Project import generated by Copybara.

GitOrigin-RevId: a115bb9bd56831941be3776c8a94005867f316a7
This commit is contained in:
Default email 2022-11-27 10:42:12 +01:00
parent 6f77028a62
commit a71eb02b76
812 changed files with 41800 additions and 38607 deletions

View file

@ -1,4 +1,5 @@
**/deps.nix linguist-generated **/deps.nix linguist-generated
**/deps.json linguist-generated
**/node-packages.nix linguist-generated **/node-packages.nix linguist-generated
pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated

View file

@ -34,6 +34,10 @@ jobs:
pairs: pairs:
- from: master - from: master
into: haskell-updates into: haskell-updates
- from: release-22.11
into: staging-next-22.11
- from: staging-next-22.11
into: staging-22.11
- from: release-22.05 - from: release-22.05
into: staging-next-22.05 into: staging-next-22.05
- from: staging-next-22.05 - from: staging-next-22.05

View file

@ -1 +1 @@
22.11 23.05

View file

@ -100,10 +100,10 @@ stdenv.mkDerivation {
name = "hello"; name = "hello";
src = fetchgit { src = fetchgit {
url = "https://..."; url = "https://...";
sparseCheckout = '' sparseCheckout = [
directory/to/be/included "directory/to/be/included"
another/directory "another/directory"
''; ];
sha256 = "0000000000000000000000000000000000000000000000000000"; sha256 = "0000000000000000000000000000000000000000000000000000";
}; };
} }

View file

@ -394,3 +394,142 @@ buildImage {
}; };
} }
``` ```
## buildNixShellImage {#ssec-pkgs-dockerTools-buildNixShellImage}
Create a Docker image that sets up an environment similar to that of running `nix-shell` on a derivation.
When run in Docker, this environment somewhat resembles the Nix sandbox typically used by `nix-build`, with a major difference being that access to the internet is allowed.
It additionally also behaves like an interactive `nix-shell`, running things like `shellHook` and setting an interactive prompt.
If the derivation is fully buildable (i.e. `nix-build` can be used on it), running `buildDerivation` inside such a Docker image will build the derivation, with all its outputs being available in the correct `/nix/store` paths, pointed to by the respective environment variables like `$out`, etc.
::: {.warning}
The behavior doesn't match `nix-shell` or `nix-build` exactly and this function is known not to work correctly for e.g. fixed-output derivations, content-addressed derivations, impure derivations and other special types of derivations.
:::
### Arguments
`drv`
: The derivation on which to base the Docker image.
Adding packages to the Docker image is possible by e.g. extending the list of `nativeBuildInputs` of this derivation like
```nix
buildNixShellImage {
drv = someDrv.overrideAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs or [] ++ [
somethingExtra
];
});
# ...
}
```
Similarly, you can extend the image initialization script by extending `shellHook`
`name` _optional_
: The name of the resulting image.
*Default:* `drv.name + "-env"`
`tag` _optional_
: Tag of the generated image.
*Default:* the resulting image derivation output path's hash
`uid`/`gid` _optional_
: The user/group ID to run the container as. This is like a `nixbld` build user.
*Default:* 1000/1000
`homeDirectory` _optional_
: The home directory of the user the container is running as
*Default:* `/build`
`shell` _optional_
: The path to the `bash` binary to use as the shell. This shell is started when running the image.
*Default:* `pkgs.bashInteractive + "/bin/bash"`
`command` _optional_
: Run this command in the environment of the derivation, in an interactive shell. See the `--command` option in the [`nix-shell` documentation](https://nixos.org/manual/nix/stable/command-ref/nix-shell.html?highlight=nix-shell#options).
*Default:* (none)
`run` _optional_
: Same as `command`, but runs the command in a non-interactive shell instead. See the `--run` option in the [`nix-shell` documentation](https://nixos.org/manual/nix/stable/command-ref/nix-shell.html?highlight=nix-shell#options).
*Default:* (none)
### Example
The following shows how to build the `pkgs.hello` package inside a Docker container built with `buildNixShellImage`.
```nix
with import <nixpkgs> {};
dockerTools.buildNixShellImage {
drv = hello;
}
```
Build the derivation:
```console
nix-build hello.nix
```
these 8 derivations will be built:
/nix/store/xmw3a5ln29rdalavcxk1w3m4zb2n7kk6-nix-shell-rc.drv
...
Creating layer 56 from paths: ['/nix/store/crpnj8ssz0va2q0p5ibv9i6k6n52gcya-stdenv-linux']
Creating layer 57 with customisation...
Adding manifests...
Done.
/nix/store/cpyn1lc897ghx0rhr2xy49jvyn52bazv-hello-2.12-env.tar.gz
Load the image:
```console
docker load -i result
```
0d9f4c4cd109: Loading layer [==================================================>] 2.56MB/2.56MB
...
ab1d897c0697: Loading layer [==================================================>] 10.24kB/10.24kB
Loaded image: hello-2.12-env:pgj9h98nal555415faa43vsydg161bdz
Run the container:
```console
docker run -it hello-2.12-env:pgj9h98nal555415faa43vsydg161bdz
```
[nix-shell:/build]$
In the running container, run the build:
```console
buildDerivation
```
unpacking sources
unpacking source archive /nix/store/8nqv6kshb3vs5q5bs2k600xpj5bkavkc-hello-2.12.tar.gz
...
patching script interpreter paths in /nix/store/z5wwy5nagzy15gag42vv61c2agdpz2f2-hello-2.12
checking for references to /build/ in /nix/store/z5wwy5nagzy15gag42vv61c2agdpz2f2-hello-2.12...
Check the build result:
```console
$out/bin/hello
```
Hello, world!

View file

@ -177,7 +177,7 @@ buildNpmPackage rec {
patches = [ ./remove-prepack-script.patch ]; patches = [ ./remove-prepack-script.patch ];
npmDepsHash = "sha256-s8SpZY/1tKZVd3vt7sA9vsqHvEaNORQBMrSyhWpj048="; npmDepsHash = "sha256-tuEfyePwlOy2/mOPdXbqJskO6IowvAP4DWg8xSZwbJw=";
NODE_OPTIONS = "--openssl-legacy-provider"; NODE_OPTIONS = "--openssl-legacy-provider";
@ -196,7 +196,7 @@ buildNpmPackage rec {
* `makeCacheWritable`: Whether to make the cache writable prior to installing dependencies. Don't set this unless npm tries to write to the cache directory, as it can slow down the build. * `makeCacheWritable`: Whether to make the cache writable prior to installing dependencies. Don't set this unless npm tries to write to the cache directory, as it can slow down the build.
* `npmBuildScript`: The script to run to build the project. Defaults to `"build"`. * `npmBuildScript`: The script to run to build the project. Defaults to `"build"`.
* `npmFlags`: Flags to pass to all npm commands. * `npmFlags`: Flags to pass to all npm commands.
* `npmInstallFlags`: Flags to pass to `npm ci`. * `npmInstallFlags`: Flags to pass to `npm ci` and `npm prune`.
* `npmBuildFlags`: Flags to pass to `npm run ${npmBuildScript}`. * `npmBuildFlags`: Flags to pass to `npm run ${npmBuildScript}`.
* `npmPackFlags`: Flags to pass to `npm pack`. * `npmPackFlags`: Flags to pass to `npm pack`.

View file

@ -608,227 +608,6 @@ buildPythonPackage rec {
} }
``` ```
## `buildRustCrate`: Compiling Rust crates using Nix instead of Cargo {#compiling-rust-crates-using-nix-instead-of-cargo}
### Simple operation {#simple-operation}
When run, `cargo build` produces a file called `Cargo.lock`,
containing pinned versions of all dependencies. Nixpkgs contains a
tool called `carnix` (`nix-env -iA nixos.carnix`), which can be used
to turn a `Cargo.lock` into a Nix expression.
That Nix expression calls `rustc` directly (hence bypassing Cargo),
and can be used to compile a crate and all its dependencies. Here is
an example for a minimal `hello` crate:
```ShellSession
$ cargo new hello
$ cd hello
$ cargo build
Compiling hello v0.1.0 (file:///tmp/hello)
Finished dev [unoptimized + debuginfo] target(s) in 0.20 secs
$ carnix -o hello.nix --src ./. Cargo.lock --standalone
$ nix-build hello.nix -A hello_0_1_0
```
Now, the file produced by the call to `carnix`, called `hello.nix`, looks like:
```nix
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ stdenv, buildRustCrate, fetchgit }:
let kernel = stdenv.buildPlatform.parsed.kernel.name;
# ... (content skipped)
in
rec {
hello = f: hello_0_1_0 { features = hello_0_1_0_features { hello_0_1_0 = f; }; };
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "pe@pijul.org <pe@pijul.org>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
hello_0_1_0 = { features?(hello_0_1_0_features {}) }: hello_0_1_0_ {};
hello_0_1_0_features = f: updateFeatures f (rec {
hello_0_1_0.default = (f.hello_0_1_0.default or true);
}) [ ];
}
```
In particular, note that the argument given as `--src` is copied
verbatim to the source. If we look at a more complicated
dependencies, for instance by adding a single line `libc="*"` to our
`Cargo.toml`, we first need to run `cargo build` to update the
`Cargo.lock`. Then, `carnix` needs to be run again, and produces the
following nix file:
```nix
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ stdenv, buildRustCrate, fetchgit }:
let kernel = stdenv.buildPlatform.parsed.kernel.name;
# ... (content skipped)
in
rec {
hello = f: hello_0_1_0 { features = hello_0_1_0_features { hello_0_1_0 = f; }; };
hello_0_1_0_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "hello";
version = "0.1.0";
authors = [ "pe@pijul.org <pe@pijul.org>" ];
src = ./.;
inherit dependencies buildDependencies features;
};
libc_0_2_36_ = { dependencies?[], buildDependencies?[], features?[] }: buildRustCrate {
crateName = "libc";
version = "0.2.36";
authors = [ "The Rust Project Developers" ];
sha256 = "01633h4yfqm0s302fm0dlba469bx8y6cs4nqc8bqrmjqxfxn515l";
inherit dependencies buildDependencies features;
};
hello_0_1_0 = { features?(hello_0_1_0_features {}) }: hello_0_1_0_ {
dependencies = mapFeatures features ([ libc_0_2_36 ]);
};
hello_0_1_0_features = f: updateFeatures f (rec {
hello_0_1_0.default = (f.hello_0_1_0.default or true);
libc_0_2_36.default = true;
}) [ libc_0_2_36_features ];
libc_0_2_36 = { features?(libc_0_2_36_features {}) }: libc_0_2_36_ {
features = mkFeatures (features.libc_0_2_36 or {});
};
libc_0_2_36_features = f: updateFeatures f (rec {
libc_0_2_36.default = (f.libc_0_2_36.default or true);
libc_0_2_36.use_std =
(f.libc_0_2_36.use_std or false) ||
(f.libc_0_2_36.default or false) ||
(libc_0_2_36.default or false);
}) [];
}
```
Here, the `libc` crate has no `src` attribute, so `buildRustCrate`
will fetch it from [crates.io](https://crates.io). A `sha256`
attribute is still needed for Nix purity.
### Handling external dependencies {#handling-external-dependencies}
Some crates require external libraries. For crates from
[crates.io](https://crates.io), such libraries can be specified in
`defaultCrateOverrides` package in nixpkgs itself.
Starting from that file, one can add more overrides, to add features
or build inputs by overriding the hello crate in a separate file.
```nix
with import <nixpkgs> {};
((import ./hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
hello = attrs: { buildInputs = [ openssl ]; };
};
}
```
Here, `crateOverrides` is expected to be a attribute set, where the
key is the crate name without version number and the value a function.
The function gets all attributes passed to `buildRustCrate` as first
argument and returns a set that contains all attribute that should be
overwritten.
For more complicated cases, such as when parts of the crate's
derivation depend on the crate's version, the `attrs` argument of
the override above can be read, as in the following example, which
patches the derivation:
```nix
with import <nixpkgs> {};
((import ./hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
hello = attrs: lib.optionalAttrs (lib.versionAtLeast attrs.version "1.0") {
postPatch = ''
substituteInPlace lib/zoneinfo.rs \
--replace "/usr/share/zoneinfo" "${tzdata}/share/zoneinfo"
'';
};
};
}
```
Another situation is when we want to override a nested
dependency. This actually works in the exact same way, since the
`crateOverrides` parameter is forwarded to the crate's
dependencies. For instance, to override the build inputs for crate
`libc` in the example above, where `libc` is a dependency of the main
crate, we could do:
```nix
with import <nixpkgs> {};
((import hello.nix).hello {}).override {
crateOverrides = defaultCrateOverrides // {
libc = attrs: { buildInputs = []; };
};
}
```
### Options and phases configuration {#options-and-phases-configuration}
Actually, the overrides introduced in the previous section are more
general. A number of other parameters can be overridden:
- The version of `rustc` used to compile the crate:
```nix
(hello {}).override { rust = pkgs.rust; };
```
- Whether to build in release mode or debug mode (release mode by
default):
```nix
(hello {}).override { release = false; };
```
- Whether to print the commands sent to `rustc` when building
(equivalent to `--verbose` in cargo:
```nix
(hello {}).override { verbose = false; };
```
- Extra arguments to be passed to `rustc`:
```nix
(hello {}).override { extraRustcOpts = "-Z debuginfo=2"; };
```
- Phases, just like in any other derivation, can be specified using
the following attributes: `preUnpack`, `postUnpack`, `prePatch`,
`patches`, `postPatch`, `preConfigure` (in the case of a Rust crate,
this is run before calling the "build" script), `postConfigure`
(after the "build" script),`preBuild`, `postBuild`, `preInstall` and
`postInstall`. As an example, here is how to create a new module
before running the build script:
```nix
(hello {}).override {
preConfigure = ''
echo "pub const PATH=\"${hi.out}\";" >> src/path.rs"
'';
};
```
### Features {#features}
One can also supply features switches. For example, if we want to
compile `diesel_cli` only with the `postgres` feature, and no default
features, we would write:
```nix
(callPackage ./diesel.nix {}).diesel {
default = false;
postgres = true;
}
```
Where `diesel.nix` is the file generated by Carnix, as explained above.
## Setting Up `nix-shell` {#setting-up-nix-shell} ## Setting Up `nix-shell` {#setting-up-nix-shell}
Oftentimes you want to develop code from within `nix-shell`. Unfortunately Oftentimes you want to develop code from within `nix-shell`. Unfortunately

View file

@ -422,29 +422,29 @@ rec {
else if (elemAt l 1) == "elf" else if (elemAt l 1) == "elf"
then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; } then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; }
else { cpu = elemAt l 0; kernel = elemAt l 1; }; else { cpu = elemAt l 0; kernel = elemAt l 1; };
"3" = # Awkward hacks, beware! "3" =
if elemAt l 1 == "apple" # cpu-kernel-environment
then { cpu = elemAt l 0; vendor = "apple"; kernel = elemAt l 2; } if elemAt l 1 == "linux" ||
else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu") elem (elemAt l 2) ["eabi" "eabihf" "elf" "gnu"]
then { cpu = elemAt l 0; kernel = elemAt l 1; abi = elemAt l 2; } then {
else if (elemAt l 2 == "mingw32") # autotools breaks on -gnu for window cpu = elemAt l 0;
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; } kernel = elemAt l 1;
else if (elemAt l 2 == "wasi") abi = elemAt l 2;
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "wasi"; } vendor = "unknown";
else if (elemAt l 2 == "redox") }
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "redox"; } # cpu-vendor-os
else if (elemAt l 2 == "mmixware") else if elemAt l 1 == "apple" ||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "mmixware"; } elem (elemAt l 2) [ "wasi" "redox" "mmixware" "ghcjs" "mingw32" ] ||
else if hasPrefix "freebsd" (elemAt l 2) hasPrefix "freebsd" (elemAt l 2) ||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } hasPrefix "netbsd" (elemAt l 2) ||
else if hasPrefix "netbsd" (elemAt l 2) hasPrefix "genode" (elemAt l 2)
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } then {
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"]) cpu = elemAt l 0;
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; } vendor = elemAt l 1;
else if (elemAt l 2 == "ghcjs") kernel = if elemAt l 2 == "mingw32"
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; } then "windows" # autotools breaks on -gnu for window
else if hasPrefix "genode" (elemAt l 2) else elemAt l 2;
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } }
else throw "Target specification with 3 components is ambiguous"; else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; }; "4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)} }.${toString (length l)}

View file

@ -195,7 +195,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen On each release the first letter is bumped and a new animal is chosen
starting with that new letter. starting with that new letter.
*/ */
codeName = "Raccoon"; codeName = "Stoat";
/* Returns the current nixpkgs version suffix as string. */ /* Returns the current nixpkgs version suffix as string. */
versionSuffix = versionSuffix =
@ -213,8 +213,8 @@ rec {
# Default value to return if revision can not be determined # Default value to return if revision can not be determined
default: default:
let let
revisionFile = ./.. + "/.git-revision"; revisionFile = "${toString ./..}/.git-revision";
gitRepo = ./.. + "/.git"; gitRepo = "${toString ./..}/.git";
in if lib.pathIsGitRepo gitRepo in if lib.pathIsGitRepo gitRepo
then lib.commitIdFromGitRepo gitRepo then lib.commitIdFromGitRepo gitRepo
else if lib.pathExists revisionFile then lib.fileContents revisionFile else if lib.pathExists revisionFile then lib.fileContents revisionFile

View file

@ -2233,6 +2233,12 @@
github = "scaredmushroom"; github = "scaredmushroom";
githubId = 45340040; githubId = 45340040;
}; };
CaptainJawZ = {
email = "CaptainJawZ@outlook.com";
name = "Danilo Reyes";
github = "CaptainJawZ";
githubId = 43111068;
};
carlosdagos = { carlosdagos = {
email = "m@cdagostino.io"; email = "m@cdagostino.io";
github = "carlosdagos"; github = "carlosdagos";
@ -5413,6 +5419,12 @@
fingerprint = "3F35 E4CA CBF4 2DE1 2E90 53E5 03A6 E6F7 8693 6619"; fingerprint = "3F35 E4CA CBF4 2DE1 2E90 53E5 03A6 E6F7 8693 6619";
}]; }];
}; };
harrisonthorne = {
email = "harrisonthorne@proton.me";
github = "harrisonthorne";
githubId = 33523827;
name = "Harrison Thorne";
};
harvidsen = { harvidsen = {
email = "harvidsen@gmail.com"; email = "harvidsen@gmail.com";
github = "harvidsen"; github = "harvidsen";
@ -6812,6 +6824,12 @@
githubId = 7673602; githubId = 7673602;
name = "Jonathan Ringer"; name = "Jonathan Ringer";
}; };
jordanisaacs = {
name = "Jordan Isaacs";
email = "nix@jdisaacs.com";
github = "jordanisaacs";
githubId = 19742638;
};
jorise = { jorise = {
email = "info@jorisengbers.nl"; email = "info@jorisengbers.nl";
github = "JorisE"; github = "JorisE";
@ -10652,6 +10670,12 @@
githubId = 84886; githubId = 84886;
name = "Paul Baecher"; name = "Paul Baecher";
}; };
pbar = {
email = "piercebartine@gmail.com";
github = "pbar1";
githubId = 26949935;
name = "Pierce Bartine";
};
pbogdan = { pbogdan = {
email = "ppbogdan@gmail.com"; email = "ppbogdan@gmail.com";
github = "pbogdan"; github = "pbogdan";
@ -14287,6 +14311,12 @@
githubId = 32751441; githubId = 32751441;
name = "urlordjames"; name = "urlordjames";
}; };
ursi = {
email = "masondeanm@aol.com";
github = "ursi";
githubId = 17836748;
name = "Mason Mackaman";
};
uskudnik = { uskudnik = {
email = "urban.skudnik@gmail.com"; email = "urban.skudnik@gmail.com";
github = "uskudnik"; github = "uskudnik";
@ -15909,10 +15939,4 @@
github = "wuyoli"; github = "wuyoli";
githubId = 104238274; githubId = 104238274;
}; };
jordanisaacs = {
name = "Jordan Isaacs";
email = "nix@jdisaacs.com";
github = "jordanisaacs";
githubId = 19742638;
};
} }

View file

@ -211,7 +211,7 @@ $ sudo groupdel nixbld
Generate your NixOS configuration: Generate your NixOS configuration:
</para> </para>
<programlisting> <programlisting>
$ sudo `which nixos-generate-config` --root / $ sudo `which nixos-generate-config`
</programlisting> </programlisting>
<para> <para>
Note that this will place the generated configuration files in Note that this will place the generated configuration files in

View file

@ -1435,7 +1435,7 @@ Superuser created successfully.
<para> <para>
The default GNAT version has been changed: The The default GNAT version has been changed: The
<literal>gnat</literal> attribute now points to <literal>gnat</literal> attribute now points to
<literal>gnat11</literal> instead of <literal>gnat9</literal>. <literal>gnat12</literal> instead of <literal>gnat9</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>

View file

@ -278,6 +278,16 @@
<link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>. <link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<link xlink:href="https://evcc.io">EVCC</link> is an EV charge
controller with PV integration. It supports a multitude of
chargers, meters, vehicle APIs and more and ties that together
with a well-tested backend and a lightweight web frontend.
Available as
<link linkend="opt-services.evcc.enable">services.evcc</link>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>, <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,
@ -580,6 +590,15 @@
future Git update without notice. future Git update without notice.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>fetchgit</literal> fetcher supports sparse
checkouts via the <literal>sparseCheckout</literal> option.
This used to accept a multi-line string with
directories/patterns to check out, but now requires a list of
strings.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>openssh</literal> was updated to version 9.1, <literal>openssh</literal> was updated to version 9.1,
@ -637,7 +656,7 @@
<literal>22.11</literal>. This is to make sure that people <literal>22.11</literal>. This is to make sure that people
using using
<link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side
encryption</link> dont loose access to their files. encryption</link> dont lose access to their files.
</para> </para>
<para> <para>
In any other case its safe to use OpenSSL 3 for PHPs openssl In any other case its safe to use OpenSSL 3 for PHPs openssl
@ -690,6 +709,14 @@
<literal>emacs-gtk</literal>. <literal>emacs-gtk</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>kanidm</literal> has been updated to 1.1.0-alpha.10
and now requires a tls certificate and key. It will always
start an https and if enabled an ldaps server and no http
and ldap server anymore.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
riak package removed along with riak package removed along with
@ -1383,6 +1410,14 @@ services.github-runner.serviceOverrides.SupplementaryGroups = [
for more details. for more details.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>netlify-cli</literal> package has been updated
from 6.13.2 to 12.2.4, see the
<link xlink:href="https://github.com/netlify/cli/releases">changelog</link>
for more details.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>dockerTools.buildImage</literal> deprecates the <literal>dockerTools.buildImage</literal> deprecates the
@ -1392,6 +1427,26 @@ services.github-runner.serviceOverrides.SupplementaryGroups = [
if you intend to add packages to <literal>/bin</literal>. if you intend to add packages to <literal>/bin</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>proxmox.qemuConf.bios</literal> option was added,
it corresponds to <literal>Hardware-&gt;BIOS</literal> field
in Proxmox web interface. Use
<literal>&quot;ovmf&quot;</literal> value to build UEFI image,
default value remains <literal>&quot;bios&quot;</literal>. New
option <literal>proxmox.partitionTableType</literal> defaults
to either <literal>&quot;legacy&quot;</literal> or
<literal>&quot;efi&quot;</literal>, depending on the
<literal>bios</literal> value. Setting
<literal>partitionTableType</literal> to
<literal>&quot;hybrid&quot;</literal> results in an image,
which supports both methods
(<literal>&quot;bios&quot;</literal> and
<literal>&quot;ovmf&quot;</literal>), thereby remaining
bootable after change to Proxmox
<literal>Hardware-&gt;BIOS</literal> field.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2.
@ -1647,6 +1702,22 @@ services.github-runner.serviceOverrides.SupplementaryGroups = [
<literal>picom</literal> to quit instead. <literal>picom</literal> to quit instead.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>haskellPackage.callHackage</literal> is not always
invalidated if <literal>all-cabal-hashes</literal> changes,
leading to less rebuilds of haskell dependencies.
</para>
</listitem>
<listitem>
<para>
<literal>haskellPackages.callHackage</literal> and
<literal>haskellPackages.callCabal2nix</literal> (and related
functions) no longer keep a reference to the
<literal>cabal2nix</literal> call used to generate them. As a
result, they will be garbage collected more often.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View file

@ -0,0 +1,91 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-23.05">
<title>Release 23.05 (“Stoat”, 2023.05/??)</title>
<para>
Support is planned until the end of December 2023, handing over to
23.11.
</para>
<section xml:id="sec-release-23.05-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release
has the following highlights:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Create the first release note entry in this section!
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-23.05-new-services">
<title>New Services</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Create the first release note entry in this section!
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-23.05-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
<literal>carnix</literal> and <literal>cratesIO</literal> has
been removed due to being unmaintained, use alternatives such
as
<link xlink:href="https://github.com/nix-community/naersk">naersk</link>
and
<link xlink:href="https://github.com/kolloch/crate2nix">crate2nix</link>
instead.
</para>
</listitem>
<listitem>
<para>
The EC2 image module no longer fetches instance metadata in
stage-1. This results in a significantly smaller initramfs,
since network drivers no longer need to be included, and
faster boots, since metadata fetching can happen in parallel
with startup of other services. This breaks services which
rely on metadata being present by the time stage-2 is entered.
Anything which reads EC2 metadata from
<literal>/etc/ec2-metadata</literal> should now have an
<literal>after</literal> dependency on
<literal>fetch-ec2-metadata.service</literal>
</para>
</listitem>
<listitem>
<para>
The EC2 image module previously detected and automatically
mounted ext3-formatted instance store devices and partitions
in stage-1 (initramfs), storing <literal>/tmp</literal> on the
first discovered device. This behaviour, which only catered to
very specific use cases and could not be disabled, has been
removed. Users relying on this should provide their own
implementation, and probably use ext4 and perform the mount in
stage-2.
</para>
</listitem>
<listitem>
<para>
The EC2 image module previously detected and activated
swap-formatted instance store devices and partitions in
stage-1 (initramfs). This behaviour has been removed. Users
relying on this should provide their own implementation.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-23.05-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Create the first release note entry in this section!
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -148,7 +148,7 @@ The first steps to all these are the same:
Generate your NixOS configuration: Generate your NixOS configuration:
```ShellSession ```ShellSession
$ sudo `which nixos-generate-config` --root / $ sudo `which nixos-generate-config`
``` ```
Note that this will place the generated configuration files in Note that this will place the generated configuration files in

View file

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and This section lists the release notes for each stable version of NixOS and
current unstable revision. current unstable revision.
</para> </para>
<xi:include href="../from_md/release-notes/rl-2305.section.xml" />
<xi:include href="../from_md/release-notes/rl-2211.section.xml" /> <xi:include href="../from_md/release-notes/rl-2211.section.xml" />
<xi:include href="../from_md/release-notes/rl-2205.section.xml" /> <xi:include href="../from_md/release-notes/rl-2205.section.xml" />
<xi:include href="../from_md/release-notes/rl-2111.section.xml" /> <xi:include href="../from_md/release-notes/rl-2111.section.xml" />

View file

@ -427,7 +427,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.ddclient.password` option was removed, and replaced with `services.ddclient.passwordFile`. - The `services.ddclient.password` option was removed, and replaced with `services.ddclient.passwordFile`.
- The default GNAT version has been changed: The `gnat` attribute now points to `gnat11` - The default GNAT version has been changed: The `gnat` attribute now points to `gnat12`
instead of `gnat9`. instead of `gnat9`.
- `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available. - `retroArchCores` has been removed. This means that using `nixpkgs.config.retroarch` to customize RetroArch cores is not supported anymore. Instead, use package overrides, for example: `retroarch.override { cores = with libretro; [ citra snes9x ]; };`. Also, `retroarchFull` derivation is available for those who want to have all RetroArch cores available.

View file

@ -98,6 +98,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable). - [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).
- [EVCC](https://evcc.io) is an EV charge controller with PV integration. It supports a multitude of chargers, meters, vehicle APIs and more and ties that together with a well-tested backend and a lightweight web frontend. Available as [services.evcc](#opt-services.evcc.enable).
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle. - [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
Available as [services.infnoise](options.html#opt-services.infnoise.enable). Available as [services.infnoise](options.html#opt-services.infnoise.enable).
@ -191,6 +193,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice. - The `fetchgit` fetcher now uses [cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalscone_mode_handling) by default for sparse checkouts. [Non-cone mode](https://www.git-scm.com/docs/git-sparse-checkout/2.37.0#_internalsnon_cone_problems) can be enabled by passing `nonConeMode = true`, but note that non-cone mode is deprecated and this option may be removed alongside a future Git update without notice.
- The `fetchgit` fetcher supports sparse checkouts via the `sparseCheckout` option. This used to accept a multi-line string with directories/patterns to check out, but now requires a list of strings.
- `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins - `openssh` was updated to version 9.1, disabling the generation of DSA keys when using `ssh-keygen -A` as they are insecure. Also, `SetEnv` directives in `ssh_config` and `sshd_config` are now first-match-wins
- `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`. - `bsp-layout` no longer uses the command `cycle` to switch to other window layouts, as it got replaced by the commands `previous` and `next`.
@ -206,7 +210,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if - The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if
[](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html) [](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)
don't loose access to their files. don't lose access to their files.
In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting
[](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`. [](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`.
@ -227,6 +231,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues. - Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues.
Users who still wish to remain using GTK can do so by using `emacs-gtk`. Users who still wish to remain using GTK can do so by using `emacs-gtk`.
- `kanidm` has been updated to 1.1.0-alpha.10 and now requires a tls certificate and key. It will always start an https and if enabled an ldaps server and no http and ldap server anymore.
- riak package removed along with `services.riak` module, due to lack of maintainer to update the package. - riak package removed along with `services.riak` module, due to lack of maintainer to update the package.
- ppd files in `pkgs.cups-drv-rastertosag-gdi` are now gzipped. If you refer to such a ppd file with its path (e.g. via [hardware.printers.ensurePrinters](options.html#opt-hardware.printers.ensurePrinters)) you will need to append `.gz` to the path. - ppd files in `pkgs.cups-drv-rastertosag-gdi` are now gzipped. If you refer to such a ppd file with its path (e.g. via [hardware.printers.ensurePrinters](options.html#opt-hardware.printers.ensurePrinters)) you will need to append `.gz` to the path.
@ -448,9 +454,13 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `guake` package has been updated from 3.6.3 to 3.9.0, see the [changelog](https://github.com/Guake/guake/releases) for more details. - The `guake` package has been updated from 3.6.3 to 3.9.0, see the [changelog](https://github.com/Guake/guake/releases) for more details.
- The `netlify-cli` package has been updated from 6.13.2 to 12.2.4, see the [changelog](https://github.com/netlify/cli/releases) for more details.
- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`. - `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`. Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`.
- The `proxmox.qemuConf.bios` option was added, it corresponds to `Hardware->BIOS` field in Proxmox web interface. Use `"ovmf"` value to build UEFI image, default value remains `"bios"`. New option `proxmox.partitionTableType` defaults to either `"legacy"` or `"efi"`, depending on the `bios` value. Setting `partitionTableType` to `"hybrid"` results in an image, which supports both methods (`"bios"` and `"ovmf"`), thereby remaining bootable after change to Proxmox `Hardware->BIOS` field.
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available. - memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
- Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release. - Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
@ -521,4 +531,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The option `services.picom.experimentalBackends` was removed since it is now the default and the option will cause `picom` to quit instead. - The option `services.picom.experimentalBackends` was removed since it is now the default and the option will cause `picom` to quit instead.
- `haskellPackage.callHackage` is not always invalidated if `all-cabal-hashes` changes, leading to less rebuilds of haskell dependencies.
- `haskellPackages.callHackage` and `haskellPackages.callCabal2nix` (and related functions) no longer keep a reference to the `cabal2nix` call used to generate them. As a result, they will be garbage collected more often.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -0,0 +1,36 @@
# Release 23.05 (“Stoat”, 2023.05/??) {#sec-release-23.05}
Support is planned until the end of December 2023, handing over to 23.11.
## Highlights {#sec-release-23.05-highlights}
In addition to numerous new and upgraded packages, this release has the following highlights:
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- Create the first release note entry in this section!
## New Services {#sec-release-23.05-new-services}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- Create the first release note entry in this section!
## Backward Incompatibilities {#sec-release-23.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead.
- The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services.
This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service`
- The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2.
- The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation.
## Other Notable Changes {#sec-release-23.05-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- Create the first release note entry in this section!

View file

@ -43,7 +43,7 @@ in {
sizeMB = mkOption { sizeMB = mkOption {
type = with types; either (enum [ "auto" ]) int; type = with types; either (enum [ "auto" ]) int;
default = if config.ec2.hvm then 2048 else 8192; default = 2048;
example = 8192; example = 8192;
description = lib.mdDoc "The size in MB of the image"; description = lib.mdDoc "The size in MB of the image";
}; };
@ -60,9 +60,6 @@ in {
'' ''
{ modulesPath, ... }: { { modulesPath, ... }: {
imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ]; imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ];
${optionalString config.ec2.hvm ''
ec2.hvm = true;
''}
${optionalString config.ec2.efi '' ${optionalString config.ec2.efi ''
ec2.efi = true; ec2.efi = true;
''} ''}
@ -129,9 +126,7 @@ in {
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
fsType = "ext4"; fsType = "ext4";
partitionTableType = if config.ec2.efi then "efi" partitionTableType = if config.ec2.efi then "efi" else "legacy+gpt";
else if config.ec2.hvm then "legacy+gpt"
else "none";
diskSize = cfg.sizeMB; diskSize = cfg.sizeMB;

View file

@ -491,6 +491,7 @@
./services/hardware/vdr.nix ./services/hardware/vdr.nix
./services/home-automation/home-assistant.nix ./services/home-automation/home-assistant.nix
./services/home-automation/zigbee2mqtt.nix ./services/home-automation/zigbee2mqtt.nix
./services/home-automation/evcc.nix
./services/logging/SystemdJournal2Gelf.nix ./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix ./services/logging/awstats.nix
./services/logging/filebeat.nix ./services/logging/filebeat.nix

View file

@ -16,11 +16,12 @@ in
group. group.
''; '';
}; };
package = mkPackageOption pkgs "flashrom" { };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.udev.packages = [ pkgs.flashrom ]; services.udev.packages = [ cfg.package ];
environment.systemPackages = [ pkgs.flashrom ]; environment.systemPackages = [ cfg.package ];
users.groups.flashrom = { }; users.groups.flashrom = { };
}; };
} }

View file

@ -247,6 +247,7 @@ in {
DynamicUser = true; DynamicUser = true;
Restart = "on-failure"; Restart = "on-failure";
StateDirectory = "lighthouse-beacon"; StateDirectory = "lighthouse-beacon";
ReadWritePaths = [ cfg.beacon.dataDir ];
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateTmp = true; PrivateTmp = true;
ProtectHome = true; ProtectHome = true;
@ -287,6 +288,7 @@ in {
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
StateDirectory = "lighthouse-validator"; StateDirectory = "lighthouse-validator";
ReadWritePaths = [ cfg.validator.dataDir ];
CapabilityBoundingSet = ""; CapabilityBoundingSet = "";
DynamicUser = true; DynamicUser = true;
NoNewPrivileges = true; NoNewPrivileges = true;

View file

@ -361,8 +361,10 @@ in {
fi fi
echo 'include "${redisConfStore}"' > "${redisConfRun}" echo 'include "${redisConfStore}"' > "${redisConfRun}"
${optionalString (conf.requirePassFile != null) '' ${optionalString (conf.requirePassFile != null) ''
{echo -n "requirepass " {
cat ${escapeShellArg conf.requirePassFile}} >> "${redisConfRun}" echo -n "requirepass "
cat ${escapeShellArg conf.requirePassFile}
} >> "${redisConfRun}"
''} ''}
''); '');
Type = "notify"; Type = "notify";

View file

@ -0,0 +1,92 @@
{ lib
, pkgs
, config
, ...
}:
with lib;
let
cfg = config.services.evcc;
format = pkgs.formats.yaml {};
configFile = format.generate "evcc.yml" cfg.settings;
package = pkgs.evcc;
in
{
meta.maintainers = with lib.maintainers; [ hexa ];
options.services.evcc = with types; {
enable = mkEnableOption (lib.mdDoc "EVCC, the extensible EV Charge Controller with PV integration");
extraArgs = mkOption {
type = listOf str;
default = [];
description = lib.mdDoc ''
Extra arguments to pass to the evcc executable.
'';
};
settings = mkOption {
type = format.type;
description = lib.mdDoc ''
evcc configuration as a Nix attribute set.
Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/${package.version}/evcc.dist.yaml].
'';
};
};
config = mkIf cfg.enable {
systemd.services.evcc = {
after = [
"network-online.target"
"mosquitto.target"
];
wantedBy = [
"multi-user.target"
];
serviceConfig = {
ExecStart = "${package}/bin/evcc --config ${configFile} ${escapeShellArgs cfg.extraArgs}";
CapabilityBoundingSet = [ "" ];
DeviceAllow = [
"char-ttyUSB"
];
DevicePolicy = "closed";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups= true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
User = "evcc";
};
};
};
meta.buildDocsInSandbox = false;
}

View file

@ -9,6 +9,7 @@ let
poller = { inherit (cfg.log) debug quiet; }; poller = { inherit (cfg.log) debug quiet; };
unifi = { inherit (cfg) controllers; }; unifi = { inherit (cfg) controllers; };
influxdb.disable = true; influxdb.disable = true;
datadog.disable = true; # workaround for https://github.com/unpoller/unpoller/issues/442
prometheus = { prometheus = {
http_listen = "${cfg.listenAddress}:${toString cfg.port}"; http_listen = "${cfg.listenAddress}:${toString cfg.port}";
report_errors = cfg.log.prometheusErrors; report_errors = cfg.log.prometheusErrors;
@ -30,7 +31,7 @@ in {
}; };
serviceOpts.serviceConfig = { serviceOpts.serviceConfig = {
ExecStart = "${pkgs.unifi-poller}/bin/unifi-poller --config ${configFile}"; ExecStart = "${pkgs.unifi-poller}/bin/unpoller --config ${configFile}";
DynamicUser = false; DynamicUser = false;
}; };
} }

View file

@ -100,6 +100,14 @@ in
readOnly = true; readOnly = true;
type = lib.types.path; type = lib.types.path;
}; };
tls_chain = lib.mkOption {
description = lib.mdDoc "TLS chain in pem format.";
type = lib.types.path;
};
tls_key = lib.mkOption {
description = lib.mdDoc "TLS key in pem format.";
type = lib.types.path;
};
log_level = lib.mkOption { log_level = lib.mkOption {
description = lib.mdDoc "Log level of the server."; description = lib.mdDoc "Log level of the server.";
default = "default"; default = "default";

View file

@ -14,7 +14,7 @@ let
serviceDirectories = cfg.packages; serviceDirectories = cfg.packages;
}; };
inherit (lib) mkOption types; inherit (lib) mkOption mkIf mkMerge types;
in in
@ -33,6 +33,18 @@ in
''; '';
}; };
implementation = mkOption {
type = types.enum [ "dbus" "broker" ];
default = "dbus";
description = lib.mdDoc ''
The implementation to use for the message bus defined by the D-Bus specification.
Can be either the classic dbus daemon or dbus-broker, which aims to provide high
performance and reliability, while keeping compatibility to the D-Bus
reference implementation.
'';
};
packages = mkOption { packages = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = [ ]; default = [ ];
@ -66,66 +78,114 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable (mkMerge [
environment.systemPackages = [ {
pkgs.dbus environment.etc."dbus-1".source = configDir;
];
environment.etc."dbus-1".source = configDir; environment.pathsToLink = [
"/etc/dbus-1"
users.users.messagebus = { "/share/dbus-1"
uid = config.ids.uids.messagebus;
description = "D-Bus system message bus daemon user";
home = homeDir;
group = "messagebus";
};
users.groups.messagebus.gid = config.ids.gids.messagebus;
systemd.packages = [
pkgs.dbus
];
security.wrappers.dbus-daemon-launch-helper = {
source = "${pkgs.dbus}/libexec/dbus-daemon-launch-helper";
owner = "root";
group = "messagebus";
setuid = true;
setgid = false;
permissions = "u+rx,g+rx,o-rx";
};
services.dbus.packages = [
pkgs.dbus
config.system.path
];
systemd.services.dbus = {
# Don't restart dbus-daemon. Bad things tend to happen if we do.
reloadIfChanged = true;
restartTriggers = [
configDir
]; ];
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path; users.users.messagebus = {
uid = config.ids.uids.messagebus;
description = "D-Bus system message bus daemon user";
home = homeDir;
group = "messagebus";
}; };
};
systemd.user.services.dbus = { users.groups.messagebus.gid = config.ids.gids.messagebus;
# Don't restart dbus-daemon. Bad things tend to happen if we do.
reloadIfChanged = true; # You still need the dbus reference implementation installed to use dbus-broker
restartTriggers = [ systemd.packages = [
configDir pkgs.dbus
]; ];
};
systemd.user.sockets.dbus.wantedBy = [ services.dbus.packages = [
"sockets.target" pkgs.dbus
]; config.system.path
];
environment.pathsToLink = [ systemd.user.sockets.dbus.wantedBy = [
"/etc/dbus-1" "sockets.target"
"/share/dbus-1" ];
]; }
};
(mkIf (cfg.implementation == "dbus") {
environment.systemPackages = [
pkgs.dbus
];
security.wrappers.dbus-daemon-launch-helper = {
source = "${pkgs.dbus}/libexec/dbus-daemon-launch-helper";
owner = "root";
group = "messagebus";
setuid = true;
setgid = false;
permissions = "u+rx,g+rx,o-rx";
};
systemd.services.dbus = {
# Don't restart dbus-daemon. Bad things tend to happen if we do.
reloadIfChanged = true;
restartTriggers = [
configDir
];
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path;
};
};
systemd.user.services.dbus = {
# Don't restart dbus-daemon. Bad things tend to happen if we do.
reloadIfChanged = true;
restartTriggers = [
configDir
];
};
})
(mkIf (cfg.implementation == "broker") {
environment.systemPackages = [
pkgs.dbus-broker
];
systemd.packages = [
pkgs.dbus-broker
];
# Just to be sure we don't restart through the unit alias
systemd.services.dbus.reloadIfChanged = true;
systemd.user.services.dbus.reloadIfChanged = true;
# NixOS Systemd Module doesn't respect 'Install'
# https://github.com/NixOS/nixpkgs/issues/108643
systemd.services.dbus-broker = {
aliases = [
"dbus.service"
];
# Don't restart dbus. Bad things tend to happen if we do.
reloadIfChanged = true;
restartTriggers = [
configDir
];
environment = {
LD_LIBRARY_PATH = config.system.nssModules.path;
};
};
systemd.user.services.dbus-broker = {
aliases = [
"dbus.service"
];
# Don't restart dbus. Bad things tend to happen if we do.
reloadIfChanged = true;
restartTriggers = [
configDir
];
};
})
]);
} }

View file

@ -98,11 +98,11 @@ in {
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/alps ${escapeShellArgs cfg.args}"; ExecStart = "${cfg.package}/bin/alps ${escapeShellArgs cfg.args}";
AmbientCapabilities = "";
CapabilityBoundingSet = "";
DynamicUser = true; DynamicUser = true;
## This is desirable but would restrict bindIP to 127.0.0.1
#IPAddressAllow = "localhost";
#IPAddressDeny = "any";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true; PrivateDevices = true;
PrivateIPC = true; PrivateIPC = true;
@ -122,8 +122,10 @@ in {
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
SocketBindAllow = cfg.port;
SocketBindDeny = "any";
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service @resources" "~@privileged @obsolete" ]; SystemCallFilter = [ "@system-service" "~@privileged @obsolete" ];
}; };
}; };
}; };

View file

@ -999,8 +999,8 @@ in
``` ```
# snippet of HedgeDoc-related config # snippet of HedgeDoc-related config
services.hedgedoc.configuration.dbURL = "postgres://hedgedoc:\''${DB_PASSWORD}@db-host:5432/hedgedocdb"; services.hedgedoc.settings.dbURL = "postgres://hedgedoc:\''${DB_PASSWORD}@db-host:5432/hedgedocdb";
services.hedgedoc.configuration.minio.secretKey = "$MINIO_SECRET_KEY"; services.hedgedoc.settings.minio.secretKey = "$MINIO_SECRET_KEY";
``` ```
``` ```

View file

@ -6,10 +6,10 @@ let
in in
{ {
# See here for a reference of all the options: # See here for a reference of all the options:
# https://github.com/outline/outline/blob/v0.65.2/.env.sample # https://github.com/outline/outline/blob/v0.67.0/.env.sample
# https://github.com/outline/outline/blob/v0.65.2/app.json # https://github.com/outline/outline/blob/v0.67.0/app.json
# https://github.com/outline/outline/blob/v0.65.2/server/env.ts # https://github.com/outline/outline/blob/v0.67.0/server/env.ts
# https://github.com/outline/outline/blob/v0.65.2/shared/types.ts # https://github.com/outline/outline/blob/v0.67.0/shared/types.ts
# The order is kept the same here to make updating easier. # The order is kept the same here to make updating easier.
options.services.outline = { options.services.outline = {
enable = lib.mkEnableOption (lib.mdDoc "outline"); enable = lib.mkEnableOption (lib.mdDoc "outline");
@ -123,7 +123,7 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
To support uploading of images for avatars and document attachments an To support uploading of images for avatars and document attachments an
s3-compatible storage must be provided. AWS S3 is recommended for s3-compatible storage must be provided. AWS S3 is recommended for
redundency however if you want to keep all file storage local an redundancy however if you want to keep all file storage local an
alternative such as [minio](https://github.com/minio/minio) alternative such as [minio](https://github.com/minio/minio)
can be used. can be used.
@ -435,6 +435,16 @@ in
''; '';
}; };
sentryTunnel = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = lib.mdDoc ''
Optionally add a
[Sentry proxy tunnel](https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
for bypassing ad blockers in the UI.
'';
};
logo = lib.mkOption { logo = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
default = null; default = null;
@ -621,6 +631,7 @@ in
DEBUG = cfg.debugOutput; DEBUG = cfg.debugOutput;
GOOGLE_ANALYTICS_ID = lib.optionalString (cfg.googleAnalyticsId != null) cfg.googleAnalyticsId; GOOGLE_ANALYTICS_ID = lib.optionalString (cfg.googleAnalyticsId != null) cfg.googleAnalyticsId;
SENTRY_DSN = lib.optionalString (cfg.sentryDsn != null) cfg.sentryDsn; SENTRY_DSN = lib.optionalString (cfg.sentryDsn != null) cfg.sentryDsn;
SENTRY_TUNNEL = lib.optionalString (cfg.sentryTunnel != null) cfg.sentryTunnel;
TEAM_LOGO = lib.optionalString (cfg.logo != null) cfg.logo; TEAM_LOGO = lib.optionalString (cfg.logo != null) cfg.logo;
DEFAULT_LANGUAGE = cfg.defaultLanguage; DEFAULT_LANGUAGE = cfg.defaultLanguage;

View file

@ -199,10 +199,10 @@ in {
}; };
backend = mkOption { backend = mkOption {
type = types.enum [ "glx" "xrender" "xr_glx_hybrid" ]; type = types.enum [ "egl" "glx" "xrender" "xr_glx_hybrid" ];
default = "xrender"; default = "xrender";
description = lib.mdDoc '' description = lib.mdDoc ''
Backend to use: `glx`, `xrender` or `xr_glx_hybrid`. Backend to use: `egl`, `glx`, `xrender` or `xr_glx_hybrid`.
''; '';
}; };

View file

@ -5,6 +5,10 @@ let
cfg = config.services.lvm; cfg = config.services.lvm;
in { in {
options.services.lvm = { options.services.lvm = {
enable = mkEnableOption (lib.mdDoc "lvm2") // {
default = true;
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.lvm2; default = pkgs.lvm2;
@ -30,7 +34,7 @@ in {
# minimal configuration file to make lvmconfig/lvm2-activation-generator happy # minimal configuration file to make lvmconfig/lvm2-activation-generator happy
environment.etc."lvm/lvm.conf".text = "config {}"; environment.etc."lvm/lvm.conf".text = "config {}";
}) })
(mkIf (!config.boot.isContainer) { (mkIf cfg.enable {
systemd.tmpfiles.packages = [ cfg.package.out ]; systemd.tmpfiles.packages = [ cfg.package.out ];
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ]; systemd.packages = [ cfg.package ];

View file

@ -10,11 +10,6 @@ with lib;
let let
cfg = config.ec2; cfg = config.ec2;
metadataFetcher = import ./ec2-metadata-fetcher.nix {
inherit (pkgs) curl;
targetRoot = "$targetRoot/";
wgetExtraOptions = "-q";
};
in in
{ {
@ -31,18 +26,12 @@ in
config = { config = {
assertions = [ assertions = [
{ assertion = cfg.hvm;
message = "Paravirtualized EC2 instances are no longer supported.";
}
{ assertion = cfg.efi -> cfg.hvm;
message = "EC2 instances using EFI must be HVM instances.";
}
{ assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17"; { assertion = versionOlder config.boot.kernelPackages.kernel.version "5.17";
message = "ENA driver fails to build with kernel >= 5.17"; message = "ENA driver fails to build with kernel >= 5.17";
} }
]; ];
boot.growPartition = cfg.hvm; boot.growPartition = true;
fileSystems."/" = mkIf (!cfg.zfs.enable) { fileSystems."/" = mkIf (!cfg.zfs.enable) {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
@ -64,9 +53,9 @@ in
boot.extraModulePackages = [ boot.extraModulePackages = [
config.boot.kernelPackages.ena config.boot.kernelPackages.ena
]; ];
boot.initrd.kernelModules = [ "xen-blkfront" "xen-netfront" ]; boot.initrd.kernelModules = [ "xen-blkfront" ];
boot.initrd.availableKernelModules = [ "ixgbevf" "ena" "nvme" ]; boot.initrd.availableKernelModules = [ "nvme" ];
boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0,115200n8" "random.trust_cpu=on" ]; boot.kernelParams = [ "console=ttyS0,115200n8" "random.trust_cpu=on" ];
# Prevent the nouveau kernel module from being loaded, as it # Prevent the nouveau kernel module from being loaded, as it
# interferes with the nvidia/nvidia-uvm modules needed for CUDA. # interferes with the nvidia/nvidia-uvm modules needed for CUDA.
@ -74,10 +63,7 @@ in
# boot. # boot.
boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ]; boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. boot.loader.grub.device = if cfg.efi then "nodev" else "/dev/xvda";
boot.loader.grub.version = if cfg.hvm then 2 else 1;
boot.loader.grub.device = if (cfg.hvm && !cfg.efi) then "/dev/xvda" else "nodev";
boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)";
boot.loader.grub.efiSupport = cfg.efi; boot.loader.grub.efiSupport = cfg.efi;
boot.loader.grub.efiInstallAsRemovable = cfg.efi; boot.loader.grub.efiInstallAsRemovable = cfg.efi;
boot.loader.timeout = 1; boot.loader.timeout = 1;
@ -87,67 +73,14 @@ in
terminal_input console serial terminal_input console serial
''; '';
boot.initrd.network.enable = true; systemd.services.fetch-ec2-metadata = {
wantedBy = [ "multi-user.target" ];
# Mount all formatted ephemeral disks and activate all swap devices. after = ["network-online.target"];
# We cannot do this with the fileSystems and swapDevices options path = [ pkgs.curl ];
# because the set of devices is dependent on the instance type script = builtins.readFile ./ec2-metadata-fetcher.sh;
# (e.g. "m1.small" has one ephemeral filesystem and one swap device, serviceConfig.Type = "oneshot";
# while "m1.large" has two ephemeral filesystems and no swap serviceConfig.StandardOutput = "journal+console";
# devices). Also, put /tmp and /var on /disk0, since it has a lot };
# more space than the root device. Similarly, "move" /nix to /disk0
# by layering a unionfs-fuse mount on top of it so we have a lot more space for
# Nix operations.
boot.initrd.postMountCommands =
''
${metadataFetcher}
diskNr=0
diskForUnionfs=
for device in /dev/xvd[abcde]*; do
if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi
fsType=$(blkid -o value -s TYPE "$device" || true)
if [ "$fsType" = swap ]; then
echo "activating swap device $device..."
swapon "$device" || true
elif [ "$fsType" = ext3 ]; then
mp="/disk$diskNr"
diskNr=$((diskNr + 1))
if mountFS "$device" "$mp" "" ext3; then
if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
fi
else
echo "skipping unknown device type $device"
fi
done
if [ -n "$diskForUnionfs" ]; then
mkdir -m 755 -p $targetRoot/$diskForUnionfs/root
mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
if [ "$(cat "$metaDir/ami-manifest-path")" != "(unknown)" ]; then
mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var
mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var
mkdir -p /unionfs-chroot/ro-nix
mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix
mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix
mkdir -p /unionfs-chroot/rw-nix
mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix
fi
fi
'';
boot.initrd.extraUtilsCommands =
''
# We need swapon in the initrd.
copy_bin_and_libs ${pkgs.util-linux}/sbin/swapon
'';
# Allow root logins only using the SSH key that the user specified # Allow root logins only using the SSH key that the user specified
# at instance creation time. # at instance creation time.
@ -166,8 +99,6 @@ in
# Always include cryptsetup so that Charon can use it. # Always include cryptsetup so that Charon can use it.
environment.systemPackages = [ pkgs.cryptsetup ]; environment.systemPackages = [ pkgs.cryptsetup ];
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
# EC2 has its own NTP server provided by the hypervisor # EC2 has its own NTP server provided by the hypervisor
networking.timeServers = [ "169.254.169.123" ]; networking.timeServers = [ "169.254.169.123" ];

View file

@ -2,6 +2,9 @@
let let
inherit (lib) literalExpression types; inherit (lib) literalExpression types;
in { in {
imports = [
(lib.mkRemovedOptionModule [ "ec2" "hvm" ] "Only HVM instances are supported, so specifying it is no longer necessary.")
];
options = { options = {
ec2 = { ec2 = {
zfs = { zfs = {
@ -41,13 +44,6 @@ in {
}); });
}; };
}; };
hvm = lib.mkOption {
default = lib.versionAtLeast config.system.stateVersion "17.03";
internal = true;
description = lib.mdDoc ''
Whether the EC2 instance is a HVM instance.
'';
};
efi = lib.mkOption { efi = lib.mkOption {
default = pkgs.stdenv.hostPlatform.isAarch64; default = pkgs.stdenv.hostPlatform.isAarch64;
defaultText = literalExpression "pkgs.stdenv.hostPlatform.isAarch64"; defaultText = literalExpression "pkgs.stdenv.hostPlatform.isAarch64";

View file

@ -24,6 +24,9 @@ with lib;
# containers do not need to setup devices # containers do not need to setup devices
services.udev.enable = false; services.udev.enable = false;
# containers normally do not need to manage logical volumes
services.lvm.enable = lib.mkDefault false;
# Shut up warnings about not having a boot loader. # Shut up warnings about not having a boot loader.
system.build.installBootLoader = lib.mkDefault "${pkgs.coreutils}/bin/true"; system.build.installBootLoader = lib.mkDefault "${pkgs.coreutils}/bin/true";

View file

@ -18,6 +18,7 @@ with lib;
wantedBy = [ "multi-user.target" "sshd.service" ]; wantedBy = [ "multi-user.target" "sshd.service" ];
before = [ "sshd.service" ]; before = [ "sshd.service" ];
after = ["fetch-ec2-metadata.service"];
path = [ pkgs.iproute2 ]; path = [ pkgs.iproute2 ];

View file

@ -1,77 +0,0 @@
{ curl, targetRoot, wgetExtraOptions }:
# Note: be very cautious about dependencies, each dependency grows
# the closure of the initrd. Ideally we would not even require curl,
# but there is no reasonable way to send an HTTP PUT request without
# it. Note: do not be fooled: the wget referenced in this script
# is busybox's wget, not the fully featured one with --method support.
#
# Make sure that every package you depend on here is already listed as
# a channel blocker for both the full-sized and small channels.
# Otherwise, we risk breaking user deploys in released channels.
#
# Also note: OpenStack's metadata service for its instances aims to be
# compatible with the EC2 IMDS. Where possible, try to keep the set of
# fetched metadata in sync with ./openstack-metadata-fetcher.nix .
''
metaDir=${targetRoot}etc/ec2-metadata
mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
get_imds_token() {
# retry-delay of 1 selected to give the system a second to get going,
# but not add a lot to the bootup time
${curl}/bin/curl \
-v \
--retry 3 \
--retry-delay 1 \
--fail \
-X PUT \
--connect-timeout 1 \
-H "X-aws-ec2-metadata-token-ttl-seconds: 600" \
http://169.254.169.254/latest/api/token
}
preflight_imds_token() {
# retry-delay of 1 selected to give the system a second to get going,
# but not add a lot to the bootup time
${curl}/bin/curl \
-v \
--retry 3 \
--retry-delay 1 \
--fail \
--connect-timeout 1 \
-H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \
http://169.254.169.254/1.0/meta-data/instance-id
}
try=1
while [ $try -le 3 ]; do
echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..."
IMDS_TOKEN=$(get_imds_token) && break
try=$((try + 1))
sleep 1
done
if [ "x$IMDS_TOKEN" == "x" ]; then
echo "failed to fetch an IMDS2v token."
fi
try=1
while [ $try -le 10 ]; do
echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..."
preflight_imds_token && break
try=$((try + 1))
sleep 1
done
echo "getting EC2 instance metadata..."
wget_imds() {
wget ${wgetExtraOptions} --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@";
}
wget_imds -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
(umask 077 && wget_imds -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data)
wget_imds -O "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
wget_imds -O "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
''

View file

@ -0,0 +1,67 @@
metaDir=/etc/ec2-metadata
mkdir -m 0755 -p "$metaDir"
rm -f "$metaDir/*"
get_imds_token() {
# retry-delay of 1 selected to give the system a second to get going,
# but not add a lot to the bootup time
curl \
--silent \
--show-error \
--retry 3 \
--retry-delay 1 \
--fail \
-X PUT \
--connect-timeout 1 \
-H "X-aws-ec2-metadata-token-ttl-seconds: 600" \
http://169.254.169.254/latest/api/token
}
preflight_imds_token() {
# retry-delay of 1 selected to give the system a second to get going,
# but not add a lot to the bootup time
curl \
--silent \
--show-error \
--retry 3 \
--retry-delay 1 \
--fail \
--connect-timeout 1 \
-H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \
-o /dev/null \
http://169.254.169.254/1.0/meta-data/instance-id
}
try=1
while [ $try -le 3 ]; do
echo "(attempt $try/3) getting an EC2 instance metadata service v2 token..."
IMDS_TOKEN=$(get_imds_token) && break
try=$((try + 1))
sleep 1
done
if [ "x$IMDS_TOKEN" == "x" ]; then
echo "failed to fetch an IMDS2v token."
fi
try=1
while [ $try -le 10 ]; do
echo "(attempt $try/10) validating the EC2 instance metadata service v2 token..."
preflight_imds_token && break
try=$((try + 1))
sleep 1
done
echo "getting EC2 instance metadata..."
get_imds() {
# Intentionally no --fail here, so that we proceed even if e.g. a
# 404 was returned (but we still fail if we can't reach the IMDS
# server).
curl --silent --show-error --header "X-aws-ec2-metadata-token: $IMDS_TOKEN" "$@"
}
get_imds -o "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
(umask 077 && get_imds -o "$metaDir/user-data" http://169.254.169.254/1.0/user-data)
get_imds -o "$metaDir/hostname" http://169.254.169.254/1.0/meta-data/hostname
get_imds -o "$metaDir/public-keys-0-openssh-key" http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key

View file

@ -53,6 +53,13 @@ with lib;
Guest memory in MB Guest memory in MB
''; '';
}; };
bios = mkOption {
type = types.enum [ "seabios" "ovmf" ];
default = "seabios";
description = ''
Select BIOS implementation (seabios = Legacy BIOS, ovmf = UEFI).
'';
};
# optional configs # optional configs
name = mkOption { name = mkOption {
@ -99,6 +106,17 @@ with lib;
Additional options appended to qemu-server.conf Additional options appended to qemu-server.conf
''; '';
}; };
partitionTableType = mkOption {
type = types.enum [ "efi" "hybrid" "legacy" "legacy+gpt" ];
description = ''
Partition table type to use. See make-disk-image.nix partitionTableType for details.
Defaults to 'legacy' for 'proxmox.qemuConf.bios="seabios"' (default), other bios values defaults to 'efi'.
Use 'hybrid' to build grub-based hybrid bios+efi images.
'';
default = if config.proxmox.qemuConf.bios == "seabios" then "legacy" else "efi";
defaultText = lib.literalExpression ''if config.proxmox.qemuConf.bios == "seabios" then "legacy" else "efi"'';
example = "hybrid";
};
filenameSuffix = mkOption { filenameSuffix = mkOption {
type = types.str; type = types.str;
default = config.proxmox.qemuConf.name; default = config.proxmox.qemuConf.name;
@ -122,9 +140,33 @@ with lib;
${lib.concatStrings (lib.mapAttrsToList cfgLine properties)} ${lib.concatStrings (lib.mapAttrsToList cfgLine properties)}
#qmdump#map:virtio0:drive-virtio0:local-lvm:raw: #qmdump#map:virtio0:drive-virtio0:local-lvm:raw:
''; '';
inherit (cfg) partitionTableType;
supportEfi = partitionTableType == "efi" || partitionTableType == "hybrid";
supportBios = partitionTableType == "legacy" || partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
hasBootPartition = partitionTableType == "efi" || partitionTableType == "hybrid";
hasNoFsPartition = partitionTableType == "hybrid" || partitionTableType == "legacy+gpt";
in { in {
assertions = [
{
assertion = config.boot.loader.systemd-boot.enable -> config.proxmox.qemuConf.bios == "ovmf";
message = "systemd-boot requires 'ovmf' bios";
}
{
assertion = partitionTableType == "efi" -> config.proxmox.qemuConf.bios == "ovmf";
message = "'efi' disk partitioning requires 'ovmf' bios";
}
{
assertion = partitionTableType == "legacy" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy' disk partitioning requires 'seabios' bios";
}
{
assertion = partitionTableType == "legacy+gpt" -> config.proxmox.qemuConf.bios == "seabios";
message = "'legacy+gpt' disk partitioning requires 'seabios' bios";
}
];
system.build.VMA = import ../../lib/make-disk-image.nix { system.build.VMA = import ../../lib/make-disk-image.nix {
name = "proxmox-${cfg.filenameSuffix}"; name = "proxmox-${cfg.filenameSuffix}";
inherit partitionTableType;
postVM = let postVM = let
# Build qemu with PVE's patch that adds support for the VMA format # Build qemu with PVE's patch that adds support for the VMA format
vma = (pkgs.qemu_kvm.override { vma = (pkgs.qemu_kvm.override {
@ -181,7 +223,18 @@ with lib;
boot = { boot = {
growPartition = true; growPartition = true;
kernelParams = [ "console=ttyS0" ]; kernelParams = [ "console=ttyS0" ];
loader.grub.device = lib.mkDefault "/dev/vda"; loader.grub = {
device = lib.mkDefault (if (hasNoFsPartition || supportBios) then
# Even if there is a separate no-fs partition ("/dev/disk/by-partlabel/no-fs" i.e. "/dev/vda2"),
# which will be used the bootloader, do not set it as loader.grub.device.
# GRUB installation fails, unless the whole disk is selected.
"/dev/vda"
else
"nodev");
efiSupport = lib.mkDefault supportEfi;
efiInstallAsRemovable = lib.mkDefault supportEfi;
};
loader.timeout = 0; loader.timeout = 0;
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ]; initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
}; };
@ -191,6 +244,10 @@ with lib;
autoResize = true; autoResize = true;
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = lib.mkIf hasBootPartition {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
services.qemuGuest.enable = lib.mkDefault true; services.qemuGuest.enable = lib.mkDefault true;
}; };

View file

@ -198,6 +198,7 @@ in {
etebase-server = handleTest ./etebase-server.nix {}; etebase-server = handleTest ./etebase-server.nix {};
etesync-dav = handleTest ./etesync-dav.nix {}; etesync-dav = handleTest ./etesync-dav.nix {};
extra-python-packages = handleTest ./extra-python-packages.nix {}; extra-python-packages = handleTest ./extra-python-packages.nix {};
evcc = handleTest ./evcc.nix {};
fancontrol = handleTest ./fancontrol.nix {}; fancontrol = handleTest ./fancontrol.nix {};
fcitx = handleTest ./fcitx {}; fcitx = handleTest ./fcitx {};
fenics = handleTest ./fenics.nix {}; fenics = handleTest ./fenics.nix {};
@ -479,7 +480,7 @@ in {
pam-u2f = handleTest ./pam/pam-u2f.nix {}; pam-u2f = handleTest ./pam/pam-u2f.nix {};
pam-ussh = handleTest ./pam/pam-ussh.nix {}; pam-ussh = handleTest ./pam/pam-ussh.nix {};
pass-secret-service = handleTest ./pass-secret-service.nix {}; pass-secret-service = handleTest ./pass-secret-service.nix {};
patroni = handleTest ./patroni.nix {}; patroni = handleTestOn ["x86_64-linux"] ./patroni.nix {};
pantalaimon = handleTest ./matrix/pantalaimon.nix {}; pantalaimon = handleTest ./matrix/pantalaimon.nix {};
pantheon = handleTest ./pantheon.nix {}; pantheon = handleTest ./pantheon.nix {};
paperless = handleTest ./paperless.nix {}; paperless = handleTest ./paperless.nix {};
@ -688,6 +689,7 @@ in {
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
vscodium = discoverTests (import ./vscodium.nix); vscodium = discoverTests (import ./vscodium.nix);
vsftpd = handleTest ./vsftpd.nix {}; vsftpd = handleTest ./vsftpd.nix {};
warzone2100 = handleTest ./warzone2100.nix {};
wasabibackend = handleTest ./wasabibackend.nix {}; wasabibackend = handleTest ./wasabibackend.nix {};
wiki-js = handleTest ./wiki-js.nix {}; wiki-js = handleTest ./wiki-js.nix {};
wine = handleTest ./wine.nix {}; wine = handleTest ./wine.nix {};

View file

@ -90,7 +90,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
}; };
}; };
testScript = '' testScript = { nodes, ... }: ''
server.start() server.start()
server.wait_for_unit("postfix.service") server.wait_for_unit("postfix.service")
server.wait_for_unit("dovecot2.service") server.wait_for_unit("dovecot2.service")
@ -99,6 +99,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
client.start() client.start()
client.wait_for_unit("alps.service") client.wait_for_unit("alps.service")
client.wait_for_open_port(${toString nodes.client.config.services.alps.port})
client.succeed("test-alps-login") client.succeed("test-alps-login")
''; '';
}) })

View file

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIIHvJkPAdMFGAwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE MIIDLDCCAhSgAwIBAgIIajCXIUnozqQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMB4XDTIyMTEyMDE1MzcwNFoXDTI0MTIy AxMVbWluaWNhIHJvb3QgY2EgMjMwYjU4MB4XDTIyMTEyMTE3MTcxMFoXDTQyMTEy
MDE1MzcwNFowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF MTE3MTcxMFowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBV AAOCAQ8AMIIBCgKCAQEA5INxJwKDVYNfTnkXwvKM/SufBNjvxWZxlkaMFbkAN5wJ
KNo3yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4 6HwuesRZE9IgfRO9N+rSq1U2lDBm9gFPERqsQJVZHHJ5kkaNUr89h25+wgX5emGy
WbAS2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5 UV2KEpCFssDD4aSBF+b0sryguCa1ZRj9b+pdfRxiYaORjSh5UzlXZoRm9iwHdzHT
/uoujcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5q oKLlmqozqzEt0o9qpZL8gv+rv8C5BGOY6hfXAHYmkWRt87FN5BkSjgEWiY++DOAU
dZ/Z/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2 X0TdobdSTrs/xJP+IbadRchqTH2kiG0g2BoCSXUsl7Mdh4IOUeQGDz/F5tH8PAtz
aVcMRjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABo3YwdDAOBgNVHQ8B p3dyjdQEFex2J5tlScLfVHoCBKV3gpCg+Keuum2j8QIDAQABo3YwdDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHwYDVR0jBBgwFoAUW4rxHHeasqLl7KMK+F3uVN0JGwYwFAYDVR0RBA0w /wQCMAAwHwYDVR0jBBgwFoAUvTCE3Lj/P6OWkmOGtsjcTcIDzkAwFAYDVR0RBA0w
C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBDT8HY62N6YbG7Fp3gPD2L C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQAvZM4Ik1NOXQfbPRgbolyL
Y0ZFHAAYM5l+Qn55aYkaTxpaRFPAeh0POmTIgSXfFSQYR00w3x2ni0K1ecBI814y b3afsSHbhHl9B2f0HGi5EAPdwyeWZsK3BF+SKFGAW5BlXr2SSlW/MQOMiUKTadnS
Mkgoki+jP6JhgV1fPTa5Wqm2x/Ufcr6LbTIDVqO5zFxTdkqZHfC7sMahDNULVrN2 8xTOFc1Ws8JWWc82zQqWcOWEXhU+AI8p70sTVFeXPWwLFy3nBRwDH4ZPU8UFHeje
RVkTLppDfmQ+oFcwNvZSgK9SDJNMlsNllOyGGUuMSd1KjWU4/Wr0AmaS+V3Cjf14 YXqbfxrsdEFXrbCfWSzPQP24xqVt7n9Am/5XFGtDkRsYlVgLwq/F6lN9hO0/gYIx
MsvgVhN66ECom1yyy3q9HZgAoZy6lnHOWHD4BVXOmbS2Y1lSVv/atmiGH7F9nvNN 8NsZ8Xy+QvBlGL+z9Zo7EylB8bP9OBtOtEv9fZcnxgughieiTDs36GwdQRE2aI+d
Ggh/+RmkXGczV80wT2TnivEamJGHA4kwThL40SRKfaTTX7miImI25E6+390hBXyw cG3lQX8NGxgcpDoH8+rNx7Uw7odg0gVbI3agyyvax6DPht+/bzXmHm8ogklGTOoG
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBVKNo3 MIIEpQIBAAKCAQEA5INxJwKDVYNfTnkXwvKM/SufBNjvxWZxlkaMFbkAN5wJ6Hwu
yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4WbAS esRZE9IgfRO9N+rSq1U2lDBm9gFPERqsQJVZHHJ5kkaNUr89h25+wgX5emGyUV2K
2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5/uou EpCFssDD4aSBF+b0sryguCa1ZRj9b+pdfRxiYaORjSh5UzlXZoRm9iwHdzHToKLl
jcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5qdZ/Z mqozqzEt0o9qpZL8gv+rv8C5BGOY6hfXAHYmkWRt87FN5BkSjgEWiY++DOAUX0Td
/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2aVcM obdSTrs/xJP+IbadRchqTH2kiG0g2BoCSXUsl7Mdh4IOUeQGDz/F5tH8PAtzp3dy
RjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABAoIBAG2s50FXjLgmONyz jdQEFex2J5tlScLfVHoCBKV3gpCg+Keuum2j8QIDAQABAoIBAHfnUHQ7qVYxfMzc
Giv3wrm/qF94GF+X7+l/64nd4jNM5imonJiT7C/lJ0V6q6/DWWXQcn2f191slJMD VU+BneEqBmKwwf8+ZdOIaPDtBeQoCDrpDip05Ji15T48IUk5+hjUubLAQwZKYYaE
v6HQMU8R+2yaLR1hxLN4oSdYA70QEgEvCr5Ap+n7k/SmWAL4aDzVWFuKPBLED178 DGZG918p4giS5IzKtCpgHDsKj4FbyglPn6dmFgFZjG7VtrcoBLXUrDB0fzHxDuqu
ZG7SqU1QLxIk1F5gpFhvvc/Ev7nE0KAzTJ3jGyWHZjJ1TKAWHx6oeKOw4OejRcGO eyeuwSCihzkeR6sXp3iveKcrKy+rA31aqWvJZb24qyAu1y8KIcf2ZMUiYcJF2kpL
+rDBfQrV59fiCy8CFraGPDGie5Eb7ioXyt4cf4/odtLol7bSIwH4BLwfvKJbRobi XZz4uyx4x/B9NE+PmLqo7x/9iS+p5aT2kWVCVUGmhII0ChFnWSnjxqecBMhWFY1O
gSjvL5JJLjhjWzeoj+JC4o0sWQegytWpNCHSFETfHQ8rlcagTN8JaTcBg6+wrR2O 3U0lKhloj6UKBya91hGospEJdaLHpHCWUgYPvA5mG+48kqYkPkecmTf8Xha3TxPf
OPeoFqkCgYEA7o9jSk7i23SiKo3C+T9KFIL2OS7akwUqIQZehZJ6LXljYEDP1lcz g1qv3sECgYEA+hMO1qTlnqhBajCMcAGIlpRHwr97hQMdSylHBXob1xCnuTEJKHOo
wjvWuLGVzlST3fmumHIMZLjjBU1cMYAPZrbUrEeayATD4jBxyiXbHqhB3DQ0W4CX 7UmQw9hJgD4JgYxcivg/OFErXdefbSae9NqSNdOshxmrxz6DFTN3Ms3WR1I1be3c
obUhcdsLGsKp0zXls8FeiQs6GOeEwSDU+1nAL9/hLK7w6cJ2zyj8HBUCgYEAwR3H B2mpGllMPbxJ3CKFet2CQSvOM9jfbK68R7Jlhiap0bESvWrT9ztUCWUCgYEA6e2Y
/ltIjD8tXNF05ayOguzrbivx2vaXusskZgn9QqntoGqqsXLOgsqcUH0dtiTyVOn+ iMNNo1dWushSMVvCkWR9CLAsnWnjFG4FYIPz/iuxJjRXDiWyR6x4WYjUx3ZBhpf5
Nba7w+o5NfaAfE9uR+oeZSo1IJU8oEi/EZqXTcYf5p3oAjXXZ9wXX8kl91EjCzKl wVFUK7VaPJBfOn7KCan59dqOvL3LSB/5SupwRMecCEhYPQvSaxn4MNrx0Vi83O4C
0kDpSpsMhUzdB2i5I9Oh1fLaW4iMwyuY1CgnqjsCgYBHIJFmEmcpL3k6XtIHJoub togyD9/UJ4ji+TXwMj2eMzwRspmO/26hXkQGzZ0CgYEA0qlLTrYKWOUUdgf/xjsE
2gA3xHR+6UdKWW/NO4MaE9tBU5GkQpO4EcdPggM8ZZNA17Tq1vZDAa0OY6ZdS+VL fRTcfsofm6VMAAz9rzd2TG3TXMZaGKGWJI5cTR7ejBG2oFNFgiwt1ZtLFPqXarOm
pq96Pk8z29fblL4Ym3jdhyU71oTV011iZXL3U2vYKrofsy4tjjX1fldwHXdDbdqS JE4b7QwrwoN1mZqngiygtUOAxwQRzlEZkYUI1xFykG8VKURLfX0sRQpJ4pNHY56v
povaulGU1QQXblemJH4mkQKBgC3IUq6Rk4x0OdvkaFM+6nZNlq8Cyg7AIU6OdG2g LRazP5dCZ0rrpnVfql1oJaECgYEAxtvT728XcOOuNtpUBOGcZTynjds2EhsRjyx4
dqNER+qc/yScdCr7v70xPEb/UVgiNTskvDUBJVkOvH08E4gHD/ep3vh/iOTy+iFB JbQGlutNjMyxtLUW+RcEuBg5ydYdne1Tw6L/iqiALTwNuAxQdCaq9vT0oj41sPp9
RheRHeT9kJBdlVixC/WQaWjNmoJAGqHS87vVME214Dyubh35QUfIkE3c/IoUnuHF UdI53j5Rxji5yitilOlesylsqCpnYuhyJflhlV0RXQpg6LmRlyQKeEN4R/uCNGI3
N0obAoGBANJpPBF36H1nb+TcVerOBXI8oqeIyoq7f4W/wbIirnZq/XfBaaOL5R6v i4sIvYECgYEA4DC2qObfB0UkN81uGluwwM5rR04qvIc5xX3QIvHuIJOs/uP54daD
6+p4LEcQ1Mf33Yfr5M4aR0q7fgNDg/g4LcMg6fI3+UwPC6lJY+K8zzF4fmGDhheC OiEDTxTpiqDNsFL0Pyl07aL7jubHNqU/eQpQIEZRlDy4Mr31QSbQ9R2/NNBwHu22
D+LsZG0Funl9kT0yxPBQhCJmmkJNIHiSNuRLt9Infne2408+YV+T BnnNKzZ97T0NVgxJXOqcOlRGjwb/5OUDpaIClJY+GqilEdOeu7Pl3aA=
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

View file

@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIIRgIx/Q6DdK0wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE MIIDSzCCAjOgAwIBAgIIIwtYp+WlBbswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMCAXDTIyMTEyMDE1MzcwNFoYDzIxMjIx AxMVbWluaWNhIHJvb3QgY2EgMjMwYjU4MCAXDTIyMTEyMTE3MTcxMFoYDzIxMjIx
MTIwMTUzNzA0WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA0NjAyMzEwggEi MTIxMTcxNzEwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAyMzBiNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxM/efiS7rNNzdu+AK+J57+om MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvqAoAyV8igrmBnU6T1nQDfkkQ
QYsoteVpmwcU6Ul8Zr6pcsBSLetV2PCWGVKKfXdK1Ep+JdBoiuG8EY/wffYJy+So HjQp+ANCthNCi4kGPOoTxrYrUMWa6d/aSIv5hKO2A+r2GdTeM1RvSo6GUr3GmsJc
WRRWX+bGIFly74urX2iOH/yimF8XMaHj4CzjMD1wM2rFLswL3VK2DM+wrCMO2zE2 WUMbIsJ0SJSLQEyvmFPpzfV3NdfIt6vZRiqJbLt7yuDiZil33GdQEKYywJxIsCb2
BAiUAJ++ws99Dl74DQ9lGne8hMjFgzakINCNd948/t2+LMVxqCgQ7fI+iHA1X7QF CSd55V1cZSiLItWEIURAhHhSxHabMRmIF/xZWxKFEDeagzXOxUBPAvIwzzqQroBv
1AT5c86wd/GxLzfl343DxLSeMRFbGUVSH6NBBnIQdFDq1GjNGPbn8ZlDXw5WWeR5 3vZhfgcAjCyS0crJ/E2Wa6GLKfFvaXGEj/KlXftwpbvFtnNBtmtJcNy9a8LJoOcA
ufnxcRRNpp3GnHG3/VOebFAr++5/0ze+QvF6XPXk9RZWvhh0dD14/8W/PMK1AgMB E+ZjD21hidnCc+Yag7LaR3ZtAVkpeRJ9rRNBkVP4rv2mq2skIkgDfY/F8smPAgMB
AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRbivEcd5qyouXs BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS9MITcuP8/o5aS
owr4Xe5U3QkbBjAfBgNVHSMEGDAWgBRbivEcd5qyouXsowr4Xe5U3QkbBjANBgkq Y4a2yNxNwgPOQDAfBgNVHSMEGDAWgBS9MITcuP8/o5aSY4a2yNxNwgPOQDANBgkq
hkiG9w0BAQsFAAOCAQEAdSudxwrpXf/nxXJ8THob63UEvvof0o7uENbNPjqt7VZZ hkiG9w0BAQsFAAOCAQEADCcgaxrI/pqjkYb0c3QHwfKCNz4khSWs/9tBpBfdxdUX
lQeKnZOrzjYbTcsbyDpm/zsniT9620ntVcL4/IG2eeuSPA9btHNiFM6R3Nby8Op4 uvG7rZzVW7pkzML+m4tSo2wm9sHRAgG+dIpzbSoRTouMntWlvYEnrr1SCw4NyBo1
emqNzrS0DFqV/CAOAue+C44Vb9IS+ibFxEpI3GTH0FVWpEglLuesXKV+boy1aCNq cwmNUz4JL+E3dnpI4FSOpyFyO87qL9ep0dxQEADWSppyCA762wfFpY+FvT6b/he8
BYvk6lVplmnTtyfEUAQxyjJhTHu0+ZDwmw1+/NY9Wn2aeile+/G8ao+MBXARELmq eDEc/Umjfm+X0tqNWx3aVoeyIJT46AeElry2IRLAk7z/vEPGFFzgd2Jh6Qsdeagk
aoGKfFfrMGRT/KDSyODBEdJ1XkLr0TYjNvyctsaYBp9FhVQiuNMOyCku7EB8y+tZ YkU0tFl9q9BotPYGlCMtVjmzbJtxh4uM9YCgiz1THzFjrUvfaTM8VjuBxbpoCZkS
odYtLw6ecNnrjgQAnxSDg1ChrQ0wNSdPyjvycNgvjQ== 85mNhFZvNq8/cgYc0kYZOg8+jRdy87xmTRp64LBd6w==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAmMTP3n4ku6zTc3bvgCviee/qJkGLKLXlaZsHFOlJfGa+qXLA MIIEowIBAAKCAQEAr6gKAMlfIoK5gZ1Ok9Z0A35JEB40KfgDQrYTQouJBjzqE8a2
Ui3rVdjwlhlSin13StRKfiXQaIrhvBGP8H32CcvkqFkUVl/mxiBZcu+Lq19ojh/8 K1DFmunf2kiL+YSjtgPq9hnU3jNUb0qOhlK9xprCXFlDGyLCdEiUi0BMr5hT6c31
ophfFzGh4+As4zA9cDNqxS7MC91StgzPsKwjDtsxNgQIlACfvsLPfQ5e+A0PZRp3 dzXXyLer2UYqiWy7e8rg4mYpd9xnUBCmMsCcSLAm9gkneeVdXGUoiyLVhCFEQIR4
vITIxYM2pCDQjXfePP7dvizFcagoEO3yPohwNV+0BdQE+XPOsHfxsS835d+Nw8S0 UsR2mzEZiBf8WVsShRA3moM1zsVATwLyMM86kK6Ab972YX4HAIwsktHKyfxNlmuh
njERWxlFUh+jQQZyEHRQ6tRozRj25/GZQ18OVlnkebn58XEUTaadxpxxt/1TnmxQ iynxb2lxhI/ypV37cKW7xbZzQbZrSXDcvWvCyaDnABPmYw9tYYnZwnPmGoOy2kd2
K/vuf9M3vkLxelz15PUWVr4YdHQ9eP/FvzzCtQIDAQABAoIBAAMvJv4GNxHKWmXv bQFZKXkSfa0TQZFT+K79pqtrJCJIA32PxfLJjwIDAQABAoIBAErEFJXnIIY47Cq+
trI/N+s+uuytNQ9WKz/2QUGIU0XKhnLVt3h/CIazjOA0CupkDxZ6MktK0ns7WdUn QS7t7e16uDCTGpLujLy9cQ83AzjTfrKyNuHS/HkGqRBpJqMrEN+tZTohHpkBciP4
sI5cscImg8+We7wJJ7A9gF/K6mhaBr3foM5qyqCbIjqzs3vQx5cNG06c2RfuNwkg sRd9amd5gdb663RGZExIhGmNEdb/2F/BGYUHNvSpMQ1HL13VGSwE25mh8G6jMppC
XzvZeqmWnAH6N4uOL8Y0HUsH/6a/5rHEBTgUOnOidR8T1vdIN5vnpknef/H575ab q+sYTq0lxT+d/96DgSyNpicqyYT2S2CTCRkWGAsc6KQwRpBYqoEqUeakyGfe2k85
jTdDyb15Vns7nC4Q8lortkLsQzOt//LWpVuLZXGDm1Xi47ahNXM8Fo/MFK+xcBDF pj32H53Si/49fkWkQ9RciPdg7qcu7u/iegwAkkjKoATeEjNf0NqBlkWag1qU0UHR
onMFuclxImN3FqkyMH6PgJS392bZ1LLcmS4bqZ0oIwfUZ/kIEwAI2cTwEYfYmN7C r2xDin+3ffEU2GQEwSvnGwlo7uyAN0UsryEWa9suuhX5T4eSWAMgTL4iVkh8Aa24
ekgvpsECgYEAxoJUcZW4iWvT8kznWKKT+YJAfTYmgwOxB1Dn3RxFA8cXocQQvwvM +YEFOGkCgYEA0DUb++31+nuxU8N+GPaPQXiob8C0RmSzSzSHJ3daJpzq8k576jqs
mSl1AKOjWHFl/eW9s4zwy/fOnsN1m1tCTuWSNn5sudZSJfbd5CCiYaYTI66McCCm 3TgkhLDzQepcTYVU2ucn6+9ziXEsz4H06W3FNGktnyK4BRqYitt5TjZvPc+WTPhR
5FGzqLM44Wm5y2qLa7l3in8Tza/645RpLXZyRfMInoW5In0XKbokLbkCgYEAxQM/ 0U+iUqBZilCAhUkIsNUiGvnMhz9VfcS/gn+NqhL7kvYi11/jAc4bbB0CgYEA1/oh
p63V5KuZYsm9BWNcCvAbS6G9NHjbeRrkAd171SSdibdwLIBeyn7A5JCiVqhZZbsO +t1ZKVLkbANrma/M8AX27Vl3k4jgOWGzFwAVD10zN31gGyVjv1knmG22pmL2+N+Z
1q1okO4m4j+JHzntWi63yXwG49sEVNaFbExPE4tfJeHD0Po8MJffoLNVTE+INT0B 8CnVmdHQQQIWV1pYbgwRkvpnZWyH7AvHd9l1XLYyOU3VEpz+e2bpMtzesaza3UWW
fl1elhMpE9qpizFIHF7L8KnUf5Igi+yp0d6Amt0CgYACAhmGmKQoR736KosAm4xx k8NELNE5sBopY939XkQ9G3aMXtbkx01zX+0BZJsCgYB+MdJ2TfKrEVGXfYPuSXLm
rr6mRaD4HFZzI39k/j84fZAgo9IjjKQCPKghXIZvg54rhmJ36YoaFiSx+Ho9Gxw9 seUVZu1dRSfOy1WnvBVuFenpV1yPyWSA6MhpjH7EUvIDIm8eBsERpZ6XjXslgpUY
nhbvlDHXY3KrTacLAsWBxWNWLhLfo4TstGLj5wRBS4eEpkxIx7SM4yI5J3mbScoS 7ql6bM10CK0UmtwePYw2tZOTGUD2AgRFI0k1X28mAEkFgBC+bVAwnXsz9lUw15Fj
mqsnSAEjUWkBD1DnrClniQKBgQCdfC9SNp+Yn6OJWIKE4Bwfkjf/iVbZrxKiCGDj 3T/V9493savIcpu6uluwmQKBgQCE/I4jzFv0aAgiwlBlB6znNqT/LRHGFIgMjS4b
LM1kYFSeVciRijw72n8PNp7ObtyneZQu/4dq8zSZ/vf5wjB9uoKnyUEou1cHCkS1 QX+2QCsjRd4BmRo8XodVAmlvNozgXb6J9RiDaIAVJ1XeX9EHogLIP8ue1h8zp2Uh
gXpkwTBZ89K4JpAeuAjHSROSYLEc/ZtIDBMkHETl3hFRdx+RriWQR/HZ2FG0CIbn VRNBDScLxfMnTOgd0BZTrVCqkscJbKn1Pk0iU4pz9wf5aF10yAvgdzSjySqB1hzu
gNmE8QKBgDlFu+TcspI2R9mKbHrbPTXOAlmi2g7RZ3jF1m4S/aZqSL/bqPRBb0OU uh8bdQKBgEpFIyhqfXf/NzchI5y23Cok14LFIPJ1yERD/B8taS7muVQwpgffy+Ld
dY7MX4GHhJYR7RnMMROZQI0H4ZwWSMfokBDa96MDY107atK8TqZmYKaZQsEB8B4r BH7dhafWSDVqIk1e6yl+82b4amleTEmDfopgc6FR7uPid1JoFxrwhnEfC3FjZamp
fMmKnQljYj91d/reowLJrQRf5SjBvtDIEIsiC8UgjQImAsZ8huEX 1OzXAOE/mX3jHf1spqpB2J/rDVPKi934ocQVoWnBeRopGTXxzbed
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

View file

@ -10,7 +10,11 @@ let
domain = conf.domain; domain = conf.domain;
in mkDerivation { in mkDerivation {
name = "test-certs"; name = "test-certs";
buildInputs = [ minica ]; buildInputs = [ (minica.overrideAttrs (old: {
prePatch = ''
sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
'';
})) ];
phases = [ "buildPhase" "installPhase" ]; phases = [ "buildPhase" "installPhase" ];
buildPhase = '' buildPhase = ''

View file

@ -431,5 +431,58 @@ import ./make-test-python.nix ({ pkgs, ... }: {
docker.succeed("docker run --rm image-with-certs:latest test -r /etc/pki/tls/certs/ca-bundle.crt") docker.succeed("docker run --rm image-with-certs:latest test -r /etc/pki/tls/certs/ca-bundle.crt")
docker.succeed("docker image rm image-with-certs:latest") docker.succeed("docker image rm image-with-certs:latest")
with subtest("buildNixShellImage: Can build a basic derivation"):
docker.succeed(
"${examples.nix-shell-basic} | docker load",
"docker run --rm nix-shell-basic bash -c 'buildDerivation && $out/bin/hello' | grep '^Hello, world!$'"
)
with subtest("buildNixShellImage: Runs the shell hook"):
docker.succeed(
"${examples.nix-shell-hook} | docker load",
"docker run --rm -it nix-shell-hook | grep 'This is the shell hook!'"
)
with subtest("buildNixShellImage: Sources stdenv, making build inputs available"):
docker.succeed(
"${examples.nix-shell-inputs} | docker load",
"docker run --rm -it nix-shell-inputs | grep 'Hello, world!'"
)
with subtest("buildNixShellImage: passAsFile works"):
docker.succeed(
"${examples.nix-shell-pass-as-file} | docker load",
"docker run --rm -it nix-shell-pass-as-file | grep 'this is a string'"
)
with subtest("buildNixShellImage: run argument works"):
docker.succeed(
"${examples.nix-shell-run} | docker load",
"docker run --rm -it nix-shell-run | grep 'This shell is not interactive'"
)
with subtest("buildNixShellImage: command argument works"):
docker.succeed(
"${examples.nix-shell-command} | docker load",
"docker run --rm -it nix-shell-command | grep 'This shell is interactive'"
)
with subtest("buildNixShellImage: home directory is writable by default"):
docker.succeed(
"${examples.nix-shell-writable-home} | docker load",
"docker run --rm -it nix-shell-writable-home"
)
with subtest("buildNixShellImage: home directory can be made non-existent"):
docker.succeed(
"${examples.nix-shell-nonexistent-home} | docker load",
"docker run --rm -it nix-shell-nonexistent-home"
)
with subtest("buildNixShellImage: can build derivations"):
docker.succeed(
"${examples.nix-shell-build-derivation} | docker load",
"docker run --rm -it nix-shell-build-derivation"
)
''; '';
}) })

View file

@ -16,8 +16,6 @@ let
../modules/testing/test-instrumentation.nix ../modules/testing/test-instrumentation.nix
../modules/profiles/qemu-guest.nix ../modules/profiles/qemu-guest.nix
{ {
ec2.hvm = true;
# Hack to make the partition resizing work in QEMU. # Hack to make the partition resizing work in QEMU.
boot.initrd.postDeviceCommands = mkBefore '' boot.initrd.postDeviceCommands = mkBefore ''
ln -s vda /dev/xvda ln -s vda /dev/xvda

View file

@ -0,0 +1,96 @@
import ./make-test-python.nix ({ pkgs, lib, ...} :
{
name = "evcc";
meta.maintainers = with lib.maintainers; [ hexa ];
nodes = {
machine = { config, ... }: {
services.evcc = {
enable = true;
settings = {
network = {
schema = "http";
host = "localhost";
port = 7070;
};
log = "info";
site = {
title = "NixOS Test";
meters = {
grid = "grid";
pv = "pv";
};
};
meters = [ {
type = "custom";
name = "grid";
power = {
source = "script";
cmd = "/bin/sh -c 'echo -4500'";
};
} {
type = "custom";
name = "pv";
power = {
source = "script";
cmd = "/bin/sh -c 'echo 7500'";
};
} ];
chargers = [ {
name = "dummy-charger";
type = "custom";
status = {
source = "script";
cmd = "/bin/sh -c 'echo charger status F'";
};
enabled = {
source = "script";
cmd = "/bin/sh -c 'echo charger enabled state false'";
};
enable = {
source = "script";
cmd = "/bin/sh -c 'echo set charger enabled state true'";
};
maxcurrent = {
source = "script";
cmd = "/bin/sh -c 'echo set charger max current 7200'";
};
} ];
loadpoints = [ {
title = "Dummy";
charger = "dummy-charger";
} ];
};
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("evcc.service")
machine.wait_for_open_port(7070)
with subtest("Check package version propagates into frontend"):
machine.fail(
"curl --fail http://localhost:7070 | grep '0.0.1-alpha'"
)
machine.succeed(
"curl --fail http://localhost:7070 | grep '${pkgs.evcc.version}'"
)
with subtest("Check journal for errors"):
_, output = machine.execute("journalctl -o cat -u evcc.service")
assert "ERROR" not in output
with subtest("Check systemd hardening"):
_, output = machine.execute("systemd-analyze security evcc.service | grep -v ''")
machine.log(output)
'';
})

View file

@ -13,26 +13,17 @@ import ./make-test-python.nix ({ pkgs, ... }:
serverSettings = { serverSettings = {
origin = "https://${serverDomain}"; origin = "https://${serverDomain}";
domain = serverDomain; domain = serverDomain;
bindaddress = "[::1]:8443"; bindaddress = "[::]:443";
ldapbindaddress = "[::1]:636"; ldapbindaddress = "[::1]:636";
}; tls_chain = certs."${serverDomain}".cert;
}; tls_key = certs."${serverDomain}".key;
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."${serverDomain}" = {
forceSSL = true;
sslCertificate = certs."${serverDomain}".cert;
sslCertificateKey = certs."${serverDomain}".key;
locations."/".proxyPass = "http://[::1]:8443";
}; };
}; };
security.pki.certificateFiles = [ certs.ca.cert ]; security.pki.certificateFiles = [ certs.ca.cert ];
networking.hosts."::1" = [ serverDomain ]; networking.hosts."::1" = [ serverDomain ];
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 443 ];
users.users.kanidm.shell = pkgs.bashInteractive; users.users.kanidm.shell = pkgs.bashInteractive;
@ -73,7 +64,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
start_all() start_all()
server.wait_for_unit("kanidm.service") server.wait_for_unit("kanidm.service")
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm") server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
server.succeed("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'") server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}") client.succeed("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'") rv, result = server.execute("kanidmd recover_account -c ${serverConfigFile} idm_admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
assert rv == 0 assert rv == 0

View file

@ -1,6 +1,6 @@
f: { f: {
system ? builtins.currentSystem, system ? builtins.currentSystem,
pkgs ? import ../.. { inherit system; }, pkgs ? import ../.. { inherit system; config = {}; overlays = []; },
... ...
} @ args: } @ args:

View file

@ -166,6 +166,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
start_all() start_all()
etcd.wait_for_unit("etcd.service")
with subtest("should bootstrap a new patroni cluster"): with subtest("should bootstrap a new patroni cluster"):
wait_for_all_nodes_ready() wait_for_all_nodes_ready()

View file

@ -61,5 +61,10 @@ in {
phone.wait_for_text("All Apps") phone.wait_for_text("All Apps")
phone.screenshot("03launcher") phone.screenshot("03launcher")
with subtest("Check the on-screen keyboard shows"):
phone.send_chars("setting", delay=0.2)
phone.wait_for_text("123") # A button on the OSK
phone.screenshot("04osk")
''; '';
}) })

View file

@ -0,0 +1,26 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "warzone2100";
meta = with pkgs.lib.maintainers; {
maintainers = [ fgaz ];
};
nodes.machine = { config, pkgs, ... }: {
imports = [
./common/x11.nix
];
services.xserver.enable = true;
environment.systemPackages = [ pkgs.warzone2100 ];
};
enableOCR = true;
testScript =
''
machine.wait_for_x()
machine.execute("warzone2100 >&2 &")
machine.wait_for_window("Warzone 2100")
machine.wait_for_text(r"(Single Player|Multi Player|Tutorial|Options|Quit Game)")
machine.screenshot("screen")
'';
})

View file

@ -1,16 +1,13 @@
import ../make-test-python.nix ({pkgs, ...}: import ../make-test-python.nix ({pkgs, ...}:
let let
test-certificates = pkgs.runCommandLocal "test-certificates" { } '' cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500
mkdir -p $out mkdir -p $out
echo insecure-root-password > $out/root-password-file cp key.pem cert.pem $out
echo insecure-intermediate-password > $out/intermediate-password-file
${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca
${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key
''; '';
hosts = '' hosts = ''
192.168.2.10 ca.local 192.168.2.101 mastodon.local
192.168.2.11 mastodon.local
''; '';
in in
@ -19,42 +16,6 @@ in
meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ];
nodes = { nodes = {
ca = { pkgs, ... }: {
networking = {
interfaces.eth1 = {
ipv4.addresses = [
{ address = "192.168.2.10"; prefixLength = 24; }
];
};
extraHosts = hosts;
};
services.step-ca = {
enable = true;
address = "0.0.0.0";
port = 8443;
openFirewall = true;
intermediatePasswordFile = "${test-certificates}/intermediate-password-file";
settings = {
dnsNames = [ "ca.local" ];
root = "${test-certificates}/root_ca.crt";
crt = "${test-certificates}/intermediate_ca.crt";
key = "${test-certificates}/intermediate_ca.key";
db = {
type = "badger";
dataSource = "/var/lib/step-ca/db";
};
authority = {
provisioners = [
{
type = "ACME";
name = "acme";
}
];
};
};
};
};
server = { pkgs, ... }: { server = { pkgs, ... }: {
virtualisation.memorySize = 2048; virtualisation.memorySize = 2048;
@ -62,7 +23,7 @@ in
networking = { networking = {
interfaces.eth1 = { interfaces.eth1 = {
ipv4.addresses = [ ipv4.addresses = [
{ address = "192.168.2.11"; prefixLength = 24; } { address = "192.168.2.101"; prefixLength = 24; }
]; ];
}; };
extraHosts = hosts; extraHosts = hosts;
@ -70,12 +31,7 @@ in
}; };
security = { security = {
acme = { pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
acceptTerms = true;
defaults.server = "https://ca.local:8443/acme/acme/directory";
defaults.email = "mastodon@mastodon.local";
};
pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];
}; };
services.redis.servers.mastodon = { services.redis.servers.mastodon = {
@ -89,16 +45,6 @@ in
configureNginx = true; configureNginx = true;
localDomain = "mastodon.local"; localDomain = "mastodon.local";
enableUnixSocket = false; enableUnixSocket = false;
redis = {
createLocally = true;
host = "127.0.0.1";
port = 31637;
};
database = {
createLocally = true;
host = "/run/postgresql";
port = 5432;
};
smtp = { smtp = {
createLocally = false; createLocally = false;
fromAddress = "mastodon@mastodon.local"; fromAddress = "mastodon@mastodon.local";
@ -107,6 +53,14 @@ in
EMAIL_DOMAIN_ALLOWLIST = "example.com"; EMAIL_DOMAIN_ALLOWLIST = "example.com";
}; };
}; };
services.nginx = {
virtualHosts."mastodon.local" = {
enableACME = pkgs.lib.mkForce false;
sslCertificate = "${cert pkgs}/cert.pem";
sslCertificateKey = "${cert pkgs}/key.pem";
};
};
}; };
client = { pkgs, ... }: { client = { pkgs, ... }: {
@ -114,14 +68,14 @@ in
networking = { networking = {
interfaces.eth1 = { interfaces.eth1 = {
ipv4.addresses = [ ipv4.addresses = [
{ address = "192.168.2.12"; prefixLength = 24; } { address = "192.168.2.102"; prefixLength = 24; }
]; ];
}; };
extraHosts = hosts; extraHosts = hosts;
}; };
security = { security = {
pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
}; };
}; };
}; };
@ -129,12 +83,6 @@ in
testScript = '' testScript = ''
start_all() start_all()
ca.wait_for_unit("step-ca.service")
ca.wait_for_open_port(8443)
# Check that mastodon-media-auto-remove is scheduled
server.succeed("systemctl status mastodon-media-auto-remove.timer")
server.wait_for_unit("nginx.service") server.wait_for_unit("nginx.service")
server.wait_for_unit("redis-mastodon.service") server.wait_for_unit("redis-mastodon.service")
server.wait_for_unit("postgresql.service") server.wait_for_unit("postgresql.service")
@ -144,10 +92,17 @@ in
server.wait_for_open_port(55000) server.wait_for_open_port(55000)
server.wait_for_open_port(55001) server.wait_for_open_port(55001)
# Check that mastodon-media-auto-remove is scheduled
server.succeed("systemctl status mastodon-media-auto-remove.timer")
# Check Mastodon version from remote client # Check Mastodon version from remote client
client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'") client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'")
# Check using admin CLI # Check access from remote client
client.succeed("curl --fail https://mastodon.local/about | grep 'Mastodon hosted on mastodon.local'")
client.succeed("curl --fail $(curl https://mastodon.local/api/v1/instance 2> /dev/null | jq -r .thumbnail) --output /dev/null")
# Simple check tootctl commands
# Check Mastodon version # Check Mastodon version
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'")
@ -164,12 +119,11 @@ in
# Manage IP access # Manage IP access
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl p_blocks export' | grep '172.16.0.0/16'") server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '172.16.0.0/16'")
client.fail("curl --fail https://mastodon.local/about") client.fail("curl --fail https://mastodon.local/about")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'")
client.succeed("curl --fail https://mastodon.local/about") client.succeed("curl --fail https://mastodon.local/about")
ca.shutdown()
server.shutdown() server.shutdown()
client.shutdown() client.shutdown()
''; '';

View file

@ -42,7 +42,7 @@ in import ../make-test-python.nix {
${nodes.server.config.networking.primaryIPAddress} uploads.example.com ${nodes.server.config.networking.primaryIPAddress} uploads.example.com
''; '';
environment.systemPackages = [ environment.systemPackages = [
(pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; }) (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; })
]; ];
}; };
server = { config, pkgs, ... }: { server = { config, pkgs, ... }: {
@ -82,6 +82,7 @@ in import ../make-test-python.nix {
testScript = { nodes, ... }: '' testScript = { nodes, ... }: ''
# Check with sqlite storage # Check with sqlite storage
start_all()
server.wait_for_unit("prosody.service") server.wait_for_unit("prosody.service")
server.succeed('prosodyctl status | grep "Prosody is running"') server.succeed('prosodyctl status | grep "Prosody is running"')

View file

@ -12,6 +12,7 @@ in writeScriptBin "send-message" ''
#!${(python3.withPackages (ps: [ ps.slixmpp ])).interpreter} #!${(python3.withPackages (ps: [ ps.slixmpp ])).interpreter}
import logging import logging
import sys import sys
import signal
from types import MethodType from types import MethodType
from slixmpp import ClientXMPP from slixmpp import ClientXMPP
@ -64,8 +65,13 @@ class CthonTest(ClientXMPP):
log.info('MUC join success!') log.info('MUC join success!')
log.info('XMPP SCRIPT TEST SUCCESS') log.info('XMPP SCRIPT TEST SUCCESS')
def timeout_handler(signalnum, stackframe):
print('ERROR: xmpp-sendmessage timed out')
sys.exit(1)
if __name__ == '__main__': if __name__ == '__main__':
signal.signal(signal.SIGALRM, timeout_handler)
signal.alarm(120)
logging.basicConfig(level=logging.DEBUG, logging.basicConfig(level=logging.DEBUG,
format='%(levelname)-8s %(message)s') format='%(levelname)-8s %(message)s')
@ -76,7 +82,7 @@ if __name__ == '__main__':
ct.register_plugin('xep_0363') ct.register_plugin('xep_0363')
# MUC # MUC
ct.register_plugin('xep_0045') ct.register_plugin('xep_0045')
ct.connect(("server", 5222)) ct.connect(("${connectTo}", 5222))
ct.process(forever=False) ct.process(forever=False)
if not ct.test_succeeded: if not ct.test_succeeded:

View file

@ -16,6 +16,7 @@
, feedbackd , feedbackd
, wrapGAppsHook , wrapGAppsHook
, fetchpatch , fetchpatch
, nixosTests
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -68,6 +69,8 @@ stdenv.mkDerivation rec {
feedbackd feedbackd
]; ];
passthru.tests.phosh = nixosTests.phosh;
meta = with lib; { meta = with lib; {
description = "A virtual keyboard supporting Wayland"; description = "A virtual keyboard supporting Wayland";
homepage = "https://source.puri.sm/Librem5/squeekboard"; homepage = "https://source.puri.sm/Librem5/squeekboard";

View file

@ -15,6 +15,7 @@ stdenv.mkDerivation rec {
sed -i 's@/usr/bin/install@install@g' Makefile sed -i 's@/usr/bin/install@install@g' Makefile
sed -i 's@/bin/rm@rm@g' Makefile sed -i 's@/bin/rm@rm@g' Makefile
sed -i 's@/usr/lib/ladspa@$(out)/lib/ladspa@g' Makefile sed -i 's@/usr/lib/ladspa@$(out)/lib/ladspa@g' Makefile
sed -i 's@g++@$(CXX)@g' Makefile
''; '';
preInstall="mkdir -p $out/lib/ladspa"; preInstall="mkdir -p $out/lib/ladspa";

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "bchoppr"; pname = "bchoppr";
version = "1.10.10"; version = "1.12.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "sjaehn"; owner = "sjaehn";
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "sha256-LNPG/ETRmgPv8LsYVHol4p5oRCvg+dSYVEe61i8Dvz8="; sha256 = "sha256-P6sbxhgnlek1IJ4i9yTe/3g/2C8oLPKXI3zbLdswvl8=";
}; };
nativeBuildInputs = [ pkg-config ]; nativeBuildInputs = [ pkg-config ];

View file

@ -1,4 +1,6 @@
{ mkDerivation, lib, fetchFromGitHub, pkg-config, sconsPackages, qtbase, lash, libjack2, jack ? libjack2, alsa-lib }: { mkDerivation, lib, fetchFromGitHub, pkg-config, sconsPackages, qtbase, lash, libjack2, jack ? libjack2, alsa-lib
, fetchpatch
}:
mkDerivation rec { mkDerivation rec {
pname = "jackmix"; pname = "jackmix";
@ -11,9 +13,16 @@ mkDerivation rec {
sha256 = "0p59411vk38lccn24r7nih10jpgg9i46yc26zpc3x13amxwwpd4h"; sha256 = "0p59411vk38lccn24r7nih10jpgg9i46yc26zpc3x13amxwwpd4h";
}; };
patches = [ ./no_error.patch ]; patches = [
./no_error.patch
(fetchpatch {
name = "sconstruct-python3.patch";
url = "https://github.com/kampfschlaefer/jackmix/commit/3a0c868b267728fdbc69cc3dc1941edac27d97f6.patch";
hash = "sha256-MLgxIiZ0+C1IVEci9Q347DR+SJUlPG2N3iPvuhRptJU=";
})
];
nativeBuildInputs = [ sconsPackages.scons_3_1_2 pkg-config ]; nativeBuildInputs = [ sconsPackages.scons_latest pkg-config ];
buildInputs = [ buildInputs = [
qtbase qtbase
lash lash

View file

@ -1,19 +1,34 @@
{ lib, stdenv, fetchurl, sconsPackages, pkg-config { lib
, libsamplerate, libsndfile, liblo, libjack2, boost }: , stdenv
, fetchFromGitHub
, pkg-config
, sconsPackages
, rubberband
, boost
, libjack2
, liblo
, libsamplerate
, libsndfile
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "klick"; pname = "klick";
version = "0.12.2"; version = "0.14.2";
src = fetchurl { src = fetchFromGitHub {
url = "http://das.nasophon.de/download/${pname}-${version}.tar.gz"; owner = "Allfifthstuning";
sha256 = "1289533c0849b1b66463bf27f7ce5f71736b655cfb7672ef884c7e6eb957ac42"; repo = "klick";
rev = version;
hash = "sha256-jHyeVCmyy9ipbVaF7GSW19DOVpU9EQJoLcGq9uos+eY=";
}; };
nativeBuildInputs = [ sconsPackages.scons_3_0_1 pkg-config ]; nativeBuildInputs = [
pkg-config
rubberband
sconsPackages.scons_latest
];
buildInputs = [ libsamplerate libsndfile liblo libjack2 boost ]; buildInputs = [ libsamplerate libsndfile liblo libjack2 boost ];
prefixKey = "PREFIX="; prefixKey = "PREFIX=";
NIX_CFLAGS_COMPILE = "-fpermissive";
meta = { meta = {
homepage = "http://das.nasophon.de/klick/"; homepage = "http://das.nasophon.de/klick/";

View file

@ -6,12 +6,12 @@ with python3Packages;
buildPythonApplication rec { buildPythonApplication rec {
pname = "miniplayer"; pname = "miniplayer";
version = "1.7.1"; version = "1.8.1";
format = "pyproject"; format = "pyproject";
src = fetchPypi { src = fetchPypi {
inherit pname version; inherit pname version;
hash = "sha256-NrIDv61mRDe9JWpSP8cvlU4CGoN6Ou6XuNOIn1p47Pw="; hash = "sha256-iUUsVIDLQAiaMomfA2LvvJZ2ePhgADtC6GCwIpRC1MA=";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [

View file

@ -0,0 +1,38 @@
{ lib, fetchurl, appimageTools }:
let
pname = "museeks";
version = "0.13.1";
src = fetchurl {
url = "https://github.com/martpie/museeks/releases/download/${version}/museeks-x86_64.AppImage";
hash = "sha256-LvunhCFmpv00TnXzWjp3kQUAhoKpmp6pqKgcaUqZV+o=";
};
appimageContents = appimageTools.extractType2 {
inherit pname version src;
};
in
appimageTools.wrapType2 {
inherit pname version src;
extraInstallCommands = ''
mv $out/bin/${pname}-${version} $out/bin/${pname}
mkdir -p $out/share/${pname}
cp -a ${appimageContents}/{locales,resources} $out/share/${pname}
cp -a ${appimageContents}/usr/share/icons $out/share/
install -Dm 444 ${appimageContents}/${pname}.desktop -t $out/share/applications
substituteInPlace $out/share/applications/${pname}.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
'';
meta = with lib; {
description = "A simple, clean and cross-platform music player";
homepage = "https://github.com/martpie/museeks";
license = licenses.mit;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ zendo ];
};
}

View file

@ -11,12 +11,12 @@ buildNpmPackage rec {
hash = "sha256-XgwlRdwUSl4gIRKqk6BnMAKarVvp291zk8vmNkuRWKo="; hash = "sha256-XgwlRdwUSl4gIRKqk6BnMAKarVvp291zk8vmNkuRWKo=";
}; };
patches = [ # Use generated package-lock.json since upstream does not provide one in releases
# Use generated package-lock.json since upstream does not provide one in releases postPatch = ''
./package-lock.json.patch ln -sT ${./package-lock.json} ./package-lock.json
]; '';
npmDepsHash = "sha256-UF3pZ+SlrgDLqntciXRNbWfpPMtQw1DXl41x9r37QN4="; npmDepsHash = "sha256-5KZXZ4agHcAh3gai5w9YodETIEGJtDq/kyEZOHb9dOc=";
nativeBuildInputs = [ nativeBuildInputs = [
copyDesktopItems copyDesktopItems
@ -38,7 +38,7 @@ buildNpmPackage rec {
runHook preInstall runHook preInstall
# prune unused deps # prune unused deps
npm prune --omit dev $npmFlags npm prune --omit dev --no-save $npmFlags
# copy built app and node_modules directories # copy built app and node_modules directories
mkdir -p $out/lib/node_modules/open-stage-control mkdir -p $out/lib/node_modules/open-stage-control

File diff suppressed because it is too large Load diff

View file

@ -47,10 +47,7 @@ curl -sSL https://raw.githubusercontent.com/jean-emmanuel/open-stage-control/v"$
# Lock dependencies with npm # Lock dependencies with npm
(cd "$pkgdir" && npm install --package-lock-only --ignore-scripts --legacy-peer-deps) (cd "$pkgdir" && npm install --package-lock-only --ignore-scripts --legacy-peer-deps)
# Turn lock file into patch file rm -f "$pkgdir"/package.json
(cd "$pkgdir" && (diff -u /dev/null ./package-lock.json || [ $? -eq 1 ])) >"$pkgdir"/package-lock.json.patch
rm -f "$pkgdir"/{package.json,package-lock.json}
# Update FOD hash # Update FOD hash
curhash="$(nixeval "$attr.npmDeps.outputHash")" curhash="$(nixeval "$attr.npmDeps.outputHash")"

View file

@ -19,24 +19,15 @@ let
in in
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "picard"; pname = "picard";
version = "2.8.3"; version = "2.8.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "metabrainz"; owner = "metabrainz";
repo = pname; repo = pname;
rev = "refs/tags/release-${version}"; rev = "release-${version}";
sha256 = "sha256-KUHciIlwaKXvyCCkAzdh1vpe9cunDizrMUl0SoCpxgY="; sha256 = "sha256-ygZkj7hZNm7XyqDEI7l49d36ZgCTwFiAuYZjlF9d5+8=";
}; };
patches = [
# fix for tests failing with newer mutagen, remove after >2.8.3
# https://tickets.metabrainz.org/browse/PICARD-2583
(fetchpatch {
url = "https://github.com/metabrainz/picard/commit/76c2dff6b61140bbc7675c9e9f62a086b885e539.patch";
hash = "sha256-V1/oq1tEcb1mtqbYAA9o7mJcw16vRO0IK3GGmJkwO1Q=";
})
];
nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ] nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ]
++ lib.optionals (pyqt5.multimediaEnabled) [ ++ lib.optionals (pyqt5.multimediaEnabled) [
qt5.qtmultimedia.bin qt5.qtmultimedia.bin
@ -71,6 +62,7 @@ pythonPackages.buildPythonApplication rec {
meta = with lib; { meta = with lib; {
homepage = "https://picard.musicbrainz.org/"; homepage = "https://picard.musicbrainz.org/";
changelog = "https://picard.musicbrainz.org/changelog/";
description = "The official MusicBrainz tagger"; description = "The official MusicBrainz tagger";
maintainers = with maintainers; [ ehmry ]; maintainers = with maintainers; [ ehmry ];
license = licenses.gpl2Plus; license = licenses.gpl2Plus;

View file

@ -1,4 +1,5 @@
{ lib, stdenv { lib
, stdenv
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
, pkg-config , pkg-config
@ -8,7 +9,7 @@
, libxml2 , libxml2
, libjack2 , libjack2
, libsndfile , libsndfile
, wxGTK30 , wxGTK30-gtk3
, libsigcxx , libsigcxx
, libsamplerate , libsamplerate
, rubberband , rubberband
@ -34,14 +35,19 @@ stdenv.mkDerivation rec {
./autogen.sh ./autogen.sh
''; '';
nativeBuildInputs = [ autoreconfHook pkg-config which libtool ]; nativeBuildInputs = [
autoreconfHook
pkg-config
which
libtool
];
buildInputs = [ buildInputs = [
liblo liblo
libxml2 libxml2
libjack2 libjack2
libsndfile libsndfile
wxGTK30 wxGTK30-gtk3
libsigcxx libsigcxx
libsamplerate libsamplerate
rubberband rubberband

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "stochas"; pname = "stochas";
version = "1.3.5"; version = "1.3.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "surge-synthesizer"; owner = "surge-synthesizer";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "1z8q53qfigw6wwbvpca92b9pf9d0mv3nyb0fmszz5ikj3pcybi7m"; sha256 = "sha256-/YT2M/VbkABjFvtTjGPWaSKUZaznMIYKXV6gNSD2PeU=";
fetchSubmodules = true; fetchSubmodules = true;
}; };

View file

@ -2,6 +2,7 @@
, python3 , python3
, fetchFromGitHub , fetchFromGitHub
, fetchpatch , fetchpatch
, installShellFiles
, libcdio-paranoia , libcdio-paranoia
, cdrdao , cdrdao
, libsndfile , libsndfile
@ -35,6 +36,8 @@ in python3.pkgs.buildPythonApplication rec {
]; ];
nativeBuildInputs = with python3.pkgs; [ nativeBuildInputs = with python3.pkgs; [
installShellFiles
setuptools-scm setuptools-scm
docutils docutils
setuptoolsCheckHook setuptoolsCheckHook
@ -65,6 +68,11 @@ in python3.pkgs.buildPythonApplication rec {
export SETUPTOOLS_SCM_PRETEND_VERSION="${version}" export SETUPTOOLS_SCM_PRETEND_VERSION="${version}"
''; '';
outputs = [ "out" "man" ];
postBuild = ''
make -C man
'';
preCheck = '' preCheck = ''
# disable tests that require internet access # disable tests that require internet access
# https://github.com/JoeLametta/whipper/issues/291 # https://github.com/JoeLametta/whipper/issues/291
@ -73,6 +81,10 @@ in python3.pkgs.buildPythonApplication rec {
export HOME=$TMPDIR export HOME=$TMPDIR
''; '';
postInstall = ''
installManPage man/*.1
'';
passthru.tests.version = testers.testVersion { passthru.tests.version = testers.testVersion {
package = whipper; package = whipper;
command = "HOME=$TMPDIR whipper --version"; command = "HOME=$TMPDIR whipper --version";

View file

@ -1,16 +1,29 @@
{ stdenv, lib, fetchzip, wxGTK30, zlib, zstd }: { stdenv
, lib
, fetchzip
, wxGTK32
, zlib
, zstd
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "urbackup-client"; pname = "urbackup-client";
version = "2.4.11"; version = "2.5.20";
src = fetchzip { src = fetchzip {
url = "https://hndl.urbackup.org/Client/${version}/urbackup-client-${version}.tar.gz"; url = "https://hndl.urbackup.org/Client/${version}/urbackup-client-${version}.tar.gz";
sha256 = "0cciy9v1pxj9qaklpbhp2d5rdbkmfm74vhpqx6b4phww0f10wvzh"; sha256 = "sha256-i1g3xUhspqQRfIUhy6STOWNuncK3tMFocJw652r1X9g=";
}; };
configureFlags = [ "--enable-embedded-cryptopp" ]; buildInputs = [
buildInputs = [ wxGTK30 zlib zstd ]; wxGTK32
zlib
zstd
];
configureFlags = [
"--enable-embedded-cryptopp"
];
meta = with lib; { meta = with lib; {
description = "An easy to setup Open Source client/server backup system"; description = "An easy to setup Open Source client/server backup system";

View file

@ -1,78 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, autoreconfHook
, openssl
, db48
, boost
, zlib
, miniupnpc
, qtbase ? null
, qttools ? null
, util-linux
, protobuf
, qrencode
, libevent
, withGui
}:
stdenv.mkDerivation rec {
pname = "bitcoin" + lib.optionalString (!withGui) "d" + "-classic";
version = "1.3.8uahf";
src = fetchFromGitHub {
owner = "bitcoinclassic";
repo = "bitcoinclassic";
rev = "v${version}";
sha256 = "sha256-fVmFD1B4kKoejd2cmPPF5TJJQTAA6AVsGlVY8IIUNK4=";
};
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [
openssl
db48
boost
zlib
miniupnpc
util-linux
protobuf
libevent
] ++ lib.optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ lib.optionals withGui [
"--with-gui=qt5"
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
];
CXXFLAGS = [ "-std=c++14" ];
enableParallelBuilding = true;
dontWrapQtApps = true;
meta = with lib; {
description = "Peer-to-peer electronic cash system (Classic client)";
longDescription = ''
Bitcoin is a free open source peer-to-peer electronic cash system that is
completely decentralized, without the need for a central server or trusted
parties. Users hold the crypto keys to their own money and transact directly
with each other, with the help of a P2P network to check for double-spending.
Bitcoin Classic stands for the original Bitcoin as Satoshi described it,
"A Peer-to-Peer Electronic Cash System". We are writing the software that
miners and users say they want. We will make sure it solves their needs, help
them deploy it, and gracefully upgrade the bitcoin network's capacity
together. The data shows that Bitcoin can grow, on-chain, to welcome many
more users onto our coin in a safe and distributed manner. In the future we
will continue to release updates that are in line with Satoshis whitepaper &
vision, and are agreed upon by the community.
'';
homepage = "https://bitcoinclassic.com/";
maintainers = with maintainers; [ jefdaj ];
license = licenses.mit;
broken = stdenv.isDarwin;
platforms = platforms.unix;
};
}

View file

@ -1,72 +0,0 @@
{ lib, stdenv
, fetchFromGitHub
, openssl
, boost
, libb2
, libevent
, autoreconfHook
, db4
, pkg-config
, protobuf
, hexdump
, zeromq
, libsodium
, withGui
, qtbase ? null
, qttools ? null
, wrapQtAppsHook ? null
}:
with lib;
stdenv.mkDerivation rec {
pname = "bitcoin" + toString (optional (!withGui) "d") + "-gold";
version = "0.17.3";
src = fetchFromGitHub {
owner = "BTCGPU";
repo = "BTCGPU";
rev = "v${version}";
sha256 = "sha256-1tFoUNsCPJkHSmNRl5gE3n2EQD6RZSry1zIM5hiTzEI=";
};
nativeBuildInputs = [
autoreconfHook
pkg-config
hexdump
] ++ optionals withGui [
wrapQtAppsHook
];
buildInputs = [
openssl
boost
libevent
db4
zeromq
libsodium
libb2
] ++ optionals withGui [
qtbase
qttools
protobuf
];
enableParallelBuilding = true;
configureFlags = [
"--with-boost-libdir=${boost.out}/lib"
] ++ optionals withGui [
"--with-gui=qt5"
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
];
meta = {
description = "BTG is a cryptocurrency with Bitcoin fundamentals, mined on common GPUs instead of specialty ASICs";
homepage = "https://bitcoingold.org/";
license = licenses.mit;
maintainers = [ maintainers.mmahut ];
platforms = platforms.linux;
};
}

View file

@ -25,23 +25,21 @@
with lib; with lib;
let let
version = "23.0";
majorVersion = versions.major version;
desktop = fetchurl { desktop = fetchurl {
url = "https://raw.githubusercontent.com/bitcoin-core/packaging/${majorVersion}.x/debian/bitcoin-qt.desktop"; # c2e5f3e is the last commit when the debian/bitcoin-qt.desktop file was changed
url = "https://raw.githubusercontent.com/bitcoin-core/packaging/c2e5f3e20a8093ea02b73cbaf113bc0947b4140e/debian/bitcoin-qt.desktop";
sha256 = "0cpna0nxcd1dw3nnzli36nf9zj28d2g9jf5y0zl9j18lvanvniha"; sha256 = "0cpna0nxcd1dw3nnzli36nf9zj28d2g9jf5y0zl9j18lvanvniha";
}; };
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = if withGui then "bitcoin" else "bitcoind"; pname = if withGui then "bitcoin" else "bitcoind";
inherit version; version = "24.0";
src = fetchurl { src = fetchurl {
urls = [ urls = [
"https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
]; ];
sha256 = "26748bf49d6d6b4014d0fedccac46bf2bcca42e9d34b3acfd9e3467c415acc05"; sha256 = "9cfa4a9f4acb5093e85b8b528392f0f05067f3f8fafacd4dcfe8a396158fd9f4";
}; };
nativeBuildInputs = nativeBuildInputs =
@ -74,10 +72,6 @@ stdenv.mkDerivation rec {
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin" "--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
]; ];
# fix "Killed: 9 test/test_bitcoin"
# https://github.com/NixOS/nixpkgs/issues/179474
hardeningDisable = lib.optionals (stdenv.isAarch64 && stdenv.isDarwin) [ "fortify" "stackprotector" ];
checkInputs = [ python3 ]; checkInputs = [ python3 ];
doCheck = true; doCheck = true;

View file

@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "charge-lnd"; pname = "charge-lnd";
version = "0.2.12"; version = "0.2.13";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "accumulator"; owner = "accumulator";
repo = pname; repo = pname;
rev = "v${version}"; rev = "refs/tags/v${version}";
sha256 = "uiXmLdQAglgLxOX6IoF1iNZvje4EM7Tr25Okx9TPyzI="; sha256 = "sha256-mNU8bhiZqvYbNUU8vJNk9WbpAVrCTi9Fy3hlIpb06ac=";
}; };
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [

View file

@ -19,15 +19,15 @@ with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "digibyte"; pname = "digibyte";
version = "7.17.2"; version = "7.17.3";
name = pname + toString (optional (!withGui) "d") + "-" + version; name = pname + toString (optional (!withGui) "d") + "-" + version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = pname; owner = "digibyte-core";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "04czj7mx3wpbx4832npk686p9pg5zb6qwlcvnmvqf31hm5qylbxj"; sha256 = "zPwnC2qd28fA1saG4nysPlKU1nnXhfuSG3DpCY6T+kM=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

View file

@ -9,6 +9,7 @@
, protobuf , protobuf
, hexdump , hexdump
, zeromq , zeromq
, gmp
, withGui , withGui
, qtbase ? null , qtbase ? null
, qttools ? null , qttools ? null
@ -19,15 +20,15 @@ with lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "vertcoin"; pname = "vertcoin";
version = "0.15.0.1"; version = "0.18.0";
name = pname + toString (optional (!withGui) "d") + "-" + version; name = pname + toString (optional (!withGui) "d") + "-" + version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = pname + "-project"; owner = pname + "-project";
repo = pname + "-core"; repo = pname + "-core";
rev = version; rev = "2bd6dba7a822400581d5a6014afd671fb7e61f36";
sha256 = "09q7qicw52gv225hq6wlpsf4zr4hjc8miyim5cygi5nxxrlw7kd3"; sha256 = "ua9xXA+UQHGVpCZL0srX58DDUgpfNa+AAIKsxZbhvMk=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
@ -44,6 +45,7 @@ stdenv.mkDerivation rec {
libevent libevent
db4 db4
zeromq zeromq
gmp
] ++ optionals withGui [ ] ++ optionals withGui [
qtbase qtbase
qttools qttools

View file

@ -1,8 +1,11 @@
{ lib, stdenv { lib, stdenv
, autoPatchelfHook
, makeWrapper
, fetchurl , fetchurl
, makeDesktopItem , makeDesktopItem
, curl , curl
, dotnetCorePackages , dotnetCorePackages
, lttng-ust_2_12
, fontconfig , fontconfig
, krb5 , krb5
, openssl , openssl
@ -11,29 +14,31 @@
}: }:
let let
dotnet-runtime = dotnetCorePackages.runtime_5_0; dotnet-runtime = dotnetCorePackages.runtime_6_0;
libPath = lib.makeLibraryPath [ # These libraries are dynamically loaded by the application,
# and need to be present in LD_LIBRARY_PATH
runtimeLibs = [
curl curl
dotnet-runtime
fontconfig.lib fontconfig.lib
krb5 krb5
openssl openssl
stdenv.cc.cc.lib stdenv.cc.cc.lib
xorg.libX11 xorg.libX11
xorg.libICE
xorg.libSM
zlib zlib
]; ];
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "wasabiwallet"; pname = "wasabiwallet";
version = "2.0.1.3"; version = "2.0.2";
src = fetchurl { src = fetchurl {
url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz"; url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz";
sha256 = "sha256-cATqg/n4/BDQtuCVjHAx3EfMLmlX5EjeQ01gavy/L8o="; sha256 = "sha256-0DFl+UFxQckRM2qXFqDpKaRQ5sIMUbNj7l3zKPKAOnQ=";
}; };
dontBuild = true; dontBuild = true;
dontPatchELF = true;
desktopItem = makeDesktopItem { desktopItem = makeDesktopItem {
name = "wasabi"; name = "wasabi";
@ -44,16 +49,19 @@ stdenv.mkDerivation rec {
categories = [ "Network" "Utility" ]; categories = [ "Network" "Utility" ];
}; };
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
buildInputs = runtimeLibs ++ [
lttng-ust_2_12
];
installPhase = '' installPhase = ''
mkdir -p $out/opt/${pname} $out/bin $out/share/applications mkdir -p $out/opt/${pname} $out/bin $out/share/applications
cp -Rv . $out/opt/${pname} cp -Rv . $out/opt/${pname}
cd $out/opt/${pname}
for i in $(find . -type f -name '*.so') wassabee makeWrapper "${dotnet-runtime}/bin/dotnet" "$out/bin/${pname}" \
do --add-flags "$out/opt/${pname}/WalletWasabi.Fluent.Desktop.dll" \
patchelf --set-rpath ${libPath} $i --suffix "LD_LIBRARY_PATH" : "${lib.makeLibraryPath runtimeLibs}"
done
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" wassabee
ln -s $out/opt/${pname}/wassabee $out/bin/${pname}
cp -v $desktopItem/share/applications/* $out/share/applications cp -v $desktopItem/share/applications/* $out/share/applications
''; '';

View file

@ -144,9 +144,10 @@ let emacs = (if withMacport then llvmPackages_6.stdenv else stdenv).mkDerivation
++ lib.optionals stdenv.isLinux [ dbus libselinux alsa-lib acl gpm ] ++ lib.optionals stdenv.isLinux [ dbus libselinux alsa-lib acl gpm ]
++ lib.optionals withSystemd [ systemd ] ++ lib.optionals withSystemd [ systemd ]
++ lib.optionals withX ++ lib.optionals withX
[ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg giflib libtiff libXft [ xlibsWrapper libXaw Xaw3d gconf cairo ]
gconf cairo ] ++ lib.optionals (withX || withPgtk)
++ lib.optionals (withX || withNS) [ librsvg ] [ libXpm libpng libjpeg giflib libtiff ]
++ lib.optionals (withX || withNS || withPgtk ) [ librsvg ]
++ lib.optionals withImageMagick [ imagemagick ] ++ lib.optionals withImageMagick [ imagemagick ]
++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ] ++ lib.optionals (stdenv.isLinux && withX) [ m17n_lib libotf ]
++ lib.optional (withX && withGTK2) gtk2-x11 ++ lib.optional (withX && withGTK2) gtk2-x11
@ -178,8 +179,10 @@ let emacs = (if withMacport then llvmPackages_6.stdenv else stdenv).mkDerivation
then [ "--disable-ns-self-contained" ] then [ "--disable-ns-self-contained" ]
else if withX else if withX
then [ "--with-x-toolkit=${toolkit}" "--with-xft" "--with-cairo" ] then [ "--with-x-toolkit=${toolkit}" "--with-xft" "--with-cairo" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" else if withPgtk
"--with-gif=no" "--with-tiff=no" ]) then [ "--with-pgtk" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ])
++ lib.optionals withMacport [ ++ lib.optionals withMacport [
"--with-mac" "--with-mac"
"--enable-mac-app=$$out/Applications" "--enable-mac-app=$$out/Applications"
@ -189,7 +192,6 @@ let emacs = (if withMacport then llvmPackages_6.stdenv else stdenv).mkDerivation
++ lib.optional withXwidgets "--with-xwidgets" ++ lib.optional withXwidgets "--with-xwidgets"
++ lib.optional nativeComp "--with-native-compilation" ++ lib.optional nativeComp "--with-native-compilation"
++ lib.optional withImageMagick "--with-imagemagick" ++ lib.optional withImageMagick "--with-imagemagick"
++ lib.optional withPgtk "--with-pgtk"
++ lib.optional withXinput2 "--with-xinput2" ++ lib.optional withXinput2 "--with-xinput2"
++ lib.optional (!withToolkitScrollBars) "--without-toolkit-scroll-bars" ++ lib.optional (!withToolkitScrollBars) "--without-toolkit-scroll-bars"
; ;

View file

@ -63,7 +63,8 @@ with stdenv; lib.makeOverridable mkDerivation (rec {
mkdir -p $out/{bin,$pname,share/pixmaps,libexec/${pname}} mkdir -p $out/{bin,$pname,share/pixmaps,libexec/${pname}}
cp -a . $out/$pname cp -a . $out/$pname
ln -s $out/$pname/bin/${loName}.png $out/share/pixmaps/${pname}.png [[ -f $out/$pname/bin/${loName}.png ]] && ln -s $out/$pname/bin/${loName}.png $out/share/pixmaps/${pname}.png
[[ -f $out/$pname/bin/${loName}.svg ]] && ln -s $out/$pname/bin/${loName}.svg $out/share/pixmaps/${pname}.svg
mv bin/fsnotifier* $out/libexec/${pname}/. mv bin/fsnotifier* $out/libexec/${pname}/.
jdk=${jdk.home} jdk=${jdk.home}

View file

@ -57,11 +57,11 @@
"mps": { "mps": {
"update-channel": "MPS RELEASE", "update-channel": "MPS RELEASE",
"url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}.tar.gz", "url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}.tar.gz",
"version": "2021.3.1", "version": "2022.2",
"sha256": "b7d41c4362e71f30adeaed9f0ec30afd5ac0e6eea9650ee4a19d70a5783db3e6", "sha256": "aaee4d2bb9bc34d0b4bc62c7ef08139cc6144b433ba1675ef306e6d3d95e37a1",
"url": "https://download.jetbrains.com/mps/2021.3.1/MPS-2021.3.1.tar.gz", "url": "https://download.jetbrains.com/mps/2022.2/MPS-2022.2.tar.gz",
"version-major-minor": "2021.3", "version-major-minor": "2022.2",
"build_number": "213.7172.958" "build_number": "222.3345.1295"
}, },
"phpstorm": { "phpstorm": {
"update-channel": "PhpStorm RELEASE", "update-channel": "PhpStorm RELEASE",
@ -176,11 +176,11 @@
"mps": { "mps": {
"update-channel": "MPS RELEASE", "update-channel": "MPS RELEASE",
"url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}-macos.dmg", "url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}-macos.dmg",
"version": "2021.3.1", "version": "2022.2",
"sha256": "2c5517518fec31ac960e4309fa848ad831f9048ef15df1b362e12aa8f41d9dbd", "sha256": "4e36c60d281596c220287ab2191165be37ef01c3c54ab5f5e4e535c8b81bc754",
"url": "https://download.jetbrains.com/mps/2021.3.1/MPS-2021.3.1-macos.dmg", "url": "https://download.jetbrains.com/mps/2022.2/MPS-2022.2-macos.dmg",
"version-major-minor": "2021.3", "version-major-minor": "2022.2",
"build_number": "213.7172.958" "build_number": "222.3345.1295"
}, },
"phpstorm": { "phpstorm": {
"update-channel": "PhpStorm RELEASE", "update-channel": "PhpStorm RELEASE",
@ -295,11 +295,11 @@
"mps": { "mps": {
"update-channel": "MPS RELEASE", "update-channel": "MPS RELEASE",
"url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}-macos-aarch64.dmg", "url-template": "https://download.jetbrains.com/mps/{versionMajorMinor}/MPS-{version}-macos-aarch64.dmg",
"version": "2021.3.1", "version": "2022.2",
"url": "https://download.jetbrains.com/mps/2021.3.1/MPS-2021.3.1-macos-aarch64.dmg", "url": "https://download.jetbrains.com/mps/2022.2/MPS-2022.2-macos-aarch64.dmg",
"sha256": "3ace6d45db718dffd80bf126a76735fb65099de292112a01cc078aa61c475a70", "sha256": "bdc83d9c7a3430cc2b0b0361a9e4eab82e951bfe87f0e4754106d09850947077",
"version-major-minor": "2021.3", "version-major-minor": "2022.2",
"build_number": "213.7172.958" "build_number": "222.3345.1295"
}, },
"phpstorm": { "phpstorm": {
"update-channel": "PhpStorm RELEASE", "update-channel": "PhpStorm RELEASE",

View file

@ -2,13 +2,13 @@
mkDerivation rec { mkDerivation rec {
pname = "notepad-next"; pname = "notepad-next";
version = "0.5.5"; version = "0.5.6";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "dail8859"; owner = "dail8859";
repo = "NotepadNext"; repo = "NotepadNext";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-ZjDvAN/NNz1GY7/0eKlxogYPg2Ba7Ncg6TXyKQEdWrU="; sha256 = "sha256-0ZmyEtyVpqQ05FOYdFbnFqfPJKNkrweflSl+irOzcuk=";
# External dependencies - https://github.com/dail8859/NotepadNext/issues/135 # External dependencies - https://github.com/dail8859/NotepadNext/issues/135
fetchSubmodules = true; fetchSubmodules = true;
}; };

File diff suppressed because it is too large Load diff

View file

@ -348,12 +348,12 @@
}; };
fish = buildGrammar { fish = buildGrammar {
language = "fish"; language = "fish";
version = "84436cf"; version = "6675b56";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "ram02z"; owner = "ram02z";
repo = "tree-sitter-fish"; repo = "tree-sitter-fish";
rev = "84436cf24c2b3176bfbb220922a0fdbd0141e406"; rev = "6675b56266b3f615fb112205b6b83a79315309c4";
hash = "sha256-oJuCd+2mTCEP/rNQzweShc7TZiqwKBIDRQqnV8VqQ4s="; hash = "sha256-hU2QMiNfO5/Drjl0QoUb9ERaK/3ETGaIsDBHMZ70n/A=";
}; };
meta.homepage = "https://github.com/ram02z/tree-sitter-fish"; meta.homepage = "https://github.com/ram02z/tree-sitter-fish";
}; };
@ -414,15 +414,26 @@
}; };
gitattributes = buildGrammar { gitattributes = buildGrammar {
language = "gitattributes"; language = "gitattributes";
version = "cee9f88"; version = "577a075";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "ObserverOfTime"; owner = "ObserverOfTime";
repo = "tree-sitter-gitattributes"; repo = "tree-sitter-gitattributes";
rev = "cee9f8865694b29bb9e85e0b90805f92ad3fc47e"; rev = "577a075d46ea109905c5cb6179809df88da61ce9";
hash = "sha256-Ne9D4c58AWvZz/2ytP0lJzKIss2hJtZFgSKsot9MOJE="; hash = "sha256-gBfLmNf7aaqMY3yMF7svFuqif43BAmmY1yYkvVcNUhI=";
}; };
meta.homepage = "https://github.com/ObserverOfTime/tree-sitter-gitattributes"; meta.homepage = "https://github.com/ObserverOfTime/tree-sitter-gitattributes";
}; };
gitcommit = buildGrammar {
language = "gitcommit";
version = "f6e7f24";
source = fetchFromGitHub {
owner = "gbprod";
repo = "tree-sitter-gitcommit";
rev = "f6e7f24fd12e1d01f9bf23f7625800ace134030c";
hash = "sha256-1MPb2JuBFfckh4sRMxwBWySwS5xHhQSaXx2Sl1Kfuso=";
};
meta.homepage = "https://github.com/gbprod/tree-sitter-gitcommit";
};
gitignore = buildGrammar { gitignore = buildGrammar {
language = "gitignore"; language = "gitignore";
version = "f4685bf"; version = "f4685bf";
@ -459,12 +470,12 @@
}; };
glsl = buildGrammar { glsl = buildGrammar {
language = "glsl"; language = "glsl";
version = "a743ada"; version = "e2c2214";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "theHamsta"; owner = "theHamsta";
repo = "tree-sitter-glsl"; repo = "tree-sitter-glsl";
rev = "a743ada24fa17da9acc5665133f07d56e03530be"; rev = "e2c2214045de2628b81089b1a739962f59654558";
hash = "sha256-l2t2U4fZYMMpc1Nkv8JODtDny0/kSUsbiJ/VVD5VyhI="; hash = "sha256-GrbheFLeJLAvm3LE4WOfmYnIjVcRkD9pfugJJuIc25A=";
}; };
meta.homepage = "https://github.com/theHamsta/tree-sitter-glsl"; meta.homepage = "https://github.com/theHamsta/tree-sitter-glsl";
}; };
@ -570,12 +581,12 @@
}; };
help = buildGrammar { help = buildGrammar {
language = "help"; language = "help";
version = "49cdef5"; version = "ce20f13";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "tree-sitter-vimdoc"; repo = "tree-sitter-vimdoc";
rev = "49cdef52ded4a886bf34bc474876b09f9270d48f"; rev = "ce20f13c3f12506185754888feaae3f2ad54c287";
hash = "sha256-szNY2yw5i9pgF+MpaEAkP8BgSYEe6nrFW+17sbSZ6Yc="; hash = "sha256-XklORrP4ToX4klXFYxMv2s63INWugDyjl3mtLDdUHlg=";
}; };
meta.homepage = "https://github.com/neovim/tree-sitter-vimdoc"; meta.homepage = "https://github.com/neovim/tree-sitter-vimdoc";
}; };
@ -592,12 +603,12 @@
}; };
hlsl = buildGrammar { hlsl = buildGrammar {
language = "hlsl"; language = "hlsl";
version = "384b26e"; version = "329e3c8";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "theHamsta"; owner = "theHamsta";
repo = "tree-sitter-hlsl"; repo = "tree-sitter-hlsl";
rev = "384b26ec65e10f26cf147bfcde772c50ca5ef0d0"; rev = "329e3c8bd6f696a6128e0dccba34b2799dc3037e";
hash = "sha256-f6jKhC1vPpNTY0Rv1WMdJMNXRFiLsCApy/kIv7CBesA="; hash = "sha256-unxcw0KTlMDtcdjvIZidU/QckjfHBtc+LzAR7SukdU0=";
}; };
meta.homepage = "https://github.com/theHamsta/tree-sitter-hlsl"; meta.homepage = "https://github.com/theHamsta/tree-sitter-hlsl";
}; };
@ -856,6 +867,17 @@
}; };
meta.homepage = "https://github.com/Kerl13/tree-sitter-menhir"; meta.homepage = "https://github.com/Kerl13/tree-sitter-menhir";
}; };
mermaid = buildGrammar {
language = "mermaid";
version = "d787c66";
source = fetchFromGitHub {
owner = "monaqa";
repo = "tree-sitter-mermaid";
rev = "d787c66276e7e95899230539f556e8b83ee16f6d";
hash = "sha256-JwQ3jfwwOvM9eJWP/D3wXUBDysRxpa+mktYFajwA3IA=";
};
meta.homepage = "https://github.com/monaqa/tree-sitter-mermaid";
};
meson = buildGrammar { meson = buildGrammar {
language = "meson"; language = "meson";
version = "153d225"; version = "153d225";
@ -1114,12 +1136,12 @@
}; };
rasi = buildGrammar { rasi = buildGrammar {
language = "rasi"; language = "rasi";
version = "1239134"; version = "5f04634";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "Fymyte"; owner = "Fymyte";
repo = "tree-sitter-rasi"; repo = "tree-sitter-rasi";
rev = "12391343979463a2484e6353e5afb6dcb8c31e8b"; rev = "5f04634dd4e12de4574c4a3dc9d6d5d4da4a2a1b";
hash = "sha256-JmL2Ei2DZhsZ4jFQ8s6B0ig9bflDs9dLr5/QknDqqRc="; hash = "sha256-2n8nHinlgtLKBlDLiphu7vqPi7W02brRY1h8BGkcoZc=";
}; };
meta.homepage = "https://github.com/Fymyte/tree-sitter-rasi"; meta.homepage = "https://github.com/Fymyte/tree-sitter-rasi";
}; };
@ -1301,12 +1323,12 @@
}; };
swift = buildGrammar { swift = buildGrammar {
language = "swift"; language = "swift";
version = "25f8de3"; version = "cff1c9a";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "alex-pinkus"; owner = "alex-pinkus";
repo = "tree-sitter-swift"; repo = "tree-sitter-swift";
rev = "25f8de356e3c33099ed691bd3b8b5c0fe3a11e15"; rev = "cff1c9a62df89e8900d53ff48bc42862e6522dcf";
hash = "sha256-x9m5QFQY33NWdkq0lkWiskfKxqRPz5ePSbVUDY7IBLU="; hash = "sha256-tfpqnutY8uLzhPWPsDzsvwaRWOS8vIxAOPlcyPoSwNU=";
}; };
generate = true; generate = true;
meta.homepage = "https://github.com/alex-pinkus/tree-sitter-swift"; meta.homepage = "https://github.com/alex-pinkus/tree-sitter-swift";
@ -1336,12 +1358,12 @@
}; };
tiger = buildGrammar { tiger = buildGrammar {
language = "tiger"; language = "tiger";
version = "eb1d371"; version = "a233ebe";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "ambroisie"; owner = "ambroisie";
repo = "tree-sitter-tiger"; repo = "tree-sitter-tiger";
rev = "eb1d3714998977ae76ca7c6a102b10ee37efc2b5"; rev = "a233ebe360a73a92c50978e5c4e9e471bc59ff42";
hash = "sha256-kbwERaTHk5Pj5AfpbXPuRS6speB+xLMfrhRXTVOyMNw="; hash = "sha256-lQ3WkA1v3J2FuK2zPUwqahPnHPkAuevpBJrLtrlqaEs=";
}; };
meta.homepage = "https://github.com/ambroisie/tree-sitter-tiger"; meta.homepage = "https://github.com/ambroisie/tree-sitter-tiger";
}; };
@ -1380,12 +1402,12 @@
}; };
tsx = buildGrammar { tsx = buildGrammar {
language = "tsx"; language = "tsx";
version = "0ab9d99"; version = "0ae3828";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "tree-sitter"; owner = "tree-sitter";
repo = "tree-sitter-typescript"; repo = "tree-sitter-typescript";
rev = "0ab9d99867435a7667c5548a6617a6bf73dbd830"; rev = "0ae382803abce0807e90f498105c713b9233e0b2";
hash = "sha256-Nx+K7Ic/ePKAXPIMlrRn6zELYE59f/FnnZ/LM5ELaU8="; hash = "sha256-we8jkX8Nl9+eGw8c6ZmH5hW7yfzFaNhQ+WDzRvMMx9A=";
}; };
location = "tsx"; location = "tsx";
meta.homepage = "https://github.com/tree-sitter/tree-sitter-typescript"; meta.homepage = "https://github.com/tree-sitter/tree-sitter-typescript";
@ -1414,12 +1436,12 @@
}; };
typescript = buildGrammar { typescript = buildGrammar {
language = "typescript"; language = "typescript";
version = "0ab9d99"; version = "0ae3828";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "tree-sitter"; owner = "tree-sitter";
repo = "tree-sitter-typescript"; repo = "tree-sitter-typescript";
rev = "0ab9d99867435a7667c5548a6617a6bf73dbd830"; rev = "0ae382803abce0807e90f498105c713b9233e0b2";
hash = "sha256-Nx+K7Ic/ePKAXPIMlrRn6zELYE59f/FnnZ/LM5ELaU8="; hash = "sha256-we8jkX8Nl9+eGw8c6ZmH5hW7yfzFaNhQ+WDzRvMMx9A=";
}; };
location = "typescript"; location = "typescript";
meta.homepage = "https://github.com/tree-sitter/tree-sitter-typescript"; meta.homepage = "https://github.com/tree-sitter/tree-sitter-typescript";
@ -1471,12 +1493,12 @@
}; };
vim = buildGrammar { vim = buildGrammar {
language = "vim"; language = "vim";
version = "4ae7bd6"; version = "55ff1b0";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "vigoux"; owner = "vigoux";
repo = "tree-sitter-viml"; repo = "tree-sitter-viml";
rev = "4ae7bd67706d7e10afed827ce2ded884ab41650f"; rev = "55ff1b080c09edeced9b748cf4c16d0b49d17fb9";
hash = "sha256-5gNqs6ykt2m48ghFv9y5OxsHDPTWRicdT9eR+DDiXiA="; hash = "sha256-bMh6RPP0+zpNkMS/mpbKTaug9EL6u4kTcztnEXaNGyA=";
}; };
meta.homepage = "https://github.com/vigoux/tree-sitter-viml"; meta.homepage = "https://github.com/vigoux/tree-sitter-viml";
}; };
@ -1515,12 +1537,12 @@
}; };
yang = buildGrammar { yang = buildGrammar {
language = "yang"; language = "yang";
version = "8e9d175"; version = "2c0e6be";
source = fetchFromGitHub { source = fetchFromGitHub {
owner = "Hubro"; owner = "Hubro";
repo = "tree-sitter-yang"; repo = "tree-sitter-yang";
rev = "8e9d175982afcefa3dac8ca20d40d1643accd2bd"; rev = "2c0e6be8dd4dcb961c345fa35c309ad4f5bd3502";
hash = "sha256-QSOy5wLb52hKkfW8bJY827zGrXTsMO5sZtl2NaNLmBA="; hash = "sha256-6EIK1EStHrUHBLZBsZqd1LL05ZAJ6PKUyIzBBsTVjO8=";
}; };
meta.homepage = "https://github.com/Hubro/tree-sitter-yang"; meta.homepage = "https://github.com/Hubro/tree-sitter-yang";
}; };

View file

@ -62,6 +62,10 @@ let
in in
{ {
postPatch = ''
rm -r parser
'';
passthru = { passthru = {
inherit builtGrammars allGrammars withPlugins withAllGrammars; inherit builtGrammars allGrammars withPlugins withAllGrammars;

View file

@ -749,6 +749,10 @@ self: super: {
''; '';
}); });
ssr = super.ssr-nvim.overrideAttrs (old: {
dependencies = with self; [ nvim-treesitter ];
});
statix = buildVimPluginFrom2Nix rec { statix = buildVimPluginFrom2Nix rec {
inherit (statix) pname src meta; inherit (statix) pname src meta;
version = "0.1.0"; version = "0.1.0";

View file

@ -415,6 +415,7 @@ https://github.com/Shougo/neco-syntax/,,
https://github.com/Shougo/neco-vim/,, https://github.com/Shougo/neco-vim/,,
https://github.com/nvim-neo-tree/neo-tree.nvim/,HEAD, https://github.com/nvim-neo-tree/neo-tree.nvim/,HEAD,
https://github.com/Shougo/neocomplete.vim/,, https://github.com/Shougo/neocomplete.vim/,,
https://github.com/folke/neoconf.nvim/,HEAD,
https://github.com/KeitaNakamura/neodark.vim/,, https://github.com/KeitaNakamura/neodark.vim/,,
https://github.com/folke/neodev.nvim/,HEAD, https://github.com/folke/neodev.nvim/,HEAD,
https://github.com/sbdchd/neoformat/,, https://github.com/sbdchd/neoformat/,,
@ -617,6 +618,7 @@ https://github.com/AndrewRadev/splitjoin.vim/,,
https://github.com/tami5/sqlite.lua/,, https://github.com/tami5/sqlite.lua/,,
https://github.com/srcery-colors/srcery-vim/,, https://github.com/srcery-colors/srcery-vim/,,
https://github.com/chr4/sslsecure.vim/,, https://github.com/chr4/sslsecure.vim/,,
https://github.com/cshuaimin/ssr.nvim/,HEAD,
https://github.com/luukvbaal/stabilize.nvim/,, https://github.com/luukvbaal/stabilize.nvim/,,
https://github.com/eigenfoo/stan-vim/,, https://github.com/eigenfoo/stan-vim/,,
https://github.com/darfink/starsearch.vim/,, https://github.com/darfink/starsearch.vim/,,

View file

@ -1406,8 +1406,8 @@ let
mktplcRef = { mktplcRef = {
name = "elixir-ls"; name = "elixir-ls";
publisher = "JakeBecker"; publisher = "JakeBecker";
version = "0.11.0"; version = "0.12.0";
sha256 = "sha256-okvwyD0m2r8ar85VtuBUNMUZGGrCfJ4DB9v7aSX5PjM="; sha256 = "sha256-ZwdGcsvmEKDH5ZAkKiLEV/3ru74BittnxibMWbdkaco=";
}; };
meta = with lib; { meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/JakeBecker.elixir-ls/changelog"; changelog = "https://marketplace.visualstudio.com/items/JakeBecker.elixir-ls/changelog";
@ -1451,8 +1451,8 @@ let
mktplcRef = { mktplcRef = {
name = "latex-workshop"; name = "latex-workshop";
publisher = "James-Yu"; publisher = "James-Yu";
version = "8.29.0"; version = "9.0.0";
sha256 = "sha256-khAlxN+y06aneZE97fqNg2esj/wvIUINiMdVc/exd38="; sha256 = "sha256-aXDYRLbDZGul2mG+jZs6o5Z5QVhEiOCaLhHpj/zVt6E=";
}; };
meta = with lib; { meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/James-Yu.latex-workshop/changelog"; changelog = "https://marketplace.visualstudio.com/items/James-Yu.latex-workshop/changelog";
@ -2451,6 +2451,16 @@ let
}; };
}; };
sonarsource.sonarlint-vscode = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "sonarlint-vscode";
publisher = "sonarsource";
version = "3.12.0";
sha256 = "sha256-vVOmqb0iEIGgN+LkJfazNN+KNWvnWRbIsqetXfeabJU=";
};
meta.license = lib.licenses.lgpl3Only;
};
spywhere.guides = buildVscodeMarketplaceExtension { spywhere.guides = buildVscodeMarketplaceExtension {
mktplcRef = { mktplcRef = {
name = "guides"; name = "guides";
@ -2517,8 +2527,8 @@ let
mktplcRef = { mktplcRef = {
name = "code-spell-checker"; name = "code-spell-checker";
publisher = "streetsidesoftware"; publisher = "streetsidesoftware";
version = "2.11.0"; version = "2.11.1";
sha256 = "sha256-ZYbkCe/FdSxmipV9TTq0AF/Ft01+LTUeo3sVyKMP3iQ="; sha256 = "sha256-o6Se+xpqwrdJIMnVE/HaDGIoDqZkeX0nTGHa8GjaqVQ=";
}; };
meta = with lib; { meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/streetsidesoftware.code-spell-checker/changelog"; changelog = "https://marketplace.visualstudio.com/items/streetsidesoftware.code-spell-checker/changelog";
@ -2947,8 +2957,8 @@ let
mktplcRef = { mktplcRef = {
name = "markdown-all-in-one"; name = "markdown-all-in-one";
publisher = "yzhang"; publisher = "yzhang";
version = "3.4.0"; version = "3.4.4";
sha256 = "0ihfrsg2sc8d441a2lkc453zbw1jcpadmmkbkaf42x9b9cipd5qb"; sha256 = "2lZfWP+yk0Dp8INLjlJY5ROGu0sLaWhb4fT+O9xGg0s=";
}; };
meta = { meta = {
license = lib.licenses.mit; license = lib.licenses.mit;

View file

@ -28,13 +28,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "cemu"; pname = "cemu";
version = "2.0-13"; version = "2.0-17";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "cemu-project"; owner = "cemu-project";
repo = "Cemu"; repo = "Cemu";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-0yomEJoXMKZV2PAjINegSvtDB6gbYxQ6XcXA60/ZkEM="; hash = "sha256-ryFph55o7s3eiqQ8kx5+3Et5S2U9H5i3fmZTc1CaCnA=";
}; };
patches = [ patches = [
@ -106,7 +106,13 @@ stdenv.mkDerivation rec {
preFixup = let preFixup = let
libs = [ vulkan-loader ] ++ cubeb.passthru.backendLibs; libs = [ vulkan-loader ] ++ cubeb.passthru.backendLibs;
in '' in ''
gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath libs}") gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath libs}"
# Force X11 to be used until Wayland is natively supported
# <https://github.com/cemu-project/Cemu/pull/143>
--set GDK_BACKEND x11
)
''; '';
meta = with lib; { meta = with lib; {

View file

@ -6,7 +6,7 @@
, bluez , bluez
, ffmpeg , ffmpeg
, libao , libao
, gtk2 , gtk3
, glib , glib
, libGLU , libGLU
, libGL , libGL
@ -21,7 +21,7 @@
, fetchFromGitHub , fetchFromGitHub
, libusb1 , libusb1
, libevdev , libevdev
, wxGTK30 , wxGTK30-gtk3
, soundtouch , soundtouch
, miniupnpc , miniupnpc
, mbedtls , mbedtls
@ -43,29 +43,33 @@ stdenv.mkDerivation rec {
}; };
patches = [ patches = [
# Fix build with soundtouch 2.1.2 # Fix FTBFS with glibc 2.26
(fetchpatch { (fetchpatch {
url = "https://src.fedoraproject.org/rpms/dolphin-emu/raw/a1b91fdf94981e12c8889a02cba0ec2267d0f303/f/dolphin-emu-5.0-soundtouch-exception-fix.patch"; url = "https://salsa.debian.org/games-team/dolphin-emu/raw/8c952b1fcd46259e9d8cce836df433e0a8b88f8c/debian/patches/02_glibc-2.26.patch";
name = "dolphin-emu-5.0-soundtouch-exception-fix.patch"; name = "02_glibc-2.26.patch";
sha256 = "0yd3l46nja5qiknnl30ryad98f3v8911jwnr67hn61dzx2kwbbaw"; sha256 = "sha256-LBXT3rf5klwmX9YQXt4/iv06GghsWZprNhLGYlKiDqk=";
}) })
# Fix build with gcc 8 # Fix FTBFS with GCC 8
(fetchpatch { (fetchpatch {
url = "https://salsa.debian.org/games-team/dolphin-emu/raw/9b7b4aeac1b60dcf28bdcafbed6bc498b2aeb0ad/debian/patches/03_gcc8.patch"; url = "https://salsa.debian.org/games-team/dolphin-emu/raw/8c952b1fcd46259e9d8cce836df433e0a8b88f8c/debian/patches/03_gcc8.patch";
name = "03_gcc8.patch"; name = "03_gcc8.patch";
sha256 = "1da95gb8c95kd5cjhdvg19cv2z863lj3va5gx3bqc7g8r36glqxr"; sha256 = "sha256-uWP6zMjoHYbX6K+oPSQdBn2xWQpvNyhZabMkhtYrSbU=";
})
# Fix FTBFS with SoundTouch 2.1.2
(fetchpatch {
url = "https://salsa.debian.org/games-team/dolphin-emu/raw/8c952b1fcd46259e9d8cce836df433e0a8b88f8c/debian/patches/05_soundtouch-2.1.2.patch";
name = "05_soundtouch-2.1.2.patch";
sha256 = "sha256-Y7CNM6GQC9GRhlOBLZlxkIpj1CFhIwA5L8lGXur/bwY=";
})
# Use GTK+3 wxWidgets backend
(fetchpatch {
url = "https://salsa.debian.org/games-team/dolphin-emu/raw/8c952b1fcd46259e9d8cce836df433e0a8b88f8c/debian/patches/06_gtk3.patch";
name = "06_gtk3.patch";
sha256 = "sha256-pu5Q0+8kNwmpf2DoXCXHFqxF0EGTnFXJipkBz1Vh2cs=";
}) })
]; ];
postPatch = ''
substituteInPlace Source/Core/VideoBackends/OGL/RasterFont.cpp \
--replace " CHAR_WIDTH " " CHARWIDTH "
'';
cmakeFlags = [ cmakeFlags = [
"-DGTK2_GLIBCONFIG_INCLUDE_DIR=${glib.out}/lib/glib-2.0/include"
"-DGTK2_GDKCONFIG_INCLUDE_DIR=${gtk2.out}/lib/gtk-2.0/include"
"-DGTK2_INCLUDE_DIRS=${gtk2.dev}/include/gtk-2.0"
"-DENABLE_LTO=True" "-DENABLE_LTO=True"
]; ];
@ -80,7 +84,7 @@ stdenv.mkDerivation rec {
libao libao
libGLU libGLU
libGL libGL
gtk2 gtk3
glib glib
gettext gettext
libpthreadstubs libpthreadstubs
@ -97,7 +101,7 @@ stdenv.mkDerivation rec {
portaudio portaudio
libusb1 libusb1
libpulseaudio libpulseaudio
wxGTK30 wxGTK30-gtk3
soundtouch soundtouch
miniupnpc miniupnpc
mbedtls mbedtls
@ -117,6 +121,6 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ MP2E ashkitten ]; maintainers = with maintainers; [ MP2E ashkitten ];
# x86_32 is an unsupported platform. # x86_32 is an unsupported platform.
# Enable generic build if you really want a JIT-less binary. # Enable generic build if you really want a JIT-less binary.
platforms = [ "x86_64-linux" ]; platforms = [ "x86_64-linux" "aarch64-linux" ];
}; };
} }

View file

@ -6,7 +6,6 @@
, cmake , cmake
, curl , curl
, fetchFromGitHub , fetchFromGitHub
, fetchpatch
, ffmpeg , ffmpeg
, fluidsynth , fluidsynth
, gettext , gettext
@ -50,7 +49,7 @@ let
mkLibretroCore = mkLibretroCore =
{ core { core
, src ? (getCoreSrc core) , src ? (getCoreSrc core)
, version ? "unstable-2022-10-18" , version ? "unstable-2022-11-21"
, ... , ...
}@args: }@args:
import ./mkLibretroCore.nix ({ import ./mkLibretroCore.nix ({
@ -796,11 +795,6 @@ in
puae = mkLibretroCore { puae = mkLibretroCore {
core = "puae"; core = "puae";
makefile = "Makefile"; makefile = "Makefile";
# https://github.com/libretro/libretro-uae/pull/529
patches = fetchpatch {
url = "https://github.com/libretro/libretro-uae/commit/90ba4c9bb940e566781c3590553270ad69cf212e.patch";
sha256 = "sha256-9xkRravvyFZc0xsIj0OSm2ux5BqYogfQ1TDnH9l6jKw=";
};
meta = { meta = {
description = "Amiga emulator based on WinUAE"; description = "Amiga emulator based on WinUAE";
license = lib.licenses.gpl2Only; license = lib.licenses.gpl2Only;

View file

@ -45,12 +45,12 @@ let
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "retroarch-bare"; pname = "retroarch-bare";
version = "1.12.0"; version = "1.13.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "libretro"; owner = "libretro";
repo = "RetroArch"; repo = "RetroArch";
hash = "sha256-doLWNA8aTAllxx3zABtvZaegBQEPIi8276zbytPSdBU="; hash = "sha256-eEe0mM9gUWgEzoRH1Iuet20US9eXNtCVSBi2kX1njVw=";
rev = "v${version}"; rev = "v${version}";
}; };

View file

@ -38,8 +38,8 @@
"beetle-psx": { "beetle-psx": {
"owner": "libretro", "owner": "libretro",
"repo": "beetle-psx-libretro", "repo": "beetle-psx-libretro",
"rev": "bd6b9ef3049fe3f70a18ee6f752a935ae83c2f2b", "rev": "798fab9d5bc82dde26442d9b4861d377d4689e31",
"sha256": "CXcLMOF6IXUrp14nyTQ5KK2LR+FyWcF0UcvHTxEVSo0=" "sha256": "wHCUSMdPbIudmNm4XXW/zH6TDz7x9DrMNV/L8H3aO/w="
}, },
"beetle-saturn": { "beetle-saturn": {
"owner": "libretro", "owner": "libretro",
@ -129,8 +129,8 @@
"dolphin": { "dolphin": {
"owner": "libretro", "owner": "libretro",
"repo": "dolphin", "repo": "dolphin",
"rev": "9810e29a1f3633d32b6643b97a1147d83311d73a", "rev": "a8188dbc4e63d6c0867ed2196f5125130955f012",
"sha256": "iIaVSJSC3mD1k751vQvWI6x0C/HhfjEaMwfX53FpZv4=" "sha256": "gf9OjeDazDPDnQ9S2+hV4CNxPAkCCaEhJDZF97a1//U="
}, },
"dosbox": { "dosbox": {
"owner": "libretro", "owner": "libretro",
@ -141,8 +141,8 @@
"eightyone": { "eightyone": {
"owner": "libretro", "owner": "libretro",
"repo": "81-libretro", "repo": "81-libretro",
"rev": "73f6cca62dabc84df946aea71cf457ce5ae5ea9d", "rev": "340a51b250fb8fbf1a9e5d3ad3924044250064e0",
"sha256": "oovIKMZXxtLc+zmbguagTVoMPngokdN3xTBnb/+KUjY=" "sha256": "Cz3gPwbME8lDMKju3dn8hM8O2u9h9+8EUg7Nf6a7epA="
}, },
"fbalpha2012": { "fbalpha2012": {
"owner": "libretro", "owner": "libretro",
@ -153,14 +153,14 @@
"fbneo": { "fbneo": {
"owner": "libretro", "owner": "libretro",
"repo": "fbneo", "repo": "fbneo",
"rev": "758f24740d81ff833c1868befd98ccd11909255f", "rev": "a12455af75e60765da134b83051700e0fbe3803a",
"sha256": "VhfsvohRWICWqKWry0fgUS76kiXBsnjY9DytxEvulKA=" "sha256": "ujO9KVn7o6xueeEr5GHfOy7NimwNIvYxgMM9xJvtjvo="
}, },
"fceumm": { "fceumm": {
"owner": "libretro", "owner": "libretro",
"repo": "libretro-fceumm", "repo": "libretro-fceumm",
"rev": "3d3cc53c0177e296af2427c29bbb31902b26f3b8", "rev": "8c3f690e61a1d65dfb25510426ae88eeae93e1ae",
"sha256": "Z5LqP6IBq0H6uM0027PSkW6JLvVDA/4CrO6bI478Z1o=" "sha256": "vzPrAEII8SWj3Ki2OaZb0/9gbQDz04rp2dXf2LE1sXg="
}, },
"flycast": { "flycast": {
"owner": "libretro", "owner": "libretro",
@ -189,8 +189,8 @@
"genesis-plus-gx": { "genesis-plus-gx": {
"owner": "libretro", "owner": "libretro",
"repo": "Genesis-Plus-GX", "repo": "Genesis-Plus-GX",
"rev": "5cdb31854074de1662266a0a675866ea7b787b42", "rev": "3abf975785fe77267a399cc583ccf1469e081b86",
"sha256": "vMswSKM5aYlPZu5y4Z1L/+eaPBdQaLPPMKoC7B/xzqc=" "sha256": "QdiWKS7j80Sw0L+hf6efmQ40lQi/f95pFLQfoohoUKg="
}, },
"gpsp": { "gpsp": {
"owner": "libretro", "owner": "libretro",
@ -219,8 +219,8 @@
"mame": { "mame": {
"owner": "libretro", "owner": "libretro",
"repo": "mame", "repo": "mame",
"rev": "0d935696dce53a13eaf0705f4a108ee348f3c613", "rev": "57622367cb780013690d6ef23b2066b500f6ce92",
"sha256": "HnJ3eHzTpR7Lsi1ATn3B314y0KNKJ0+qNGcDbFvmZEA=" "sha256": "0iR1JGAhwYXXLnv8BDW1bsxfFywEI82aov2+MHw5w6Q="
}, },
"mame2000": { "mame2000": {
"owner": "libretro", "owner": "libretro",
@ -231,14 +231,14 @@
"mame2003": { "mame2003": {
"owner": "libretro", "owner": "libretro",
"repo": "mame2003-libretro", "repo": "mame2003-libretro",
"rev": "cb0c89304b2cd584cda7105c6be4e69fa304f0e0", "rev": "dbdda8e7189d63061ac42f502c0cd2dc7f1f8651",
"sha256": "ob/aUh5NZCfQvpA+nEs2QhVXeNBBVZesX/xQfatY9wU=" "sha256": "XED/gunYOc+NnQ8YORw/ALP2eCTyvRdIxPiFpNf5nuA="
}, },
"mame2003-plus": { "mame2003-plus": {
"owner": "libretro", "owner": "libretro",
"repo": "mame2003-plus-libretro", "repo": "mame2003-plus-libretro",
"rev": "d88d5c118e8d7075ec0a4e6deebb4cd3f18a8dd1", "rev": "5dd4a30500edc0b00c712750093aa287c9bb4ce2",
"sha256": "9offucQMCpMqo4StYscS6kivXCYHy4Sn+Cs/3MoNwsw=" "sha256": "Nvm5U6rpsDZdUJONtvZ6YmztuupLaXz2QT0SBJtzO/4="
}, },
"mame2010": { "mame2010": {
"owner": "libretro", "owner": "libretro",
@ -285,14 +285,14 @@
"mgba": { "mgba": {
"owner": "libretro", "owner": "libretro",
"repo": "mgba", "repo": "mgba",
"rev": "199a03e719436018779fe9299706c597fb2e9231", "rev": "ec5ecb26deba8d7ac830fc66ade9fac0eeaeb4ae",
"sha256": "3Q3MBzezCvl1Er45AeUM/QI0a+JiGn/PfYpqMaaiuds=" "sha256": "kDDs+M7TPu6UhFnj9+XGI9whQFQ5/+7fSb0YUN7oMsg="
}, },
"mupen64plus": { "mupen64plus": {
"owner": "libretro", "owner": "libretro",
"repo": "mupen64plus-libretro-nx", "repo": "mupen64plus-libretro-nx",
"rev": "c10546e333d57eb2e5a6ccef1e84cb6f9274c526", "rev": "1b67122ff6a923c93a56ff94273e3768a6da5dff",
"sha256": "dbS32slJBfz8DHeIQy20lAYw0+ig0LRgIaGfqW082xs=" "sha256": "qORxhy7hXVdGUkQumOmGVXnF1kW0BShMNBVlaRu3a1w="
}, },
"neocd": { "neocd": {
"owner": "libretro", "owner": "libretro",
@ -303,8 +303,8 @@
"nestopia": { "nestopia": {
"owner": "libretro", "owner": "libretro",
"repo": "nestopia", "repo": "nestopia",
"rev": "a9ee6ca84f04990e209880fe47144e62b14253db", "rev": "5c360e55d5437ecd3520568ee44cf1af63d4696a",
"sha256": "q3pD2Cm/a62x3xW8JymU9w82zHlT0BoPlaSfzjZzh/c=" "sha256": "+1QQc4gVZ5ZHt/I0bjRkW+kbPaeGUNrjbrzUoVz4drM="
}, },
"np2kai": { "np2kai": {
"owner": "AZO234", "owner": "AZO234",
@ -316,8 +316,8 @@
"nxengine": { "nxengine": {
"owner": "libretro", "owner": "libretro",
"repo": "nxengine-libretro", "repo": "nxengine-libretro",
"rev": "aa32afb8df8461920037bdbbddbff00bf465c6de", "rev": "e271c6262d73f07e5d92d285503f1c049801c51a",
"sha256": "Ic5YsNLoEZJ/vkjthwypwLN3ntB/5EX8bU92V80S7R4=" "sha256": "PfzHV6/nGUdbnfZ8+aHuoIQhvKcxdbuKnjIMWIIFt7Q="
}, },
"o2em": { "o2em": {
"owner": "libretro", "owner": "libretro",
@ -346,8 +346,8 @@
"pcsx_rearmed": { "pcsx_rearmed": {
"owner": "libretro", "owner": "libretro",
"repo": "pcsx_rearmed", "repo": "pcsx_rearmed",
"rev": "5ced3945423cda0010597b27b7da6bce77b12baa", "rev": "a4e249a1373cf6269e1e4e0d60105e72210e67d3",
"sha256": "8O2XyEr40HqQf8mHxmvB6/UT837HZw8SrKBy/JH66p4=" "sha256": "NOz2NQonVWEhEhAgSFHSWv6bmuTPcw0R9ihISlGwkb0="
}, },
"picodrive": { "picodrive": {
"owner": "libretro", "owner": "libretro",
@ -359,15 +359,15 @@
"play": { "play": {
"owner": "jpd002", "owner": "jpd002",
"repo": "Play-", "repo": "Play-",
"rev": "1126c39cd8ebf56af347c475139d4db97fc7cc19", "rev": "ad3b855c6d8cc62c85e2a5d2f659159fdfaa8d80",
"sha256": "H/cYFWl8rA/ZdoygEjr7h1y6Z0n29Z+OCzzVMvIuVyo=", "sha256": "+uTf/xv2JHuNGx0bxFNXf0akRzonzRMT7gSvT2n12+o=",
"fetchSubmodules": true "fetchSubmodules": true
}, },
"ppsspp": { "ppsspp": {
"owner": "hrydgard", "owner": "hrydgard",
"repo": "ppsspp", "repo": "ppsspp",
"rev": "4af4b0dddc638b00205d9943f17a2806e438fe83", "rev": "e654f6937a02f4a2ac8cce3574ab4f2db99f77d4",
"sha256": "5n+Mg2ZDTJd5fk1OZAiYnCT13G3LAWahXPA+MwaOF08=", "sha256": "LTqRA3KMV/VuQH0eTWjpOqy0U944c4ofPNEsexf93Kc=",
"fetchSubmodules": true "fetchSubmodules": true
}, },
"prboom": { "prboom": {
@ -385,8 +385,8 @@
"puae": { "puae": {
"owner": "libretro", "owner": "libretro",
"repo": "libretro-uae", "repo": "libretro-uae",
"rev": "4d8ebafe3f91c4998e8d73940e9558d863ecf93b", "rev": "d9a8dfbde7f6967fea3cffe09cd87e1d79a1a3fd",
"sha256": "dzfZFm7L+Qe3WwSYiMLp3cQm8zk0pWVB68nBe/H1Hvc=" "sha256": "uMn9ejknjwGmbc0JOu/xl30z3ff7vpxtA3qr2sv0glI="
}, },
"quicknes": { "quicknes": {
"owner": "libretro", "owner": "libretro",
@ -415,8 +415,8 @@
"snes9x": { "snes9x": {
"owner": "snes9xgit", "owner": "snes9xgit",
"repo": "snes9x", "repo": "snes9x",
"rev": "28be1a196d2c59ed4b6489d487187569a7370aff", "rev": "3c4982edddfdba482204ed48cf0b1d41ccae5493",
"sha256": "FW4ynSS+R1ygQaCS0UrWGktfHGtcy0P/Mp/BXKfmII0=" "sha256": "d4luyBSU/4PdsDd2jLwWSyckBPAqXMJ3C1sNmLO+E6U="
}, },
"snes9x2002": { "snes9x2002": {
"owner": "libretro", "owner": "libretro",
@ -439,8 +439,8 @@
"stella": { "stella": {
"owner": "stella-emu", "owner": "stella-emu",
"repo": "stella", "repo": "stella",
"rev": "7193c405327e0f2156d24d53836162f4b44af079", "rev": "fa49e034101a22344c7bd01648d514b6cc61ac7f",
"sha256": "A9icQON+0WrknjGp/0wiFNSWs2ot2s0X5lucCdk4O/s=" "sha256": "Svv+j7/9PvZ6djk2kfpbr9iUC8xqX8B4Plnf43Hj62A="
}, },
"stella2014": { "stella2014": {
"owner": "libretro", "owner": "libretro",
@ -451,8 +451,8 @@
"swanstation": { "swanstation": {
"owner": "libretro", "owner": "libretro",
"repo": "swanstation", "repo": "swanstation",
"rev": "ff0b451a573885a5b3a4f291f7b22f3ffc667a17", "rev": "27a224fc9e86e0f061504878d1c0cbf3fd6891af",
"sha256": "jz8tkvgonc4icRt12tt1BBCCiwec0ucix7Hp7PNPl8E=" "sha256": "5kW9/4gMfyvo3ExlJVivx8LhW5as3Mq5fhlNrIFDUVM="
}, },
"tgbdual": { "tgbdual": {
"owner": "libretro", "owner": "libretro",
@ -494,8 +494,8 @@
"virtualjaguar": { "virtualjaguar": {
"owner": "libretro", "owner": "libretro",
"repo": "virtualjaguar-libretro", "repo": "virtualjaguar-libretro",
"rev": "263c979be4ca757c43fb525bd6f0887998e57041", "rev": "2cc06899b839639397b8b30384a191424b6f529d",
"sha256": "6Q6Y0IFUWS9ZPhnAK3EUo4hMGPdBn8eNEYCK/zLgAKU=" "sha256": "7FiU5/n1hVePttkz7aVfXXx88+zX06/5SJk3EaRYvhQ="
}, },
"yabause": { "yabause": {
"owner": "libretro", "owner": "libretro",

View file

@ -5,12 +5,12 @@
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
pname = "libretro-core-info"; pname = "libretro-core-info";
version = "1.12.0"; version = "1.13.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "libretro"; owner = "libretro";
repo = "libretro-core-info"; repo = "libretro-core-info";
hash = "sha256-ByATDM0V40UJxigqVLyTWkHY5tiCC2dvZebksl8GsUI="; hash = "sha256-rTq2h+IGJduBkP4qCACmm3T2PvbZ0mOmwD1jLkJ2j/Q=";
rev = "v${version}"; rev = "v${version}";
}; };

View file

@ -2,13 +2,13 @@
buildGoModule rec { buildGoModule rec {
pname = "llama"; pname = "llama";
version = "1.1.1"; version = "1.2.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "antonmedv"; owner = "antonmedv";
repo = "llama"; repo = "llama";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-/YnaKodMkuHrB0xH1UNRq+a6VknKRqcbBIehaYM6Gyc="; sha256 = "sha256-32UyFy269rifw4Hjw18FO0F79sDNW8dgJ2MdGXSzLWo=";
}; };
vendorSha256 = "sha256-nngto104p/qJpWM1NlmEqcrJThXSeCfcoXCzV1CClYQ="; vendorSha256 = "sha256-nngto104p/qJpWM1NlmEqcrJThXSeCfcoXCzV1CClYQ=";

View file

@ -5,7 +5,7 @@
, perl , perl
, makeWrapper , makeWrapper
, writeText , writeText
, jdk11 , jdk
, gsettings-desktop-schemas , gsettings-desktop-schemas
}: }:
@ -96,7 +96,7 @@ stdenv.mkDerivation rec {
makeWrapper $out/share/mucommander/mucommander.sh $out/bin/mucommander \ makeWrapper $out/share/mucommander/mucommander.sh $out/bin/mucommander \
--prefix XDG_DATA_DIRS : ${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name} \ --prefix XDG_DATA_DIRS : ${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name} \
--set JAVA_HOME ${jdk11} --set JAVA_HOME ${jdk}
''; '';
meta = with lib; { meta = with lib; {

View file

@ -19,19 +19,19 @@
assert withIcons -> withNerdIcons == false; assert withIcons -> withNerdIcons == false;
assert withNerdIcons -> withIcons == false; assert withNerdIcons -> withIcons == false;
stdenv.mkDerivation rec { stdenv.mkDerivation (finalAttrs: {
pname = "nnn"; pname = "nnn";
version = "4.6"; version = "4.7";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "jarun"; owner = "jarun";
repo = pname; repo = "nnn";
rev = "v${version}"; rev = "v${finalAttrs.version}";
sha256 = "sha256-+EAKOXZp1kxA2X3e16ItjPT7Sa3WZuP2oxOdXkceTIY="; hash = "sha256-ttG0aEqMlNyJaMhcVfrxbxlrhr1GSydrV58CYSq4CTM=";
}; };
configFile = lib.optionalString (conf != null) (builtins.toFile "nnn.h" conf); configFile = lib.optionalString (conf != null) (builtins.toFile "nnn.h" conf);
preBuild = lib.optionalString (conf != null) "cp ${configFile} src/nnn.h"; preBuild = lib.optionalString (conf != null) "cp ${finalAttrs.configFile} src/nnn.h";
nativeBuildInputs = [ installShellFiles makeWrapper pkg-config ]; nativeBuildInputs = [ installShellFiles makeWrapper pkg-config ];
buildInputs = [ readline ncurses ] ++ lib.optional stdenv.hostPlatform.isMusl musl-fts; buildInputs = [ readline ncurses ] ++ lib.optional stdenv.hostPlatform.isMusl musl-fts;
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isMusl "-I${musl-fts}/include"; NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isMusl "-I${musl-fts}/include";
NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isMusl "-lfts"; NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isMusl "-lfts";
makeFlags = [ "PREFIX=${placeholder "out"}" ] makeFlags = [ "PREFIX=$(out)" ]
++ lib.optionals withIcons [ "O_ICONS=1" ] ++ lib.optionals withIcons [ "O_ICONS=1" ]
++ lib.optionals withNerdIcons [ "O_NERD=1" ]; ++ lib.optionals withNerdIcons [ "O_NERD=1" ];
@ -61,4 +61,4 @@ stdenv.mkDerivation rec {
platforms = platforms.all; platforms = platforms.all;
maintainers = with maintainers; [ jfrankenau Br1ght0ne ]; maintainers = with maintainers; [ jfrankenau Br1ght0ne ];
}; };
} })

Some files were not shown because too many files have changed in this diff Show more