Merge master into staging-next

This commit is contained in:
github-actions[bot] 2023-02-15 18:01:14 +00:00 committed by GitHub
commit bf5abe92d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 516 additions and 91 deletions

View File

@ -6,7 +6,7 @@ Nixpkgs provides a couple of facilities for working with this tool.
## Writing packages providing pkg-config modules
Packages should set `meta.pkgConfigProvides` with the list of package config modules they provide.
Packages should set `meta.pkgConfigModules` with the list of package config modules they provide.
They should also use `testers.testMetaPkgConfig` to check that the final built package matches that list.
Additionally, the [`validatePkgConfig` setup hook](https://nixos.org/manual/nixpkgs/stable/#validatepkgconfig), will do extra checks on to-be-installed pkg-config modules.

View File

@ -40,6 +40,7 @@ rec {
# a superior CPU has all the features of an inferior and is able to build and test code for it
inferiors = {
# x86_64 Intel
# https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html
default = [ ];
westmere = [ ];
sandybridge = [ "westmere" ] ++ inferiors.westmere;
@ -48,6 +49,12 @@ rec {
broadwell = [ "haswell" ] ++ inferiors.haswell;
skylake = [ "broadwell" ] ++ inferiors.broadwell;
skylake-avx512 = [ "skylake" ] ++ inferiors.skylake;
cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512;
icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake;
icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client;
cascadelake = [ "skylake-avx512" ] ++ inferiors.cannonlake;
cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake;
tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server;
# x86_64 AMD
# TODO: fill this (need testing)

View File

@ -36,6 +36,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).

View File

@ -1048,6 +1048,7 @@
./services/search/hound.nix
./services/search/kibana.nix
./services/search/meilisearch.nix
./services/search/opensearch.nix
./services/search/solr.nix
./services/security/aesmd.nix
./services/security/certmgr.nix

View File

@ -0,0 +1,244 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.opensearch;
settingsFormat = pkgs.formats.yaml {};
configDir = cfg.dataDir + "/config";
usingDefaultDataDir = cfg.dataDir == "/var/lib/opensearch";
usingDefaultUserAndGroup = cfg.user == "opensearch" && cfg.group == "opensearch";
opensearchYml = settingsFormat.generate "opensearch.yml" cfg.settings;
loggingConfigFilename = "log4j2.properties";
loggingConfigFile = pkgs.writeTextFile {
name = loggingConfigFilename;
text = cfg.logging;
};
in
{
options.services.opensearch = {
enable = mkEnableOption (lib.mdDoc "OpenSearch");
package = lib.mkPackageOptionMD pkgs "OpenSearch" {
default = [ "opensearch" ];
};
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options."network.host" = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
Which port this service should listen on.
'';
};
options."cluster.name" = lib.mkOption {
type = lib.types.str;
default = "opensearch";
description = lib.mdDoc ''
The name of the cluster.
'';
};
options."discovery.type" = lib.mkOption {
type = lib.types.str;
default = "single-node";
description = lib.mdDoc ''
The type of discovery to use.
'';
};
options."http.port" = lib.mkOption {
type = lib.types.port;
default = 9200;
description = lib.mdDoc ''
The port to listen on for HTTP traffic.
'';
};
options."transport.port" = lib.mkOption {
type = lib.types.port;
default = 9300;
description = lib.mdDoc ''
The port to listen on for transport traffic.
'';
};
};
default = {};
description = lib.mdDoc ''
OpenSearch configuration.
'';
};
logging = lib.mkOption {
description = lib.mdDoc "opensearch logging configuration.";
default = ''
logger.action.name = org.opensearch.action
logger.action.level = info
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
rootLogger.level = info
rootLogger.appenderRef.console.ref = console
'';
type = types.str;
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/opensearch";
apply = converge (removeSuffix "/");
description = lib.mdDoc ''
Data directory for OpenSearch. If you change this, you need to
manually create the directory. You also need to create the
`opensearch` user and group, or change
[](#opt-services.opensearch.user) and
[](#opt-services.opensearch.group) to existing ones with
access to the directory.
'';
};
user = lib.mkOption {
type = lib.types.str;
default = "opensearch";
description = lib.mdDoc ''
The user OpenSearch runs as. Should be left at default unless
you have very specific needs.
'';
};
group = lib.mkOption {
type = lib.types.str;
default = "opensearch";
description = lib.mdDoc ''
The group OpenSearch runs as. Should be left at default unless
you have very specific needs.
'';
};
extraCmdLineOptions = lib.mkOption {
description = lib.mdDoc "Extra command line options for the OpenSearch launcher.";
default = [ ];
type = lib.types.listOf lib.types.str;
};
extraJavaOptions = lib.mkOption {
description = lib.mdDoc "Extra command line options for Java.";
default = [ ];
type = lib.types.listOf lib.types.str;
example = [ "-Djava.net.preferIPv4Stack=true" ];
};
restartIfChanged = lib.mkOption {
type = lib.types.bool;
description = lib.mdDoc ''
Automatically restart the service on config change.
This can be set to false to defer restarts on a server or cluster.
Please consider the security implications of inadvertently running an older version,
and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
'';
default = true;
};
};
config = mkIf cfg.enable {
systemd.services.opensearch = {
description = "OpenSearch Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [ pkgs.inetutils ];
inherit (cfg) restartIfChanged;
environment = {
OPENSEARCH_HOME = cfg.dataDir;
OPENSEARCH_JAVA_OPTS = toString cfg.extraJavaOptions;
OPENSEARCH_PATH_CONF = configDir;
};
serviceConfig = {
ExecStartPre =
let
startPreFullPrivileges = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
'' + (optionalString (!config.boot.isContainer) ''
# Only set vm.max_map_count if lower than ES required minimum
# This avoids conflict if configured via boot.kernel.sysctl
if [ $(${pkgs.procps}/bin/sysctl -n vm.max_map_count) -lt 262144 ]; then
${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144
fi
'');
startPreUnprivileged = ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
# Install plugins
ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
# opensearch needs to create the opensearch.keystore in the config directory
# so this directory needs to be writable.
mkdir -p ${configDir}
chmod 0700 ${configDir}
# Note that we copy config files from the nix store instead of symbolically linking them
# because otherwise X-Pack Security will raise the following exception:
# java.security.AccessControlException:
# access denied ("java.io.FilePermission" "/var/lib/opensearch/config/opensearch.yml" "read")
cp ${opensearchYml} ${configDir}/opensearch.yml
# Make sure the logging configuration for old OpenSearch versions is removed:
rm -f "${configDir}/logging.yml"
cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}
mkdir -p ${configDir}/scripts
cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options
# redirect jvm logs to the data directory
mkdir -p ${cfg.dataDir}/logs
chmod 0700 ${cfg.dataDir}/logs
sed -e '#logs/gc.log#${cfg.dataDir}/logs/gc.log#' -i ${configDir}/jvm.options
'';
in [
"+${pkgs.writeShellScript "opensearch-start-pre-full-privileges" startPreFullPrivileges}"
"${pkgs.writeShellScript "opensearch-start-pre-unprivileged" startPreUnprivileged}"
];
ExecStartPost = pkgs.writeShellScript "opensearch-start-post" ''
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
# Make sure opensearch is up and running before dependents
# are started
while ! ${pkgs.curl}/bin/curl -sS -f http://${cfg.settings."network.host"}:${toString cfg.settings."http.port"} 2>/dev/null; do
sleep 1
done
'';
ExecStart = "${cfg.package}/bin/opensearch ${toString cfg.extraCmdLineOptions}";
User = cfg.user;
Group = cfg.group;
LimitNOFILE = "1024000";
Restart = "always";
TimeoutStartSec = "infinity";
DynamicUser = usingDefaultUserAndGroup && usingDefaultDataDir;
} // (optionalAttrs (usingDefaultDataDir) {
StateDirectory = "opensearch";
StateDirectoryMode = "0700";
});
};
environment.systemPackages = [ cfg.package ];
};
}

View File

@ -490,6 +490,7 @@ in {
ombi = handleTest ./ombi.nix {};
openarena = handleTest ./openarena.nix {};
openldap = handleTest ./openldap.nix {};
opensearch = discoverTests (import ./opensearch.nix);
openresty-lua = handleTest ./openresty-lua.nix {};
opensmtpd = handleTest ./opensmtpd.nix {};
opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};

View File

@ -0,0 +1,52 @@
let
opensearchTest =
import ./make-test-python.nix (
{ pkgs, lib, extraSettings ? {} }: {
name = "opensearch";
meta.maintainers = with pkgs.lib.maintainers; [ shyim ];
nodes.machine = lib.mkMerge [
{
virtualisation.memorySize = 2048;
services.opensearch.enable = true;
}
extraSettings
];
testScript = ''
machine.start()
machine.wait_for_unit("opensearch.service")
machine.wait_for_open_port(9200)
machine.succeed(
"curl --fail localhost:9200"
)
'';
});
in
{
opensearch = opensearchTest {};
opensearchCustomPathAndUser = opensearchTest {
extraSettings = {
services.opensearch.dataDir = "/var/opensearch_test";
services.opensearch.user = "open_search";
services.opensearch.group = "open_search";
system.activationScripts.createDirectory = {
text = ''
mkdir -p "/var/opensearch_test"
chown open_search:open_search /var/opensearch_test
chmod 0700 /var/opensearch_test
'';
deps = [ "users" "groups" ];
};
users = {
groups.open_search = {};
users.open_search = {
description = "OpenSearch daemon user";
group = "open_search";
isSystemUser = true;
};
};
};
};
}

View File

@ -78,6 +78,7 @@ let
plasma-phonebook = callPackage ./plasma-phonebook.nix {};
plasma-settings = callPackage ./plasma-settings.nix {};
plasmatube = callPackage ./plasmatube {};
qmlkonsole = callPackage ./qmlkonsole.nix {};
spacebar = callPackage ./spacebar.nix { inherit srcs; };
tokodon = callPackage ./tokodon.nix {};
};

View File

@ -0,0 +1,42 @@
{ lib
, mkDerivation
, cmake
, extra-cmake-modules
, kconfig
, ki18n
, kirigami-addons
, kirigami2
, kcoreaddons
, qtquickcontrols2
, kwindowsystem
, qmltermwidget
}:
mkDerivation {
pname = "qmlkonsole";
nativeBuildInputs = [
cmake
extra-cmake-modules
];
buildInputs = [
kconfig
ki18n
kirigami-addons
kirigami2
qtquickcontrols2
kcoreaddons
kwindowsystem
qmltermwidget
];
meta = with lib; {
description = "Terminal app for Plasma Mobile";
homepage = "https://invent.kde.org/plasma-mobile/qmlkonsole";
license = with licenses; [ gpl2Plus gpl3Plus cc0 ];
maintainers = with maintainers; [ balsoft ];
};
}

View File

@ -20,13 +20,13 @@
stdenv.mkDerivation rec {
pname = "river";
version = "0.2.3";
version = "0.2.4";
src = fetchFromGitHub {
owner = "riverwm";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-noZ2vo4J0cG3PN2k+2LzMc5WMtj0FEmMttE9obFH/tM=";
hash = "sha256-cIcO6owM6eYn+obYVaBOVQpnBx4++KOqQk5Hzo3GcNs=";
fetchSubmodules = true;
};

View File

@ -2,13 +2,13 @@
stdenvNoCC.mkDerivation rec {
pname = "numix-icon-theme-circle";
version = "23.02.05";
version = "23.02.12";
src = fetchFromGitHub {
owner = "numixproject";
repo = pname;
rev = version;
sha256 = "sha256-wS7GAfrzJ2/BvfoBZ7YR/X5j/ND4o7shf08dgk9GBkA=";
sha256 = "sha256-gQdVmF7ZzC+KjU0uQW6+sEw9Wz5940G60ebXqKHajuY=";
};
nativeBuildInputs = [ gtk3 ];

View File

@ -1,4 +1,4 @@
import ./common.nix {
version = "102.1.0";
hash = "sha512-JQW4fOQRVEVWjra32K9BZ4vXh/0H8/eenwoi2QzfdSrl1DcYVs+cVuLZ2n1bfDk53CqrV1P8wBc5jn1lJg9vAw==";
version = "102.8.0";
hash = "sha512-k+qHmXtmCIuUxulDtumemnHRkIRE0JbA9ltodtLFhOVf9hICZvOFH5hrZkvR8S+jEgawNHnCt1Hnw8oJesFCdQ==";
}

View File

@ -1,4 +1,4 @@
import ./common.nix {
version = "91.12.0";
hash = "sha512-Mj+3UkiLRYcrQPCw7h2MHf+haHTb/yr94ZpUKGyCTvSBdyM+Ap+ur6WUYYTnHDHGvFun7BelceIa9k/F9zNAQg==";
version = "91.13.0";
hash = "sha512-OLTMUt4h521gYea6F14cv9iIoWBwqpUfWkQoPy251+lPJQRiHw2nj+rG5xSRptDnA49j3QrhEtytcA6wLpqlFg==";
}

View File

@ -62,19 +62,6 @@ stdenv.mkDerivation (finalAttrs: rec {
# use pkg-config at all systems
./always-check-for-pkg-config.patch
./allow-system-s-nspr-and-icu-on-bootstrapped-sysroot.patch
# Patches required by GJS
# https://discourse.gnome.org/t/gnome-43-to-depend-on-spidermonkey-102/10658
# Install ProfilingCategoryList.h
(fetchpatch {
url = "https://hg.mozilla.org/releases/mozilla-esr102/raw-rev/33147b91e42b79f4c6dd3ec11cce96746018407a";
sha256 = "sha256-xJFJZMYJ6P11HQDZbr48GFgybpAeVcu3oLIFEyyMjBI=";
})
# Fix embeder build
(fetchpatch {
url = "https://hg.mozilla.org/releases/mozilla-esr102/raw-rev/1fa20fb474f5d149cc32d98df169dee5e6e6861b";
sha256 = "sha256-eCisKjNxy9SLr9KoEE2UB26BflUknnR7PIvnpezsZeA=";
})
] ++ lib.optionals (lib.versionAtLeast version "91" && stdenv.hostPlatform.system == "i686-linux") [
# Fixes i686 build, https://bugzilla.mozilla.org/show_bug.cgi?id=1729459
./fix-float-i686.patch

View File

@ -16,14 +16,14 @@
buildPythonPackage rec {
pname = "google-cloud-pubsub";
version = "2.14.0";
version = "2.14.1";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-4nFPB7dQRYvq9bB7Zw6ntgWO4VXAIcmH0LjmpAvzRG8=";
hash = "sha256-KLPGICGwT3j5FYwVfb/K6+n/tQTt0pda0PIo6/AgTG8=";
};
propagatedBuildInputs = [

View File

@ -32,12 +32,12 @@
"5.15": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.15.92-hardened1.patch",
"sha256": "0wwi15r51jb0396vc4nbwjh9kxh68jvcbdw72pllwsgkhijgzkhg",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.92-hardened1/linux-hardened-5.15.92-hardened1.patch"
"name": "linux-hardened-5.15.93-hardened1.patch",
"sha256": "093a6qpiws4v8pzld6r92dczwvslrp8f2xrpb29qrp37i3kny5si",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.93-hardened1/linux-hardened-5.15.93-hardened1.patch"
},
"sha256": "14ggwrvk9n2nvk38fp4g486k864knf3n9979mm51m8wrvd8h8hlz",
"version": "5.15.92"
"sha256": "1baxkkd572110p95ah1wv0b4i2hfbkf8vyncb08y3w0bd7r29vg7",
"version": "5.15.93"
},
"5.4": {
"patch": {
@ -52,11 +52,11 @@
"6.1": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.1.10-hardened1.patch",
"sha256": "0v0w4phc02ghylqnyhzkl1frmjkxwkxgadf2ycyzm8ckl73q8lr5",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.10-hardened1/linux-hardened-6.1.10-hardened1.patch"
"name": "linux-hardened-6.1.11-hardened1.patch",
"sha256": "1pydcjy2cjnb4zxcqr41hr34fg8alph314xasdsfvdw4zaz55s6h",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.11-hardened1/linux-hardened-6.1.11-hardened1.patch"
},
"sha256": "17fifhfh2jrvlhry696n428ldl5ag3g2km5l9hx8gx8wm6dr3qhb",
"version": "6.1.10"
"sha256": "18gpkaa030g8mgmyprl05h4i8y5rjgyvbh0jcl8waqvq0xh0a6sq",
"version": "6.1.11"
}
}

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.15.93";
version = "5.15.94";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1baxkkd572110p95ah1wv0b4i2hfbkf8vyncb08y3w0bd7r29vg7";
sha256 = "0wjsqvhp0jnisypb8yw6dncyp5k7zxbhjivh7jqivpsdwvdp14ns";
};
} // (args.argsOverride or { }))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "6.1.11";
version = "6.1.12";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = versions.pad 3 version;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
sha256 = "18gpkaa030g8mgmyprl05h4i8y5rjgyvbh0jcl8waqvq0xh0a6sq";
sha256 = "1spdl3i69qwn7cywzs6kql8nlisdnmnwk9za7v4xq1092xsscynl";
};
} // (args.argsOverride or { }))

View File

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.15.92-rt57"; # updated by ./update-rt.sh
version = "5.15.93-rt58"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "14ggwrvk9n2nvk38fp4g486k864knf3n9979mm51m8wrvd8h8hlz";
sha256 = "1baxkkd572110p95ah1wv0b4i2hfbkf8vyncb08y3w0bd7r29vg7";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "181db4cdaw8wjrqfh07mbqgyzv1awl1g12x6k8lciv78j10x5kmb";
sha256 = "10xx70qf6nph3223yh6sc5jcyy938qrfdilli2a4zzhp0ibgp8bz";
};
}; in [ rt-patch ] ++ kernelPatches;

View File

@ -4,16 +4,16 @@ let
# comments with variant added for update script
# ./update-zen.py zen
zenVariant = {
version = "6.1.10"; #zen
version = "6.1.12"; #zen
suffix = "zen1"; #zen
sha256 = "0dfn449v3lzz1clxbsypakd0sfii9iycy1hq9x52fr9xf8wy3cxk"; #zen
sha256 = "16g0rkgmxbj4425mbnadam7vbd8621ar13ddx26j298bc9m8yqic"; #zen
isLqx = false;
};
# ./update-zen.py lqx
lqxVariant = {
version = "6.1.10"; #lqx
version = "6.1.12"; #lqx
suffix = "lqx1"; #lqx
sha256 = "1ka94z0wvq90vfzd4ncjrzk5xcb5gvaldaph7mc25jxgh6pal822"; #lqx
sha256 = "0a6slrydf47hk4b3xlxycjw9y2xgjgvzjic2psbcb1c5y75zq720"; #lqx
isLqx = true;
};
zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {

View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "microcode-intel";
version = "20221108";
version = "20230214";
src = fetchFromGitHub {
owner = "intel";
repo = "Intel-Linux-Processor-Microcode-Data-Files";
rev = "microcode-${version}";
hash = "sha256-JZbBrD3fHgJogDw4u2YggDX7OCXCu5/XEZKzHuVJR9k=";
hash = "sha256-SwdE1c7OEg5nncs5QqaTKCL77KddeHw7ZilctQ4L9RA=";
};
nativeBuildInputs = [ iucode-tool libarchive ];

View File

@ -31,14 +31,12 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
, passthru ? { tests = {}; }
}:
with lib;
let
moduleNames = map (mod: mod.name or (throw "The nginx module with source ${toString mod.src} does not have a `name` attribute. This prevents duplicate module detection and is no longer supported."))
modules;
mapModules = attrPath: flip concatMap modules
mapModules = attrPath: lib.flip lib.concatMap modules
(mod:
let supports = mod.supports or (_: true);
in
@ -47,8 +45,8 @@ let
in
assert assertMsg (unique moduleNames == moduleNames)
"nginx: duplicate modules: ${concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";
assert lib.assertMsg (lib.unique moduleNames == moduleNames)
"nginx: duplicate modules: ${lib.concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";
stdenv.mkDerivation {
inherit pname version nginxVersion;
@ -94,37 +92,37 @@ stdenv.mkDerivation {
"--http-fastcgi-temp-path=/tmp/nginx_fastcgi"
"--http-uwsgi-temp-path=/tmp/nginx_uwsgi"
"--http-scgi-temp-path=/tmp/nginx_scgi"
] ++ optionals withDebug [
] ++ lib.optionals withDebug [
"--with-debug"
] ++ optionals withKTLS [
] ++ lib.optionals withKTLS [
"--with-openssl-opt=enable-ktls"
] ++ optionals withStream [
] ++ lib.optionals withStream [
"--with-stream"
"--with-stream_realip_module"
"--with-stream_ssl_module"
"--with-stream_ssl_preread_module"
] ++ optionals withMail [
] ++ lib.optionals withMail [
"--with-mail"
"--with-mail_ssl_module"
] ++ optionals withPerl [
] ++ lib.optionals withPerl [
"--with-http_perl_module"
"--with-perl=${perl}/bin/perl"
"--with-perl_modules_path=lib/perl5"
] ++ optional withSlice "--with-http_slice_module"
++ optional (gd != null) "--with-http_image_filter_module"
++ optional (geoip != null) "--with-http_geoip_module"
++ optional (withStream && geoip != null) "--with-stream_geoip_module"
++ optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
] ++ lib.optional withSlice "--with-http_slice_module"
++ lib.optional (gd != null) "--with-http_image_filter_module"
++ lib.optional (geoip != null) "--with-http_geoip_module"
++ lib.optional (withStream && geoip != null) "--with-stream_geoip_module"
++ lib.optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
++ configureFlags
++ map (mod: "--add-module=${mod.src}") modules;
NIX_CFLAGS_COMPILE = toString ([
"-I${libxml2.dev}/include/libxml2"
"-Wno-error=implicit-fallthrough"
] ++ optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "11") [
] ++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "11") [
# fix build vts module on gcc11
"-Wno-error=stringop-overread"
] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations");
] ++ lib.optional stdenv.isDarwin "-Wno-error=deprecated-declarations");
configurePlatforms = [];
@ -133,7 +131,7 @@ stdenv.mkDerivation {
preConfigure = ''
setOutputFlags=
'' + preConfigure
+ concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
+ lib.concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
patches = map fixPatch ([
(substituteAll {
@ -143,7 +141,7 @@ stdenv.mkDerivation {
'';
})
./nix-skip-check-logs-path.patch
] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/102-sizeof_test_fix.patch";
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
@ -161,7 +159,7 @@ stdenv.mkDerivation {
inherit postPatch;
hardeningEnable = optional (!stdenv.isDarwin) "pie";
hardeningEnable = lib.optional (!stdenv.isDarwin) "pie";
enableParallelBuilding = true;
@ -186,7 +184,7 @@ stdenv.mkDerivation {
} // passthru.tests;
};
meta = if meta != null then meta else {
meta = if meta != null then meta else with lib; {
description = "A reverse proxy and lightweight webserver";
homepage = "http://nginx.org";
license = licenses.bsd2;

View File

@ -0,0 +1,54 @@
{ lib
, stdenvNoCC
, fetchurl
, makeWrapper
, jre_headless
, util-linux
, gnugrep
, coreutils
, autoPatchelfHook
, zlib
, nixosTests
}:
stdenvNoCC.mkDerivation rec {
pname = "opensearch";
version = "2.5.0";
src = fetchurl {
url = "https://artifacts.opensearch.org/releases/bundle/opensearch/${version}/opensearch-${version}-linux-x64.tar.gz";
hash = "sha256-WPD5StVBb/hK+kP/1wkQQBKRQma/uaP+8ULeIFUBL1U=";
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ jre_headless util-linux ];
patches = [./opensearch-home-fix.patch ];
installPhase = ''
runHook preInstall
mkdir -p $out
cp -R bin config lib modules plugins $out
substituteInPlace $out/bin/opensearch \
--replace 'bin/opensearch-keystore' "$out/bin/opensearch-keystore"
wrapProgram $out/bin/opensearch \
--prefix PATH : "${lib.makeBinPath [ util-linux gnugrep coreutils ]}" \
--set JAVA_HOME "${jre_headless}"
wrapProgram $out/bin/opensearch-plugin --set JAVA_HOME "${jre_headless}"
runHook postInstall
'';
passthru.tests = nixosTests.opensearch;
meta = {
description = "Open Source, Distributed, RESTful Search Engine";
homepage = "https://github.com/opensearch-project/OpenSearch";
license = lib.licenses.asl20;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [ shyim ];
};
}

View File

@ -0,0 +1,26 @@
diff -Naur a/bin/opensearch-env b/bin/opensearch-env
--- a/bin/opensearch-env 2017-12-12 13:31:51.000000000 +0100
+++ b/bin/opensearch-env 2017-12-18 19:51:12.282809695 +0100
@@ -19,18 +19,10 @@
fi
done
-# determine OpenSearch home; to do this, we strip from the path until we find
-# bin, and then strip bin (there is an assumption here that there is no nested
-# directory under bin also named bin)
-OPENSEARCH_HOME=`dirname "$SCRIPT"`
-
-# now make OPENSEARCH_HOME absolute
-OPENSEARCH_HOME=`cd "$OPENSEARCH_HOME"; pwd`
-
-while [ "`basename "$OPENSEARCH_HOME"`" != "bin" ]; do
- OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`
-done
-OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`
+if [ -z "$OPENSEARCH_HOME" ]; then
+ echo "You must set the OPENSEARCH_HOME var" >&2
+ exit 1
+fi
# now set the classpath
OPENSEARCH_CLASSPATH="$OPENSEARCH_HOME/lib/*"

View File

@ -5,7 +5,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "soco-cli";
version = "0.4.21";
version = "0.4.55";
format = "setuptools";
disabled = python3.pythonOlder "3.6";
@ -14,7 +14,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "avantrec";
repo = pname;
rev = "v${version}";
sha256 = "1kz2zx59gjfs01jiyzmps8j6yca06yqn6wkidvdk4s3izdm0rarw";
sha256 = "sha256-zdu1eVtVBTYa47KjGc5fqKN6olxp98RoLGT2sNCfG9E=";
};
propagatedBuildInputs = with python3.pkgs; [

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "cf-terraforming";
version = "0.9.0";
version = "0.10.0";
src = fetchFromGitHub {
owner = "cloudflare";
repo = "cf-terraforming";
rev = "v${version}";
sha256 = "sha256-wELV3Jp11Iv3G//VOAosL5QDnbNTyEAvq9hmLWDdPBU=";
sha256 = "sha256-2YL+ncT1UcanslFnMIMonvGugD7HxO6taYZtKK6kmEc=";
};
vendorHash = "sha256-XFJGw76Fz9tzknWuzc1aw1uJ34UQfFLe1WUVtPGbn64=";
vendorHash = "sha256-eAWgLR3wqcTmlA3hG9IGgTm/Q+EKcypXYXRdtRAb94o=";
ldflags = [ "-X github.com/cloudflare/cf-terraforming/internal/app/cf-terraforming/cmd.versionString=${version}" ];
# The test suite insists on downloading a binary release of Terraform from

View File

@ -5,12 +5,12 @@
buildPythonPackage rec {
pname = "esphome-dashboard";
version = "20221213.0";
version = "20230214.0";
format = "setuptools";
src = fetchPypi {
inherit pname version;
hash = "sha256-LwP+LBHzEWjPUih6aaZnI7Yh85vsa1Md1YgBWkLOUIs=";
hash = "sha256-TfQIvvLLsYubLbai2RNJkCu96nYFEWbdZU8WaJbpUwU=";
};
# no tests

View File

@ -16,14 +16,14 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "esphome";
version = "2022.12.8";
version = "2023.2.0";
format = "setuptools";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-VKxCdejQGWLYeNOxa1PCwhdrLilnsYD9UBqj8Sen+OM=";
hash = "sha256-WoQ7mAtkv7By738bW1/oCurKEpHQKlqZkQ6D/b4zAes=";
};
postPatch = ''

View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "tbls";
version = "1.61.0";
version = "1.62.0";
src = fetchFromGitHub {
owner = "k1LoW";
repo = "tbls";
rev = "v${version}";
hash = "sha256-yXD/LILWaXtjd3etdWINglZtvIYE6i6qmCSR3FUUQeM=";
hash = "sha256-T2zmgGbhWvqaor76mQuQ1O5bF+eGVaH6N4w17iyNhwU=";
};
vendorHash = "sha256-AeaTAjo1wRl7Ymg/fyoijaa9UXf9SiNR447WJtZeN5o=";

View File

@ -33,6 +33,7 @@
, phpExtensions
, python3
, tests
, testers
, fetchpatch
}:
@ -178,6 +179,7 @@ stdenv.mkDerivation (finalAttrs: {
# Additional checking with support http3 protocol.
# nginx-http3 = useThisCurl nixosTests.nginx-http3;
nginx-http3 = nixosTests.nginx-http3;
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
};
};
@ -189,5 +191,6 @@ stdenv.mkDerivation (finalAttrs: {
platforms = platforms.all;
# Fails to link against static brotli or gss
broken = stdenv.hostPlatform.isStatic && (brotliSupport || gssSupport);
pkgConfigModules = [ "libcurl" ];
};
})

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "scorecard";
version = "4.8.0";
version = "4.10.2";
src = fetchFromGitHub {
owner = "ossf";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LGxSiubZECNwoFkkJOySI4LOmwk7DXVtY74XBCsr+uk=";
sha256 = "sha256-GQs+wBq47sn3h8I87p+HErBmLMs8Dzh9xj3xMYDsXm4=";
# populate values otherwise taken care of by goreleaser,
# unfortunately these require us to use git. By doing
# this in postFetch we can delete .git afterwards and
@ -22,7 +22,7 @@ buildGoModule rec {
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
vendorSha256 = "sha256-j8/sVdqxLmrvQwHn+uj8+q+ne98xcIeQKS1VQJcrkh0=";
vendorSha256 = "sha256-W213KQu4FuJcT/cJOvS+WMw1fXBcSoZ4yssI06JAIc8=";
nativeBuildInputs = [ installShellFiles ];

View File

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "ov";
version = "0.14.1";
version = "0.14.2";
src = fetchFromGitHub {
owner = "noborus";
repo = "ov";
rev = "refs/tags/v${version}";
hash = "sha256-ow2tIML7+x0X3FSpr4UQ8bzzYhZJZ9pZL8eNReEjitQ=";
hash = "sha256-tbJ3Es6huu+0HcpoiNpYLbxsm0QCWYZk6bX2MdQxT2I=";
};
vendorHash = "sha256-X2/kcXxdGwFvdiTu1MGyv90OngWmR/xR2YtjvmLkiVE=";
vendorHash = "sha256-EjLslvc0cgvD7LjuDa49h/qt6K4Z9DEtQjV/LYkKwKo=";
ldflags = [
"-X main.Version=v${version}"

View File

@ -34820,6 +34820,8 @@ with pkgs;
openrct2 = callPackage ../games/openrct2 { };
opensearch = callPackage ../servers/search/opensearch { };
osu-lazer = callPackage ../games/osu-lazer { };
osu-lazer-bin = callPackage ../games/osu-lazer/bin.nix { };

View File

@ -445,6 +445,11 @@
"openssl"
]
},
"libcurl": {
"attrPath": [
"curl"
]
},
"libecpg": {
"attrPath": [
"postgresql"