From 248dc21a54b85fd3c613252416eb309719569c2f Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 29 Mar 2024 22:27:22 -0400 Subject: [PATCH 1/5] treewide: fix renamed incus container tests --- .../linux/lxcfs/default.nix => by-name/lx/lxcfs/package.nix} | 5 +++++ pkgs/os-specific/linux/lxc/default.nix | 4 ++-- pkgs/tools/virtualization/distrobuilder/default.nix | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) rename pkgs/{os-specific/linux/lxcfs/default.nix => by-name/lx/lxcfs/package.nix} (89%) diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/by-name/lx/lxcfs/package.nix similarity index 89% rename from pkgs/os-specific/linux/lxcfs/default.nix rename to pkgs/by-name/lx/lxcfs/package.nix index 00c7f6f5edbd..07dec2a8dc8f 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/by-name/lx/lxcfs/package.nix @@ -63,6 +63,11 @@ stdenv.mkDerivation rec { passthru.tests = { incus-container-old-init = nixosTests.incus.container-old-init; incus-container-new-init = nixosTests.incus.container-new-init; + passthru = { + tests = { + incus-container-legacy-init = nixosTests.incus.container-legacy-init; + incus-container-systemd-init = nixosTests.incus.container-systemd-init; + }; }; meta = { diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix index 4026784f92a4..e525c9c3f5f7 100644 --- a/pkgs/os-specific/linux/lxc/default.nix +++ b/pkgs/os-specific/linux/lxc/default.nix @@ -63,8 +63,8 @@ stdenv.mkDerivation rec { passthru = { tests = { - incus-old-init = nixosTests.incus.container-old-init; - incus-new-init = nixosTests.incus.container-new-init; + incus-legacy-init = nixosTests.incus.container-legacy-init; + incus-systemd-init = nixosTests.incus.container-systemd-init; }; updateScript = nix-update-script { extraArgs = [ diff --git a/pkgs/tools/virtualization/distrobuilder/default.nix b/pkgs/tools/virtualization/distrobuilder/default.nix index fb08c7110039..5ccf8070c3c9 100644 --- a/pkgs/tools/virtualization/distrobuilder/default.nix +++ b/pkgs/tools/virtualization/distrobuilder/default.nix @@ -52,8 +52,8 @@ buildGoModule rec { passthru = { tests = { - incus-old-init = nixosTests.incus.container-old-init; - incus-new-init = nixosTests.incus.container-new-init; + incus-legacy-init = nixosTests.incus.container-legacy-init; + incus-systemd-init = nixosTests.incus.container-systemd-init; }; generator = callPackage ./generator.nix { inherit src version; }; From 811965cd34f8878e6ad555a0c51ba73881c3acdf Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 29 Mar 2024 22:29:52 -0400 Subject: [PATCH 2/5] lxcfs: 5.0.4 -> 6.0.0 --- .../linux => by-name/lx}/lxcfs/no-spec.patch | 0 pkgs/by-name/lx/lxcfs/package.nix | 13 ++++++------- .../linux => by-name/lx}/lxcfs/pidfd.patch | 0 .../linux => by-name/lx}/lxcfs/skip-init.patch | 0 pkgs/top-level/all-packages.nix | 1 - 5 files changed, 6 insertions(+), 8 deletions(-) rename pkgs/{os-specific/linux => by-name/lx}/lxcfs/no-spec.patch (100%) rename pkgs/{os-specific/linux => by-name/lx}/lxcfs/pidfd.patch (100%) rename pkgs/{os-specific/linux => by-name/lx}/lxcfs/skip-init.patch (100%) diff --git a/pkgs/os-specific/linux/lxcfs/no-spec.patch b/pkgs/by-name/lx/lxcfs/no-spec.patch similarity index 100% rename from pkgs/os-specific/linux/lxcfs/no-spec.patch rename to pkgs/by-name/lx/lxcfs/no-spec.patch diff --git a/pkgs/by-name/lx/lxcfs/package.nix b/pkgs/by-name/lx/lxcfs/package.nix index 07dec2a8dc8f..67562ddc7baa 100644 --- a/pkgs/by-name/lx/lxcfs/package.nix +++ b/pkgs/by-name/lx/lxcfs/package.nix @@ -7,6 +7,7 @@ makeWrapper, meson, ninja, + nix-update-script, nixosTests, pkg-config, python3, @@ -15,13 +16,13 @@ stdenv.mkDerivation rec { pname = "lxcfs"; - version = "5.0.4"; + version = "6.0.0"; src = fetchFromGitHub { owner = "lxc"; repo = "lxcfs"; - rev = "lxcfs-${version}"; - sha256 = "sha256-vusxbFV7cnQVBOOo7E+fSyaE63f5QiE2xZhYavc8jJU="; + rev = "v${version}"; + sha256 = "sha256-Mx2ZTul3hUEL9SloYSOh+MGoc2QmZg88MTsfIOvaIZU="; }; patches = [ @@ -35,7 +36,6 @@ stdenv.mkDerivation rec { ./pidfd.patch ]; - nativeBuildInputs = [ meson help2man @@ -60,14 +60,13 @@ stdenv.mkDerivation rec { patchelf --set-rpath "$(patchelf --print-rpath "$out/bin/lxcfs"):$out/lib" "$out/bin/lxcfs" ''; - passthru.tests = { - incus-container-old-init = nixosTests.incus.container-old-init; - incus-container-new-init = nixosTests.incus.container-new-init; passthru = { tests = { incus-container-legacy-init = nixosTests.incus.container-legacy-init; incus-container-systemd-init = nixosTests.incus.container-systemd-init; }; + + updateScript = nix-update-script { }; }; meta = { diff --git a/pkgs/os-specific/linux/lxcfs/pidfd.patch b/pkgs/by-name/lx/lxcfs/pidfd.patch similarity index 100% rename from pkgs/os-specific/linux/lxcfs/pidfd.patch rename to pkgs/by-name/lx/lxcfs/pidfd.patch diff --git a/pkgs/os-specific/linux/lxcfs/skip-init.patch b/pkgs/by-name/lx/lxcfs/skip-init.patch similarity index 100% rename from pkgs/os-specific/linux/lxcfs/skip-init.patch rename to pkgs/by-name/lx/lxcfs/skip-init.patch diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d3bab087bf0a..d9e676750cdf 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10587,7 +10587,6 @@ with pkgs; lwc = callPackage ../tools/misc/lwc { }; lxc = callPackage ../os-specific/linux/lxc { }; - lxcfs = callPackage ../os-specific/linux/lxcfs { }; lxd = callPackage ../tools/admin/lxd/wrapper.nix { }; lxd-unwrapped = callPackage ../tools/admin/lxd { From a74f76e5e1a6bff6a4692fd56f08e8e3fca0c400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 31 Mar 2024 17:12:30 -0700 Subject: [PATCH 3/5] python311Packages.herepy: 3.6.0 -> 3.6.1 Diff: https://github.com/abdullahselek/HerePy/compare/refs/tags/3.6.0...3.6.1 Changelog: https://github.com/abdullahselek/HerePy/releases/tag/3.6.1 --- .../python-modules/herepy/default.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/herepy/default.nix b/pkgs/development/python-modules/herepy/default.nix index 379790d4b79b..07a8aec79c75 100644 --- a/pkgs/development/python-modules/herepy/default.nix +++ b/pkgs/development/python-modules/herepy/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , pythonOlder , fetchFromGitHub +, setuptools , requests , pytestCheckHook , responses @@ -9,19 +10,23 @@ buildPythonPackage rec { pname = "herepy"; - version = "3.6.0"; - format = "setuptools"; + version = "3.6.1"; + pyproject = true; - disabled = pythonOlder "3.5"; + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "abdullahselek"; repo = "HerePy"; rev = "refs/tags/${version}"; - hash = "sha256-wz6agxPKQvWobRIiYKYU2og33tzswd0qG1hawPCh1qI="; + hash = "sha256-DOtlXoVelTGY/fKkHW/K0d0w52Q7N91Whi9AHG4tRZQ="; }; - propagatedBuildInputs = [ + build-system = [ + setuptools + ]; + + dependencies = [ requests ]; @@ -35,6 +40,7 @@ buildPythonPackage rec { ]; meta = with lib; { + changelog = "https://github.com/abdullahselek/HerePy/releases/tag/${version}"; description = "Library that provides a Python interface to the HERE APIs"; homepage = "https://github.com/abdullahselek/HerePy"; license = licenses.mit; From 7f797a698f835e6744971c17d33abb5485729bd3 Mon Sep 17 00:00:00 2001 From: Pablo Ovelleiro Corral Date: Mon, 1 Apr 2024 02:55:15 +0200 Subject: [PATCH 4/5] wastebin: init at 2.4.3 (#287455) * wastebin: init at 2.4.3 * nixos/wastebin: init Add module and test for wastebin --- .../manual/release-notes/rl-2405.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/wastebin.nix | 158 ++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/wastebin.nix | 19 +++ pkgs/by-name/wa/wastebin/package.nix | 43 +++++ 6 files changed, 224 insertions(+) create mode 100644 nixos/modules/services/misc/wastebin.nix create mode 100644 nixos/tests/wastebin.nix create mode 100644 pkgs/by-name/wa/wastebin/package.nix diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 06d6ebbd2b0a..7afc14347f5c 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -140,6 +140,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable). +- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable). + - [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable) - [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0a15360f6ea5..9cbc421239ba 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -799,6 +799,7 @@ ./services/misc/transfer-sh.nix ./services/misc/tzupdate.nix ./services/misc/uhub.nix + ./services/misc/wastebin.nix ./services/misc/weechat.nix ./services/misc/workout-tracker.nix ./services/misc/xmr-stak.nix diff --git a/nixos/modules/services/misc/wastebin.nix b/nixos/modules/services/misc/wastebin.nix new file mode 100644 index 000000000000..3d0af2862683 --- /dev/null +++ b/nixos/modules/services/misc/wastebin.nix @@ -0,0 +1,158 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.wastebin; + inherit (lib) + mkEnableOption mkPackageOption mkIf mkOption + types mapAttrs isBool getExe boolToString optionalAttrs; +in +{ + + options.services.wastebin = { + + enable = mkEnableOption "Wastenbin pastebin service"; + + package = mkPackageOption pkgs "wastebin" { }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/wastebin"; + description = "State directory of the daemon."; + }; + + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/wastebin.env"; + description = '' + Path to file containing sensitive environment variables. + Some variables that can be considered secrets are: + + - WASTEBIN_PASSWORD_SALT: + salt used to hash user passwords used for encrypting pastes. + + - WASTEBIN_SIGNING_KEY: + sets the key to sign cookies. If not set, a random key will be + generated which means cookies will become invalid after restarts and + paste creators will not be able to delete their pastes anymore. + ''; + }; + + settings = mkOption { + + description = '' + Additional configuration for wastebin, see + for supported values. + For secrets use secretFile option instead. + ''; + + type = types.submodule { + + freeformType = with types; attrsOf (oneOf [ bool int str ]); + + options = { + + WASTEBIN_ADDRESS_PORT = mkOption { + type = types.str; + default = "0.0.0.0:8088"; + description = "Address and port to bind to"; + }; + + WASTEBIN_BASE_URL = mkOption { + default = "http://localhost"; + example = "https://myhost.tld"; + type = types.str; + description = '' + Base URL for the QR code display. If not set, the user agent's Host + header field is used as an approximation. + ''; + }; + + WASTEBIN_CACHE_SIZE = mkOption { + default = 128; + type = types.int; + description = "Number of rendered syntax highlight items to cache. Can be disabled by setting to 0."; + }; + + WASTEBIN_DATABASE_PATH = mkOption { + default = "/var/lib/wastebin/sqlite3.db"; # TODO make this default to stateDir/sqlite3.db + type = types.str; + description = "Path to the sqlite3 database file. If not set, an in-memory database is used."; + }; + + WASTEBIN_HTTP_TIMEOUT = mkOption { + default = 5; + type = types.int; + description = "Maximum number of seconds a request can be processed until wastebin responds with 408"; + }; + + WASTEBIN_MAX_BODY_SIZE = mkOption { + default = 1024; + type = types.int; + description = "Number of bytes to accept for POST requests"; + }; + + WASTEBIN_TITLE = mkOption { + default = "wastebin"; + type = types.str; + description = "Overrides the HTML page title"; + }; + + RUST_LOG = mkOption { + default = "info"; + type = types.str; + description = + '' + Influences logging. Besides the typical trace, debug, info etc. + keys, you can also set the tower_http key to some log level to get + additional information request and response logs. + ''; + }; + }; + }; + + default = { }; + + example = { + WASTEBIN_TITLE = "My awesome pastebin"; + }; + }; + }; + + config = mkIf cfg.enable + { + systemd.services.wastebin = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = mapAttrs (_: v: if isBool v then boolToString v else toString v) cfg.settings; + serviceConfig = { + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + DevicePolicy = "closed"; + DynamicUser = true; + ExecStart = "${getExe cfg.package}"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = [ "native" ]; + SystemCallFilter = [ "@system-service" ]; + StateDirectory = baseNameOf cfg.stateDir; + ReadWritePaths = cfg.stateDir; + } // optionalAttrs (cfg.secretFile != null) { + EnvironmentFile = cfg.secretFile; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ pinpox ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 6a6ef1f6f38b..c804ce9418cd 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -985,6 +985,7 @@ in { vsftpd = handleTest ./vsftpd.nix {}; warzone2100 = handleTest ./warzone2100.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; + wastebin = handleTest ./wastebin.nix {}; watchdogd = handleTest ./watchdogd.nix {}; webhook = runTest ./webhook.nix; wiki-js = handleTest ./wiki-js.nix {}; diff --git a/nixos/tests/wastebin.nix b/nixos/tests/wastebin.nix new file mode 100644 index 000000000000..1cf0ff80ae99 --- /dev/null +++ b/nixos/tests/wastebin.nix @@ -0,0 +1,19 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "wastebin"; + + meta = { + maintainers = with lib.maintainers; [ pinpox ]; + }; + + nodes.machine = { pkgs, ... }: { + services.wastebin = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("wastebin.service") + machine.wait_for_open_port(8088) + machine.succeed("curl --fail http://localhost:8088/") + ''; +}) diff --git a/pkgs/by-name/wa/wastebin/package.nix b/pkgs/by-name/wa/wastebin/package.nix new file mode 100644 index 000000000000..596d1d075219 --- /dev/null +++ b/pkgs/by-name/wa/wastebin/package.nix @@ -0,0 +1,43 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, sqlite +, zstd +}: + +rustPlatform.buildRustPackage rec { + pname = "wastebin"; + version = "2.4.3"; + + src = fetchFromGitHub { + owner = "matze"; + repo = "wastebin"; + rev = version; + hash = "sha256-5L9ug/OOvobic3bYjz8KUkQdnaVmAb2ltXCCiZkVHOg="; + }; + + cargoHash = "sha256-KbYbsV3+xhGFgcKrdLMiQ5+1meePjXYMD9PltlO+QMA="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + sqlite + zstd + ]; + + env = { + ZSTD_SYS_USE_PKG_CONFIG = true; + }; + + meta = with lib; { + description = "Wastebin is a pastebin"; + homepage = "https://github.com/matze/wastebin"; + changelog = "https://github.com/matze/wastebin/blob/${src.rev}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ pinpox matthiasbeyer ]; + mainProgram = "wastebin"; + }; +} From 292a4d8fa11907f90eb2e9730b8cf2414f03bf58 Mon Sep 17 00:00:00 2001 From: "Bryan A. S." Date: Mon, 18 Mar 2024 23:41:44 -0300 Subject: [PATCH 5/5] irpf: 2023-1.5 -> 2024-1.0 --- pkgs/applications/finance/irpf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/finance/irpf/default.nix b/pkgs/applications/finance/irpf/default.nix index 6ced017dff6c..b693aee613f7 100644 --- a/pkgs/applications/finance/irpf/default.nix +++ b/pkgs/applications/finance/irpf/default.nix @@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation rec { pname = "irpf"; - version = "2023-1.5"; + version = "2024-1.0"; # https://www.gov.br/receitafederal/pt-br/centrais-de-conteudo/download/pgd/dirpf # Para outros sistemas operacionais -> Multi @@ -19,7 +19,7 @@ stdenvNoCC.mkDerivation rec { year = lib.head (lib.splitVersion version); in fetchzip { url = "https://downloadirpf.receita.fazenda.gov.br/irpf/${year}/irpf/arquivos/IRPF${version}.zip"; - hash = "sha256-L1X+xysQSJ43TO8NSdO+T4aalampd4REL+5Uv33kYUI="; + hash = "sha256-x47Ud/aSfPuZYMZSGhJLnNFtNE62I+WjaFFatJPMPYg="; }; nativeBuildInputs = [ unzip makeWrapper copyDesktopItems ];