Project import generated by Copybara.
GitOrigin-RevId: 23cd13167a1432550e48734079c2ffeeb441fb96
This commit is contained in:
parent
1557066375
commit
3b21d1e521
1044 changed files with 38066 additions and 10869 deletions
2
third_party/nixpkgs/.github/STALE-BOT.md
vendored
2
third_party/nixpkgs/.github/STALE-BOT.md
vendored
|
@ -3,7 +3,7 @@
|
|||
- Thanks for your contribution!
|
||||
- To remove the stale label, just leave a new comment.
|
||||
- _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
|
||||
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on the [#nixos IRC channel](https://webchat.freenode.net/#nixos).
|
||||
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/), [our Matrix room](https://matrix.to/#/#nix:nixos.org), or on the [#nixos IRC channel](https://web.libera.chat/#nixos).
|
||||
|
||||
## Suggestions for PRs
|
||||
|
||||
|
|
20
third_party/nixpkgs/.github/workflows/basic-eval.yml
vendored
Normal file
20
third_party/nixpkgs/.github/workflows/basic-eval.yml
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
name: Basic evaluation checks
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release-**
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- release-**
|
||||
jobs:
|
||||
tests:
|
||||
runs-on: ubuntu-latest
|
||||
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: cachix/install-nix-action@v13
|
||||
# explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset
|
||||
- run: nix-build pkgs/top-level/release.nix -A tarball.nixpkgs-basic-release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]'
|
|
@ -41,7 +41,7 @@ weechat.override {
|
|||
configure = { availablePlugins, ... }: {
|
||||
init = ''
|
||||
/set foo bar
|
||||
/server add freenode chat.freenode.org
|
||||
/server add libera irc.libera.chat
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
27
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
27
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -1125,9 +1125,13 @@ There are flags available to harden packages at compile or link-time. These can
|
|||
|
||||
Both parameters take a list of flags as strings. The special `"all"` flag can be passed to `hardeningDisable` to turn off all hardening. These flags can also be used as environment variables for testing or development purposes.
|
||||
|
||||
For more in-depth information on these hardening flags and hardening in general, refer to the [Debian Wiki](https://wiki.debian.org/Hardening), [Ubuntu Wiki](https://wiki.ubuntu.com/Security/Features), [Gentoo Wiki](https://wiki.gentoo.org/wiki/Project:Hardened), and the [Arch Wiki](https://wiki.archlinux.org/title/Security).
|
||||
|
||||
### Hardening flags enabled by default {#sec-hardening-flags-enabled-by-default}
|
||||
|
||||
The following flags are enabled by default and might require disabling with `hardeningDisable` if the program to package is incompatible.
|
||||
|
||||
### `format` {#format}
|
||||
#### `format` {#format}
|
||||
|
||||
Adds the `-Wformat -Wformat-security -Werror=format-security` compiler options. At present, this warns about calls to `printf` and `scanf` functions where the format string is not a string literal and there are no format arguments, as in `printf(foo);`. This may be a security hole if the format string came from untrusted input and contains `%n`.
|
||||
|
||||
|
@ -1140,7 +1144,7 @@ This needs to be turned off or fixed for errors similar to:
|
|||
cc1plus: some warnings being treated as errors
|
||||
```
|
||||
|
||||
### `stackprotector` {#stackprotector}
|
||||
#### `stackprotector` {#stackprotector}
|
||||
|
||||
Adds the `-fstack-protector-strong --param ssp-buffer-size=4` compiler options. This adds safety checks against stack overwrites rendering many potential code injection attacks into aborting situations. In the best case this turns code injection vulnerabilities into denial of service or into non-issues (depending on the application).
|
||||
|
||||
|
@ -1151,7 +1155,7 @@ bin/blib.a(bios_console.o): In function `bios_handle_cup':
|
|||
/tmp/nix-build-ipxe-20141124-5cbdc41.drv-0/ipxe-5cbdc41/src/arch/i386/firmware/pcbios/bios_console.c:86: undefined reference to `__stack_chk_fail'
|
||||
```
|
||||
|
||||
### `fortify` {#fortify}
|
||||
#### `fortify` {#fortify}
|
||||
|
||||
Adds the `-O2 -D_FORTIFY_SOURCE=2` compiler options. During code generation the compiler knows a great deal of information about buffer sizes (where possible), and attempts to replace insecure unlimited length buffer function calls with length-limited ones. This is especially useful for old, crufty code. Additionally, format strings in writable memory that contain `%n` are blocked. If an application depends on such a format string, it will need to be worked around.
|
||||
|
||||
|
@ -1172,7 +1176,7 @@ installwatch.c:3751:5: error: conflicting types for '__open_2'
|
|||
fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
|
||||
```
|
||||
|
||||
### `pic` {#pic}
|
||||
#### `pic` {#pic}
|
||||
|
||||
Adds the `-fPIC` compiler options. This options adds support for position independent code in shared libraries and thus making ASLR possible.
|
||||
|
||||
|
@ -1185,19 +1189,19 @@ ccbLfRgg.s: Assembler messages:
|
|||
ccbLfRgg.s:33: Error: missing or invalid displacement expression `private_key_len@GOTOFF'
|
||||
```
|
||||
|
||||
### `strictoverflow` {#strictoverflow}
|
||||
#### `strictoverflow` {#strictoverflow}
|
||||
|
||||
Signed integer overflow is undefined behaviour according to the C standard. If it happens, it is an error in the program as it should check for overflow before it can happen, not afterwards. GCC provides built-in functions to perform arithmetic with overflow checking, which are correct and faster than any custom implementation. As a workaround, the option `-fno-strict-overflow` makes gcc behave as if signed integer overflows were defined.
|
||||
|
||||
This flag should not trigger any build or runtime errors.
|
||||
|
||||
### `relro` {#relro}
|
||||
#### `relro` {#relro}
|
||||
|
||||
Adds the `-z relro` linker option. During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable.
|
||||
|
||||
This flag can break dynamic shared object loading. For instance, the module systems of Xorg and OpenCV are incompatible with this flag. In almost all cases the `bindnow` flag must also be disabled and incompatible programs typically fail with similar errors at runtime.
|
||||
|
||||
### `bindnow` {#bindnow}
|
||||
#### `bindnow` {#bindnow}
|
||||
|
||||
Adds the `-z bindnow` linker option. During program load, all dynamic symbols are resolved, allowing for the complete GOT to be marked read-only (due to `relro`). This prevents GOT overwrite attacks. For very large applications, this can incur some performance loss during initial load while symbols are resolved, but this shouldn’t be an issue for daemons.
|
||||
|
||||
|
@ -1207,13 +1211,18 @@ This flag can break dynamic shared object loading. For instance, the module syst
|
|||
intel_drv.so: undefined symbol: vgaHWFreeHWRec
|
||||
```
|
||||
|
||||
### Hardening flags disabled by default {#sec-hardening-flags-disabled-by-default}
|
||||
|
||||
The following flags are disabled by default and should be enabled with `hardeningEnable` for packages that take untrusted input like network services.
|
||||
|
||||
### `pie` {#pie}
|
||||
#### `pie` {#pie}
|
||||
|
||||
This flag is disabled by default for normal `glibc` based NixOS package builds, but enabled by default for `musl` based package builds.
|
||||
|
||||
Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Executables are needed to take advantage of Address Space Layout Randomization, supported by modern kernel versions. While ASLR can already be enforced for data areas in the stack and heap (brk and mmap), the code areas must be compiled as position-independent. Shared libraries already do this with the `pic` flag, so they gain ASLR automatically, but binary .text regions need to be build with `pie` to gain ASLR. When this happens, ROP attacks are much harder since there are no static locations to bounce off of during a memory corruption attack.
|
||||
|
||||
For more in-depth information on these hardening flags and hardening in general, refer to the [Debian Wiki](https://wiki.debian.org/Hardening), [Ubuntu Wiki](https://wiki.ubuntu.com/Security/Features), [Gentoo Wiki](https://wiki.gentoo.org/wiki/Project:Hardened), and the [Arch Wiki](https://wiki.archlinux.org/index.php/DeveloperWiki:Security).
|
||||
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
|
||||
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
|
||||
|
||||
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
|
||||
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
|
||||
|
|
14
third_party/nixpkgs/flake.nix
vendored
14
third_party/nixpkgs/flake.nix
vendored
|
@ -47,8 +47,20 @@
|
|||
})
|
||||
];
|
||||
})).config;
|
||||
|
||||
moduleDeclarationFile =
|
||||
(builtins.unsafeGetAttrPos "modules" args).file;
|
||||
|
||||
# Add the invoking file as error message location for modules
|
||||
# that don't have their own locations; presumably inline modules.
|
||||
addModuleDeclarationFile =
|
||||
m: {
|
||||
_file = moduleDeclarationFile;
|
||||
imports = [ m ];
|
||||
};
|
||||
|
||||
in
|
||||
modules ++ [
|
||||
map addModuleDeclarationFile modules ++ [
|
||||
{
|
||||
system.nixos.versionSuffix =
|
||||
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
|
||||
|
|
2
third_party/nixpkgs/lib/default.nix
vendored
2
third_party/nixpkgs/lib/default.nix
vendored
|
@ -116,7 +116,7 @@ let
|
|||
pushDownProperties dischargeProperties filterOverrides
|
||||
sortProperties fixupOptionType mkIf mkAssert mkMerge mkOverride
|
||||
mkOptionDefault mkDefault mkForce mkVMOverride
|
||||
mkOrder mkBefore mkAfter mkAliasDefinitions
|
||||
mkFixStrictness mkOrder mkBefore mkAfter mkAliasDefinitions
|
||||
mkAliasAndWrapDefinitions fixMergeModules mkRemovedOptionModule
|
||||
mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule
|
||||
mkAliasOptionModule doRename;
|
||||
|
|
2
third_party/nixpkgs/lib/modules.nix
vendored
2
third_party/nixpkgs/lib/modules.nix
vendored
|
@ -713,6 +713,8 @@ rec {
|
|||
mkForce = mkOverride 50;
|
||||
mkVMOverride = mkOverride 10; # used by ‘nixos-rebuild build-vm’
|
||||
|
||||
mkFixStrictness = lib.warn "lib.mkFixStrictness has no effect and will be removed. It returns its argument unmodified, so you can just remove any calls." id;
|
||||
|
||||
mkOrder = priority: content:
|
||||
{ _type = "order";
|
||||
inherit priority content;
|
||||
|
|
4
third_party/nixpkgs/lib/strings.nix
vendored
4
third_party/nixpkgs/lib/strings.nix
vendored
|
@ -95,7 +95,7 @@ rec {
|
|||
result with the specified separator interspersed between
|
||||
elements.
|
||||
|
||||
Type: concatMapStringsSep :: string -> (string -> string) -> [string] -> string
|
||||
Type: concatMapStringsSep :: string -> (a -> string) -> [a] -> string
|
||||
|
||||
Example:
|
||||
concatMapStringsSep "-" (x: toUpper x) ["foo" "bar" "baz"]
|
||||
|
@ -112,7 +112,7 @@ rec {
|
|||
/* Same as `concatMapStringsSep`, but the mapping function
|
||||
additionally receives the position of its argument.
|
||||
|
||||
Type: concatIMapStringsSep :: string -> (int -> string -> string) -> [string] -> string
|
||||
Type: concatIMapStringsSep :: string -> (int -> a -> string) -> [a] -> string
|
||||
|
||||
Example:
|
||||
concatImapStringsSep "-" (pos: x: toString (x / pos)) [ 6 6 6 ]
|
||||
|
|
118
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
118
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
|
@ -680,6 +680,12 @@
|
|||
githubId = 11699655;
|
||||
name = "Stanislas Lange";
|
||||
};
|
||||
angustrau = {
|
||||
name = "Angus Trau";
|
||||
email = "nix@angus.ws";
|
||||
github = "angustrau";
|
||||
githubId = 13267947;
|
||||
};
|
||||
anhdle14 = {
|
||||
name = "Le Anh Duc";
|
||||
email = "anhdle14@icloud.com";
|
||||
|
@ -1731,6 +1737,12 @@
|
|||
githubId = 977929;
|
||||
name = "Cody Allen";
|
||||
};
|
||||
centromere = {
|
||||
email = "nix@centromere.net";
|
||||
github = "centromere";
|
||||
githubId = 543423;
|
||||
name = "Alex Wied";
|
||||
};
|
||||
cfouche = {
|
||||
email = "chaddai.fouche@gmail.com";
|
||||
github = "Chaddai";
|
||||
|
@ -1915,6 +1927,16 @@
|
|||
githubId = 3956062;
|
||||
name = "Simon Lackerbauer";
|
||||
};
|
||||
citadelcore = {
|
||||
email = "alex@arctarus.co.uk";
|
||||
github = "citadelcore";
|
||||
githubId = 5567402;
|
||||
name = "Alex Zero";
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xA51550EDB450302C";
|
||||
fingerprint = "A0AA 4646 B8F6 9D45 4553 5A88 A515 50ED B450 302C";
|
||||
}];
|
||||
};
|
||||
cizra = {
|
||||
email = "todurov+nix@gmail.com";
|
||||
github = "cizra";
|
||||
|
@ -2549,6 +2571,12 @@
|
|||
githubId = 4708206;
|
||||
name = "Daniel Fox Franke";
|
||||
};
|
||||
dgliwka = {
|
||||
email = "dawid.gliwka@gmail.com";
|
||||
github = "dgliwka";
|
||||
githubId = 33262214;
|
||||
name = "Dawid Gliwka";
|
||||
};
|
||||
dgonyeo = {
|
||||
email = "derek@gonyeo.com";
|
||||
github = "dgonyeo";
|
||||
|
@ -3093,6 +3121,12 @@
|
|||
githubId = 57923898;
|
||||
name = "Elyhaka";
|
||||
};
|
||||
em0lar = {
|
||||
email = "nix@em0lar.dev";
|
||||
github = "em0lar";
|
||||
githubId = 11006031;
|
||||
name = "Leo Maroni";
|
||||
};
|
||||
emmanuelrosa = {
|
||||
email = "emmanuel_rosa@aol.com";
|
||||
github = "emmanuelrosa";
|
||||
|
@ -4627,6 +4661,12 @@
|
|||
githubId = 6874204;
|
||||
name = "Jason Carr";
|
||||
};
|
||||
j-brn = {
|
||||
email = "me@bricker.io";
|
||||
github = "j-brn";
|
||||
githubId = 40566146;
|
||||
name = "Jonas Braun";
|
||||
};
|
||||
j-keck = {
|
||||
email = "jhyphenkeck@gmail.com";
|
||||
github = "j-keck";
|
||||
|
@ -5428,6 +5468,16 @@
|
|||
githubId = 788813;
|
||||
name = "Bryan Gardiner";
|
||||
};
|
||||
khushraj = {
|
||||
email = "khushraj.rathod@gmail.com";
|
||||
github = "KhushrajRathod";
|
||||
githubId = 44947946;
|
||||
name = "Khushraj Rathod";
|
||||
keys = [{
|
||||
longkeyid = "rsa2048/0xB77B2A40E7702F19";
|
||||
fingerprint = "1988 3FD8 EA2E B4EC 0A93 1E22 B77B 2A40 E770 2F19";
|
||||
}];
|
||||
};
|
||||
KibaFox = {
|
||||
email = "kiba.fox@foxypossibilities.com";
|
||||
github = "KibaFox";
|
||||
|
@ -5639,6 +5689,12 @@
|
|||
githubId = 735008;
|
||||
name = "Louis Taylor";
|
||||
};
|
||||
kranzes = {
|
||||
email = "personal@ilanjoselevich.com";
|
||||
github = "Kranzes";
|
||||
githubId = 56614642;
|
||||
name = "Ilan Joselevich";
|
||||
};
|
||||
krav = {
|
||||
email = "kristoffer@microdisko.no";
|
||||
github = "krav";
|
||||
|
@ -7474,6 +7530,12 @@
|
|||
githubId = 1665818;
|
||||
name = "Philipp Eder";
|
||||
};
|
||||
nickcao = {
|
||||
name = "Nick Cao";
|
||||
email = "nickcao@nichi.co";
|
||||
github = "NickCao";
|
||||
githubId = 15247171;
|
||||
};
|
||||
nickhu = {
|
||||
email = "me@nickhu.co.uk";
|
||||
github = "nickhu";
|
||||
|
@ -7542,6 +7604,16 @@
|
|||
githubId = 3159451;
|
||||
name = "Nicolas Schneider";
|
||||
};
|
||||
nkje = {
|
||||
name = "Niels Kristian Lyshøj Jensen";
|
||||
email = "n@nk.je";
|
||||
github = "NKJe";
|
||||
githubId = 1102306;
|
||||
keys = [{
|
||||
longkeyid = "nistp256/0xDE3BADFECD31A89D";
|
||||
fingerprint = "B956 C6A4 22AF 86A0 8F77 A8CA DE3B ADFE CD31 A89D";
|
||||
}];
|
||||
};
|
||||
nkpvk = {
|
||||
email = "niko.pavlinek@gmail.com";
|
||||
github = "nkpvk";
|
||||
|
@ -8198,6 +8270,12 @@
|
|||
githubId = 1179566;
|
||||
name = "Nicolas B. Pierron";
|
||||
};
|
||||
pimeys = {
|
||||
email = "julius@nauk.io";
|
||||
github = "pimeys";
|
||||
githubId = 34967;
|
||||
name = "Julius de Bruijn";
|
||||
};
|
||||
pingiun = {
|
||||
email = "nixos@pingiun.com";
|
||||
github = "pingiun";
|
||||
|
@ -8470,7 +8548,7 @@
|
|||
email = "sibi@psibi.in";
|
||||
github = "psibi";
|
||||
githubId = 737477;
|
||||
name = "Sibi";
|
||||
name = "Sibi Prabakaran";
|
||||
};
|
||||
pstn = {
|
||||
email = "philipp@xndr.de";
|
||||
|
@ -9080,6 +9158,12 @@
|
|||
githubId = 1387224;
|
||||
name = "Richard Szibele";
|
||||
};
|
||||
rsynnest = {
|
||||
email = "contact@rsynnest.com";
|
||||
github = "rsynnest";
|
||||
githubId = 4392850;
|
||||
name = "Roland Synnestvedt";
|
||||
};
|
||||
rtburns-jpl = {
|
||||
email = "rtburns@jpl.nasa.gov";
|
||||
github = "rtburns-jpl";
|
||||
|
@ -9588,6 +9672,16 @@
|
|||
githubId = 819413;
|
||||
name = "Benedict Aas";
|
||||
};
|
||||
shreerammodi = {
|
||||
name = "Shreeram Modi";
|
||||
email = "shreerammodi10@gmail.com";
|
||||
github = "Shrimpram";
|
||||
githubId = 67710369;
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0x163B16EE76ED24CE";
|
||||
fingerprint = "EA88 EA07 26E9 6CBF 6365 3966 163B 16EE 76ED 24CE";
|
||||
}];
|
||||
};
|
||||
shyim = {
|
||||
email = "s.sayakci@gmail.com";
|
||||
github = "shyim";
|
||||
|
@ -9634,6 +9728,12 @@
|
|||
githubId = 11135311;
|
||||
name = "Simon Chatterjee";
|
||||
};
|
||||
simonkampe = {
|
||||
email = "simon.kampe+nix@gmail.com";
|
||||
github = "simonkampe";
|
||||
githubId = 254799;
|
||||
name = "Simon Kämpe";
|
||||
};
|
||||
simonvandel = {
|
||||
email = "simon.vandel@gmail.com";
|
||||
github = "simonvandel";
|
||||
|
@ -10806,6 +10906,16 @@
|
|||
githubId = 1607770;
|
||||
name = "Ulrik Strid";
|
||||
};
|
||||
unclechu = {
|
||||
name = "Viacheslav Lotsmanov";
|
||||
email = "lotsmanov89@gmail.com";
|
||||
github = "unclechu";
|
||||
githubId = 799353;
|
||||
keys = [{
|
||||
longkeyid = "rsa4096/0xD276FF7467007335";
|
||||
fingerprint = "EE59 5E29 BB5B F2B3 5ED2 3F1C D276 FF74 6700 7335";
|
||||
}];
|
||||
};
|
||||
unode = {
|
||||
email = "alves.rjc@gmail.com";
|
||||
github = "unode";
|
||||
|
@ -10866,12 +10976,6 @@
|
|||
github = "deviant";
|
||||
githubId = 68829907;
|
||||
};
|
||||
va1entin = {
|
||||
email = "github@valentinsblog.com";
|
||||
github = "va1entin";
|
||||
githubId = 31535155;
|
||||
name = "Valentin Heidelberger";
|
||||
};
|
||||
vaibhavsagar = {
|
||||
email = "vaibhavsagar@gmail.com";
|
||||
github = "vaibhavsagar";
|
||||
|
|
|
@ -133,7 +133,6 @@ with lib.maintainers; {
|
|||
|
||||
jitsi = {
|
||||
members = [
|
||||
mmilata
|
||||
petabyteboy
|
||||
ryantm
|
||||
yuka
|
||||
|
|
|
@ -20,6 +20,12 @@
|
|||
PHP now defaults to PHP 8.0, updated from 7.4.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
kOps now defaults to 1.21.0, which uses containerd as the
|
||||
default runtime.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-new-services">
|
||||
|
@ -65,6 +71,20 @@
|
|||
be able to access programmers supported by flashrom.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://vikunja.io">vikunja</link>, a to-do
|
||||
list app. Available as
|
||||
<link linkend="opt-services.vikunja.enable">services.vikunja</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://www.snapraid.it/">snapraid</link>, a
|
||||
backup program for disk arrays. Available as
|
||||
<link linkend="opt-snapraid.enable">snapraid</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-incompatibilities">
|
||||
|
@ -342,6 +362,13 @@
|
|||
release instead of the old 2.7.7 version.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>pulseeffects</literal> package updated to
|
||||
<link xlink:href="https://github.com/wwmm/easyeffects/releases/tag/v6.0.0">version
|
||||
4.x</link> and renamed to <literal>easyeffects</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>libwnck</literal> package now defaults to the 3.x
|
||||
|
@ -459,6 +486,16 @@
|
|||
</itemizedlist>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>yggdrasil</literal> was upgraded to a new major
|
||||
release with breaking changes, see
|
||||
<link xlink:href="https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0">upstream
|
||||
changelog</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-notable-changes">
|
||||
<title>Other Notable Changes</title>
|
||||
|
@ -493,6 +530,14 @@
|
|||
<literal>rxvt-unicode</literal> explicitly.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>claws-mail</literal> package now references the
|
||||
new GTK+ 3 release branch, major version 4. To use the GTK+ 2
|
||||
releases, one can install the
|
||||
<literal>claws-mail-gtk2</literal> package.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
|
|
@ -446,8 +446,8 @@
|
|||
password for the <literal>root</literal> user, e.g.
|
||||
<screen>
|
||||
setting root password...
|
||||
Enter new UNIX password: ***
|
||||
Retype new UNIX password: ***</screen>
|
||||
New password: ***
|
||||
Retype new password: ***</screen>
|
||||
<note>
|
||||
<para>
|
||||
For unattended installations, it is possible to use
|
||||
|
|
|
@ -108,7 +108,23 @@
|
|||
</arg>
|
||||
</group> <replaceable>name</replaceable>
|
||||
</arg>
|
||||
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<option>--build-host</option> <replaceable>host</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--target-host</option> <replaceable>host</replaceable>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--use-remote-sudo</option>
|
||||
</arg>
|
||||
|
||||
<sbr />
|
||||
|
||||
<arg>
|
||||
<option>--show-trace</option>
|
||||
</arg>
|
||||
|
|
13
third_party/nixpkgs/nixos/doc/manual/preface.xml
vendored
13
third_party/nixpkgs/nixos/doc/manual/preface.xml
vendored
|
@ -18,12 +18,13 @@
|
|||
<para>
|
||||
If you encounter problems, please report them on the
|
||||
<literal
|
||||
xlink:href="https://discourse.nixos.org">Discourse</literal> or
|
||||
on the <link
|
||||
xlink:href="irc://irc.freenode.net/#nixos">
|
||||
<literal>#nixos</literal> channel on Freenode</link>, or
|
||||
consider
|
||||
<link
|
||||
xlink:href="https://discourse.nixos.org">Discourse</literal>,
|
||||
the <link
|
||||
xlink:href="https://matrix.to/#nix:nixos.org">Matrix room</link>,
|
||||
or on the <link
|
||||
xlink:href="irc://irc.libera.chat/#nixos">
|
||||
<literal>#nixos</literal> channel on Libera.Chat</link>.
|
||||
Alternatively, consider <link
|
||||
xlink:href="#chap-contributing">
|
||||
contributing to this manual</link>. Bugs should be
|
||||
reported in
|
||||
|
|
|
@ -7,6 +7,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
## Highlights {#sec-release-21.11-highlights}
|
||||
|
||||
- PHP now defaults to PHP 8.0, updated from 7.4.
|
||||
- kOps now defaults to 1.21.0, which uses containerd as the default runtime.
|
||||
|
||||
## New Services {#sec-release-21.11-new-services}
|
||||
|
||||
|
@ -20,6 +21,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- Users of flashrom should migrate to [programs.flashrom.enable](options.html#opt-programs.flashrom.enable) and add themselves to the `flashrom` group to be able to access programmers supported by flashrom.
|
||||
|
||||
- [vikunja](https://vikunja.io), a to-do list app. Available as [services.vikunja](#opt-services.vikunja.enable).
|
||||
|
||||
- [snapraid](https://www.snapraid.it/), a backup program for disk arrays.
|
||||
Available as [snapraid](#opt-snapraid.enable).
|
||||
|
||||
|
||||
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
|
||||
|
||||
- The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1
|
||||
|
@ -84,6 +91,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
* The `antlr` package now defaults to the 4.x release instead of the
|
||||
old 2.7.7 version.
|
||||
|
||||
* The `pulseeffects` package updated to [version 4.x](https://github.com/wwmm/easyeffects/releases/tag/v6.0.0) and renamed to `easyeffects`.
|
||||
|
||||
* The `libwnck` package now defaults to the 3.x release instead of the
|
||||
old 2.31.0 version.
|
||||
|
||||
|
@ -113,6 +122,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
* The data directory remains located at `/var/lib/bitwarden_rs`, for backwards compatibility.
|
||||
|
||||
- `yggdrasil` was upgraded to a new major release with breaking changes, see [upstream changelog](https://github.com/yggdrasil-network/yggdrasil-go/releases/tag/v0.4.0).
|
||||
|
||||
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
||||
|
||||
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
||||
|
@ -120,3 +131,5 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
However, if [`services.fail2ban.enable`](options.html#opt-services.fail2ban.enable) is `true`, the `fail2ban` will override the verbosity to `"VERBOSE"`, so that `fail2ban` can observe the failed login attempts from the SSH logs.
|
||||
|
||||
- Sway: The terminal emulator `rxvt-unicode` is no longer installed by default via `programs.sway.extraPackages`. The current default configuration uses `alacritty` (and soon `foot`) so this is only an issue when using a customized configuration and not installing `rxvt-unicode` explicitly.
|
||||
|
||||
- The `claws-mail` package now references the new GTK+ 3 release branch, major version 4. To use the GTK+ 2 releases, one can install the `claws-mail-gtk2` package.
|
||||
|
|
|
@ -292,7 +292,12 @@ class Machine:
|
|||
net_frontend += "," + args["netFrontendArgs"]
|
||||
|
||||
start_command = (
|
||||
"qemu-kvm -m 384 " + net_backend + " " + net_frontend + " $QEMU_OPTS "
|
||||
args.get("qemuBinary", "qemu-kvm")
|
||||
+ " -m 384 "
|
||||
+ net_backend
|
||||
+ " "
|
||||
+ net_frontend
|
||||
+ " $QEMU_OPTS "
|
||||
)
|
||||
|
||||
if "hda" in args:
|
||||
|
|
|
@ -1,11 +1 @@
|
|||
{lib, stdenv, boost, cmake, pkg-config, nix, ... }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "nixos-option";
|
||||
src = ./.;
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [ boost nix ];
|
||||
meta = with lib; {
|
||||
license = licenses.lgpl2Plus;
|
||||
maintainers = with maintainers; [ chkno ];
|
||||
};
|
||||
}
|
||||
{ pkgs, ... }: pkgs.nixos-option
|
||||
|
|
|
@ -42,7 +42,7 @@ let
|
|||
nixos-option =
|
||||
if lib.versionAtLeast (lib.getVersion config.nix.package) "2.4pre"
|
||||
then null
|
||||
else pkgs.callPackage ./nixos-option { };
|
||||
else pkgs.nixos-option;
|
||||
|
||||
nixos-version = makeProg {
|
||||
name = "nixos-version";
|
||||
|
|
|
@ -388,6 +388,7 @@
|
|||
./services/hardware/bluetooth.nix
|
||||
./services/hardware/bolt.nix
|
||||
./services/hardware/brltty.nix
|
||||
./services/hardware/ddccontrol.nix
|
||||
./services/hardware/fancontrol.nix
|
||||
./services/hardware/freefall.nix
|
||||
./services/hardware/fwupd.nix
|
||||
|
@ -847,6 +848,7 @@
|
|||
./services/networking/ucarp.nix
|
||||
./services/networking/unbound.nix
|
||||
./services/networking/unifi.nix
|
||||
./services/video/unifi-video.nix
|
||||
./services/networking/v2ray.nix
|
||||
./services/networking/vsftpd.nix
|
||||
./services/networking/wakeonlan.nix
|
||||
|
@ -968,6 +970,7 @@
|
|||
./services/web-apps/trilium.nix
|
||||
./services/web-apps/selfoss.nix
|
||||
./services/web-apps/shiori.nix
|
||||
./services/web-apps/vikunja.nix
|
||||
./services/web-apps/virtlyst.nix
|
||||
./services/web-apps/wiki-js.nix
|
||||
./services/web-apps/whitebophir.nix
|
||||
|
@ -1101,6 +1104,7 @@
|
|||
./tasks/network-interfaces-systemd.nix
|
||||
./tasks/network-interfaces-scripted.nix
|
||||
./tasks/scsi-link-power-management.nix
|
||||
./tasks/snapraid.nix
|
||||
./tasks/swraid.nix
|
||||
./tasks/trackpoint.nix
|
||||
./tasks/powertop.nix
|
||||
|
|
|
@ -6,7 +6,7 @@ with lib;
|
|||
meta.maintainers = pkgs.hamster.meta.maintainers;
|
||||
|
||||
options.programs.hamster.enable =
|
||||
mkEnableOption "Whether to enable hamster time tracking.";
|
||||
mkEnableOption "hamster, a time tracking program";
|
||||
|
||||
config = lib.mkIf config.programs.hamster.enable {
|
||||
environment.systemPackages = [ pkgs.hamster ];
|
||||
|
|
|
@ -124,7 +124,8 @@ in
|
|||
example = "/run/keys/ssmtp-authpass";
|
||||
description = ''
|
||||
Path to a file that contains the password used for SMTP auth. The file
|
||||
should not contain a trailing newline, if the password does not contain one.
|
||||
should not contain a trailing newline, if the password does not contain one
|
||||
(e.g. use <command>echo -n "password" > file</command>).
|
||||
This file should be readable by the users that need to execute ssmtp.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -46,6 +46,7 @@ let
|
|||
serviceConfig = commonServiceConfig // {
|
||||
StateDirectory = "acme/.minica";
|
||||
BindPaths = "/var/lib/acme/.minica:/tmp/ca";
|
||||
UMask = 0077;
|
||||
};
|
||||
|
||||
# Working directory will be /tmp
|
||||
|
@ -54,8 +55,6 @@ let
|
|||
--ca-key ca/key.pem \
|
||||
--ca-cert ca/cert.pem \
|
||||
--domains selfsigned.local
|
||||
|
||||
chmod 600 ca/*
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -196,6 +195,7 @@ let
|
|||
|
||||
serviceConfig = commonServiceConfig // {
|
||||
Group = data.group;
|
||||
UMask = 0027;
|
||||
|
||||
StateDirectory = "acme/${cert}";
|
||||
|
||||
|
@ -220,10 +220,12 @@ let
|
|||
cat cert.pem chain.pem > fullchain.pem
|
||||
cat key.pem fullchain.pem > full.pem
|
||||
|
||||
chmod 640 *
|
||||
|
||||
# Group might change between runs, re-apply it
|
||||
chown 'acme:${data.group}' *
|
||||
|
||||
# Default permissions make the files unreadable by group + anon
|
||||
# Need to be readable by group
|
||||
chmod 640 *
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -340,8 +342,6 @@ let
|
|||
fi
|
||||
|
||||
mv domainhash.txt certificates/
|
||||
chmod 640 certificates/*
|
||||
chmod -R u=rwX,g=,o= accounts/*
|
||||
|
||||
# Group might change between runs, re-apply it
|
||||
chown 'acme:${data.group}' certificates/*
|
||||
|
@ -357,6 +357,10 @@ let
|
|||
ln -sf fullchain.pem out/cert.pem
|
||||
cat out/key.pem out/fullchain.pem > out/full.pem
|
||||
fi
|
||||
|
||||
# By default group will have no access to the cert files.
|
||||
# This chmod will fix that.
|
||||
chmod 640 out/*
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -57,7 +57,7 @@ in {
|
|||
description = ''
|
||||
Port on which RabbitMQ will listen for AMQP connections.
|
||||
'';
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
|
|
|
@ -14,15 +14,21 @@ let
|
|||
|
||||
requires = [ "postgresql.service" ];
|
||||
|
||||
path = [ pkgs.coreutils pkgs.gzip config.services.postgresql.package ];
|
||||
|
||||
script = ''
|
||||
set -e -o pipefail
|
||||
|
||||
umask 0077 # ensure backup is only readable by postgres user
|
||||
|
||||
if [ -e ${cfg.location}/${db}.sql.gz ]; then
|
||||
${pkgs.coreutils}/bin/mv ${cfg.location}/${db}.sql.gz ${cfg.location}/${db}.prev.sql.gz
|
||||
mv ${cfg.location}/${db}.sql.gz ${cfg.location}/${db}.prev.sql.gz
|
||||
fi
|
||||
|
||||
${dumpCmd} | \
|
||||
${pkgs.gzip}/bin/gzip -c > ${cfg.location}/${db}.sql.gz
|
||||
gzip -c > ${cfg.location}/${db}.in-progress.sql.gz
|
||||
|
||||
mv ${cfg.location}/${db}.in-progress.sql.gz ${cfg.location}/${db}.sql.gz
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -113,12 +119,12 @@ in {
|
|||
})
|
||||
(mkIf (cfg.enable && cfg.backupAll) {
|
||||
systemd.services.postgresqlBackup =
|
||||
postgresqlBackupService "all" "${config.services.postgresql.package}/bin/pg_dumpall";
|
||||
postgresqlBackupService "all" "pg_dumpall";
|
||||
})
|
||||
(mkIf (cfg.enable && !cfg.backupAll) {
|
||||
systemd.services = listToAttrs (map (db:
|
||||
let
|
||||
cmd = "${config.services.postgresql.package}/bin/pg_dump ${cfg.pgdumpOptions} ${db}";
|
||||
cmd = "pg_dump ${cfg.pgdumpOptions} ${db}";
|
||||
in {
|
||||
name = "postgresqlBackup-${db}";
|
||||
value = postgresqlBackupService db cmd;
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
with lib;
|
||||
let
|
||||
cfg = config.services.jenkins;
|
||||
jenkinsUrl = "http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}";
|
||||
in {
|
||||
options = {
|
||||
services.jenkins = {
|
||||
|
@ -141,14 +142,34 @@ in {
|
|||
Additional command line arguments to pass to the Java run time (as opposed to Jenkins).
|
||||
'';
|
||||
};
|
||||
|
||||
withCLI = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to make the CLI available.
|
||||
|
||||
More info about the CLI available at
|
||||
<link xlink:href="https://www.jenkins.io/doc/book/managing/cli">
|
||||
https://www.jenkins.io/doc/book/managing/cli</link> .
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
# server references the dejavu fonts
|
||||
environment.systemPackages = [
|
||||
systemPackages = [
|
||||
pkgs.dejavu_fonts
|
||||
];
|
||||
] ++ optional cfg.withCLI cfg.package;
|
||||
|
||||
variables = {}
|
||||
// optionalAttrs cfg.withCLI {
|
||||
# Make it more convenient to use the `jenkins-cli`.
|
||||
JENKINS_URL = jenkinsUrl;
|
||||
};
|
||||
};
|
||||
|
||||
users.groups = optionalAttrs (cfg.group == "jenkins") {
|
||||
jenkins.gid = config.ids.gids.jenkins;
|
||||
|
@ -215,7 +236,7 @@ in {
|
|||
'';
|
||||
|
||||
postStart = ''
|
||||
until [[ $(${pkgs.curl.bin}/bin/curl -L -s --head -w '\n%{http_code}' http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} | tail -n1) =~ ^(200|403)$ ]]; do
|
||||
until [[ $(${pkgs.curl.bin}/bin/curl -L -s --head -w '\n%{http_code}' ${jenkinsUrl} | tail -n1) =~ ^(200|403)$ ]]; do
|
||||
sleep 1
|
||||
done
|
||||
'';
|
||||
|
|
|
@ -48,7 +48,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 3306;
|
||||
description = "Port of MySQL.";
|
||||
};
|
||||
|
|
197
third_party/nixpkgs/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json
vendored
Normal file
197
third_party/nixpkgs/nixos/modules/services/desktops/pipewire/bluez-hardware.conf.json
vendored
Normal file
|
@ -0,0 +1,197 @@
|
|||
{
|
||||
"bluez5.features.device": [
|
||||
{
|
||||
"name": "Air 1 Plus",
|
||||
"no-features": [
|
||||
"hw-volume-mic"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "AirPods",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "AirPods Pro",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "AXLOIE Goin",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "JBL Endurance RUN BT",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl",
|
||||
"sbc-xq"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "JBL LIVE650BTNC"
|
||||
},
|
||||
{
|
||||
"name": "Soundcore Life P2-L",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "Urbanista Stockholm Plus",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^94:16:25:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^9c:64:8b:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^a0:e9:db:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^0c:a6:94:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:14:02:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^44:5e:f3:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^d4:9c:28:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:18:6b:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^b8:ad:3e:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^a0:e9:db:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:24:1c:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:11:b1:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^a4:15:66:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:14:f1:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^00:26:7e:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
},
|
||||
{
|
||||
"address": "~^90:03:b7:",
|
||||
"no-features": [
|
||||
"hw-volume"
|
||||
]
|
||||
}
|
||||
],
|
||||
"bluez5.features.adapter": [
|
||||
{
|
||||
"bus-type": "usb",
|
||||
"vendor-id": "usb:0bda"
|
||||
},
|
||||
{
|
||||
"bus-type": "usb",
|
||||
"no-features": [
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"no-features": [
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
}
|
||||
],
|
||||
"bluez5.features.kernel": [
|
||||
{
|
||||
"sysname": "Linux",
|
||||
"release": "~^[0-4]\\.",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"sysname": "Linux",
|
||||
"release": "~^5\\.[1-7]\\.",
|
||||
"no-features": [
|
||||
"msbc-alt1",
|
||||
"msbc-alt1-rtl"
|
||||
]
|
||||
},
|
||||
{
|
||||
"sysname": "Linux",
|
||||
"release": "~^5\\.(8|9|10)\\.",
|
||||
"no-features": [
|
||||
"msbc-alt1"
|
||||
]
|
||||
},
|
||||
{
|
||||
"no-features": []
|
||||
}
|
||||
]
|
||||
}
|
|
@ -7,7 +7,7 @@
|
|||
},
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-rtkit",
|
||||
"name": "libpipewire-module-rt",
|
||||
"args": {},
|
||||
"flags": [
|
||||
"ifexists",
|
||||
|
|
|
@ -15,6 +15,7 @@ let
|
|||
defaults = {
|
||||
alsa-monitor = (builtins.fromJSON (builtins.readFile ./alsa-monitor.conf.json));
|
||||
bluez-monitor = (builtins.fromJSON (builtins.readFile ./bluez-monitor.conf.json));
|
||||
bluez-hardware = (builtins.fromJSON (builtins.readFile ./bluez-hardware.conf.json));
|
||||
media-session = (builtins.fromJSON (builtins.readFile ./media-session.conf.json));
|
||||
v4l2-monitor = (builtins.fromJSON (builtins.readFile ./v4l2-monitor.conf.json));
|
||||
};
|
||||
|
@ -22,6 +23,7 @@ let
|
|||
configs = {
|
||||
alsa-monitor = recursiveUpdate defaults.alsa-monitor cfg.config.alsa-monitor;
|
||||
bluez-monitor = recursiveUpdate defaults.bluez-monitor cfg.config.bluez-monitor;
|
||||
bluez-hardware = defaults.bluez-hardware;
|
||||
media-session = recursiveUpdate defaults.media-session cfg.config.media-session;
|
||||
v4l2-monitor = recursiveUpdate defaults.v4l2-monitor cfg.config.v4l2-monitor;
|
||||
};
|
||||
|
@ -120,6 +122,10 @@ in {
|
|||
mkIf config.services.pipewire.pulse.enable {
|
||||
source = json.generate "bluez-monitor.conf" configs.bluez-monitor;
|
||||
};
|
||||
environment.etc."pipewire/media-session.d/bluez-hardware.conf" =
|
||||
mkIf config.services.pipewire.pulse.enable {
|
||||
source = json.generate "bluez-hardware.conf" configs.bluez-hardware;
|
||||
};
|
||||
|
||||
environment.etc."pipewire/media-session.d/with-jack" =
|
||||
mkIf config.services.pipewire.jack.enable {
|
||||
|
|
|
@ -51,7 +51,7 @@ in {
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 6523;
|
||||
description = ''
|
||||
Port to listen on
|
||||
|
|
36
third_party/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix
vendored
Normal file
36
third_party/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix
vendored
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.ddccontrol;
|
||||
in
|
||||
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
services.ddccontrol = {
|
||||
enable = lib.mkEnableOption "ddccontrol for controlling displays";
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Give users access to the "gddccontrol" tool
|
||||
environment.systemPackages = [
|
||||
pkgs.ddccontrol
|
||||
];
|
||||
|
||||
services.dbus.packages = [
|
||||
pkgs.ddccontrol
|
||||
];
|
||||
|
||||
systemd.packages = [
|
||||
pkgs.ddccontrol
|
||||
];
|
||||
};
|
||||
}
|
|
@ -58,7 +58,7 @@ in {
|
|||
port = mkOption {
|
||||
description = "Docker registry port to bind to.";
|
||||
default = 5000;
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
};
|
||||
|
||||
storagePath = mkOption {
|
||||
|
|
|
@ -82,7 +82,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = (if !usePostgresql then 3306 else pg.port);
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
|
|
@ -140,6 +140,14 @@ let
|
|||
port = 3807;
|
||||
};
|
||||
};
|
||||
registry = lib.optionalAttrs cfg.registry.enable {
|
||||
enabled = true;
|
||||
host = cfg.registry.externalAddress;
|
||||
port = cfg.registry.externalPort;
|
||||
key = cfg.registry.keyFile;
|
||||
api_url = "http://${config.services.dockerRegistry.listenAddress}:${toString config.services.dockerRegistry.port}/";
|
||||
issuer = "gitlab-issuer";
|
||||
};
|
||||
extra = {};
|
||||
uploads.storage_path = cfg.statePath;
|
||||
};
|
||||
|
@ -156,7 +164,7 @@ let
|
|||
prometheus_multiproc_dir = "/run/gitlab";
|
||||
RAILS_ENV = "production";
|
||||
MALLOC_ARENA_MAX = "2";
|
||||
};
|
||||
} // cfg.extraEnv;
|
||||
|
||||
gitlab-rake = pkgs.stdenv.mkDerivation {
|
||||
name = "gitlab-rake";
|
||||
|
@ -277,6 +285,14 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
extraEnv = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
description = ''
|
||||
Additional environment variables for the GitLab environment.
|
||||
'';
|
||||
};
|
||||
|
||||
backup.startAt = mkOption {
|
||||
type = with types; either str (listOf str);
|
||||
default = [];
|
||||
|
@ -508,6 +524,58 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
registry = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable GitLab container registry.";
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = config.services.gitlab.host;
|
||||
description = "GitLab container registry host name.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 4567;
|
||||
description = "GitLab container registry port.";
|
||||
};
|
||||
certFile = mkOption {
|
||||
type = types.path;
|
||||
default = null;
|
||||
description = "Path to GitLab container registry certificate.";
|
||||
};
|
||||
keyFile = mkOption {
|
||||
type = types.path;
|
||||
default = null;
|
||||
description = "Path to GitLab container registry certificate-key.";
|
||||
};
|
||||
defaultForProjects = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.registry.enable;
|
||||
description = "If GitLab container registry should be enabled by default for projects.";
|
||||
};
|
||||
issuer = mkOption {
|
||||
type = types.str;
|
||||
default = "gitlab-issuer";
|
||||
description = "GitLab container registry issuer.";
|
||||
};
|
||||
serviceName = mkOption {
|
||||
type = types.str;
|
||||
default = "container_registry";
|
||||
description = "GitLab container registry service name.";
|
||||
};
|
||||
externalAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "External address used to access registry from the internet";
|
||||
};
|
||||
externalPort = mkOption {
|
||||
type = types.int;
|
||||
description = "External port used to access registry from the internet";
|
||||
};
|
||||
};
|
||||
|
||||
smtp = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -843,7 +911,7 @@ in {
|
|||
}
|
||||
{
|
||||
assertion = versionAtLeast postgresqlPackage.version "12.0.0";
|
||||
message = "PostgreSQL >=12 is required to run GitLab 14.";
|
||||
message = "PostgreSQL >=12 is required to run GitLab 14. Follow the instructions in the manual section for upgrading PostgreSQL here: https://nixos.org/manual/nixos/stable/index.html#module-services-postgres-upgrading";
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -905,6 +973,44 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.gitlab-registry-cert = optionalAttrs cfg.registry.enable {
|
||||
path = with pkgs; [ openssl ];
|
||||
|
||||
script = ''
|
||||
mkdir -p $(dirname ${cfg.registry.keyFile})
|
||||
mkdir -p $(dirname ${cfg.registry.certFile})
|
||||
openssl req -nodes -newkey rsa:4096 -keyout ${cfg.registry.keyFile} -out /tmp/registry-auth.csr -subj "/CN=${cfg.registry.issuer}"
|
||||
openssl x509 -in /tmp/registry-auth.csr -out ${cfg.registry.certFile} -req -signkey ${cfg.registry.keyFile} -days 3650
|
||||
chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.keyFile})
|
||||
chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.certFile})
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.registry.keyFile}
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.registry.certFile}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ConditionPathExists = "!${cfg.registry.certFile}";
|
||||
};
|
||||
};
|
||||
|
||||
# Ensure Docker Registry launches after the certificate generation job
|
||||
systemd.services.docker-registry = optionalAttrs cfg.registry.enable {
|
||||
wants = [ "gitlab-registry-cert.service" ];
|
||||
};
|
||||
|
||||
# Enable Docker Registry, if GitLab-Container Registry is enabled
|
||||
services.dockerRegistry = optionalAttrs cfg.registry.enable {
|
||||
enable = true;
|
||||
enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly
|
||||
extraConfig = {
|
||||
auth.token = {
|
||||
realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth";
|
||||
service = cfg.registry.serviceName;
|
||||
issuer = cfg.registry.issuer;
|
||||
rootcertbundle = cfg.registry.certFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Use postfix to send out mails.
|
||||
services.postfix.enable = mkDefault (cfg.smtp.enable && cfg.smtp.address == "localhost");
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 2947;
|
||||
description = ''
|
||||
The port where to listen for TCP connections.
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
services.leaps = {
|
||||
enable = mkEnableOption "leaps";
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 8080;
|
||||
description = "A port where leaps listens for incoming http requests";
|
||||
};
|
||||
|
|
|
@ -34,7 +34,7 @@ in
|
|||
|
||||
port = mkOption {
|
||||
default = 8899;
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
description = "Specify port to listen on.";
|
||||
}; # nserve.port
|
||||
|
||||
|
@ -68,7 +68,7 @@ in
|
|||
|
||||
port = mkOption {
|
||||
default = 14311;
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
description = "Specify port to listen on.";
|
||||
}; # qserve.port
|
||||
|
||||
|
@ -137,7 +137,7 @@ in
|
|||
|
||||
port = mkOption {
|
||||
default = 8898;
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
description = "Port to listen to when serving files from cache.";
|
||||
}; # nslave.http.port
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 5000;
|
||||
description = ''
|
||||
Port to bind OctoPrint to.
|
||||
|
|
|
@ -67,7 +67,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 28981;
|
||||
description = "Server port to listen on.";
|
||||
};
|
||||
|
|
|
@ -71,7 +71,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 3000;
|
||||
description = "Port on which Redmine is ran.";
|
||||
};
|
||||
|
|
|
@ -28,7 +28,7 @@ let cfg = config.services.subsonic; in {
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 4040;
|
||||
description = ''
|
||||
The port on which Subsonic will listen for
|
||||
|
@ -37,7 +37,7 @@ let cfg = config.services.subsonic; in {
|
|||
};
|
||||
|
||||
httpsPort = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 0;
|
||||
description = ''
|
||||
The port on which Subsonic will listen for
|
||||
|
|
|
@ -292,7 +292,7 @@ in {
|
|||
port = mkOption {
|
||||
description = "Listening port.";
|
||||
default = 3000;
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
|
|
|
@ -323,15 +323,13 @@ let
|
|||
HTTP username
|
||||
'';
|
||||
};
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
HTTP password
|
||||
'';
|
||||
};
|
||||
password = mkOpt types.str "HTTP password";
|
||||
password_file = mkOpt types.str "HTTP password file";
|
||||
};
|
||||
}) ''
|
||||
Optional http login credentials for metrics scraping.
|
||||
Sets the `Authorization` header on every scrape request with the
|
||||
configured username and password.
|
||||
password and password_file are mutually exclusive.
|
||||
'';
|
||||
|
||||
bearer_token = mkOpt types.str ''
|
||||
|
|
|
@ -6,6 +6,8 @@ let
|
|||
|
||||
cfg = config.services.bind;
|
||||
|
||||
bindPkg = config.services.bind.package;
|
||||
|
||||
bindUser = "named";
|
||||
|
||||
bindZoneCoerce = list: builtins.listToAttrs (lib.forEach list (zone: { name = zone.name; value = zone; }));
|
||||
|
@ -104,6 +106,14 @@ in
|
|||
|
||||
enable = mkEnableOption "BIND domain name server";
|
||||
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.bind;
|
||||
defaultText = "pkgs.bind";
|
||||
description = "The BIND package to use.";
|
||||
};
|
||||
|
||||
cacheNetworks = mkOption {
|
||||
default = [ "127.0.0.0/24" ];
|
||||
type = types.listOf types.str;
|
||||
|
@ -225,7 +235,7 @@ in
|
|||
preStart = ''
|
||||
mkdir -m 0755 -p /etc/bind
|
||||
if ! [ -f "/etc/bind/rndc.key" ]; then
|
||||
${pkgs.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u ${bindUser} -a -A hmac-sha256 2>/dev/null
|
||||
${bindPkg.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u ${bindUser} -a -A hmac-sha256 2>/dev/null
|
||||
fi
|
||||
|
||||
${pkgs.coreutils}/bin/mkdir -p /run/named
|
||||
|
@ -233,9 +243,9 @@ in
|
|||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.bind.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
|
||||
ExecReload = "${pkgs.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
|
||||
ExecStop = "${pkgs.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
|
||||
ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
|
||||
ExecReload = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
|
||||
ExecStop = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
|
||||
};
|
||||
|
||||
unitConfig.Documentation = "man:named(8)";
|
||||
|
|
|
@ -18,6 +18,7 @@ let
|
|||
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
|
||||
ssl=${boolToStr cfg.ssl}
|
||||
wildcard=YES
|
||||
ipv6=${boolToStr cfg.ipv6}
|
||||
quiet=${boolToStr cfg.quiet}
|
||||
verbose=${boolToStr cfg.verbose}
|
||||
${cfg.extraConfig}
|
||||
|
@ -116,7 +117,15 @@ with lib;
|
|||
default = true;
|
||||
type = bool;
|
||||
description = ''
|
||||
Whether to use to use SSL/TLS to connect to dynamic DNS provider.
|
||||
Whether to use SSL/TLS to connect to dynamic DNS provider.
|
||||
'';
|
||||
};
|
||||
|
||||
ipv6 = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
description = ''
|
||||
Whether to use IPv6.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -38,8 +38,8 @@ in
|
|||
# Use services.matterbridge.configPath instead.
|
||||
|
||||
[irc]
|
||||
[irc.freenode]
|
||||
Server="irc.freenode.net:6667"
|
||||
[irc.libera]
|
||||
Server="irc.libera.chat:6667"
|
||||
Nick="matterbot"
|
||||
|
||||
[mattermost]
|
||||
|
@ -55,7 +55,7 @@ in
|
|||
name="gateway1"
|
||||
enable=true
|
||||
[[gateway.inout]]
|
||||
account="irc.freenode"
|
||||
account="irc.libera"
|
||||
channel="#testing"
|
||||
|
||||
[[gateway.inout]]
|
||||
|
|
|
@ -98,7 +98,7 @@ in
|
|||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 64738;
|
||||
description = "Ports to bind to (UDP and TCP).";
|
||||
};
|
||||
|
|
|
@ -105,7 +105,7 @@ in
|
|||
};
|
||||
|
||||
rpc.port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 8332;
|
||||
description = ''
|
||||
Port the RPC server will bind to.
|
||||
|
|
|
@ -13,7 +13,7 @@ in
|
|||
enable = mkEnableOption "Serve NAR file contents via HTTP";
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 8383;
|
||||
description = ''
|
||||
Port number where nar-serve will listen on.
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
enable = mkEnableOption "nix-serve, the standalone Nix binary cache server";
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 5000;
|
||||
description = ''
|
||||
Port number where nix-serve will listen on.
|
||||
|
|
|
@ -54,6 +54,7 @@ in {
|
|||
|
||||
systemd.packages = [ pkgs.smartdns ];
|
||||
systemd.services.smartdns.wantedBy = [ "multi-user.target" ];
|
||||
systemd.services.smartdns.restartTriggers = [ confFile ];
|
||||
environment.etc."smartdns/smartdns.conf".source = confFile;
|
||||
environment.etc."default/smartdns".source =
|
||||
"${pkgs.smartdns}/etc/default/smartdns";
|
||||
|
|
|
@ -133,8 +133,8 @@ in
|
|||
Nick = "paul";
|
||||
AltNick = "paul1";
|
||||
LoadModule = [ "chansaver" "controlpanel" ];
|
||||
Network.freenode = {
|
||||
Server = "chat.freenode.net +6697";
|
||||
Network.libera = {
|
||||
Server = "irc.libera.chat +6697";
|
||||
LoadModule = [ "simple_away" ];
|
||||
Chan = {
|
||||
"#nixos" = { Detached = false; };
|
||||
|
|
|
@ -11,7 +11,7 @@ let
|
|||
|
||||
server = mkOption {
|
||||
type = types.str;
|
||||
example = "chat.freenode.net";
|
||||
example = "irc.libera.chat";
|
||||
description = ''
|
||||
IRC server address.
|
||||
'';
|
||||
|
@ -150,8 +150,8 @@ in
|
|||
'';
|
||||
example = literalExample ''
|
||||
{
|
||||
"freenode" = {
|
||||
server = "chat.freenode.net";
|
||||
"libera" = {
|
||||
server = "irc.libera.chat";
|
||||
port = 6697;
|
||||
useSSL = true;
|
||||
modules = [ "simple_away" ];
|
||||
|
|
|
@ -26,12 +26,12 @@ let
|
|||
if value != null then [ (nameValuePair (nameToEnvVar name) (if isBool value then boolToString value else toString value)) ] else []
|
||||
) cfg.config));
|
||||
in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
|
||||
WEB_VAULT_FOLDER = "${pkgs.vaultwarden-vault}/share/vaultwarden/vault";
|
||||
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
|
||||
} // configEnv;
|
||||
|
||||
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
|
||||
|
||||
vaultwarden = pkgs.vaultwarden.override { inherit (cfg) dbBackend; };
|
||||
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
|
||||
|
||||
in {
|
||||
imports = [
|
||||
|
@ -102,6 +102,20 @@ in {
|
|||
<literal>vaultwarden</literal> is running.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = package;
|
||||
default = pkgs.vaultwarden;
|
||||
defaultText = "pkgs.vaultwarden";
|
||||
description = "Vaultwarden package to use.";
|
||||
};
|
||||
|
||||
webVaultPackage = mkOption {
|
||||
type = package;
|
||||
default = pkgs.vaultwarden-vault;
|
||||
defaultText = "pkgs.vaultwarden-vault";
|
||||
description = "Web vault package to use.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
265
third_party/nixpkgs/nixos/modules/services/video/unifi-video.nix
vendored
Normal file
265
third_party/nixpkgs/nixos/modules/services/video/unifi-video.nix
vendored
Normal file
|
@ -0,0 +1,265 @@
|
|||
{ config, lib, pkgs, utils, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.unifi-video;
|
||||
mainClass = "com.ubnt.airvision.Main";
|
||||
cmd = ''
|
||||
${pkgs.jsvc}/bin/jsvc \
|
||||
-cwd ${stateDir} \
|
||||
-debug \
|
||||
-verbose:class \
|
||||
-nodetach \
|
||||
-user unifi-video \
|
||||
-home ${cfg.jrePackage}/lib/openjdk \
|
||||
-cp ${pkgs.commonsDaemon}/share/java/commons-daemon-1.2.4.jar:${stateDir}/lib/airvision.jar \
|
||||
-pidfile ${cfg.pidFile} \
|
||||
-procname unifi-video \
|
||||
-Djava.security.egd=file:/dev/./urandom \
|
||||
-Xmx${cfg.maximumJavaHeapSize}M \
|
||||
-Xss512K \
|
||||
-XX:+UseG1GC \
|
||||
-XX:+UseStringDeduplication \
|
||||
-XX:MaxMetaspaceSize=768M \
|
||||
-Djava.library.path=${stateDir}/lib \
|
||||
-Djava.awt.headless=true \
|
||||
-Djavax.net.ssl.trustStore=${stateDir}/etc/ufv-truststore \
|
||||
-Dfile.encoding=UTF-8 \
|
||||
-Dav.tempdir=/var/cache/unifi-video
|
||||
'';
|
||||
|
||||
mongoConf = pkgs.writeTextFile {
|
||||
name = "mongo.conf";
|
||||
executable = false;
|
||||
text = ''
|
||||
# for documentation of all options, see http://docs.mongodb.org/manual/reference/configuration-options/
|
||||
|
||||
storage:
|
||||
dbPath: ${cfg.dataDir}/db
|
||||
journal:
|
||||
enabled: true
|
||||
syncPeriodSecs: 60
|
||||
|
||||
systemLog:
|
||||
destination: file
|
||||
logAppend: true
|
||||
path: ${stateDir}/logs/mongod.log
|
||||
|
||||
net:
|
||||
port: 7441
|
||||
bindIp: 127.0.0.1
|
||||
http:
|
||||
enabled: false
|
||||
|
||||
operationProfiling:
|
||||
slowOpThresholdMs: 500
|
||||
mode: off
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
mongoWtConf = pkgs.writeTextFile {
|
||||
name = "mongowt.conf";
|
||||
executable = false;
|
||||
text = ''
|
||||
# for documentation of all options, see:
|
||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||
|
||||
storage:
|
||||
dbPath: ${cfg.dataDir}/db-wt
|
||||
journal:
|
||||
enabled: true
|
||||
wiredTiger:
|
||||
engineConfig:
|
||||
cacheSizeGB: 1
|
||||
|
||||
systemLog:
|
||||
destination: file
|
||||
logAppend: true
|
||||
path: logs/mongod.log
|
||||
|
||||
net:
|
||||
port: 7441
|
||||
bindIp: 127.0.0.1
|
||||
|
||||
operationProfiling:
|
||||
slowOpThresholdMs: 500
|
||||
mode: off
|
||||
'';
|
||||
};
|
||||
|
||||
stateDir = "/var/lib/unifi-video";
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
options.services.unifi-video = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether or not to enable the unifi-video service.
|
||||
'';
|
||||
};
|
||||
|
||||
jrePackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.jre8;
|
||||
defaultText = "pkgs.jre8";
|
||||
description = ''
|
||||
The JRE package to use. Check the release notes to ensure it is supported.
|
||||
'';
|
||||
};
|
||||
|
||||
unifiVideoPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.unifi-video;
|
||||
defaultText = "pkgs.unifi-video";
|
||||
description = ''
|
||||
The unifi-video package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
mongodbPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.mongodb-4_0;
|
||||
defaultText = "pkgs.mongodb";
|
||||
description = ''
|
||||
The mongodb package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
logDir = mkOption {
|
||||
type = types.str;
|
||||
default = "${stateDir}/logs";
|
||||
description = ''
|
||||
Where to store the logs.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "${stateDir}/data";
|
||||
description = ''
|
||||
Where to store the database and other data.
|
||||
'';
|
||||
};
|
||||
|
||||
openPorts = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether or not to open the required ports on the firewall.
|
||||
'';
|
||||
};
|
||||
|
||||
maximumJavaHeapSize = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = 1024;
|
||||
example = 4096;
|
||||
description = ''
|
||||
Set the maximimum heap size for the JVM in MB.
|
||||
'';
|
||||
};
|
||||
|
||||
pidFile = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.dataDir}/unifi-video.pid";
|
||||
description = "Location of unifi-video pid file.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users = {
|
||||
users.unifi-video = {
|
||||
description = "UniFi Video controller daemon user";
|
||||
home = stateDir;
|
||||
group = "unifi-video";
|
||||
isSystemUser = true;
|
||||
};
|
||||
groups.unifi-video = {};
|
||||
};
|
||||
|
||||
networking.firewall = mkIf cfg.openPorts {
|
||||
# https://help.ui.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
|
||||
allowedTCPPorts = [
|
||||
7080 # HTTP portal
|
||||
7443 # HTTPS portal
|
||||
7445 # Video over HTTP (mobile app)
|
||||
7446 # Video over HTTPS (mobile app)
|
||||
7447 # RTSP via the controller
|
||||
7442 # Camera management from cameras to NVR over WAN
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
6666 # Inbound camera streams sent over WAN
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${stateDir}' 0700 unifi-video unifi-video - -"
|
||||
"d '/var/cache/unifi-video' 0700 unifi-video unifi-video - -"
|
||||
|
||||
"d '${stateDir}/logs' 0700 unifi-video unifi-video - -"
|
||||
"C '${stateDir}/etc' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc"
|
||||
"C '${stateDir}/webapps' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/webapps"
|
||||
"C '${stateDir}/email' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/email"
|
||||
"C '${stateDir}/fw' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/fw"
|
||||
"C '${stateDir}/lib' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/lib"
|
||||
|
||||
"d '${stateDir}/data' 0700 unifi-video unifi-video - -"
|
||||
"d '${stateDir}/data/db' 0700 unifi-video unifi-video - -"
|
||||
"C '${stateDir}/data/system.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc/system.properties"
|
||||
|
||||
"d '${stateDir}/bin' 0700 unifi-video unifi-video - -"
|
||||
"f '${stateDir}/bin/evostreamms' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/evostreamms"
|
||||
"f '${stateDir}/bin/libavcodec.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavcodec.so.54"
|
||||
"f '${stateDir}/bin/libavformat.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavformat.so.54"
|
||||
"f '${stateDir}/bin/libavutil.so.52' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavutil.so.52"
|
||||
"f '${stateDir}/bin/ubnt.avtool' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.avtool"
|
||||
"f '${stateDir}/bin/ubnt.updater' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.updater"
|
||||
"C '${stateDir}/bin/mongo' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongo"
|
||||
"C '${stateDir}/bin/mongod' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongod"
|
||||
"C '${stateDir}/bin/mongoperf' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongoperf"
|
||||
"C '${stateDir}/bin/mongos' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongos"
|
||||
|
||||
"d '${stateDir}/conf' 0700 unifi-video unifi-video - -"
|
||||
"C '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/evostream"
|
||||
"Z '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - -"
|
||||
"L+ '${stateDir}/conf/mongodv3.0+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
|
||||
"L+ '${stateDir}/conf/mongodv3.6+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
|
||||
"L+ '${stateDir}/conf/mongod-wt.conf' 0700 unifi-video unifi-video - ${mongoWtConf}"
|
||||
"L+ '${stateDir}/conf/catalina.policy' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.policy"
|
||||
"L+ '${stateDir}/conf/catalina.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.properties"
|
||||
"L+ '${stateDir}/conf/context.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/context.xml"
|
||||
"L+ '${stateDir}/conf/logging.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/logging.properties"
|
||||
"L+ '${stateDir}/conf/server.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/server.xml"
|
||||
"L+ '${stateDir}/conf/tomcat-users.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/tomcat-users.xml"
|
||||
"L+ '${stateDir}/conf/web.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/web.xml"
|
||||
|
||||
];
|
||||
|
||||
systemd.services.unifi-video = {
|
||||
description = "UniFi Video NVR daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ] ;
|
||||
unitConfig.RequiresMountsFor = stateDir;
|
||||
# Make sure package upgrades trigger a service restart
|
||||
restartTriggers = [ cfg.unifiVideoPackage cfg.mongodbPackage ];
|
||||
path = with pkgs; [ gawk coreutils busybox which jre8 lsb-release libcap util-linux ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${(removeSuffix "\n" cmd)} ${mainClass} start";
|
||||
ExecStop = "${(removeSuffix "\n" cmd)} stop ${mainClass} stop";
|
||||
Restart = "on-failure";
|
||||
UMask = "0077";
|
||||
User = "unifi-video";
|
||||
WorkingDirectory = "${stateDir}";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ rsynnest ];
|
||||
};
|
||||
}
|
|
@ -92,7 +92,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
description = "Which package to use for the Nextcloud instance.";
|
||||
relatedPackages = [ "nextcloud19" "nextcloud20" "nextcloud21" ];
|
||||
relatedPackages = [ "nextcloud20" "nextcloud21" "nextcloud22" ];
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
|
@ -385,7 +385,7 @@ in {
|
|||
];
|
||||
|
||||
warnings = let
|
||||
latest = 21;
|
||||
latest = 22;
|
||||
upgradeWarning = major: nixos:
|
||||
''
|
||||
A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.
|
||||
|
@ -403,9 +403,9 @@ in {
|
|||
Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.
|
||||
Please migrate your configuration to config.services.nextcloud.poolSettings.
|
||||
'')
|
||||
++ (optional (versionOlder cfg.package.version "19") (upgradeWarning 18 "20.09"))
|
||||
++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.05"))
|
||||
++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05"));
|
||||
++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05"))
|
||||
++ (optional (versionOlder cfg.package.version "22") (upgradeWarning 21 "21.11"));
|
||||
|
||||
services.nextcloud.package = with pkgs;
|
||||
mkDefault (
|
||||
|
@ -415,13 +415,13 @@ in {
|
|||
nextcloud defined in an overlay, please set `services.nextcloud.package` to
|
||||
`pkgs.nextcloud`.
|
||||
''
|
||||
else if versionOlder stateVersion "20.09" then nextcloud18
|
||||
# 21.03 will not be an official release - it was instead 21.05.
|
||||
# This versionOlder statement remains set to 21.03 for backwards compatibility.
|
||||
# See https://github.com/NixOS/nixpkgs/pull/108899 and
|
||||
# https://github.com/NixOS/rfcs/blob/master/rfcs/0080-nixos-release-schedule.md.
|
||||
else if versionOlder stateVersion "21.03" then nextcloud19
|
||||
else nextcloud21
|
||||
else if versionOlder stateVersion "21.11" then nextcloud21
|
||||
else nextcloud22
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -616,9 +616,7 @@ in {
|
|||
|
||||
services.nginx.enable = mkDefault true;
|
||||
|
||||
services.nginx.virtualHosts.${cfg.hostName} = let
|
||||
major = toInt (versions.major cfg.package.version);
|
||||
in {
|
||||
services.nginx.virtualHosts.${cfg.hostName} = {
|
||||
root = cfg.package;
|
||||
locations = {
|
||||
"= /robots.txt" = {
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
desktop client is packaged at <literal>pkgs.nextcloud-client</literal>.
|
||||
</para>
|
||||
<para>
|
||||
The current default by NixOS is <package>nextcloud21</package> which is also the latest
|
||||
The current default by NixOS is <package>nextcloud22</package> which is also the latest
|
||||
major version available.
|
||||
</para>
|
||||
<section xml:id="module-services-nextcloud-basic-usage">
|
||||
|
|
145
third_party/nixpkgs/nixos/modules/services/web-apps/vikunja.nix
vendored
Normal file
145
third_party/nixpkgs/nixos/modules/services/web-apps/vikunja.nix
vendored
Normal file
|
@ -0,0 +1,145 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.vikunja;
|
||||
format = pkgs.formats.yaml {};
|
||||
configFile = format.generate "config.yaml" cfg.settings;
|
||||
useMysql = cfg.database.type == "mysql";
|
||||
usePostgresql = cfg.database.type == "postgres";
|
||||
in {
|
||||
options.services.vikunja = with lib; {
|
||||
enable = mkEnableOption "vikunja service";
|
||||
package-api = mkOption {
|
||||
default = pkgs.vikunja-api;
|
||||
type = types.package;
|
||||
defaultText = "pkgs.vikunja-api";
|
||||
description = "vikunja-api derivation to use.";
|
||||
};
|
||||
package-frontend = mkOption {
|
||||
default = pkgs.vikunja-frontend;
|
||||
type = types.package;
|
||||
defaultText = "pkgs.vikunja-frontend";
|
||||
description = "vikunja-frontend derivation to use.";
|
||||
};
|
||||
environmentFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of environment files set in the vikunja systemd service.
|
||||
For example passwords should be set in one of these files.
|
||||
'';
|
||||
};
|
||||
setupNginx = mkOption {
|
||||
type = types.bool;
|
||||
default = config.services.nginx.enable;
|
||||
defaultText = "config.services.nginx.enable";
|
||||
description = ''
|
||||
Whether to setup NGINX.
|
||||
Further nginx configuration can be done by changing
|
||||
<option>services.nginx.virtualHosts.<frontendHostname></option>.
|
||||
This does not enable TLS or ACME by default. To enable this, set the
|
||||
<option>services.nginx.virtualHosts.<frontendHostname>.enableACME</option> to
|
||||
<literal>true</literal> and if appropriate do the same for
|
||||
<option>services.nginx.virtualHosts.<frontendHostname>.forceSSL</option>.
|
||||
'';
|
||||
};
|
||||
frontendScheme = mkOption {
|
||||
type = types.enum [ "http" "https" ];
|
||||
description = ''
|
||||
Whether the site is available via http or https.
|
||||
This does not configure https or ACME in nginx!
|
||||
'';
|
||||
};
|
||||
frontendHostname = mkOption {
|
||||
type = types.str;
|
||||
description = "The Hostname under which the frontend is running.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = format.type;
|
||||
default = {};
|
||||
description = ''
|
||||
Vikunja configuration. Refer to
|
||||
<link xlink:href="https://vikunja.io/docs/config-options/"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "sqlite" "mysql" "postgres" ];
|
||||
example = "postgres";
|
||||
default = "sqlite";
|
||||
description = "Database engine to use.";
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address. Can also be a socket.";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "vikunja";
|
||||
description = "Database user.";
|
||||
};
|
||||
database = mkOption {
|
||||
type = types.str;
|
||||
default = "vikunja";
|
||||
description = "Database name.";
|
||||
};
|
||||
path = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/vikunja/vikunja.db";
|
||||
description = "Path to the sqlite3 database file.";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.vikunja.settings = {
|
||||
database = {
|
||||
inherit (cfg.database) type host user database path;
|
||||
};
|
||||
service = {
|
||||
frontendurl = "${cfg.frontendScheme}://${cfg.frontendHostname}/";
|
||||
};
|
||||
files = {
|
||||
basepath = "/var/lib/vikunja/files";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.vikunja-api = {
|
||||
description = "vikunja-api";
|
||||
after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ cfg.package-api ];
|
||||
restartTriggers = [ configFile ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
DynamicUser = true;
|
||||
StateDirectory = "vikunja";
|
||||
ExecStart = "${cfg.package-api}/bin/vikunja";
|
||||
Restart = "always";
|
||||
EnvironmentFile = cfg.environmentFiles;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${cfg.frontendHostname}" = mkIf cfg.setupNginx {
|
||||
locations = {
|
||||
"/" = {
|
||||
root = cfg.package-frontend;
|
||||
tryFiles = "try_files $uri $uri/ /";
|
||||
};
|
||||
"~* ^/(api|dav|\\.well-known)/" = {
|
||||
proxyPass = "http://localhost:3456";
|
||||
extraConfig = ''
|
||||
client_max_body_size 20M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."vikunja/config.yaml".source = configFile;
|
||||
};
|
||||
}
|
|
@ -33,7 +33,7 @@ in
|
|||
enable = mkEnableOption "ttyd daemon";
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 7681;
|
||||
description = "Port to listen on (use 0 for random port)";
|
||||
};
|
||||
|
|
|
@ -755,7 +755,7 @@ in
|
|||
default = [];
|
||||
example = [ "d /tmp 1777 root root 10d" ];
|
||||
description = ''
|
||||
Rules for creating and cleaning up temporary files
|
||||
Rules for creation, deletion and cleaning of volatile and temporary files
|
||||
automatically. See
|
||||
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for the exact format.
|
||||
|
|
|
@ -55,7 +55,16 @@ in
|
|||
(mkIf enableBtrfs {
|
||||
system.fsPackages = [ pkgs.btrfs-progs ];
|
||||
|
||||
boot.initrd.kernelModules = mkIf inInitrd [ "btrfs" "crc32c" ];
|
||||
boot.initrd.kernelModules = mkIf inInitrd [ "btrfs" ];
|
||||
boot.initrd.availableKernelModules = mkIf inInitrd (
|
||||
[ "crc32c" ]
|
||||
++ optionals (config.boot.kernelPackages.kernel.kernelAtLeast "5.5") [
|
||||
# Needed for mounting filesystems with new checksums
|
||||
"xxhash_generic"
|
||||
"blake2b_generic"
|
||||
"sha256_generic" # Should be baked into our kernel, just to be sure
|
||||
]
|
||||
);
|
||||
|
||||
boot.initrd.extraUtilsCommands = mkIf inInitrd
|
||||
''
|
||||
|
|
230
third_party/nixpkgs/nixos/modules/tasks/snapraid.nix
vendored
Normal file
230
third_party/nixpkgs/nixos/modules/tasks/snapraid.nix
vendored
Normal file
|
@ -0,0 +1,230 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let cfg = config.snapraid;
|
||||
in
|
||||
{
|
||||
options.snapraid = with types; {
|
||||
enable = mkEnableOption "SnapRAID";
|
||||
dataDisks = mkOption {
|
||||
default = { };
|
||||
example = {
|
||||
d1 = "/mnt/disk1/";
|
||||
d2 = "/mnt/disk2/";
|
||||
d3 = "/mnt/disk3/";
|
||||
};
|
||||
description = "SnapRAID data disks.";
|
||||
type = attrsOf str;
|
||||
};
|
||||
parityFiles = mkOption {
|
||||
default = [ ];
|
||||
example = [
|
||||
"/mnt/diskp/snapraid.parity"
|
||||
"/mnt/diskq/snapraid.2-parity"
|
||||
"/mnt/diskr/snapraid.3-parity"
|
||||
"/mnt/disks/snapraid.4-parity"
|
||||
"/mnt/diskt/snapraid.5-parity"
|
||||
"/mnt/disku/snapraid.6-parity"
|
||||
];
|
||||
description = "SnapRAID parity files.";
|
||||
type = listOf str;
|
||||
};
|
||||
contentFiles = mkOption {
|
||||
default = [ ];
|
||||
example = [
|
||||
"/var/snapraid.content"
|
||||
"/mnt/disk1/snapraid.content"
|
||||
"/mnt/disk2/snapraid.content"
|
||||
];
|
||||
description = "SnapRAID content list files.";
|
||||
type = listOf str;
|
||||
};
|
||||
exclude = mkOption {
|
||||
default = [ ];
|
||||
example = [ "*.unrecoverable" "/tmp/" "/lost+found/" ];
|
||||
description = "SnapRAID exclude directives.";
|
||||
type = listOf str;
|
||||
};
|
||||
touchBeforeSync = mkOption {
|
||||
default = true;
|
||||
example = false;
|
||||
description =
|
||||
"Whether <command>snapraid touch</command> should be run before <command>snapraid sync</command>.";
|
||||
type = bool;
|
||||
};
|
||||
sync.interval = mkOption {
|
||||
default = "01:00";
|
||||
example = "daily";
|
||||
description = "How often to run <command>snapraid sync</command>.";
|
||||
type = str;
|
||||
};
|
||||
scrub = {
|
||||
interval = mkOption {
|
||||
default = "Mon *-*-* 02:00:00";
|
||||
example = "weekly";
|
||||
description = "How often to run <command>snapraid scrub</command>.";
|
||||
type = str;
|
||||
};
|
||||
plan = mkOption {
|
||||
default = 8;
|
||||
example = 5;
|
||||
description =
|
||||
"Percent of the array that should be checked by <command>snapraid scrub</command>.";
|
||||
type = int;
|
||||
};
|
||||
olderThan = mkOption {
|
||||
default = 10;
|
||||
example = 20;
|
||||
description =
|
||||
"Number of days since data was last scrubbed before it can be scrubbed again.";
|
||||
type = int;
|
||||
};
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
example = ''
|
||||
nohidden
|
||||
blocksize 256
|
||||
hashsize 16
|
||||
autosave 500
|
||||
pool /pool
|
||||
'';
|
||||
description = "Extra config options for SnapRAID.";
|
||||
type = lines;
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
nParity = builtins.length cfg.parityFiles;
|
||||
mkPrepend = pre: s: pre + s;
|
||||
in
|
||||
mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = nParity <= 6;
|
||||
message = "You can have no more than six SnapRAID parity files.";
|
||||
}
|
||||
{
|
||||
assertion = builtins.length cfg.contentFiles >= nParity + 1;
|
||||
message =
|
||||
"There must be at least one SnapRAID content file for each SnapRAID parity file plus one.";
|
||||
}
|
||||
];
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ snapraid ];
|
||||
|
||||
etc."snapraid.conf" = {
|
||||
text = with cfg;
|
||||
let
|
||||
prependData = mkPrepend "data ";
|
||||
prependContent = mkPrepend "content ";
|
||||
prependExclude = mkPrepend "exclude ";
|
||||
in
|
||||
concatStringsSep "\n"
|
||||
(map prependData
|
||||
((mapAttrsToList (name: value: name + " " + value)) dataDisks)
|
||||
++ zipListsWith (a: b: a + b)
|
||||
([ "parity " ] ++ map (i: toString i + "-parity ") (range 2 6))
|
||||
parityFiles ++ map prependContent contentFiles
|
||||
++ map prependExclude exclude) + "\n" + extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = with cfg; {
|
||||
snapraid-scrub = {
|
||||
description = "Scrub the SnapRAID array";
|
||||
startAt = scrub.interval;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.snapraid}/bin/snapraid scrub -p ${
|
||||
toString scrub.plan
|
||||
} -o ${toString scrub.olderThan}";
|
||||
Nice = 19;
|
||||
IOSchedulingPriority = 7;
|
||||
CPUSchedulingPolicy = "batch";
|
||||
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictAddressFamilies = "none";
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = "read-only";
|
||||
ReadWritePaths =
|
||||
# scrub requires access to directories containing content files
|
||||
# to remove them if they are stale
|
||||
let
|
||||
contentDirs = map dirOf contentFiles;
|
||||
in
|
||||
unique (
|
||||
attrValues dataDisks ++ contentDirs
|
||||
);
|
||||
};
|
||||
unitConfig.After = "snapraid-sync.service";
|
||||
};
|
||||
snapraid-sync = {
|
||||
description = "Synchronize the state of the SnapRAID array";
|
||||
startAt = sync.interval;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.snapraid}/bin/snapraid sync";
|
||||
Nice = 19;
|
||||
IOSchedulingPriority = 7;
|
||||
CPUSchedulingPolicy = "batch";
|
||||
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictAddressFamilies = "none";
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = "read-only";
|
||||
ReadWritePaths =
|
||||
# sync requires access to directories containing content files
|
||||
# to remove them if they are stale
|
||||
let
|
||||
contentDirs = map dirOf contentFiles;
|
||||
in
|
||||
unique (
|
||||
attrValues dataDisks ++ parityFiles ++ contentDirs
|
||||
);
|
||||
} // optionalAttrs touchBeforeSync {
|
||||
ExecStartPre = "${pkgs.snapraid}/bin/snapraid touch";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -31,6 +31,30 @@ let
|
|||
example = literalExample "pkgs.dockerTools.buildDockerImage {...};";
|
||||
};
|
||||
|
||||
login = {
|
||||
|
||||
username = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = "Username for login.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = "Path to file containing password.";
|
||||
example = "/etc/nixos/dockerhub-password.txt";
|
||||
};
|
||||
|
||||
registry = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = "Registry where to login to.";
|
||||
example = "https://docker.pkg.github.com";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
cmd = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
|
@ -220,6 +244,8 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
isValidLogin = login: login.username != null && login.passwordFile != null && login.registry != null;
|
||||
|
||||
mkService = name: container: let
|
||||
dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn;
|
||||
in {
|
||||
|
@ -235,6 +261,13 @@ let
|
|||
|
||||
preStart = ''
|
||||
${cfg.backend} rm -f ${name} || true
|
||||
${optionalString (isValidLogin container.login) ''
|
||||
cat ${container.login.passwordFile} | \
|
||||
${cfg.backend} login \
|
||||
${container.login.registry} \
|
||||
--username ${container.login.username} \
|
||||
--password-stdin
|
||||
''}
|
||||
${optionalString (container.imageFile != null) ''
|
||||
${cfg.backend} load -i ${container.imageFile}
|
||||
''}
|
||||
|
@ -262,9 +295,6 @@ let
|
|||
postStop = "${cfg.backend} rm -f ${name} || true";
|
||||
|
||||
serviceConfig = {
|
||||
StandardOutput = "null";
|
||||
StandardError = "null";
|
||||
|
||||
### There is no generalized way of supporting `reload` for docker
|
||||
### containers. Some containers may respond well to SIGHUP sent to their
|
||||
### init process, but it is not guaranteed; some apps have other reload
|
||||
|
|
|
@ -56,5 +56,7 @@ in
|
|||
${open-vm-tools}/bin/vmware-user-suid-wrapper
|
||||
'';
|
||||
};
|
||||
|
||||
services.udev.packages = [ open-vm-tools ];
|
||||
};
|
||||
}
|
||||
|
|
24
third_party/nixpkgs/nixos/tests/acme.nix
vendored
24
third_party/nixpkgs/nixos/tests/acme.nix
vendored
|
@ -330,30 +330,38 @@ in import ./make-test-python.nix ({ lib, ... }: {
|
|||
|
||||
with subtest("Can request certificate with HTTPS-01 challenge"):
|
||||
webserver.wait_for_unit("acme-finished-a.example.test.target")
|
||||
check_fullchain(webserver, "a.example.test")
|
||||
check_issuer(webserver, "a.example.test", "pebble")
|
||||
check_connection(client, "a.example.test")
|
||||
|
||||
with subtest("Certificates and accounts have safe + valid permissions"):
|
||||
group = "${nodes.webserver.config.security.acme.certs."a.example.test".group}"
|
||||
webserver.succeed(
|
||||
f"test $(stat -L -c \"%a %U %G\" /var/lib/acme/a.example.test/* | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"
|
||||
f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"
|
||||
)
|
||||
webserver.succeed(
|
||||
f"test $(stat -L -c \"%a %U %G\" /var/lib/acme/.lego/a.example.test/**/* | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"
|
||||
f"test $(stat -L -c '%a %U %G' /var/lib/acme/.lego/a.example.test/**/a.example.test* | tee /dev/stderr | grep '600 acme {group}' | wc -l) -eq 4"
|
||||
)
|
||||
webserver.succeed(
|
||||
f"test $(stat -L -c \"%a %U %G\" /var/lib/acme/a.example.test | tee /dev/stderr | grep '750 acme {group}' | wc -l) -eq 1"
|
||||
f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test | tee /dev/stderr | grep '750 acme {group}' | wc -l) -eq 1"
|
||||
)
|
||||
webserver.succeed(
|
||||
f"test $(find /var/lib/acme/accounts -type f -exec stat -L -c \"%a %U %G\" {{}} \\; | tee /dev/stderr | grep -v '600 acme {group}' | wc -l) -eq 0"
|
||||
f"test $(find /var/lib/acme/accounts -type f -exec stat -L -c '%a %U %G' {{}} \\; | tee /dev/stderr | grep -v '600 acme {group}' | wc -l) -eq 0"
|
||||
)
|
||||
|
||||
with subtest("Certs are accepted by web server"):
|
||||
webserver.succeed("systemctl start nginx.service")
|
||||
check_fullchain(webserver, "a.example.test")
|
||||
check_issuer(webserver, "a.example.test", "pebble")
|
||||
check_connection(client, "a.example.test")
|
||||
|
||||
# Selfsigned certs tests happen late so we aren't fighting the system init triggering cert renewal
|
||||
with subtest("Can generate valid selfsigned certs"):
|
||||
webserver.succeed("systemctl clean acme-a.example.test.service --what=state")
|
||||
webserver.succeed("systemctl start acme-selfsigned-a.example.test.service")
|
||||
check_fullchain(webserver, "a.example.test")
|
||||
check_issuer(webserver, "a.example.test", "minica")
|
||||
# Check selfsigned permissions
|
||||
webserver.succeed(
|
||||
f"test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme {group}' | wc -l) -eq 5"
|
||||
)
|
||||
# Will succeed if nginx can load the certs
|
||||
webserver.succeed("systemctl start nginx-config-reload.service")
|
||||
|
||||
|
@ -376,6 +384,8 @@ in import ./make-test-python.nix ({ lib, ... }: {
|
|||
webserver.wait_for_unit("acme-finished-a.example.test.target")
|
||||
check_connection_key_bits(client, "a.example.test", "384")
|
||||
webserver.succeed("grep testing /var/lib/acme/a.example.test/test")
|
||||
# Clean to remove the testing file (and anything else messy we did)
|
||||
webserver.succeed("systemctl clean acme-a.example.test.service --what=state")
|
||||
|
||||
with subtest("Correctly implements OCSP stapling"):
|
||||
switch_to(webserver, "ocsp-stapling")
|
||||
|
|
|
@ -43,7 +43,7 @@ in
|
|||
bitcoind = handleTest ./bitcoind.nix {};
|
||||
bittorrent = handleTest ./bittorrent.nix {};
|
||||
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
|
||||
boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
|
||||
boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {};
|
||||
boot-stage1 = handleTest ./boot-stage1.nix {};
|
||||
borgbackup = handleTest ./borgbackup.nix {};
|
||||
botamusique = handleTest ./botamusique.nix {};
|
||||
|
@ -450,6 +450,7 @@ in
|
|||
vaultwarden = handleTest ./vaultwarden.nix {};
|
||||
vector = handleTest ./vector.nix {};
|
||||
victoriametrics = handleTest ./victoriametrics.nix {};
|
||||
vikunja = handleTest ./vikunja.nix {};
|
||||
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
|
||||
vscodium = handleTest ./vscodium.nix {};
|
||||
wasabibackend = handleTest ./wasabibackend.nix {};
|
||||
|
|
42
third_party/nixpkgs/nixos/tests/boot.nix
vendored
42
third_party/nixpkgs/nixos/tests/boot.nix
vendored
|
@ -4,6 +4,7 @@
|
|||
}:
|
||||
|
||||
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||
with import ../lib/qemu-flags.nix { inherit pkgs; };
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
|
@ -21,7 +22,10 @@ let
|
|||
|
||||
makeBootTest = name: extraConfig:
|
||||
let
|
||||
machineConfig = pythonDict ({ qemuFlags = "-m 768"; } // extraConfig);
|
||||
machineConfig = pythonDict ({
|
||||
qemuBinary = qemuBinary pkgs.qemu_test;
|
||||
qemuFlags = "-m 768";
|
||||
} // extraConfig);
|
||||
in
|
||||
makeTest {
|
||||
inherit iso;
|
||||
|
@ -61,6 +65,7 @@ let
|
|||
];
|
||||
};
|
||||
machineConfig = pythonDict ({
|
||||
qemuBinary = qemuBinary pkgs.qemu_test;
|
||||
qemuFlags = "-boot order=n -m 2000";
|
||||
netBackendArgs = "tftp=${ipxeBootDir},bootfile=netboot.ipxe";
|
||||
} // extraConfig);
|
||||
|
@ -75,8 +80,27 @@ let
|
|||
machine.shutdown()
|
||||
'';
|
||||
};
|
||||
uefiBinary = {
|
||||
x86_64-linux = "${pkgs.OVMF.fd}/FV/OVMF.fd";
|
||||
aarch64-linux = "${pkgs.OVMF.fd}/FV/QEMU_EFI.fd";
|
||||
}.${pkgs.stdenv.hostPlatform.system};
|
||||
in {
|
||||
uefiCdrom = makeBootTest "uefi-cdrom" {
|
||||
cdrom = "${iso}/iso/${iso.isoName}";
|
||||
bios = uefiBinary;
|
||||
};
|
||||
|
||||
uefiUsb = makeBootTest "uefi-usb" {
|
||||
usb = "${iso}/iso/${iso.isoName}";
|
||||
bios = uefiBinary;
|
||||
};
|
||||
|
||||
uefiNetboot = makeNetbootTest "uefi" {
|
||||
bios = uefiBinary;
|
||||
# Custom ROM is needed for EFI PXE boot. I failed to understand exactly why, because QEMU should still use iPXE for EFI.
|
||||
netFrontendArgs = "romfile=${pkgs.ipxe}/ipxe.efirom";
|
||||
};
|
||||
} // optionalAttrs (pkgs.stdenv.hostPlatform.system == "x86_64-linux") {
|
||||
biosCdrom = makeBootTest "bios-cdrom" {
|
||||
cdrom = "${iso}/iso/${iso.isoName}";
|
||||
};
|
||||
|
@ -85,21 +109,5 @@ in {
|
|||
usb = "${iso}/iso/${iso.isoName}";
|
||||
};
|
||||
|
||||
uefiCdrom = makeBootTest "uefi-cdrom" {
|
||||
cdrom = "${iso}/iso/${iso.isoName}";
|
||||
bios = "${pkgs.OVMF.fd}/FV/OVMF.fd";
|
||||
};
|
||||
|
||||
uefiUsb = makeBootTest "uefi-usb" {
|
||||
usb = "${iso}/iso/${iso.isoName}";
|
||||
bios = "${pkgs.OVMF.fd}/FV/OVMF.fd";
|
||||
};
|
||||
|
||||
biosNetboot = makeNetbootTest "bios" {};
|
||||
|
||||
uefiNetboot = makeNetbootTest "uefi" {
|
||||
bios = "${pkgs.OVMF.fd}/FV/OVMF.fd";
|
||||
# Custom ROM is needed for EFI PXE boot. I failed to understand exactly why, because QEMU should still use iPXE for EFI.
|
||||
netFrontendArgs = "romfile=${pkgs.ipxe}/ipxe.efirom";
|
||||
};
|
||||
}
|
||||
|
|
115
third_party/nixpkgs/nixos/tests/chromium.nix
vendored
115
third_party/nixpkgs/nixos/tests/chromium.nix
vendored
|
@ -30,7 +30,10 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||
machine.imports = [ ./common/user-account.nix ./common/x11.nix ];
|
||||
machine.virtualisation.memorySize = 2047;
|
||||
machine.test-support.displayManager.auto.user = user;
|
||||
machine.environment.systemPackages = [ chromiumPkg ];
|
||||
machine.environment = {
|
||||
systemPackages = [ chromiumPkg ];
|
||||
variables."XAUTHORITY" = "/home/alice/.Xauthority";
|
||||
};
|
||||
|
||||
startupHTML = pkgs.writeText "chromium-startup.html" ''
|
||||
<!DOCTYPE html>
|
||||
|
@ -63,17 +66,32 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||
return "su - ${user} -c " + shlex.quote(cmd)
|
||||
|
||||
|
||||
def get_browser_binary():
|
||||
"""Returns the name of the browser binary."""
|
||||
def launch_browser():
|
||||
"""Launches the web browser with the correct options."""
|
||||
# Determine the name of the binary:
|
||||
pname = "${getName chromiumPkg.name}"
|
||||
if pname.find("chromium") != -1:
|
||||
return "chromium" # Same name for all channels and ungoogled-chromium
|
||||
if pname == "google-chrome":
|
||||
return "google-chrome-stable"
|
||||
if pname == "google-chrome-dev":
|
||||
return "google-chrome-unstable"
|
||||
# For google-chrome-beta and as fallback:
|
||||
return pname
|
||||
binary = "chromium" # Same name for all channels and ungoogled-chromium
|
||||
elif pname == "google-chrome":
|
||||
binary = "google-chrome-stable"
|
||||
elif pname == "google-chrome-dev":
|
||||
binary = "google-chrome-unstable"
|
||||
else: # For google-chrome-beta and as fallback:
|
||||
binary = pname
|
||||
# Add optional CLI options:
|
||||
options = []
|
||||
major_version = "${versions.major (getVersion chromiumPkg.name)}"
|
||||
if major_version > "91":
|
||||
# To avoid a GPU crash:
|
||||
options += ["--use-gl=angle", "--use-angle=swiftshader"]
|
||||
options.append("file://${startupHTML}")
|
||||
# Launch the process:
|
||||
machine.succeed(ru(f'ulimit -c unlimited; {binary} {shlex.join(options)} & disown'))
|
||||
if binary.startswith("google-chrome"):
|
||||
# Need to click away the first window:
|
||||
machine.wait_for_text("Make Google Chrome the default browser")
|
||||
machine.screenshot("google_chrome_default_browser_prompt")
|
||||
machine.send_key("ret")
|
||||
|
||||
|
||||
def create_new_win():
|
||||
|
@ -124,24 +142,32 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||
|
||||
|
||||
@contextmanager
|
||||
def test_new_win(description):
|
||||
def test_new_win(description, url, window_name):
|
||||
create_new_win()
|
||||
machine.wait_for_window("New Tab")
|
||||
machine.send_chars(f"{url}\n")
|
||||
machine.wait_for_window(window_name)
|
||||
machine.screenshot(description)
|
||||
machine.succeed(
|
||||
ru(
|
||||
"${xdo "copy-all" ''
|
||||
key --delay 1000 Ctrl+a Ctrl+c
|
||||
''}"
|
||||
)
|
||||
)
|
||||
clipboard = machine.succeed(
|
||||
ru("${pkgs.xclip}/bin/xclip -o")
|
||||
)
|
||||
print(f"{description} window content:\n{clipboard}")
|
||||
with machine.nested(description):
|
||||
yield
|
||||
yield clipboard
|
||||
# Close the newly created window:
|
||||
machine.send_key("ctrl-w")
|
||||
|
||||
|
||||
machine.wait_for_x()
|
||||
|
||||
url = "file://${startupHTML}"
|
||||
machine.succeed(ru(f'ulimit -c unlimited; "{get_browser_binary()}" "{url}" & disown'))
|
||||
|
||||
if get_browser_binary().startswith("google-chrome"):
|
||||
# Need to click away the first window:
|
||||
machine.wait_for_text("Make Google Chrome the default browser")
|
||||
machine.screenshot("google_chrome_default_browser_prompt")
|
||||
machine.send_key("ret")
|
||||
launch_browser()
|
||||
|
||||
machine.wait_for_text("startup done")
|
||||
machine.wait_until_succeeds(
|
||||
|
@ -164,49 +190,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||
|
||||
machine.screenshot("startup_done")
|
||||
|
||||
with test_new_win("check sandbox"):
|
||||
machine.succeed(
|
||||
ru(
|
||||
"${xdo "type-url" ''
|
||||
search --sync --onlyvisible --name "New Tab"
|
||||
windowfocus --sync
|
||||
type --delay 1000 "chrome://sandbox"
|
||||
''}"
|
||||
)
|
||||
)
|
||||
|
||||
machine.succeed(
|
||||
ru(
|
||||
"${xdo "submit-url" ''
|
||||
search --sync --onlyvisible --name "New Tab"
|
||||
windowfocus --sync
|
||||
key --delay 1000 Return
|
||||
''}"
|
||||
)
|
||||
)
|
||||
|
||||
machine.screenshot("sandbox_info")
|
||||
|
||||
machine.succeed(
|
||||
ru(
|
||||
"${xdo "find-window" ''
|
||||
search --sync --onlyvisible --name "Sandbox Status"
|
||||
windowfocus --sync
|
||||
''}"
|
||||
)
|
||||
)
|
||||
machine.succeed(
|
||||
ru(
|
||||
"${xdo "copy-sandbox-info" ''
|
||||
key --delay 1000 Ctrl+a Ctrl+c
|
||||
''}"
|
||||
)
|
||||
)
|
||||
|
||||
clipboard = machine.succeed(
|
||||
ru("${pkgs.xclip}/bin/xclip -o")
|
||||
)
|
||||
|
||||
with test_new_win("sandbox_info", "chrome://sandbox", "Sandbox Status") as clipboard:
|
||||
filters = [
|
||||
"layer 1 sandbox.*namespace",
|
||||
"pid namespaces.*yes",
|
||||
|
@ -253,6 +237,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||
|
||||
machine.screenshot("after_copy_from_chromium")
|
||||
|
||||
|
||||
with test_new_win("gpu_info", "chrome://gpu", "chrome://gpu"):
|
||||
pass
|
||||
|
||||
|
||||
machine.shutdown()
|
||||
'';
|
||||
}) channelMap
|
||||
|
|
30
third_party/nixpkgs/nixos/tests/jenkins-cli.nix
vendored
Normal file
30
third_party/nixpkgs/nixos/tests/jenkins-cli.nix
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
import ./make-test-python.nix ({ pkgs, ...} : rec {
|
||||
name = "jenkins-cli";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ pamplemousse ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
machine =
|
||||
{ ... }:
|
||||
{
|
||||
services.jenkins = {
|
||||
enable = true;
|
||||
withCLI = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
machine.wait_for_unit("jenkins")
|
||||
|
||||
assert "JENKINS_URL" in machine.succeed("env")
|
||||
assert "http://0.0.0.0:8080" in machine.succeed("echo $JENKINS_URL")
|
||||
|
||||
machine.succeed(
|
||||
"jenkins-cli -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword)"
|
||||
)
|
||||
'';
|
||||
})
|
16
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
16
third_party/nixpkgs/nixos/tests/mysql/mysql.nix
vendored
|
@ -98,7 +98,7 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
|||
}];
|
||||
services.mysql.settings = {
|
||||
mysqld = {
|
||||
plugin-load-add = [ "ha_rocksdb.so" ];
|
||||
plugin-load-add = [ "ha_mroonga.so" "ha_rocksdb.so" ];
|
||||
};
|
||||
};
|
||||
services.mysql.package = pkgs.mariadb;
|
||||
|
@ -172,6 +172,20 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
|
|||
"echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42"
|
||||
)
|
||||
|
||||
# Check if Mroonga plugin works
|
||||
mariadb.succeed(
|
||||
"echo 'use testdb; create table mroongadb (test_id INT, PRIMARY KEY (test_id)) ENGINE = Mroonga;' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
mariadb.succeed(
|
||||
"echo 'use testdb; insert into mroongadb values (25);' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
mariadb.succeed(
|
||||
"echo 'use testdb; select test_id from mroongadb;' | sudo -u testuser mysql -u testuser -N | grep 25"
|
||||
)
|
||||
mariadb.succeed(
|
||||
"echo 'use testdb; drop table mroongadb;' | sudo -u testuser mysql -u testuser"
|
||||
)
|
||||
|
||||
# Check if RocksDB plugin works
|
||||
mariadb.succeed(
|
||||
"echo 'use testdb; create table rocksdb (test_id INT, PRIMARY KEY (test_id)) ENGINE = RocksDB;' | sudo -u testuser mysql -u testuser"
|
||||
|
|
|
@ -29,5 +29,5 @@ builtins.listToAttrs (
|
|||
};
|
||||
}
|
||||
)
|
||||
[ "nginxStable" "nginxMainline" "nginxShibboleth" "openresty" "tengine" ]
|
||||
[ "nginxStable" "nginxMainline" "nginxQuic" "nginxShibboleth" "openresty" "tengine" ]
|
||||
)
|
||||
|
|
22
third_party/nixpkgs/nixos/tests/postgresql.nix
vendored
22
third_party/nixpkgs/nixos/tests/postgresql.nix
vendored
|
@ -73,8 +73,30 @@ let
|
|||
machine.succeed(
|
||||
"systemctl start ${backupService}.service",
|
||||
"zcat /var/backup/postgresql/${backupName}.sql.gz | grep '<test>ok</test>'",
|
||||
"ls -hal /var/backup/postgresql/ >/dev/console",
|
||||
"stat -c '%a' /var/backup/postgresql/${backupName}.sql.gz | grep 600",
|
||||
)
|
||||
with subtest("Backup service fails gracefully"):
|
||||
# Sabotage the backup process
|
||||
machine.succeed("rm /run/postgresql/.s.PGSQL.5432")
|
||||
machine.fail(
|
||||
"systemctl start ${backupService}.service",
|
||||
)
|
||||
machine.succeed(
|
||||
"ls -hal /var/backup/postgresql/ >/dev/console",
|
||||
"zcat /var/backup/postgresql/${backupName}.prev.sql.gz | grep '<test>ok</test>'",
|
||||
"stat /var/backup/postgresql/${backupName}.in-progress.sql.gz",
|
||||
)
|
||||
# In a previous version, the second run would overwrite prev.sql.gz,
|
||||
# so we test a second run as well.
|
||||
machine.fail(
|
||||
"systemctl start ${backupService}.service",
|
||||
)
|
||||
machine.succeed(
|
||||
"stat /var/backup/postgresql/${backupName}.in-progress.sql.gz",
|
||||
"zcat /var/backup/postgresql/${backupName}.prev.sql.gz | grep '<test>ok</test>'",
|
||||
)
|
||||
|
||||
|
||||
with subtest("Initdb works"):
|
||||
machine.succeed("sudo -u postgres initdb -D /tmp/testpostgres2")
|
||||
|
|
|
@ -454,15 +454,21 @@ let
|
|||
enable = true;
|
||||
lndTlsPath = "/var/lib/lnd/tls.cert";
|
||||
lndMacaroonDir = "/var/lib/lnd";
|
||||
extraFlags = [ "--lnd.network=regtest" ];
|
||||
};
|
||||
metricProvider = {
|
||||
systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false;
|
||||
services.bitcoind.main.enable = true;
|
||||
services.bitcoind.main.extraConfig = ''
|
||||
virtualisation.memorySize = 1024;
|
||||
systemd.services.prometheus-lnd-exporter.serviceConfig.RestartSec = 15;
|
||||
systemd.services.prometheus-lnd-exporter.after = [ "lnd.service" ];
|
||||
services.bitcoind.regtest = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7
|
||||
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
|
||||
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
|
||||
zmqpubrawblock=tcp://127.0.0.1:28332
|
||||
zmqpubrawtx=tcp://127.0.0.1:28333
|
||||
'';
|
||||
extraCmdlineOptions = [ "-regtest" ];
|
||||
};
|
||||
systemd.services.lnd = {
|
||||
serviceConfig.ExecStart = ''
|
||||
${pkgs.lnd}/bin/lnd \
|
||||
|
@ -471,7 +477,7 @@ let
|
|||
--tlskeypath=/var/lib/lnd/tls.key \
|
||||
--logdir=/var/log/lnd \
|
||||
--bitcoin.active \
|
||||
--bitcoin.mainnet \
|
||||
--bitcoin.regtest \
|
||||
--bitcoin.node=bitcoind \
|
||||
--bitcoind.rpcuser=bitcoinrpc \
|
||||
--bitcoind.rpcpass=hunter2 \
|
||||
|
@ -483,13 +489,31 @@ let
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
};
|
||||
# initialize wallet, creates macaroon needed by exporter
|
||||
systemd.services.lnd.postStart = ''
|
||||
${pkgs.curl}/bin/curl \
|
||||
--retry 20 \
|
||||
--retry-delay 1 \
|
||||
--retry-connrefused \
|
||||
--cacert /var/lib/lnd/tls.cert \
|
||||
-X GET \
|
||||
https://localhost:8080/v1/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > /tmp/seed
|
||||
${pkgs.curl}/bin/curl \
|
||||
--retry 20 \
|
||||
--retry-delay 1 \
|
||||
--retry-connrefused \
|
||||
--cacert /var/lib/lnd/tls.cert \
|
||||
-X POST \
|
||||
-d "{\"wallet_password\": \"asdfasdfasdf\", \"cipher_seed_mnemonic\": $(cat /tmp/seed | tr -d '\n')}" \
|
||||
https://localhost:8080/v1/initwallet
|
||||
'';
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("lnd.service")
|
||||
wait_for_open_port(10009)
|
||||
wait_for_unit("prometheus-lnd-exporter.service")
|
||||
wait_for_open_port(9092)
|
||||
succeed("curl -sSf localhost:9092/metrics | grep '^promhttp_metric_handler'")
|
||||
succeed("curl -sSf localhost:9092/metrics | grep '^lnd_peer_count'")
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -104,6 +104,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
|
|||
ats.wait_for_open_port(80)
|
||||
httpbin.wait_for_unit("httpbin")
|
||||
httpbin.wait_for_open_port(80)
|
||||
client.wait_for_unit("network-online.target")
|
||||
|
||||
with subtest("Traffic Server is running"):
|
||||
out = ats.succeed("traffic_ctl server status")
|
||||
|
|
65
third_party/nixpkgs/nixos/tests/vikunja.nix
vendored
Normal file
65
third_party/nixpkgs/nixos/tests/vikunja.nix
vendored
Normal file
|
@ -0,0 +1,65 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "vikunja";
|
||||
|
||||
meta = with lib.maintainers; {
|
||||
maintainers = [ em0lar ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
vikunjaSqlite = { ... }: {
|
||||
services.vikunja = {
|
||||
enable = true;
|
||||
database = {
|
||||
type = "sqlite";
|
||||
};
|
||||
frontendScheme = "http";
|
||||
frontendHostname = "localhost";
|
||||
};
|
||||
services.nginx.enable = true;
|
||||
};
|
||||
vikunjaPostgresql = { pkgs, ... }: {
|
||||
services.vikunja = {
|
||||
enable = true;
|
||||
database = {
|
||||
type = "postgres";
|
||||
user = "vikunja-api";
|
||||
database = "vikunja-api";
|
||||
host = "/run/postgresql";
|
||||
};
|
||||
frontendScheme = "http";
|
||||
frontendHostname = "localhost";
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "vikunja-api" ];
|
||||
ensureUsers = [
|
||||
{ name = "vikunja-api";
|
||||
ensurePermissions = { "DATABASE \"vikunja-api\"" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
services.nginx.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
vikunjaSqlite.wait_for_unit("vikunja-api.service")
|
||||
vikunjaSqlite.wait_for_open_port(3456)
|
||||
vikunjaSqlite.succeed("curl --fail http://localhost:3456/api/v1/info")
|
||||
|
||||
vikunjaSqlite.wait_for_unit("nginx.service")
|
||||
vikunjaSqlite.wait_for_open_port(80)
|
||||
vikunjaSqlite.succeed("curl --fail http://localhost/api/v1/info")
|
||||
vikunjaSqlite.succeed("curl --fail http://localhost")
|
||||
|
||||
vikunjaPostgresql.wait_for_unit("vikunja-api.service")
|
||||
vikunjaPostgresql.wait_for_open_port(3456)
|
||||
vikunjaPostgresql.succeed("curl --fail http://localhost:3456/api/v1/info")
|
||||
|
||||
vikunjaPostgresql.wait_for_unit("nginx.service")
|
||||
vikunjaPostgresql.wait_for_open_port(80)
|
||||
vikunjaPostgresql.succeed("curl --fail http://localhost/api/v1/info")
|
||||
vikunjaPostgresql.succeed("curl --fail http://localhost")
|
||||
'';
|
||||
})
|
18
third_party/nixpkgs/nixos/tests/yggdrasil.nix
vendored
18
third_party/nixpkgs/nixos/tests/yggdrasil.nix
vendored
|
@ -1,23 +1,19 @@
|
|||
let
|
||||
aliceIp6 = "200:3b91:b2d8:e708:fbf3:f06:fdd5:90d0";
|
||||
aliceIp6 = "202:b70:9b0b:cf34:f93c:8f18:bbfd:7034";
|
||||
aliceKeys = {
|
||||
EncryptionPublicKey = "13e23986fe76bc3966b42453f479bc563348b7ff76633b7efcb76e185ec7652f";
|
||||
EncryptionPrivateKey = "9f86947b15e86f9badac095517a1982e39a2db37ca726357f95987b898d82208";
|
||||
SigningPublicKey = "e2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
|
||||
SigningPrivateKey = "fe3add8da35316c05f6d90d3ca79bd2801e6ccab6d37e5339fef4152589398abe2c43349083bc1e998e4ec4535b4c6a8f44ca9a5a8e07336561267253b2be5f4";
|
||||
PublicKey = "3e91ec9e861960d86e1ce88051f97c435bdf2859640ab681dfa906eb45ad5182";
|
||||
PrivateKey = "a867f9e078e4ce58d310cf5acd4622d759e2a21df07e1d6fc380a2a26489480d3e91ec9e861960d86e1ce88051f97c435bdf2859640ab681dfa906eb45ad5182";
|
||||
};
|
||||
bobIp6 = "201:ebbd:bde9:f138:c302:4afa:1fb6:a19a";
|
||||
bobPrefix = "301:ebbd:bde9:f138";
|
||||
bobIp6 = "202:a483:73a4:9f2d:a559:4a19:bc9:8458";
|
||||
bobPrefix = "302:a483:73a4:9f2d";
|
||||
bobConfig = {
|
||||
InterfacePeers = {
|
||||
eth1 = [ "tcp://192.168.1.200:12345" ];
|
||||
};
|
||||
MulticastInterfaces = [ "eth1" ];
|
||||
LinkLocalTCPPort = 54321;
|
||||
EncryptionPublicKey = "c99d6830111e12d1b004c52fe9e5a2eef0f6aefca167aca14589a370b7373279";
|
||||
EncryptionPrivateKey = "2e698a53d3fdce5962d2ff37de0fe77742a5c8b56cd8259f5da6aa792f6e8ba3";
|
||||
SigningPublicKey = "de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
|
||||
SigningPrivateKey = "2a6c21550f3fca0331df50668ffab66b6dce8237bcd5728e571e8033b363e247de111da0ec781e45bf6c63ecb45a78c24d7d4655abfaeea83b26c36eb5c0fd5b";
|
||||
PublicKey = "2b6f918b6c1a4b54d6bcde86cf74e074fb32ead4ee439b7930df2aa60c825186";
|
||||
PrivateKey = "0c4a24acd3402722ce9277ed179f4a04b895b49586493c25fbaed60653d857d62b6f918b6c1a4b54d6bcde86cf74e074fb32ead4ee439b7930df2aa60c825186";
|
||||
};
|
||||
danIp6 = bobPrefix + "::2";
|
||||
|
||||
|
|
|
@ -18,14 +18,14 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "squeekboard";
|
||||
version = "1.13.0";
|
||||
version = "1.14.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "source.puri.sm";
|
||||
owner = "Librem5";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0xyd6ickbaqvrr8a7ak6j1ziqjk05jlnganjrdv43p74nnjyqr8y";
|
||||
sha256 = "1ayap40pgzcpmfydk5pbf3gwhh26m3cmbk6lyly4jihr9qw7dgb0";
|
||||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
|
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
|
|||
cat Cargo.toml.in Cargo.deps > Cargo.toml
|
||||
'';
|
||||
name = "${pname}-${version}";
|
||||
sha256 = "096skk7vmr93axcf0qj7kyr8hm1faj0nkmd349g8mnzwd68a9npz";
|
||||
sha256 = "0148ynzmapxfrlccikf20ikmi0ssbkn9fl5wi6nh6azflv50pzzn";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -62,6 +62,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "audacity";
|
||||
# nixpkgs-update: no auto update
|
||||
# Humans too! Let's wait to see how the situation with
|
||||
# https://github.com/audacity/audacity/issues/1213 develops before
|
||||
# pulling any updates that are subject to this privacy policy. We
|
||||
# may wish to switch to a fork, but at the time of writing
|
||||
# (2021-07-05) it's too early to tell how well any of the forks will
|
||||
# be maintained.
|
||||
version = "3.0.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
|
|
107
third_party/nixpkgs/pkgs/applications/audio/easyeffects/default.nix
vendored
Normal file
107
third_party/nixpkgs/pkgs/applications/audio/easyeffects/default.nix
vendored
Normal file
|
@ -0,0 +1,107 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, desktop-file-utils
|
||||
, fetchFromGitHub
|
||||
, calf
|
||||
, fftwFloat
|
||||
, glib
|
||||
, glibmm
|
||||
, gtk4
|
||||
, gtkmm4
|
||||
, itstool
|
||||
, libbs2b
|
||||
, libebur128
|
||||
, libsamplerate
|
||||
, libsndfile
|
||||
, lilv
|
||||
, lsp-plugins
|
||||
, lv2
|
||||
, meson
|
||||
, ninja
|
||||
, nlohmann_json
|
||||
, pipewire
|
||||
, pkg-config
|
||||
, python3
|
||||
, rnnoise
|
||||
, rubberband
|
||||
, speexdsp
|
||||
, wrapGAppsHook
|
||||
, zam-plugins
|
||||
, zita-convolver
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "easyeffects";
|
||||
version = "6.0.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wwmm";
|
||||
repo = "easyeffects";
|
||||
rev = "v${version}";
|
||||
hash = "sha256:1m3jamnhgpx3z51nfc8xg7adhf5x7dirvw0wf129hzxx4fjl7rch";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
desktop-file-utils
|
||||
itstool
|
||||
meson
|
||||
ninja
|
||||
pkg-config
|
||||
python3
|
||||
wrapGAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
fftwFloat
|
||||
glib
|
||||
glibmm
|
||||
gtk4
|
||||
gtkmm4
|
||||
libbs2b
|
||||
libebur128
|
||||
libsamplerate
|
||||
libsndfile
|
||||
lilv
|
||||
lv2
|
||||
nlohmann_json
|
||||
pipewire
|
||||
rnnoise
|
||||
rubberband
|
||||
speexdsp
|
||||
zita-convolver
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
chmod +x meson_post_install.py
|
||||
patchShebangs meson_post_install.py
|
||||
'';
|
||||
|
||||
preFixup =
|
||||
let
|
||||
lv2Plugins = [
|
||||
calf # limiter, compressor exciter, bass enhancer and others
|
||||
lsp-plugins # delay
|
||||
];
|
||||
ladspaPlugins = [
|
||||
rubberband # pitch shifting
|
||||
zam-plugins # maximizer
|
||||
];
|
||||
in
|
||||
''
|
||||
gappsWrapperArgs+=(
|
||||
--set LV2_PATH "${lib.makeSearchPath "lib/lv2" lv2Plugins}"
|
||||
--set LADSPA_PATH "${lib.makeSearchPath "lib/ladspa" ladspaPlugins}"
|
||||
)
|
||||
'';
|
||||
|
||||
separateDebugInfo = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Audio effects for PipeWire applications.";
|
||||
homepage = "https://github.com/wwmm/easyeffects";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ jtojnar ];
|
||||
platforms = platforms.linux;
|
||||
badPlatforms = [ "aarch64-linux" ];
|
||||
};
|
||||
}
|
|
@ -1,7 +1,6 @@
|
|||
{ lib
|
||||
, python3
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, appstream-glib
|
||||
, desktop-file-utils
|
||||
, gettext
|
||||
|
@ -19,7 +18,7 @@
|
|||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "mousai";
|
||||
version = "0.4.1";
|
||||
version = "0.4.2";
|
||||
|
||||
format = "other";
|
||||
|
||||
|
@ -27,17 +26,9 @@ python3.pkgs.buildPythonApplication rec {
|
|||
owner = "SeaDve";
|
||||
repo = "Mousai";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-AfR5n1dIm9X5OoPiikQEhHBFQq0rmQH4h7cCJ2yXoXI=";
|
||||
sha256 = "sha256-zH++GGFIz3oxkKOYB4zhY6yL3vENEXxtrv8mZZ+41kU=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "fix-ABI-breakage-from-libadwaita.patch";
|
||||
url = "https://github.com/SeaDve/Mousai/commit/e3db2d9d1949300f49399209b56d667746e539df.patch";
|
||||
sha256 = "078kvmyhw4jd1m2npai0yl00lwh47jys2n03pkgxp6jf873y83vs";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs build-aux/meson
|
||||
'';
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openmpt123";
|
||||
version = "0.5.9";
|
||||
version = "0.5.10";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz";
|
||||
sha256 = "0h86p8mnpm98vc4v6jbvrmm02fch7dnn332i26fg3a2s1738m04d";
|
||||
sha256 = "sha256-Waj6KNi432nLf6WXK9+TEIHatOHhFWxpoaU7ZcK+n/o=";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
200
third_party/nixpkgs/pkgs/applications/audio/pianoteq/default.nix
vendored
Normal file
200
third_party/nixpkgs/pkgs/applications/audio/pianoteq/default.nix
vendored
Normal file
|
@ -0,0 +1,200 @@
|
|||
{ lib, stdenv, curl, gnugrep, jq, xorg, alsa-lib, freetype, p7zip, autoPatchelfHook, writeShellScript, zlib, libjack2, makeWrapper }:
|
||||
let
|
||||
versionForFile = v: builtins.replaceStrings ["."] [""] v;
|
||||
|
||||
mkPianoteq = { name, src, version, archdir, ... }:
|
||||
stdenv.mkDerivation rec {
|
||||
inherit src version;
|
||||
|
||||
pname = "pianoteq-${name}";
|
||||
|
||||
unpackPhase = ''
|
||||
${p7zip}/bin/7z x $src
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoPatchelfHook
|
||||
makeWrapper
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
stdenv.cc.cc.lib
|
||||
xorg.libX11 # libX11.so.6
|
||||
xorg.libXext # libXext.so.6
|
||||
alsa-lib # libasound.so.2
|
||||
freetype # libfreetype.so.6
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
mv -t $out/bin Pianoteq*/${archdir}/*
|
||||
for f in $out/bin/Pianoteq*; do
|
||||
if [ -x "$f" ] && [ -f "$f" ]; then
|
||||
wrapProgram "$f" --prefix LD_LIBRARY_PATH : ${
|
||||
lib.makeLibraryPath (buildInputs ++ [
|
||||
xorg.libXcursor
|
||||
xorg.libXinerama
|
||||
xorg.libXrandr
|
||||
libjack2
|
||||
zlib
|
||||
])
|
||||
}
|
||||
fi
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.modartt.com/pianoteq";
|
||||
description = "Software synthesizer that features real-time MIDI-control of digital physically modeled pianos and related instruments";
|
||||
license = licenses.unfree;
|
||||
platforms = [ "x86_64-linux" ]; # TODO extract binary according to each platform?
|
||||
maintainers = [ maintainers.mausch ];
|
||||
};
|
||||
};
|
||||
|
||||
fetchWithCurlScript = { name, sha256, script, impureEnvVars ? [] }:
|
||||
stdenv.mkDerivation {
|
||||
inherit name;
|
||||
builder = writeShellScript "builder.sh" ''
|
||||
source $stdenv/setup
|
||||
|
||||
curlVersion=$(${curl}/bin/curl -V | head -1 | cut -d' ' -f2)
|
||||
|
||||
# Curl flags to handle redirects, not use EPSV, handle cookies for
|
||||
# servers to need them during redirects, and work on SSL without a
|
||||
# certificate (this isn't a security problem because we check the
|
||||
# cryptographic hash of the output anyway).
|
||||
curl=(
|
||||
${curl}/bin/curl
|
||||
--location
|
||||
--max-redirs 20
|
||||
--retry 3
|
||||
--disable-epsv
|
||||
--cookie-jar cookies
|
||||
--insecure
|
||||
--user-agent "curl/$curlVersion Nixpkgs/${lib.trivial.release}"
|
||||
$NIX_CURL_FLAGS
|
||||
)
|
||||
|
||||
${script}
|
||||
|
||||
'';
|
||||
nativeBuildInputs = [ curl ];
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = sha256;
|
||||
|
||||
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ impureEnvVars ++ [
|
||||
# This variable allows the user to pass additional options to curl
|
||||
"NIX_CURL_FLAGS"
|
||||
];
|
||||
};
|
||||
|
||||
fetchPianoteqTrial = { name, sha256 }:
|
||||
fetchWithCurlScript {
|
||||
inherit name sha256;
|
||||
script = ''
|
||||
"''${curl[@]}" --silent --request POST \
|
||||
--cookie cookies \
|
||||
--header "modartt-json: request" \
|
||||
--header "origin: https://www.modartt.com" \
|
||||
--header "content-type: application/json; charset=UTF-8" \
|
||||
--header "accept: application/json, text/javascript, */*" \
|
||||
--data-raw '{"file": "${name}", "get": "url"}' \
|
||||
https://www.modartt.com/json/download -o /dev/null
|
||||
json=$(
|
||||
"''${curl[@]}" --silent --request POST \
|
||||
--cookie cookies \
|
||||
--header "modartt-json: request" \
|
||||
--header "origin: https://www.modartt.com" \
|
||||
--header "content-type: application/json; charset=UTF-8" \
|
||||
--header "accept: application/json, text/javascript, */*" \
|
||||
--data-raw '{"file": "${name}", "get": "url"}' \
|
||||
https://www.modartt.com/json/download
|
||||
)
|
||||
url=$(echo $json | ${jq}/bin/jq -r .url)
|
||||
"''${curl[@]}" --progress-bar --cookie cookies -o $out "$url"
|
||||
'';
|
||||
};
|
||||
|
||||
fetchPianoteqWithLogin = { name, sha256 }:
|
||||
fetchWithCurlScript {
|
||||
inherit name sha256;
|
||||
|
||||
impureEnvVars = [ "NIX_MODARTT_USERNAME" "NIX_MODARTT_PASSWORD" ];
|
||||
|
||||
script = ''
|
||||
if [ -z "''${NIX_MODARTT_USERNAME}" -o -z "''${NIX_MODARTT_PASSWORD}" ]; then
|
||||
echo "Error: Downloading a personal Pianoteq instance requires the nix building process (nix-daemon in multi user mode) to have the NIX_MODARTT_USERNAME and NIX_MODARTT_PASSWORD env vars set." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
"''${curl[@]}" -s -o /dev/null "https://www.modartt.com/user_area"
|
||||
|
||||
${jq}/bin/jq -n "{connect: 1, login: \"''${NIX_MODARTT_USERNAME}\", password: \"''${NIX_MODARTT_PASSWORD}\"}" > login.json
|
||||
|
||||
"''${curl[@]}" --silent --request POST \
|
||||
--cookie cookies \
|
||||
--referer "https://www.modartt.com/user_area" \
|
||||
--header "modartt-json: request" \
|
||||
--header "origin: https://www.modartt.com" \
|
||||
--header "content-type: application/json; charset=UTF-8" \
|
||||
--header "accept: application/json, text/javascript, */*" \
|
||||
--data @login.json \
|
||||
https://www.modartt.com/json/session
|
||||
|
||||
json=$(
|
||||
"''${curl[@]}" --silent --request POST \
|
||||
--cookie cookies \
|
||||
--header "modartt-json: request" \
|
||||
--header "origin: https://www.modartt.com" \
|
||||
--header "content-type: application/json; charset=UTF-8" \
|
||||
--header "accept: application/json, text/javascript, */*" \
|
||||
--data-raw '{"file": "${name}", "get": "url"}' \
|
||||
https://www.modartt.com/json/download
|
||||
)
|
||||
url=$(echo $json | ${jq}/bin/jq -r .url)
|
||||
|
||||
"''${curl[@]}" --progress-bar --cookie cookies -o $out "$url"
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
# TODO currently can't install more than one because `lame` clashes
|
||||
stage-trial = mkPianoteq rec {
|
||||
name = "stage-trial";
|
||||
version = "7.4.1";
|
||||
archdir = "x86-64bit";
|
||||
src = fetchPianoteqTrial {
|
||||
name = "pianoteq_stage_linux_trial_v${versionForFile version}.7z";
|
||||
sha256 = "14mbaz6i1rxqayrjjkck9yx8iijkm4q1qz29ymkd7sz2gpk7fcpa";
|
||||
};
|
||||
};
|
||||
standard-trial = mkPianoteq rec {
|
||||
name = "standard-trial";
|
||||
version = "7.4.1";
|
||||
archdir = "x86-64bit";
|
||||
src = fetchPianoteqTrial {
|
||||
name = "pianoteq_linux_trial_v${versionForFile version}.7z";
|
||||
sha256 = "01xh4n0h7dd3xqhm0bx0a62mqmfvxvmr5cm5r2g249c9wqg5i32a";
|
||||
};
|
||||
};
|
||||
stage-6 = mkPianoteq rec {
|
||||
name = "stage-6";
|
||||
version = "6.7.3";
|
||||
archdir = "amd64";
|
||||
src = fetchPianoteqWithLogin {
|
||||
name = "pianoteq_stage_linux_v${versionForFile version}.7z";
|
||||
sha256 = "0jy0hkdynhwv0zhrqkby0hdphgmcc09wxmy74rhg9afm1pzl91jy";
|
||||
};
|
||||
};
|
||||
stage-7 = mkPianoteq rec {
|
||||
name = "stage-7";
|
||||
version = "7.3.0";
|
||||
archdir = "x86-64bit";
|
||||
src = fetchPianoteqWithLogin {
|
||||
name = "pianoteq_stage_linux_v${versionForFile version}.7z";
|
||||
sha256 = "05w7sv9v38r6ljz9xai816w5z2qqwx88hcfjm241fvgbs54125hx";
|
||||
};
|
||||
};
|
||||
# TODO other paid binaries, I don't own that so I don't know their hash.
|
||||
}
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
let
|
||||
pname = "plexamp";
|
||||
version = "3.4.7";
|
||||
version = "3.5.0";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
||||
name="${pname}-${version}.AppImage";
|
||||
sha512 = "+jmx4X9KiK1Tv2Cjb/445MY9G2b7pLdKxFtBFMaQwRhqTItA33MfHqKBwmytmbEhxhy0LDTU2woJvEMPQCmnvg==";
|
||||
sha512 = "NjhrtGQsIbNDmGPEDmEbaHSfvUTFb1e7yPorF/BzWTfwVoFZEJiNzP/1k+zTJ4Yfd4mG0W0GYx0jh8m/micWIg==";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
|
@ -34,7 +34,7 @@ in appimageTools.wrapType2 {
|
|||
meta = with lib; {
|
||||
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
|
||||
homepage = "https://plexamp.com/";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/29";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/30";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ killercup synthetica ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
|
|
|
@ -1,30 +1,34 @@
|
|||
{ lib, stdenv, fetchurl, alsa-lib, gtk2, pkg-config }:
|
||||
{ lib, stdenv, fetchFromGitHub, pkg-config, wrapGAppsHook, alsa-lib, gtk3, libpulseaudio }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "praat";
|
||||
version = "6.0.43";
|
||||
version = "6.1.50";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/praat/praat/archive/v${version}.tar.gz";
|
||||
sha256 = "1l13bvnl7sv8v6s5z63201bhzavnj6bnqcj446akippsam13z4sf";
|
||||
src = fetchFromGitHub {
|
||||
owner = "praat";
|
||||
repo = "praat";
|
||||
rev = "v${version}";
|
||||
sha256 = "11cw4292pml71hdnfy8y91blwyh45dyam1ywr09355zk44c5njpq";
|
||||
};
|
||||
|
||||
configurePhase = ''
|
||||
cp makefiles/makefile.defs.linux.alsa makefile.defs
|
||||
cp makefiles/makefile.defs.linux.pulse makefile.defs
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp praat $out/bin
|
||||
install -Dt $out/bin praat
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ alsa-lib gtk2 ];
|
||||
nativeBuildInputs = [ pkg-config wrapGAppsHook ];
|
||||
buildInputs = [ alsa-lib gtk3 libpulseaudio ];
|
||||
|
||||
meta = {
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Doing phonetics by computer";
|
||||
homepage = "https://www.fon.hum.uva.nl/praat/";
|
||||
license = lib.licenses.gpl2Plus; # Has some 3rd-party code in it though
|
||||
platforms = lib.platforms.linux;
|
||||
license = licenses.gpl2Plus; # Has some 3rd-party code in it though
|
||||
maintainers = with maintainers; [ orivej ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,127 +0,0 @@
|
|||
{ lib, stdenv
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, meson
|
||||
, ninja
|
||||
, pkg-config
|
||||
, itstool
|
||||
, python3
|
||||
, libxml2
|
||||
, desktop-file-utils
|
||||
, wrapGAppsHook
|
||||
, gst_all_1
|
||||
, pipewire
|
||||
, gtk3
|
||||
, glib
|
||||
, glibmm
|
||||
, gtkmm3
|
||||
, lilv
|
||||
, lv2
|
||||
, serd
|
||||
, sord
|
||||
, sratom
|
||||
, libbs2b
|
||||
, libsamplerate
|
||||
, libsndfile
|
||||
, libebur128
|
||||
, rnnoise
|
||||
, boost
|
||||
, dbus
|
||||
, fftwFloat
|
||||
, calf
|
||||
, zita-convolver
|
||||
, zam-plugins
|
||||
, rubberband
|
||||
, lsp-plugins
|
||||
}:
|
||||
|
||||
let
|
||||
lv2Plugins = [
|
||||
calf # limiter, compressor exciter, bass enhancer and others
|
||||
lsp-plugins # delay
|
||||
];
|
||||
ladspaPlugins = [
|
||||
rubberband # pitch shifting
|
||||
zam-plugins # maximizer
|
||||
];
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "pulseeffects";
|
||||
version = "5.0.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wwmm";
|
||||
repo = "pulseeffects";
|
||||
rev = "v${version}";
|
||||
sha256 = "1dicvq17vajk3vr4g1y80599ahkw0dp5ynlany1cfljfjz40s8sx";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson
|
||||
ninja
|
||||
pkg-config
|
||||
libxml2
|
||||
itstool
|
||||
python3
|
||||
desktop-file-utils
|
||||
wrapGAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
pipewire
|
||||
glib
|
||||
glibmm
|
||||
gtk3
|
||||
gtkmm3
|
||||
gst_all_1.gstreamer
|
||||
gst_all_1.gst-plugins-base # gst-fft
|
||||
gst_all_1.gst-plugins-good # spectrum plugin
|
||||
gst_all_1.gst-plugins-bad
|
||||
lilv lv2 serd sord sratom
|
||||
libbs2b
|
||||
libebur128
|
||||
libsamplerate
|
||||
libsndfile
|
||||
rnnoise
|
||||
boost
|
||||
dbus
|
||||
fftwFloat
|
||||
zita-convolver
|
||||
];
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
# Fix build failure.
|
||||
# https://github.com/wwmm/pulseeffects/pull/934
|
||||
url = "https://github.com/wwmm/pulseeffects/commit/ab7354a6850d23840b4c9af212dbebf4f31a562f.patch";
|
||||
sha256 = "1hd05xn6sp0xs632mqgwk19hl40kh2f69mx5mgzahysrj057w22c";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
chmod +x meson_post_install.py
|
||||
patchShebangs meson_post_install.py
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(
|
||||
--set LV2_PATH "${lib.makeSearchPath "lib/lv2" lv2Plugins}"
|
||||
--set LADSPA_PATH "${lib.makeSearchPath "lib/ladspa" ladspaPlugins}"
|
||||
)
|
||||
'';
|
||||
|
||||
# Meson is no longer able to pick up Boost automatically.
|
||||
# https://github.com/NixOS/nixpkgs/issues/86131
|
||||
BOOST_INCLUDEDIR = "${lib.getDev boost}/include";
|
||||
BOOST_LIBRARYDIR = "${lib.getLib boost}/lib";
|
||||
|
||||
separateDebugInfo = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Limiter, compressor, reverberation, equalizer and auto volume effects for Pulseaudio applications";
|
||||
homepage = "https://github.com/wwmm/pulseeffects";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ jtojnar ];
|
||||
platforms = platforms.linux;
|
||||
badPlatforms = [ "aarch64-linux" ];
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchurl, pkg-config
|
||||
{ lib, stdenv, fetchurl, pkg-config, fetchFromGitLab
|
||||
, python3
|
||||
, perl
|
||||
, perlPackages
|
||||
|
@ -6,6 +6,7 @@
|
|||
, intltool
|
||||
, libpeas
|
||||
, libsoup
|
||||
, libdmapsharing
|
||||
, gnome
|
||||
, totem-pl-parser
|
||||
, tdb
|
||||
|
@ -18,6 +19,25 @@
|
|||
let
|
||||
pname = "rhythmbox";
|
||||
version = "3.4.4";
|
||||
|
||||
# The API version of libdmapsharing required by rhythmbox 3.4.4 is 3.0.
|
||||
|
||||
# This PR would solve the issue:
|
||||
# https://gitlab.gnome.org/GNOME/rhythmbox/-/merge_requests/12
|
||||
# Unfortunately applying this patch produces a rhythmbox which
|
||||
# cannot fetch data from DAAP shares.
|
||||
|
||||
libdmapsharing_3 = libdmapsharing.overrideAttrs (old: rec {
|
||||
version = "2.9.41";
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
owner = "GNOME";
|
||||
repo = old.pname;
|
||||
rev = "${lib.toUpper old.pname}_${lib.replaceStrings ["."] ["_"] version}";
|
||||
sha256 = "05kvrzf0cp3mskdy6iv7zqq24qdczl800q2dn1h4bk3d9wchgm4p";
|
||||
};
|
||||
});
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "${pname}-${version}";
|
||||
|
||||
|
@ -46,8 +66,12 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
gst_all_1.gstreamer
|
||||
gst_all_1.gst-plugins-base
|
||||
|
||||
libdmapsharing_3 # necessary for daap support
|
||||
] ++ gst_plugins;
|
||||
|
||||
configureFlags = [ "--enable-daap" ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
passthru = {
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
, gitMinimal
|
||||
, glib
|
||||
, gst_all_1
|
||||
, gtk3
|
||||
, libhandy_0
|
||||
, gtk4
|
||||
, libadwaita
|
||||
, meson
|
||||
, ninja
|
||||
, openssl
|
||||
|
@ -22,20 +22,20 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "shortwave";
|
||||
version = "1.1.1";
|
||||
version = "2.0.1";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
owner = "World";
|
||||
repo = "Shortwave";
|
||||
rev = version;
|
||||
sha256 = "1vlhp2ss06j41simjrrjg38alp85jddhqyvccy6bhfzm0gzynwld";
|
||||
sha256 = "sha256-25qPb7qlqCwYJzl4qZxAZYx5asxSlXBlc/0dGyBdk1o=";
|
||||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
hash = "sha256-0+KEbjTLecL0u/3S9FWf2r2h9ZrgcRTY163kS3NKJqA=";
|
||||
hash = "sha256-00dQXcSNmdZb2nSLG3q7jm4sugF9XR4LbH0OmcuHVxA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -57,8 +57,8 @@ stdenv.mkDerivation rec {
|
|||
dbus
|
||||
gdk-pixbuf
|
||||
glib
|
||||
gtk3
|
||||
libhandy_0
|
||||
gtk4
|
||||
libadwaita
|
||||
openssl
|
||||
sqlite
|
||||
] ++ (with gst_all_1; [
|
||||
|
|
60
third_party/nixpkgs/pkgs/applications/audio/tonelib-jam/default.nix
vendored
Normal file
60
third_party/nixpkgs/pkgs/applications/audio/tonelib-jam/default.nix
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
{ stdenv
|
||||
, dpkg
|
||||
, lib
|
||||
, autoPatchelfHook
|
||||
, fetchurl
|
||||
, gtk3
|
||||
, glib
|
||||
, desktop-file-utils
|
||||
, alsa-lib
|
||||
, libjack2
|
||||
, harfbuzz
|
||||
, fribidi
|
||||
, pango
|
||||
, freetype
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tonelib-jam";
|
||||
version = "4.6.6";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.tonelib.net/download/0509/ToneLib-Jam-amd64.deb";
|
||||
sha256 = "sha256-cizIQgO35CQSLme/LKQqP+WzB/jCTk+fS5Z+EtF7wnQ=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
dpkg
|
||||
gtk3
|
||||
glib
|
||||
desktop-file-utils
|
||||
alsa-lib
|
||||
libjack2
|
||||
harfbuzz
|
||||
fribidi
|
||||
pango
|
||||
freetype
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoPatchelfHook
|
||||
];
|
||||
|
||||
unpackPhase = ''
|
||||
mkdir -p $TMP/ $out/
|
||||
dpkg -x $src $TMP
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
cp -R $TMP/usr/* $out/
|
||||
mv $out/bin/ToneLib-Jam $out/bin/tonelib-jam
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "ToneLib Jam – the learning and practice software for guitar players";
|
||||
homepage = "https://tonelib.net/";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ dan4ik605743 ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
48
third_party/nixpkgs/pkgs/applications/audio/tonelib-zoom/default.nix
vendored
Normal file
48
third_party/nixpkgs/pkgs/applications/audio/tonelib-zoom/default.nix
vendored
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ stdenv
|
||||
, dpkg
|
||||
, lib
|
||||
, autoPatchelfHook
|
||||
, fetchurl
|
||||
, webkitgtk
|
||||
, libjack2
|
||||
, alsa-lib
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tonelib-zoom";
|
||||
version = "4.3.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.tonelib.net/download/0129/ToneLib-Zoom-amd64.deb";
|
||||
sha256 = "sha256-4q2vM0/q7o/FracnO2xxnr27opqfVQoN7fsqTD9Tr/c=";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
dpkg
|
||||
webkitgtk
|
||||
libjack2
|
||||
alsa-lib
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoPatchelfHook
|
||||
];
|
||||
|
||||
unpackPhase = ''
|
||||
mkdir -p $TMP/ $out/
|
||||
dpkg -x $src $TMP
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
cp -R $TMP/usr/* $out/
|
||||
mv $out/bin/ToneLib-Zoom $out/bin/tonelib-zoom
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "ToneLib Zoom – change and save all the settings in your Zoom(r) guitar pedal";
|
||||
homepage = "https://tonelib.net/";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ dan4ik605743 ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
41
third_party/nixpkgs/pkgs/applications/blockchains/alfis/default.nix
vendored
Normal file
41
third_party/nixpkgs/pkgs/applications/blockchains/alfis/default.nix
vendored
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ stdenv, lib, fetchFromGitHub, rustPlatform, pkg-config
|
||||
, withGui ? true, webkitgtk, Cocoa, WebKit
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "alfis";
|
||||
version = "0.6.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Revertron";
|
||||
repo = "Alfis";
|
||||
rev = "v${version}";
|
||||
sha256 = "1g95yvkvlj78bqrk3p2xbhrmg1hrlgbyr1a4s7vg45y60zys2c2j";
|
||||
};
|
||||
|
||||
cargoSha256 = "1n7kb1lyghpkgdgd58pw8ldvfps30rnv5niwx35pkdg74h59hqgj";
|
||||
|
||||
cargoBuildFlags = [ "--no-default-features" ]
|
||||
++ lib.optional withGui "--features webgui";
|
||||
|
||||
cargoTestFlags = [ "--no-default-features" ]
|
||||
++ lib.optional withGui "--features webgui";
|
||||
|
||||
checkFlags = [
|
||||
# these want internet access, disable them
|
||||
"--skip=dns::client::tests::test_tcp_client"
|
||||
"--skip=dns::client::tests::test_udp_client"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = lib.optional (withGui && stdenv.isLinux) webkitgtk
|
||||
++ lib.optionals (withGui && stdenv.isDarwin) [ Cocoa WebKit ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Alternative Free Identity System";
|
||||
homepage = "https://alfis.name";
|
||||
license = licenses.agpl3Only;
|
||||
maintainers = with maintainers; [ misuzu ];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
|
@ -15,13 +15,13 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "btcpayserver";
|
||||
version = "1.1.1";
|
||||
version = "1.1.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-cCm4CZdVtjO2nj69CgRCrcwO0lAbiQVD6KocOj4CSdY=";
|
||||
sha256 = "sha256-A9XIKCw1dL4vUQYSu6WdmpR82dAbtKVTyjllquyRGgs=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "charge-lnd";
|
||||
version = "0.1.3";
|
||||
version = "0.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "accumulator";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0npn45qbbsbzj5qy9kwx662hml1y610ysmfl89sda02l6wf1sp3y";
|
||||
sha256 = "0l4h3fdvln03ycbg3xngh8vkhgrz4ad864yyn4gmdjp0ypi69qa1";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
|
|
|
@ -6,18 +6,16 @@
|
|||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "chia";
|
||||
version = "1.1.7";
|
||||
version = "1.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Chia-Network";
|
||||
repo = "chia-blockchain";
|
||||
rev = version;
|
||||
sha256 = "05hcckkv3vhz172w9kp5lh4srakizx1l383dijs50vgx2bj30m8v";
|
||||
sha256 = "sha256-ZNSNROWl6RR4GZnoRGAXrdw48wH9OOgrsoKz0RNIIcs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# tweak version requirements to what's available in Nixpkgs
|
||||
./dependencies.patch
|
||||
# Allow later websockets release, https://github.com/Chia-Network/chia-blockchain/pull/6304
|
||||
(fetchpatch {
|
||||
name = "later-websockets.patch";
|
||||
|
@ -66,6 +64,16 @@ python3Packages.buildPythonApplication rec {
|
|||
"test_spend_zero_coin"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# tweak version requirements to what's available in Nixpkgs
|
||||
substituteInPlace setup.py \
|
||||
--replace "aiohttp==3.7.4" "aiohttp>=3.7.4" \
|
||||
--replace "sortedcontainers==2.3.0" "sortedcontainers>=2.3.0" \
|
||||
--replace "click==7.1.2" "click>=7.1.2" \
|
||||
--replace "clvm_rs==0.1.8" "clvm_rs>=0.1.8" \
|
||||
--replace "clvm==0.9.7" "clvm>=0.9.7" \
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
export HOME=`mktemp -d`
|
||||
'';
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/setup.py b/setup.py
|
||||
index c5cf95db..b783a9e6 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -8,7 +8,7 @@ dependencies = [
|
||||
"clvm==0.9.6",
|
||||
"clvm_rs==0.1.7",
|
||||
"clvm_tools==0.4.3",
|
||||
- "aiohttp==3.7.4", # HTTP server for full node rpc
|
||||
+ "aiohttp==3.7.4.post0", # HTTP server for full node rpc
|
||||
"aiosqlite==0.17.0", # asyncio wrapper for sqlite, to store blocks
|
||||
"bitstring==3.1.7", # Binary data management library
|
||||
"colorlog==5.0.1", # Adds color to logs
|
|
@ -6,20 +6,20 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "electrs";
|
||||
version = "0.8.9";
|
||||
version = "0.8.10";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "romanz";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "01fli2k5yh4iwlds97p5c36q19s3zxrqhkzp9dsjbgsf7sv35r3y";
|
||||
sha256 = "0q7mvpflnzzm88jbsdxgvhk9jr5mvn23hhj2iwy2grnfngxsmz3y";
|
||||
};
|
||||
|
||||
# needed for librocksdb-sys
|
||||
nativeBuildInputs = [ llvmPackages.clang ];
|
||||
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
||||
|
||||
cargoSha256 = "1rqpadlr9r4z2z825li6vi5a21hivc3bsn5ibxshrdrwiycyyxz8";
|
||||
cargoSha256 = "0i8npa840g4kz50n6x40z22x9apq8snw6xgjz4vn2kh67xc4c738";
|
||||
|
||||
meta = with lib; {
|
||||
description = "An efficient re-implementation of Electrum Server in Rust";
|
||||
|
|
37
third_party/nixpkgs/pkgs/applications/blockchains/lightwalletd/default.nix
vendored
Normal file
37
third_party/nixpkgs/pkgs/applications/blockchains/lightwalletd/default.nix
vendored
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ buildGoModule, fetchFromGitHub, lib }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "lightwalletd";
|
||||
version = "0.4.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zcash";
|
||||
repo = "lightwalletd";
|
||||
rev = "v${version}";
|
||||
sha256 = "0dwam3fhc4caga7kjg6cc06sz47g4ii7n3sa4j2ac4aiy21hsbjk";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
||||
ldflags = [
|
||||
"-s" "-w"
|
||||
"-X github.com/zcash/lightwalletd/common.Version=v${version}"
|
||||
"-X github.com/zcash/lightwalletd/common.GitCommit=v${version}"
|
||||
"-X github.com/zcash/lightwalletd/common.BuildDate=1970-01-01"
|
||||
"-X github.com/zcash/lightwalletd/common.BuildUser=nixbld"
|
||||
];
|
||||
|
||||
postFixup = ''
|
||||
shopt -s extglob
|
||||
cd $out/bin
|
||||
rm !(lightwalletd)
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "A backend service that provides a bandwidth-efficient interface to the Zcash blockchain";
|
||||
homepage = "https://github.com/zcash/lightwalletd";
|
||||
maintainers = with maintainers; [ centromere ];
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -15,13 +15,13 @@ in
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "nbxplorer";
|
||||
version = "2.1.51";
|
||||
version = "2.1.52";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "dgarage";
|
||||
repo = "NBXplorer";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-tvuuoDZCSDFa8gAVyH+EP1DLtdPfbkr+w5lSxZkzZXg=";
|
||||
sha256 = "sha256-+BP71TQ8BTGZ/SbS7CrI4D7hcQaVLt+hCpInbOdU5GY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];
|
||||
|
|
16
third_party/nixpkgs/pkgs/applications/blockchains/nbxplorer/deps.nix
generated
vendored
16
third_party/nixpkgs/pkgs/applications/blockchains/nbxplorer/deps.nix
generated
vendored
|
@ -181,23 +181,23 @@
|
|||
})
|
||||
(fetchNuGet {
|
||||
name = "NBitcoin.Altcoins";
|
||||
version = "2.0.31";
|
||||
sha256 = "13gcfsxpfq8slmsvgzf6iv581x7n535zq0p9c88bqs5p88r6lygm";
|
||||
version = "2.0.33";
|
||||
sha256 = "12r4w89247xzrl2g01iv13kg1wl7gzfz1zikimx6dyhr4iipbmgf";
|
||||
})
|
||||
(fetchNuGet {
|
||||
name = "NBitcoin.TestFramework";
|
||||
version = "2.0.22";
|
||||
sha256 = "1zwhjy6xppl01jhkgl7lqjsmi8crny4qq22ml20cz8l437j1zi4n";
|
||||
version = "2.0.23";
|
||||
sha256 = "03jw3gay7brm7s7jwn4zbk1n1sq7gck523cx3ckx87v3wi2062lx";
|
||||
})
|
||||
(fetchNuGet {
|
||||
name = "NBitcoin";
|
||||
version = "5.0.76";
|
||||
sha256 = "0q3ilmsrw9ip1s38qmfs4qi02xvccmy1naafffn5yxj08q0n1p79";
|
||||
version = "5.0.78";
|
||||
sha256 = "1mfn045l489bm2xgjhvddhfy4xxcy42q6jhq4nyd6fnxg4scxyg9";
|
||||
})
|
||||
(fetchNuGet {
|
||||
name = "NBitcoin";
|
||||
version = "5.0.77";
|
||||
sha256 = "0ykz4ii6lh6gdlz6z264wnib5pfnmq9q617qqbg0f04mq654jygb";
|
||||
version = "5.0.81";
|
||||
sha256 = "1fba94kc8yzykb1m5lvpx1hm63mpycpww9cz5zfp85phs1spdn8x";
|
||||
})
|
||||
(fetchNuGet {
|
||||
name = "NETStandard.Library";
|
||||
|
|
|
@ -7,16 +7,16 @@
|
|||
}:
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "polkadot";
|
||||
version = "0.9.7";
|
||||
version = "0.9.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "paritytech";
|
||||
repo = "polkadot";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-swPLJIcm8XD0+/e9pGK2bDqUb7AS/5FdQ3A7Ceh5dZc=";
|
||||
sha256 = "sha256-5PNogoahAZUjIlQsVXwm7j5OmP3/uEEdV0vrIDXXBx8=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-4njx8T3kzyN63Jo0aHee5ImqcObiADvi+dHKWcRmbQw=";
|
||||
cargoSha256 = "0iikys90flzmnnb6l2wzag8mp91p6z9y7rjzym2sd6m7xhgbc1x6";
|
||||
|
||||
nativeBuildInputs = [ clang ];
|
||||
|
||||
|
|
|
@ -6,16 +6,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage.override { stdenv = stdenv; } rec {
|
||||
pname = "zcash";
|
||||
version = "4.4.0";
|
||||
version = "4.4.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zcash";
|
||||
repo = "zcash";
|
||||
rev = "v${version}";
|
||||
sha256 = "19vhblyqkaf1lapx8s4v88xjpslqmrd1jnar46rschzcz0mm9sq4";
|
||||
sha256 = "0nhrjizx518khrl8aygag6a1ianzzqpchasggi963f807kv7ipb7";
|
||||
};
|
||||
|
||||
cargoSha256 = "1yiy1506ijndxb9bx79p7fkfvw1c5zdsljil4m55xz1mv8dzhbgm";
|
||||
cargoSha256 = "101j8cn2lg3l1gn53yg3svzwx783z331g9kzn9ici4azindyx903";
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook cargo hexdump makeWrapper pkg-config ];
|
||||
buildInputs = [ boost174 libevent libsodium utf8cpp ]
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue