Merge master into staging-next

maintainers/maintainer-list.nix

@@ -4396,6 +4396,12 @@
     githubId = 27668;
     name = "Tobias Pflug";
   };
+  gin66 = {
+    email = "jochen@kiemes.de";
+    github = "gin66";
+    githubId = 5549373;
+    name = "Jochen Kiemes";
+  };
   giogadi = {
     email = "lgtorres42@gmail.com";
     github = "giogadi";
@@ -7523,16 +7529,6 @@
     githubId = 29855073;
     name = "Michael Colicchia";
   };
-  matdsoupe = {
-    github = "matdsoupe";
-    githubId = 44469426;
-    name = "Matheus de Souza Pessanha";
-    email = "matheus_pessanha2001@outlook.com";
-    keys = [{
-      longkeyid = "rsa4096/0x2671964AB1E06A08";
-      fingerprint = "2F32 CFEF E11A D73B A740  FA47 2671 964A B1E0 6A08";
-    }];
-  };
   matejc = {
     email = "cotman.matej@gmail.com";
     github = "matejc";
@@ -13767,6 +13763,16 @@
     github = "zeri42";
     githubId = 68825133;
   };
+  zoedsoupe = {
+    github = "zoedsoupe";
+    githubId = 44469426;
+    name = "Zoey de Souza Pessanha";
+    email = "zoey.spessanha@outlook.com";
+    keys = [{
+      longkeyid = "rsa4096/0x1E1E889CDBD6A315";
+      fingerprint = "EAA1 51DB 472B 0122 109A  CB17 1E1E 889C DBD6 A315";
+    }];
+  };
   zombiezen = {
     name = "Ross Light";
     email = "ross@zombiezen.com";

nixos/modules/module-list.nix

@@ -914,6 +914,7 @@
   ./services/networking/vsftpd.nix
   ./services/networking/wasabibackend.nix
   ./services/networking/websockify.nix
+  ./services/networking/wg-netmanager.nix
   ./services/networking/wg-quick.nix
   ./services/networking/wireguard.nix
   ./services/networking/wpa_supplicant.nix

nixos/modules/services/networking/wg-netmanager.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.wg-netmanager;
+in
+{
+
+  options = {
+    services.wg-netmanager = {
+      enable = mkEnableOption "Wireguard network manager";
+    };
+  };
+
+  ###### implementation
+  config = mkIf cfg.enable {
+    # NOTE: wg-netmanager runs as root
+    systemd.services.wg-netmanager = {
+      description = "Wireguard network manager";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [ wireguard-tools iproute2 wireguard-go ];
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+        ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
+        ReadWritePaths = [
+          "/tmp"  # wg-netmanager creates files in /tmp before deleting them after use
+        ];
+      };
+      unitConfig =  {
+        ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"];
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ gin66 ];
+}

nixos/modules/services/security/cfssl.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, options, lib, pkgs, ... }:
 
 with lib;
 
@@ -11,7 +11,16 @@ in {
     dataDir = mkOption {
       default = "/var/lib/cfssl";
       type = types.path;
-      description = "Cfssl work directory.";
+      description = ''
+        The work directory for CFSSL.
+
+        <note><para>
+          If left as the default value this directory will automatically be
+          created before the CFSSL server starts, otherwise you are
+          responsible for ensuring the directory exists with appropriate
+          ownership and permissions.
+        </para></note>
+      '';
     };
 
     address = mkOption {
@@ -22,7 +31,7 @@ in {
 
     port = mkOption {
       default = 8888;
-      type = types.ints.u16;
+      type = types.port;
       description = "Port to bind.";
     };
 
@@ -147,13 +156,12 @@ in {
   };
 
   config = mkIf cfg.enable {
-    users.extraGroups.cfssl = {
+    users.groups.cfssl = {
       gid = config.ids.gids.cfssl;
     };
 
-    users.extraUsers.cfssl = {
+    users.users.cfssl = {
       description = "cfssl user";
-      createHome = true;
       home = cfg.dataDir;
       group = "cfssl";
       uid = config.ids.uids.cfssl;
@@ -164,41 +172,46 @@ in {
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
 
-      serviceConfig = {
-        WorkingDirectory = cfg.dataDir;
-        StateDirectory = cfg.dataDir;
-        StateDirectoryMode = 700;
-        Restart = "always";
-        User = "cfssl";
+      serviceConfig = lib.mkMerge [
+        {
+          WorkingDirectory = cfg.dataDir;
+          Restart = "always";
+          User = "cfssl";
+          Group = "cfssl";
 
-        ExecStart = with cfg; let
-          opt = n: v: optionalString (v != null) ''-${n}="${v}"'';
-        in
-          lib.concatStringsSep " \\\n" [
-            "${pkgs.cfssl}/bin/cfssl serve"
-            (opt "address" address)
-            (opt "port" (toString port))
-            (opt "ca" ca)
-            (opt "ca-key" caKey)
-            (opt "ca-bundle" caBundle)
-            (opt "int-bundle" intBundle)
-            (opt "int-dir" intDir)
-            (opt "metadata" metadata)
-            (opt "remote" remote)
-            (opt "config" configFile)
-            (opt "responder" responder)
-            (opt "responder-key" responderKey)
-            (opt "tls-key" tlsKey)
-            (opt "tls-cert" tlsCert)
-            (opt "mutual-tls-ca" mutualTlsCa)
-            (opt "mutual-tls-cn" mutualTlsCn)
-            (opt "mutual-tls-client-key" mutualTlsClientKey)
-            (opt "mutual-tls-client-cert" mutualTlsClientCert)
-            (opt "tls-remote-ca" tlsRemoteCa)
-            (opt "db-config" dbConfig)
-            (opt "loglevel" (toString logLevel))
-          ];
-      };
+          ExecStart = with cfg; let
+            opt = n: v: optionalString (v != null) ''-${n}="${v}"'';
+          in
+            lib.concatStringsSep " \\\n" [
+              "${pkgs.cfssl}/bin/cfssl serve"
+              (opt "address" address)
+              (opt "port" (toString port))
+              (opt "ca" ca)
+              (opt "ca-key" caKey)
+              (opt "ca-bundle" caBundle)
+              (opt "int-bundle" intBundle)
+              (opt "int-dir" intDir)
+              (opt "metadata" metadata)
+              (opt "remote" remote)
+              (opt "config" configFile)
+              (opt "responder" responder)
+              (opt "responder-key" responderKey)
+              (opt "tls-key" tlsKey)
+              (opt "tls-cert" tlsCert)
+              (opt "mutual-tls-ca" mutualTlsCa)
+              (opt "mutual-tls-cn" mutualTlsCn)
+              (opt "mutual-tls-client-key" mutualTlsClientKey)
+              (opt "mutual-tls-client-cert" mutualTlsClientCert)
+              (opt "tls-remote-ca" tlsRemoteCa)
+              (opt "db-config" dbConfig)
+              (opt "loglevel" (toString logLevel))
+            ];
+        }
+        (mkIf (cfg.dataDir == options.services.cfssl.dataDir.default) {
+          StateDirectory = baseNameOf cfg.dataDir;
+          StateDirectoryMode = 700;
+        })
+      ];
     };
 
     services.cfssl = {

pkgs/applications/kde/fetch.sh

@@ -1 +1 @@
-WGET_ARGS=( https://download.kde.org/stable/release-service/21.12.1/src -A '*.tar.xz' )
+WGET_ARGS=( https://download.kde.org/stable/release-service/21.12.2/src -A '*.tar.xz' )

pkgs/applications/misc/p2pool/default.nix

@@ -6,6 +6,7 @@
 , lib
 , libsodium
 , libuv
+, nix-update-script
 , openssl
 , pkg-config
 , zeromq
@@ -13,13 +14,13 @@
 
 stdenv.mkDerivation rec {
   pname = "p2pool";
-  version = "1.4";
+  version = "1.6";
 
   src = fetchFromGitHub {
     owner = "SChernykh";
     repo = "p2pool";
     rev = "v${version}";
-    sha256 = "sha256-syeVRweQJTNzKVl9FuIQl36WwzoI/oV2ULZbSGiDkv0=";
+    sha256 = "sha256-SumAHliY2cX2Q1umyw0ljCFmgnGKKHqoEFGglNJ/Bfg=";
     fetchSubmodules = true;
   };
 
@@ -34,6 +35,12 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
+  passthru = {
+    updateScript = nix-update-script {
+      attrPath = pname;
+    };
+  };
+
   meta = with lib; {
     description = "Decentralized pool for Monero mining";
     homepage = "https://github.com/SChernykh/p2pool";

pkgs/applications/networking/instant-messengers/slack/default.nix

@@ -51,8 +51,8 @@ let
   x86_64-linux-version = "4.23.0";
   x86_64-linux-sha256 = "1wsrxacnj9f3cb6as7ncbdvi02jqcbyc7ijsavps5bls9phkp0is";
 
-  aarch64-darwin-version = "4.22.0";
-  aarch64-darwin-sha256 = "1z2pcgva9ixjx702c1535b4k0xr9fdnfzi5m08xgvabk9x66hqx4";
+  aarch64-darwin-version = "4.23.0";
+  aarch64-darwin-sha256 = "053psiqysyi7l8pviq0vwvk2azlxcpdrwfa0b99f1h6lbfcf48f3";
 
   version = {
     x86_64-darwin = x86_64-darwin-version;
@@ -69,7 +69,7 @@ let
       sha256 = x86_64-darwin-sha256;
     };
     x86_64-linux = fetchurl {
-      url = "${base}/linux_releases/slack-desktop-${version}-amd64.deb";
+      url = "${base}/releases/linux/${version}/prod/x64/slack-desktop-${version}-amd64.deb";
       sha256 = x86_64-linux-sha256;
     };
     aarch64-darwin = fetchurl {

pkgs/applications/networking/instant-messengers/slack/update.sh

@@ -18,7 +18,9 @@ nixpkgs_linux_version=$(cat "$slack_nix" | sed -n 's/.*x86_64-linux-version = \"
 nixpkgs_mac_version=$(cat "$slack_nix" | sed -n 's/.*x86_64-darwin-version = \"\([0-9\.]\+\)\";.*/\1/p')
 nixpkgs_mac_arm_version=$(cat "$slack_nix" | sed -n 's/.*aarch64-darwin-version = \"\([0-9\.]\+\)\";.*/\1/p')
 
-if [[ "$nixpkgs_linux_version" == "$latest_linux_version" && "$nixpkgs_mac_version" == "$latest_mac_version" ]]; then
+if [[ "$nixpkgs_linux_version" == "$latest_linux_version" && \
+      "$nixpkgs_mac_version" == "$latest_mac_version" && \
+      "$nixpkgs_mac_arm_version" == "$latest_mac_version" ]]; then
   echo "nixpkgs versions are all up to date!"
   exit 0
 fi
@@ -34,7 +36,7 @@ sed -i "s/x86_64-linux-version = \".*\"/x86_64-linux-version = \"${latest_linux_
 sed -i "s/x86_64-darwin-version = \".*\"/x86_64-darwin-version = \"${latest_mac_version}\"/" "$slack_nix"
 sed -i "s/aarch64-darwin-version = \".*\"/aarch64-darwin-version = \"${latest_mac_version}\"/" "$slack_nix"
 sed -i "s/x86_64-linux-sha256 = \".*\"/x86_64-linux-sha256 = \"${linux_sha256}\"/" "$slack_nix"
-sed -i "s/x86_64-darwin-sha256 = \".*\"/x86_64-darwin-sha256 = \"${mac_arm_sha256}\"/" "$slack_nix"
+sed -i "s/x86_64-darwin-sha256 = \".*\"/x86_64-darwin-sha256 = \"${mac_sha256}\"/" "$slack_nix"
 sed -i "s/aarch64-darwin-sha256 = \".*\"/aarch64-darwin-sha256 = \"${mac_arm_sha256}\"/" "$slack_nix"
 
 if ! nix-build -A slack "$nixpkgs"; then

pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix

@@ -189,6 +189,6 @@ env.mkDerivation rec {
     platforms = platforms.linux;
     homepage = "https://desktop.telegram.org/";
     changelog = "https://github.com/telegramdesktop/tdesktop/releases/tag/v${version}";
-    maintainers = with maintainers; [ oxalica vanilla ];
+    maintainers = with maintainers; [ oxalica ];
   };
 }

pkgs/development/libraries/tdlib/default.nix

@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   pname = "tdlib";
-  version = "1.8.0";
+  version = "1.8.1";
 
   src = fetchFromGitHub {
     owner = "tdlib";
     repo = "td";
     # https://github.com/tdlib/td/issues/1790
-    rev = "b3ab664a18f8611f4dfcd3054717504271eeaa7a";
-    sha256 = "OBgzFBi+lIBbKnHDm5D/F3Xi4s1x4geb+1OoBP3F+qY=";
+    rev = "92c2a9c4e521df720abeaa9872e1c2b797d5c93f";
+    sha256 = "ZoKsgdkS78mptfbxkkV4pgcgJEaWwKZWK2cvmxgJN4E=";
   };
 
   buildInputs = [ gperf openssl readline zlib ];

pkgs/development/node-packages/default.nix

@@ -415,6 +415,10 @@ let
       buildInputs = [ pkgs.libusb1 ];
     };
 
+    uppy-companion = super."@uppy/companion".override {
+      name = "uppy-companion";
+    };
+
     vega-cli = super.vega-cli.override {
       nativeBuildInputs = [ pkgs.pkg-config ];
       buildInputs = with pkgs; [

pkgs/development/node-packages/node-packages.json

@@ -13,6 +13,7 @@
 , "@nestjs/cli"
 , "@squoosh/cli"
 , "@tailwindcss/language-server"
+, "@uppy/companion"
 , "@vue/cli"
 , "@webassemblyjs/cli"
 , "@webassemblyjs/repl"

pkgs/development/tools/earthly/default.nix

@@ -37,6 +37,6 @@ buildGoModule rec {
     homepage = "https://earthly.dev/";
     changelog = "https://github.com/earthly/earthly/releases/tag/v${version}";
     license = licenses.bsl11;
-    maintainers = with maintainers; [ matdsoupe ];
+    maintainers = with maintainers; [ zoedsoupe ];
   };
 }

pkgs/development/tools/misc/epm/default.nix

@@ -1,26 +1,40 @@
-{lib, stdenv, fetchFromGitHub, rpm}:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, rpm
+}:
 
 stdenv.mkDerivation rec {
   pname = "epm";
-  version = "4.4";
+  version = "5.0.0";
 
   src = fetchFromGitHub {
-    repo = "epm";
-    owner = "michaelrsweet";
+    owner = "jimjag";
+    repo = pname;
     rev = "v${version}";
-    sha256 = "0kaw7v2m20qirapkps4dna6nf9xibnwljvvv0l9vpvi920kw7j7p";
+    hash = "sha256-o4B5lWBeve+U70FDgF1DrtNrXxaEY4etkPpwbqF7fmc=";
   };
 
+  patches = [
+    # Makefile fix: INSTALL command
+    (fetchpatch {
+      url = "https://github.com/jimjag/epm/commit/dc5fcd6fa6e3a74baa28be060769a2b47f9368e7.patch";
+      sha256 = "1gfyz493w0larin841xx3xalb7m3sp1r2vv1xki6rz35ybrnb96c";
+    })
+    # Makefile fix: man pages filenames and docdir target
+    (fetchpatch {
+      url = "https://github.com/jimjag/epm/commit/96bb48d4d7b463a09d5a25debfb51c88dcd7398c.patch";
+      sha256 = "11aws0qac6vyy3w5z39vkjy4symmfzxfq9qgbgkk74fvx9vax42a";
+    })
+  ];
+
   buildInputs = [ rpm ];
 
-  preInstall = ''
-    sed -i 's/README/README.md/' Makefile
-  '';
-
   meta = with lib; {
     description = "The ESP Package Manager generates distribution archives for a variety of platforms";
-    homepage = "https://www.msweet.org/projects.php?Z2";
-    license = licenses.gpl2;
+    homepage = "https://jimjag.github.io/epm/";
+    license = licenses.asl20;
     maintainers = with maintainers; [ pSub ];
     platforms = platforms.unix;
   };

pkgs/development/web/bloomrpc/default.nix

@@ -0,0 +1,42 @@
+{ lib, fetchurl, appimageTools }:
+
+let
+  pname = "bloomrpc";
+  version = "1.5.3";
+
+  src = fetchurl {
+    url = "https://github.com/uw-labs/${pname}/releases/download/${version}/BloomRPC-${version}.AppImage";
+    name = "${pname}-${version}.AppImage";
+    sha512 = "PebdYDpcplPN5y3mRu1mG6CXenYfYvBXNLgIGEr7ZgKnR5pIaOfJNORSNYSdagdGDb/B1sxuKfX4+4f2cqgb6Q==";
+  };
+
+  appimageContents = appimageTools.extractType2 {
+    inherit pname src version;
+  };
+in appimageTools.wrapType2 {
+  inherit pname src version;
+
+  multiPkgs = null; # no 32bit needed
+  extraPkgs = pkgs: appimageTools.defaultFhsEnvArgs.multiPkgs pkgs ++ [ pkgs.bash ];
+
+  extraInstallCommands = ''
+    ln -s $out/bin/${pname}-${version} $out/bin/${pname}
+    install -m 444 -D ${appimageContents}/${pname}.desktop $out/share/applications/${pname}.desktop
+    install -m 444 -D ${appimageContents}/${pname}.png \
+      $out/share/icons/hicolor/512x512/apps/${pname}.png
+    substituteInPlace $out/share/applications/${pname}.desktop \
+      --replace 'Exec=AppRun' 'Exec=${pname}'
+  '';
+
+  meta = with lib; {
+    description = "GUI Client for GRPC Services";
+    longDescription = ''
+      Inspired by Postman and GraphQL Playground BloomRPC aims to provide the simplest
+      and most efficient developer experience for exploring and querying your GRPC services.
+    '';
+    homepage = "https://github.com/uw-labs/bloomrpc";
+    license = licenses.lgpl3Plus;
+    maintainers = with maintainers; [ zoedsoupe ];
+    platforms = [ "x86_64-linux" ];
+  };
+}

pkgs/tools/networking/wg-netmanager/default.nix

@@ -0,0 +1,30 @@
+{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin, wireguard-go, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "wg-netmanager";
+  version = "0.4.1";
+
+  src = fetchFromGitHub {
+    owner = "gin66";
+    repo = "wg_netmanager";
+    rev = "wg_netmanager-v${version}";
+    sha256 = "AAtSSBz2zGLIEpcEMbe1mfYZikiaYEI+6KeSL5n54PE=";
+  };
+
+  cargoSha256 = "17k83QkQDq5uRCRADRLD2Q7pv7yES20lpms/N/UK+BM=";
+
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  # Test 01 tries to create a wireguard interface, which requires sudo.
+  doCheck = true;
+  checkFlags = "--skip device";
+
+  meta = with lib; {
+    description = "Wireguard network manager";
+    longDescription = "Wireguard network manager, written in rust, simplifies the setup of wireguard nodes, identifies short connections between nodes residing in the same subnet, identifies unreachable aka dead nodes and maintains the routes between all nodes automatically. To achieve this, wireguard network manager needs to be running on each node.";
+    homepage = "https://github.com/gin66/wg_netmanager";
+    license = with licenses; [ mit asl20 bsd3 mpl20 ];
+    maintainers = with maintainers; [ gin66 ];
+    platforms = platforms.linux;
+  };
+}

pkgs/top-level/all-packages.nix

@@ -4272,6 +4272,8 @@ with pkgs;
 
   unionfs-fuse = callPackage ../tools/filesystems/unionfs-fuse { };
 
+  inherit (nodePackages) uppy-companion;
+
   usb-modeswitch = callPackage ../development/tools/misc/usb-modeswitch { };
   usb-modeswitch-data = callPackage ../development/tools/misc/usb-modeswitch/data.nix { };
 
@@ -10938,6 +10940,10 @@ with pkgs;
 
   wg-friendly-peer-names = callPackage ../tools/networking/wg-friendly-peer-names { };
 
+  wg-netmanager = callPackage ../tools/networking/wg-netmanager {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
+
   woff2 = callPackage ../development/web/woff2 { };
 
   woof = callPackage ../tools/misc/woof { };
@@ -14477,6 +14483,8 @@ with pkgs;
 
   bloaty = callPackage ../development/tools/bloaty { };
 
+  bloomrpc = callPackage ../development/web/bloomrpc { };
+
   bloop = callPackage ../development/tools/build-managers/bloop { };
 
   bossa = callPackage ../development/embedded/bossa {