ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-30 17:49:58 +03:00
Code Issues Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2023-10-29 00:12:51 +00:00 committed by GitHub
commit 425871e878
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
569 changed files with 9566 additions and 35380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/CODEOWNERS vendored
View File

@ -116,7 +116,6 @@
/maintainers/scripts/update-python-libraries @FRidh
/pkgs/development/interpreters/python @FRidh
/doc/languages-frameworks/python.section.md @FRidh @mweinelt
/pkgs/development/tools/poetry2nix @adisbladis
/pkgs/development/interpreters/python/hooks @FRidh @jonringer
# Haskell

4
.github/ISSUE_TEMPLATE/unreproducible_package.md vendored
View File

@ -14,10 +14,10 @@ Fixing bit-by-bit reproducibility also has additional advantages, such as avoidi
### Steps To Reproduce
```
nix-build '<nixpkgs>' -A ... --check --keep-failed
nix-build '<nixpkgs>' -A ... && nix-build '<nixpkgs>' -A ... --check --keep-failed
```
You can use `diffoscope` to analyze the differences in the output of the two builds.
If this command completes successfully, no differences where found. However, when it ends in `error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>'`, you can use `diffoscope <Y> <Z>` to analyze the differences in the output of the two builds.
To view the build log of the build that produced the artifact in the binary cache:

10
doc/builders/fetchers.chapter.md
View File

@ -243,21 +243,21 @@ or
***
```
## `fetchFromBittorrent` {#fetchfrombittorrent}
## `fetchtorrent` {#fetchtorrent}
`fetchFromBittorrent` expects two arguments. `url` which can either be a Magnet URI (Magnet Link) such as `magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c` or an HTTP URL pointing to a `.torrent` file. It can also take a `config` argument which will craft a `settings.json` configuration file and give it to `transmission`, the underlying program that is performing the fetch. The available config options for `transmission` can be found [here](https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md#options)
`fetchtorrent` expects two arguments. `url` which can either be a Magnet URI (Magnet Link) such as `magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c` or an HTTP URL pointing to a `.torrent` file. It can also take a `config` argument which will craft a `settings.json` configuration file and give it to `transmission`, the underlying program that is performing the fetch. The available config options for `transmission` can be found [here](https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md#options)
```
{ fetchFromBittorrent }:
{ fetchtorrent }:
fetchFromBittorrent {
fetchtorrent {
config = { peer-limit-global = 100; };
url = "magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c";
sha256 = "";
}
```
### Parameters {#fetchfrombittorrent-parameters}
### Parameters {#fetchtorrent-parameters}
- `url`: Magnet URI (Magnet Link) such as `magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c` or an HTTP URL pointing to a `.torrent` file.

38
maintainers/maintainer-list.nix
View File

@ -1771,12 +1771,6 @@
githubId = 1217745;
name = "Aldwin Vlasblom";
};
aveltras = {
email = "romain.viallard@outlook.fr";
github = "aveltras";
githubId = 790607;
name = "Romain Viallard";
};
averelld = {
email = "averell+nixos@rxd4.com";
github = "averelld";
@ -2769,6 +2763,12 @@
githubId = 7435854;
name = "Victor Calvert";
};
camelpunch = {
email = "me@andrewbruce.net";
github = "camelpunch";
githubId = 141733;
name = "Andrew Bruce";
};
cameronfyfe = {
email = "cameron.j.fyfe@gmail.com";
github = "cameronfyfe";
@ -7460,6 +7460,12 @@
githubId = 25505957;
name = "Ilian";
};
iliayar = {
email = "iliayar3@gmail.com";
github = "iliayar";
githubId = 17529355;
name = "Ilya Yaroshevskiy";
};
ilikeavocadoes = {
email = "ilikeavocadoes@hush.com";
github = "ilikeavocadoes";
@ -7872,6 +7878,12 @@
githubId = 2212681;
name = "Jakub Grzgorz Sokołowski";
};
jakuzure = {
email = "shin@posteo.jp";
github = "jakuzure";
githubId = 11823547;
name = "jakuzure";
};
jali-clarke = {
email = "jinnah.ali-clarke@outlook.com";
name = "Jinnah Ali-Clarke";
@ -9776,6 +9788,11 @@
}];
name = "Joseph LaFreniere";
};
lagoja = {
github = "Lagoja";
githubId =750845;
name = "John Lago";
};
laikq = {
email = "gwen@quasebarth.de";
github = "laikq";
@ -13313,6 +13330,15 @@
githubId = 75299;
name = "Malcolm Matalka";
};
orhun = {
email = "orhunparmaksiz@gmail.com";
github = "orhun";
githubId = 24392180;
name = "Orhun Parmaksız";
keys = [{
fingerprint = "165E 0FF7 C48C 226E 1EC3 63A7 F834 2482 4B3E 4B90";
}];
};
orichter = {
email = "richter-oliver@gmx.net";
github = "ORichterSec";

2
maintainers/team-list.nix
View File

@ -430,6 +430,7 @@ with lib.maintainers; {
members = [
cleeyv
ryantm
lassulus
];
scope = "Maintain Jitsi.";
shortName = "Jitsi";
@ -931,7 +932,6 @@ with lib.maintainers; {
wdz = {
members = [
n0emis
netali
vidister
johannwagner
yuka

6
nixos/doc/manual/release-notes/rl-2311.section.md
View File

@ -86,6 +86,8 @@
- [pgBouncer](https://www.pgbouncer.org), a PostgreSQL connection pooler. Available as [services.pgbouncer](#opt-services.pgbouncer.enable).
- [Goss](https://goss.rocks/), a YAML based serverspec alternative tool for validating a server's configuration. Available as [services.goss](#opt-services.goss.enable).
- [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable).
- [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics.
@ -238,8 +240,6 @@
- `baloo`, the file indexer/search engine used by KDE now has a patch to prevent files from constantly being reindexed when the device ids of the their underlying storage changes. This happens frequently when using btrfs or LVM. The patch has not yet been accepted upstream but it provides a significantly improved experience. When upgrading, reset baloo to get a clean index: `balooctl disable ; balooctl purge ; balooctl enable`.
- `services.ddclient` has been removed on the request of the upstream maintainer because it is unmaintained and has bugs. Please switch to a different software like `inadyn` or `knsupdate`.
- The `vlock` program from the `kbd` package has been moved into its own package output and should now be referenced explicitly as `kbd.vlock` or replaced with an alternative such as the standalone `vlock` package or `physlock`.
- `fileSystems.<name>.autoFormat` now uses `systemd-makefs`, which does not accept formatting options. Therefore, `fileSystems.<name>.formatOptions` has been removed.
@ -339,6 +339,8 @@
- `mkDerivation` now rejects MD5 hashes.
- The `junicode` font package has been updated to [major version 2](https://github.com/psb1558/Junicode-font/releases/tag/v2.001), which is now a font family. In particular, plain `Junicode.ttf` no longer exists. In addition, TrueType font files are now placed in `font/truetype` instead of `font/junicode-ttf`; this change does not affect use via `fonts.packages` NixOS option.
## Other Notable Changes {#sec-release-23.11-notable-changes}
- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.

4
nixos/modules/config/mysql.nix
View File

@ -429,11 +429,11 @@ in
'';
};
# Activation script to append the password from the password file
# preStart script to append the password from the password file
# to the configuration files. It also fixes the owner of the
# libnss-mysql-root.cfg because it is changed to root after the
# password is appended.
system.activationScripts.mysql-auth-passwords = ''
systemd.services.mysql.preStart = ''
if [[ -r ${cfg.passwordFile} ]]; then
org_umask=$(umask)
umask 0077

11
nixos/modules/config/nix-channel.nix
View File

@ -97,12 +97,9 @@ in
nix.settings.nix-path = mkIf (! cfg.channel.enable) (mkDefault "");
system.activationScripts.nix-channel = mkIf cfg.channel.enable
(stringAfter [ "etc" "users" ] ''
# Subscribe the root user to the NixOS channel by default.
if [ ! -e "/root/.nix-channels" ]; then
echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels"
fi
'');
systemd.tmpfiles.rules = lib.mkIf cfg.channel.enable [
"f /root/.nix-channels -"
''w "/root/.nix-channels" - - - - "${config.system.defaultChannel} nixos\n"''
];
};
}

1
nixos/modules/module-list.nix
View File

@ -773,6 +773,7 @@
./services/monitoring/datadog-agent.nix
./services/monitoring/do-agent.nix
./services/monitoring/fusion-inventory.nix
./services/monitoring/goss.nix
./services/monitoring/grafana-agent.nix
./services/monitoring/grafana-image-renderer.nix
./services/monitoring/grafana-reporter.nix

13
nixos/modules/programs/cdemu.nix
View File

@ -53,6 +53,19 @@ in {
dbus.packages = [ pkgs.cdemu-daemon ];
};
users.groups.${config.programs.cdemu.group} = {};
# Systemd User service
# manually adapted from example in source package:
# https://sourceforge.net/p/cdemu/code/ci/master/tree/cdemu-daemon/service-example/cdemu-daemon.service
systemd.user.services.cdemu-daemon.description = "CDEmu daemon";
systemd.user.services.cdemu-daemon.serviceConfig = {
Type = "dbus";
BusName = "net.sf.cdemu.CDEmuDaemon";
ExecStart = "${pkgs.cdemu-daemon}/bin/cdemu-daemon --config-file \"%h/.config/cdemu-daemon\"";
Restart = "no";
};
environment.systemPackages =
[ pkgs.cdemu-daemon pkgs.cdemu-client ]
++ optional cfg.gui pkgs.gcdemu

15
nixos/modules/security/duosec.nix
View File

@ -193,8 +193,11 @@ in
source = "${pkgs.duo-unix.out}/bin/login_duo";
};
system.activationScripts = {
login_duo = mkIf cfg.ssh.enable ''
systemd.services.login-duo = lib.mkIf cfg.ssh.enable {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then
mkdir -m 0755 -p /etc/duo
@ -209,7 +212,13 @@ in
mv -fT "$conf" /etc/duo/login_duo.conf
fi
'';
pam_duo = mkIf cfg.pam.enable ''
};
systemd.services.pam-duo = lib.mkIf cfg.ssh.enable {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
script = ''
if test -f "${cfg.secretKeyFile}"; then
mkdir -m 0755 -p /etc/duo

51
nixos/modules/security/wrappers/default.nix
View File

@ -275,33 +275,38 @@ in
mrpx ${wrap.source},
'') wrappers;
###### wrappers activation script
system.activationScripts.wrappers =
lib.stringAfter [ "specialfs" "users" ]
''
chmod 755 "${parentWrapperDir}"
systemd.services.suid-sgid-wrappers = {
description = "Create SUID/SGID Wrappers";
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
unitConfig.RequiresMountsFor = [ "/nix/store" "/run/wrappers" ];
serviceConfig.Type = "oneshot";
script = ''
chmod 755 "${parentWrapperDir}"
# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
chmod a+rx "$wrapperDir"
# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
chmod a+rx "$wrapperDir"
${lib.concatStringsSep "\n" mkWrappedPrograms}
${lib.concatStringsSep "\n" mkWrappedPrograms}
if [ -L ${wrapperDir} ]; then
# Atomically replace the symlink
# See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
old=$(readlink -f ${wrapperDir})
if [ -e "${wrapperDir}-tmp" ]; then
rm --force --recursive "${wrapperDir}-tmp"
fi
ln --symbolic --force --no-dereference "$wrapperDir" "${wrapperDir}-tmp"
mv --no-target-directory "${wrapperDir}-tmp" "${wrapperDir}"
rm --force --recursive "$old"
else
# For initial setup
ln --symbolic "$wrapperDir" "${wrapperDir}"
if [ -L ${wrapperDir} ]; then
# Atomically replace the symlink
# See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
old=$(readlink -f ${wrapperDir})
if [ -e "${wrapperDir}-tmp" ]; then
rm --force --recursive "${wrapperDir}-tmp"
fi
'';
ln --symbolic --force --no-dereference "$wrapperDir" "${wrapperDir}-tmp"
mv --no-target-directory "${wrapperDir}-tmp" "${wrapperDir}"
rm --force --recursive "$old"
else
# For initial setup
ln --symbolic "$wrapperDir" "${wrapperDir}"
fi
'';
};
###### wrappers consistency checks
system.checks = lib.singleton (pkgs.runCommandLocal

2
nixos/modules/services/backup/borgmatic.nix
View File

@ -81,7 +81,7 @@ in
config = mkIf cfg.enable {
warnings = []
++ optional (cfg.settings != null && cfg.settings.location != null)
++ optional (cfg.settings != null && cfg.settings ? location)
"`services.borgmatic.settings.location` is deprecated, please move your options out of sections to the global scope"
++ optional (catAttrs "location" (attrValues cfg.configurations) != [])
"`services.borgmatic.configurations.<name>.location` is deprecated, please move your options out of sections to the global scope"

15
nixos/modules/services/backup/restic.nix
View File

@ -23,25 +23,13 @@ in
environmentFile = mkOption {
type = with types; nullOr str;
# added on 2021-08-28, s3CredentialsFile should
# be removed in the future (+ remember the warning)
default = config.s3CredentialsFile;
default = null;
description = lib.mdDoc ''
file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
'';
};
s3CredentialsFile = mkOption {
type = with types; nullOr str;
default = null;
description = lib.mdDoc ''
file containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
for an S3-hosted repository, in the format of an EnvironmentFile
as described by systemd.exec(5)
'';
};
rcloneOptions = mkOption {
type = with types; nullOr (attrsOf (oneOf [ str bool ]));
default = null;
@ -300,7 +288,6 @@ in
};
config = {
warnings = mapAttrsToList (n: v: "services.restic.backups.${n}.s3CredentialsFile is deprecated, please use services.restic.backups.${n}.environmentFile instead.") (filterAttrs (n: v: v.s3CredentialsFile != null) config.services.restic.backups);
assertions = mapAttrsToList (n: v: {
assertion = (v.repository == null) != (v.repositoryFile == null);
message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set";

17
nixos/modules/services/mail/mlmmj.nix
View File

@ -143,13 +143,11 @@ in
environment.systemPackages = [ pkgs.mlmmj ];
system.activationScripts.mlmmj = ''
${pkgs.coreutils}/bin/mkdir -p ${stateDir} ${spoolDir}/${cfg.listDomain}
${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${spoolDir}
${concatMapLines (createList cfg.listDomain) cfg.mailLists}
${pkgs.postfix}/bin/postmap /etc/postfix/virtual
${pkgs.postfix}/bin/postmap /etc/postfix/transport
'';
systemd.tmpfiles.rules = [
''d "${stateDir}" -''
''d "${spoolDir}/${cfg.listDomain}" -''
''Z "${spoolDir}" - "${cfg.user}" "${cfg.group}" -''
];
systemd.services.mlmmj-maintd = {
description = "mlmmj maintenance daemon";
@ -158,6 +156,11 @@ in
Group = cfg.group;
ExecStart = "${pkgs.mlmmj}/bin/mlmmj-maintd -F -d ${spoolDir}/${cfg.listDomain}";
};
preStart = ''
${concatMapLines (createList cfg.listDomain) cfg.mailLists}
${pkgs.postfix}/bin/postmap /etc/postfix/virtual
${pkgs.postfix}/bin/postmap /etc/postfix/transport
'';
};
systemd.timers.mlmmj-maintd = {

44
nixos/modules/services/monitoring/goss.md Normal file
View File

@ -0,0 +1,44 @@
# Goss {#module-services-goss}
[goss](https://goss.rocks/) is a YAML based serverspec alternative tool
for validating a server's configuration.
## Basic Usage {#module-services-goss-basic-usage}
A minimal configuration looks like this:
```
{
services.goss = {
enable = true;
environment = {
GOSS_FMT = "json";
GOSS_LOGLEVEL = "TRACE";
};
settings = {
addr."tcp://localhost:8080" = {
reachable = true;
local-address = "127.0.0.1";
};
command."check-goss-version" = {
exec = "${lib.getExe pkgs.goss} --version";
exit-status = 0;
};
dns.localhost.resolvable = true;
file."/nix" = {
filetype = "directory";
exists = true;
};
group.root.exists = true;
kernel-param."kernel.ostype".value = "Linux";
service.goss = {
enabled = true;
running = true;
};
user.root.exists = true;
};
};
}
```

86
nixos/modules/services/monitoring/goss.nix Normal file
View File

@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.goss;
settingsFormat = pkgs.formats.yaml { };
configFile = settingsFormat.generate "goss.yaml" cfg.settings;
in {
meta = {
doc = ./goss.md;
maintainers = [ lib.maintainers.anthonyroussel ];
};
options = {
services.goss = {
enable = lib.mkEnableOption (lib.mdDoc "Goss daemon");
package = lib.mkPackageOptionMD pkgs "goss" { };
environment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
example = {
GOSS_FMT = "json";
GOSS_LOGLEVEL = "FATAL";
GOSS_LISTEN = ":8080";
};
description = lib.mdDoc ''
Environment variables to set for the goss service.
See <https://github.com/goss-org/goss/blob/master/docs/manual.md>
'';
};
settings = lib.mkOption {
type = lib.types.submodule { freeformType = settingsFormat.type; };
default = { };
example = {
addr."tcp://localhost:8080" = {
reachable = true;
local-address = "127.0.0.1";
};
service.goss = {
enabled = true;
running = true;
};
};
description = lib.mdDoc ''
The global options in `config` file in yaml format.
Refer to <https://github.com/goss-org/goss/blob/master/docs/goss-json-schema.yaml> for schema.
'';
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.services.goss = {
description = "Goss - Quick and Easy server validation";
unitConfig.Documentation = "https://github.com/goss-org/goss/blob/master/docs/manual.md";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
environment = {
GOSS_FILE = configFile;
} // cfg.environment;
reloadTriggers = [ configFile ];
serviceConfig = {
DynamicUser = true;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/goss serve";
Group = "goss";
Restart = "on-failure";
RestartSec = 5;
User = "goss";
};
};
};
}

8
nixos/modules/services/monitoring/ups.nix
View File

@ -239,11 +239,9 @@ in
power.ups.schedulerRules = mkDefault "${pkgs.nut}/etc/upssched.conf.sample";
system.activationScripts.upsSetup = stringAfter [ "users" "groups" ]
''
# Used to store pid files of drivers.
mkdir -p /var/state/ups
'';
systemd.tmpfiles.rules = [
"d /var/state/ups -"
];
/*

36
nixos/modules/services/networking/iscsi/initiator.nix
View File

@ -52,25 +52,27 @@ in
'';
environment.etc."iscsi/initiatorname.iscsi".text = "InitiatorName=${cfg.name}";
system.activationScripts.iscsid = let
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
if [ -f "${cfg.extraConfigFile}" ]; then
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
cat "${cfg.extraConfigFile}"
else
echo "Warning: services.openiscsi.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
fi
'';
in ''
(
cat ${config.environment.etc."iscsi/iscsid.conf.fragment".source}
${extraCfgDumper}
) > /etc/iscsi/iscsid.conf
'';
systemd.packages = [ cfg.package ];
systemd.services."iscsid".wantedBy = [ "multi-user.target" ];
systemd.services."iscsid" = {
wantedBy = [ "multi-user.target" ];
preStart =
let
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
if [ -f "${cfg.extraConfigFile}" ]; then
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
cat "${cfg.extraConfigFile}"
else
echo "Warning: services.openiscsi.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
fi
'';
in ''
(
cat ${config.environment.etc."iscsi/iscsid.conf.fragment".source}
${extraCfgDumper}
) > /etc/iscsi/iscsid.conf
'';
};
systemd.sockets."iscsid".wantedBy = [ "sockets.target" ];
systemd.services."iscsi" = mkIf cfg.enableAutoLoginOut {

5
nixos/modules/services/networking/spiped.nix
View File

@ -197,8 +197,9 @@ in
script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
};
system.activationScripts.spiped = optionalString (cfg.config != {})
"mkdir -p /var/lib/spiped";
systemd.tmpfiles.rules = lib.mkIf (cfg.config != { }) [
"d /var/lib/spiped -"
];
# Setup spiped config files
environment.etc = mapAttrs' (name: cfg: nameValuePair "spiped/${name}.spec"

30
nixos/modules/services/networking/strongswan-swanctl/module.nix
View File

@ -43,21 +43,21 @@ in {
# The swanctl command complains when the following directories don't exist:
# See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory
system.activationScripts.strongswan-swanctl-etc = stringAfter ["etc"] ''
mkdir -p '/etc/swanctl/x509' # Trusted X.509 end entity certificates
mkdir -p '/etc/swanctl/x509ca' # Trusted X.509 Certificate Authority certificates
mkdir -p '/etc/swanctl/x509ocsp'
mkdir -p '/etc/swanctl/x509aa' # Trusted X.509 Attribute Authority certificates
mkdir -p '/etc/swanctl/x509ac' # Attribute Certificates
mkdir -p '/etc/swanctl/x509crl' # Certificate Revocation Lists
mkdir -p '/etc/swanctl/pubkey' # Raw public keys
mkdir -p '/etc/swanctl/private' # Private keys in any format
mkdir -p '/etc/swanctl/rsa' # PKCS#1 encoded RSA private keys
mkdir -p '/etc/swanctl/ecdsa' # Plain ECDSA private keys
mkdir -p '/etc/swanctl/bliss'
mkdir -p '/etc/swanctl/pkcs8' # PKCS#8 encoded private keys of any type
mkdir -p '/etc/swanctl/pkcs12' # PKCS#12 containers
'';
systemd.tmpfiles.rules = [
"d /etc/swanctl/x509 -" # Trusted X.509 end entity certificates
"d /etc/swanctl/x509ca -" # Trusted X.509 Certificate Authority certificates
"d /etc/swanctl/x509ocsp -"
"d /etc/swanctl/x509aa -" # Trusted X.509 Attribute Authority certificates
"d /etc/swanctl/x509ac -" # Attribute Certificates
"d /etc/swanctl/x509crl -" # Certificate Revocation Lists
"d /etc/swanctl/pubkey -" # Raw public keys
"d /etc/swanctl/private -" # Private keys in any format
"d /etc/swanctl/rsa -" # PKCS#1 encoded RSA private keys
"d /etc/swanctl/ecdsa -" # Plain ECDSA private keys
"d /etc/swanctl/bliss -"
"d /etc/swanctl/pkcs8 -" # PKCS#8 encoded private keys of any type
"d /etc/swanctl/pkcs12 -" # PKCS#12 containers
];
systemd.services.strongswan-swanctl = {
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";

8
nixos/modules/services/networking/tailscale.nix
View File

@ -31,6 +31,12 @@ in {
package = lib.mkPackageOptionMD pkgs "tailscale" {};
openFirewall = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc "Whether to open the firewall for the specified port.";
};
useRoutingFeatures = mkOption {
type = types.enum [ "none" "client" "server" "both" ];
default = "none";
@ -113,6 +119,8 @@ in {
"net.ipv6.conf.all.forwarding" = mkOverride 97 true;
};
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ cfg.port ];
networking.firewall.checkReversePath = mkIf (cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both") "loose";
networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];

4
nixos/modules/services/networking/unifi.nix
View File

@ -6,9 +6,9 @@ let
cmd = ''
@${cfg.jrePackage}/bin/java java \
${optionalString (lib.versionAtLeast (lib.getVersion cfg.jrePackage) "16")
"--add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED "
("--add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED "
+ "--add-opens java.base/sun.security.util=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED "
+ "--add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED"} \
+ "--add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED")} \
${optionalString (cfg.initialJavaHeapSize != null) "-Xms${(toString cfg.initialJavaHeapSize)}m"} \
${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \
-jar ${stateDir}/lib/ace.jar

5
nixos/modules/services/system/nix-daemon.nix
View File

@ -249,11 +249,6 @@ in
services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''
install -m 0755 -d /nix/var/nix/{gcroots,profiles}/per-user
'';
# Legacy configuration conversion.
nix.settings = mkMerge [
(mkIf (isNixAtLeast "2.3pre") { sandbox-fallback = false; })

6
nixos/modules/services/web-apps/mattermost.nix
View File

@ -287,9 +287,9 @@ in
# The systemd service will fail to execute the preStart hook
# if the WorkingDirectory does not exist
system.activationScripts.mattermost = ''
mkdir -p "${cfg.statePath}"
'';
systemd.tmpfiles.rules = [
''d "${cfg.statePath}" -''
];
systemd.services.mattermost = {
description = "Mattermost chat service";

6
nixos/modules/services/web-apps/plausible.nix
View File

@ -78,9 +78,9 @@ in {
server = {
disableRegistration = mkOption {
default = true;
type = types.bool;
type = types.enum [true false "invite_only"];
description = lib.mdDoc ''
Whether to prohibit creating an account in plausible's UI.
Whether to prohibit creating an account in plausible's UI or allow on `invite_only`.
'';
};
secretKeybaseFile = mkOption {
@ -209,7 +209,7 @@ in {
# Configuration options from
# https://plausible.io/docs/self-hosting-configuration
PORT = toString cfg.server.port;
DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration;
DISABLE_REGISTRATION = if isBool cfg.server.disableRegistration then boolToString cfg.server.disableRegistration else cfg.server.disableRegistration;
RELEASE_TMP = "/var/lib/plausible/tmp";
# Home is needed to connect to the node with iex

9
nixos/modules/services/web-apps/shiori.nix
View File

@ -29,6 +29,13 @@ in {
default = 8080;
description = lib.mdDoc "The port of the Shiori web application";
};
webRoot = mkOption {
type = types.str;
default = "/";
example = "/shiori";
description = lib.mdDoc "The root of the Shiori web application";
};
};
};
@ -40,7 +47,7 @@ in {
environment.SHIORI_DIR = "/var/lib/shiori";
serviceConfig = {
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'";
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}' --webroot '${webRoot}'";
DynamicUser = true;
StateDirectory = "shiori";

2
nixos/modules/services/web-servers/garage.nix
View File

@ -86,7 +86,7 @@ in
serviceConfig = {
ExecStart = "${cfg.package}/bin/garage server";
StateDirectory = mkIf (hasPrefix "/var/lib/garage" cfg.settings.data_dir && hasPrefix "/var/lib/garage" cfg.settings.metadata_dir) "garage";
StateDirectory = mkIf (hasPrefix "/var/lib/garage" cfg.settings.data_dir || hasPrefix "/var/lib/garage" cfg.settings.metadata_dir) "garage";
DynamicUser = lib.mkDefault true;
ProtectHome = true;
NoNewPrivileges = true;

1
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -35,6 +35,7 @@ let
compressMimeTypes = [
"application/atom+xml"
"application/geo+json"
"application/javascript" # Deprecated by IETF RFC 9239, but still widely used
"application/json"
"application/ld+json"
"application/manifest+json"

8
nixos/modules/services/web-servers/stargazer.nix
View File

@ -204,11 +204,9 @@ in
};
# Create default cert store
system.activationScripts.makeStargazerCertDir =
lib.optionalAttrs (cfg.store == /var/lib/gemini/certs) ''
mkdir -p /var/lib/gemini/certs
chown -R ${cfg.user}:${cfg.group} /var/lib/gemini/certs
'';
systemd.tmpfiles.rules = lib.mkIf (cfg.store == /var/lib/gemini/certs) [
''d /var/lib/gemini/certs - "${cfg.user}" "${cfg.group}" -''
];
users.users = lib.optionalAttrs (cfg.user == "stargazer") {
stargazer = {

48
nixos/modules/system/activation/activation-script.nix
View File

@ -55,10 +55,6 @@ let
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
# Prevent the current configuration from being garbage-collected.
mkdir -p /nix/var/nix/gcroots
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
exit $_status
'';
@ -233,23 +229,16 @@ in
config = {
system.activationScripts.stdio = ""; # obsolete
system.activationScripts.var = ""; # obsolete
system.activationScripts.specialfs = ""; # obsolete
system.activationScripts.var =
''
# Various log/runtime directories.
mkdir -p /var/tmp
chmod 1777 /var/tmp
# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
'';
systemd.tmpfiles.rules = [
# Prevent the current configuration from being garbage-collected.
"d /nix/var/nix/gcroots -"
"L+ /nix/var/nix/gcroots/current-system - - - - /run/current-system"
"D /var/empty 0555 root root -"
"h /var/empty - - - - +i"
];
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null
then ''
@ -263,25 +252,6 @@ in
rmdir --ignore-fail-on-non-empty /usr/bin /usr
'';
system.activationScripts.specialfs =
''
specialMount() {
local device="$1"
local mountPoint="$2"
local options="$3"
local fsType="$4"
if mountpoint -q "$mountPoint"; then
local options="remount,$options"
else
mkdir -p "$mountPoint"
chmod 0755 "$mountPoint"
fi
mount -t "$fsType" -o "$options" "$device" "$mountPoint"
}
source ${config.system.build.earlyMountScript}
'';
systemd.user = {
services.nixos-activation = {
description = "Run user-specific NixOS activation";

51
nixos/modules/system/boot/binfmt.nix
View File

@ -20,17 +20,13 @@ let
optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
activationSnippet = name: { interpreter, wrapInterpreterInShell, ... }: if wrapInterpreterInShell then ''
rm -f /run/binfmt/${name}
cat > /run/binfmt/${name} << 'EOF'
#!${pkgs.bash}/bin/sh
exec -- ${interpreter} "$@"
EOF
chmod +x /run/binfmt/${name}
'' else ''
rm -f /run/binfmt/${name}
ln -s ${interpreter} /run/binfmt/${name}
'';
mkInterpreter = name: { interpreter, wrapInterpreterInShell, ... }:
if wrapInterpreterInShell
then pkgs.writeShellScript "${name}-interpreter" ''
#!${pkgs.bash}/bin/sh
exec -- ${interpreter} "$@"
''
else interpreter;
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
getQemuArch = system: (lib.systems.elaborate { inherit system; }).qemuArch;
@ -318,18 +314,25 @@ in {
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
system.activationScripts.binfmt = stringAfter [ "specialfs" ] ''
mkdir -p /run/binfmt
chmod 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
'';
systemd = lib.mkIf (config.boot.binfmt.registrations != {}) {
additionalUpstreamSystemUnits = [
"proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount"
"systemd-binfmt.service"
];
services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
};
systemd = lib.mkMerge [
({ tmpfiles.rules = [
"d /run/binfmt 0755 -"
] ++ lib.mapAttrsToList
(name: interpreter:
"L+ /run/binfmt/${name} - - - - ${interpreter}"
)
(lib.mapAttrs mkInterpreter config.boot.binfmt.registrations);
})
(lib.mkIf (config.boot.binfmt.registrations != {}) {
additionalUpstreamSystemUnits = [
"proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount"
"systemd-binfmt.service"
];
services.systemd-binfmt.restartTriggers = [ (builtins.toJSON config.boot.binfmt.registrations) ];
})
];
};
}

3
nixos/modules/system/boot/kernel.nix
View File

@ -269,6 +269,9 @@ in
"ata_piix"
"pata_marvell"
# NVMe
"nvme"
# Standard SCSI stuff.
"sd_mod"
"sr_mod"

45
nixos/modules/system/boot/timesyncd.nix
View File

@ -46,6 +46,28 @@ with lib;
wantedBy = [ "sysinit.target" ];
aliases = [ "dbus-org.freedesktop.timesync1.service" ];
restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ];
preStart = (
# Ensure that we have some stored time to prevent
# systemd-timesyncd to resort back to the fallback time. If
# the file doesn't exist we assume that our current system
# clock is good enough to provide an initial value.
''
if ! [ -f /var/lib/systemd/timesync/clock ]; then
test -d /var/lib/systemd/timesync || mkdir -p /var/lib/systemd/timesync
touch /var/lib/systemd/timesync/clock
fi
'' +
# workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
# - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
# - https://github.com/systemd/systemd/issues/12131
(lib.optionalString (versionOlder config.system.stateVersion "19.09") ''
if [ -L /var/lib/systemd/timesync ]; then
rm /var/lib/systemd/timesync
mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
fi
'')
);
};
environment.etc."systemd/timesyncd.conf".text = ''
@ -59,28 +81,5 @@ with lib;
group = "systemd-timesync";
};
users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
system.activationScripts.systemd-timesyncd-migration =
# workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
# - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
# - https://github.com/systemd/systemd/issues/12131
mkIf (versionOlder config.system.stateVersion "19.09") ''
if [ -L /var/lib/systemd/timesync ]; then
rm /var/lib/systemd/timesync
mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
fi
'';
system.activationScripts.systemd-timesyncd-init-clock =
# Ensure that we have some stored time to prevent systemd-timesyncd to
# resort back to the fallback time.
# If the file doesn't exist we assume that our current system clock is
# good enough to provide an initial value.
''
if ! [ -f /var/lib/systemd/timesync/clock ]; then
test -d /var/lib/systemd/timesync || mkdir -p /var/lib/systemd/timesync
touch /var/lib/systemd/timesync/clock
fi
'';
};
}

64
nixos/modules/tasks/encrypted-devices.nix
View File

@ -5,8 +5,22 @@ with lib;
let
fileSystems = config.system.build.fileSystems ++ config.swapDevices;
encDevs = filter (dev: dev.encrypted.enable) fileSystems;
keyedEncDevs = filter (dev: dev.encrypted.keyFile != null) encDevs;
keylessEncDevs = filter (dev: dev.encrypted.keyFile == null) encDevs;
# With scripted initrd, devices with a keyFile have to be opened
# late, after file systems are mounted, because that could be where
# the keyFile is located. With systemd initrd, each individual
# systemd-cryptsetup@ unit has RequiresMountsFor= to delay until all
# the mount units for the key file are done; i.e. no special
# treatment is needed.
lateEncDevs =
if config.boot.initrd.systemd.enable
then { }
else filter (dev: dev.encrypted.keyFile != null) encDevs;
earlyEncDevs =
if config.boot.initrd.systemd.enable
then encDevs
else filter (dev: dev.encrypted.keyFile == null) encDevs;
anyEncrypted =
foldr (j: v: v || j.encrypted.enable) false encDevs;
@ -39,11 +53,14 @@ let
type = types.nullOr types.str;
description = lib.mdDoc ''
Path to a keyfile used to unlock the backing encrypted
device. At the time this keyfile is accessed, the
`neededForBoot` filesystems (see
`fileSystems.<name?>.neededForBoot`)
will have been mounted under `/mnt-root`,
so the keyfile path should usually start with "/mnt-root/".
device. When systemd stage 1 is not enabled, at the time
this keyfile is accessed, the `neededForBoot` filesystems
(see `utils.fsNeededForBoot`) will have been mounted under
`/mnt-root`, so the keyfile path should usually start with
"/mnt-root/". When systemd stage 1 is enabled,
`fsNeededForBoot` file systems will be mounted as needed
under `/sysroot`, and the keyfile will not be accessed until
its requisite mounts are done.
'';
};
};
@ -62,26 +79,41 @@ in
};
config = mkIf anyEncrypted {
assertions = map (dev: {
assertion = dev.encrypted.label != null;
message = ''
The filesystem for ${dev.mountPoint} has encrypted.enable set to true, but no encrypted.label set
'';
}) encDevs;
assertions = concatMap (dev: [
{
assertion = dev.encrypted.label != null;
message = ''
The filesystem for ${dev.mountPoint} has encrypted.enable set to true, but no encrypted.label set
'';
}
{
assertion =
config.boot.initrd.systemd.enable -> (
dev.encrypted.keyFile == null
|| !lib.any (x: lib.hasPrefix x dev.encrypted.keyFile) ["/mnt-root" "$targetRoot"]
);
message = ''
Bad use of '/mnt-root' or '$targetRoot` in 'keyFile'.
When 'boot.initrd.systemd.enable' is enabled, file systems
are mounted at '/sysroot' instead of '/mnt-root'.
'';
}
]) encDevs;
boot.initrd = {
luks = {
devices =
builtins.listToAttrs (map (dev: {
name = dev.encrypted.label;
value = { device = dev.encrypted.blkDev; };
}) keylessEncDevs);
value = { device = dev.encrypted.blkDev; inherit (dev.encrypted) keyFile; };
}) earlyEncDevs);
forceLuksSupportInInitrd = true;
};
postMountCommands =
concatMapStrings (dev:
"cryptsetup luksOpen --key-file ${dev.encrypted.keyFile} ${dev.encrypted.blkDev} ${dev.encrypted.label};\n"
) keyedEncDevs;
) lateEncDevs;
};
};
}

18
nixos/modules/tasks/network-interfaces.nix
View File

@ -1406,18 +1406,12 @@ in
val = tempaddrValues.${opt}.sysctl;
in nameValuePair "net.ipv6.conf.${replaceStrings ["."] ["/"] i.name}.use_tempaddr" val));
# Set the host and domain names in the activation script. Don't
# clear it if it's not configured in the NixOS configuration,
# since it may have been set by dhcpcd in the meantime.
system.activationScripts.hostname = let
effectiveHostname = config.boot.kernel.sysctl."kernel.hostname" or cfg.hostName;
in optionalString (effectiveHostname != "") ''
hostname "${effectiveHostname}"
'';
system.activationScripts.domain =
optionalString (cfg.domain != null) ''
domainname "${cfg.domain}"
'';
systemd.services.domainname = lib.mkIf (cfg.domain != null) {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig.ExecStart = ''domainname "${cfg.domain}"'';
};
environment.etc.hostid = mkIf (cfg.hostId != null) { source = hostidFile; };
boot.initrd.systemd.contents."/etc/hostid" = mkIf (cfg.hostId != null) { source = hostidFile; };

2
nixos/release.nix
View File

@ -123,7 +123,7 @@ let
build = configEvaled.config.system.build;
kernelTarget = configEvaled.pkgs.stdenv.hostPlatform.linux-kernel.target;
in
pkgs.symlinkJoin {
configEvaled.pkgs.symlinkJoin {
name = "netboot";
paths = [
build.netbootRamdisk

16
nixos/tests/activation/nix-channel.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, ... }:
{
name = "activation-nix-channel";
meta.maintainers = with lib.maintainers; [ nikstur ];
nodes.machine = {
nix.channel.enable = true;
};
testScript = ''
print(machine.succeed("cat /root/.nix-channels"))
'';
}

18
nixos/tests/activation/var.nix Normal file
View File

@ -0,0 +1,18 @@
{ lib, ... }:
{
name = "activation-var";
meta.maintainers = with lib.maintainers; [ nikstur ];
nodes.machine = { };
testScript = ''
assert machine.succeed("stat -c '%a' /var/tmp") == "1777\n"
assert machine.succeed("stat -c '%a' /var/empty") == "555\n"
assert machine.succeed("stat -c '%U' /var/empty") == "root\n"
assert machine.succeed("stat -c '%G' /var/empty") == "root\n"
assert "i" in machine.succeed("lsattr -d /var/empty")
'';
}

5
nixos/tests/all-tests.nix
View File

@ -266,6 +266,8 @@ in {
esphome = handleTest ./esphome.nix {};
etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; };
activation = pkgs.callPackage ../modules/system/activation/test.nix { };
activation-var = runTest ./activation/var.nix;
activation-nix-channel = runTest ./activation/nix-channel.nix;
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
etebase-server = handleTest ./etebase-server.nix {};
@ -289,6 +291,7 @@ in {
firewall-nftables = handleTest ./firewall.nix { nftables = true; };
fish = handleTest ./fish.nix {};
flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {};
floorp = handleTest ./firefox.nix { firefoxPackage = pkgs.floorp; };
fluentd = handleTest ./fluentd.nix {};
fluidd = handleTest ./fluidd.nix {};
fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {};
@ -328,6 +331,7 @@ in {
gollum = handleTest ./gollum.nix {};
gonic = handleTest ./gonic.nix {};
google-oslogin = handleTest ./google-oslogin {};
goss = handleTest ./goss.nix {};
gotify-server = handleTest ./gotify-server.nix {};
gotosocial = runTest ./web-apps/gotosocial.nix;
grafana = handleTest ./grafana {};
@ -848,6 +852,7 @@ in {
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
tsja = handleTest ./tsja.nix {};
tsm-client-gui = handleTest ./tsm-client-gui.nix {};
txredisapi = handleTest ./txredisapi.nix {};
tuptime = handleTest ./tuptime.nix {};

2
nixos/tests/bittorrent.nix
View File

@ -148,7 +148,7 @@ in
)
# Bring down the initial seeder.
# tracker.stop_job("transmission")
tracker.stop_job("transmission")
# Now download from the second client. This can only succeed if
# the first client created a NAT hole in the router.

53
nixos/tests/goss.nix Normal file
View File

@ -0,0 +1,53 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "goss";
meta.maintainers = [ lib.maintainers.anthonyroussel ];
nodes.machine = {
environment.systemPackages = [ pkgs.jq ];
services.goss = {
enable = true;
environment = {
GOSS_FMT = "json";
};
settings = {
addr."tcp://localhost:8080" = {
reachable = true;
local-address = "127.0.0.1";
};
command."check-goss-version" = {
exec = "${lib.getExe pkgs.goss} --version";
exit-status = 0;
};
dns.localhost.resolvable = true;
file."/nix" = {
filetype = "directory";
exists = true;
};
group.root.exists = true;
kernel-param."kernel.ostype".value = "Linux";
service.goss = {
enabled = true;
running = true;
};
user.root.exists = true;
};
};
};
testScript = ''
import json
machine.wait_for_unit("goss.service")
machine.wait_for_open_port(8080)
with subtest("returns health status"):
result = json.loads(machine.succeed("curl -sS http://localhost:8080/healthz"))
assert len(result["results"]) == 10, f".results should be an array of 10 items, was {result['results']!r}"
assert result["summary"]["failed-count"] == 0, f".summary.failed-count should be zero, was {result['summary']['failed-count']}"
assert result["summary"]["test-count"] == 10, f".summary.test-count should be 10, was {result['summary']['test-count']}"
'';
})

17
nixos/tests/grafana/provision/default.nix
View File

@ -22,15 +22,14 @@ let
};
};
system.activationScripts.setup-grafana = {
deps = [ "users" ];
text = ''
mkdir -p /var/lib/grafana/dashboards
chown -R grafana:grafana /var/lib/grafana
chmod 0700 -R /var/lib/grafana/dashboards
cp ${pkgs.writeText "test.json" (builtins.readFile ./test_dashboard.json)} /var/lib/grafana/dashboards/
'';
};
systemd.tmpfiles.rules =
let
dashboard = pkgs.writeText "test.json" (builtins.readFile ./test_dashboard.json);
in
[
"d /var/lib/grafana/dashboards 0700 grafana grafana -"
"C+ /var/lib/grafana/dashboards/test.json - - - - ${dashboard}"
];
};
extraNodeConfs = {

8
nixos/tests/installer-systemd-stage-1.nix
View File

@ -12,11 +12,11 @@
btrfsSubvolDefault
btrfsSubvolEscape
btrfsSubvols
# encryptedFSWithKeyfile
encryptedFSWithKeyfile
# grub1
# luksroot
# luksroot-format1
# luksroot-format2
luksroot
luksroot-format1
luksroot-format2
# lvm
separateBoot
separateBootFat

4
nixos/tests/installer.nix
View File

@ -515,7 +515,7 @@ let
enableOCR = true;
preBootCommands = ''
machine.start()
machine.wait_for_text("Passphrase for")
machine.wait_for_text("[Pp]assphrase for")
machine.send_chars("supersecret\n")
'';
};
@ -781,7 +781,7 @@ in {
encrypted.enable = true;
encrypted.blkDev = "/dev/vda3";
encrypted.label = "crypt";
encrypted.keyFile = "/mnt-root/keyfile";
encrypted.keyFile = "/${if systemdStage1 then "sysroot" else "mnt-root"}/keyfile";
};
'';
};

11
nixos/tests/opensearch.nix
View File

@ -31,14 +31,9 @@ in
services.opensearch.dataDir = "/var/opensearch_test";
services.opensearch.user = "open_search";
services.opensearch.group = "open_search";
system.activationScripts.createDirectory = {
text = ''
mkdir -p "/var/opensearch_test"
chown open_search:open_search /var/opensearch_test
chmod 0700 /var/opensearch_test
'';
deps = [ "users" "groups" ];
};
systemd.tmpfiles.rules = [
"d /var/opensearch_test 0700 open_search open_search -"
];
users = {
groups.open_search = {};
users.open_search = {

13
nixos/tests/stunnel.nix
View File

@ -17,11 +17,16 @@ let
};
};
makeCert = { config, pkgs, ... }: {
system.activationScripts.create-test-cert = stringAfter [ "users" ] ''
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
chown stunnel /test-key.pem /test-key-and-cert.pem
systemd.services.create-test-cert = {
wantedBy = [ "sysinit.target" ];
before = [ "sysinit.target" ];
unitConfig.DefaultDependencies = false;
script = ''
${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName}
( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem )
chown stunnel /test-key.pem /test-key-and-cert.pem
'';
};
};
serverCommon = { pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 443 ];

13
nixos/tests/systemd-timesyncd.nix
View File

@ -15,12 +15,13 @@ in {
# create the path that should be migrated by our activation script when
# upgrading to a newer nixos version
system.stateVersion = "19.03";
system.activationScripts.simulate-old-timesync-state-dir = lib.mkBefore ''
rm -f /var/lib/systemd/timesync
mkdir -p /var/lib/systemd /var/lib/private/systemd/timesync
ln -s /var/lib/private/systemd/timesync /var/lib/systemd/timesync
chown systemd-timesync: /var/lib/private/systemd/timesync
'';
systemd.tmpfiles.rules = [
"r /var/lib/systemd/timesync -"
"d /var/lib/systemd -"
"d /var/lib/private/systemd/timesync -"
"L /var/lib/systemd/timesync - - - - /var/lib/private/systemd/timesync"
"d /var/lib/private/systemd/timesync - systemd-timesync systemd-timesync -"
];
});
};

32
nixos/tests/tsja.nix Normal file
View File

@ -0,0 +1,32 @@
import ./make-test-python.nix ({ pkgs, lib, ...} : {
name = "tsja";
meta = {
maintainers = with lib.maintainers; [ chayleaf ];
};
nodes = {
master =
{ config, ... }:
{
services.postgresql = {
enable = true;
extraPlugins = with config.services.postgresql.package.pkgs; [
tsja
];
};
};
};
testScript = ''
start_all()
master.wait_for_unit("postgresql")
master.succeed("sudo -u postgres psql -f /run/current-system/sw/share/postgresql/extension/libtsja_dbinit.sql")
# make sure "日本語" is parsed as a separate lexeme
master.succeed("""
sudo -u postgres \\
psql -c "SELECT * FROM ts_debug('japanese', 'PostgreSQL')" \\
| grep "{}"
""")
'';
})

19
pkgs/applications/audio/ardour/default.nix
View File

@ -14,15 +14,19 @@
, fftw
, fftwSinglePrec
, flac
, fluidsynth
, glibc
, glibmm
, graphviz
, gtkmm2
, harvid
, hidapi
, itstool
, kissfft
, libarchive
, libjack2
, liblo
, libltc
, libogg
, libpulseaudio
, librdf_raptor
@ -43,6 +47,7 @@
, perl
, pkg-config
, python3
, qm-dsp
, readline
, rubberband
, serd
@ -59,14 +64,14 @@
}:
stdenv.mkDerivation rec {
pname = "ardour";
version = "8.0";
version = "8.1";
# We can't use `fetchFromGitea` here, as attempting to fetch release archives from git.ardour.org
# result in an empty archive. See https://tracker.ardour.org/view.php?id=7328 for more info.
src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = version;
hash = "sha256-ZL8aTq2OsCWwLUUx5XYbH4eRN+Xz+oMAj9IS07RfTag=";
hash = "sha256-T1o1E5+974dNUwEFW/Pw0RzbGifva2FdJPrCusWMk0E=";
};
bundledContent = fetchzip {
@ -116,12 +121,16 @@ stdenv.mkDerivation rec {
fftw
fftwSinglePrec
flac
fluidsynth
glibmm
gtkmm2
hidapi
itstool
kissfft
libarchive
libjack2
liblo
libltc
libogg
libpulseaudio
librdf_raptor
@ -140,6 +149,7 @@ stdenv.mkDerivation rec {
pango
perl
python3
qm-dsp
readline
rubberband
serd
@ -159,9 +169,8 @@ stdenv.mkDerivation rec {
"--ptformat"
"--run-tests"
"--test"
"--use-external-libs"
] ++ lib.optional optimize "--optimize";
# removed because it fixes https://tracker.ardour.org/view.php?id=8161 and https://tracker.ardour.org/view.php?id=8437
# "--use-external-libs"
postInstall = ''
# wscript does not install these for some reason
@ -198,7 +207,7 @@ stdenv.mkDerivation rec {
'';
homepage = "https://ardour.org/";
license = licenses.gpl2Plus;
mainProgram = "ardour7";
mainProgram = "ardour8";
platforms = platforms.linux;
maintainers = with maintainers; [ goibhniu magnetophon mitchmindtree ];
};

112
pkgs/applications/audio/cadence/default.nix
View File

@ -1,112 +0,0 @@
{ lib
, libjack2
, fetchpatch
, fetchFromGitHub
, jack_capture
, pkg-config
, pulseaudioFull
, qtbase
, mkDerivation
, python3
}:
#ladish missing, claudia can't work.
#pulseaudio needs fixes (patchShebangs .pa ...)
#desktop needs icons and exec fixing.
mkDerivation rec {
version = "0.9.1";
pname = "cadence";
src = fetchFromGitHub {
owner = "falkTX";
repo = "Cadence";
rev = "v${version}";
sha256 = "sha256-QFC4wiVF8wphhrammxtc+VMZJpXY5OGHs6DNa21+6B8=";
};
patches = [
# Fix installation without DESTDIR
(fetchpatch {
url = "https://github.com/falkTX/Cadence/commit/1fd3275e7daf4b75f59ef1f85a9e2e93bd5c0731.patch";
sha256 = "0q791jsh8vmjg678dzhbp1ykq8xrrlxl1mbgs3g8if1ccj210vd8";
})
# Fix build with Qt 5.15
(fetchpatch {
url = "https://github.com/falkTX/Cadence/commit/c167f35fbb76c4246c730b29262a59da73010412.patch";
sha256 = "1gm9q6gx03sla5vcnisznc95pjdi2703f8b3mj2kby9rfx2pylyh";
})
];
postPatch = ''
libjackso=$(realpath ${lib.makeLibraryPath [libjack2]}/libjack.so.0);
substituteInPlace ./src/jacklib.py --replace libjack.so.0 $libjackso
substituteInPlace ./src/cadence.py --replace "/usr/bin/pulseaudio" \
"${lib.makeBinPath[pulseaudioFull]}/pulseaudio"
substituteInPlace ./c++/jackbridge/JackBridge.cpp --replace libjack.so.0 $libjackso
'';
nativeBuildInputs = [
pkg-config
];
buildInputs = [
qtbase
jack_capture
pulseaudioFull
(
(python3.withPackages (ps: with ps; [
pyqt5
dbus-python
]))
)
];
makeFlags = [
"PREFIX=${placeholder "out"}"
"SYSCONFDIR=${placeholder "out"}/etc"
];
dontWrapQtApps = true;
# Replace with our own wrappers. They need to be changed manually since it wouldn't work otherwise.
preFixup =
let
outRef = placeholder "out";
prefix = "${outRef}/share/cadence/src";
scriptAndSource = lib.mapAttrs'
(script: source:
lib.nameValuePair ("${outRef}/bin/" + script) ("${prefix}/" + source)
)
{
"cadence" = "cadence.py";
"claudia" = "claudia.py";
"catarina" = "catarina.py";
"catia" = "catia.py";
"cadence-jacksettings" = "jacksettings.py";
"cadence-aloop-daemon" = "cadence_aloop_daemon.py";
"cadence-logs" = "logs.py";
"cadence-render" = "render.py";
"claudia-launcher" = "claudia_launcher.py";
"cadence-session-start" = "cadence_session_start.py";
};
in
lib.mapAttrsToList
(script: source: ''
rm -f ${script}
makeQtWrapper ${source} ${script} \
--prefix PATH : "${lib.makeBinPath [
jack_capture # cadence-render
pulseaudioFull # cadence, cadence-session-start
]}"
'')
scriptAndSource;
meta = {
homepage = "https://github.com/falkTX/Cadence/";
description = "Collection of tools useful for audio production";
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [ ];
platforms = [ "x86_64-linux" ];
mainProgram = "cadence";
};
}

53
pkgs/applications/audio/elektroid/default.nix Normal file
View File

@ -0,0 +1,53 @@
{ alsa-lib
, autoreconfHook
, fetchFromGitHub
, gtk3
, json-glib
, lib
, libpulseaudio
, libsamplerate
, libsndfile
, libzip
, pkg-config
, stdenv
, zlib
}:
let
version = "2.5.2";
in
stdenv.mkDerivation {
inherit version;
pname = "elektroid";
src = fetchFromGitHub {
owner = "dagargo";
repo = "elektroid";
rev = version;
sha256 = "sha256-wpPHcrlCX7RD/TGH2Xrth+oCg98gMm035tfTBV70P+Y=";
};
nativeBuildInputs = [
autoreconfHook
pkg-config
];
buildInputs = [
alsa-lib
gtk3
json-glib
libpulseaudio
libsamplerate
libsndfile
libzip
zlib
];
meta = with lib; {
description = "Sample and MIDI device manager";
homepage = "https://github.com/dagargo/elektroid";
license = licenses.gpl3Only;
maintainers = with maintainers; [ camelpunch ];
};
}

4
pkgs/applications/audio/faust/faustlive.nix
View File

@ -5,12 +5,12 @@
stdenv.mkDerivation rec {
pname = "faustlive";
version = "2.5.13";
version = "2.5.16";
src = fetchFromGitHub {
owner = "grame-cncm";
repo = "faustlive";
rev = version;
sha256 = "sha256-Tgb9UYj8mI4JsxA/PaTokm2NzQ14P8cOdKK8KCcnSIQ=";
sha256 = "sha256-O3IWx6Ht/xcb8NFxI7Biwck3dIHbxyof/zDgYDdzozY=";
fetchSubmodules = true;
};

4
pkgs/applications/audio/qjackctl/default.nix
View File

@ -5,7 +5,7 @@
}:
mkDerivation rec {
version = "0.9.11";
version = "0.9.12";
pname = "qjackctl";
# some dependencies such as killall have to be installed additionally
@ -14,7 +14,7 @@ mkDerivation rec {
owner = "rncbc";
repo = "qjackctl";
rev = "${pname}_${lib.replaceStrings ["."] ["_"] version}";
sha256 = "sha256-dZW9bZ17O/1DxBr5faYSE+YkSuz7NIJSc1vqxzOOxyg=";
sha256 = "sha256-S8fEg8joFHgk6MKWeSxPyTM8O6Ffx5NG90OabPPDs7s=";
};
buildInputs = [

4
pkgs/applications/audio/snd/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "snd";
version = "23.6";
version = "23.8";
src = fetchurl {
url = "mirror://sourceforge/snd/snd-${version}.tar.gz";
sha256 = "sha256-3oh2kFhCYe1sl4MN336Z6pEmpluiUnlcC5aAZxn0zIE=";
sha256 = "sha256-g2+7i1+TgX17TpW1mHSdAzHKC/Gtm4NYZCmuVoPo2rg=";
};
nativeBuildInputs = [ pkg-config ];

23
pkgs/applications/audio/youtube-music/default.nix
View File

@ -4,6 +4,7 @@
, makeWrapper
, electron_25
, python3
, stdenv
, copyDesktopItems
, makeDesktopItem
}:
@ -22,10 +23,11 @@ let
electron = electron_25;
in
buildNpmPackage rec {
buildNpmPackage {
inherit pname version src;
nativeBuildInputs = [ makeWrapper python3 copyDesktopItems ];
nativeBuildInputs = [ makeWrapper python3 ]
++ lib.optionals (!stdenv.isDarwin) [ copyDesktopItems ];
npmDepsHash = "sha256-XGV0mTywYYxpMitojzIILB/Eu/8dfk/aCvUxIkx4SDQ=";
makeCacheWritable = true;
@ -34,16 +36,24 @@ buildNpmPackage rec {
ELECTRON_SKIP_BINARY_DOWNLOAD = 1;
};
postBuild = ''
postBuild = lib.optionalString stdenv.isDarwin ''
cp -R ${electron}/Applications/Electron.app Electron.app
chmod -R u+w Electron.app
'' + ''
npm exec electron-builder -- \
--dir \
-c.electronDist=${electron}/libexec/electron \
-c.electronDist=${if stdenv.isDarwin then "." else "${electron}/libexec/electron"} \
-c.electronVersion=${electron.version}
'';
installPhase = ''
runHook preInstall
'' + lib.optionalString stdenv.isDarwin ''
mkdir -p $out/{Applications,bin}
mv pack/mac*/YouTube\ Music.app $out/Applications
makeWrapper $out/Applications/YouTube\ Music.app/Contents/MacOS/YouTube\ Music $out/bin/youtube-music
'' + lib.optionalString (!stdenv.isDarwin) ''
mkdir -p "$out/share/lib/youtube-music"
cp -r pack/*-unpacked/{locales,resources{,.pak}} "$out/share/lib/youtube-music"
@ -52,11 +62,12 @@ buildNpmPackage rec {
install -Dm0644 $file $out/share/icons/hicolor/''${file//.png}/apps/youtube-music.png
done
popd
'' + ''
runHook postInstall
'';
postFixup = ''
postFixup = lib.optionalString (!stdenv.isDarwin) ''
makeWrapper ${electron}/bin/electron $out/bin/youtube-music \
--add-flags $out/share/lib/youtube-music/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
@ -80,8 +91,8 @@ buildNpmPackage rec {
description = "Electron wrapper around YouTube Music";
homepage = "https://th-ch.github.io/youtube-music/";
license = licenses.mit;
inherit (electron.meta) platforms;
maintainers = [ maintainers.aacebedo ];
mainProgram = "youtube-music";
platforms = platforms.all;
};
}

6
pkgs/applications/blockchains/erigon/default.nix
View File

@ -2,7 +2,7 @@
let
pname = "erigon";
version = "2.50.0";
version = "2.53.1";
in
buildGoModule {
inherit pname version;
@ -11,11 +11,11 @@ buildGoModule {
owner = "ledgerwatch";
repo = pname;
rev = "v${version}";
hash = "sha256-gZ01nmxzXRK8YRwnl5qGkU6dqBYKPUkNZmbClwgsuL0=";
hash = "sha256-Gsrt/+6fhpwg3DzPtXPj9T9VPaMIaRcYBdWuFOotsbA=";
fetchSubmodules = true;
};
vendorHash = "sha256-4s5dXTfYlgzYQ2h30F6kxEF626iKYFRoZlNXeFDbn8s=";
vendorHash = "sha256-zsLPqcLCZSnhlFWvNXZJwlfS+NsaTS07TmWd+x4ZPXA=";
proxyVendor = true;
# Build errors in mdbx when format hardening is enabled:

6
pkgs/applications/blockchains/go-ethereum/default.nix
View File

@ -9,16 +9,16 @@ let
in buildGoModule rec {
pname = "go-ethereum";
version = "1.13.0";
version = "1.13.4";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "sha256-tomzF0jM1tcxnnBHLfNWcR1XGECxU8Q/SQAWQBRAFW8=";
sha256 = "sha256-RQlWWHoij3gtFwjJeEGsmd5YJNTGX0I84nOAQyWBx/M=";
};
vendorHash = "sha256-VX2S7yjdcconPd8wisV+Cl6FVuEUGU7smIBKfTxpUVY=";
vendorHash = "sha256-YmUgKO3JtVOE/YACqL/QBiyR1jT/jPCH+Gb0xYwkJEc=";
doCheck = false;

2
pkgs/applications/editors/fte/default.nix
View File

@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
};
src = [ ftesrc ftecommon ];
env.NIX_CFLAGS_COMPILE = "-DHAVE_STRLCAT -DHAVE_STRLCPY";
buildFlags = [ "PREFIX=$(out)" ];
installFlags = [ "PREFIX=$(out)" "INSTALL_NONROOT=1" ];

4
pkgs/applications/editors/ne/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "ne";
version = "3.3.2";
version = "3.3.3";
src = fetchFromGitHub {
owner = "vigna";
repo = pname;
rev = version;
sha256 = "sha256-mRMACfWcUW6/R43riRGNce4Ac5IRo4YEML8H0oGSH5o=";
sha256 = "sha256-lbXb/ZY0+vkOB8mXkHDaehXZMzrpx3A0jWnLpCjhMDE=";
};
postPatch = ''

4
pkgs/applications/editors/notepad-next/default.nix
View File

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "notepad-next";
version = "0.6.3";
version = "0.6.4";
src = fetchFromGitHub {
owner = "dail8859";
repo = "NotepadNext";
rev = "v${version}";
sha256 = "sha256-1ci1g+qBDsw9IkqjI3tRvMsLBvnPU+nn7heYuid/e5M=";
sha256 = "sha256-m8+kM9uz3gJ3kvpgZdoonSvYlh/f1WiGZlB8JKMTXh4=";
# External dependencies - https://github.com/dail8859/NotepadNext/issues/135
fetchSubmodules = true;
};

10
pkgs/applications/editors/standardnotes/src.json
View File

@ -1,13 +1,13 @@
{
"version": "3.173.4",
"version": "3.178.4",
"deb": {
"x86_64-linux": {
"url": "https://github.com/standardnotes/app/releases/download/%40standardnotes/desktop%403.173.4/standard-notes-3.173.4-linux-amd64.deb",
"hash": "sha512-8GDzj7Xm61rF5xybLE74D4yMbT2HgEG0ez1gQio/qWtWSqY72+GSKWlCA+3wz8Mz2jThRDlka9s2fHBBUvG+fg=="
"url": "https://github.com/standardnotes/app/releases/download/%40standardnotes/desktop%403.178.4/standard-notes-3.178.4-linux-amd64.deb",
"hash": "sha512-6er/a9PqhKU4aagAxsbVdoXbRBNUr3Fa8BPWfuQ74Q4ai+iYlPjd4q50cTJQ4wJ5ucGyopgBEJq4/xYNunw6Ig=="
},
"aarch64-linux": {
"url": "https://github.com/standardnotes/app/releases/download/%40standardnotes/desktop%403.173.4/standard-notes-3.173.4-linux-arm64.deb",
"hash": "sha512-yJ8yZK+RkPUzkjbscCXT5yv9BxeHGQsZsCrKwOJRdd/XbcVPnKWQm00JVZmMuz17d8rhm8Km/EW81JufZByM0Q=="
"url": "https://github.com/standardnotes/app/releases/download/%40standardnotes/desktop%403.178.4/standard-notes-3.178.4-linux-arm64.deb",
"hash": "sha512-lvvXCK3XOIH9HS1EU5eVBo4W8VoE4iM1Ve1XkZ/CysYBYLaXojXyybeN5Iw1Rmuk3trq/7RebjkNx/rxhsU0LQ=="
}
}
}

10
pkgs/applications/emulators/cdemu/daemon.nix
View File

@ -1,4 +1,4 @@
{ callPackage, glib, libao, intltool, libmirage }:
{ callPackage, glib, libao, intltool, libmirage, coreutils }:
let pkg = import ./base.nix {
version = "3.2.5";
pname = "cdemu-daemon";
@ -7,4 +7,12 @@ let pkg = import ./base.nix {
in callPackage pkg {
nativeBuildInputs = [ intltool ];
buildInputs = [ glib libao libmirage ];
drvParams.postInstall = ''
mkdir -p $out/share/dbus-1/services
cp -R ../$pname-$version/service-example $out/share/cdemu
substitute \
$out/share/cdemu/net.sf.cdemu.CDEmuDaemon.service \
$out/share/dbus-1/services/net.sf.cdemu.CDEmuDaemon.service \
--replace /bin/true ${coreutils}/bin/true
'';
}

10
pkgs/applications/emulators/retroarch/cores.nix
View File

@ -164,16 +164,6 @@ in
};
};
beetle-snes = mkLibretroCore {
core = "mednafen-snes";
src = getCoreSrc "beetle-snes";
makefile = "Makefile";
meta = {
description = "Port of Mednafen's SNES core to libretro";
license = lib.licenses.gpl2Only;
};
};
beetle-supafaust = mkLibretroCore {
core = "mednafen-supafaust";
src = getCoreSrc "beetle-supafaust";

6
pkgs/applications/emulators/retroarch/hashes.json
View File

@ -59,12 +59,6 @@
"rev": "cd395e9e3ee407608450ebc565e871b24e7ffed6",
"hash": "sha256-EIZRv1EydfLWFoBb8TzvAY3kkL9Qr2OrwrljOnnM92A="
},
"beetle-snes": {
"owner": "libretro",
"repo": "beetle-bsnes-libretro",
"rev": "d770563fc3c4bd9abb522952cefb4aa923ba0b91",
"hash": "sha256-zHPtfgp9hc8Q4gXJ5VgfJLWLeYjCsQhkfU1T5RM7AL0="
},
"beetle-supafaust": {
"owner": "libretro",
"repo": "supafaust",

3
pkgs/applications/emulators/retroarch/update_cores.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -I nixpkgs=../../../../ -i python3 -p "python3.withPackages (ps: with ps; [ requests nix-prefetch-github ])" -p "git"
#!nix-shell -I nixpkgs=../../../../ -i python3 -p "python3.withPackages (ps: with ps; [ nix-prefetch-github ])" -p "git"
import json
import os
@ -22,7 +22,6 @@ CORES = {
"beetle-pcfx": {"repo": "beetle-pcfx-libretro"},
"beetle-psx": {"repo": "beetle-psx-libretro"},
"beetle-saturn": {"repo": "beetle-saturn-libretro"},
"beetle-snes": {"repo": "beetle-bsnes-libretro"},
"beetle-supafaust": {"repo": "supafaust"},
"beetle-supergrafx": {"repo": "beetle-supergrafx-libretro"},
"beetle-vb": {"repo": "beetle-vb-libretro"},

29
pkgs/applications/graphics/drawio/default.nix
View File

@ -4,7 +4,6 @@
, fetchYarnDeps
, makeDesktopItem
, copyDesktopItems
, desktopToDarwinBundle
, fixup_yarn_lock
, makeWrapper
, nodejs
@ -14,28 +13,29 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "22.0.2";
version = "22.0.3";
src = fetchFromGitHub {
owner = "jgraph";
repo = "drawio-desktop";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-L+tbNCokVoiS2KkaPVBjG7H/8cqz1e8dlXC5H8BkPvU=";
hash = "sha256-Im0T+1jm1IZT3UILsOJ4Rp5P5IiBUKcJJ+cqv3WsqXw=";
};
offlineCache = fetchYarnDeps {
yarnLock = src + "/yarn.lock";
hash = "sha256-d8AquOKdrPQHBhRG9o1GB18LpwlwQK6ZaM1gLAcjilM=";
hash = "sha256-Abyu/WoNOPAIfRIThG7vKFECW9NQMgcBAkLgEPwdJDQ=";
};
nativeBuildInputs = [
copyDesktopItems
fixup_yarn_lock
makeWrapper
nodejs
yarn
] ++ lib.optional stdenv.isDarwin desktopToDarwinBundle;
] ++ lib.optionals (!stdenv.isDarwin) [
copyDesktopItems
];
ELECTRON_SKIP_BINARY_DOWNLOAD = true;
@ -54,9 +54,15 @@ stdenv.mkDerivation rec {
buildPhase = ''
runHook preBuild
'' + lib.optionalString stdenv.isDarwin ''
cp -R ${electron}/Applications/Electron.app Electron.app
chmod -R u+w Electron.app
export CSC_IDENTITY_AUTO_DISCOVERY=false
sed -i "/afterSign/d" electron-builder-linux-mac.json
'' + ''
yarn --offline run electron-builder --dir \
--config electron-builder-linux-mac.json \
-c.electronDist=${electron}/libexec/electron \
-c.electronDist=${if stdenv.isDarwin then "." else "${electron}/libexec/electron"} \
-c.electronVersion=${electron.version}
runHook postBuild
@ -65,6 +71,13 @@ stdenv.mkDerivation rec {
installPhase = ''
runHook preInstall
'' + lib.optionalString stdenv.isDarwin ''
mkdir -p $out/{Applications,bin}
mv dist/mac*/draw.io.app $out/Applications
# Symlinking `draw.io` doesn't work; seems to look for files in the wrong place.
makeWrapper $out/Applications/draw.io.app/Contents/MacOS/draw.io $out/bin/drawio
'' + lib.optionalString (!stdenv.isDarwin) ''
mkdir -p "$out/share/lib/drawio"
cp -r dist/*-unpacked/{locales,resources{,.pak}} "$out/share/lib/drawio"
@ -74,6 +87,7 @@ stdenv.mkDerivation rec {
--add-flags "$out/share/lib/drawio/resources/app.asar" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--inherit-argv0
'' + ''
runHook postInstall
'';
@ -98,6 +112,5 @@ stdenv.mkDerivation rec {
changelog = "https://github.com/jgraph/drawio-desktop/releases/tag/v${version}";
maintainers = with maintainers; [ qyliss darkonion0 ];
platforms = platforms.darwin ++ platforms.linux;
broken = stdenv.isDarwin;
};
}

1
pkgs/applications/graphics/figma-linux/default.nix
View File

@ -74,5 +74,6 @@ stdenv.mkDerivation (finalAttrs: {
platforms = [ "x86_64-linux" ];
license = licenses.gpl2;
maintainers = with maintainers; [ ercao kashw2 ];
knownVulnerabilities = [ "CVE-2023-5217" ];
};
})

6
pkgs/applications/graphics/hello-wayland/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation {
pname = "hello-wayland";
version = "unstable-2023-04-23";
version = "unstable-2023-10-26";
src = fetchFromGitHub {
owner = "emersion";
repo = "hello-wayland";
rev = "77e270c19672f3ad863e466093f429cde8eb1f16";
sha256 = "NMQE2zU858b6OZhdS2oZnGvLK+eb7yU0nFaMAcpNw04=";
rev = "b631afa4f6fd86560ccbdb8c7b6fe42851c06a57";
sha256 = "MaBzGZ05uCoeeiglFYHC40hQlPvtDw5sQhqXgtVDySc=";
};
separateDebugInfo = true;

4
pkgs/applications/graphics/mozjpeg/default.nix
View File

@ -1,14 +1,14 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, libpng, zlib, nasm }:
stdenv.mkDerivation rec {
version = "4.1.4";
version = "4.1.5";
pname = "mozjpeg";
src = fetchFromGitHub {
owner = "mozilla";
repo = "mozjpeg";
rev = "v${version}";
sha256 = "sha256-F9W7tWfcNP2UNuwMbYiSvS8BnFq4ob//b8AXXrRjVuA=";
sha256 = "sha256-k8qWtU4j3ipIHvY60ae7kdNnPvWnUa0qgacqlSIJijo=";
};
cmakeFlags = [ "-DENABLE_STATIC=NO" "-DPNG_SUPPORTED=TRUE" ]; # See https://github.com/mozilla/mozjpeg/issues/351

6
pkgs/applications/graphics/pizarra/default.nix
View File

@ -14,17 +14,17 @@
rustPlatform.buildRustPackage rec {
pname = "pizarra";
version = "1.7.4";
version = "1.7.5";
src = fetchFromGitLab {
owner = "categulario";
repo = "pizarra-gtk";
rev = "v${version}";
fetchSubmodules = true;
sha256 = "sha256-fWwAmzF3ppCvJZ0K4EDrmP8SVPVRayEQTtbhNscZIF0=";
sha256 = "sha256-vnjhveX3EVIfJLiHWhlvhoPcRx1a8Nnjj7hIaPgU3Zw=";
};
cargoSha256 = "sha256-pxRJXUeFGdVj6iCFZ4Y8b9z5hw83g8YywpKztTZ0g+4=";
cargoHash = "sha256-btvMUKADGHlXLmeKF1K9Js44SljZ0MejGId8aDwPhVU=";
nativeBuildInputs = [ wrapGAppsHook pkg-config gdk-pixbuf ];

4
pkgs/applications/graphics/upscayl/default.nix
View File

@ -4,11 +4,11 @@
lib,
}: let
pname = "upscayl";
version = "2.8.6";
version = "2.9.1";
src = fetchurl {
url = "https://github.com/upscayl/upscayl/releases/download/v${version}/upscayl-${version}-linux.AppImage";
hash = "sha256-w5rjLqdlPOZWgdc2t0Y3tl24qZqpjBV6I9gruLaI+qc=";
hash = "sha256-x7tNGWXrg4hkr4d5QK4Z/cOmGGdbWLJ/GIASZjmiL4w=";
};
appimageContents = appimageTools.extractType2 {

14
pkgs/applications/misc/1password/default.nix
View File

@ -2,22 +2,22 @@
let
inherit (stdenv.hostPlatform) system;
fetch = srcPlatform: sha256: extension:
fetch = srcPlatform: hash: extension:
let
args = {
url = "https://cache.agilebits.com/dist/1P/op2/pkg/v${version}/op_${srcPlatform}_v${version}.${extension}";
inherit sha256;
inherit hash;
} // lib.optionalAttrs (extension == "zip") { stripRoot = false; };
in
if extension == "zip" then fetchzip args else fetchurl args;
pname = "1password-cli";
version = "2.21.0";
version = "2.22.0";
sources = rec {
aarch64-linux = fetch "linux_arm64" "sha256-pXGBlduNOvxpPMd/BObHVXXGQ0ZTlIkqZ3jYyoGXnqA=" "zip";
i686-linux = fetch "linux_386" "sha256-iePA4nzwBtAlYWybmQdV7Zvvnv+jPqrndB4aabf/JMM=" "zip";
x86_64-linux = fetch "linux_amd64" "sha256-wevv0KYe01ZL70zL4BNti/oCcAzNJ3EO97QIU1BYQRE=" "zip";
aarch64-darwin = fetch "apple_universal" "sha256-AViR53q1/jZtzpFZ7FaBwoZAGuXsGHfULEIuIrTqgSs=" "pkg";
aarch64-linux = fetch "linux_arm64" "sha256-MWNbwCJ5ltAV1qmy8LPYkb6VTH0UVi2S5QEZZfpcnGM=" "zip";
i686-linux = fetch "linux_386" "sha256-lqwEm7fCiM2WNZvlAt/HeqI2zxnal/OMbTMGvvmXkvY=" "zip";
x86_64-linux = fetch "linux_amd64" "sha256-GfQ441a5mIgCTtxnk6L9UXodNGXek7f/jxJXWYJUb+0=" "zip";
aarch64-darwin = fetch "apple_universal" "sha256-yF0dy4MUgvSJUremXFfxCIHcGmYrCcjofcv1sBD9qyI=" "pkg";
x86_64-darwin = aarch64-darwin;
};
platforms = builtins.attrNames sources;

1091
pkgs/applications/misc/faircamp/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

32
pkgs/applications/misc/faircamp/default.nix
View File

@ -1,7 +1,7 @@
{ lib
, stdenv
, rustPlatform
, fetchgit
, fetchFromGitea
, makeWrapper
, pkg-config
, glib
@ -9,29 +9,32 @@
, vips
, ffmpeg
, callPackage
, unstableGitUpdater
, darwin
, testers
, faircamp
}:
rustPlatform.buildRustPackage {
rustPlatform.buildRustPackage rec {
pname = "faircamp";
version = "unstable-2023-04-10";
version = "0.8.0";
# TODO when switching to a stable release, use fetchFromGitea and add a
# version test. Meanwhile, fetchgit is used to make unstableGitUpdater work.
src = fetchgit {
url = "https://codeberg.org/simonrepp/faircamp.git";
rev = "21f775dc35a88c54015694f9757e81c97fa860ea";
hash = "sha256-aMSMMIGfoiqtg8Dj8QiCbUE40OKQXMXt4hvlvbXQLls=";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "simonrepp";
repo = "faircamp";
rev = version;
hash = "sha256-Rz/wMlVNjaGhk26QMnS4+W3oA/RSdB6FuigC84L8eDg=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"enolib-0.1.0" = "sha256-0+T8RRQnqbIiIup/aDJgvxeV8sRV4YrlA9JVbQxMfF0=";
"enolib-0.2.1" = "sha256-ryB5Tk90BvsstdXgYw7F0BJymWWetAIijhVpLeVBOa8=";
};
};
buildFeatures = [ "libvips" ];
nativeBuildInputs = [
makeWrapper
pkg-config
@ -50,9 +53,10 @@ rustPlatform.buildRustPackage {
--prefix PATH : ${lib.makeBinPath [ ffmpeg ]}
'';
passthru.tests.wav = callPackage ./test-wav.nix { };
passthru.updateScript = unstableGitUpdater { };
passthru.tests = {
wav = callPackage ./test-wav.nix { };
version = testers.testVersion { package = faircamp; };
};
meta = with lib; {
description = "A self-hostable, statically generated bandcamp alternative";

4
pkgs/applications/misc/fluidd/default.nix
View File

@ -2,12 +2,12 @@
stdenvNoCC.mkDerivation rec {
pname = "fluidd";
version = "1.25.3";
version = "1.26.0";
src = fetchurl {
name = "fluidd-v${version}.zip";
url = "https://github.com/cadriel/fluidd/releases/download/v${version}/fluidd.zip";
sha256 = "sha256-raslLhVbeUL6Zoz5cw+fKtqdUvAkd7frAncd+q1AVxs=";
sha256 = "sha256-Y0d3TgSLrxA2kPWlHrNC8GlEcD7s4VZR2YZlderZ3gI=";
};
nativeBuildInputs = [ unzip ];

4
pkgs/applications/misc/gpxsee/default.nix
View File

@ -18,13 +18,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "gpxsee";
version = "13.9";
version = "13.10";
src = fetchFromGitHub {
owner = "tumic0";
repo = "GPXSee";
rev = finalAttrs.version;
hash = "sha256-vzbZN+0lDSmvZnQCuvNJCYHTYKqErFhW4RI5Mfbgr6o=";
hash = "sha256-84F4B2yQREPosH1bK74nOby3o/C0isKq4t2CJprsblU=";
};
buildInputs = [

4
pkgs/applications/misc/jetbrains-toolbox/default.nix
View File

@ -10,11 +10,11 @@
}:
let
pname = "jetbrains-toolbox";
version = "2.0.4.17212";
version = "2.0.5.17700";
src = fetchzip {
url = "https://download.jetbrains.com/toolbox/jetbrains-toolbox-${version}.tar.gz";
sha256 = "sha256-lnTYLZJBiM8nnUvMqtcp/i/VNek/9zlxYyZFa+hew5g=";
sha256 = "sha256-BO9W9miQUltsg1tCyTl9j5xRCJUCsO02hUKDCYt7hd8=";
stripRoot = false;
};

4
pkgs/applications/misc/k40-whisperer/default.nix
View File

@ -23,12 +23,12 @@ let
in stdenv.mkDerivation rec {
pname = "k40-whisperer";
version = "0.62";
version = "0.67";
src = fetchzip {
url = "https://www.scorchworks.com/K40whisperer/K40_Whisperer-${version}_src.zip";
stripRoot = true;
sha256 = "sha256-3O+lCpmsCCu61REuxhrV8Uy01AgEGq/1DlMhjo45URM=";
sha256 = "sha256-jyny5uNZ5eL4AV47uAgOhBe4Zqg8GK3e86Z9gZbC68s=";
};
nativeBuildInputs = [ makeWrapper ];

9
pkgs/applications/misc/keepassxc/default.nix
View File

@ -88,7 +88,14 @@ stdenv.mkDerivation rec {
runHook postCheck
'';
nativeBuildInputs = [ asciidoctor cmake wrapGAppsHook wrapQtAppsHook qttools pkg-config ];
nativeBuildInputs = [
asciidoctor
cmake
wrapQtAppsHook
qttools
pkg-config
]
++ lib.optional (!stdenv.isDarwin) wrapGAppsHook;
dontWrapGApps = true;
preFixup = ''

6
pkgs/applications/misc/nwg-bar/default.nix
View File

@ -9,13 +9,13 @@
buildGoModule rec {
pname = "nwg-bar";
version = "0.1.3";
version = "0.1.4";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = pname;
rev = "v${version}";
sha256 = "sha256-/GkusNhHprXwGMNDruEEuFC2ULVIHBN5F00GNex/uq4=";
sha256 = "sha256-kqLQwqZ2RPSKNdw1yzKUfqSe8hQcJe/6/8UzTT/Gz/8=";
};
patches = [ ./fix-paths.patch ];
@ -24,7 +24,7 @@ buildGoModule rec {
substituteInPlace tools.go --subst-var out
'';
vendorHash = "sha256-mqcXhnja8ed7vXIqOKBsNrcbrcaycTQXG1jqdc6zcyI=";
vendorHash = "sha256-vdDlPsjfHl7w1ufosLYquHAKOvkolNBr04bt+OQBlFE=";
nativeBuildInputs = [ pkg-config wrapGAppsHook ];

11
pkgs/applications/misc/oversteer/default.nix
View File

@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, gettext, python3, python3Packages
, meson, cmake, ninja, udev, appstream, appstream-glib, desktop-file-utils, gtk3
, meson, ninja, udev, appstream, appstream-glib, desktop-file-utils, gtk3
, wrapGAppsHook, gobject-introspection, bash, }:
let
python = python3.withPackages (p:
@ -14,7 +14,7 @@ let
pygobject3
]);
version = "0.7.2";
version = "0.8.0";
in stdenv.mkDerivation {
inherit version;
@ -24,7 +24,7 @@ in stdenv.mkDerivation {
owner = "berarma";
repo = "oversteer";
rev = version;
sha256 = "sha256-9MWRb0NXUbB8c+pH0mjUzsz849PmEjsZMhQr4wsmlKI=";
sha256 = "sha256-fkf6sa4yYbxGOehyLzuFj5nZiPK3B1D/VVvobhKB4Uo=";
};
buildInputs = [ bash gtk3 ];
@ -64,12 +64,13 @@ in stdenv.mkDerivation {
--replace /bin/sh ${bash}/bin/sh
'';
patches = [ ./fix-install-dir.patch ];
patches = [ ];
meta = with lib; {
homepage = "https://github.com/berarma/oversteer";
changelog = "https://github.com/berarma/oversteer/releases/tag/${version}";
description = "Steering Wheel Manager for Linux";
license = licenses.gpl3;
license = licenses.gpl3Plus;
maintainers = [ maintainers.srounce ];
platforms = platforms.unix;
};

13
pkgs/applications/misc/oversteer/fix-install-dir.patch
View File

@ -1,13 +0,0 @@
diff --git a/meson.build b/meson.build
index 239acf9..6a06c83 100644
--- a/meson.build
+++ b/meson.build
@@ -8,7 +8,7 @@ pymod = import('python')
prefix = get_option('prefix')
pkgdatadir = join_paths(prefix, get_option('datadir'), meson.project_name())
py_installation = pymod.find_installation(get_option('python'))
-py_path = py_installation.get_path('purelib')
+py_path = py_installation.get_install_dir()
python3_required_modules = ['gi', 'pyudev', 'xdg', 'evdev', 'gettext', 'matplotlib', 'scipy', 'numpy']
foreach p : python3_required_modules

4
pkgs/applications/misc/pdfarranger/default.nix
View File

@ -8,13 +8,13 @@
python3Packages.buildPythonApplication rec {
pname = "pdfarranger";
version = "1.10.0";
version = "1.10.1";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-tNLy3HeHh8nBtmfJS5XhKX+KhIBnuUV2C8LwQl3mQLU=";
hash = "sha256-l//DeaIqUl6FdGFxM8yTKcTjVNvYMllorcoXoK33Iy4=";
};
nativeBuildInputs = [

6
pkgs/applications/misc/spicetify-cli/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "spicetify-cli";
version = "2.24.2";
version = "2.25.1";
src = fetchFromGitHub {
owner = "spicetify";
repo = "spicetify-cli";
rev = "v${version}";
hash = "sha256-jzEtXmlpt6foldLW57ZcpevX8CDc+c8iIynT5nOD9qY=";
hash = "sha256-81dfAekWvMcp1Jar+jlXRiJr6UmHCdJZ0ML/6fFnvRs=";
};
vendorHash = "sha256-rMMTUT7HIgYvxGcqR02VmxOh1ihE6xuIboDsnuOo09g=";
vendorHash = "sha256-VktAO3yKCdm5yz/RRLeLv6zzyGrwuHC/i8WdJtqZoYc=";
ldflags = [
"-s -w"

6
pkgs/applications/misc/system76-keyboard-configurator/default.nix
View File

@ -6,13 +6,13 @@
rustPlatform.buildRustPackage rec {
pname = "system76-keyboard-configurator";
version = "1.3.9";
version = "1.3.10";
src = fetchFromGitHub {
owner = "pop-os";
repo = "keyboard-configurator";
rev = "v${version}";
sha256 = "sha256-06qiJ3NZZSvDBH7r6K1qnz0q4ngB45wBoaG6eTFiRtk=";
sha256 = "sha256-5U9LWFaCwszvT1reu6NflPKQUrsQkP/NdSO4LBHWm2g=";
};
nativeBuildInputs = [
@ -28,7 +28,7 @@ rustPlatform.buildRustPackage rec {
udev
];
cargoHash = "sha256-tcyLoXOrC+lrFVRzxWfWpvHpfA6tbEBXFj9mSeTLcbc=";
cargoHash = "sha256-S4+cS4m69nqDN2h0vwyO35fFFBEa0Rcxx0XDBfSNLp0=";
meta = with lib; {
description = "Keyboard configuration application for System76 keyboards and laptops";

4
pkgs/applications/misc/ulauncher/default.nix
View File

@ -21,11 +21,11 @@
python3Packages.buildPythonApplication rec {
pname = "ulauncher";
version = "5.15.3";
version = "5.15.4";
src = fetchurl {
url = "https://github.com/Ulauncher/Ulauncher/releases/download/${version}/ulauncher_${version}.tar.gz";
sha256 = "sha256-unAic6GTgvZFFJwPERh164vfDiFE0zLEUjgADR94w5w=";
sha256 = "sha256-5pEpYnJFHQKEfTve07ngFVDAOM9+kwrx6hc30gEwsko=";
};
nativeBuildInputs = with python3Packages; [

6
pkgs/applications/misc/usql/default.nix
View File

@ -10,18 +10,18 @@
buildGoModule rec {
pname = "usql";
version = "0.15.1";
version = "0.15.2";
src = fetchFromGitHub {
owner = "xo";
repo = "usql";
rev = "v${version}";
hash = "sha256-thpVcJ1HRhoOAli7829zM4fermEcS9FwzKX7ZjHGhZg=";
hash = "sha256-SJypezOTQr+TiG/rePXxgjrspeErqj6qw9TBen41e4Q=";
};
buildInputs = [ unixODBC icu ];
vendorHash = "sha256-S7fahA+ykviQoWc7p0CcTGfouswxQNBn4HH+tbl0fbI=";
vendorHash = "sha256-i2lH6ajRmfJHsh7nzCjt7mi3issA4kSBdG42w67pOC4=";
proxyVendor = true;
# Exclude broken genji, hive & impala drivers (bad group)

20
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -35,31 +35,31 @@
};
deps = {
gn = {
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
url = "https://gn.googlesource.com/gn";
version = "2023-08-10";
};
};
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
version = "118.0.5993.88";
hash = "sha256-65rN17DIF+9FgZu7ohc9dM8ni6Qmqc9l1oyOcloip44=";
hash_deb_amd64 = "sha256-RJcyIA0TdXWRk+K2GVcHSv4OSq5c6Y7InUblao3uusc=";
version = "118.0.5993.117";
};
ungoogled-chromium = {
deps = {
gn = {
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
url = "https://gn.googlesource.com/gn";
version = "2023-08-10";
};
ungoogled-patches = {
rev = "118.0.5993.88-1";
hash = "sha256-Tv/DSvVHa/xU5SXNtobaJPOSrbMMwYIu0+okSkw7RJ4=";
hash = "sha256-10kSaLteFtvg3nGffslRpAxmc7nFsp0rA8gwm8jqt/8=";
rev = "118.0.5993.117-1";
};
};
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
version = "118.0.5993.88";
hash = "sha256-65rN17DIF+9FgZu7ohc9dM8ni6Qmqc9l1oyOcloip44=";
hash_deb_amd64 = "sha256-RJcyIA0TdXWRk+K2GVcHSv4OSq5c6Y7InUblao3uusc=";
version = "118.0.5993.117";
};
}

5
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -1,5 +1,6 @@
{ pname
, version
, packageVersion ? version
, meta
, updateScript ? null
, binaryName ? "firefox"
@ -206,7 +207,7 @@ in
buildStdenv.mkDerivation {
pname = "${pname}-unwrapped";
inherit version;
version = packageVersion;
inherit src unpackPhase meta;
@ -557,7 +558,6 @@ buildStdenv.mkDerivation {
passthru = {
inherit application extraPatches;
inherit updateScript;
inherit version;
inherit alsaSupport;
inherit binaryName;
inherit jackSupport;
@ -569,6 +569,7 @@ buildStdenv.mkDerivation {
inherit tests;
inherit gtk3;
inherit wasiSysRoot;
version = packageVersion;
} // extraPassthru;
hardeningDisable = [ "format" ]; # -Werror=format-security

49
pkgs/applications/networking/browsers/floorp/default.nix Normal file
View File

@ -0,0 +1,49 @@
{ stdenv
, lib
, fetchFromGitHub
, buildMozillaMach
, nixosTests
}:
((buildMozillaMach rec {
pname = "floorp";
packageVersion = "11.5.0";
applicationName = "Floorp";
binaryName = "floorp";
version = "155.4.0";
src = fetchFromGitHub {
owner = "Floorp-Projects";
repo = "Floorp";
fetchSubmodules = true;
rev = "v${packageVersion}";
hash = "sha256-adK3LAu3cDh6d+GvtnkWmSnxansnSZoIgtA9TAqIMyA=";
};
extraConfigureFlags = [
"--with-app-name=${pname}"
"--with-app-basename=${applicationName}"
"--with-branding=browser/branding/official"
"--with-distribution-id=app.floorp.Floorp"
"--with-unsigned-addon-scopes=app,system"
"--allow-addon-sideload"
];
meta = {
description = "A fork of Firefox, focused on keeping the Open, Private and Sustainable Web alive, built in Japan";
homepage = "https://floorp.app/";
maintainers = with lib.maintainers; [ christoph-heiss ];
platforms = lib.platforms.unix;
badPlatforms = lib.platforms.darwin;
broken = stdenv.buildPlatform.is32bit; # since Firefox 60, build on 32-bit platforms fails with "out of memory".
# not in `badPlatforms` because cross-compilation on 64-bit machine might work.
maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
license = lib.licenses.mpl20;
};
tests = [ nixosTests.floorp ];
}).override {
privacySupport = true;
enableOfficialBranding = false;
}).overrideAttrs (prev: {
MOZ_REQUIRE_SIGNING = "";
})

4
pkgs/applications/networking/browsers/mullvad-browser/default.nix
View File

@ -78,7 +78,7 @@ let
++ lib.optionals mediaSupport [ ffmpeg ]
);
version = "13.0";
version = "13.0.1";
sources = {
x86_64-linux = fetchurl {
@ -90,7 +90,7 @@ let
"https://tor.eff.org/dist/mullvadbrowser/${version}/mullvad-browser-linux-x86_64-${version}.tar.xz"
"https://tor.calyxinstitute.org/dist/mullvadbrowser/${version}/mullvad-browser-linux-x86_64-${version}.tar.xz"
];
hash = "sha256-YtkGgSnQVJ9wtamDOtLROufhPJ9KizV8j5kK26iJ+ZY=";
hash = "sha256-VYkRHWyTAAt5P7jnNuf4s2bOv36LuqcTMMKOLRGE9FQ=";
};
};

4
pkgs/applications/networking/browsers/polypane/default.nix
View File

@ -2,12 +2,12 @@
let
pname = "polypane";
version = "15.0.0";
version = "15.0.1";
src = fetchurl {
url = "https://github.com/firstversionist/${pname}/releases/download/v${version}/${pname}-${version}.AppImage";
name = "${pname}-${version}.AppImage";
sha256 = "sha256-O0VWgx6FKulELZuJgMwFgGSo+EaCqb9dgneF2XFnq7U=";
sha256 = "sha256-CU5PI+9iBcxZdhhs2QjfZTViU2xQ3i+T+4Wzp+yeKEE=";
};
appimageContents = appimageTools.extractType2 {

6
pkgs/applications/networking/browsers/vivaldi/default.nix
View File

@ -24,7 +24,7 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "6.2.3105.54";
version = "6.2.3105.58";
suffix = {
aarch64-linux = "arm64";
@ -34,8 +34,8 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
hash = {
aarch64-linux = "sha256-QqdCnwSrqJAEj++xcr3cOkKSbZIFkyvMutxsLNR/Moc=";
x86_64-linux = "sha256-z5/l94MFhpHRLvbUdSwFSSt3n21mPZJzanYugXecLFk=";
aarch64-linux = "sha256-PDy+cenU1D9UKlICgZgj/KKZFq5x8iSDpbtCr06ks70=";
x86_64-linux = "sha256-uWv4odg/nEuY6B8Jzt5Br4pUFMlG0vGEt968PajxMUA=";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};

6
pkgs/applications/networking/circumflex/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "circumflex";
version = "3.2";
version = "3.5";
src = fetchFromGitHub {
owner = "bensadeh";
repo = "circumflex";
rev = version;
hash = "sha256-3cu5Y9Z20CbFN+4/2LLM3pcXofuc8oztoZVPhDzFLas=";
hash = "sha256-w5QdFvF+kIxt27rg/uXjd+G0Dls7oYhmFew+O2NoaVg=";
};
vendorHash = "sha256-w9WDbNvnaRgZ/rpI450C7AA244AXRE8u960xZnAiXn4=";
vendorHash = "sha256-F9mzGP5b9dcmnT6TvjjbRq/isk1o8vM/5yxWUaZrnaw=";
nativeBuildInputs = [ makeWrapper ];

6
pkgs/applications/networking/cluster/argocd/default.nix
View File

@ -2,17 +2,17 @@
buildGoModule rec {
pname = "argocd";
version = "2.8.4";
version = "2.8.5";
src = fetchFromGitHub {
owner = "argoproj";
repo = "argo-cd";
rev = "v${version}";
hash = "sha256-ETvAE9kegqtAduXm9/9fmPgJJ2Xq6ZY5J5iGcjHkyKM=";
hash = "sha256-oYREaXUm60AkWO/2X6Cu55F+gCaPYpYqRigJW0ocDL0=";
};
proxyVendor = true; # darwin/linux hash mismatch
vendorHash = "sha256-4vGBi6P0xSfBheTg2/z28l9H07TasqqM8l6YjGgLhvs=";
vendorHash = "sha256-KzH4GmOeurcEMIDN3B8QSMZY1Fk+tNqy0SYzCXiRVlo=";
# Set target as ./cmd per cli-local
# https://github.com/argoproj/argo-cd/blob/master/Makefile#L227

6
pkgs/applications/networking/cluster/glooctl/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "glooctl";
version = "1.15.9";
version = "1.15.14";
src = fetchFromGitHub {
owner = "solo-io";
repo = "gloo";
rev = "v${version}";
hash = "sha256-P3NC1/ZujqSO2C4ToNLpxgbxqACXYYsAFQh1Xbbu7x4=";
hash = "sha256-rQZOGM97mXKFFMQRw6+iiaDLugu0CM7OW2V7w0fgpDM=";
};
vendorHash = "sha256-KaBq1VCGWv3K50DDelS0hOQkXnK1ufBiXBtbPQFzwMY=";
vendorHash = "sha256-51s+C4P8xKp52qjr6LK3zWKWzwnuEQyKxi/Wzpha9Fs=";
subPackages = [ "projects/gloo/cli/cmd" ];

6
pkgs/applications/networking/cluster/kubefirst/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubefirst";
version = "2.2.17";
version = "2.3.0";
src = fetchFromGitHub {
owner = "kubefirst";
repo = pname;
rev = "v${version}";
hash = "sha256-cqKnoGRW+IquuZ7wvCRipRJ6mO18w/yhf5nS094vs7c=";
hash = "sha256-5znZMr0Dj6kpKJbypICN5+Fv/+3FgTLBok3YMrWaHdo=";
};
vendorHash = "sha256-0J27JSewc0DCcc3xvl2DBZE/b0qKuozuP7tFdbrRX7I=";
vendorHash = "sha256-/iAGUnIMH2+IrvvXig56SpZ0eTfVwaCgGMUDp5/MtEo=";
ldflags = [ "-s" "-w" "-X github.com/kubefirst/runtime/configs.K1Version=v${version}"];

6
pkgs/applications/networking/cluster/kubelogin/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubelogin";
version = "0.0.32";
version = "0.0.33";
src = fetchFromGitHub {
owner = "Azure";
repo = pname;
rev = "v${version}";
sha256 = "sha256-pMen6ZL1S0xr5+h7gVBMG4XjlZUifIiqHvjKgg8AY5c=";
sha256 = "sha256-bPxsXRXk8hlhIhj2tO7mJ5XYd6oNH25cwp5CUVo65mo=";
};
vendorHash = "sha256-pNOCagxOcxhELSWO1GfbxGmopYXIgKD00XdZdVgawrc=";
vendorHash = "sha256-WZTtu7T7aWOk3Q0HBjGcc+lsgOExmQQEs0lEEvP+Wb4=";
ldflags = [
"-X main.version=${version}"

6
pkgs/applications/networking/cluster/nerdctl/default.nix
View File

@ -10,16 +10,16 @@
buildGoModule rec {
pname = "nerdctl";
version = "1.6.0";
version = "1.6.2";
src = fetchFromGitHub {
owner = "containerd";
repo = pname;
rev = "v${version}";
hash = "sha256-O1N8+Gjo0EapRV5Z7Z27Cfs886cbwTmckJsSJ2OI5fM=";
hash = "sha256-izFDqaJFJrgeb3YPP/7rIf/IjvrtlwjbktNy702zVTU=";
};
vendorHash = "sha256-/4XFQagUbU8SgoBogK1hAsfGoTY+DaIVaNpSA3Enaho=";
vendorHash = "sha256-4I+qCh/A/Yj5kUZLFvXTUV85l/2LVGPUCivTdDlA1ao=";
nativeBuildInputs = [ makeWrapper installShellFiles ];

Some files were not shown because too many files have changed in this diff Show More