArg localDatabaseUser} ${escapeShellArg localDatabaseName}
touch ${escapeShellArg "${statePath}/.db-created"}
fi
'';
mattermostPluginDerivations = with pkgs;
map (plugin: stdenv.mkDerivation {
name = "mattermost-plugin";
installPhase = ''
mkdir -p $out/share
cp ${plugin} $out/share/plugin.tar.gz
'';
dontUnpack = true;
dontPatch = true;
dontConfigure = true;
dontBuild = true;
preferLocalBuild = true;
}) cfg.plugins;
mattermostPlugins = with pkgs;
if mattermostPluginDerivations == [] then null
else stdenv.mkDerivation {
name = "${cfg.package.name}-plugins";
nativeBuildInputs = [
autoPatchelfHook
] ++ mattermostPluginDerivations;
buildInputs = [
cfg.package
];
installPhase = ''
mkdir -p $out/data/plugins
plugins=(${escapeShellArgs (map (plugin: "${plugin}/share/plugin.tar.gz") mattermostPluginDerivations)})
for plugin in "''${plugins[@]}"; do
hash="$(sha256sum "$plugin" | cut -d' ' -f1)"
mkdir -p "$hash"
tar -C "$hash" -xzf "$plugin"
autoPatchelf "$hash"
GZIP_OPT=-9 tar -C "$hash" -cvzf "$out/data/plugins/$hash.tar.gz" .
rm -rf "$hash"
done
'';
dontUnpack = true;
dontPatch = true;
dontConfigure = true;
dontBuild = true;
preferLocalBuild = true;
};
mattermostConfWithoutPlugins = recursiveUpdate
{ ServiceSettings.SiteURL = cfg.siteUrl;
ServiceSettings.ListenAddress = cfg.listenAddress;
TeamSettings.SiteName = cfg.siteName;
SqlSettings.DriverName = "postgres";
SqlSettings.DataSource = database;
PluginSettings.Directory = "${cfg.statePath}/plugins/server";
PluginSettings.ClientDirectory = "${cfg.statePath}/plugins/client";
}
cfg.extraConfig
];
cfg.extraConfig;
mattermostConfJSON = pkgs.writeText "mattermost-config-raw.json" (builtins.toJSON mattermostConf);
mattermostConf = recursiveUpdate
mattermostConfWithoutPlugins
(
if mattermostPlugins == null then {}
else {
PluginSettings = {
Enable = true;
};
}
);
mattermostConfJSON = pkgs.writeText "mattermost-config.json" (builtins.toJSON mattermostConf);
in
@ -31,6 +103,13 @@ in
services.mattermost = {
enable = mkEnableOption "Mattermost chat server";
package = mkOption {
type = types.package;
default = pkgs.mattermost;
defaultText = "pkgs.mattermost";
description = "Mattermost derivation to use.";
};
statePath = mkOption {
type = types.str;
default = "/var/lib/mattermost";
@ -77,6 +156,16 @@ in
'';
};
preferNixConfig = mkOption {
type = types.bool;
default = false;
description = ''
If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
'';
};
extraConfig = mkOption {
type = types.attrs;
default = { };
@ -85,6 +174,17 @@ in
'';
};
plugins = mkOption {
type = types.listOf (types.oneOf [types.path types.package]);
default = [];
example = "[ ./com.github.moussetc.mattermost.plugin.giphy-2.0.0.tar.gz ]";
description = ''
Plugins to add to the configuration. Overrides any installed if non-null.
This is a list of paths to .tar.gz files or derivations evaluating to
.tar.gz files. All entries will be passed to `mattermost plugin add`.
'';
};
localDatabaseCreate = mkOption {
type = types.bool;
default = true;
@ -135,6 +235,12 @@ in
matterircd = {
enable = mkEnableOption "Mattermost IRC bridge";
package = mkOption {
type = types.package;
default = pkgs.matterircd;
defaultText = "pkgs.matterircd";
description = "matterircd derivation to use.";
};
parameters = mkOption {
type = types.listOf types.str;
default = [ ];
@ -167,7 +273,7 @@ in
# The systemd service will fail to execute the preStart hook
# if the WorkingDirectory does not exist
system.activationScripts.mattermost = ''
mkdir -p ${cfg.statePath}
mkdir -p "${cfg.statePath}"
'';
systemd.services.mattermost = {
@ -176,39 +282,41 @@ in
after = [ "network.target" "postgresql.service" ];
preStart = ''
mkdir -p ${cfg.statePath}/{data,config,logs}
ln -sf ${pkgs.mattermost}/{bin,fonts,i18n,templates,client} ${cfg.statePath}
mkdir -p "${cfg.statePath}"/{data,config,logs,plugins}
mkdir -p "${cfg.statePath}/plugins"/{client,server}
ln -sf ${cfg.package}/{bin,fonts,i18n,templates,client} "${cfg.statePath}"
'' + lib.optionalString (mattermostPlugins != null) ''
rm -rf "${cfg.statePath}/data/plugins"
ln -sf ${mattermostPlugins}/data/plugins "${cfg.statePath}/data"
'' + lib.optionalString (!cfg.mutableConfig) ''
rm -f ${cfg.statePath}/config/config.json
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
${pkgs.mattermost}/bin/mattermost config migrate ${cfg.statePath}/config/config.json ${database}
rm -f "${cfg.statePath}/config/config.json"
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${cfg.package}/config/config.json ${mattermostConfJSON} > "${cfg.statePath}/config/config.json"
'' + lib.optionalString cfg.mutableConfig ''
if ! test -e "${cfg.statePath}/config/.initial-created"; then
rm -f ${cfg.statePath}/config/config.json
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
touch ${cfg.statePath}/config/.initial-created
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${cfg.package}/config/config.json ${mattermostConfJSON} > "${cfg.statePath}/config/config.json"
touch "${cfg.statePath}/config/.initial-created"
fi
'' + lib.optionalString cfg.localDatabaseCreate ''
if ! test -e "${cfg.statePath}/.db-created"; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/psql postgres -c \
"CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'"
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/createdb \
--owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName}
touch ${cfg.statePath}/.db-created
fi
'' + ''
chown ${cfg.user}:${cfg.group} -R ${cfg.statePath}
chmod u+rw,g+r,o-rwx -R ${cfg.statePath}
'' + lib.optionalString (cfg.mutableConfig && cfg.preferNixConfig) ''
new_config="$(${pkgs.jq}/bin/jq -s '.[0] * .[1]' "${cfg.statePath}/config/config.json" ${mattermostConfJSON})"
rm -f "${cfg.statePath}/config/config.json"
echo "$new_config" > "${cfg.statePath}/config/config.json"
'' + lib.optionalString cfg.localDatabaseCreate (createDb {}) + ''
# Don't change permissions recursively on the data, current, and symlinked directories (see ln -sf command above).
# This dramatically decreases startup times for installations with a lot of files.
find . -maxdepth 1 -not -name data -not -name client -not -name templates -not -name i18n -not -name fonts -not -name bin -not -name . \
-exec chown "${cfg.user}:${cfg.group}" -R {} \; -exec chmod u+rw,g+r,o-rwx -R {} \;
chown "${cfg.user}:${cfg.group}" "${cfg.statePath}/data" .
chmod u+rw,g+r,o-rwx "${cfg.statePath}/data" .
'';
serviceConfig = {
PermissionsStartOnly = true;
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
(lib.optionalString (!cfg.mutableConfig) " -c ${database}");
ExecStart = "${cfg.package}/bin/mattermost";
WorkingDirectory = "${cfg.statePath}";
Restart = "always";
RestartSec = "10";
@ -224,7 +332,7 @@ in
serviceConfig = {
User = "nobody";
Group = "nogroup";
ExecStart = "${pkgs.matterircd}/bin/matterircd ${concatStringsSep " " cfg.matterircd.parameters}";
ExecStart = "${cfg.matterircd.package}/bin/matterircd ${escapeShellArgs cfg.matterircd.parameters}";
WorkingDirectory = "/tmp";
PrivateTmp = true;
Restart = "always";

View file

@ -1,304 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.moinmoin;
python = pkgs.python27;
pkg = python.pkgs.moinmoin;
dataDir = "/var/lib/moin";
usingGunicorn = cfg.webServer == "nginx-gunicorn" || cfg.webServer == "gunicorn";
usingNginx = cfg.webServer == "nginx-gunicorn";
user = "moin";
group = "moin";
uLit = s: ''u"${s}"'';
indentLines = n: str: concatMapStrings (line: "${fixedWidthString n " " " "}${line}\n") (splitString "\n" str);
moinCliWrapper = wikiIdent: pkgs.writeShellScriptBin "moin-${wikiIdent}" ''
${pkgs.su}/bin/su -s ${pkgs.runtimeShell} -c "${pkg}/bin/moin --config-dir=/var/lib/moin/${wikiIdent}/config $*" ${user}
'';
wikiConfig = wikiIdent: w: ''
# -*- coding: utf-8 -*-
from MoinMoin.config import multiconfig, url_prefix_static
class Config(multiconfig.DefaultConfig):
${optionalString (w.webLocation != "/") ''
url_prefix_static = '${w.webLocation}' + url_prefix_static
''}
sitename = u'${w.siteName}'
page_front_page = u'${w.frontPage}'
data_dir = '${dataDir}/${wikiIdent}/data'
data_underlay_dir = '${dataDir}/${wikiIdent}/underlay'
language_default = u'${w.languageDefault}'
${optionalString (w.superUsers != []) ''
superuser = [${concatMapStringsSep ", " uLit w.superUsers}]
''}
${indentLines 4 w.extraConfig}
'';
wikiConfigFile = name: wiki: pkgs.writeText "${name}.py" (wikiConfig name wiki);
in
{
options.services.moinmoin = with types; {
enable = mkEnableOption "MoinMoin Wiki Engine";
webServer = mkOption {
type = enum [ "nginx-gunicorn" "gunicorn" "none" ];
default = "nginx-gunicorn";
example = "none";
description = ''
Which web server to use to serve the wiki.
Use <literal>none</literal> if you want to configure this yourself.
'';
};
gunicorn.workers = mkOption {
type = ints.positive;
default = 3;
example = 10;
description = ''
The number of worker processes for handling requests.
'';
};
wikis = mkOption {
type = attrsOf (submodule ({ name, ... }: {
options = {
siteName = mkOption {
type = str;
default = "Untitled Wiki";
example = "ExampleWiki";
description = ''
Short description of your wiki site, displayed below the logo on each page, and
used in RSS documents as the channel title.
'';
};
webHost = mkOption {
type = str;
description = "Host part of the wiki URL. If undefined, the name of the attribute set will be used.";
example = "wiki.example.org";
};
webLocation = mkOption {
type = str;
default = "/";
example = "/moin";
description = "Location part of the wiki URL.";
};
frontPage = mkOption {
type = str;
default = "LanguageSetup";
example = "FrontPage";
description = ''
Front page name. Set this to something like <literal>FrontPage</literal> once languages are
configured.
'';
};
superUsers = mkOption {
type = listOf str;
default = [];
example = [ "elvis" ];
description = ''
List of trusted user names with wiki system administration super powers.
Please note that accounts for these users need to be created using the <command>moin</command> command-line utility, e.g.:
<command>moin-<replaceable>WIKINAME</replaceable> account create --name=<replaceable>NAME</replaceable> --email=<replaceable>EMAIL</replaceable> --password=<replaceable>PASSWORD</replaceable></command>.
'';
};
languageDefault = mkOption {
type = str;
default = "en";
example = "de";
description = "The ISO-639-1 name of the main wiki language. Languages that MoinMoin does not support are ignored.";
};
extraConfig = mkOption {
type = lines;
default = "";
example = ''
show_hosts = True
search_results_per_page = 100
acl_rights_default = u"Known:read,write,delete,revert All:read"
logo_string = u"<h2>\U0001f639</h2>"
theme_default = u"modernized"
user_checkbox_defaults = {'show_page_trail': 0, 'edit_on_doubleclick': 0}
navi_bar = [u'SomePage'] + multiconfig.DefaultConfig.navi_bar
actions_excluded = multiconfig.DefaultConfig.actions_excluded + ['newaccount']
mail_smarthost = "mail.example.org"
mail_from = u"Example.Org Wiki <wiki@example.org>"
'';
description = ''
Additional configuration to be appended verbatim to this wiki's config.
See <link xlink:href='http://moinmo.in/HelpOnConfiguration' /> for documentation.
'';
};
};
config = {
webHost = mkDefault name;
};
}));
example = literalExpression ''
{
"mywiki" = {
siteName = "Example Wiki";
webHost = "wiki.example.org";
superUsers = [ "admin" ];
frontPage = "Index";
extraConfig = "page_category_regex = ur'(?P<all>(Category|Kategorie)(?P<key>(?!Template)\S+))'"
};
}
'';
description = ''
Configurations of the individual wikis. Attribute names must be valid Python
identifiers of the form <literal>[A-Za-z_][A-Za-z0-9_]*</literal>.
For every attribute <replaceable>WIKINAME</replaceable>, a helper script
moin-<replaceable>WIKINAME</replaceable> is created which runs the
<command>moin</command> command under the <literal>moin</literal> user (to avoid
file ownership issues) and with the right configuration directory passed to it.
'';
};
};
config = mkIf cfg.enable {
assertions = forEach (attrNames cfg.wikis) (wname:
{ assertion = builtins.match "[A-Za-z_][A-Za-z0-9_]*" wname != null;
message = "${wname} is not valid Python identifier";
}
);
users.users = {
moin = {
description = "MoinMoin wiki";
home = dataDir;
group = group;
isSystemUser = true;
};
};
users.groups = {
moin = {
members = mkIf usingNginx [ config.services.nginx.user ];
};
};
environment.systemPackages = [ pkg ] ++ map moinCliWrapper (attrNames cfg.wikis);
systemd.services = mkIf usingGunicorn
(flip mapAttrs' cfg.wikis (wikiIdent: wiki:
nameValuePair "moin-${wikiIdent}"
{
description = "MoinMoin wiki ${wikiIdent} - gunicorn process";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
restartTriggers = [ (wikiConfigFile wikiIdent wiki) ];
environment = let
penv = python.buildEnv.override {
# setuptools: https://github.com/benoitc/gunicorn/issues/1716
extraLibs = [ python.pkgs.eventlet python.pkgs.setuptools pkg ];
};
in {
PYTHONPATH = "${dataDir}/${wikiIdent}/config:${penv}/${python.sitePackages}";
};
preStart = ''
umask 0007
rm -rf ${dataDir}/${wikiIdent}/underlay
cp -r ${pkg}/share/moin/underlay ${dataDir}/${wikiIdent}/
chmod -R u+w ${dataDir}/${wikiIdent}/underlay
'';
startLimitIntervalSec = 30;
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = "${dataDir}/${wikiIdent}";
ExecStart = ''${python.pkgs.gunicorn}/bin/gunicorn moin_wsgi \
--name gunicorn-${wikiIdent} \
--workers ${toString cfg.gunicorn.workers} \
--worker-class eventlet \
--bind unix:/run/moin/${wikiIdent}/gunicorn.sock
'';
Restart = "on-failure";
RestartSec = "2s";
StateDirectory = "moin/${wikiIdent}";
StateDirectoryMode = "0750";
RuntimeDirectory = "moin/${wikiIdent}";
RuntimeDirectoryMode = "0750";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateNetwork = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
};
}
));
services.nginx = mkIf usingNginx {
enable = true;
virtualHosts = flip mapAttrs' cfg.wikis (name: w: nameValuePair w.webHost {
forceSSL = mkDefault true;
enableACME = mkDefault true;
locations."${w.webLocation}" = {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://unix:/run/moin/${name}/gunicorn.sock;
'';
};
});
};
systemd.tmpfiles.rules = [
"d /run/moin 0750 ${user} ${group} - -"
"d ${dataDir} 0550 ${user} ${group} - -"
]
++ (concatLists (flip mapAttrsToList cfg.wikis (wikiIdent: wiki: [
"d ${dataDir}/${wikiIdent} 0750 ${user} ${group} - -"
"d ${dataDir}/${wikiIdent}/config 0550 ${user} ${group} - -"
"L+ ${dataDir}/${wikiIdent}/config/wikiconfig.py - - - - ${wikiConfigFile wikiIdent wiki}"
# needed in order to pass module name to gunicorn
"L+ ${dataDir}/${wikiIdent}/config/moin_wsgi.py - - - - ${pkg}/share/moin/server/moin.wsgi"
# seed data files
"C ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - ${pkg}/share/moin/data"
# fix nix store permissions
"Z ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - -"
])));
};
meta.maintainers = with lib.maintainers; [ mmilata ];
}

View file

@ -1,79 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.trac;
inherit (lib) mkEnableOption mkIf mkOption types;
in {
options = {
services.trac = {
enable = mkEnableOption "Trac service";
listen = {
ip = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
IP address that Trac should listen on.
'';
};
port = mkOption {
type = types.port;
default = 8000;
description = ''
Listen port for Trac.
'';
};
};
dataDir = mkOption {
default = "/var/lib/trac";
type = types.path;
description = ''
The directory for storing the Trac data.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for Trac.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.trac = {
description = "Trac server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = baseNameOf cfg.dataDir;
ExecStart = ''
${pkgs.trac}/bin/tracd -s \
-b ${toString cfg.listen.ip} \
-p ${toString cfg.listen.port} \
${cfg.dataDir}
'';
};
preStart = ''
if [ ! -e ${cfg.dataDir}/VERSION ]; then
${pkgs.trac}/bin/trac-admin ${cfg.dataDir} initenv Trac "sqlite:db/trac.db"
fi
'';
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listen.port ];
};
};
}

View file

@ -317,7 +317,7 @@ let
${optionalString (hasSSL && vhost.sslTrustedCertificate != null) ''
ssl_trusted_certificate ${vhost.sslTrustedCertificate};
''}
${optionalString (hasSSL && vhost.rejectSSL) ''
${optionalString vhost.rejectSSL ''
ssl_reject_handshake on;
''}
${optionalString (hasSSL && vhost.kTLS) ''

View file

@ -38,11 +38,5 @@ in
"/share"
];
security.wrappers.lumina-checkpass-wrapped = {
source = "${pkgs.lumina.lumina}/bin/lumina-checkpass";
owner = "root";
group = "root";
};
};
}

View file

@ -532,6 +532,33 @@ let
'';
});
createGreDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = deviceDependency v.dev;
in
{ description = "GRE Tunnel Interface ${n}";
wantedBy = [ "network-setup.service" (subsystemDevice n) ];
bindsTo = deps;
partOf = [ "network-setup.service" ];
after = [ "network-pre.target" ] ++ deps;
before = [ "network-setup.service" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute2 ];
script = ''
# Remove Dead Interfaces
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
ip link add name "${n}" type ${v.type} \
${optionalString (v.remote != null) "remote \"${v.remote}\""} \
${optionalString (v.local != null) "local \"${v.local}\""} \
${optionalString (v.dev != null) "dev \"${v.dev}\""}
ip link set "${n}" up
'';
postStop = ''
ip link delete "${n}" || true
'';
});
createVlanDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = deviceDependency v.interface;
@ -570,6 +597,7 @@ let
// mapAttrs' createMacvlanDevice cfg.macvlans
// mapAttrs' createFouEncapsulation cfg.fooOverUDP
// mapAttrs' createSitDevice cfg.sits
// mapAttrs' createGreDevice cfg.greTunnels
// mapAttrs' createVlanDevice cfg.vlans
// {
network-setup = networkSetup;

View file

@ -18,6 +18,7 @@ let
concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))
++ concatLists (map (bridge: bridge.interfaces) (attrValues cfg.bridges))
++ map (sit: sit.dev) (attrValues cfg.sits)
++ map (gre: gre.dev) (attrValues cfg.greTunnels)
++ map (vlan: vlan.interface) (attrValues cfg.vlans)
# add dependency to physical or independently created vswitch member interface
# TODO: warn the user that any address configured on those interfaces will be useless
@ -245,6 +246,25 @@ in
} ]);
};
})))
(mkMerge (flip mapAttrsToList cfg.greTunnels (name: gre: {
netdevs."40-${name}" = {
netdevConfig = {
Name = name;
Kind = gre.type;
};
tunnelConfig =
(optionalAttrs (gre.remote != null) {
Remote = gre.remote;
}) // (optionalAttrs (gre.local != null) {
Local = gre.local;
});
};
networks = mkIf (gre.dev != null) {
"40-${gre.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
tunnel = [ name ];
} ]);
};
})))
(mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: {
netdevs."40-${name}" = {
netdevConfig = {

View file

@ -10,6 +10,7 @@ let
interfaces = attrValues cfg.interfaces;
hasVirtuals = any (i: i.virtual) interfaces;
hasSits = cfg.sits != { };
hasGres = cfg.greTunnels != { };
hasBonds = cfg.bonds != { };
hasFous = cfg.fooOverUDP != { }
|| filterAttrs (_: s: s.encapsulation != null) cfg.sits != { };
@ -997,6 +998,65 @@ in
});
};
networking.greTunnels = mkOption {
default = { };
example = literalExpression ''
{
greBridge = {
remote = "10.0.0.1";
local = "10.0.0.22";
dev = "enp4s0f0";
type = "tap";
};
}
'';
description = ''
This option allows you to define Generic Routing Encapsulation (GRE) tunnels.
'';
type = with types; attrsOf (submodule {
options = {
remote = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.0.0.1";
description = ''
The address of the remote endpoint to forward traffic over.
'';
};
local = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.0.0.22";
description = ''
The address of the local endpoint which the remote
side should send packets to.
'';
};
dev = mkOption {
type = types.nullOr types.str;
default = null;
example = "enp4s0f0";
description = ''
The underlying network device on which the tunnel resides.
'';
};
type = mkOption {
type = with types; enum [ "tun" "tap" ];
default = "tap";
example = "tap";
apply = v: if v == "tun" then "gre" else "gretap";
description = ''
Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
'';
};
};
});
};
networking.vlans = mkOption {
default = { };
example = literalExpression ''
@ -1229,6 +1289,7 @@ in
boot.kernelModules = [ ]
++ optional hasVirtuals "tun"
++ optional hasSits "sit"
++ optional hasGres "gre"
++ optional hasBonds "bonding"
++ optional hasFous "fou";

View file

@ -255,11 +255,14 @@ in
magnetico = handleTest ./magnetico.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mailhog = handleTest ./mailhog.nix {};
man = handleTest ./man.nix {};
mariadb-galera-mariabackup = handleTest ./mysql/mariadb-galera-mariabackup.nix {};
mariadb-galera-rsync = handleTest ./mysql/mariadb-galera-rsync.nix {};
matomo = handleTest ./matomo.nix {};
matrix-appservice-irc = handleTest ./matrix-appservice-irc.nix {};
matrix-conduit = handleTest ./matrix-conduit.nix {};
matrix-synapse = handleTest ./matrix-synapse.nix {};
mattermost = handleTest ./mattermost.nix {};
mediawiki = handleTest ./mediawiki.nix {};
meilisearch = handleTest ./meilisearch.nix {};
memcached = handleTest ./memcached.nix {};
@ -272,7 +275,6 @@ in
misc = handleTest ./misc.nix {};
mjolnir = handleTest ./matrix/mjolnir.nix {};
mod_perl = handleTest ./mod_perl.nix {};
moinmoin = handleTest ./moinmoin.nix {};
mongodb = handleTest ./mongodb.nix {};
moodle = handleTest ./moodle.nix {};
morty = handleTest ./morty.nix {};
@ -475,7 +477,6 @@ in
tinc = handleTest ./tinc {};
tinydns = handleTest ./tinydns.nix {};
tor = handleTest ./tor.nix {};
trac = handleTest ./trac.nix {};
# traefik test relies on docker-containers
traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {};
trafficserver = handleTest ./trafficserver.nix {};

100
third_party/nixpkgs/nixos/tests/man.nix vendored Normal file
View file

@ -0,0 +1,100 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: let
manImplementations = [
"mandoc"
"man-db"
];
machineNames = builtins.map machineSafe manImplementations;
makeConfig = useImpl: {
# Note: mandoc currently can't index symlinked section directories.
# So if a man section comes from one package exclusively (e. g.
# 1p from man-pages-posix and 2 from man-pages), it isn't searchable.
environment.systemPackages = [
pkgs.man-pages
pkgs.openssl
pkgs.libunwind
];
documentation = {
enable = true;
nixos.enable = lib.mkForce true;
dev.enable = true;
man = {
enable = true;
generateCaches = true;
} // lib.listToAttrs (builtins.map (impl: {
name = impl;
value = {
enable = useImpl == impl;
};
}) manImplementations);
};
};
machineSafe = builtins.replaceStrings [ "-" ] [ "_" ];
in {
name = "man";
meta.maintainers = [ lib.maintainers.sternenseemann ];
nodes = lib.listToAttrs (builtins.map (i: {
name = machineSafe i;
value = makeConfig i;
}) manImplementations);
testScript = ''
import re
start_all()
def match_man_k(page, section, haystack):
"""
Check if the man page {page}({section}) occurs in
the output of `man -k` given as haystack. Note:
This is not super reliable, e. g. it can't deal
with man pages that are in multiple sections.
"""
for line in haystack.split("\n"):
# man -k can look like this:
# page(3) - bla
# page (3) - bla
# pagea, pageb (3, 3P) - foo
# pagea, pageb, pagec(3) - bar
pages = line.split("(")[0]
sections = re.search("\\([a-zA-Z1-9, ]+\\)", line)
if sections is None:
continue
else:
sections = sections.group(0)[1:-1]
if page in pages and f'{section}' in sections:
return True
return False
'' + lib.concatMapStrings (machine: ''
with subtest("Test direct man page lookups in ${machine}"):
# man works
${machine}.succeed("man man > /dev/null")
# devman works
${machine}.succeed("man 3 libunwind > /dev/null")
# NixOS configuration man page is installed
${machine}.succeed("man configuration.nix > /dev/null")
with subtest("Test generateCaches via man -k in ${machine}"):
expected = [
("openssl", "ssl", 3),
("unwind", "libunwind", 3),
("user", "useradd", 8),
("user", "userdel", 8),
("mem", "free", 3),
("mem", "free", 1),
]
for (keyword, page, section) in expected:
matches = ${machine}.succeed(f"man -k {keyword}")
if not match_man_k(page, section, matches):
raise Exception(f"{page}({section}) missing in matches: {matches}")
'') machineNames;
})

View file

@ -0,0 +1,95 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
name = "conduit";
in
{
nodes = {
conduit = args: {
services.matrix-conduit = {
enable = true;
settings.global.server_name = name;
settings.global.allow_registration = true;
extraEnvironment.RUST_BACKTRACE = "yes";
};
services.nginx = {
enable = true;
virtualHosts.${name} = {
enableACME = false;
forceSSL = false;
enableSSL = false;
locations."/_matrix" = {
proxyPass = "http://[::1]:6167";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
client = { pkgs, ... }: {
environment.systemPackages = [
(
pkgs.writers.writePython3Bin "do_test"
{ libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
import asyncio
from nio import AsyncClient
async def main() -> None:
# Connect to conduit
client = AsyncClient("http://conduit:80", "alice")
# Register as user alice
response = await client.register("alice", "my-secret-password")
# Log in as user alice
response = await client.login("my-secret-password")
# Create a new room
response = await client.room_create(federate=False)
room_id = response.room_id
# Join the room
response = await client.join(room_id)
# Send a message to the room
response = await client.room_send(
room_id=room_id,
message_type="m.room.message",
content={
"msgtype": "m.text",
"body": "Hello conduit!"
}
)
# Sync responses
response = await client.sync(timeout=30000)
# Check the message was received by conduit
last_message = response.rooms.join[room_id].timeline.events[-1].body
assert last_message == "Hello conduit!"
# Leave the room
response = await client.room_leave(room_id)
# Close the client
await client.close()
asyncio.get_event_loop().run_until_complete(main())
''
)
];
};
};
testScript = ''
start_all()
with subtest("start conduit"):
conduit.wait_for_unit("conduit.service")
conduit.wait_for_open_port(80)
with subtest("ensure messages can be exchanged"):
client.succeed("do_test")
'';
})

View file

@ -0,0 +1,124 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
host = "smoke.test";
port = "8065";
url = "http://${host}:${port}";
siteName = "NixOS Smoke Tests, Inc.";
makeMattermost = mattermostConfig:
{ config, ... }: {
environment.systemPackages = [
pkgs.mattermost
pkgs.curl
pkgs.jq
];
networking.hosts = {
"127.0.0.1" = [ host ];
};
services.mattermost = lib.recursiveUpdate {
enable = true;
inherit siteName;
listenAddress = "0.0.0.0:${port}";
siteUrl = url;
extraConfig = {
SupportSettings.AboutLink = "https://nixos.org";
};
} mattermostConfig;
};
in
{
name = "mattermost";
nodes = {
mutable = makeMattermost {
mutableConfig = true;
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
};
mostlyMutable = makeMattermost {
mutableConfig = true;
preferNixConfig = true;
plugins = let
mattermostDemoPlugin = pkgs.fetchurl {
url = "https://github.com/mattermost/mattermost-plugin-demo/releases/download/v0.9.0/com.mattermost.demo-plugin-0.9.0.tar.gz";
sha256 = "1h4qi34gcxcx63z8wiqcf2aaywmvv8lys5g8gvsk13kkqhlmag25";
};
in [
mattermostDemoPlugin
];
};
immutable = makeMattermost {
mutableConfig = false;
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
};
};
testScript = let
expectConfig = jqExpression: pkgs.writeShellScript "expect-config" ''
set -euo pipefail
echo "Expecting config to match: "${lib.escapeShellArg jqExpression} >&2
curl ${lib.escapeShellArg url} >/dev/null
config="$(curl ${lib.escapeShellArg "${url}/api/v4/config/client?format=old"})"
echo "Config: $(echo "$config" | ${pkgs.jq}/bin/jq)" >&2
[[ "$(echo "$config" | ${pkgs.jq}/bin/jq -r ${lib.escapeShellArg ".SiteName == $siteName and .Version == ($mattermostName / $sep)[-1] and (${jqExpression})"} --arg siteName ${lib.escapeShellArg siteName} --arg mattermostName ${lib.escapeShellArg pkgs.mattermost.name} --arg sep '-')" = "true" ]]
'';
setConfig = jqExpression: pkgs.writeShellScript "set-config" ''
set -euo pipefail
mattermostConfig=/var/lib/mattermost/config/config.json
newConfig="$(${pkgs.jq}/bin/jq -r ${lib.escapeShellArg jqExpression} $mattermostConfig)"
rm -f $mattermostConfig
echo "$newConfig" > "$mattermostConfig"
'';
in
''
start_all()
## Mutable node tests ##
mutable.wait_for_unit("mattermost.service")
mutable.wait_for_open_port(8065)
# Get the initial config
mutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
# Edit the config
mutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
mutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
mutable.systemctl("restart mattermost.service")
mutable.wait_for_open_port(8065)
# AboutLink and HelpLink should be changed
mutable.succeed("${expectConfig ''.AboutLink == "https://mattermost.com" and .HelpLink == "https://nixos.org/nixos/manual"''}")
## Mostly mutable node tests ##
mostlyMutable.wait_for_unit("mattermost.service")
mostlyMutable.wait_for_open_port(8065)
# Get the initial config
mostlyMutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")
# Edit the config
mostlyMutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
mostlyMutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
mostlyMutable.systemctl("restart mattermost.service")
mostlyMutable.wait_for_open_port(8065)
# AboutLink should be overridden by NixOS configuration; HelpLink should be what we set above
mostlyMutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://nixos.org/nixos/manual"''}")
## Immutable node tests ##
immutable.wait_for_unit("mattermost.service")
immutable.wait_for_open_port(8065)
# Get the initial config
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
# Edit the config
immutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
immutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
immutable.systemctl("restart mattermost.service")
immutable.wait_for_open_port(8065)
# Our edits should be ignored on restart
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
'';
})

View file

@ -1,28 +0,0 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "moinmoin";
meta.maintainers = with lib.maintainers; [ mmilata ];
machine =
{ ... }:
{ services.moinmoin.enable = true;
services.moinmoin.wikis.ExampleWiki.superUsers = [ "admin" ];
services.moinmoin.wikis.ExampleWiki.webHost = "localhost";
services.nginx.virtualHosts.localhost.enableACME = false;
services.nginx.virtualHosts.localhost.forceSSL = false;
};
testScript = ''
start_all()
machine.wait_for_unit("moin-ExampleWiki.service")
machine.wait_for_unit("nginx.service")
machine.wait_for_file("/run/moin/ExampleWiki/gunicorn.sock")
assert "If you have just installed" in machine.succeed("curl -L http://localhost/")
assert "status success" in machine.succeed(
"moin-ExampleWiki account create --name=admin --email=admin@example.com --password=foo 2>&1"
)
'';
})

View file

@ -489,6 +489,77 @@ let
client2.wait_until_succeeds("ping -c 1 fc00::2")
'';
};
gre = let
node = { pkgs, ... }: with pkgs.lib; {
networking = {
useNetworkd = networkd;
useDHCP = false;
};
};
in {
name = "GRE";
nodes.client1 = args@{ pkgs, ... }:
mkMerge [
(node args)
{
virtualisation.vlans = [ 1 2 ];
networking = {
greTunnels = {
greTunnel = {
local = "192.168.2.1";
remote = "192.168.2.2";
dev = "eth2";
type = "tap";
};
};
bridges.bridge.interfaces = [ "greTunnel" "eth1" ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [];
interfaces.bridge.ipv4.addresses = mkOverride 0 [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
}
];
nodes.client2 = args@{ pkgs, ... }:
mkMerge [
(node args)
{
virtualisation.vlans = [ 2 3 ];
networking = {
greTunnels = {
greTunnel = {
local = "192.168.2.2";
remote = "192.168.2.1";
dev = "eth1";
type = "tap";
};
};
bridges.bridge.interfaces = [ "greTunnel" "eth2" ];
interfaces.eth2.ipv4.addresses = mkOverride 0 [];
interfaces.bridge.ipv4.addresses = mkOverride 0 [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
}
];
testScript = { ... }:
''
start_all()
with subtest("Wait for networking to be configured"):
client1.wait_for_unit("network.target")
client2.wait_for_unit("network.target")
# Print diagnostic information
client1.succeed("ip addr >&2")
client2.succeed("ip addr >&2")
with subtest("Test GRE tunnel bridge over VLAN"):
client1.wait_until_succeeds("ping -c 1 192.168.1.2")
client2.wait_until_succeeds("ping -c 1 192.168.1.1")
'';
};
vlan = let
node = address: { pkgs, ... }: with pkgs.lib; {
#virtualisation.vlans = [ 1 ];

View file

@ -1,19 +0,0 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "trac";
meta = with pkgs.lib.maintainers; {
maintainers = [ mmahut ];
};
nodes = {
machine = { ... }: {
services.trac.enable = true;
};
};
testScript = ''
start_all()
machine.wait_for_unit("trac.service")
machine.wait_for_open_port(8000)
machine.wait_until_succeeds("curl -fL http://localhost:8000/ | grep 'Trac Powered'")
'';
})

View file

@ -15,13 +15,13 @@ assert withGtk3 -> gtk3 != null;
stdenv.mkDerivation rec {
pname = "carla";
version = "2.4.0";
version = "2.4.1";
src = fetchFromGitHub {
owner = "falkTX";
repo = pname;
rev = "v${version}";
sha256 = "sha256-WxhG9X6jVcu10bl5p0f61+SYZmJw4W7DYvezbpAlNjg=";
sha256 = "sha256-faVLPHPQ4voR/RHiPpUwnZK+5Jx0u4rJWuH5zlydzwY=";
};
nativeBuildInputs = [
@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
homepage = "http://kxstudio.sf.net/carla";
homepage = "https://kx.studio/Applications:Carla";
description = "An audio plugin host";
longDescription = ''
It currently supports LADSPA (including LRDF), DSSI, LV2, VST2/3

View file

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.48";
version = "1.49";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "sha256-ZE9uid/srHHuTRqzgbtHcfmM0VkVsdrK1CJ3Qwbvtao=";
sha256 = "sha256-DpEzilMERfbop7YYqNCcxSe1qfcz4n7Uqj/i5t5a6nQ=";
};
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)

View file

@ -1,34 +0,0 @@
{ lib, fetchurl, python2Packages, gettext, klick}:
python2Packages.buildPythonApplication rec {
pname = "gtklick";
version = "0.6.4";
src = fetchurl {
url = "http://das.nasophon.de/download/${pname}-${version}.tar.gz";
sha256 = "7799d884126ccc818678aed79d58057f8cf3528e9f1be771c3fa5b694d9d0137";
};
pythonPath = with python2Packages; [
pyliblo
pyGtkGlade
];
nativeBuildInputs = [ gettext ];
propagatedBuildInputs = [ klick ];
# wrapPythonPrograms breaks gtklick in the postFixup phase.
# To fix it, apply wrapPythonPrograms and then clean up the wrapped file.
postFixup = ''
wrapPythonPrograms
sed -i "/import sys; sys.argv\[0\] = 'gtklick'/d" $out/bin/.gtklick-wrapped
'';
meta = {
homepage = "http://das.nasophon.de/gtklick/";
description = "Simple metronome with an easy-to-use GTK interface";
license = lib.licenses.gpl2Plus;
};
}

View file

@ -1,21 +0,0 @@
{ lib, fetchurl, python2Packages }:
python2Packages.buildPythonApplication rec {
pname = "lastfmsubmitd";
version = "1.0.6";
src = fetchurl {
url = "https://www.red-bean.com/decklin/lastfmsubmitd/lastfmsubmitd-${version}.tar.gz";
sha256 = "c2636d5095a95167366bacd458624d67b046e060244fa54ba2c2e3efb79f9b0e";
};
doCheck = false;
installCommand = "python setup.py install --prefix=$out";
meta = {
homepage = "https://www.red-bean.com/decklin/lastfmsubmitd/";
license = lib.licenses.mit;
description = "An last.fm audio scrobbler and daemon";
};
}

View file

@ -43,6 +43,6 @@ mkDerivation rec {
homepage = "https://lmms.io";
license = licenses.gpl2Plus;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = with maintainers; [ goibhniu yegortimoshenko ];
maintainers = with maintainers; [ goibhniu yana ];
};
}

View file

@ -25,7 +25,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.4.23";
version = "1.4.26";
format = "other";
doCheck = false;
@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "sha256-wwdH3gMpYt40VGqrL1XfB1dOfg45zLKtTEI23AwjCis=";
sha256 = "sha256-Q/z9oET06DimMRZl03TgjEeheoVHtIkH+Z69qWZetcI=";
};
nativeBuildInputs = [

View file

@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Music tracker application, similar to Fasttracker II";
homepage = "http://milkytracker.org";
homepage = "https://milkytracker.org/";
license = licenses.gpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = with maintainers; [];

View file

@ -1,31 +0,0 @@
{ fetchurl, lib, python2Packages, libmms }:
python2Packages.buildPythonApplication rec {
pname = "mimms";
version = "3.2";
src = fetchurl {
url = "https://download.savannah.gnu.org/releases/mimms/mimms-${version}.tar.bz2";
sha256 = "0zmcd670mpq85cs3nvdq3i805ba0d1alqahfy1m9cpf7kxrivfml";
};
postInstall = ''
wrapProgram $out/bin/mimms \
--prefix LD_LIBRARY_PATH : ${libmms}/lib
'';
meta = {
homepage = "https://savannah.nongnu.org/projects/mimms/";
license = lib.licenses.gpl3;
description = "An mms (e.g. mms://) stream downloader";
longDescription = ''
mimms is a program designed to allow you to download streams
using the MMS protocol and save them to your computer, as
opposed to watching them live. Similar functionality is
available in full media player suites such as Xine, MPlayer,
and VLC, but mimms is quick and easy to use and, for the time
being, remains a useful program.
'';
};
}

View file

@ -2,12 +2,12 @@
let
pname = "plexamp";
version = "3.8.2";
version = "3.9.0";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
name="${pname}-${version}.AppImage";
sha512 = "JVzfWlrX21KHw4tSrGpCYqqoWFudnyFG4YnHKsnIUtxLDkjyQA8N2/OrDIR+SlK/b0RRs9KZ4lbqQMX8PXUHsg==";
sha512 = "2OaV8dONv7yBcQsfecgfedP2ypBN6svD9rgZLgUwSydyH2+rODNPne4O7z2Hahm7Y0Ae+NFxbpQ9lbNbX0vhsg==";
};
appimageContents = appimageTools.extractType2 {
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
meta = with lib; {
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
homepage = "https://plexamp.com/";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/35";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/36";
license = licenses.unfree;
maintainers = with maintainers; [ killercup synthetica ];
platforms = [ "x86_64-linux" ];

View file

@ -30,11 +30,11 @@
mkDerivation rec {
pname = "qtractor";
version = "0.9.23";
version = "0.9.24";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "sha256-GgDc7WM4nVGlq+8EcwxJ7MnSPYwAej51IMrN0glCTbQ=";
sha256 = "sha256-YTT7ko5HjKrZ8DKU3L06EI7bZeBtvPl21pqUf6EaeS4=";
};
nativeBuildInputs = [

View file

@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "A DSP tonewheel organ emulator";
homepage = "http://setbfree.org";
homepage = "https://setbfree.org";
license = licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" ]; # fails on ARM and Darwin
maintainers = [ maintainers.goibhniu ];

View file

@ -0,0 +1,44 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, bluez, dbus, glew, glfw, imgui, makeDesktopItem, copyDesktopItems }:
stdenv.mkDerivation rec {
pname = "SonyHeadphonesClient";
version = "1.2";
src = fetchFromGitHub {
owner = "Plutoberth";
repo = "SonyHeadphonesClient";
rev = "v${version}";
sha256 = "sha256-oejXrs9X+R6Jydro0XIw2XifzFA7asDhpobtaE3//Hc=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake pkg-config copyDesktopItems ];
buildInputs = [ bluez dbus glew glfw imgui ];
sourceRoot = "./source/Client";
cmakeFlags = [ "-Wno-dev" ];
installPhase = ''
runHook preInstall
install -Dm755 -t $out/bin SonyHeadphonesClient
runHook postInstall
'';
desktopItems = [ (makeDesktopItem {
name = "SonyHeadphonesClient";
exec = "SonyHeadphonesClient";
icon = "SonyHeadphonesClient";
desktopName = "Sony Headphones Client";
comment = "A client recreating the functionality of the Sony Headphones app";
categories = "Audio;Mixer;";
}) ];
meta = with lib; {
description = "A client recreating the functionality of the Sony Headphones app";
homepage = "https://github.com/Plutoberth/SonyHeadphonesClient";
license = licenses.mit;
maintainers = with maintainers; [ stunkymonkey ];
platforms = platforms.linux;
};
}

View file

@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Allows to analyze samples of musical instruments, and to combine them (morphing) to construct hybrid sounds";
homepage = "http://spectmorph.org";
homepage = "https://spectmorph.org";
license = licenses.gpl3;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = [ maintainers.magnetophon ];

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub }:
{ lib, stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation {
pname = "wavegain";
@ -11,6 +11,17 @@ stdenv.mkDerivation {
sha256 = "0wghqnsbypmr4xcrhb568bfjdnxzzp8qgnws3jslzmzf34dpk5ls";
};
patches = [
# Upstream fix for -fno-common toolchains.
(fetchpatch {
name = "fno-common.patch";
url = "https://github.com/MestreLion/wavegain/commit/ee5e0f9a0ce34c0cf2769ea6566685a54b938304.patch";
sha256 = "11yi0czdn5h5bsqp23cww6yn9lm60cij8i1pzfwcfhgyf6f8ym1n";
})
];
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ];
installPhase = ''
strip -s wavegain
install -vD wavegain "$out/bin/wavegain"

View file

@ -137,6 +137,7 @@ stdenv.mkDerivation rec {
"-Denable_rtmidi=true"
"-Denable_rtaudio=true"
"-Denable_sdl=true"
"-Dcarla=enabled"
"-Dmanpage=true"
# "-Duser_manual=true" # needs sphinx-intl
"-Dlsp_dsp=disabled"

View file

@ -3,13 +3,13 @@
buildDotnetModule rec {
pname = "btcpayserver";
version = "1.3.6";
version = "1.3.7";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-8SWbbdPx/cC7EWTkSbB/YqR13jaL76fFIjHPGL4rFyk=";
sha256 = "sha256-W8WRw42hMNUaQZlfrl73REGIvLcj6Vso9Axx53ENkx0=";
};
projectFile = "BTCPayServer/BTCPayServer.csproj";

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "ergo";
version = "4.0.16";
version = "4.0.16.2";
src = fetchurl {
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
sha256 = "sha256-cdfpXJtN/JXQNBnCyTIvJLQQhjzDV3+l4WoASII9uuU=";
sha256 = "sha256-nAaNT5Rt/oLBA2pSJSinoLKMYJ0VZmuC0zoMYbMSAJQ=";
};
nativeBuildInputs = [ makeWrapper ];

View file

@ -9,17 +9,16 @@ let
in buildGoModule rec {
pname = "go-ethereum";
version = "1.10.11";
version = "1.10.14";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "sha256-8kPaa2wRKUQBn4LFDnc7tEbLR62f99NS1HIVDeHHzto=";
sha256 = "sha256-0DQrcei3FM+X4BYokou7dPNVCcJTbY05YsTvzdtsas8=";
};
runVend = true;
vendorSha256 = "sha256-i2FOAN1ng3WNOWaFowiSSuYR4LA1Bo3tjkvgcClBXSU=";
vendorSha256 = "sha256-zQOpWtQrdn+E1tRWmtEScQ7DDMzNCSr5H+5YL+Z1vug=";
doCheck = false;

View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "lightning-loop";
version = "0.15.0-beta";
version = "0.16.0-beta";
src = fetchFromGitHub {
owner = "lightninglabs";
repo = "loop";
rev = "v${version}";
sha256 = "1yjc04jiam3836w7vn3b1jqj1dq1k8wwfnccir0vh29cn6v0cf63";
sha256 = "0q4lk338mr30frilgnjr43gd55z7ryj2s260437b4pnp03hmbf10";
};
vendorSha256 = "0c3ly0s438sr9iql2ps4biaswphp7dfxshddyw5fcm0ajqzvhrmw";
vendorSha256 = "14862603rrss14p537j9i7iwflaaprwrnslmqm9hpb7hj52bxqfv";
subPackages = [ "cmd/loop" "cmd/loopd" ];

View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "lightning-pool";
version = "0.5.1-alpha";
version = "0.5.3-alpha";
src = fetchFromGitHub {
owner = "lightninglabs";
repo = "pool";
rev = "v${version}";
sha256 = "147s0p4arfxl2akzm267p8zfy6hgssym5rwxv78kp8i39mfinpkn";
sha256 = "1nc3hksk9qcxrsyqpz9vcfc8x093rc8yx8ppfk177j9fhdnn8bk7";
};
vendorSha256 = "0zd3bwqi0hnk0562x9hd62cwjw1xj386m83jagg41kzz0cpcr7zl";
vendorSha256 = "09yxaa74814l1rp0arqhqpplr2j0p8dj81zqcbxlwp5ckjv9r2za";
subPackages = [ "cmd/pool" "cmd/poold" ];

View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p coreutils curl jq common-updater-scripts dotnet-sdk_3 git gnupg nix
#!nix-shell -i bash -p coreutils curl jq common-updater-scripts dotnet-sdk_3 git gnupg nixFlakes
set -euo pipefail
# This script uses the following env vars:
@ -17,7 +17,7 @@ scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
nixpkgs=$(realpath "$scriptDir"/../../../../..)
evalNixpkgs() {
nix eval --raw "(with import \"$nixpkgs\" {}; $1)"
nix eval --impure --raw --expr "(with import \"$nixpkgs\" {}; $1)"
}
getRepo() {

View file

@ -1,98 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p dotnet-sdk_3 jq xmlstarlet curl nixpkgs-fmt
set -euo pipefail
# Run this script to generate deps.nix
# TODO: consolidate with other dotnet deps generation scripts by which
# this script is inspired:
# - pkgs/servers/nosql/eventstore/create-deps.sh
# - pkgs/development/dotnet-modules/python-language-server/create_deps.sh
# - pkgs/misc/emulators/ryujinx/updater.sh
cd "$(dirname "${BASH_SOURCE[0]}")"
deps_file="$(realpath "./deps.nix")"
exec 2>&1 6> "$deps_file"
store_src="$( nix-build ../../../.. -A wasabibackend.src --no-out-link )"
src="$(mktemp -d)"
cp -rT "$store_src" "$src"
chmod -R +w "$src"
pushd "$src"
URLBASE="https://www.nuget.org/api/v2/package"
DEPS_HEADER="
{ fetchurl }:
let
nugetUrlBase = \"$URLBASE\";
fetchNuGet = { name, version, sha256 }: fetchurl {
inherit sha256;
url = \"\${nugetUrlBase}/\${name}/\${version}\";
};
in ["
DEPS_FOOTER="]"
DEPS_TEMPLATE="
(fetchNuGet {
name = \"%s\";
version = \"%s\";
sha256 = \"%s\";
})"
tmpdir="$(mktemp -d -p "$(pwd)")" # must be under source root
trap 'rm -rf "$tmpdir"' EXIT
HOME="$tmpdir" dotnet restore --packages "$tmpdir"/.nuget/packages \
--no-cache --force --runtime linux-x64 \
WalletWasabi.Backend/WalletWasabi.Backend.csproj >&2
mapfile -t repos < <(
xmlstarlet sel -t -v 'configuration/packageSources/add/@value' -n NuGet.config "$tmpdir"/.nuget/NuGet/NuGet.Config |
while IFS= read index
do
curl --compressed -fsL "$index" | \
jq -r '.resources[] | select(."@type" == "PackageBaseAddress/3.0.0")."@id"'
done
)
echo $DEPS_HEADER >&6
cd "$tmpdir/.nuget/packages"
for package in *
do
cd "$package"
for version in *
do
found=false
for repo in "${repos[@]}"
do
url="$repo$package/$version/$package.$version.nupkg"
if curl -fsL "$url" -o /dev/null
then
found=true
break
fi
done
if ! $found
then
echo "couldn't find $package $version" >&2
exit 1
fi
sha256=$(nix-prefetch-url "$url" 2>/dev/null)
printf "$DEPS_TEMPLATE" $package $version $sha256 >&6
done
cd ..
done
echo $DEPS_FOOTER >&6
exec 6>&-
nixpkgs-fmt "$deps_file"

View file

@ -1,95 +1,45 @@
{ lib, stdenv
{ lib
, stdenv
, fetchFromGitHub
, fetchurl
, makeWrapper
, Nuget
, buildDotnetModule
, dotnetCorePackages
, openssl
, autoPatchelfHook
, zlib
, openssl
}:
let
deps = import ./deps.nix { inherit fetchurl; };
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-aspnetcore = dotnetCorePackages.aspnetcore_3_1;
nugetSource = stdenv.mkDerivation {
pname = "${pname}-nuget-deps";
inherit version;
dontUnpack = true;
dontInstall = true;
nativeBuildInputs = [ Nuget ];
buildPhase = ''
export HOME=$(mktemp -d)
mkdir -p $out/lib
nuget sources Disable -Name "nuget.org"
for package in ${toString deps}; do
nuget add $package -Source $out/lib
done
'';
};
pname = "WasabiBackend";
version = "1.1.12";
projectName = "WalletWasabi.Backend";
projectConfiguration = "Release";
projectRuntime = "linux-x64";
in
stdenv.mkDerivation rec {
inherit pname version;
buildDotnetModule rec {
pname = "wasabibackend";
version = "1.1.13.0";
src = fetchFromGitHub {
owner = "zkSNACKs";
repo = "WalletWasabi";
rev = "v${version}";
sha256 = "001k43z2jxvs03csyzndlzlk034aclzc4n8ddrqxykgrq508xk1d";
sha256 = "sha256-zDOk8MurT5NXOr4kvm5mnsphY+eDFWuVBcpeTZpcHOo=";
};
buildInputs = [
Nuget
dotnet-sdk
makeWrapper
];
projectFile = "WalletWasabi.Backend/WalletWasabi.Backend.csproj";
nugetDeps = ./deps.nix;
buildPhase = ''
export HOME=$(mktemp -d)
export DOTNET_CLI_TELEMETRY_OPTOUT=1
export DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1
export DOTNET_ROOT="${dotnet-sdk}/bin"
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
nuget sources Disable -Name "nuget.org"
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = [ stdenv.cc.cc.lib zlib ];
dotnet restore \
--source ${nugetSource}/lib \
--runtime ${projectRuntime} \
${projectName}
runtimeDeps = [ openssl zlib ];
dotnet publish \
--no-restore \
--runtime ${projectRuntime} \
--configuration ${projectConfiguration} \
${projectName}
preConfigure = ''
makeWrapperArgs+=(
--run "cd $out/lib/${pname}"
)
'';
installPhase = ''
mkdir -p $out
cp -r ${projectName}/bin/${projectConfiguration}/netcoreapp3.1/${projectRuntime}/publish $out/lib
mkdir -p $out/bin
makeWrapper $out/lib/WalletWasabi.Backend $out/bin/${pname} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ openssl zlib ]} \
--run "cd $out/lib"
postInstall = ''
mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
'';
# If we don't disable stripping the executable fails to start with segfault
dontStrip = true;
meta = with lib; {
description = "Backend for the Wasabi Wallet";
homepage = "https://wasabiwallet.io/";

File diff suppressed because it is too large Load diff

View file

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "featherpad";
version = "1.0.1";
version = "1.1.0";
src = fetchFromGitHub {
owner = "tsujan";
repo = "FeatherPad";
rev = "V${version}";
sha256 = "sha256-FeqTPDix2tqTJ3UU6i2e6FkmCO0KMNt4tLtrPjX57fc=";
sha256 = "sha256-Sff1oyRYCsiJ7Kl3HxI/bln0M80KlbcNSw6jrEOeWiI=";
};
nativeBuildInputs = [ cmake pkg-config qttools ];

View file

@ -251,12 +251,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2021.3.1"; /* updated by script */
version = "2021.3.2"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0nf1r02i51pplrazlyavc6xs6mi91spa92srfqpsgb78ar9vn027"; /* updated by script */
sha256 = "029xim3a6ijqdbzwxan189ydcy5b0ry2qqc70fipp8ic5z5iai3b"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -264,12 +264,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2021.3.2"; /* updated by script */
version = "2021.3.3"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0m0nc988w2a2p0l3a9cirnk2vbrsas4wb3fc4pwiml5bz5vwh255"; /* updated by script */
sha256 = "0wbr7hjbj9zvxn4j7nrp7sdzjk78hcg7ssz430y35x9isfiqv5py"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -277,12 +277,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2021.3.1"; /* updated by script */
version = "2021.3.2"; /* updated by script */
description = "Up and Coming Go IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "1kl1sg2fjh8wpx47984vw6zrqf7nakbji606cl52brkxik7py0d3"; /* updated by script */
sha256 = "0csc52wwqggdxc61qkmbs84hdvyj3x60rcv5jrxcwp3bjq94kskw"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE";
@ -290,12 +290,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "0xrhgqbsyd2plzkkmy00bwsa8dk4ijszmhmbyn6c9ygl01zhji6y"; /* updated by script */
sha256 = "19xxbjcn17n3fk1vdb31nihn9cv5q65wfxdan6dx7z0wq5c4x9zd"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -303,12 +303,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "0riwww75aizprb01c1sccprbr00ky5wgy5cxxjxqgm8v72rfnihb"; /* updated by script */
sha256 = "0ys8f2h0qaj8s9ga94hg73vah552a6al4r1ypdp05f7j1m7lzajf"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -330,12 +330,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "1h3ld3swvvx8hicm5lpf65mr7asiqy59hvqnigz71hbjgqnsb8g0"; /* updated by script */
sha256 = "011i3jgfnb2h64ikbm3wi1vfhzm50mwwy9nksl71nzllj3kz111x"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE";
@ -343,12 +343,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "PyCharm Community Edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0iypqilil6x9k1gi6bfjzccw7wp601grd9639yk50crg45wnzga4"; /* updated by script */
sha256 = "1xd88rd1w3ghkm6jq8ilhhjy972qfm57si581rnsjpz65rj6xpgm"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -356,12 +356,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "PyCharm Professional Edition";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0z6dnigx616939azyngjy5r4gayazplkgq480k80ppmkw636yhl1"; /* updated by script */
sha256 = "0639mzjh1hw158gmf4qqld03371z60k3xyca21l1pnv3551svd6d"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -382,12 +382,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "1vmybxnwyv7wiv3clm857yvzlws0bcza01wx8jm0dbnrzq38dz4d"; /* updated by script */
sha256 = "1xax3738myxjzm0p8zm8aaa2nw0336h80nrm9dqby2j7dass2jnm"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -395,12 +395,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1llz97r95xrf7yixgbfipg153qikkxziwwhv9dvvi29v7pi1k4ys"; /* updated by script */
sha256 = "1f918cj76b79x0d2hhv78mvmki5d1dps8nsx7i50wn2qzdml4kc6"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

View file

@ -2,7 +2,7 @@
python3Packages.buildPythonApplication rec {
pname = "manuskript";
version = "0.11.0";
version = "0.13.1";
format = "other";
@ -10,7 +10,7 @@ python3Packages.buildPythonApplication rec {
repo = pname;
owner = "olivierkes";
rev = version;
sha256 = "1l6l9k6k69yv8xqpll0zv9cwdqqg4zvxy90l6sx5nv2yywh5crla";
hash = "sha256-TEmAamNdqBK7bu62tLtJl05wBI6hga84PQSrWiMPROY=";
};
nativeBuildInputs = [ wrapQtAppsHook ];
@ -42,7 +42,7 @@ python3Packages.buildPythonApplication rec {
meta = {
description = "A open-source tool for writers";
homepage = "http://www.theologeek.ch/manuskript";
homepage = "https://www.theologeek.ch/manuskript";
longDescription = ''
Manuskript is a tool for those writer who like to organize and
plan everything before writing. The snowflake method can help you

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "mg";
version = "6.9";
version = "7.0";
src = fetchFromGitHub {
owner = "ibara";
repo = "mg";
rev = "mg-${version}";
sha256 = "1w49yb9v1657rv1w5w7rc9ih1d2vzv6ym3mzhf2wgmh04pdm6hid";
sha256 = "sha256-qnb0yB/NNJV257dsLmP84brajoRG03U+Ja1ACYbBvbE=";
};
enableParallelBuilding = true;

View file

@ -32,13 +32,13 @@ let
in
stdenv.mkDerivation rec {
pname = "neovim-unwrapped";
version = "0.6.0";
version = "0.6.1";
src = fetchFromGitHub {
owner = "neovim";
repo = "neovim";
rev = "v${version}";
sha256 = "sha256-mVVZiDjAsAs4PgC8lHf0Ro1uKJ4OKonoPtF59eUd888=";
sha256 = "sha256-0XCW047WopPr3pRTy9rF3Ff6MvNRHT4FletzOERD41A=";
};
patches = [

View file

@ -0,0 +1,45 @@
{ lib
, stdenv
, fetchFromGitLab
, autoreconfHook
, pkg-config
, utilmacros
, libX11
, libXaw
, libXmu
, libXt
}:
stdenv.mkDerivation rec {
pname = "xedit";
version = "1.2.2";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "xorg/app";
repo = "xedit";
rev = "${pname}-${version}";
sha256 = "0b5ic13aasv6zh20v2k7zyxsqbnsxfq5rs3w8nwzl1gklmgrjxa3";
};
nativeBuildInputs = [ autoreconfHook pkg-config utilmacros ];
buildInputs = [
libX11
libXaw
libXmu
libXt
];
configureFlags = [
"--with-lispdir=$out/share/X11/xedit/lisp"
"--with-appdefaultdir=$out/share/X11/app-defaults"
];
meta = with lib; {
description = "Simple graphical text editor using Athena Widgets (Xaw)";
homepage = "https://gitlab.freedesktop.org/xorg/app/xedit";
license = with licenses; [ mit ];
maintainers = with maintainers; [ shamilton ];
platforms = platforms.linux;
};
}

View file

@ -2,10 +2,10 @@
stdenv.mkDerivation rec {
pname = "dcw-gmt";
version = "2.0.1";
version = "2.0.2";
src = fetchurl {
url = "ftp://ftp.soest.hawaii.edu/gmt/dcw-gmt-${version}.tar.gz";
sha256 = "sha256-XJCylo9Alc9epEo1TcnY+d0bj+VRTgM4/4W0jgNUeiU=";
sha256 = "sha256-KzAPAco1DbF6rdAmCuM7823GthvkFQ5mgpAzzsPWXDw=";
};
installPhase = ''

View file

@ -11,8 +11,7 @@ buildGoModule rec {
sha256 = "DitJnWIz1Dt9yXtyQp/z738IAmG4neYmfc49Wdjos7Q=";
};
runVend = true;
vendorSha256 = "JKrBMhzBL1+jlMPudynjOc/ekFiUVaxltyLr4V8QZbg=";
vendorSha256 = "sha256-pKgukWKF4f/kLASjh8aKU7x9UBW/H+4C/02vxmh+qOU=";
meta = with lib; {
description = "Convert images into ASCII art on the console";

View file

@ -1,29 +1,115 @@
{ lib, stdenv, fetchurl, libsoup, graphicsmagick, json-glib, wrapGAppsHook
, cairo, cmake, ninja, curl, perl, llvm, desktop-file-utils, exiv2, glib
, ilmbase, gtk3, intltool, lcms2, lensfun, libX11, libexif, libgphoto2, libjpeg
, libpng, librsvg, libtiff, openexr, osm-gps-map, pkg-config, sqlite, libxslt
, openjpeg, lua, pugixml, colord, colord-gtk, libwebp, libsecret, gnome
, ocl-icd, pcre, gtk-mac-integration, isocodes, llvmPackages, gmic, libavif, icu
{ lib
, stdenv
, fetchurl
, libsoup
, graphicsmagick
, json-glib
, wrapGAppsHook
, cairo
, cmake
, ninja
, curl
, perl
, llvm_13
, desktop-file-utils
, exiv2
, glib
, ilmbase
, gtk3
, intltool
, lcms2
, lensfun
, libX11
, libexif
, libgphoto2
, libjpeg
, libpng
, librsvg
, libtiff
, openexr_3
, osm-gps-map
, pkg-config
, sqlite
, libxslt
, openjpeg
, pugixml
, colord
, colord-gtk
, libwebp
, libsecret
, gnome
, SDL2
, ocl-icd
, pcre
, gtk-mac-integration
, isocodes
, llvmPackages
, gmic
, libavif
, icu
, jasper
, libheif
, libaom
, portmidi
, fetchpatch
, lua5_4
, ...
}:
stdenv.mkDerivation rec {
version = "3.6.1";
version = "3.8.0";
pname = "darktable";
src = fetchurl {
url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
sha256 = "sha256-or/HwQO4JJRUV6m/7Z5S8Af6HQMPnbyz/wMnhRvkLRQ=";
sha256 = "01gp9dg5wr2rg1k8cqs0l3s7ism8a4q8qypgwccd4jh7ip3wfr9f";
};
nativeBuildInputs = [ cmake ninja llvm pkg-config intltool perl desktop-file-utils wrapGAppsHook ];
nativeBuildInputs = [ cmake ninja llvm_13 pkg-config intltool perl desktop-file-utils wrapGAppsHook ];
buildInputs = [
cairo curl exiv2 glib gtk3 ilmbase lcms2 lensfun libexif
libgphoto2 libjpeg libpng librsvg libtiff openexr sqlite libxslt
libsoup graphicsmagick json-glib openjpeg lua pugixml
libwebp libsecret gnome.adwaita-icon-theme osm-gps-map pcre isocodes gmic libavif icu
cairo
curl
exiv2
glib
gtk3
ilmbase
lcms2
lensfun
libexif
libgphoto2
libjpeg
libpng
librsvg
libtiff
openexr_3
sqlite
libxslt
libsoup
graphicsmagick
json-glib
openjpeg
pugixml
libwebp
libsecret
SDL2
gnome.adwaita-icon-theme
osm-gps-map
pcre
isocodes
gmic
libavif
icu
jasper
libheif
libaom
portmidi
lua5_4
] ++ lib.optionals stdenv.isLinux [
colord colord-gtk libX11 ocl-icd
colord
colord-gtk
libX11
ocl-icd
] ++ lib.optional stdenv.isDarwin gtk-mac-integration
++ lib.optional stdenv.cc.isClang llvmPackages.openmp;
@ -34,15 +120,25 @@ stdenv.mkDerivation rec {
"-DUSE_KWALLET=OFF"
];
patches = [
(fetchpatch {
# This is merged in darktable master and will hopefully be in 3.8.1
name = "cmake-fix.patch";
url = "https://github.com/darktable-org/darktable/commit/58d247f7ebea76c55fa2525beb9f5ce092c6670d.patch";
sha256 = "11fn6d2mwlapbf1zbyv6bhgv29kxcwrs7cnbway0rnl9nj8wimf2";
})
];
# darktable changed its rpath handling in commit
# 83c70b876af6484506901e6b381304ae0d073d3c and as a result the
# binaries can't find libdarktable.so, so change LD_LIBRARY_PATH in
# the wrappers:
preFixup = let
preFixup =
let
libPathEnvVar = if stdenv.isDarwin then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH";
libPathPrefix = "$out/lib/darktable" + lib.optionalString stdenv.isLinux ":${ocl-icd}/lib";
in ''
in
''
for f in $out/share/darktable/kernels/*.cl; do
sed -r "s|#include \"(.*)\"|#include \"$out/share/darktable/kernels/\1\"|g" -i "$f"
done
@ -57,6 +153,6 @@ stdenv.mkDerivation rec {
homepage = "https://www.darktable.org";
license = licenses.gpl3Plus;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ goibhniu flosse mrVanDalo ];
maintainers = with maintainers; [ goibhniu flosse mrVanDalo paperdigits ];
};
}

View file

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "16.0.2";
version = "16.1.2";
src = fetchurl {
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/drawio-x86_64-${version}.rpm";
sha256 = "980af60ea53fd0c255cfa3faa9407b146658074ea411bc491f53a047352b5b66";
sha256 = "b86ff3f77b17e7da66979fe8ea878685c0018273f5d0302f10d3094d502452ee";
};
nativeBuildInputs = [

View file

@ -6,7 +6,7 @@
stdenv.mkDerivation rec {
pname = "lightburn";
version = "1.0.04";
version = "1.0.06";
nativeBuildInputs = [
p7zip
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://github.com/LightBurnSoftware/deployment/releases/download/${version}/LightBurn-Linux64-v${version}.7z";
sha256 = "sha256-3uuYxDxlBlu3/4BhII36s+PsLJCmHDIE3fRAz6GO/js=";
sha256 = "sha256-2Wlyt9Xw/FNaFkN1Q6utXdGzp42piebESQARhfpvRhM=";
};
buildInputs = [

View file

@ -14,17 +14,21 @@
, levmar
, qhull
, cmake
, cgal_5
, boost17x
, mpfr
, xercesc
}:
mkDerivation rec {
pname = "meshlab";
version = "2020.12";
version = "2021.10";
src = fetchFromGitHub {
owner = "cnr-isti-vclab";
repo = "meshlab";
rev = "Meshlab-${version}";
sha256 = "QrnqXEVqI1ADUYWalZ0h/0+xS+gDZTinm0weT39onw0=";
sha256 = "14rrd8qrf91k89y6w2mn1r9zcfnwd0mir6g4dlgvr04i77hj4lk4";
fetchSubmodules = true; # for vcglib
};
@ -41,6 +45,10 @@ mkDerivation rec {
gmp
levmar
qhull
cgal_5
boost17x
mpfr
xercesc
];
nativeBuildInputs = [ cmake ];
@ -61,6 +69,7 @@ mkDerivation rec {
# disable when available in nixpkgs
"-DALLOW_BUNDLED_OPENCTM=ON"
"-DALLOW_BUNDLED_SSYNTH=ON"
"-DALLOW_BUNDLED_BOOST=OFF"
# some plugins are disabled unless these are on
"-DALLOW_BUNDLED_NEWUOA=ON"
"-DALLOW_BUNDLED_LEVMAR=ON"

View file

@ -21,7 +21,7 @@ stdenv.mkDerivation {
buildInputs = [ zlib ];
meta = with lib; {
homepage = "http://pbrt.org";
homepage = "https://pbrt.org/";
description = "The renderer described in the third edition of the book 'Physically Based Rendering: From Theory To Implementation'";
platforms = platforms.linux;
license = licenses.bsd2;

View file

@ -0,0 +1,37 @@
{ buildGraalvmNativeImage, fetchzip, graalvm17-ce, lib }:
buildGraalvmNativeImage rec {
pname = "HentaiAtHome";
version = "1.6.1";
src = fetchzip {
url = "https://repo.e-hentai.org/hath/HentaiAtHome_${version}.zip";
hash =
"sha512-nGGCuVovj4NJGrihKKYXnh0Ic9YD36o7r6wv9zSivZn22zm8lBYVXP85LnOw2z9DiJARivOctQGl48YFD7vxOQ==";
stripRoot = false;
};
jar = "${src}/HentaiAtHome.jar";
dontUnpack = true;
graalvm = graalvm17-ce;
extraNativeImageBuildArgs = [
"--enable-url-protocols=http,https"
"--install-exit-handlers"
"--no-fallback"
];
doInstallCheck = true;
installCheckPhase = ''
pushd $(mktemp -d)
$out/bin/HentaiAtHome
popd
'';
meta = with lib; {
homepage = "https://ehwiki.org/wiki/Hentai@Home";
description =
"Hentai@Home is an open-source P2P gallery distribution system which reduces the load on the E-Hentai Galleries";
license = licenses.gpl3;
maintainers = with maintainers; [ terrorjack ];
};
}

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "batsignal";
version = "1.3.1";
version = "1.3.2";
src = fetchFromGitHub {
owner = "electrickite";
repo = "batsignal";
rev = version;
sha256 = "sha256-ClwI3ZbkLul+l0zzzGxNjSOUTuVzIxtwUPNLOeFT2X0=";
sha256 = "sha256-+5yAwBUyhqmoV8l8VwIQMxnSgjNZNbGfGajPhA+IFwA=";
};
buildInputs = [ libnotify glib ];

View file

@ -27,20 +27,25 @@
mkDerivation rec {
pname = "calibre";
version = "5.33.2";
version = "5.34.0";
src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-wtt3ucCaFq9wLk79CeCz20tMM6AbLtZ4Ln6TxOx0dvI=";
hash = "sha256-1NQB7vrcU0hR308/8keUn/rHhdvJk5Ab0pOMPyiU1+M=";
};
# https://sources.debian.org/patches/calibre/5.33.2+dfsg-1
# https://sources.debian.org/patches/calibre/${version}+dfsg-1
patches = [
# allow for plugin update check, but no calibre version check
(fetchpatch {
name = "0001-only-plugin-update.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}%2Bdfsg-1/debian/patches/0001-only-plugin-update.patch";
sha256 = "sha256-dLzO1TWP7Q4nw2a3oN7qlhGCmcA0NKJrZidUnD6hUMA=";
sha256 = "sha256:1h2hl4z9qm17crms4d1lq2cq44cnxbga1dv6qckhxvcg6pawxg3l";
})
(fetchpatch {
name = "0007-Hardening-Qt-code.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}%2Bdfsg-1/debian/patches/0007-Hardening-Qt-code.patch";
sha256 = "sha256:18wps7fn0cpzb7gf78f15pmbaff4vlygc9g00hq7zynfa4pcgfdg";
})
]
++ lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch;

View file

@ -10,13 +10,13 @@
mkDerivation rec {
pname = "ddcui";
version = "0.1.2";
version = "0.2.0";
src = fetchFromGitHub {
owner = "rockowitz";
repo = "ddcui";
rev = "v${version}";
sha256 = "0myma1zw6dlygv3xbin662d91zcnwss10syf12q2fppkrd8qdgqf";
sha256 = "sha256-dp6D5GHpo0PJILnzZDKLnEPgQQ7980dI/6RV5ws3RTU=";
};
nativeBuildInputs = [

View file

@ -1,47 +0,0 @@
{ lib, fetchurl, python2Packages }:
python2Packages.buildPythonApplication rec {
version = "2.9.3.1";
pname = "electrum-dash";
src = fetchurl {
url = "https://github.com/akhavr/electrum-dash/releases/download/${version}/Electrum-DASH-${version}.tar.gz";
#"https://github.com/dashpay/electrum-dash/releases/download/v${version}/Electrum-DASH-${version}.tar.gz";
sha256 = "9b7ac205f63fd4bfb15d77a34a4451ef82caecf096f31048a7603bd276dfc33e";
};
propagatedBuildInputs = with python2Packages; [
dnspython
ecdsa
pbkdf2
protobuf
pyasn1
pyasn1-modules
pycrypto
pyqt4
qrcode
requests
pyaes
tlslite-ng
x11_hash
mnemonic
jsonrpclib
# plugins
trezor
];
preInstall = ''
mkdir -p $out/share
sed -i 's@usr_share = .*@usr_share = os.getenv("out")+"/share"@' setup.py
pyrcc4 icons.qrc -o gui/qt/icons_rc.py
'';
meta = with lib; {
description = "Electrum DASH";
homepage = "https://github.com/dashpay/electrum-dash";
license = licenses.gpl3;
maintainers = with maintainers; [ np ];
knownVulnerabilities = [ "CVE-2018-1000022" ];
};
}

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "fetchmail";
version = "6.4.24";
version = "6.4.25";
src = fetchurl {
url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz";
sha256 = "sha256-nJYd8lzZIvU5IYsLVqd+ekd3jkntkH7apbSUGtOyU88=";
sha256 = "sha256-fr776JFy/Vnw/YMX2HQ6hDbzdczcqzkA5MPsBqj78n8=";
};
buildInputs = [ openssl ];

View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "free42";
version = "3.0.7";
version = "3.0.8";
src = fetchFromGitHub {
owner = "thomasokken";
repo = pname;
rev = "v${version}";
sha256 = "sha256-wGzZRp+7KBV/sxm08XCkCDx+A8nR9To5MCmcdWdlttM=";
sha256 = "sha256-nZCuFumAyeUxRmmtd6/qvXk3LVZgbDhlsDygXMWDfp0=";
};
nativeBuildInputs = [ copyDesktopItems pkg-config ];

View file

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "heimer";
version = "3.0.0";
version = "3.1.0";
src = fetchFromGitHub {
owner = "juzzlin";
repo = pname;
rev = version;
sha256 = "sha256-Q1a+sGZTVUjViakBT3E7+AgqMSldAnp7UJcsSS6KZXs=";
sha256 = "sha256-F0Pl6Wk+sGfOegy7iljQH63kAMYlRYv7G9nBAAtDEkg=";
};
nativeBuildInputs = [ cmake ];

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "hugo";
version = "0.91.1";
version = "0.91.2";
src = fetchFromGitHub {
owner = "gohugoio";
repo = pname;
rev = "v${version}";
sha256 = "sha256-TPJGRXiZQ7yEttGFpVdiFcyUL5emfjfuoq3k+dQmKCg=";
sha256 = "sha256-6bqtw0hUrRBhTwEDURaTjgl3aVVCbfxjoPRfhSd3LK8=";
};
vendorSha256 = "sha256-ViWbqWjlHd8yosxe+CF1GJ9oK+plOn9s7ruhgsX/v58=";
vendorSha256 = "sha256-CO+7WgoTsFCd9vkcALKcJP6Kj3CIWr5FF75/WgbK04g=";
doCheck = false;

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "iptsd";
version = "0.4";
version = "0.5";
src = fetchFromGitHub {
owner = "linux-surface";
repo = pname;
rev = "v${version}";
sha256 = "sha256-CoPgkt7n2kk7WlQHe0RjNlxfp2Nd8BbIE2gyf0bOBy4=";
sha256 = "sha256-A/0hA4gJwzrRPn57IKYvfcAnx1KXbQl0ZX2TE8mcQhc=";
};
nativeBuildInputs = [ meson ninja pkg-config ];

View file

@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Real-time earthquake map of Japan";
homepage = "http://jquake.net";
homepage = "https://jquake.net";
downloadPage = "https://jquake.net/?down";
changelog = "https://jquake.net/?docu";
maintainers = with maintainers; [ nessdoor ];

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "kanboard";
version = "1.2.20";
version = "1.2.21";
src = fetchFromGitHub {
owner = "kanboard";
repo = "kanboard";
rev = "v${version}";
sha256 = "sha256-IB+GhUZvjngjf1UHKc7B/PkZHVXKYUTk6CVA5XSiF5Y=";
sha256 = "sha256-0CIemSdgNnYfpwZqfTerd/RZ+mYeFUWTE+v2hwu+9gI=";
};
dontBuild = true;

View file

@ -13,12 +13,12 @@
let font-droid = nerdfonts.override { fonts = [ "DroidSansMono" ]; };
in stdenv.mkDerivation rec {
pname = "koreader";
version = "2021.12";
version = "2021.12.1";
src = fetchurl {
url =
"https://github.com/koreader/koreader/releases/download/v${version}/koreader-${version}-amd64.deb";
sha256 = "sha256-duOIbYavqmUUkH6RthTYu/SeM8zOeeLm7CIAQwhw6AY=";
sha256 = "sha256-Ia0oCSGs6UYcvZVEhNpiOh3D08FgXqjqpgsQJojd3dk=";
};
sourceRoot = ".";

View file

@ -2,7 +2,7 @@
, boost
, fetchFromGitHub
, installShellFiles
, mkDerivationWith
, mkDerivation
, muparser
, pkg-config
, qmake
@ -10,10 +10,9 @@
, qtsvg
, qttools
, runtimeShell
, stdenv
}:
mkDerivationWith stdenv.mkDerivation rec {
mkDerivation rec {
pname = "librecad";
version = "2.2.0-rc2";

View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, which, zstd, pbzip2 }:
stdenv.mkDerivation rec {
version = "2.4.2";
version = "2.4.5";
pname = "makeself";
src = fetchFromGitHub {
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
repo = "makeself";
rev = "release-${version}";
fetchSubmodules = true;
sha256 = "07cq7q71bv3fwddkp2863ylry2ivds00f8sjy8npjpdbkailxm21";
sha256 = "sha256-15lUtErGsbXF2Gn0f0rvA18mMuVMmkKrGO2poeYZU9g=";
};
postPatch = "patchShebangs test";

View file

@ -1,7 +1,7 @@
{ lib
, stdenv
, autoconf
, automake
, automake115x
, c-ares
, cryptopp
, curl
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
autoconf
automake
automake115x
libtool
pkg-config
];

View file

@ -14,11 +14,11 @@ let
in
stdenv.mkDerivation rec {
pname = "mkgmap";
version = "4835";
version = "4836";
src = fetchurl {
url = "https://www.mkgmap.org.uk/download/mkgmap-r${version}-src.tar.gz";
sha256 = "u4qwfL8qp+rUIIYuZmVYjEkh0riL8yeQz0t8j5shT34=";
sha256 = "nmEl7pN3LW6nqo5IB6GgzcDMHhdAsMySTdANVbybznY=";
};
patches = [
@ -72,7 +72,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Create maps for Garmin GPS devices from OpenStreetMap (OSM) data";
homepage = "http://www.mkgmap.org.uk";
homepage = "https://www.mkgmap.org.uk/";
downloadPage = "https://www.mkgmap.org.uk/download/mkgmap.html";
license = licenses.gpl2Only;
maintainers = with maintainers; [ sikmir ];

View file

@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Utility for splitting OpenStreetMap maps into tiles";
homepage = "http://www.mkgmap.org.uk";
homepage = "https://www.mkgmap.org.uk/";
downloadPage = "https://www.mkgmap.org.uk/download/splitter.html";
license = licenses.gpl2Only;
maintainers = with maintainers; [ sikmir ];

Some files were not shown because too many files have changed in this diff Show more