lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

Project import generated by Copybara.

Browse source 
GitOrigin-RevId: 34ad166a830d3ac1541dcce571c52231f2f0865a
This commit is contained in:
Default email 2020-11-02 21:18:15 -05:00
parent e03d386d75
commit a4fd2de975
950 changed files with 10578 additions and 8115 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
third_party/nixpkgs/doc/builders/packages/kakoune.xml vendored
View file

@ -6,9 +6,7 @@
<para> <para>
Kakoune can be built to autoload plugins: Kakoune can be built to autoload plugins:
<programlisting>(kakoune.override { <programlisting>(kakoune.override {
configure = {
plugins = with pkgs.kakounePlugins; [ parinfer-rust ]; plugins = with pkgs.kakounePlugins; [ parinfer-rust ];
};
})</programlisting> })</programlisting>
</para> </para>
</section> </section>

10
third_party/nixpkgs/doc/contributing/coding-conventions.xml vendored
View file

@ -522,6 +522,16 @@ args.stdenv.mkDerivation (args // {
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
If its a <emphasis>terminal emulator</emphasis>:
</term>
<listitem>
<para>
<filename>applications/terminal-emulators</filename> (e.g. <filename>alacritty</filename> or <filename>rxvt</filename> or <filename>termite</filename>)
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
If its for <emphasis>video playback / editing</emphasis>: If its for <emphasis>video playback / editing</emphasis>:

14
third_party/nixpkgs/doc/languages-frameworks/vim.section.md vendored
View file

@ -265,6 +265,20 @@ To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This sc
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim. Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim.
## Updating plugins in nixpkgs
Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
```sh
GITHUB_API_TOKEN=my_token ./pkgs/misc/vim-plugins/update.py
```
Alternatively, set the number of processes to a lower count to avoid rate-limiting.
```sh
./pkgs/misc/vim-plugins/update.py --proc 1
```
## Important repositories ## Important repositories
- [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository - [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository

2
third_party/nixpkgs/lib/sources.nix vendored
View file

@ -6,6 +6,7 @@ let
hasContext hasContext
match match
readDir readDir
split
storeDir storeDir
tryEval tryEval
; ;
@ -15,7 +16,6 @@ let
isString isString
pathExists pathExists
readFile readFile
split
; ;
in in
rec { rec {

52
third_party/nixpkgs/maintainers/maintainer-list.nix vendored
View file

@ -1303,10 +1303,12 @@
name = "Vladimir Serov"; name = "Vladimir Serov";
keys = [ keys = [
# compare with https://keybase.io/cab404 # compare with https://keybase.io/cab404
{ longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3"; {
longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3";
fingerprint = "rsa3072/0xCBDECF658C38079E"; fingerprint = "rsa3072/0xCBDECF658C38079E";
} }
{ longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A"; {
longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A";
fingerprint = "ed25519/0xB7EFFC271D55DB8A"; fingerprint = "ed25519/0xB7EFFC271D55DB8A";
} }
]; ];
@ -1431,10 +1433,12 @@
githubId = 2054509; githubId = 2054509;
name = "Constantine Evans"; name = "Constantine Evans";
keys = [ keys = [
{ longkeyid = "rsa4096/0xB67DB1D20A93A9F9"; {
longkeyid = "rsa4096/0xB67DB1D20A93A9F9";
fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9"; fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9";
} }
{ longkeyid = "rsa4096/0x1A1D58B86AE2AABD"; {
longkeyid = "rsa4096/0x1A1D58B86AE2AABD";
fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD"; fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD";
} }
]; ];
@ -5685,12 +5689,6 @@
githubId = 1387206; githubId = 1387206;
name = "Mike Sperber"; name = "Mike Sperber";
}; };
mildlyincompetent = {
email = "nix@kch.dev";
github = "mildlyincompetent";
githubId = 19479662;
name = "Kajetan Champlewski";
};
millerjason = { millerjason = {
email = "mailings-github@millerjason.com"; email = "mailings-github@millerjason.com";
github = "millerjason"; github = "millerjason";
@ -6615,6 +6613,12 @@
githubId = 131844; githubId = 131844;
name = "Igor Pashev"; name = "Igor Pashev";
}; };
pasqui23 = {
email = "p3dimaria@hotmail.it";
github = "pasqui23";
githubId = 6931743;
name = "pasqui23";
};
patryk27 = { patryk27 = {
email = "wychowaniec.patryk@gmail.com"; email = "wychowaniec.patryk@gmail.com";
github = "Patryk27"; github = "Patryk27";
@ -7275,10 +7279,12 @@
github = "rissson"; github = "rissson";
githubId = 18313093; githubId = 18313093;
keys = [ keys = [
{ longkeyid = "rsa4096/0xF6FD87B15C263EC9"; {
longkeyid = "rsa4096/0xF6FD87B15C263EC9";
fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9"; fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9";
} }
{ longkeyid = "ed25519/0xBBB7A6801DF1E03F"; {
longkeyid = "ed25519/0xBBB7A6801DF1E03F";
fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F"; fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F";
} }
]; ];
@ -7401,6 +7407,12 @@
githubId = 1217934; githubId = 1217934;
name = "José Romildo Malaquias"; name = "José Romildo Malaquias";
}; };
ronanmacf = {
email = "macfhlar@tcd.ie";
github = "ronanmacf";
githubId = 25930627;
name = "Ronan Mac Fhlannchadha";
};
rongcuid = { rongcuid = {
email = "rongcuid@outlook.com"; email = "rongcuid@outlook.com";
github = "rongcuid"; github = "rongcuid";
@ -8358,7 +8370,7 @@
name = "Szczyp"; name = "Szczyp";
}; };
szlend = { szlend = {
email = "pub+nix@zlender.si"; email = "pub.nix@zlender.si";
github = "szlend"; github = "szlend";
githubId = 7301807; githubId = 7301807;
name = "Simon Žlender"; name = "Simon Žlender";
@ -9244,6 +9256,12 @@
email = "kirill.wedens@gmail.com"; email = "kirill.wedens@gmail.com";
name = "wedens"; name = "wedens";
}; };
wheelsandmetal = {
email = "jakob@schmutz.co.uk";
github = "wheelsandmetal";
githubId = 13031455;
name = "Jakob Schmutz";
};
WhittlesJr = { WhittlesJr = {
email = "alex.joseph.whitt@gmail.com"; email = "alex.joseph.whitt@gmail.com";
github = "WhittlesJr"; github = "WhittlesJr";
@ -9328,7 +9346,7 @@
email = "worldofpeace@protonmail.ch"; email = "worldofpeace@protonmail.ch";
github = "worldofpeace"; github = "worldofpeace";
githubId = 28888242; githubId = 28888242;
name = "worldofpeace"; name = "WORLDofPEACE";
}; };
wscott = { wscott = {
email = "wsc9tt@gmail.com"; email = "wsc9tt@gmail.com";
@ -9880,4 +9898,10 @@
github = "wilsonehusin"; github = "wilsonehusin";
githubId = 14004487; githubId = 14004487;
}; };
bb2020 = {
email = "bb2020@users.noreply.github.com";
github = "bb2020";
githubId = 19290397;
name = "Tunc Uzlu";
};
} }

1
third_party/nixpkgs/nixos/doc/manual/default.nix vendored
View file

@ -63,6 +63,7 @@ let
"--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'" "--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'"
"--param xref.with.number.and.title 1" "--param xref.with.number.and.title 1"
"--param toc.section.depth 0" "--param toc.section.depth 0"
"--param generate.consistent.ids 1"
"--stringparam admon.style ''" "--stringparam admon.style ''"
"--stringparam callout.graphics.extension .svg" "--stringparam callout.graphics.extension .svg"
"--stringparam current.docid manual" "--stringparam current.docid manual"

23
third_party/nixpkgs/nixos/doc/manual/man-nixos-install.xml vendored
View file

@ -49,6 +49,12 @@
<option>--flake</option> <replaceable>flake-uri</replaceable> <option>--flake</option> <replaceable>flake-uri</replaceable>
</arg> </arg>
<arg>
<group choice='req'>
<arg choice='plain'><option>--impure</option></arg>
</group>
</arg>
<arg> <arg>
<arg choice='plain'> <arg choice='plain'>
<option>--channel</option> <option>--channel</option>
@ -100,6 +106,12 @@
</arg> </arg>
</arg> </arg>
<arg>
<arg choice='plain'>
<option>--keep-going</option>
</arg>
</arg>
<arg> <arg>
<arg choice='plain'> <arg choice='plain'>
<option>--help</option> <option>--help</option>
@ -295,6 +307,17 @@
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
<option>--keep-going</option>
</term>
<listitem>
<para>
Causes Nix to continue building derivations as far as possible
in the face of failed builds.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<option>--help</option> <option>--help</option>

282
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2009.xml vendored
View file

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="sec-release-20.09"> xml:id="sec-release-20.09">
<title>Release 20.09 (“Nightingale”, 2020.10/26)</title> <title>Release 20.09 (“Nightingale”, 2020.10/27)</title>
<para> <para>
Support is planned until the end of April 2021, handing over to 21.03. Support is planned until the end of April 2021, handing over to 21.03.
@ -50,7 +50,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Desktop Enironments: Desktop Environments:
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -65,7 +65,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>. gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -75,7 +75,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>. NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -89,28 +89,28 @@
<listitem> <listitem>
<para> <para>
Agda ecosystem was heavily reworked (see more details below). Agda ecosystem was heavily reworked (see more details below)
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
PHP now defaults to PHP 7.4, updated from 7.3. PHP now defaults to PHP 7.4, updated from 7.3
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release. PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Python 3 now defaults to Python 3.8 instead of 3.7. Python 3 now defaults to Python 3.8 instead of 3.7
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Python 3.5 has reached its upstream EOL at the end of September 2020: it Python 3.5 reached its upstream EOL at the end of September 2020: it
has been removed from the list of available packages. has been removed from the list of available packages
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -156,7 +156,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. There is a new module for Podman (<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -191,7 +191,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project. Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the <link xlink:href="https://sourceforge.net/projects/g15daemon/">g15daemon project</link>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -200,7 +200,7 @@
allows to restrict non-default entries in the boot menu to one or more allows to restrict non-default entries in the boot menu to one or more
users. The users and passwords are defined via the option users. The users and passwords are defined via the option
<option>boot.loader.grub.users</option>. <option>boot.loader.grub.users</option>.
Note: Password support is only avaiable in GRUB version 2. Note: Password support is only available in GRUB version 2.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -257,27 +257,27 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware. <xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module. <xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays. <xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards. <xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers. <xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -289,12 +289,12 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking. <xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration. <xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -306,12 +306,12 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root. <xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support. <xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -323,7 +323,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-boot.initrd.network.openvpn.enable" /> Start an OpenVPN client during initrd boot. <xref linkend="opt-boot.initrd.network.openvpn.enable" /> start an OpenVPN client during initrd boot
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -335,17 +335,17 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-boot.enableContainers" /> Use nixos-containers. <xref linkend="opt-boot.enableContainers" /> use nixos-containers
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-virtualisation.oci-containers.containers" /> Run OCI (Docker) containers. <xref linkend="opt-virtualisation.oci-containers.containers" /> run OCI (Docker) containers
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-virtualisation.podman.enable" /> Daemonless container engine. <xref linkend="opt-virtualisation.podman.enable" /> daemonless container engine
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -358,242 +358,237 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.ankisyncd.enable" /> Anki sync server. <xref linkend="opt-services.ankisyncd.enable" /> Anki sync server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.bazarr.enable" /> subtitle manager for Sonarr and Radarr. <xref linkend="opt-services.bazarr.enable" /> Subtitle manager for Sonarr and Radarr
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC. <xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet. <xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.cage.enable" /> Wayland cage service. <xref linkend="opt-services.cage.enable" /> Wayland cage service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser. <xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating helpers and shifts on large events. <xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating volunteers and shifts on large events
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.espanso.enable" /> text-expander written in rust. <xref linkend="opt-services.espanso.enable" /> text-expander written in rust
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client. <xref linkend="opt-services.foldingathome.enable" /> Folding@home client
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client. <xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool. <xref linkend="opt-services.go-neb.enable" /> Matrix bot
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.go-neb.enable" /> Matrix bot. <xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service. <xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent. <xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet. <xref linkend="opt-services.jirafeau.enable" /> A web file repository
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.jirafeau.enable" /> a web file repository. <xref linkend="opt-services.jitsi-meet.enable" /> Secure, simple and scalable video conferences
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.jitsi-meet.enable" /> secure, simple and scalable video conferences. <xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router. <xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server. <xref linkend="opt-services.k3s.enable" /> Lightweight Kubernetes distribution
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.k3s.enable" /> lightweight kubernetes distribution. <xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server. <xref linkend="opt-services.malcontent.enable" /> Parental Control support
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.malcontent.enable" /> parental control support. <xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge. <xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge. <xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service. <xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server. <xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon. <xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge. <xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service. <xref linkend="opt-services.nix-store-gcs-proxy" /> Google storage bucket to be used as a nix store
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.nix-store-gcs-proxy" /> Enable a Google storage bucket to be used as a nix store. <xref linkend="opt-services.onedrive.enable" /> OneDrive sync service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.onedrive.enable" /> OneDrive sync service. <xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service. <xref linkend="opt-services.pixiecore.enable" /> Manage network booting of machines
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.pixiecore.enable" /> manage network booting of machines. <xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server. <xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon. <xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge. <xref linkend="opt-services.rss-bridge.enable" /> Generate RSS and Atom feeds
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.rss-bridge.enable" /> generate RSS and Atom feeds. <xref linkend="opt-services.rtorrent.enable" /> rTorrent service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.rtorrent.enable" /> rTorrent service. <xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server. <xref linkend="opt-services.sogo.enable" /> SOGo groupware
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.sogo.enable" /> SOGo groupware. <xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server. <xref linkend="opt-services.torque.mom.enable" /> torque computing node
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.torque.mom.enable" /> torque computing node. <xref linkend="opt-services.torque.server.enable" /> torque server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.torque.server.enable" /> enable torque server. <xref linkend="opt-services.tuptime.enable" /> A total uptime service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.tuptime.enable" /> a total uptime service. <xref linkend="opt-services.urserver.enable" /> X11 remote server
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.urserver.enable" /> X11 remote server. <xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service. <xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent. <xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -733,7 +728,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation: It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation:
<programlisting>{ <programlisting>{
services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec { services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
phantomJsSupport = false; phantomJsSupport = true;
}); });
}</programlisting> }</programlisting>
</para> </para>
@ -1623,7 +1618,7 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
nixpkgs. It was a work in progress to package the nixpkgs. It was a work in progress to package the
<link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>, <link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>,
including libraries, tools and applications, and it was still including libraries, tools and applications, and it was still
missing a service to lauch the desktop environment. It has shown missing a service to launch the desktop environment. It has shown
to no longer be a feasible goal due to reasons discussed in to no longer be a feasible goal due to reasons discussed in
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>. <link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>.
The package <literal>netease-cloud-music</literal> has also been The package <literal>netease-cloud-music</literal> has also been
@ -1668,4 +1663,131 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-contributions">
<title>Contributions</title>
<para>
I, Jonathan Ringer, would like to thank the following individuals for their work on nixpkgs. This release could not be done without the hard work of the NixOS community. There were 31282 contributions across 1313 contributors.
</para>
<orderedlist>
<para>
Top contributors to NixOS/Nixpkgs from the 20.03 release to the 20.09 release:
</para>
<listitem>
<para>
2288 Mario Rodas
</para>
</listitem>
<listitem>
<para>
1837 Frederik Rietdijk
</para>
</listitem>
<listitem>
<para>
946 Jörg Thalheim
</para>
</listitem>
<listitem>
<para>
925 Maximilian Bosch
</para>
</listitem>
<listitem>
<para>
687 Jonathan Ringer
</para>
</listitem>
<listitem>
<para>
651 Jan Tojnar
</para>
</listitem>
<listitem>
<para>
622 Daniël de Kok
</para>
</listitem>
<listitem>
<para>
605 WORLDofPEACE
</para>
</listitem>
<listitem>
<para>
597 Florian Klink
</para>
</listitem>
<listitem>
<para>
528 José Romildo Malaquias
</para>
</listitem>
</orderedlist>
<orderedlist>
<para>
Top contributors to stabilizing this release (Zero Hydra Failures period):
</para>
<listitem>
<para>
281 volth
</para>
</listitem>
<listitem>
<para>
101 Robert Scott
</para>
</listitem>
<listitem>
<para>
86 Tim Steinbach
</para>
</listitem>
<listitem>
<para>
76 WORLDofPEACE
</para>
</listitem>
<listitem>
<para>
49 Maximilian Bosch
</para>
</listitem>
<listitem>
<para>
42 Thomas Tuegel
</para>
</listitem>
<listitem>
<para>
37 Doron Behar
</para>
</listitem>
<listitem>
<para>
36 Vladimír Čunát
</para>
</listitem>
<listitem>
<para>
27 Jonathan Ringer
</para>
</listitem>
<listitem>
<para>
27 Maciej Krüger
</para>
</listitem>
</orderedlist>
<para>
I, Jonathan Ringer, would also like to personally thank @WORLDofPEACE for their help in mentoring me on the release process. Special thanks also goes to Thomas Tuegel for helping immensely with stabilizing Qt, KDE, and Plasma5; I would also like to thank Robert Scott for his numerous fixes and pull request reviews.
</para>
</section>
</section> </section>

8
third_party/nixpkgs/nixos/doc/manual/release-notes/rl-2103.xml vendored
View file

@ -132,6 +132,14 @@
to <package>nextcloud20</package>. to <package>nextcloud20</package>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
</para>
<para>
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

16
third_party/nixpkgs/nixos/lib/make-disk-image.nix vendored
View file

@ -28,6 +28,9 @@
# partition of reasonable size is created in addition to the root partition. # partition of reasonable size is created in addition to the root partition.
# For "legacy", the msdos partition table is used and a single large root # For "legacy", the msdos partition table is used and a single large root
# partition is created. # partition is created.
# For "legacy+gpt", the GPT partition table is used, a 1MiB no-fs partition for
# use by the bootloader is created, and a single large root partition is
# created.
# For "hybrid", the GPT partition table is used and a mandatory ESP # For "hybrid", the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition. # partition of reasonable size is created in addition to the root partition.
# Also a legacy MBR will be present. # Also a legacy MBR will be present.
@ -54,7 +57,7 @@
format ? "raw" format ? "raw"
}: }:
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none"; assert partitionTableType == "legacy" || partitionTableType == "legacy+gpt" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
# We use -E offset=X below, which is only supported by e2fsprogs # We use -E offset=X below, which is only supported by e2fsprogs
assert partitionTableType != "none" -> fsType == "ext4"; assert partitionTableType != "none" -> fsType == "ext4";
@ -75,6 +78,7 @@ let format' = format; in let
rootPartition = { # switch-case rootPartition = { # switch-case
legacy = "1"; legacy = "1";
"legacy+gpt" = "2";
efi = "2"; efi = "2";
hybrid = "3"; hybrid = "3";
}.${partitionTableType}; }.${partitionTableType};
@ -85,6 +89,16 @@ let format' = format; in let
mklabel msdos \ mklabel msdos \
mkpart primary ext4 1MiB -1 mkpart primary ext4 1MiB -1
''; '';
"legacy+gpt" = ''
parted --script $diskImage -- \
mklabel gpt \
mkpart no-fs 1MB 2MB \
set 1 bios_grub on \
align-check optimal 1 \
mkpart primary ext4 2MB -1 \
align-check optimal 2 \
print
'';
efi = '' efi = ''
parted --script $diskImage -- \ parted --script $diskImage -- \
mklabel gpt \ mklabel gpt \

2
third_party/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix vendored
View file

@ -57,7 +57,7 @@ in {
inherit (cfg) contents format name; inherit (cfg) contents format name;
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
partitionTableType = if config.ec2.efi then "efi" partitionTableType = if config.ec2.efi then "efi"
else if config.ec2.hvm then "legacy" else if config.ec2.hvm then "legacy+gpt"
else "none"; else "none";
diskSize = cfg.sizeMB; diskSize = cfg.sizeMB;
fsType = "ext4"; fsType = "ext4";

54
third_party/nixpkgs/nixos/maintainers/scripts/ec2/create-amis.sh vendored
View file

@ -1,13 +1,15 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -p awscli -p jq -p qemu -i bash #!nix-shell -p awscli -p jq -p qemu -i bash
# shellcheck shell=bash
# Uploads and registers NixOS images built from the # Uploads and registers NixOS images built from the
# <nixos/release.nix> amazonImage attribute. Images are uploaded and # <nixos/release.nix> amazonImage attribute. Images are uploaded and
# registered via a home region, and then copied to other regions. # registered via a home region, and then copied to other regions.
# The home region requires an s3 bucket, and a "vmimport" IAM role # The home region requires an s3 bucket, and an IAM role named "vmimport"
# with access to the S3 bucket. Configuration of the vmimport role is # (by default) with access to the S3 bucket. The name can be
# documented in # configured with the "service_role_name" variable. Configuration of the
# vmimport role is documented in
# https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html # https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
# set -x # set -x
@ -17,6 +19,7 @@ set -euo pipefail
state_dir=$HOME/amis/ec2-images state_dir=$HOME/amis/ec2-images
home_region=eu-west-1 home_region=eu-west-1
bucket=nixos-amis bucket=nixos-amis
service_role_name=vmimport
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1 regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1
us-east-1 us-east-2 us-west-1 us-west-2 us-east-1 us-east-2 us-west-1 us-west-2
@ -64,7 +67,7 @@ image_logical_bytes=$(read_image_info .logical_bytes)
# Derived attributes # Derived attributes
image_logical_gigabytes=$((($image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB image_logical_gigabytes=$(((image_logical_bytes-1)/1024/1024/1024+1)) # Round to the next GB
case "$image_system" in case "$image_system" in
aarch64-linux) aarch64-linux)
@ -100,7 +103,7 @@ write_state() {
local type=$2 local type=$2
local val=$3 local val=$3
mkdir -p $state_dir mkdir -p "$state_dir"
echo "$val" > "$state_dir/$state_key.$type" echo "$val" > "$state_dir/$state_key.$type"
} }
@ -110,8 +113,8 @@ wait_for_import() {
local state snapshot_id local state snapshot_id
log "Waiting for import task $task_id to be completed" log "Waiting for import task $task_id to be completed"
while true; do while true; do
read state progress snapshot_id < <( read -r state progress snapshot_id < <(
aws ec2 describe-import-snapshot-tasks --region $region --import-task-ids "$task_id" | \ aws ec2 describe-import-snapshot-tasks --region "$region" --import-task-ids "$task_id" | \
jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.Progress) \(.SnapshotId)"' jq -r '.ImportSnapshotTasks[].SnapshotTaskDetail | "\(.Status) \(.Progress) \(.SnapshotId)"'
) )
log " ... state=$state progress=$progress snapshot_id=$snapshot_id" log " ... state=$state progress=$progress snapshot_id=$snapshot_id"
@ -125,6 +128,8 @@ wait_for_import() {
;; ;;
*) *)
log "Unexpected snapshot import state: '${state}'" log "Unexpected snapshot import state: '${state}'"
log "Full response: "
aws ec2 describe-import-snapshot-tasks --region "$region" --import-task-ids "$task_id" >&2
exit 1 exit 1
;; ;;
esac esac
@ -138,8 +143,8 @@ wait_for_image() {
log "Waiting for image $ami_id to be available" log "Waiting for image $ami_id to be available"
while true; do while true; do
read state < <( read -r state < <(
aws ec2 describe-images --image-ids "$ami_id" --region $region | \ aws ec2 describe-images --image-ids "$ami_id" --region "$region" | \
jq -r ".Images[].State" jq -r ".Images[].State"
) )
log " ... state=$state" log " ... state=$state"
@ -163,7 +168,7 @@ make_image_public() {
local region=$1 local region=$1
local ami_id=$2 local ami_id=$2
wait_for_image $region "$ami_id" wait_for_image "$region" "$ami_id"
log "Making image $ami_id public" log "Making image $ami_id public"
@ -177,27 +182,30 @@ upload_image() {
local aws_path=${image_file#/} local aws_path=${image_file#/}
local state_key="$region.$image_label.$image_system" local state_key="$region.$image_label.$image_system"
local task_id=$(read_state "$state_key" task_id) local task_id
local snapshot_id=$(read_state "$state_key" snapshot_id) task_id=$(read_state "$state_key" task_id)
local ami_id=$(read_state "$state_key" ami_id) local snapshot_id
snapshot_id=$(read_state "$state_key" snapshot_id)
local ami_id
ami_id=$(read_state "$state_key" ami_id)
if [ -z "$task_id" ]; then if [ -z "$task_id" ]; then
log "Checking for image on S3" log "Checking for image on S3"
if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then if ! aws s3 ls --region "$region" "s3://${bucket}/${aws_path}" >&2; then
log "Image missing from aws, uploading" log "Image missing from aws, uploading"
aws s3 cp --region $region "$image_file" "s3://${bucket}/${aws_path}" >&2 aws s3 cp --region "$region" "$image_file" "s3://${bucket}/${aws_path}" >&2
fi fi
log "Importing image from S3 path s3://$bucket/$aws_path" log "Importing image from S3 path s3://$bucket/$aws_path"
task_id=$(aws ec2 import-snapshot --disk-container "{ task_id=$(aws ec2 import-snapshot --role-name "$service_role_name" --disk-container "{
\"Description\": \"nixos-image-${image_label}-${image_system}\", \"Description\": \"nixos-image-${image_label}-${image_system}\",
\"Format\": \"vhd\", \"Format\": \"vhd\",
\"UserBucket\": { \"UserBucket\": {
\"S3Bucket\": \"$bucket\", \"S3Bucket\": \"$bucket\",
\"S3Key\": \"$aws_path\" \"S3Key\": \"$aws_path\"
} }
}" --region $region | jq -r '.ImportTaskId') }" --region "$region" | jq -r '.ImportTaskId')
write_state "$state_key" task_id "$task_id" write_state "$state_key" task_id "$task_id"
fi fi
@ -221,16 +229,16 @@ upload_image() {
--virtualization-type hvm --virtualization-type hvm
) )
block_device_mappings+=(DeviceName=/dev/sdb,VirtualName=ephemeral0) block_device_mappings+=("DeviceName=/dev/sdb,VirtualName=ephemeral0")
block_device_mappings+=(DeviceName=/dev/sdc,VirtualName=ephemeral1) block_device_mappings+=("DeviceName=/dev/sdc,VirtualName=ephemeral1")
block_device_mappings+=(DeviceName=/dev/sdd,VirtualName=ephemeral2) block_device_mappings+=("DeviceName=/dev/sdd,VirtualName=ephemeral2")
block_device_mappings+=(DeviceName=/dev/sde,VirtualName=ephemeral3) block_device_mappings+=("DeviceName=/dev/sde,VirtualName=ephemeral3")
ami_id=$( ami_id=$(
aws ec2 register-image \ aws ec2 register-image \
--name "$image_name" \ --name "$image_name" \
--description "$image_description" \ --description "$image_description" \
--region $region \ --region "$region" \
--architecture $amazon_arch \ --architecture $amazon_arch \
--block-device-mappings "${block_device_mappings[@]}" \ --block-device-mappings "${block_device_mappings[@]}" \
"${extra_flags[@]}" \ "${extra_flags[@]}" \
@ -240,7 +248,7 @@ upload_image() {
write_state "$state_key" ami_id "$ami_id" write_state "$state_key" ami_id "$ami_id"
fi fi
make_image_public $region "$ami_id" make_image_public "$region" "$ami_id"
echo "$ami_id" echo "$ami_id"
} }
@ -268,7 +276,7 @@ copy_to_region() {
write_state "$state_key" ami_id "$ami_id" write_state "$state_key" ami_id "$ami_id"
fi fi
make_image_public $region "$ami_id" make_image_public "$region" "$ami_id"
echo "$ami_id" echo "$ami_id"
} }

2
third_party/nixpkgs/nixos/modules/config/fonts/fontdir.nix vendored
View file

@ -8,7 +8,7 @@ let
x11Fonts = pkgs.runCommand "X11-fonts" { preferLocalBuild = true; } '' x11Fonts = pkgs.runCommand "X11-fonts" { preferLocalBuild = true; } ''
mkdir -p "$out/share/X11/fonts" mkdir -p "$out/share/X11/fonts"
font_regexp='.*\.\(ttf\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?' font_regexp='.*\.\(ttf\|ttc\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
find ${toString config.fonts.fonts} -regex "$font_regexp" \ find ${toString config.fonts.fonts} -regex "$font_regexp" \
-exec ln -sf -t "$out/share/X11/fonts" '{}' \; -exec ln -sf -t "$out/share/X11/fonts" '{}' \;
cd "$out/share/X11/fonts" cd "$out/share/X11/fonts"

2
third_party/nixpkgs/nixos/modules/installer/tools/nixos-install.sh vendored
View file

@ -64,7 +64,7 @@ while [ "$#" -gt 0 ]; do
--no-bootloader) --no-bootloader)
noBootLoader=1 noBootLoader=1
;; ;;
--show-trace) --show-trace|--impure|--keep-going)
extraBuildFlags+=("$i") extraBuildFlags+=("$i")
;; ;;
--help) --help)

2
third_party/nixpkgs/nixos/modules/misc/ids.nix vendored
View file

@ -468,7 +468,7 @@ in
#minecraft = 114; # unused #minecraft = 114; # unused
vault = 115; vault = 115;
#ripped = 116; # unused #ripped = 116; # unused
#murmur = 117; # unused murmur = 117;
foundationdb = 118; foundationdb = 118;
newrelic = 119; newrelic = 119;
starbound = 120; starbound = 120;

1
third_party/nixpkgs/nixos/modules/module-list.nix vendored
View file

@ -173,6 +173,7 @@
./programs/wavemon.nix ./programs/wavemon.nix
./programs/waybar.nix ./programs/waybar.nix
./programs/wireshark.nix ./programs/wireshark.nix
./programs/wshowkeys.nix
./programs/x2goserver.nix ./programs/x2goserver.nix
./programs/xfs_quota.nix ./programs/xfs_quota.nix
./programs/xonsh.nix ./programs/xonsh.nix

22
third_party/nixpkgs/nixos/modules/programs/wshowkeys.nix vendored Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.wshowkeys;
in {
meta.maintainers = with maintainers; [ primeos ];
options = {
programs.wshowkeys = {
enable = mkEnableOption ''
wshowkeys (displays keypresses on screen on supported Wayland
compositors). It requires root permissions to read input events, but
these permissions are dropped after startup'';
};
};
config = mkIf cfg.enable {
security.wrappers.wshowkeys.source = "${pkgs.wshowkeys}/bin/wshowkeys";
};
}

4
third_party/nixpkgs/nixos/modules/security/acme.nix vendored
View file

@ -63,7 +63,7 @@ let
script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: '' script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: ''
for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do
if [ -d "$fixpath" ]; then if [ -d "$fixpath" ]; then
chmod -R 750 "$fixpath" chmod -R u=rwX,g=rX,o= "$fixpath"
chown -R acme:${data.group} "$fixpath" chown -R acme:${data.group} "$fixpath"
fi fi
done done
@ -271,7 +271,7 @@ let
mv domainhash.txt certificates/ mv domainhash.txt certificates/
chmod 640 certificates/* chmod 640 certificates/*
chmod -R 700 accounts/* chmod -R u=rwX,g=,o= accounts/*
# Group might change between runs, re-apply it # Group might change between runs, re-apply it
chown 'acme:${data.group}' certificates/* chown 'acme:${data.group}' certificates/*

3
third_party/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix vendored
View file

@ -25,19 +25,18 @@ in
]; ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.hercules-ci-agent = { systemd.services.hercules-ci-agent = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
path = [ config.nix.package ]; path = [ config.nix.package ];
startLimitBurst = 30 * 1000000; # practically infinite
serviceConfig = { serviceConfig = {
User = "hercules-ci-agent"; User = "hercules-ci-agent";
ExecStart = command; ExecStart = command;
ExecStartPre = testCommand; ExecStartPre = testCommand;
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 120; RestartSec = 120;
StartLimitBurst = 30 * 1000000; # practically infinite
}; };
}; };

15
third_party/nixpkgs/nixos/modules/services/databases/postgresql.nix vendored
View file

@ -69,11 +69,16 @@ in
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = ''
Defines how users authenticate themselves to the server. By Defines how users authenticate themselves to the server. See the
default, "trust" access to local users will always be granted <link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">
along with any other custom options. If you do not want this, PostgreSQL documentation for pg_hba.conf</link>
set this option using "lib.mkForce" to override this for details on the expected format of this option. By default,
behaviour. peer based authentication will be used for users connecting
via the Unix socket, and md5 password authentication will be
used for users connecting via TCP. Any added rules will be
inserted above the default rules. If you'd like to replace the
default rules entirely, you can use <function>lib.mkForce</function> in your
module.
''; '';
}; };

2
third_party/nixpkgs/nixos/modules/services/databases/victoriametrics.nix vendored
View file

@ -40,10 +40,10 @@ let cfg = config.services.victoriametrics; in
systemd.services.victoriametrics = { systemd.services.victoriametrics = {
description = "VictoriaMetrics time series database"; description = "VictoriaMetrics time series database";
after = [ "network.target" ]; after = [ "network.target" ];
startLimitBurst = 5;
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 1; RestartSec = 1;
StartLimitBurst = 5;
StateDirectory = "victoriametrics"; StateDirectory = "victoriametrics";
DynamicUser = true; DynamicUser = true;
ExecStart = '' ExecStart = ''

5
third_party/nixpkgs/nixos/modules/services/hardware/lcd.nix vendored
View file

@ -151,14 +151,13 @@ in with lib; {
description = "LCDproc - client"; description = "LCDproc - client";
after = [ "lcdd.service" ]; after = [ "lcdd.service" ];
wantedBy = [ "lcd.target" ]; wantedBy = [ "lcd.target" ];
# Allow restarting for eternity
startLimitIntervalSec = lib.mkIf cfg.client.restartForever 0;
serviceConfig = serviceCfg // { serviceConfig = serviceCfg // {
ExecStart = "${pkg}/bin/lcdproc -f -c ${clientCfg}"; ExecStart = "${pkg}/bin/lcdproc -f -c ${clientCfg}";
# If the server is being restarted at the same time, the client will # If the server is being restarted at the same time, the client will
# fail as it cannot connect, so space it out a bit. # fail as it cannot connect, so space it out a bit.
RestartSec = "5"; RestartSec = "5";
# Allow restarting for eternity
StartLimitIntervalSec = lib.mkIf cfg.client.restartForever "0";
StartLimitBurst = lib.mkIf cfg.client.restartForever "0";
}; };
}; };
}; };

2
third_party/nixpkgs/nixos/modules/services/hardware/tlp.nix vendored
View file

@ -39,7 +39,7 @@ in
default = ""; default = "";
description = '' description = ''
Verbatim additional configuration variables for TLP. Verbatim additional configuration variables for TLP.
DEPRECATED: use services.tlp.config instead. DEPRECATED: use services.tlp.settings instead.
''; '';
}; };
}; };

46
third_party/nixpkgs/nixos/modules/services/hardware/undervolt.nix vendored
View file

@ -3,7 +3,12 @@
with lib; with lib;
let let
cfg = config.services.undervolt; cfg = config.services.undervolt;
cliArgs = lib.cli.toGNUCommandLineShell {} {
mkPLimit = limit: window:
if (isNull limit && isNull window) then null
else assert asserts.assertMsg (!isNull limit && !isNull window) "Both power limit and window must be set";
"${toString limit} ${toString window}";
cliArgs = lib.cli.toGNUCommandLine {} {
inherit (cfg) inherit (cfg)
verbose verbose
temp temp
@ -21,6 +26,9 @@ let
temp-bat = cfg.tempBat; temp-bat = cfg.tempBat;
temp-ac = cfg.tempAc; temp-ac = cfg.tempAc;
power-limit-long = mkPLimit cfg.p1.limit cfg.p1.window;
power-limit-short = mkPLimit cfg.p2.limit cfg.p2.window;
}; };
in in
{ {
@ -104,6 +112,40 @@ in
''; '';
}; };
p1.limit = mkOption {
type = with types; nullOr int;
default = null;
description = ''
The P1 Power Limit in Watts.
Both limit and window must be set.
'';
};
p1.window = mkOption {
type = with types; nullOr (oneOf [ float int ]);
default = null;
description = ''
The P1 Time Window in seconds.
Both limit and window must be set.
'';
};
p2.limit = mkOption {
type = with types; nullOr int;
default = null;
description = ''
The P2 Power Limit in Watts.
Both limit and window must be set.
'';
};
p2.window = mkOption {
type = with types; nullOr (oneOf [ float int ]);
default = null;
description = ''
The P2 Time Window in seconds.
Both limit and window must be set.
'';
};
useTimer = mkOption { useTimer = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -133,7 +175,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Restart = "no"; Restart = "no";
ExecStart = "${pkgs.undervolt}/bin/undervolt ${cliArgs}"; ExecStart = "${pkgs.undervolt}/bin/undervolt ${toString cliArgs}";
}; };
}; };

2
third_party/nixpkgs/nixos/modules/services/mail/dovecot.nix vendored
View file

@ -427,12 +427,12 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
restartTriggers = [ cfg.configFile modulesDir ]; restartTriggers = [ cfg.configFile modulesDir ];
startLimitIntervalSec = 60; # 1 min
serviceConfig = { serviceConfig = {
ExecStart = "${dovecotPkg}/sbin/dovecot -F"; ExecStart = "${dovecotPkg}/sbin/dovecot -F";
ExecReload = "${dovecotPkg}/sbin/doveadm reload"; ExecReload = "${dovecotPkg}/sbin/doveadm reload";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "1s"; RestartSec = "1s";
StartLimitInterval = "1min";
RuntimeDirectory = [ "dovecot2" ]; RuntimeDirectory = [ "dovecot2" ];
}; };

4
third_party/nixpkgs/nixos/modules/services/misc/autorandr.nix vendored
View file

@ -37,9 +37,9 @@ in {
description = "Autorandr execution hook"; description = "Autorandr execution hook";
after = [ "sleep.target" ]; after = [ "sleep.target" ];
startLimitIntervalSec = 5;
startLimitBurst = 1;
serviceConfig = { serviceConfig = {
StartLimitInterval = 5;
StartLimitBurst = 1;
ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}"; ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}";
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = false; RemainAfterExit = false;

2
third_party/nixpkgs/nixos/modules/services/misc/cgminer.nix vendored
View file

@ -126,12 +126,12 @@ in
GPU_USE_SYNC_OBJECTS = "1"; GPU_USE_SYNC_OBJECTS = "1";
}; };
startLimitIntervalSec = 60; # 1 min
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.cgminer}/bin/cgminer --syslog --text-only --config ${cgminerConfig}"; ExecStart = "${pkgs.cgminer}/bin/cgminer --syslog --text-only --config ${cgminerConfig}";
User = cfg.user; User = cfg.user;
RestartSec = "30s"; RestartSec = "30s";
Restart = "always"; Restart = "always";
StartLimitInterval = "1m";
}; };
}; };

4
third_party/nixpkgs/nixos/modules/services/misc/safeeyes.nix vendored
View file

@ -32,14 +32,14 @@ in
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ];
startLimitIntervalSec = 350;
startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${pkgs.safeeyes}/bin/safeeyes ${pkgs.safeeyes}/bin/safeeyes
''; '';
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 3; RestartSec = 3;
StartLimitInterval = 350;
StartLimitBurst = 10;
}; };
}; };

48
third_party/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix vendored
View file

@ -45,7 +45,7 @@ let
cmdlineArgs = cfg.extraFlags ++ [ cmdlineArgs = cfg.extraFlags ++ [
"--storage.tsdb.path=${workingDir}/data/" "--storage.tsdb.path=${workingDir}/data/"
"--config.file=${prometheusYml}" "--config.file=/run/prometheus/prometheus-substituted.yaml"
"--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}" "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"
"--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
"--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" "--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
@ -522,6 +522,45 @@ in {
''; '';
}; };
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/root/prometheus.env";
description = ''
Environment file as defined in <citerefentry>
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
Secrets may be passed to the service without adding them to the
world-readable Nix store, by specifying placeholder variables as
the option value in Nix and setting these variables accordingly in the
environment file.
Environment variables from this file will be interpolated into the
config file using envsubst with this syntax:
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
<programlisting>
# Example scrape config entry handling an OAuth bearer token
{
job_name = "home_assistant";
metrics_path = "/api/prometheus";
scheme = "https";
bearer_token = "\''${HOME_ASSISTANT_BEARER_TOKEN}";
[...]
}
</programlisting>
<programlisting>
# Content of the environment file
HOME_ASSISTANT_BEARER_TOKEN=someoauthbearertoken
</programlisting>
Note that this file needs to be available on the host on which
<literal>Prometheus</literal> is running.
'';
};
configText = mkOption { configText = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
default = null; default = null;
@ -662,12 +701,19 @@ in {
systemd.services.prometheus = { systemd.services.prometheus = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = ''
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
-i "${prometheusYml}"
'';
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/prometheus" + ExecStart = "${cfg.package}/bin/prometheus" +
optionalString (length cmdlineArgs != 0) (" \\\n " + optionalString (length cmdlineArgs != 0) (" \\\n " +
concatStringsSep " \\\n " cmdlineArgs); concatStringsSep " \\\n " cmdlineArgs);
User = "prometheus"; User = "prometheus";
Restart = "always"; Restart = "always";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
RuntimeDirectory = "prometheus";
RuntimeDirectoryMode = "0700";
WorkingDirectory = workingDir; WorkingDirectory = workingDir;
StateDirectory = cfg.stateDir; StateDirectory = cfg.stateDir;
}; };

4
third_party/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix vendored
View file

@ -31,14 +31,14 @@ in
after = [ "NetworkManager-wait-online.service" "network.target" ]; after = [ "NetworkManager-wait-online.service" "network.target" ];
preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer"; preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer";
startLimitIntervalSec = 60;
startLimitBurst = 10;
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -d"; ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -d";
PIDFile = "/run/teamviewerd.pid"; PIDFile = "/run/teamviewerd.pid";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "on-abort"; Restart = "on-abort";
StartLimitInterval = "60";
StartLimitBurst = "10";
}; };
}; };
}; };

8
third_party/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix vendored
View file

@ -28,6 +28,9 @@ let
# Don't start services that are not yet initialized # Don't start services that are not yet initialized
unitConfig.ConditionPathExists = "/var/lib/${stateDirectory}/keyring"; unitConfig.ConditionPathExists = "/var/lib/${stateDirectory}/keyring";
startLimitBurst =
if daemonType == "osd" then 30 else if lib.elem daemonType ["mgr" "mds"] then 3 else 5;
startLimitIntervalSec = 60 * 30; # 30 mins
serviceConfig = { serviceConfig = {
LimitNOFILE = 1048576; LimitNOFILE = 1048576;
@ -39,8 +42,6 @@ let
ProtectHome = "true"; ProtectHome = "true";
ProtectSystem = "full"; ProtectSystem = "full";
Restart = "on-failure"; Restart = "on-failure";
StartLimitBurst = "5";
StartLimitInterval = "30min";
StateDirectory = stateDirectory; StateDirectory = stateDirectory;
User = "ceph"; User = "ceph";
Group = if daemonType == "osd" then "disk" else "ceph"; Group = if daemonType == "osd" then "disk" else "ceph";
@ -48,13 +49,10 @@ let
-f --cluster ${clusterName} --id ${daemonId}''; -f --cluster ${clusterName} --id ${daemonId}'';
} // optionalAttrs (daemonType == "osd") { } // optionalAttrs (daemonType == "osd") {
ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}''; ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}'';
StartLimitBurst = "30";
RestartSec = "20s"; RestartSec = "20s";
PrivateDevices = "no"; # osd needs disk access PrivateDevices = "no"; # osd needs disk access
} // optionalAttrs ( daemonType == "mon") { } // optionalAttrs ( daemonType == "mon") {
RestartSec = "10"; RestartSec = "10";
} // optionalAttrs (lib.elem daemonType ["mgr" "mds"]) {
StartLimitBurst = "3";
}; };
}); });

34
third_party/nixpkgs/nixos/modules/services/networking/babeld.nix vendored
View file

@ -87,9 +87,37 @@ in
description = "Babel routing daemon"; description = "Babel routing daemon";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile}"; serviceConfig = {
ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile} -I /run/babeld/babeld.pid -S /var/lib/babeld/state";
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
IPAddressAllow = [ "fe80::/64" "ff00::/8" "::1/128" "127.0.0.0/8" ];
IPAddressDeny = "any";
LockPersonality = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
ProtectSystem = "strict";
ProtectClock = true;
ProtectKernelTunables = false; # Couldn't write sysctl: Read-only file system
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
ProtectHome = true;
ProtectHostname = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false; # kernel_route(ADD): Operation not permitted
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0177";
RuntimeDirectory = "babeld";
StateDirectory = "babeld";
};
}; };
}; };
} }

24
third_party/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix vendored
View file

@ -158,15 +158,21 @@ let
type = types.attrs; type = types.attrs;
default = {}; default = {};
example = literalExample '' { example = literalExample '' {
alternative_estimate_fee = "whatthefee-disabled"; "alternative_estimate_fee" = "whatthefee-disabled";
alternative_estimate_fee_params = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
fiat_rates = "coingecko"; "fiat_rates" = "coingecko";
fiat_rates_params = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}"; "fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
coin_shortcut = "BTC"; "coin_shortcut" = "BTC";
coin_label = "Bitcoin"; "coin_label" = "Bitcoin";
xpub_magic = 76067358; "parse" = true;
xpub_magic_segwit_p2sh = 77429938; "subversion" = "";
xpub_magic_segwit_native = 78792518; "address_format" = "";
"xpub_magic" = 76067358;
"xpub_magic_segwit_p2sh" = 77429938;
"xpub_magic_segwit_native" = 78792518;
"mempool_workers" = 8;
"mempool_sub_workers" = 2;
"block_addresses_to_keep" = 300;
}''; }'';
description = '' description = ''
Additional configurations to be appended to <filename>coin.conf</filename>. Additional configurations to be appended to <filename>coin.conf</filename>.

2
third_party/nixpkgs/nixos/modules/services/networking/cjdns.nix vendored
View file

@ -264,10 +264,10 @@ in
'' ''
); );
startLimitIntervalSec = 0;
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
Restart = "always"; Restart = "always";
StartLimitInterval = 0;
RestartSec = 1; RestartSec = 1;
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID"; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID";
ProtectSystem = true; ProtectSystem = true;

1
third_party/nixpkgs/nixos/modules/services/networking/dnsdist.nix vendored
View file

@ -41,6 +41,7 @@ in {
systemd.services.dnsdist = { systemd.services.dnsdist = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 0;
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;

4
third_party/nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix vendored
View file

@ -29,9 +29,9 @@ with lib;
# Needed for ping # Needed for ping
"/run/wrappers" "/run/wrappers"
]; ];
startLimitBurst = 5;
startLimitIntervalSec = 20;
serviceConfig = { serviceConfig = {
StartLimitBurst = 5;
StartLimitIntervalSec = 20;
ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps"; ExecStart = "${pkgs.mullvad-vpn}/bin/mullvad-daemon -v --disable-stdout-timestamps";
Restart = "always"; Restart = "always";
RestartSec = 1; RestartSec = 1;

5
third_party/nixpkgs/nixos/modules/services/networking/murmur.nix vendored
View file

@ -278,6 +278,10 @@ in
home = "/var/lib/murmur"; home = "/var/lib/murmur";
createHome = true; createHome = true;
uid = config.ids.uids.murmur; uid = config.ids.uids.murmur;
group = "murmur";
};
users.groups.murmur = {
gid = config.ids.gids.murmur;
}; };
systemd.services.murmur = { systemd.services.murmur = {
@ -300,6 +304,7 @@ in
RuntimeDirectory = "murmur"; RuntimeDirectory = "murmur";
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0700";
User = "murmur"; User = "murmur";
Group = "murmur";
}; };
}; };
}; };

4
third_party/nixpkgs/nixos/modules/services/networking/namecoind.nix vendored
View file

@ -165,6 +165,8 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 120;
startLimitBurst = 5;
serviceConfig = { serviceConfig = {
User = "namecoin"; User = "namecoin";
Group = "namecoin"; Group = "namecoin";
@ -176,8 +178,6 @@ in
TimeoutStopSec = "60s"; TimeoutStopSec = "60s";
TimeoutStartSec = "2s"; TimeoutStartSec = "2s";
Restart = "always"; Restart = "always";
StartLimitInterval = "120s";
StartLimitBurst = "5";
}; };
preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") '' preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''

4
third_party/nixpkgs/nixos/modules/services/networking/nextdns.nix vendored
View file

@ -28,9 +28,9 @@ in {
environment = { environment = {
SERVICE_RUN_MODE = "1"; SERVICE_RUN_MODE = "1";
}; };
startLimitIntervalSec = 5;
startLimitBurst = 10;
serviceConfig = { serviceConfig = {
StartLimitInterval = 5;
StartLimitBurst = 10;
ExecStart = "${pkgs.nextdns}/bin/nextdns run ${escapeShellArgs config.services.nextdns.arguments}"; ExecStart = "${pkgs.nextdns}/bin/nextdns run ${escapeShellArgs config.services.nextdns.arguments}";
RestartSec = 120; RestartSec = 120;
LimitMEMLOCK = "infinity"; LimitMEMLOCK = "infinity";

2
third_party/nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix vendored
View file

@ -42,9 +42,9 @@ in
description = "A HTTP nix store that proxies requests to Google Storage"; description = "A HTTP nix store that proxies requests to Google Storage";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
startLimitIntervalSec = 10;
serviceConfig = { serviceConfig = {
RestartSec = 5; RestartSec = 5;
StartLimitInterval = 10;
ExecStart = '' ExecStart = ''
${pkgs.nix-store-gcs-proxy}/bin/nix-store-gcs-proxy \ ${pkgs.nix-store-gcs-proxy}/bin/nix-store-gcs-proxy \
--bucket-name ${cfg.bucketName} \ --bucket-name ${cfg.bucketName} \

4
third_party/nixpkgs/nixos/modules/services/networking/nsd.nix vendored
View file

@ -916,14 +916,14 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitBurst = 4;
startLimitIntervalSec = 5 * 60; # 5 mins
serviceConfig = { serviceConfig = {
ExecStart = "${nsdPkg}/sbin/nsd -d -c ${nsdEnv}/nsd.conf"; ExecStart = "${nsdPkg}/sbin/nsd -d -c ${nsdEnv}/nsd.conf";
StandardError = "null"; StandardError = "null";
PIDFile = pidFile; PIDFile = pidFile;
Restart = "always"; Restart = "always";
RestartSec = "4s"; RestartSec = "4s";
StartLimitBurst = 4;
StartLimitInterval = "5min";
}; };
preStart = '' preStart = ''

4
third_party/nixpkgs/nixos/modules/services/networking/supybot.nix vendored
View file

@ -103,6 +103,8 @@ in
rm -f '${cfg.stateDir}/supybot.cfg.bak' rm -f '${cfg.stateDir}/supybot.cfg.bak'
''; '';
startLimitIntervalSec = 5 * 60; # 5 min
startLimitBurst = 1;
serviceConfig = { serviceConfig = {
ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg"; ExecStart = "${pyEnv}/bin/supybot ${cfg.stateDir}/supybot.cfg";
PIDFile = "/run/supybot.pid"; PIDFile = "/run/supybot.pid";
@ -110,8 +112,6 @@ in
Group = "supybot"; Group = "supybot";
UMask = "0007"; UMask = "0007";
Restart = "on-abort"; Restart = "on-abort";
StartLimitInterval = "5m";
StartLimitBurst = "1";
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true; PrivateDevices = true;

6
third_party/nixpkgs/nixos/modules/services/networking/tailscale.nix vendored
View file

@ -17,6 +17,7 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.tailscale ]; # for the CLI
systemd.services.tailscale = { systemd.services.tailscale = {
description = "Tailscale client daemon"; description = "Tailscale client daemon";
@ -24,10 +25,7 @@ in {
wants = [ "network-pre.target" ]; wants = [ "network-pre.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
unitConfig = { startLimitIntervalSec = 0;
StartLimitIntervalSec = 0;
StartLimitBurst = 0;
};
serviceConfig = { serviceConfig = {
ExecStart = ExecStart =

4
third_party/nixpkgs/nixos/modules/services/security/vault.nix vendored
View file

@ -131,6 +131,8 @@ in
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients. restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
startLimitIntervalSec = 60;
startLimitBurst = 3;
serviceConfig = { serviceConfig = {
User = "vault"; User = "vault";
Group = "vault"; Group = "vault";
@ -145,8 +147,6 @@ in
KillSignal = "SIGINT"; KillSignal = "SIGINT";
TimeoutStopSec = "30s"; TimeoutStopSec = "30s";
Restart = "on-failure"; Restart = "on-failure";
StartLimitInterval = "60s";
StartLimitBurst = 3;
}; };
unitConfig.RequiresMountsFor = optional (cfg.storagePath != null) cfg.storagePath; unitConfig.RequiresMountsFor = optional (cfg.storagePath != null) cfg.storagePath;

2
third_party/nixpkgs/nixos/modules/services/torrent/transmission.nix vendored
View file

@ -197,7 +197,7 @@ in
install -D -m 600 -o '${cfg.user}' -g '${cfg.group}' /dev/stdin \ install -D -m 600 -o '${cfg.user}' -g '${cfg.group}' /dev/stdin \
'${cfg.home}/${settingsDir}/settings.json' '${cfg.home}/${settingsDir}/settings.json'
'')]; '')];
ExecStart="${pkgs.transmission}/bin/transmission-daemon -f"; ExecStart="${pkgs.transmission}/bin/transmission-daemon -f -g ${cfg.home}/${settingsDir}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;

2
third_party/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix vendored
View file

@ -10,7 +10,7 @@ in {
default = false; default = false;
example = true; example = true;
description = '' description = ''
Whether to enable engelsystem, an online tool for coordinating helpers Whether to enable engelsystem, an online tool for coordinating volunteers
and shifts on large events. and shifts on large events.
''; '';
type = lib.types.bool; type = lib.types.bool;

3
third_party/nixpkgs/nixos/modules/services/web-apps/moinmoin.nix vendored
View file

@ -224,6 +224,8 @@ in
chmod -R u+w ${dataDir}/${wikiIdent}/underlay chmod -R u+w ${dataDir}/${wikiIdent}/underlay
''; '';
startLimitIntervalSec = 30;
serviceConfig = { serviceConfig = {
User = user; User = user;
Group = group; Group = group;
@ -237,7 +239,6 @@ in
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "2s"; RestartSec = "2s";
StartLimitIntervalSec = "30s";
StateDirectory = "moin/${wikiIdent}"; StateDirectory = "moin/${wikiIdent}";
StateDirectoryMode = "0750"; StateDirectoryMode = "0750";

6
third_party/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix vendored
View file

@ -549,9 +549,7 @@ in {
}; };
"/" = { "/" = {
priority = 900; priority = 900;
extraConfig = if major < 20 extraConfig = "rewrite ^ /index.php;";
then "rewrite ^ /index.php;"
else "try_files $uri $uri/ /index.php$request_uri;";
}; };
"~ ^/store-apps" = { "~ ^/store-apps" = {
priority = 201; priority = 201;
@ -575,7 +573,7 @@ in {
"~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)".extraConfig = '' "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)".extraConfig = ''
return 404; return 404;
''; '';
${if major < 20 then "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" else "~ \\.php(?:$|/)"} = { "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = {
priority = 500; priority = 500;
extraConfig = '' extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf; include ${config.services.nginx.package}/conf/fastcgi.conf;

51
third_party/nixpkgs/nixos/modules/services/web-apps/shiori.nix vendored
View file

@ -37,11 +37,60 @@ in {
description = "Shiori simple bookmarks manager"; description = "Shiori simple bookmarks manager";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.SHIORI_DIR = "/var/lib/shiori";
serviceConfig = { serviceConfig = {
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'"; ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'";
DynamicUser = true; DynamicUser = true;
Environment = "SHIORI_DIR=/var/lib/shiori";
StateDirectory = "shiori"; StateDirectory = "shiori";
# As the RootDirectory
RuntimeDirectory = "shiori";
# Security options
BindReadOnlyPaths = [
"/nix/store"
# For SSL certificates, and the resolv.conf
"/etc"
];
CapabilityBoundingSet = "";
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictRealtime = true;
RestrictSUIDSGID = true;
RootDirectory = "/run/shiori";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
"~@chown" "~@cpu-emulation" "~@debug" "~@ipc" "~@keyring" "~@memlock"
"~@module" "~@obsolete" "~@privileged" "~@process" "~@raw-io"
"~@resources" "~@setuid"
];
}; };
}; };
}; };

14
third_party/nixpkgs/nixos/modules/services/web-servers/caddy.nix vendored
View file

@ -24,6 +24,10 @@ let
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out
''; '';
in { in {
imports = [
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
];
options.services.caddy = { options.services.caddy = {
enable = mkEnableOption "Caddy web server"; enable = mkEnableOption "Caddy web server";
@ -66,12 +70,6 @@ in {
description = "Email address (for Let's Encrypt certificate)"; description = "Email address (for Let's Encrypt certificate)";
}; };
agree = mkOption {
default = false;
type = types.bool;
description = "Agree to Let's Encrypt Subscriber Agreement";
};
dataDir = mkOption { dataDir = mkOption {
default = "/var/lib/caddy"; default = "/var/lib/caddy";
type = types.path; type = types.path;
@ -103,6 +101,8 @@ in {
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/caddy run --config ${configJSON}"; ExecStart = "${cfg.package}/bin/caddy run --config ${configJSON}";
ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}"; ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}";
@ -110,8 +110,6 @@ in {
User = "caddy"; User = "caddy";
Group = "caddy"; Group = "caddy";
Restart = "on-abnormal"; Restart = "on-abnormal";
StartLimitIntervalSec = 14400;
StartLimitBurst = 10;
AmbientCapabilities = "cap_net_bind_service"; AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service"; CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true; NoNewPrivileges = true;

20
third_party/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix vendored
View file

@ -261,10 +261,7 @@ let
ssl_trusted_certificate ${vhost.sslTrustedCertificate}; ssl_trusted_certificate ${vhost.sslTrustedCertificate};
''} ''}
${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) '' ${mkBasicAuth vhostName vhost}
auth_basic secured;
auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
''}
${mkLocations vhost.locations} ${mkLocations vhost.locations}
@ -293,9 +290,19 @@ let
${optionalString (config.return != null) "return ${config.return};"} ${optionalString (config.return != null) "return ${config.return};"}
${config.extraConfig} ${config.extraConfig}
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"} ${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
${mkBasicAuth "sublocation" config}
} }
'') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations))); '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
mkBasicAuth = name: zone: optionalString (zone.basicAuthFile != null || zone.basicAuth != {}) (let
auth_file = if zone.basicAuthFile != null
then zone.basicAuthFile
else mkHtpasswd name zone.basicAuth;
in ''
auth_basic secured;
auth_basic_user_file ${auth_file};
'');
mkHtpasswd = name: authDef: pkgs.writeText "${name}.htpasswd" (
concatStringsSep "\n" (mapAttrsToList (user: password: '' concatStringsSep "\n" (mapAttrsToList (user: password: ''
${user}:{PLAIN}${password} ${user}:{PLAIN}${password}
'') authDef) '') authDef)
@ -693,6 +700,8 @@ in
${cfg.preStart} ${cfg.preStart}
${execCommand} -t ${execCommand} -t
''; '';
startLimitIntervalSec = 60;
serviceConfig = { serviceConfig = {
ExecStart = execCommand; ExecStart = execCommand;
ExecReload = [ ExecReload = [
@ -701,7 +710,6 @@ in
]; ];
Restart = "always"; Restart = "always";
RestartSec = "10s"; RestartSec = "10s";
StartLimitInterval = "1min";
# User and group # User and group
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;

28
third_party/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix vendored
View file

@ -9,6 +9,34 @@ with lib;
{ {
options = { options = {
basicAuth = mkOption {
type = types.attrsOf types.str;
default = {};
example = literalExample ''
{
user = "password";
};
'';
description = ''
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the
Nix store.
'';
};
basicAuthFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Basic Auth password file for a vhost.
Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>.
WARNING: The generate file contains the users' passwords in a
non-cryptographically-securely hashed way.
'';
};
proxyPass = mkOption { proxyPass = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;

7
third_party/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix vendored
View file

@ -198,7 +198,7 @@ with lib;
Basic Auth protection for a vhost. Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the WARNING: This is implemented to store the password in plain text in the
nix store. Nix store.
''; '';
}; };
@ -207,7 +207,10 @@ with lib;
default = null; default = null;
description = '' description = ''
Basic Auth password file for a vhost. Basic Auth password file for a vhost.
Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command> Can be created via: <command>htpasswd -c &lt;filename&gt; &lt;username&gt;</command>.
WARNING: The generate file contains the users' passwords in a
non-cryptographically-securely hashed way.
''; '';
}; };

4
third_party/nixpkgs/nixos/modules/services/web-servers/traefik.nix vendored
View file

@ -136,6 +136,8 @@ in {
description = "Traefik web server"; description = "Traefik web server";
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 86400;
startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = ExecStart =
"${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; "${cfg.package}/bin/traefik --configfile=${staticConfigFile}";
@ -143,8 +145,6 @@ in {
User = "traefik"; User = "traefik";
Group = cfg.group; Group = cfg.group;
Restart = "on-failure"; Restart = "on-failure";
StartLimitInterval = 86400;
StartLimitBurst = 5;
AmbientCapabilities = "cap_net_bind_service"; AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service"; CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true; NoNewPrivileges = true;

2
third_party/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix vendored
View file

@ -200,7 +200,7 @@ in
security.wrappers = { security.wrappers = {
kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/libexec/kcheckpass"; kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/libexec/kcheckpass";
start_kdeinit.source = "${lib.getBin pkgs.kinit}/libexec/kf5/start_kdeinit"; start_kdeinit.source = "${lib.getBin pkgs.kdeFrameworks.kinit}/libexec/kf5/start_kdeinit";
kwin_wayland = { kwin_wayland = {
source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland"; source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland";
capabilities = "cap_sys_nice+ep"; capabilities = "cap_sys_nice+ep";

7
third_party/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix vendored
View file

@ -9,7 +9,12 @@ let
cfg = dmcfg.sddm; cfg = dmcfg.sddm;
xEnv = config.systemd.services.display-manager.environment; xEnv = config.systemd.services.display-manager.environment;
inherit (pkgs) sddm; sddm = if config.services.xserver.desktopManager.lxqt.enable then
# TODO: Move lxqt to libsForQt515
pkgs.libsForQt514.sddm
else
pkgs.libsForQt5.sddm
;
xserverWrapper = pkgs.writeScript "xserver-wrapper" '' xserverWrapper = pkgs.writeScript "xserver-wrapper" ''
#!/bin/sh #!/bin/sh

11
third_party/nixpkgs/nixos/modules/services/x11/redshift.nix vendored
View file

@ -82,6 +82,15 @@ in {
''; '';
}; };
executable = mkOption {
type = types.str;
default = "/bin/redshift";
example = "/bin/redshift-gtk";
description = ''
Redshift executable to use within the package.
'';
};
extraOptions = mkOption { extraOptions = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
@ -114,7 +123,7 @@ in {
partOf = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/redshift \ ${cfg.package}${cfg.executable} \
-l ${providerString} \ -l ${providerString} \
-t ${toString cfg.temperature.day}:${toString cfg.temperature.night} \ -t ${toString cfg.temperature.day}:${toString cfg.temperature.night} \
-b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \ -b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \

8
third_party/nixpkgs/nixos/modules/services/x11/xserver.nix vendored
View file

@ -678,14 +678,14 @@ in
script = "${cfg.displayManager.job.execCmd}"; script = "${cfg.displayManager.job.execCmd}";
# Stop restarting if the display manager stops (crashes) 2 times
# in one minute. Starting X typically takes 3-4s.
startLimitIntervalSec = 30;
startLimitBurst = 3;
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
RestartSec = "200ms"; RestartSec = "200ms";
SyslogIdentifier = "display-manager"; SyslogIdentifier = "display-manager";
# Stop restarting if the display manager stops (crashes) 2 times
# in one minute. Starting X typically takes 3-4s.
StartLimitInterval = "30s";
StartLimitBurst = "3";
}; };
}; };

2
third_party/nixpkgs/nixos/modules/system/boot/networkd.nix vendored
View file

@ -648,11 +648,13 @@ let
"RapidCommit" "RapidCommit"
"ForceDHCPv6PDOtherInformation" "ForceDHCPv6PDOtherInformation"
"PrefixDelegationHint" "PrefixDelegationHint"
"RouteMetric"
]) ])
(assertValueOneOf "UseDNS" boolValues) (assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseNTP" boolValues) (assertValueOneOf "UseNTP" boolValues)
(assertValueOneOf "RapidCommit" boolValues) (assertValueOneOf "RapidCommit" boolValues)
(assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues) (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
(assertInt "RouteMetric")
]; ];
sectionDHCPServer = checkUnitConfig "DHCPServer" [ sectionDHCPServer = checkUnitConfig "DHCPServer" [

3
third_party/nixpkgs/nixos/modules/system/boot/stage-1-init.sh vendored
View file

@ -120,7 +120,7 @@ eval "exec $logOutFd>&1 $logErrFd>&2"
if test -w /dev/kmsg; then if test -w /dev/kmsg; then
tee -i < /tmp/stage-1-init.log.fifo /proc/self/fd/"$logOutFd" | while read -r line; do tee -i < /tmp/stage-1-init.log.fifo /proc/self/fd/"$logOutFd" | while read -r line; do
if test -n "$line"; then if test -n "$line"; then
echo "<7>stage-1-init: $line" > /dev/kmsg echo "<7>stage-1-init: [$(date)] $line" > /dev/kmsg
fi fi
done & done &
else else
@ -356,6 +356,7 @@ mountFS() {
case $options in case $options in
*x-nixos.autoresize*) *x-nixos.autoresize*)
if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then
modprobe "$fsType"
echo "resizing $device..." echo "resizing $device..."
e2fsck -fp "$device" e2fsck -fp "$device"
resize2fs "$device" resize2fs "$device"

16
third_party/nixpkgs/nixos/modules/system/boot/systemd-unit-options.nix vendored
View file

@ -210,12 +210,21 @@ in rec {
''; '';
}; };
startLimitBurst = mkOption {
type = types.int;
description = ''
Configure unit start rate limiting. Units which are started
more than startLimitBurst times within an interval time
interval are not permitted to start any more.
'';
};
startLimitIntervalSec = mkOption { startLimitIntervalSec = mkOption {
type = types.int; type = types.int;
description = '' description = ''
Configure unit start rate limiting. Units which are started Configure unit start rate limiting. Units which are started
more than burst times within an interval time interval are more than startLimitBurst times within an interval time
not permitted to start any more. interval are not permitted to start any more.
''; '';
}; };
@ -245,8 +254,7 @@ in rec {
serviceConfig = mkOption { serviceConfig = mkOption {
default = {}; default = {};
example = example =
{ StartLimitInterval = 10; { RestartSec = 5;
RestartSec = 5;
}; };
type = types.addCheck (types.attrsOf unitOption) checkService; type = types.addCheck (types.attrsOf unitOption) checkService;
description = '' description = ''

23
third_party/nixpkgs/nixos/modules/system/boot/systemd.nix vendored
View file

@ -243,6 +243,8 @@ let
OnFailure = toString config.onFailure; } OnFailure = toString config.onFailure; }
// optionalAttrs (options.startLimitIntervalSec.isDefined) { // optionalAttrs (options.startLimitIntervalSec.isDefined) {
StartLimitIntervalSec = toString config.startLimitIntervalSec; StartLimitIntervalSec = toString config.startLimitIntervalSec;
} // optionalAttrs (options.startLimitBurst.isDefined) {
StartLimitBurst = toString config.startLimitBurst;
}; };
}; };
}; };
@ -884,14 +886,25 @@ in
config = { config = {
warnings = concatLists (mapAttrsToList (name: service: warnings = concatLists (
mapAttrsToList
(name: service:
let let
type = service.serviceConfig.Type or ""; type = service.serviceConfig.Type or "";
restart = service.serviceConfig.Restart or "no"; restart = service.serviceConfig.Restart or "no";
in optional hasDeprecated = builtins.hasAttr "StartLimitInterval" service.serviceConfig;
(type == "oneshot" && (restart == "always" || restart == "on-success")) in
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'") concatLists [
cfg.services); (optional (type == "oneshot" && (restart == "always" || restart == "on-success"))
"Service '${name}.service' with 'Type=oneshot' cannot have 'Restart=always' or 'Restart=on-success'"
)
(optional hasDeprecated
"Service '${name}.service' uses the attribute 'StartLimitInterval' in the Service section, which is deprecated. See https://github.com/NixOS/nixpkgs/issues/45786."
)
]
)
cfg.services
);
system.build.units = cfg.units; system.build.units = cfg.units;

2
third_party/nixpkgs/nixos/modules/virtualisation/amazon-image.nix vendored
View file

@ -48,7 +48,7 @@ in
]; ];
boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ]; boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ];
boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ]; boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ];
boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ]; boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" "random.trust_cpu=on" ];
# Prevent the nouveau kernel module from being loaded, as it # Prevent the nouveau kernel module from being loaded, as it
# interferes with the nvidia/nvidia-uvm modules needed for CUDA. # interferes with the nvidia/nvidia-uvm modules needed for CUDA.

21
third_party/nixpkgs/nixos/modules/virtualisation/ec2-amis.nix vendored
View file

@ -329,5 +329,24 @@ let self = {
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86"; "20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d"; "20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
latest = self."20.03"; # 20.09.1465.9a0b14b097d
"20.09".eu-west-1.hvm-ebs = "ami-0d90f16418e3c364c";
"20.09".eu-west-2.hvm-ebs = "ami-0635ec0780ea57cfe";
"20.09".eu-west-3.hvm-ebs = "ami-0714e94352f2eabb9";
"20.09".eu-central-1.hvm-ebs = "ami-0979d39762a4d2a02";
"20.09".eu-north-1.hvm-ebs = "ami-0b14e273185c66e9b";
"20.09".us-east-1.hvm-ebs = "ami-0f8b063ac3f2d9645";
"20.09".us-east-2.hvm-ebs = "ami-0959202a0393fdd0c";
"20.09".us-west-1.hvm-ebs = "ami-096d50833b785478b";
"20.09".us-west-2.hvm-ebs = "ami-0fc31031df0df6104";
"20.09".ca-central-1.hvm-ebs = "ami-0787786a38cde3905";
"20.09".ap-southeast-1.hvm-ebs = "ami-0b3f693d3a2a0b9ae";
"20.09".ap-southeast-2.hvm-ebs = "ami-02471872bc876b610";
"20.09".ap-northeast-1.hvm-ebs = "ami-06505fd2bf44a59a7";
"20.09".ap-northeast-2.hvm-ebs = "ami-0754b4c014eea1e8a";
"20.09".ap-south-1.hvm-ebs = "ami-05100e32242ae65a6";
"20.09".ap-east-1.hvm-ebs = "ami-045288859a39de009";
"20.09".sa-east-1.hvm-ebs = "ami-0a937748db48fb00d";
latest = self."20.09";
}; in self }; in self

1
third_party/nixpkgs/nixos/tests/all-tests.nix vendored
View file

@ -242,6 +242,7 @@ in
nfs4 = handleTest ./nfs { version = 4; }; nfs4 = handleTest ./nfs { version = 4; };
nghttpx = handleTest ./nghttpx.nix {}; nghttpx = handleTest ./nghttpx.nix {};
nginx = handleTest ./nginx.nix {}; nginx = handleTest ./nginx.nix {};
nginx-auth = handleTest ./nginx-auth.nix {};
nginx-etag = handleTest ./nginx-etag.nix {}; nginx-etag = handleTest ./nginx-etag.nix {};
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};

21
third_party/nixpkgs/nixos/tests/common/acme/server/README.md vendored Normal file
View file

@ -0,0 +1,21 @@
# Fake Certificate Authority for ACME testing
This will set up a test node running [pebble](https://github.com/letsencrypt/pebble)
to serve ACME certificate requests.
## "Snake oil" certs
The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235).
The root of the issue is that Nix will hash the derivation based on the arguments
to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will
always generate a random certificate even if the arguments are unchanged. As a
result, it's possible to end up in a situation where the cached and local
generated certs mismatch and cause issues with testing.
To generate new certificates, run the following commands:
```bash
nix-build generate-certs.nix
cp result/* .
rm result
```

19
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem vendored Normal file
View file

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy
MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9
Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH
pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN
Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l
EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY
H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w
C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV
GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ
YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20
QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw
bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0
pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs
-----END CERTIFICATE-----

27
third_party/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem vendored Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu
5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH
O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L
jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr
kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf
QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4
R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO
grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW
1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y
E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3
6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/
NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu
Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg
Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ
51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp
F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK
aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t
o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB
PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW
wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex
pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG
zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L
hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF
TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy
FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H
-----END RSA PRIVATE KEY-----

20
third_party/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem vendored Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx
MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps
tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa
1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz
bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC
kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M
unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB
AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe
qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq
hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN
95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8
OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2
NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN
Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I
097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw==
-----END CERTIFICATE-----

27
third_party/nixpkgs/nixos/tests/common/acme/server/ca.key.pem vendored Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK
1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ
UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY
8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM
fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s
wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU
trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U
Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH
+hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH
SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6
kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0
X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE
SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5
NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ
zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc
LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1
VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh
+5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A
2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw
/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs
jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF
0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF
H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+
VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP
oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2
-----END RSA PRIVATE KEY-----

5
third_party/nixpkgs/nixos/tests/common/acme/server/default.nix vendored
View file

@ -51,10 +51,7 @@
# that it has to be started _before_ the ACME service. # that it has to be started _before_ the ACME service.
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
testCerts = import ./snakeoil-certs.nix { testCerts = import ./snakeoil-certs.nix;
minica = pkgs.minica;
mkDerivation = pkgs.stdenv.mkDerivation;
};
domain = testCerts.domain; domain = testCerts.domain;
resolver = let resolver = let

29
third_party/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix vendored Normal file
View file

@ -0,0 +1,29 @@
# Minica can provide a CA key and cert, plus a key
# and cert for our fake CA server's Web Front End (WFE).
{
pkgs ? import <nixpkgs> {},
minica ? pkgs.minica,
mkDerivation ? pkgs.stdenv.mkDerivation
}:
let
conf = import ./snakeoil-certs.nix;
domain = conf.domain;
in mkDerivation {
name = "test-certs";
buildInputs = [ minica ];
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
minica \
--ca-key ca.key.pem \
--ca-cert ca.cert.pem \
--domains ${domain}
'';
installPhase = ''
mkdir -p $out
mv ca.*.pem $out/
mv ${domain}/key.pem $out/${domain}.key.pem
mv ${domain}/cert.pem $out/${domain}.cert.pem
'';
}

32
third_party/nixpkgs/nixos/tests/common/acme/server/snakeoil-certs.nix vendored
View file

@ -1,37 +1,13 @@
# Minica can provide a CA key and cert, plus a key
# and cert for our fake CA server's Web Front End (WFE).
{ minica, mkDerivation }:
let let
domain = "acme.test"; domain = "acme.test";
selfSignedCertData = mkDerivation {
name = "test-certs";
buildInputs = [ minica ];
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
mkdir ca
minica \
--ca-key ca/key.pem \
--ca-cert ca/cert.pem \
--domains ${domain}
chmod 600 ca/*
chmod 640 ${domain}/*.pem
'';
installPhase = ''
mkdir -p $out
mv ${domain} ca $out/
'';
};
in { in {
inherit domain; inherit domain;
ca = { ca = {
cert = "${selfSignedCertData}/ca/cert.pem"; cert = ./ca.cert.pem;
key = "${selfSignedCertData}/ca/key.pem"; key = ./ca.key.pem;
}; };
"${domain}" = { "${domain}" = {
cert = "${selfSignedCertData}/${domain}/cert.pem"; cert = ./. + "/${domain}.cert.pem";
key = "${selfSignedCertData}/${domain}/key.pem"; key = ./. + "/${domain}.key.pem";
}; };
} }

91
third_party/nixpkgs/nixos/tests/firefox.nix vendored
View file

@ -11,26 +11,105 @@ import ./make-test-python.nix ({ pkgs, esr ? false, ... }: {
environment.systemPackages = environment.systemPackages =
(if esr then [ pkgs.firefox-esr ] else [ pkgs.firefox ]) (if esr then [ pkgs.firefox-esr ] else [ pkgs.firefox ])
++ [ pkgs.xdotool ]; ++ [ pkgs.xdotool ];
# Need some more memory to record audio.
virtualisation.memorySize = "500";
# Create a virtual sound device, with mixing
# and all, for recording audio.
boot.kernelModules = [ "snd-aloop" ];
sound.enable = true;
sound.extraConfig = ''
pcm.!default {
type plug
slave.pcm pcm.dmixer
}
pcm.dmixer {
type dmix
ipc_key 1
slave {
pcm "hw:Loopback,0,0"
rate 48000
periods 128
period_time 0
period_size 1024
buffer_size 8192
}
}
pcm.recorder {
type hw
card "Loopback"
device 1
subdevice 0
}
'';
systemd.services.audio-recorder = {
description = "Record NixOS test audio to /tmp/record.wav";
script = "${pkgs.alsaUtils}/bin/arecord -D recorder -f S16_LE -r48000 /tmp/record.wav";
};
}; };
testScript = '' testScript = ''
from contextlib import contextmanager
@contextmanager
def audio_recording(machine: Machine) -> None:
"""
Perform actions while recording the
machine audio output.
"""
machine.systemctl("start audio-recorder")
yield
machine.systemctl("stop audio-recorder")
def wait_for_sound(machine: Machine) -> None:
"""
Wait until any sound has been emitted.
"""
machine.wait_for_file("/tmp/record.wav")
while True:
# Get at most 2M of the recording
machine.execute("tail -c 2M /tmp/record.wav > /tmp/last")
# Get the exact size
size = int(machine.succeed("stat -c '%s' /tmp/last").strip())
# Compare it against /dev/zero using `cmp` (skipping 50B of WAVE header).
# If some non-NULL bytes are found it returns 1.
status, output = machine.execute(
f"cmp -i 50 -n {size - 50} /tmp/last /dev/zero 2>&1"
)
if status == 1:
break
machine.sleep(2)
machine.wait_for_x() machine.wait_for_x()
with subtest("wait until Firefox has finished loading the Valgrind docs page"): with subtest("Wait until Firefox has finished loading the Valgrind docs page"):
machine.execute( machine.execute(
"xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &" "xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &"
) )
machine.wait_for_window("Valgrind") machine.wait_for_window("Valgrind")
machine.sleep(40) machine.sleep(40)
with subtest("Check whether Firefox can play sound"):
with audio_recording(machine):
machine.succeed(
"firefox file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga &"
)
wait_for_sound(machine)
machine.copy_from_vm("/tmp/record.wav")
with subtest("Close sound test tab"):
machine.execute("xdotool key ctrl+w")
with subtest("Close default browser prompt"): with subtest("Close default browser prompt"):
machine.execute("xdotool key space") machine.execute("xdotool key space")
with subtest("Hide default browser window"): with subtest("Wait until Firefox draws the developer tool panel"):
machine.sleep(2)
machine.execute("xdotool key F12")
with subtest("wait until Firefox draws the developer tool panel"):
machine.sleep(10) machine.sleep(10)
machine.succeed("xwininfo -root -tree | grep Valgrind") machine.succeed("xwininfo -root -tree | grep Valgrind")
machine.screenshot("screen") machine.screenshot("screen")

47
third_party/nixpkgs/nixos/tests/nginx-auth.nix vendored Normal file
View file

@ -0,0 +1,47 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nginx-auth";
nodes = {
webserver = { pkgs, lib, ... }: {
services.nginx = let
root = pkgs.runCommand "testdir" {} ''
mkdir "$out"
echo hello world > "$out/index.html"
'';
in {
enable = true;
virtualHosts.lockedroot = {
inherit root;
basicAuth.alice = "jane";
};
virtualHosts.lockedsubdir = {
inherit root;
locations."/sublocation/" = {
alias = "${root}/";
basicAuth.bob = "john";
};
};
};
};
};
testScript = ''
webserver.wait_for_unit("nginx")
webserver.wait_for_open_port(80)
webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot")
webserver.succeed(
"curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot"
)
webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir")
webserver.fail(
"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html"
)
webserver.succeed(
"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html"
)
'';
})

1
third_party/nixpkgs/nixos/tests/prometheus.nix vendored
View file

@ -19,7 +19,6 @@ let
secret_key = s3.secretKey; secret_key = s3.secretKey;
insecure = true; insecure = true;
signature_version2 = false; signature_version2 = false;
encrypt_sse = false;
put_user_metadata = {}; put_user_metadata = {};
http_config = { http_config = {
idle_conn_timeout = "0s"; idle_conn_timeout = "0s";

2
third_party/nixpkgs/pkgs/applications/audio/bchoppr/default.nix vendored
View file

@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = "${version}"; rev = version;
sha256 = "1nd6byy75f0rbz9dm9drhxmpsfhxhg0y7q3v2m3098llynhy9k2j"; sha256 = "1nd6byy75f0rbz9dm9drhxmpsfhxhg0y7q3v2m3098llynhy9k2j";
}; };

2
third_party/nixpkgs/pkgs/applications/audio/bsequencer/default.nix vendored
View file

@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = "${version}"; rev = version;
sha256 = "0hagnn104ybzdp13r95idw20fhmzif8p3kmiypnr20m6c64rdd29"; sha256 = "0hagnn104ybzdp13r95idw20fhmzif8p3kmiypnr20m6c64rdd29";
}; };

2
third_party/nixpkgs/pkgs/applications/audio/bslizr/default.nix vendored
View file

@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = "${version}"; rev = version;
sha256 = "1f7xrljvsy7a1p8c7wln2zhwarl3ara7gbjxkpyh47wfdpigpdb0"; sha256 = "1f7xrljvsy7a1p8c7wln2zhwarl3ara7gbjxkpyh47wfdpigpdb0";
}; };

4
third_party/nixpkgs/pkgs/applications/audio/drumkv1/default.nix vendored
View file

@ -2,11 +2,11 @@
mkDerivation rec { mkDerivation rec {
pname = "drumkv1"; pname = "drumkv1";
version = "0.9.16"; version = "0.9.18";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/drumkv1/${pname}-${version}.tar.gz"; url = "mirror://sourceforge/drumkv1/${pname}-${version}.tar.gz";
sha256 = "1r55575w9r0ifysw9mgxjvv0fszvx8ykjgim3zczf3mb5s9ngavv"; sha256 = "1bzkaz7sqx1pvirja8zm7i2ckzl5ad6xspr4840389ik3l8qpnr5";
}; };
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ]; buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ];

2
third_party/nixpkgs/pkgs/applications/audio/ecasound/default.nix vendored
View file

@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
buildInputs = [ alsaLib audiofile libjack2 liblo liboil libsamplerate libsndfile lilv lv2 ]; buildInputs = [ alsaLib audiofile libjack2 liblo liboil libsamplerate libsndfile lilv lv2 ];
meta = { meta = {
description = "Ecasound is a software package designed for multitrack audio processing"; description = "Software package designed for multitrack audio processing";
license = with stdenv.lib.licenses; [ gpl2 lgpl21 ]; license = with stdenv.lib.licenses; [ gpl2 lgpl21 ];
homepage = "http://nosignal.fi/ecasound/"; homepage = "http://nosignal.fi/ecasound/";
}; };

2
third_party/nixpkgs/pkgs/applications/audio/eflite/default.nix vendored
View file

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
meta = { meta = {
homepage = "http://eflite.sourceforge.net"; homepage = "http://eflite.sourceforge.net";
description = "EFlite is a speech server for screen readers"; description = "Speech server for screen readers";
longDescription = '' longDescription = ''
EFlite is a speech server for Emacspeak and other screen EFlite is a speech server for Emacspeak and other screen
readers that allows them to interface with Festival Lite, readers that allows them to interface with Festival Lite,

20
third_party/nixpkgs/pkgs/applications/audio/geonkick/default.nix vendored
View file

@ -1,14 +1,15 @@
{ stdenv, fetchFromGitLab, cmake, pkg-config, redkite, libsndfile, rapidjson, libjack2, lv2, libX11, cairo }: { stdenv, fetchFromGitLab, cmake, pkg-config, redkite, libsndfile, rapidjson
, libjack2, lv2, libX11, cairo }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "geonkick"; pname = "geonkick";
version = "2.3.8"; version = "2.5.0";
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "iurie-sw"; owner = "iurie-sw";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "07809yy2q7dd6fcp0yndlg1vw2ca2zisnsplb3xrxvzdvrqlw910"; sha256 = "19zbz4v2n5ph4af721xls7ignmis2q2yqyd0m97g9b3njrgnfy3n";
}; };
nativeBuildInputs = [ cmake pkg-config ]; nativeBuildInputs = [ cmake pkg-config ];
@ -16,13 +17,16 @@ stdenv.mkDerivation rec {
buildInputs = [ redkite libsndfile rapidjson libjack2 lv2 libX11 cairo ]; buildInputs = [ redkite libsndfile rapidjson libjack2 lv2 libX11 cairo ];
# https://github.com/iurie-sw/geonkick/issues/120 # https://github.com/iurie-sw/geonkick/issues/120
cmakeFlags = [ "-DGKICK_REDKITE_SDK_PATH=${redkite}" "-DCMAKE_INSTALL_LIBDIR=lib" ]; cmakeFlags = [
"-DGKICK_REDKITE_SDK_PATH=${redkite}"
"-DCMAKE_INSTALL_LIBDIR=lib"
];
meta = { meta = with stdenv.lib; {
homepage = "https://gitlab.com/iurie-sw/geonkick"; homepage = "https://gitlab.com/iurie-sw/geonkick";
description = "A free software percussion synthesizer"; description = "A free software percussion synthesizer";
license = stdenv.lib.licenses.gpl3Plus; license = licenses.gpl3Plus;
platforms = stdenv.lib.platforms.linux; platforms = platforms.linux;
maintainers = [ stdenv.lib.maintainers.magnetophon ]; maintainers = [ maintainers.magnetophon ];
}; };
} }

4
third_party/nixpkgs/pkgs/applications/audio/jamulus/default.nix vendored
View file

@ -3,12 +3,12 @@
mkDerivation rec { mkDerivation rec {
pname = "jamulus"; pname = "jamulus";
version = "3.5.10"; version = "3.6.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "corrados"; owner = "corrados";
repo = "jamulus"; repo = "jamulus";
rev = "r${stdenv.lib.replaceStrings [ "." ] [ "_" ] version}"; rev = "r${stdenv.lib.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "0bw2v40csjmlkvkhr3dh0g1a7mfqrs1xkqjsii61yfzy2ckbsi82"; sha256 = "06x9b2kjsgk8kddhif0x59nwzhnwjmq40x3w5nrphqaimqlrhlcf";
}; };
nativeBuildInputs = [ pkg-config qmake ]; nativeBuildInputs = [ pkg-config qmake ];

13
third_party/nixpkgs/pkgs/applications/audio/musescore/default.nix vendored
View file

@ -1,4 +1,4 @@
{ stdenv, mkDerivation, lib, fetchzip, cmake, pkgconfig { stdenv, mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig
, alsaLib, freetype, libjack2, lame, libogg, libpulseaudio, libsndfile, libvorbis , alsaLib, freetype, libjack2, lame, libogg, libpulseaudio, libsndfile, libvorbis
, portaudio, portmidi, qtbase, qtdeclarative, qtgraphicaleffects , portaudio, portmidi, qtbase, qtdeclarative, qtgraphicaleffects
, qtquickcontrols2, qtscript, qtsvg, qttools , qtquickcontrols2, qtscript, qtsvg, qttools
@ -7,12 +7,13 @@
mkDerivation rec { mkDerivation rec {
pname = "musescore"; pname = "musescore";
version = "3.5.0"; version = "3.5.2";
src = fetchzip { src = fetchFromGitHub {
url = "https://github.com/musescore/MuseScore/releases/download/v3.5/MuseScore-${version}.zip"; owner = "musescore";
sha256 = "0m598xh0s4f5m4l2ymy7g44bbvc14bcfi4gifhjnrg091rsk57c9"; repo = "MuseScore";
stripRoot = false; rev = "v${version}";
sha256 = "VA0+npLUUXQJHalD01pmFTTum2Re7FiiyAwU1XvR93s=";
}; };
patches = [ patches = [

6
third_party/nixpkgs/pkgs/applications/audio/ncspot/default.nix vendored
View file

@ -14,16 +14,16 @@ let
in in
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "ncspot"; pname = "ncspot";
version = "0.2.3"; version = "0.2.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "hrkfdn"; owner = "hrkfdn";
repo = "ncspot"; repo = "ncspot";
rev = "v${version}"; rev = "v${version}";
sha256 = "08lxdd6biypxmzfc34cbrpsp9ajb157my4vc51ra5237b7jmy6vk"; sha256 = "0vdg1ybzfj7xg8nmrb8q9vr8bpwcs52730v9v0413wjyxb7hcll2";
}; };
cargoSha256 = "110mqm1md8x7vjw3hsy4yz8nj38h6mwrr357awchq52inxj3jmbk"; cargoSha256 = "0afaxx8dv7jn48934ba0r8kd1h8l3k00sl83v07a1xqmfcmil2qf";
cargoBuildFlags = [ "--no-default-features" "--features" "${lib.concatStringsSep "," features}" ]; cargoBuildFlags = [ "--no-default-features" "--features" "${lib.concatStringsSep "," features}" ];

4
third_party/nixpkgs/pkgs/applications/audio/opustags/default.nix vendored
View file

@ -1,13 +1,13 @@
{ stdenv, lib, cmake, pkgconfig, libogg, fetchFromGitHub, libiconv }: { stdenv, lib, cmake, pkgconfig, libogg, fetchFromGitHub, libiconv }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "opustags"; pname = "opustags";
version = "1.3.0"; version = "1.4.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "fmang"; owner = "fmang";
repo = "opustags"; repo = "opustags";
rev = version; rev = version;
sha256 = "09z0cdg20algaj2yyhfz3hxh1biwjjvzx1pc2vdc64n8lkswqsc1"; sha256 = "1y0czl72paawy342ff9ickaamkih43k59yfcdw7bnddypyfa7nbg";
}; };
buildInputs = [ libogg ]; buildInputs = [ libogg ];

2
third_party/nixpkgs/pkgs/applications/audio/picoloop/default.nix vendored
View file

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Picoloop is a synth and a stepsequencer (a clone of the famous nanoloop)"; description = "A synth and a stepsequencer (a clone of the famous nanoloop)";
homepage = "https://github.com/yoyz/picoloop"; homepage = "https://github.com/yoyz/picoloop";
platforms = platforms.linux; platforms = platforms.linux;
license = licenses.bsd3; license = licenses.bsd3;

4
third_party/nixpkgs/pkgs/applications/blockchains/ergo/default.nix vendored
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ergo"; pname = "ergo";
version = "3.3.4"; version = "3.3.5";
src = fetchurl { src = fetchurl {
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar"; url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
sha256 = "0psq0nxb4c0fsxjzjxb4sy6lh4kj4w8aizd81r92fdv8izbm25sk"; sha256 = "0bxzpwwb42bppqli3zggx3lah7g6kwmy6k6k6dinypj6x0bafqcg";
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];

4
third_party/nixpkgs/pkgs/applications/blockchains/exodus/default.nix vendored
View file

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "exodus"; pname = "exodus";
version = "20.8.28"; version = "20.10.23";
src = fetchurl { src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip"; url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "fde9165f71f0d641f6892ddce3ec26d200e8095a383f2b4c8f924de4041d65ef"; sha256 = "083hcxljqg36ilpy6xa4j455ngpc775qgam0dbj26kg7sh33dz2c";
}; };
sourceRoot = "."; sourceRoot = ".";

4
third_party/nixpkgs/pkgs/applications/blockchains/ledger-live-desktop/default.nix vendored
View file

@ -2,12 +2,12 @@
let let
pname = "ledger-live-desktop"; pname = "ledger-live-desktop";
version = "2.14.0"; version = "2.15.0";
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage"; url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
sha256 = "057g77nd8qxi8dw9sp7x068wsxmrpnsdfrca876f0bpw7lpb0bqq"; sha256 = "06sm4ah05j0f3bxb1sbdi8mazmxk166y2gaycll6p2xhd105ins3";
}; };
appimageContents = appimageTools.extractType2 { appimageContents = appimageTools.extractType2 {

10
third_party/nixpkgs/pkgs/applications/blockchains/monero-gui/default.nix vendored
View file

@ -27,13 +27,13 @@ in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "monero-gui"; pname = "monero-gui";
version = "0.17.1.0"; version = "0.17.1.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "monero-project"; owner = "monero-project";
repo = "monero-gui"; repo = "monero-gui";
rev = "v${version}"; rev = "v${version}";
sha256 = "07r78ipv4g3i6z822kq380vi3qwlb958rccsy6lyybkhj9y0rx84"; sha256 = "0aqhp4rmqsgwjb875kgh6qwz0wyyiag1fksyic9cnhgg5j5y95nx";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
@ -75,11 +75,7 @@ stdenv.mkDerivation rec {
'add_subdirectory(monero EXCLUDE_FROM_ALL)' 'add_subdirectory(monero EXCLUDE_FROM_ALL)'
''; '';
preConfigure = '' cmakeFlags = [ "-DARCH=${arch}" ];
# because $out needs to be expanded
cmakeFlagsArray+=("-DCMAKE_INSTALL_PREFIX=$out/bin")
cmakeFlagsArray+=("-DARCH=${arch}")
'';
desktopItem = makeDesktopItem { desktopItem = makeDesktopItem {
name = "monero-wallet-gui"; name = "monero-wallet-gui";

4
third_party/nixpkgs/pkgs/applications/blockchains/monero/default.nix vendored
View file

@ -17,13 +17,13 @@ assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "monero"; pname = "monero";
version = "0.17.1.0"; version = "0.17.1.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "monero-project"; owner = "monero-project";
repo = "monero"; repo = "monero";
rev = "v${version}"; rev = "v${version}";
sha256 = "1cngniv7sndy8r0fcfgk737640k53q3kwd36g891p5igcb985qdw"; sha256 = "18x27dm24k04vx0yz57zi02rk0wrmbn4wr8alqf48dq6z9wr0fhp";
fetchSubmodules = true; fetchSubmodules = true;
}; };

2
third_party/nixpkgs/pkgs/applications/blockchains/sumokoin.nix vendored
View file

@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true; enableParallelBuilding = true;
meta = with lib; { meta = with lib; {
description = "Sumokoin is a fork of Monero and a truely fungible cryptocurrency"; description = "A fork of Monero and a truely fungible cryptocurrency";
homepage = "https://www.sumokoin.org/"; homepage = "https://www.sumokoin.org/";
license = licenses.bsd3; license = licenses.bsd3;
maintainers = with maintainers; [ fpletz ]; maintainers = with maintainers; [ fpletz ];

6
third_party/nixpkgs/pkgs/applications/editors/android-studio/default.nix vendored
View file

@ -19,9 +19,9 @@ let
sha256Hash = "sha256-qbxmR9g8DSKzcP09bJuc+am79BSXWG39UQxFEb1bZ88="; sha256Hash = "sha256-qbxmR9g8DSKzcP09bJuc+am79BSXWG39UQxFEb1bZ88=";
}; };
latestVersion = { # canary & dev latestVersion = { # canary & dev
version = "4.2.0.14"; # "Android Studio 4.2 Canary 14" version = "4.2.0.15"; # "Android Studio 4.2 Canary 15"
build = "202.6907010"; build = "202.6922807";
sha256Hash = "sha256-A6nl4uN25CWOjpwBvOQG26EZnJP5tNvSrGtoF+IQmtY="; sha256Hash = "sha256-PXFNnPSJbdp9NtkMDR3Vq+vpWqd85Io2FmXPhRLRk/8=";
}; };
in { in {
# Attributes are named by their corresponding release channels # Attributes are named by their corresponding release channels

6
third_party/nixpkgs/pkgs/applications/editors/glow/default.nix vendored
View file

@ -2,16 +2,16 @@
buildGoModule rec { buildGoModule rec {
pname = "glow"; pname = "glow";
version = "1.0.2"; version = "1.1.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "charmbracelet"; owner = "charmbracelet";
repo = "glow"; repo = "glow";
rev = "v${version}"; rev = "v${version}";
sha256 ="0jyl5ln7c2naawmw7bljzrldr96xyb5rbis6y6blmyghr0vx07zb"; sha256 = "016psbm93ni81k87i9gx3cjr59j1fmpq5x8vz0ydabczzdshd1py";
}; };
vendorSha256 = "0z3r8fvpy36ybgb18sr0lril1sg8z7s99xv1a6g1v3zdnj3zimav"; vendorSha256 = "0gvlbj8b5sqk93ahg4b2krwrmr8ljz7cah77fxaxcd98apap0pw6";
doCheck = false; doCheck = false;

9
third_party/nixpkgs/pkgs/applications/editors/kakoune/default.nix vendored
View file

@ -30,6 +30,15 @@ stdenv.mkDerivation rec {
$out/bin/kak -ui json -E "kill 0" $out/bin/kak -ui json -E "kill 0"
''; '';
postInstall = ''
# make share/kak/autoload a directory, so we can use symlinkJoin with plugins
cd "$out/share/kak"
autoload_target=$(readlink autoload)
rm autoload
mkdir autoload
ln -s --relative "$autoload_target" autoload
'';
meta = { meta = {
homepage = "http://kakoune.org/"; homepage = "http://kakoune.org/";
description = "A vim inspired text editor"; description = "A vim inspired text editor";

4
third_party/nixpkgs/pkgs/applications/editors/kakoune/plugins/default.nix vendored
View file

@ -1,7 +1,7 @@
{ pkgs, parinfer-rust }: { pkgs, parinfer-rust, rep }:
{ {
inherit parinfer-rust; inherit parinfer-rust rep;
case-kak = pkgs.callPackage ./case.kak.nix { }; case-kak = pkgs.callPackage ./case.kak.nix { };
kak-ansi = pkgs.callPackage ./kak-ansi.nix { }; kak-ansi = pkgs.callPackage ./kak-ansi.nix { };

61
third_party/nixpkgs/pkgs/applications/editors/kakoune/wrapper.nix vendored
View file

@ -1,44 +1,31 @@
{ stdenv, bash }: { symlinkJoin, makeWrapper, kakoune, plugins ? [], configure ? {} }:
with stdenv.lib;
kakoune:
let let
getPlugins = { plugins ? [] }: plugins; # "plugins" is the preferred way, but some configurations may be
# using "configure.plugins", so accept both
requestedPlugins = plugins ++ (configure.plugins or []);
wrapper = { configure ? {} }: in
stdenv.mkDerivation rec { symlinkJoin {
pname = "kakoune"; name = "kakoune-${kakoune.version}";
version = getVersion kakoune;
src = ./.; buildInputs = [ makeWrapper ];
buildCommand = ''
mkdir -p $out/share/kak
for plugin in ${strings.escapeShellArgs (getPlugins configure)}; do
if [[ -d $plugin/share/kak/autoload ]]; then
find "$plugin/share/kak/autoload" -type f -name '*.kak'| while read rcfile; do
printf 'source "%s"\n' "$rcfile"
done
fi
done >>$out/share/kak/plugins.kak
mkdir -p $out/bin paths = [ kakoune ] ++ requestedPlugins;
substitute ${src}/wrapper.sh $out/bin/kak \
--subst-var-by bash "${bash}" \ postBuild = ''
--subst-var-by kakoune "${kakoune}" \ # location of kak binary is used to find ../share/kak/autoload,
--subst-var-by out "$out" # unless explicitly overriden with KAKOUNE_RUNTIME
chmod +x $out/bin/kak rm "$out/bin/kak"
makeWrapper "${kakoune}/bin/kak" "$out/bin/kak" --set KAKOUNE_RUNTIME "$out/share/kak"
# currently kakoune ignores doc files if they are symlinks, so workaround by
# copying doc files over, so they become regular files...
mkdir "$out/DELETE_ME"
mv "$out/share/kak/doc" "$out/DELETE_ME"
cp -r --dereference "$out/DELETE_ME/doc" "$out/share/kak"
rm -Rf "$out/DELETE_ME"
''; '';
preferLocalBuild = true; meta = kakoune.meta // { priority = (kakoune.meta.priority or 0) - 1; };
buildInputs = [ bash kakoune ]; }
passthru = { unwrapped = kakoune; };
meta = kakoune.meta // {
# prefer wrapper over the package
priority = (kakoune.meta.priority or 0) - 1;
hydraPlatforms = [];
};
};
in
makeOverridable wrapper

30
third_party/nixpkgs/pkgs/applications/editors/kakoune/wrapper.sh vendored
View file

@ -1,30 +0,0 @@
#!@bash@/bin/bash
# We use the -E option to load plugins. This only makes sense when we are
# starting a new session, so we detect that. Also, Kakoune can only handle
# one -E option, so we prepend loading plugins to an existing one.
args=( "$@" )
loadPlugins=true
EValueOffset=-1
pluginScript='@out@/share/kak/plugins.kak'
for (( i = 0; i < ${#args[@]}; i++ )); do
case "${args[i]}" in
-n|-c|-l|-p|-clear|-version) loadPlugins=false;;
-E) EValueOffset=$(( i + 1 ));;
--) break;;
esac
case "${args[i]}" in
-E|-c|-e|-s|-p|-f|-i|-ui|-debug) i=$(( i + 1 ));;
esac
done
if [[ $loadPlugins = true ]]; then
if (( EValueOffset >= 0 )); then
args[EValueOffset]="source '$pluginScript'"$'\n'"${args[EValueOffset]}"
else
args=( "-E" "source '$pluginScript'" "${args[@]}" )
fi
fi
exec @kakoune@/bin/kak "${args[@]}"

Some files were not shown because too many files have changed in this diff Show more