ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-10-06 20:48:32 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'staging-next' into perl-updates

Browse Source
This commit is contained in:
Stig Palmquist 2023-10-26 14:09:03 +02:00
commit f99ac6d6f7
924 changed files with 15810 additions and 9296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/CODEOWNERS vendored
View File

@ -149,6 +149,8 @@
# C compilers
/pkgs/development/compilers/gcc @amjoseph-nixpkgs
/pkgs/development/compilers/llvm @RaitoBezarius
/pkgs/development/compilers/emscripten @raitobezarius
/doc/languages-frameworks/emscripten.section.md @raitobezarius
# Audio
/nixos/modules/services/audio/botamusique.nix @mweinelt

1
doc/default.nix
View File

@ -23,6 +23,7 @@ let
{ name = "sources"; description = "source filtering functions"; }
{ name = "cli"; description = "command-line serialization functions"; }
{ name = "gvariant"; description = "GVariant formatted string serialization functions"; }
{ name = "customisation"; description = "Functions to customise (derivation-related) functions, derivatons, or attribute sets"; }
];
};

35
doc/hooks/meson.section.md
View File

@ -1,16 +1,28 @@
# Meson {#meson}
Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere.
Overrides the configure, check, and install phases to run `meson setup`, `meson test`, and `meson install`.
Meson is a meta-build system so you will need a secondary build system to run the generated build files in build phase. In Nixpkgs context, you will want to accompany Meson with ninja, which provides a [setup hook](#ninja) registering a ninja-based build phase.
By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere.
## Variables controlling Meson {#variables-controlling-meson}
### `mesonFlags` {#mesonflags}
Controls the flags passed to meson.
Controls the flags passed to `meson setup`.
### `mesonCheckFlags` {#mesoncheckflags}
Controls the flags passed to `meson test`.
### `mesonInstallFlags` {#mesoninstallflags}
Controls the flags passed to `meson install`.
### `mesonBuildType` {#mesonbuildtype}
Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`.
Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to `meson setup`. We default to `plain`.
### `mesonAutoFeatures` {#mesonautofeatures}
@ -23,3 +35,20 @@ What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#c
### `dontUseMesonConfigure` {#dontusemesonconfigure}
Disables using Mesons `configurePhase`.
### `dontUseMesonCheck` {#dontusemesoncheck}
Disables using Mesons `checkPhase`.
### `dontUseMesonInstall` {#dontusemesoninstall}
Disables using Mesons `installPhase`.
### `mesonInstallFlags` {#mesoninstallflags}
Controls the flags passed to meson install.
### `mesonInstallTags` (#mesoninstalltags)
Tags specified here will be passed to Meson as via `--tags` during
installation and controls which components will be installed.

2
doc/hooks/ninja.section.md
View File

@ -1,3 +1,5 @@
# ninja {#ninja}
Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja.
Note that if the [Meson setup hook](#meson) is also active, Ninja's install and check phases will be disabled in favor of Meson's.

249
doc/languages-frameworks/emscripten.section.md
View File

@ -2,168 +2,159 @@
[Emscripten](https://github.com/kripken/emscripten): An LLVM-to-JavaScript Compiler
This section of the manual covers how to use `emscripten` in nixpkgs.
If you want to work with `emcc`, `emconfigure` and `emmake` as you are used to from Ubuntu and similar distributions,
Minimal requirements:
* nix
* nixpkgs
Modes of use of `emscripten`:
* **Imperative usage** (on the command line):
If you want to work with `emcc`, `emconfigure` and `emmake` as you are used to from Ubuntu and similar distributions you can use these commands:
* `nix-env -f "<nixpkgs>" -iA emscripten`
* `nix-shell -p emscripten`
* **Declarative usage**:
This mode is far more power full since this makes use of `nix` for dependency management of emscripten libraries and targets by using the `mkDerivation` which is implemented by `pkgs.emscriptenStdenv` and `pkgs.buildEmscriptenPackage`. The source for the packages is in `pkgs/top-level/emscripten-packages.nix` and the abstraction behind it in `pkgs/development/em-modules/generic/default.nix`. From the root of the nixpkgs repository:
* build and install all packages:
* `nix-env -iA emscriptenPackages`
* dev-shell for zlib implementation hacking:
* `nix-shell -A emscriptenPackages.zlib`
## Imperative usage {#imperative-usage}
```console
nix-shell -p emscripten
```
A few things to note:
* `export EMCC_DEBUG=2` is nice for debugging
* `~/.emscripten`, the build artifact cache sometimes creates issues and needs to be removed from time to time
* The build artifact cache in `~/.emscripten` sometimes creates issues and needs to be removed from time to time
## Declarative usage {#declarative-usage}
## Examples {#declarative-usage}
Let's see two different examples from `pkgs/top-level/emscripten-packages.nix`:
* `pkgs.zlib.override`
* `pkgs.buildEmscriptenPackage`
Both are interesting concepts.
A special requirement of the `pkgs.buildEmscriptenPackage` is the `doCheck = true`.
This means each Emscripten package requires that a [`checkPhase`](#ssec-check-phase) is implemented.
A special requirement of the `pkgs.buildEmscriptenPackage` is the `doCheck = true` is a default meaning that each emscriptenPackage requires a `checkPhase` implemented.
* Use `export EMCC_DEBUG=2` from within a phase to get more detailed debug output what is going wrong.
* The cache at `~/.emscripten` requires to set `HOME=$TMPDIR` in individual phases.
This makes compilation slower but also more deterministic.
* Use `export EMCC_DEBUG=2` from within a emscriptenPackage's `phase` to get more detailed debug output what is going wrong.
* ~/.emscripten cache is requiring us to set `HOME=$TMPDIR` in individual phases. This makes compilation slower but also makes it more deterministic.
::: {.example #usage-1-pkgs.zlib.override}
### Usage 1: pkgs.zlib.override {#usage-1-pkgs.zlib.override}
# Using `pkgs.zlib.override {}`
This example uses `zlib` from nixpkgs but instead of compiling **C** to **ELF** it compiles **C** to **JS** since we were using `pkgs.zlib.override` and changed stdenv to `pkgs.emscriptenStdenv`. A few adaptions and hacks were set in place to make it working. One advantage is that when `pkgs.zlib` is updated, it will automatically update this package as well. However, this can also be the downside...
This example uses `zlib` from Nixpkgs, but instead of compiling **C** to **ELF** it compiles **C** to **JavaScript** since we were using `pkgs.zlib.override` and changed `stdenv` to `pkgs.emscriptenStdenv`.
See the `zlib` example:
A few adaptions and hacks were put in place to make it work.
One advantage is that when `pkgs.zlib` is updated, it will automatically update this package as well.
zlib = (pkgs.zlib.override {
stdenv = pkgs.emscriptenStdenv;
}).overrideAttrs
(old: rec {
buildInputs = old.buildInputs ++ [ pkg-config ];
# we need to reset this setting!
env = (old.env or { }) // { NIX_CFLAGS_COMPILE = ""; };
configurePhase = ''
# FIXME: Some tests require writing at $HOME
HOME=$TMPDIR
runHook preConfigure
#export EMCC_DEBUG=2
emconfigure ./configure --prefix=$out --shared
```nix
(pkgs.zlib.override {
stdenv = pkgs.emscriptenStdenv;
}).overrideAttrs
(old: rec {
buildInputs = old.buildInputs ++ [ pkg-config ];
# we need to reset this setting!
env = (old.env or { }) // { NIX_CFLAGS_COMPILE = ""; };
configurePhase = ''
# FIXME: Some tests require writing at $HOME
HOME=$TMPDIR
runHook preConfigure
runHook postConfigure
'';
dontStrip = true;
outputs = [ "out" ];
buildPhase = ''
emmake make
'';
installPhase = ''
emmake make install
'';
checkPhase = ''
echo "================= testing zlib using node ================="
#export EMCC_DEBUG=2
emconfigure ./configure --prefix=$out --shared
echo "Compiling a custom test"
set -x
emcc -O2 -s EMULATE_FUNCTION_POINTER_CASTS=1 test/example.c -DZ_SOLO \
libz.so.${old.version} -I . -o example.js
runHook postConfigure
'';
dontStrip = true;
outputs = [ "out" ];
buildPhase = ''
emmake make
'';
installPhase = ''
emmake make install
'';
checkPhase = ''
echo "================= testing zlib using node ================="
echo "Using node to execute the test"
${pkgs.nodejs}/bin/node ./example.js
echo "Compiling a custom test"
set -x
emcc -O2 -s EMULATE_FUNCTION_POINTER_CASTS=1 test/example.c -DZ_SOLO \
libz.so.${old.version} -I . -o example.js
set +x
if [ $? -ne 0 ]; then
echo "test failed for some reason"
exit 1;
else
echo "it seems to work! very good."
fi
echo "================= /testing zlib using node ================="
'';
echo "Using node to execute the test"
${pkgs.nodejs}/bin/node ./example.js
postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
substituteInPlace configure \
--replace '/usr/bin/libtool' 'ar' \
--replace 'AR="libtool"' 'AR="ar"' \
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
'';
});
set +x
if [ $? -ne 0 ]; then
echo "test failed for some reason"
exit 1;
else
echo "it seems to work! very good."
fi
echo "================= /testing zlib using node ================="
'';
### Usage 2: pkgs.buildEmscriptenPackage {#usage-2-pkgs.buildemscriptenpackage}
postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
substituteInPlace configure \
--replace '/usr/bin/libtool' 'ar' \
--replace 'AR="libtool"' 'AR="ar"' \
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
'';
})
```
This `xmlmirror` example features a emscriptenPackage which is defined completely from this context and no `pkgs.zlib.override` is used.
:::{.example #usage-2-pkgs.buildemscriptenpackage}
xmlmirror = pkgs.buildEmscriptenPackage rec {
name = "xmlmirror";
# Using `pkgs.buildEmscriptenPackage {}`
buildInputs = [ pkg-config autoconf automake libtool gnumake libxml2 nodejs openjdk json_c ];
nativeBuildInputs = [ pkg-config zlib ];
This `xmlmirror` example features an Emscripten package that is defined completely from this context and no `pkgs.zlib.override` is used.
src = pkgs.fetchgit {
url = "https://gitlab.com/odfplugfest/xmlmirror.git";
rev = "4fd7e86f7c9526b8f4c1733e5c8b45175860a8fd";
hash = "sha256-i+QgY+5PYVg5pwhzcDnkfXAznBg3e8sWH2jZtixuWsk=";
};
```nix
pkgs.buildEmscriptenPackage rec {
name = "xmlmirror";
configurePhase = ''
rm -f fastXmlLint.js*
# a fix for ERROR:root:For asm.js, TOTAL_MEMORY must be a multiple of 16MB, was 234217728
# https://gitlab.com/odfplugfest/xmlmirror/issues/8
sed -e "s/TOTAL_MEMORY=234217728/TOTAL_MEMORY=268435456/g" -i Makefile.emEnv
# https://github.com/kripken/emscripten/issues/6344
# https://gitlab.com/odfplugfest/xmlmirror/issues/9
sed -e "s/\$(JSONC_LDFLAGS) \$(ZLIB_LDFLAGS) \$(LIBXML20_LDFLAGS)/\$(JSONC_LDFLAGS) \$(LIBXML20_LDFLAGS) \$(ZLIB_LDFLAGS) /g" -i Makefile.emEnv
# https://gitlab.com/odfplugfest/xmlmirror/issues/11
sed -e "s/-o fastXmlLint.js/-s EXTRA_EXPORTED_RUNTIME_METHODS='[\"ccall\", \"cwrap\"]' -o fastXmlLint.js/g" -i Makefile.emEnv
'';
buildInputs = [ pkg-config autoconf automake libtool gnumake libxml2 nodejs openjdk json_c ];
nativeBuildInputs = [ pkg-config zlib ];
buildPhase = ''
HOME=$TMPDIR
make -f Makefile.emEnv
'';
src = pkgs.fetchgit {
url = "https://gitlab.com/odfplugfest/xmlmirror.git";
rev = "4fd7e86f7c9526b8f4c1733e5c8b45175860a8fd";
hash = "sha256-i+QgY+5PYVg5pwhzcDnkfXAznBg3e8sWH2jZtixuWsk=";
};
outputs = [ "out" "doc" ];
configurePhase = ''
rm -f fastXmlLint.js*
# a fix for ERROR:root:For asm.js, TOTAL_MEMORY must be a multiple of 16MB, was 234217728
# https://gitlab.com/odfplugfest/xmlmirror/issues/8
sed -e "s/TOTAL_MEMORY=234217728/TOTAL_MEMORY=268435456/g" -i Makefile.emEnv
# https://github.com/kripken/emscripten/issues/6344
# https://gitlab.com/odfplugfest/xmlmirror/issues/9
sed -e "s/\$(JSONC_LDFLAGS) \$(ZLIB_LDFLAGS) \$(LIBXML20_LDFLAGS)/\$(JSONC_LDFLAGS) \$(LIBXML20_LDFLAGS) \$(ZLIB_LDFLAGS) /g" -i Makefile.emEnv
# https://gitlab.com/odfplugfest/xmlmirror/issues/11
sed -e "s/-o fastXmlLint.js/-s EXTRA_EXPORTED_RUNTIME_METHODS='[\"ccall\", \"cwrap\"]' -o fastXmlLint.js/g" -i Makefile.emEnv
'';
installPhase = ''
mkdir -p $out/share
mkdir -p $doc/share/${name}
buildPhase = ''
HOME=$TMPDIR
make -f Makefile.emEnv
'';
cp Demo* $out/share
cp -R codemirror-5.12 $out/share
cp fastXmlLint.js* $out/share
cp *.xsd $out/share
cp *.js $out/share
cp *.xhtml $out/share
cp *.html $out/share
cp *.json $out/share
cp *.rng $out/share
cp README.md $doc/share/${name}
'';
checkPhase = ''
outputs = [ "out" "doc" ];
'';
};
installPhase = ''
mkdir -p $out/share
mkdir -p $doc/share/${name}
### Declarative debugging {#declarative-debugging}
cp Demo* $out/share
cp -R codemirror-5.12 $out/share
cp fastXmlLint.js* $out/share
cp *.xsd $out/share
cp *.js $out/share
cp *.xhtml $out/share
cp *.html $out/share
cp *.json $out/share
cp *.rng $out/share
cp README.md $doc/share/${name}
'';
checkPhase = ''
'';
}
```
:::
## Debugging {#declarative-debugging}
Use `nix-shell -I nixpkgs=/some/dir/nixpkgs -A emscriptenPackages.libz` and from there you can go trough the individual steps. This makes it easy to build a good `unit test` or list the files of the project.
@ -174,9 +165,3 @@ Use `nix-shell -I nixpkgs=/some/dir/nixpkgs -A emscriptenPackages.libz` and from
5. `configurePhase`
6. `buildPhase`
7. ... happy hacking...
## Summary {#summary}
Using this toolchain makes it easy to leverage `nix` from NixOS, MacOSX or even Windows (WSL+ubuntu+nix). This toolchain is reproducible, behaves like the rest of the packages from nixpkgs and contains a set of well working examples to learn and adapt from.
If in trouble, ask the maintainers.

2
doc/languages-frameworks/go.section.md
View File

@ -18,7 +18,7 @@ In the following is an example expression using `buildGoModule`, the following a
To avoid updating this field when dependencies change, run `go mod vendor` in your source repo and set `vendorHash = null;`
To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)).
To obtain the actual hash, set `vendorHash = lib.fakeHash;` and run the build ([more details here](#sec-source-hashes)).
- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform-dependent `vendorHash` checksums.
- `modPostBuild`: Shell commands to run after the build of the goModules executes `go mod vendor`, and before calculating fixed output derivation's `vendorHash` (or `vendorSha256`). Note that if you change this attribute, you need to update `vendorHash` (or `vendorSha256`) attribute.

88
lib/customisation.nix
View File

@ -13,16 +13,7 @@ rec {
scenarios (e.g. in ~/.config/nixpkgs/config.nix). For instance,
if you want to "patch" the derivation returned by a package
function in Nixpkgs to build another version than what the
function itself provides, you can do something like this:
mySed = overrideDerivation pkgs.gnused (oldAttrs: {
name = "sed-4.2.2-pre";
src = fetchurl {
url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
hash = "sha256-MxBJRcM2rYzQYwJ5XKxhXTQByvSg5jZc5cSHEZoB2IY=";
};
patches = [];
});
function itself provides.
For another application, see build-support/vm, where this
function is used to build arbitrary derivations inside a QEMU
@ -35,6 +26,19 @@ rec {
You should in general prefer `drv.overrideAttrs` over this function;
see the nixpkgs manual for more information on overriding.
Example:
mySed = overrideDerivation pkgs.gnused (oldAttrs: {
name = "sed-4.2.2-pre";
src = fetchurl {
url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
hash = "sha256-MxBJRcM2rYzQYwJ5XKxhXTQByvSg5jZc5cSHEZoB2IY=";
};
patches = [];
});
Type:
overrideDerivation :: Derivation -> ( Derivation -> AttrSet ) -> Derivation
*/
overrideDerivation = drv: f:
let
@ -55,6 +59,10 @@ rec {
injects `override` attribute which can be used to override arguments of
the function.
Please refer to documentation on [`<pkg>.overrideDerivation`](#sec-pkg-overrideDerivation) to learn about `overrideDerivation` and caveats
related to its use.
Example:
nix-repl> x = {a, b}: { result = a + b; }
nix-repl> y = lib.makeOverridable x { a = 1; b = 2; }
@ -65,9 +73,8 @@ rec {
nix-repl> y.override { a = 10; }
{ override = «lambda»; overrideDerivation = «lambda»; result = 12; }
Please refer to "Nixpkgs Contributors Guide" section
"<pkg>.overrideDerivation" to learn about `overrideDerivation` and caveats
related to its use.
Type:
makeOverridable :: (AttrSet -> a) -> AttrSet -> a
*/
makeOverridable = f: lib.setFunctionArgs
(origArgs: let
@ -105,20 +112,29 @@ rec {
`autoArgs`. This function is intended to be partially
parameterised, e.g.,
```nix
callPackage = callPackageWith pkgs;
pkgs = {
libfoo = callPackage ./foo.nix { };
libbar = callPackage ./bar.nix { };
};
```
If the `libbar` function expects an argument named `libfoo`, it is
automatically passed as an argument. Overrides or missing
arguments can be supplied in `args`, e.g.
```nix
libbar = callPackage ./bar.nix {
libfoo = null;
enableX11 = true;
};
```
<!-- TODO: Apply "Example:" tag to the examples above -->
Type:
callPackageWith :: AttrSet -> ((AttrSet -> a) | Path) -> AttrSet -> a
*/
callPackageWith = autoArgs: fn: args:
let
@ -129,7 +145,7 @@ rec {
# This includes automatic ones and ones passed explicitly
allArgs = builtins.intersectAttrs fargs autoArgs // args;
# A list of argument names that the function requires, but
# a list of argument names that the function requires, but
# wouldn't be passed to it
missingArgs = lib.attrNames
# Filter out arguments that have a default value
@ -176,7 +192,11 @@ rec {
/* Like callPackage, but for a function that returns an attribute
set of derivations. The override function is added to the
individual attributes. */
individual attributes.
Type:
callPackagesWith :: AttrSet -> ((AttrSet -> AttrSet) | Path) -> AttrSet -> AttrSet
*/
callPackagesWith = autoArgs: fn: args:
let
f = if lib.isFunction fn then fn else import fn;
@ -193,7 +213,11 @@ rec {
/* Add attributes to each output of a derivation without changing
the derivation itself and check a given condition when evaluating. */
the derivation itself and check a given condition when evaluating.
Type:
extendDerivation :: Bool -> Any -> Derivation -> Derivation
*/
extendDerivation = condition: passthru: drv:
let
outputs = drv.outputs or [ "out" ];
@ -227,7 +251,11 @@ rec {
/* Strip a derivation of all non-essential attributes, returning
only those needed by hydra-eval-jobs. Also strictly evaluate the
result to ensure that there are no thunks kept alive to prevent
garbage collection. */
garbage collection.
Type:
hydraJob :: (Derivation | Null) -> (Derivation | Null)
*/
hydraJob = drv:
let
outputs = drv.outputs or ["out"];
@ -265,7 +293,11 @@ rec {
called with the overridden packages. The package sets may be
hierarchical: the packages in the set are called with the scope
provided by `newScope` and the set provides a `newScope` attribute
which can form the parent scope for later package sets. */
which can form the parent scope for later package sets.
Type:
makeScope :: (AttrSet -> ((AttrSet -> a) | Path) -> AttrSet -> a) -> (AttrSet -> AttrSet) -> AttrSet
*/
makeScope = newScope: f:
let self = f self // {
newScope = scope: newScope (self // scope);
@ -287,7 +319,25 @@ rec {
{ inherit otherSplices keep extra f; };
/* Like makeScope, but aims to support cross compilation. It's still ugly, but
hopefully it helps a little bit. */
hopefully it helps a little bit.
Type:
makeScopeWithSplicing' ::
{ splicePackages :: Splice -> AttrSet
, newScope :: AttrSet -> ((AttrSet -> a) | Path) -> AttrSet -> a
}
-> { otherSplices :: Splice, keep :: AttrSet -> AttrSet, extra :: AttrSet -> AttrSet }
-> AttrSet
Splice ::
{ pkgsBuildBuild :: AttrSet
, pkgsBuildHost :: AttrSet
, pkgsBuildTarget :: AttrSet
, pkgsHostHost :: AttrSet
, pkgsHostTarget :: AttrSet
, pkgsTargetTarget :: AttrSet
}
*/
makeScopeWithSplicing' =
{ splicePackages
, newScope

51
lib/fileset/default.nix
View File

@ -6,6 +6,7 @@ let
_coerceMany
_toSourceFilter
_unionMany
_fileFilter
_printFileset
_intersection
;
@ -41,6 +42,7 @@ let
;
inherit (lib.trivial)
isFunction
pipe
;
@ -278,6 +280,55 @@ If a directory does not recursively contain any file, it is omitted from the sto
_unionMany
];
/*
Filter a file set to only contain files matching some predicate.
Type:
fileFilter ::
({
name :: String,
type :: String,
...
} -> Bool)
-> FileSet
-> FileSet
Example:
# Include all regular `default.nix` files in the current directory
fileFilter (file: file.name == "default.nix") ./.
# Include all non-Nix files from the current directory
fileFilter (file: ! hasSuffix ".nix" file.name) ./.
# Include all files that start with a "." in the current directory
fileFilter (file: hasPrefix "." file.name) ./.
# Include all regular files (not symlinks or others) in the current directory
fileFilter (file: file.type == "regular")
*/
fileFilter =
/*
The predicate function to call on all files contained in given file set.
A file is included in the resulting file set if this function returns true for it.
This function is called with an attribute set containing these attributes:
- `name` (String): The name of the file
- `type` (String, one of `"regular"`, `"symlink"` or `"unknown"`): The type of the file.
This matches result of calling [`builtins.readFileType`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-readFileType) on the file's path.
Other attributes may be added in the future.
*/
predicate:
# The file set to filter based on the predicate function
fileset:
if ! isFunction predicate then
throw "lib.fileset.fileFilter: Expected the first argument to be a function, but it's a ${typeOf predicate} instead."
else
_fileFilter predicate
(_coerce "lib.fileset.fileFilter: second argument" fileset);
/*
The file set containing all files that are in both of two given file sets.
See also [Intersection (set theory)](https://en.wikipedia.org/wiki/Intersection_(set_theory)).

26
lib/fileset/internal.nix
View File

@ -638,4 +638,30 @@ rec {
else
# In all other cases it's the rhs
rhs;
_fileFilter = predicate: fileset:
let
recurse = path: tree:
mapAttrs (name: subtree:
if isAttrs subtree || subtree == "directory" then
recurse (path + "/${name}") subtree
else if
predicate {
inherit name;
type = subtree;
# To ensure forwards compatibility with more arguments being added in the future,
# adding an attribute which can't be deconstructed :)
"lib.fileset.fileFilter: The predicate function passed as the first argument must be able to handle extra attributes for future compatibility. If you're using `{ name, file }:`, use `{ name, file, ... }:` instead." = null;
}
then
subtree
else
null
) (_directoryEntries path tree);
in
if fileset._internalIsEmptyWithoutBase then
_emptyWithoutBase
else
_create fileset._internalBase
(recurse fileset._internalBase fileset._internalTree);
}

67
lib/fileset/tests.sh
View File

@ -678,6 +678,73 @@ tree=(
checkFileset 'intersection (unions [ ./a/b ./c/d ./c/e ]) (unions [ ./a ./c/d/f ./c/e ])'
## File filter
# The predicate is not called when there's no files
tree=()
checkFileset 'fileFilter (file: abort "this is not needed") ./.'
checkFileset 'fileFilter (file: abort "this is not needed") _emptyWithoutBase'
# The predicate must be able to handle extra attributes
touch a
expectFailure 'toSource { root = ./.; fileset = fileFilter ({ name, type }: true) ./.; }' 'called with unexpected argument '\''"lib.fileset.fileFilter: The predicate function passed as the first argument must be able to handle extra attributes for future compatibility. If you'\''re using `\{ name, file \}:`, use `\{ name, file, ... \}:` instead."'\'
rm -rf -- *
# .name is the name, and it works correctly, even recursively
tree=(
[a]=1
[b]=0
[c/a]=1
[c/b]=0
[d/c/a]=1
[d/c/b]=0
)
checkFileset 'fileFilter (file: file.name == "a") ./.'
tree=(
[a]=0
[b]=1
[c/a]=0
[c/b]=1
[d/c/a]=0
[d/c/b]=1
)
checkFileset 'fileFilter (file: file.name != "a") ./.'
# `.type` is the file type
mkdir d
touch d/a
ln -s d/b d/b
mkfifo d/c
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type == "regular") ./.; }' \
'toSource { root = ./.; fileset = ./d/a; }'
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type == "symlink") ./.; }' \
'toSource { root = ./.; fileset = ./d/b; }'
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type == "unknown") ./.; }' \
'toSource { root = ./.; fileset = ./d/c; }'
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type != "regular") ./.; }' \
'toSource { root = ./.; fileset = union ./d/b ./d/c; }'
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type != "symlink") ./.; }' \
'toSource { root = ./.; fileset = union ./d/a ./d/c; }'
expectEqual \
'toSource { root = ./.; fileset = fileFilter (file: file.type != "unknown") ./.; }' \
'toSource { root = ./.; fileset = union ./d/a ./d/b; }'
rm -rf -- *
# It's lazy
tree=(
[b]=1
[c/a]=1
)
# Note that union evaluates the first argument first if necessary, that's why we can use ./c/a here
checkFileset 'union ./c/a (fileFilter (file: assert file.name != "a"; true) ./.)'
# but here we need to use ./c
checkFileset 'union (fileFilter (file: assert file.name != "a"; true) ./.) ./c'
## Tracing
# The second trace argument is returned

11
lib/systems/parse.nix
View File

@ -29,6 +29,15 @@ let
assert type.check value;
setType type.name ({ inherit name; } // value));
# gnu-config will ignore the portion of a triple matching the
# regex `e?abi.*$` when determining the validity of a triple. In
# other words, `i386-linuxabichickenlips` is a valid triple.
removeAbiSuffix = x:
let match = builtins.match "(.*)e?abi.*" x;
in if match==null
then x
else lib.elemAt match 0;
in
rec {
@ -466,7 +475,7 @@ rec {
else vendors.unknown;
kernel = if hasPrefix "darwin" args.kernel then getKernel "darwin"
else if hasPrefix "netbsd" args.kernel then getKernel "netbsd"
else getKernel args.kernel;
else getKernel (removeAbiSuffix args.kernel);
abi =
/**/ if args ? abi then getAbi args.abi
else if isLinux parsed || isWindows parsed then

19
maintainers/maintainer-list.nix
View File

@ -16112,6 +16112,12 @@
fingerprint = "AB63 4CD9 3322 BD42 6231 F764 C404 1EA6 B326 33DE";
}];
};
shivaraj-bh = {
email = "sbh69840@gmail.com";
name = "Shivaraj B H";
github = "shivaraj-bh";
githubId = 23645788;
};
shlevy = {
email = "shea@shealevy.com";
github = "shlevy";
@ -17212,6 +17218,12 @@
githubId = 1901799;
name = "Nathan van Doorn";
};
taranarmo = {
email = "taranarmo@gmail.com";
github = "taranarmo";
githubId = 11619234;
name = "Sergey Volkov";
};
tari = {
email = "peter@taricorp.net";
github = "tari";
@ -19361,6 +19373,13 @@
fingerprint = "FD0A C425 9EF5 4084 F99F 9B47 2ACC 9749 7C68 FAD4";
}];
};
YellowOnion = {
name = "Daniel Hill";
email = "daniel@gluo.nz";
github = "YellowOnion";
githubId = 364160;
matrix = "@woobilicious:matrix.org";
};
yesbox = {
email = "jesper.geertsen.jonsson@gmail.com";
github = "yesbox";

23
maintainers/scripts/luarocks-packages.csv
View File

@ -1,9 +1,9 @@
name,src,ref,server,version,luaversion,maintainers
alt-getopt,,,,,,arobyn
bit32,,,,5.3.0-1,5.1,lblasc
argparse,https://github.com/luarocks/argparse.git,,,,,
basexx,https://github.com/teto/basexx.git,,,,,
binaryheap,https://github.com/Tieske/binaryheap.lua,,,,,vcunat
argparse,,,,,,
basexx,,,,,,
binaryheap,,,,,,vcunat
busted,,,,,,
cassowary,,,,,,marsam alerque
cldr,,,,,,alerque
@ -12,11 +12,9 @@ cosmo,,,,,,marsam
coxpcall,,,,1.17.0-1,,
cqueues,,,,,,vcunat
cyan,,,,,,
cyrussasl,https://github.com/JorjBauer/lua-cyrussasl.git,,,,,
digestif,https://github.com/astoff/digestif.git,,,0.2-1,5.3,
digestif,https://github.com/astoff/digestif.git,,,,5.3,
dkjson,,,,,,
fennel,,,,,,misterio77
ferris.nvim,,,,,,mrcjkb
fifo,,,,,,
fluent,,,,,,alerque
gitsigns.nvim,https://github.com/lewis6991/gitsigns.nvim.git,,,,5.1,
@ -25,7 +23,7 @@ http,,,,0.3-0,,vcunat
inspect,,,,,,
jsregexp,,,,,,
ldbus,,,http://luarocks.org/dev,,,
ldoc,https://github.com/stevedonovan/LDoc.git,,,,,
ldoc,,,,,,
lgi,,,,,,
linenoise,https://github.com/hoelzro/lua-linenoise.git,,,,,
ljsyscall,,,,,5.1,lblasc
@ -41,7 +39,7 @@ lrexlib-posix,,,,,,
lua-cjson,,,,,,
lua-cmsgpack,,,,,,
lua-curl,,,,,,
lua-iconv,,,,,,
lua-ffi-zlib,,,,,,
lua-lsp,,,,,,
lua-messagepack,,,,,,
lua-protobuf,,,,,,lockejan
@ -83,29 +81,30 @@ luaunit,,,,,,lockejan
luautf8,,,,,,pstn
luazip,,,,,,
lua-yajl,,,,,,pstn
lua-iconv,,,,7.0.0,,
luuid,,,,,,
luv,,,,1.44.2-1,,
lush.nvim,https://github.com/rktjmp/lush.nvim,,,,,teto
lyaml,,,,,,lblasc
magick,,,,,,donovanglover
magick,,,,,5.1,donovanglover
markdown,,,,,,
mediator_lua,,,,,,
middleclass,,,,,,
mpack,,,,,,
moonscript,https://github.com/leafo/moonscript.git,dev-1,,,,arobyn
nui-nvim,,,,,,mrcjkb
nui.nvim,,,,,,mrcjkb
nvim-client,https://github.com/neovim/lua-client.git,,,,,
nvim-cmp,https://github.com/hrsh7th/nvim-cmp,,,,,
penlight,https://github.com/lunarmodules/Penlight.git,,,,,alerque
plenary.nvim,https://github.com/nvim-lua/plenary.nvim.git,,,,5.1,
rapidjson,https://github.com/xpol/lua-rapidjson.git,,,,,
rest.nvim,,,,,5.1,teto
readline,,,,,,
rustaceanvim,,,,,,mrcjkb
say,https://github.com/Olivine-Labs/say.git,,,,,
serpent,,,,,,lockejan
sqlite,,,,,,
std._debug,https://github.com/lua-stdlib/_debug.git,,,,,
std.normalize,https://github.com/lua-stdlib/normalize.git,,,,,
std.normalize,,,,,,
stdlib,,,,41.2.2,,vyp
teal-language-server,,,http://luarocks.org/dev,,,
telescope.nvim,,,,,5.1,

1 name src ref server version luaversion maintainers
2 alt-getopt arobyn
3 bit32 5.3.0-1 5.1 lblasc
4 argparse https://github.com/luarocks/argparse.git
5 basexx https://github.com/teto/basexx.git
6 binaryheap https://github.com/Tieske/binaryheap.lua vcunat
7 busted
8 cassowary marsam alerque
9 cldr alerque
12 coxpcall 1.17.0-1
13 cqueues vcunat
14 cyan
15 cyrussasl digestif https://github.com/JorjBauer/lua-cyrussasl.git https://github.com/astoff/digestif.git 5.3
digestif https://github.com/astoff/digestif.git 0.2-1 5.3
16 dkjson
17 fennel misterio77
ferris.nvim mrcjkb
18 fifo
19 fluent alerque
20 gitsigns.nvim https://github.com/lewis6991/gitsigns.nvim.git 5.1
23 inspect
24 jsregexp
25 ldbus http://luarocks.org/dev
26 ldoc https://github.com/stevedonovan/LDoc.git
27 lgi
28 linenoise https://github.com/hoelzro/lua-linenoise.git
29 ljsyscall 5.1 lblasc
39 lua-cjson
40 lua-cmsgpack
41 lua-curl
42 lua-iconv lua-ffi-zlib
43 lua-lsp
44 lua-messagepack
45 lua-protobuf lockejan
81 luautf8 pstn
82 luazip
83 lua-yajl pstn
84 lua-iconv 7.0.0
85 luuid
86 luv 1.44.2-1
87 lush.nvim https://github.com/rktjmp/lush.nvim teto
88 lyaml lblasc
89 magick 5.1 donovanglover
90 markdown
91 mediator_lua
92 middleclass
93 mpack
94 moonscript https://github.com/leafo/moonscript.git dev-1 arobyn
95 nui-nvim nui.nvim mrcjkb
96 nvim-client https://github.com/neovim/lua-client.git
97 nvim-cmp https://github.com/hrsh7th/nvim-cmp
98 penlight https://github.com/lunarmodules/Penlight.git alerque
99 plenary.nvim https://github.com/nvim-lua/plenary.nvim.git 5.1
100 rapidjson https://github.com/xpol/lua-rapidjson.git
101 rest.nvim 5.1 teto
102 readline rustaceanvim mrcjkb
103 say https://github.com/Olivine-Labs/say.git
104 serpent lockejan
105 sqlite
106 std._debug https://github.com/lua-stdlib/_debug.git
107 std.normalize https://github.com/lua-stdlib/normalize.git
108 stdlib 41.2.2 vyp
109 teal-language-server http://luarocks.org/dev
110 telescope.nvim 5.1

2
maintainers/scripts/update-luarocks-packages
View File

@ -103,7 +103,7 @@ class LuaEditor(pluginupdate.Editor):
header2 = textwrap.dedent(
# header2 = inspect.cleandoc(
"""
{ self, stdenv, lib, fetchurl, fetchgit, callPackage, ... } @ args:
{ stdenv, lib, fetchurl, fetchgit, callPackage, ... }:
final: prev:
{
"""

2
maintainers/team-list.nix
View File

@ -407,7 +407,6 @@ with lib.maintainers; {
home-assistant = {
members = [
fab
globin
hexa
mic92
];
@ -742,7 +741,6 @@ with lib.maintainers; {
aanderse
drupol
etu
globin
ma27
talyz
];

24
nixos/doc/manual/release-notes/rl-2311.section.md
View File

@ -107,6 +107,8 @@
- [NNCP](http://www.nncpgo.org/). Added nncp-daemon and nncp-caller services. Configuration is set with [programs.nncp.settings](#opt-programs.nncp.settings) and the daemons are enabled at [services.nncp](#opt-services.nncp.caller.enable).
- [FastNetMon Advanced](https://fastnetmon.com/product-overview/), a commercial high performance DDoS detector / sensor. Available as [services.fastnetmon-advanced](#opt-services.fastnetmon-advanced.enable).
- [tuxedo-rs](https://github.com/AaronErhardt/tuxedo-rs), Rust utilities for interacting with hardware from TUXEDO Computers.
- [audiobookshelf](https://github.com/advplyr/audiobookshelf/), a self-hosted audiobook and podcast server. Available as [services.audiobookshelf](#opt-services.audiobookshelf.enable).
@ -121,6 +123,8 @@
- [Soft Serve](https://github.com/charmbracelet/soft-serve), a tasty, self-hostable Git server for the command line. Available as [services.soft-serve](#opt-services.soft-serve.enable).
- [Rosenpass](https://rosenpass.eu/), a service for post-quantum-secure VPNs with WireGuard. Available as [services.rosenpass](#opt-services.rosenpass.enable).
## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
- `network-online.target` has been fixed to no longer time out for systems with `networking.useDHCP = true` and `networking.useNetworkd = true`.
@ -240,6 +244,18 @@
- `fileSystems.<name>.autoResize` now uses `systemd-growfs` to resize the file system online in stage 2. This means that `f2fs` and `ext2` can no longer be auto resized, while `xfs` and `btrfs` now can be.
- `fuse3` has been updated from 3.11.0 to 3.16.2; see [ChangeLog.rst](https://github.com/libfuse/libfuse/blob/fuse-3.16.2/ChangeLog.rst#libfuse-3162-2023-10-10) for an overview of the changes.
Unsupported mount options are no longer silently accepted [(since 3.15.0)](https://github.com/libfuse/libfuse/blob/fuse-3.16.2/ChangeLog.rst#libfuse-3150-2023-06-09). The [affected mount options](https://github.com/libfuse/libfuse/commit/dba6b3983af34f30de01cf532dff0b66f0ed6045) are: `atime`, `diratime`, `lazytime`, `nolazytime`, `relatime`, `norelatime`, `strictatime`.
For example,
```bash
$ sshfs 127.0.0.1:/home/test/testdir /home/test/sshfs_mnt -o atime`
```
would previously terminate successfully with the mount point established, now it outputs the error message ``fuse: unknown option(s): `-o atime'`` and terminates with exit status 1.
- `nixos-rebuild {switch,boot,test,dry-activate}` now runs the system activation inside `systemd-run`, creating an ephemeral systemd service and protecting the system switch against issues like network disconnections during remote (e.g. SSH) sessions. This has the side effect of running the switch in an isolated environment, that could possible break post-switch scripts that depends on things like environment variables being set. If you want to opt-out from this behavior for now, you may set the `NIXOS_SWITCH_USE_DIRTY_ENV` environment variable before running `nixos-rebuild`. However, keep in mind that this option will be removed in the future.
- The `services.vaultwarden.config` option default value was changed to make Vaultwarden only listen on localhost, following the [secure defaults for most NixOS services](https://github.com/NixOS/nixpkgs/issues/100192).
@ -313,6 +329,8 @@
- `rome` was removed because it is no longer maintained and is succeeded by `biome`.
- The `prometheus-knot-exporter` was migrated to a version maintained by CZ.NIC. Various metric names have changed, so checking existing rules is recommended.
- The `services.mtr-exporter.target` has been removed in favor of `services.mtr-exporter.jobs` which allows specifying multiple targets.
- Setting `nixpkgs.config` options while providing an external `pkgs` instance will now raise an error instead of silently ignoring the options. NixOS modules no longer set `nixpkgs.config` to accomodate this. This specifically affects `services.locate`, `services.xserver.displayManager.lightdm.greeters.tiny` and `programs.firefox` NixOS modules. No manual intervention should be required in most cases, however, configurations relying on those modules affecting packages outside the system environment should switch to explicit overlays.
@ -325,6 +343,10 @@
- `ps3netsrv` has been replaced with the webman-mod fork, the executable has been renamed from `ps3netsrv++` to `ps3netsrv` and cli parameters have changed.
- `ssm-agent` package and module were renamed to `amazon-ssm-agent` to be consistent with the upstream package name.
- `services.kea.{ctrl-agent,dhcp-ddns,dhcp,dhcp6}` now use separate runtime directories instead of `/run/kea` to work around the runtime directory being cleared on service start.
## Other Notable Changes {#sec-release-23.11-notable-changes}
- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.
@ -359,6 +381,8 @@
- `services.outline` can now be configured to use local filesystem storage instead of S3 storage using [services.outline.storage.storageType](#opt-services.outline.storage.storageType).
- `paperwork` was updated to version 2.2. Documents scanned with this version will not be visible to previous versions if you downgrade. See the [upstream announcement](https://forum.openpaper.work/t/paperwork-2-2-testing-phase/316#important-switch-from-jpeg-to-png-for-new-pages-2) for details and workarounds.
- `buildGoModule` `go-modules` attrs have been renamed to `goModules`.
- The `fonts.fonts` and `fonts.enableDefaultFonts` options have been renamed to `fonts.packages` and `fonts.enableDefaultPackages` respectively.

13
nixos/lib/make-squashfs.nix
View File

@ -1,15 +1,22 @@
{ lib, stdenv, squashfsTools, closureInfo
, fileName ? "squashfs"
, # The root directory of the squashfs filesystem is filled with the
# closures of the Nix store paths listed here.
storeContents ? []
# Pseudo files to be added to squashfs image
, pseudoFiles ? []
, noStrip ? false
, # Compression parameters.
# For zstd compression you can use "zstd -Xcompression-level 6".
comp ? "xz -Xdict-size 100%"
}:
let
pseudoFilesArgs = lib.concatMapStrings (f: ''-p "${f}" '') pseudoFiles;
in
stdenv.mkDerivation {
name = "squashfs.img";
name = "${fileName}.img";
__structuredAttrs = true;
nativeBuildInputs = [ squashfsTools ];
@ -31,8 +38,8 @@ stdenv.mkDerivation {
'' + ''
# Generate the squashfs image.
mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \
-no-hardlinks -keep-as-directory -all-root -b 1048576 -comp ${comp} \
mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out ${pseudoFilesArgs} \
-no-hardlinks ${lib.optionalString noStrip "-no-strip"} -keep-as-directory -all-root -b 1048576 -comp ${comp} \
-processors $NIX_BUILD_CORES
'';
}

1
nixos/lib/qemu-common.nix
View File

@ -40,6 +40,7 @@ rec {
otherHostGuestMatrix = {
aarch64-darwin = {
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=2,accel=hvf:tcg -cpu max";
inherit (otherHostGuestMatrix.x86_64-darwin) x86_64-linux;
};
x86_64-darwin = {
x86_64-linux = "${qemuPkg}/bin/qemu-system-x86_64 -machine type=q35,accel=hvf:tcg -cpu max";

6
nixos/modules/hardware/video/nvidia.nix
View File

@ -269,9 +269,9 @@ in {
services.udev.extraRules =
''
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 255'"
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'for i in $$(cat /proc/driver/nvidia/gpus/*/information | grep Minor | cut -d \ -f 4); do mknod -m 666 /dev/nvidia$${i} c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) $${i}; done'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 254'"
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c 195 255'"
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'for i in $$(cat /proc/driver/nvidia/gpus/*/information | grep Minor | cut -d \ -f 4); do mknod -m 666 /dev/nvidia$${i} c 195 $${i}; done'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c 195 254'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
'';

14
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -257,6 +257,7 @@ foreach my $path (glob "/sys/class/{block,mmc_host}/*") {
# Add bcache module, if needed.
my @bcacheDevices = glob("/dev/bcache*");
@bcacheDevices = grep(!qr#dev/bcachefs.*#, @bcacheDevices);
if (scalar @bcacheDevices > 0) {
push @initrdAvailableKernelModules, "bcache";
}
@ -467,6 +468,19 @@ EOF
# boot.tmp.useTmpfs option in configuration.nix (managed declaratively).
next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
# This should work for single and multi-device systems.
# still needs subvolume support
if ($fsType eq "bcachefs") {
my ($status, @info) = runCommand("bcachefs fs usage $rootDir$mountPoint");
my $UUID = $info[0];
if ($status == 0 && $UUID =~ /^Filesystem:[ \t\n]*([0-9a-z-]+)/) {
$stableDevPath = "UUID=$1";
} else {
print STDERR "warning: can't find bcachefs mount UUID falling back to device-path";
}
}
# Emit the filesystem.
$fileSystems .= <<EOF;
fileSystems.\"$mountPoint\" =

8
nixos/modules/misc/nixpkgs.nix
View File

@ -187,7 +187,7 @@ in
hostPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
example = { system = "aarch64-linux"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this. TODO make `lib.systems` itself use the module system.
apply = lib.systems.elaborate;
@ -205,7 +205,7 @@ in
buildPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
default = cfg.hostPlatform;
example = { system = "x86_64-linux"; config = "x86_64-unknown-linux-gnu"; };
example = { system = "x86_64-linux"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this.
apply = lib.systems.elaborate;
@ -228,7 +228,7 @@ in
localSystem = mkOption {
type = types.attrs; # TODO utilize lib.systems.parsedPlatform
default = { inherit (cfg) system; };
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
example = { system = "aarch64-linux"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this. TODO make `lib.systems` itself use the module system.
apply = lib.systems.elaborate;
@ -262,7 +262,7 @@ in
crossSystem = mkOption {
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null;
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
example = { system = "aarch64-linux"; };
description = lib.mdDoc ''
Systems with a recently generated `hardware-configuration.nix`
may instead specify *only* {option}`nixpkgs.buildPlatform`,

6
nixos/modules/module-list.nix
View File

@ -268,6 +268,7 @@
./programs/usbtop.nix
./programs/vim.nix
./programs/wavemon.nix
./programs/wayland/cardboard.nix
./programs/wayland/river.nix
./programs/wayland/sway.nix
./programs/wayland/waybar.nix
@ -625,6 +626,7 @@
./services/matrix/matrix-sliding-sync.nix
./services/matrix/synapse.nix
./services/misc/airsonic.nix
./services/misc/amazon-ssm-agent.nix
./services/misc/ananicy.nix
./services/misc/ankisyncd.nix
./services/misc/apache-kafka.nix
@ -741,7 +743,6 @@
./services/misc/spice-autorandr.nix
./services/misc/spice-vdagentd.nix
./services/misc/spice-webdavd.nix
./services/misc/ssm-agent.nix
./services/misc/sssd.nix
./services/misc/subsonic.nix
./services/misc/sundtek.nix
@ -907,6 +908,7 @@
./services/networking/eternal-terminal.nix
./services/networking/expressvpn.nix
./services/networking/fakeroute.nix
./services/networking/fastnetmon-advanced.nix
./services/networking/ferm.nix
./services/networking/firefox-syncserver.nix
./services/networking/fireqos.nix
@ -1047,6 +1049,7 @@
./services/networking/redsocks.nix
./services/networking/resilio.nix
./services/networking/robustirc-bridge.nix
./services/networking/rosenpass.nix
./services/networking/routedns.nix
./services/networking/rpcbind.nix
./services/networking/rxe.nix
@ -1268,6 +1271,7 @@
./services/web-apps/kavita.nix
./services/web-apps/keycloak.nix
./services/web-apps/komga.nix
./services/web-apps/lanraragi.nix
./services/web-apps/lemmy.nix
./services/web-apps/limesurvey.nix
./services/web-apps/mainsail.nix

24
nixos/modules/programs/wayland/cardboard.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.cardboard;
in
{
meta.maintainers = with lib.maintainers; [ AndersonTorres ];
options.programs.cardboard = {
enable = lib.mkEnableOption (lib.mdDoc "cardboard");
package = lib.mkPackageOptionMD pkgs "cardboard" { };
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
environment.systemPackages = [ cfg.package ];
# To make a cardboard session available for certain DMs like SDDM
services.xserver.displayManager.sessionPackages = [ cfg.package ];
}
(import ./wayland-session.nix { inherit lib pkgs; })
]);
}

59
nixos/modules/security/acme/default.nix
View File

@ -184,6 +184,7 @@ let
certToConfig = cert: data: let
acmeServer = data.server;
useDns = data.dnsProvider != null;
useDnsOrS3 = useDns || data.s3Bucket != null;
destPath = "/var/lib/acme/${cert}";
selfsignedDeps = optionals (cfg.preliminarySelfsigned) [ "acme-selfsigned-${cert}.service" ];
@ -219,7 +220,8 @@ let
[ "--dns" data.dnsProvider ]
++ optionals (!data.dnsPropagationCheck) [ "--dns.disable-cp" ]
++ optionals (data.dnsResolver != null) [ "--dns.resolvers" data.dnsResolver ]
) else if data.listenHTTP != null then [ "--http" "--http.port" data.listenHTTP ]
) else if data.s3Bucket != null then [ "--http" "--http.s3-bucket" data.s3Bucket ]
else if data.listenHTTP != null then [ "--http" "--http.port" data.listenHTTP ]
else [ "--http" "--http.webroot" data.webroot ];
commonOpts = [
@ -362,13 +364,12 @@ let
"/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"
];
# Only try loading the environmentFile if the dns challenge is enabled
EnvironmentFile = mkIf useDns data.environmentFile;
EnvironmentFile = mkIf useDnsOrS3 data.environmentFile;
Environment = mkIf useDns
Environment = mkIf useDnsOrS3
(mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);
LoadCredential = mkIf useDns
LoadCredential = mkIf useDnsOrS3
(mapAttrsToList (k: v: "${k}:${v}") data.credentialFiles);
# Run as root (Prefixed with +)
@ -755,6 +756,15 @@ let
'';
};
s3Bucket = mkOption {
type = types.nullOr types.str;
default = null;
example = "acme";
description = lib.mdDoc ''
S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket.
'';
};
inheritDefaults = mkOption {
default = true;
example = true;
@ -928,35 +938,20 @@ in {
and remove the wildcard from the path.
'';
}
{
assertion = data.dnsProvider == null || data.webroot == null;
(let exclusiveAttrs = {
inherit (data) dnsProvider webroot listenHTTP s3Bucket;
}; in {
assertion = lib.length (lib.filter (x: x != null) (builtins.attrValues exclusiveAttrs)) == 1;
message = ''
Options `security.acme.certs.${cert}.dnsProvider` and
`security.acme.certs.${cert}.webroot` are mutually exclusive.
Exactly one of the options
`security.acme.certs.${cert}.dnsProvider`,
`security.acme.certs.${cert}.webroot`,
`security.acme.certs.${cert}.listenHTTP` and
`security.acme.certs.${cert}.s3Bucket`
is required.
Current values: ${(lib.generators.toPretty {} exclusiveAttrs)}.
'';
}
{
assertion = data.webroot == null || data.listenHTTP == null;
message = ''
Options `security.acme.certs.${cert}.webroot` and
`security.acme.certs.${cert}.listenHTTP` are mutually exclusive.
'';
}
{
assertion = data.listenHTTP == null || data.dnsProvider == null;
message = ''
Options `security.acme.certs.${cert}.listenHTTP` and
`security.acme.certs.${cert}.dnsProvider` are mutually exclusive.
'';
}
{
assertion = data.dnsProvider != null || data.webroot != null || data.listenHTTP != null;
message = ''
One of `security.acme.certs.${cert}.dnsProvider`,
`security.acme.certs.${cert}.webroot`, or
`security.acme.certs.${cert}.listenHTTP` must be provided.
'';
}
})
{
assertion = all (hasSuffix "_FILE") (attrNames data.credentialFiles);
message = ''

40
nixos/modules/services/backup/bacula.nix
View File

@ -15,16 +15,16 @@ let
Client {
Name = "${fd_cfg.name}";
FDPort = ${toString fd_cfg.port};
WorkingDirectory = "${libDir}";
Pid Directory = "/run";
WorkingDirectory = ${libDir};
Pid Directory = /run;
${fd_cfg.extraClientConfig}
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Director {
Name = "${name}";
Password = "${value.password}";
Monitor = "${value.monitor}";
Password = ${value.password};
Monitor = ${value.monitor};
}
'') fd_cfg.director)}
@ -41,8 +41,8 @@ let
Storage {
Name = "${sd_cfg.name}";
SDPort = ${toString sd_cfg.port};
WorkingDirectory = "${libDir}";
Pid Directory = "/run";
WorkingDirectory = ${libDir};
Pid Directory = /run;
${sd_cfg.extraStorageConfig}
}
@ -50,8 +50,8 @@ let
Autochanger {
Name = "${name}";
Device = ${concatStringsSep ", " (map (a: "\"${a}\"") value.devices)};
Changer Device = "${value.changerDevice}";
Changer Command = "${value.changerCommand}";
Changer Device = ${value.changerDevice};
Changer Command = ${value.changerCommand};
${value.extraAutochangerConfig}
}
'') sd_cfg.autochanger)}
@ -59,8 +59,8 @@ let
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Device {
Name = "${name}";
Archive Device = "${value.archiveDevice}";
Media Type = "${value.mediaType}";
Archive Device = ${value.archiveDevice};
Media Type = ${value.mediaType};
${value.extraDeviceConfig}
}
'') sd_cfg.device)}
@ -68,8 +68,8 @@ let
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Director {
Name = "${name}";
Password = "${value.password}";
Monitor = "${value.monitor}";
Password = ${value.password};
Monitor = ${value.monitor};
}
'') sd_cfg.director)}
@ -85,18 +85,18 @@ let
''
Director {
Name = "${dir_cfg.name}";
Password = "${dir_cfg.password}";
Password = ${dir_cfg.password};
DirPort = ${toString dir_cfg.port};
Working Directory = "${libDir}";
Pid Directory = "/run/";
QueryFile = "${pkgs.bacula}/etc/query.sql";
Working Directory = ${libDir};
Pid Directory = /run/;
QueryFile = ${pkgs.bacula}/etc/query.sql;
${dir_cfg.extraDirectorConfig}
}
Catalog {
Name = "PostgreSQL";
dbname = "bacula";
user = "bacula";
Name = PostgreSQL;
dbname = bacula;
user = bacula;
}
Messages {
@ -533,7 +533,7 @@ in {
};
};
services.postgresql.enable = dir_cfg.enable == true;
services.postgresql.enable = lib.mkIf dir_cfg.enable true;
systemd.services.bacula-dir = mkIf dir_cfg.enable {
after = [ "network.target" "postgresql.service" ];

2
nixos/modules/services/databases/ferretdb.nix
View File

@ -30,7 +30,7 @@ in
};
description = ''
Additional configuration for FerretDB, see
<https://docs.ferretdb.io/flags/>
<https://docs.ferretdb.io/configuration/flags/>
for supported values.
'';
};

17
nixos/modules/services/desktops/pipewire/pipewire.nix
View File

@ -115,8 +115,7 @@ in {
environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.jack.enable jack-libs;
systemd.packages = [ cfg.package ]
++ lib.optional cfg.pulse.enable cfg.package.pulse;
systemd.packages = [ cfg.package ];
# PipeWire depends on DBUS but doesn't list it. Without this booting
# into a terminal results in the service crashing with an error.
@ -130,9 +129,13 @@ in {
systemd.user.sockets.pipewire.enable = !cfg.systemWide;
systemd.user.services.pipewire.enable = !cfg.systemWide;
# Mask pw-pulse if it's not wanted
systemd.user.services.pipewire-pulse.enable = cfg.pulse.enable;
systemd.user.sockets.pipewire-pulse.enable = cfg.pulse.enable;
systemd.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
systemd.user.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
systemd.user.sockets.pipewire-pulse.wantedBy = lib.mkIf (cfg.socketActivation && cfg.pulse.enable) ["sockets.target"];
systemd.user.sockets.pipewire-pulse.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
services.udev.packages = [ cfg.package ];
@ -140,14 +143,14 @@ in {
environment.etc."alsa/conf.d/49-pipewire-modules.conf" = mkIf cfg.alsa.enable {
text = ''
pcm_type.pipewire {
libs.native = ${cfg.package.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;
libs.native = ${cfg.package}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;
${optionalString enable32BitAlsaPlugins
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;"}
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;"}
}
ctl_type.pipewire {
libs.native = ${cfg.package.lib}/lib/alsa-lib/libasound_module_ctl_pipewire.so ;
libs.native = ${cfg.package}/lib/alsa-lib/libasound_module_ctl_pipewire.so ;
${optionalString enable32BitAlsaPlugins
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire.lib}/lib/alsa-lib/libasound_module_ctl_pipewire.so ;"}
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire}/lib/alsa-lib/libasound_module_ctl_pipewire.so ;"}
}
'';
};

2
nixos/modules/services/home-automation/home-assistant.nix
View File

@ -12,7 +12,7 @@ let
# We post-process the result to add support for YAML functions, like secrets or includes, see e.g.
# https://www.home-assistant.io/docs/configuration/secrets/
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null ])) cfg.config or {};
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
configFile = pkgs.runCommandLocal "configuration.yaml" { } ''
cp ${format.generate "configuration.yaml" filteredConfig} $out
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
'';

19
nixos/modules/services/misc/ssm-agent.nix → nixos/modules/services/misc/amazon-ssm-agent.nix
View File

@ -2,7 +2,7 @@
with lib;
let
cfg = config.services.ssm-agent;
cfg = config.services.amazon-ssm-agent;
# The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool
# in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM
@ -16,19 +16,24 @@ let
esac
'';
in {
options.services.ssm-agent = {
enable = mkEnableOption (lib.mdDoc "AWS SSM agent");
imports = [
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
(mkRenamedOptionModule [ "services" "ssm-agent" "package" ] [ "services" "amazon-ssm-agent" "package" ])
];
options.services.amazon-ssm-agent = {
enable = mkEnableOption (lib.mdDoc "Amazon SSM agent");
package = mkOption {
type = types.path;
description = lib.mdDoc "The SSM agent package to use";
default = pkgs.ssm-agent.override { overrideEtc = false; };
defaultText = literalExpression "pkgs.ssm-agent.override { overrideEtc = false; }";
description = lib.mdDoc "The Amazon SSM agent package to use";
default = pkgs.amazon-ssm-agent.override { overrideEtc = false; };
defaultText = literalExpression "pkgs.amazon-ssm-agent.override { overrideEtc = false; }";
};
};
config = mkIf cfg.enable {
systemd.services.ssm-agent = {
systemd.services.amazon-ssm-agent = {
inherit (cfg.package.meta) description;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];

2
nixos/modules/services/misc/forgejo.nix
View File

@ -632,6 +632,8 @@ in
};
};
services.openssh.settings.AcceptEnv = mkIf (!cfg.settings.START_SSH_SERVER or false) "GIT_PROTOCOL";
users.users = mkIf (cfg.user == "forgejo") {
forgejo = {
home = cfg.stateDir;

37
nixos/modules/services/monitoring/munin.nix
View File

@ -83,42 +83,47 @@ let
# Copy one Munin plugin into the Nix store with a specific name.
# This is suitable for use with plugins going directly into /etc/munin/plugins,
# i.e. munin.extraPlugins.
internOnePlugin = name: path:
internOnePlugin = { name, path }:
"cp -a '${path}' '${name}'";
# Copy an entire tree of Munin plugins into a single directory in the Nix
# store, with no renaming.
# This is suitable for use with munin-node-configure --suggest, i.e.
# munin.extraAutoPlugins.
internManyPlugins = name: path:
# store, with no renaming. The output is suitable for use with
# munin-node-configure --suggest, i.e. munin.extraAutoPlugins.
# Note that this flattens the input; this is intentional, as
# munin-node-configure won't recurse into subdirectories.
internManyPlugins = path:
"find '${path}' -type f -perm /a+x -exec cp -a -t . '{}' '+'";
# Use the appropriate intern-fn to copy the plugins into the store and patch
# them afterwards in an attempt to get them to run on NixOS.
# This is a bit hairy because we can't just fix shebangs; lots of munin plugins
# hardcode paths like /sbin/mount rather than trusting $PATH, so we have to
# look for and update those throughout the script. At the same time, if the
# plugin comes from a package that is already nixified, we don't want to
# rewrite paths like /nix/store/foo/sbin/mount.
# For now we make the simplifying assumption that no file will contain lines
# which mix store paths and FHS paths, and thus run our substitution only on
# lines which do not contain store paths.
internAndFixPlugins = name: intern-fn: paths:
pkgs.runCommand name {} ''
mkdir -p "$out"
cd "$out"
${lib.concatStringsSep "\n"
(lib.attrsets.mapAttrsToList intern-fn paths)}
${lib.concatStringsSep "\n" (map intern-fn paths)}
chmod -R u+w .
find . -type f -exec sed -E -i '
s,(/usr)?/s?bin/,/run/current-system/sw/bin/,g
' '{}' '+'
${pkgs.findutils}/bin/find . -type f -exec ${pkgs.gnused}/bin/sed -E -i "
\%''${NIX_STORE}/%! s,(/usr)?/s?bin/,/run/current-system/sw/bin/,g
" '{}' '+'
'';
# TODO: write a derivation for munin-contrib, so that for contrib plugins
# you can just refer to them by name rather than needing to include a copy
# of munin-contrib in your nixos configuration.
extraPluginDir = internAndFixPlugins "munin-extra-plugins.d"
internOnePlugin nodeCfg.extraPlugins;
internOnePlugin
(lib.attrsets.mapAttrsToList (k: v: { name = k; path = v; }) nodeCfg.extraPlugins);
extraAutoPluginDir = internAndFixPlugins "munin-extra-auto-plugins.d"
internManyPlugins
(builtins.listToAttrs
(map
(path: { name = baseNameOf path; value = path; })
nodeCfg.extraAutoPlugins));
internManyPlugins nodeCfg.extraAutoPlugins;
customStaticDir = pkgs.runCommand "munin-custom-static-data" {} ''
cp -a "${pkgs.munin}/etc/opt/munin/static" "$out"

4
nixos/modules/services/monitoring/prometheus/exporters/kea.nix
View File

@ -15,8 +15,8 @@ in {
type = types.listOf types.str;
example = literalExpression ''
[
"/run/kea/kea-dhcp4.socket"
"/run/kea/kea-dhcp6.socket"
"/run/kea-dhcp4/kea-dhcp4.socket"
"/run/kea-dhcp6/kea-dhcp6.socket"
]
'';
description = lib.mdDoc ''

19
nixos/modules/services/monitoring/prometheus/exporters/knot.nix
View File

@ -8,9 +8,9 @@ in {
port = 9433;
extraOpts = {
knotLibraryPath = mkOption {
type = types.str;
default = "${pkgs.knot-dns.out}/lib/libknot.so";
defaultText = literalExpression ''"''${pkgs.knot-dns.out}/lib/libknot.so"'';
type = types.nullOr types.str;
default = null;
example = literalExpression ''"''${pkgs.knot-dns.out}/lib/libknot.so"'';
description = lib.mdDoc ''
Path to the library of `knot-dns`.
'';
@ -25,7 +25,7 @@ in {
};
knotSocketTimeout = mkOption {
type = types.int;
type = types.ints.positive;
default = 2000;
description = lib.mdDoc ''
Timeout in seconds.
@ -33,17 +33,22 @@ in {
};
};
serviceOpts = {
path = with pkgs; [
procps
];
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-knot-exporter}/bin/knot_exporter \
${pkgs.prometheus-knot-exporter}/bin/knot-exporter \
--web-listen-addr ${cfg.listenAddress} \
--web-listen-port ${toString cfg.port} \
--knot-library-path ${cfg.knotLibraryPath} \
--knot-socket-path ${cfg.knotSocketPath} \
--knot-socket-timeout ${toString cfg.knotSocketTimeout} \
${lib.optionalString (cfg.knotLibraryPath != null) "--knot-library-path ${cfg.knotLibraryPath}"} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
SupplementaryGroups = [ "knot" ];
SupplementaryGroups = [
"knot"
];
RestrictAddressFamilies = [
# Need AF_UNIX to collect data
"AF_UNIX"

222
nixos/modules/services/networking/fastnetmon-advanced.nix Normal file
View File

@ -0,0 +1,222 @@
{ config, lib, pkgs, ... }:
let
# Background information: FastNetMon requires a MongoDB to start. This is because
# it uses MongoDB to store its configuration. That is, in a normal setup there is
# one collection with one document.
# To provide declarative configuration in our NixOS module, this database is
# completely emptied and replaced on each boot by the fastnetmon-setup service
# using the configuration backup functionality.
cfg = config.services.fastnetmon-advanced;
settingsFormat = pkgs.formats.yaml { };
# obtain the default configs by starting up ferretdb and fcli in a derivation
default_configs = pkgs.runCommand "default-configs" {
nativeBuildInputs = [
pkgs.ferretdb
pkgs.fastnetmon-advanced # for fcli
pkgs.proot
];
} ''
mkdir ferretdb fastnetmon $out
FERRETDB_TELEMETRY="disable" FERRETDB_HANDLER="sqlite" FERRETDB_STATE_DIR="$PWD/ferretdb" FERRETDB_SQLITE_URL="file:$PWD/ferretdb/" ferretdb &
cat << EOF > fastnetmon/fastnetmon.conf
${builtins.toJSON {
mongodb_username = "";
}}
EOF
proot -b fastnetmon:/etc/fastnetmon -0 fcli create_configuration
proot -b fastnetmon:/etc/fastnetmon -0 fcli set bgp default
proot -b fastnetmon:/etc/fastnetmon -0 fcli export_configuration backup.tar
tar -C $out --no-same-owner -xvf backup.tar
'';
# merge the user configs into the default configs
config_tar = pkgs.runCommand "fastnetmon-config.tar" {
nativeBuildInputs = with pkgs; [ jq ];
} ''
jq -s add ${default_configs}/main.json ${pkgs.writeText "main-add.json" (builtins.toJSON cfg.settings)} > main.json
mkdir hostgroup
${lib.concatImapStringsSep "\n" (pos: hostgroup: ''
jq -s add ${default_configs}/hostgroup/0.json ${pkgs.writeText "hostgroup-${toString (pos - 1)}-add.json" (builtins.toJSON hostgroup)} > hostgroup/${toString (pos - 1)}.json
'') hostgroups}
mkdir bgp
${lib.concatImapStringsSep "\n" (pos: bgp: ''
jq -s add ${default_configs}/bgp/0.json ${pkgs.writeText "bgp-${toString (pos - 1)}-add.json" (builtins.toJSON bgp)} > bgp/${toString (pos - 1)}.json
'') bgpPeers}
tar -cf $out main.json ${lib.concatImapStringsSep " " (pos: _: "hostgroup/${toString (pos - 1)}.json") hostgroups} ${lib.concatImapStringsSep " " (pos: _: "bgp/${toString (pos - 1)}.json") bgpPeers}
'';
hostgroups = lib.mapAttrsToList (name: hostgroup: { inherit name; } // hostgroup) cfg.hostgroups;
bgpPeers = lib.mapAttrsToList (name: bgpPeer: { inherit name; } // bgpPeer) cfg.bgpPeers;
in {
options.services.fastnetmon-advanced = with lib; {
enable = mkEnableOption "the fastnetmon-advanced DDoS Protection daemon";
settings = mkOption {
description = ''
Extra configuration options to declaratively load into FastNetMon Advanced.
See the [FastNetMon Advanced Configuration options reference](https://fastnetmon.com/docs-fnm-advanced/fastnetmon-advanced-configuration-options/) for more details.
'';
type = settingsFormat.type;
default = {};
example = literalExpression ''
{
networks_list = [ "192.0.2.0/24" ];
gobgp = true;
gobgp_flow_spec_announces = true;
}
'';
};
hostgroups = mkOption {
description = "Hostgroups to declaratively load into FastNetMon Advanced";
type = types.attrsOf settingsFormat.type;
default = {};
};
bgpPeers = mkOption {
description = "BGP Peers to declaratively load into FastNetMon Advanced";
type = types.attrsOf settingsFormat.type;
default = {};
};
enableAdvancedTrafficPersistence = mkOption {
description = "Store historical flow data in clickhouse";
type = types.bool;
default = false;
};
traffic_db.settings = mkOption {
type = settingsFormat.type;
description = "Additional settings for /etc/fastnetmon/traffic_db.conf";
};
};
config = lib.mkMerge [ (lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
fastnetmon-advanced # for fcli
];
environment.etc."fastnetmon/license.lic".source = "/var/lib/fastnetmon/license.lic";
environment.etc."fastnetmon/gobgpd.conf".source = "/run/fastnetmon/gobgpd.conf";
environment.etc."fastnetmon/fastnetmon.conf".source = pkgs.writeText "fastnetmon.conf" (builtins.toJSON {
mongodb_username = "";
});
services.ferretdb.enable = true;
systemd.services.fastnetmon-setup = {
wantedBy = [ "multi-user.target" ];
after = [ "ferretdb.service" ];
path = with pkgs; [ fastnetmon-advanced config.systemd.package ];
script = ''
fcli create_configuration
fcli delete hostgroup global
fcli import_configuration ${config_tar}
systemctl --no-block try-restart fastnetmon
'';
serviceConfig.Type = "oneshot";
};
systemd.services.fastnetmon = {
wantedBy = [ "multi-user.target" ];
after = [ "ferretdb.service" "fastnetmon-setup.service" "polkit.service" ];
path = with pkgs; [ iproute2 ];
unitConfig = {
# Disable logic which shuts service when we do too many restarts
# We do restarts from sudo fcli commit and it's expected that we may have many restarts
# Details: https://github.com/systemd/systemd/issues/2416
StartLimitInterval = 0;
};
serviceConfig = {
ExecStart = "${pkgs.fastnetmon-advanced}/bin/fastnetmon --log_to_console";
LimitNOFILE = 65535;
# Restart service when it fails due to any reasons, we need to keep processing traffic no matter what happened
Restart= "on-failure";
RestartSec= "5s";
DynamicUser = true;
CacheDirectory = "fastnetmon";
RuntimeDirectory = "fastnetmon"; # for gobgpd config
StateDirectory = "fastnetmon"; # for license file
};
};
security.polkit.enable = true;
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("fastnetmon")) {
if (action.lookup("unit") == "gobgp.service") {
var verb = action.lookup("verb");
if (verb == "start" || verb == "stop" || verb == "restart") {
return polkit.Result.YES;
}
}
}
});
'';
# We don't use the existing gobgp NixOS module and package, because the gobgp
# version might not be compatible with fastnetmon. Also, the service name
# _must_ be 'gobgp' and not 'gobgpd', so that fastnetmon can reload the config.
systemd.services.gobgp = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "GoBGP Routing Daemon";
unitConfig = {
ConditionPathExists = "/run/fastnetmon/gobgpd.conf";
};
serviceConfig = {
Type = "notify";
ExecStartPre = "${pkgs.fastnetmon-advanced}/bin/fnm-gobgpd -f /run/fastnetmon/gobgpd.conf -d";
SupplementaryGroups = [ "fastnetmon" ];
ExecStart = "${pkgs.fastnetmon-advanced}/bin/fnm-gobgpd -f /run/fastnetmon/gobgpd.conf --sdnotify";
ExecReload = "${pkgs.fastnetmon-advanced}/bin/fnm-gobgpd -r";
DynamicUser = true;
AmbientCapabilities = "cap_net_bind_service";
};
};
})
(lib.mkIf (cfg.enable && cfg.enableAdvancedTrafficPersistence) {
## Advanced Traffic persistence
## https://fastnetmon.com/docs-fnm-advanced/fastnetmon-advanced-traffic-persistency/
services.clickhouse.enable = true;
services.fastnetmon-advanced.settings.traffic_db = true;
services.fastnetmon-advanced.traffic_db.settings = {
clickhouse_batch_size = lib.mkDefault 1000;
clickhouse_batch_delay = lib.mkDefault 1;
traffic_db_host = lib.mkDefault "127.0.0.1";
traffic_db_port = lib.mkDefault 8100;
clickhouse_host = lib.mkDefault "127.0.0.1";
clickhouse_port = lib.mkDefault 9000;
clickhouse_user = lib.mkDefault "default";
clickhouse_password = lib.mkDefault "";
};
environment.etc."fastnetmon/traffic_db.conf".text = builtins.toJSON cfg.traffic_db.settings;
systemd.services.traffic_db = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.fastnetmon-advanced}/bin/traffic_db";
# Restart service when it fails due to any reasons, we need to keep processing traffic no matter what happened
Restart= "on-failure";
RestartSec= "5s";
DynamicUser = true;
};
};
}) ];
meta.maintainers = lib.teams.wdz.members;
}

2
nixos/modules/services/networking/ircd-hybrid/builder.sh
View File

@ -1,4 +1,4 @@
if [ -e .attrs.sh ]; then source .attrs.sh; fi
if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi
source $stdenv/setup
doSub() {

21
nixos/modules/services/networking/kea.nix
View File

@ -254,7 +254,6 @@ in
DynamicUser = true;
User = "kea";
ConfigurationDirectory = "kea";
RuntimeDirectory = "kea";
StateDirectory = "kea";
UMask = "0077";
};
@ -289,8 +288,8 @@ in
];
environment = {
KEA_PIDFILE_DIR = "/run/kea";
KEA_LOCKFILE_DIR = "/run/kea";
KEA_PIDFILE_DIR = "/run/kea-ctrl-agent";
KEA_LOCKFILE_DIR = "/run/kea-ctrl-agent";
};
restartTriggers = [
@ -301,6 +300,7 @@ in
ExecStart = "${package}/bin/kea-ctrl-agent -c /etc/kea/ctrl-agent.conf ${lib.escapeShellArgs cfg.ctrl-agent.extraArgs}";
KillMode = "process";
Restart = "on-failure";
RuntimeDirectory = "kea-ctrl-agent";
} // commonServiceConfig;
};
})
@ -329,8 +329,8 @@ in
];
environment = {
KEA_PIDFILE_DIR = "/run/kea";
KEA_LOCKFILE_DIR = "/run/kea";
KEA_PIDFILE_DIR = "/run/kea-dhcp4";
KEA_LOCKFILE_DIR = "/run/kea-dhcp4";
};
restartTriggers = [
@ -348,6 +348,7 @@ in
"CAP_NET_BIND_SERVICE"
"CAP_NET_RAW"
];
RuntimeDirectory = "kea-dhcp4";
} // commonServiceConfig;
};
})
@ -376,8 +377,8 @@ in
];
environment = {
KEA_PIDFILE_DIR = "/run/kea";
KEA_LOCKFILE_DIR = "/run/kea";
KEA_PIDFILE_DIR = "/run/kea-dhcp6";
KEA_LOCKFILE_DIR = "/run/kea-dhcp6";
};
restartTriggers = [
@ -393,6 +394,7 @@ in
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE"
];
RuntimeDirectory = "kea-dhcp6";
} // commonServiceConfig;
};
})
@ -421,8 +423,8 @@ in
];
environment = {
KEA_PIDFILE_DIR = "/run/kea";
KEA_LOCKFILE_DIR = "/run/kea";
KEA_PIDFILE_DIR = "/run/kea-dhcp-ddns";
KEA_LOCKFILE_DIR = "/run/kea-dhcp-ddns";
};
restartTriggers = [
@ -437,6 +439,7 @@ in
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE"
];
RuntimeDirectory = "kea-dhcp-ddns";
} // commonServiceConfig;
};
})

233
nixos/modules/services/networking/rosenpass.nix Normal file
View File

@ -0,0 +1,233 @@
{ config
, lib
, options
, pkgs
, ...
}:
let
inherit (lib)
attrValues
concatLines
concatMap
filter
filterAttrsRecursive
flatten
getExe
mdDoc
mkIf
optional
;
cfg = config.services.rosenpass;
opt = options.services.rosenpass;
settingsFormat = pkgs.formats.toml { };
in
{
options.services.rosenpass =
let
inherit (lib)
literalExpression
mdDoc
mkOption
;
inherit (lib.types)
enum
listOf
nullOr
path
str
submodule
;
in
{
enable = lib.mkEnableOption (mdDoc "Rosenpass");
package = lib.mkPackageOption pkgs "rosenpass" { };
defaultDevice = mkOption {
type = nullOr str;
description = mdDoc "Name of the network interface to use for all peers by default.";
example = "wg0";
};
settings = mkOption {
type = submodule {
freeformType = settingsFormat.type;
options = {
public_key = mkOption {
type = path;
description = mdDoc "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`.";
};
secret_key = mkOption {
type = path;
description = mdDoc "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`.";
};
listen = mkOption {
type = listOf str;
description = mdDoc "List of local endpoints to listen for connections.";
default = [ ];
example = literalExpression "[ \"0.0.0.0:10000\" ]";
};
verbosity = mkOption {
type = enum [ "Verbose" "Quiet" ];
default = "Quiet";
description = mdDoc "Verbosity of output produced by the service.";
};
peers =
let
peer = submodule {
freeformType = settingsFormat.type;
options = {
public_key = mkOption {
type = path;
description = mdDoc "Path to a file containing the public key of the remote Rosenpass peer.";
};
endpoint = mkOption {
type = nullOr str;
default = null;
description = mdDoc "Endpoint of the remote Rosenpass peer.";
};
device = mkOption {
type = str;
default = cfg.defaultDevice;
defaultText = literalExpression "config.${opt.defaultDevice}";
description = mdDoc "Name of the local WireGuard interface to use for this peer.";
};
peer = mkOption {
type = str;
description = mdDoc "WireGuard public key corresponding to the remote Rosenpass peer.";
};
};
};
in
mkOption {
type = listOf peer;
description = mdDoc "List of peers to exchange keys with.";
default = [ ];
};
};
};
default = { };
description = mdDoc "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information.";
};
};
config = mkIf cfg.enable {
warnings =
let
# NOTE: In the descriptions below, we tried to refer to e.g.
# options.systemd.network.netdevs."<name>".wireguardPeers.*.PublicKey
# directly, but don't know how to traverse "<name>" and * in this path.
extractions = [
{
relevant = config.systemd.network.enable;
root = config.systemd.network.netdevs;
peer = (x: x.wireguardPeers);
key = (x: if x.wireguardPeerConfig ? PublicKey then x.wireguardPeerConfig.PublicKey else null);
description = mdDoc "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey";
}
{
relevant = config.networking.wireguard.enable;
root = config.networking.wireguard.interfaces;
peer = (x: x.peers);
key = (x: x.publicKey);
description = mdDoc "${options.networking.wireguard.interfaces}.\"<name>\".peers.*.publicKey";
}
rec {
relevant = root != { };
root = config.networking.wg-quick.interfaces;
peer = (x: x.peers);
key = (x: x.publicKey);
description = mdDoc "${options.networking.wg-quick.interfaces}.\"<name>\".peers.*.publicKey";
}
];
relevantExtractions = filter (x: x.relevant) extractions;
extract = { root, peer, key, ... }:
filter (x: x != null) (flatten (concatMap (x: (map key (peer x))) (attrValues root)));
configuredKeys = flatten (map extract relevantExtractions);
itemize = xs: concatLines (map (x: " - ${x}") xs);
descriptions = map (x: "`${x.description}`");
missingKeys = filter (key: !builtins.elem key configuredKeys) (map (x: x.peer) cfg.settings.peers);
unusual = ''
While this may work as expected, e.g. you want to manually configure WireGuard,
such a scenario is unusual. Please double-check your configuration.
'';
in
(optional (relevantExtractions != [ ] && missingKeys != [ ]) ''
You have configured Rosenpass peers with the WireGuard public keys:
${itemize missingKeys}
But there is no corresponding active Wireguard peer configuration in any of:
${itemize (descriptions relevantExtractions)}
${unusual}
'')
++
optional (relevantExtractions == [ ]) ''
You have configured Rosenpass, but you have not configured Wireguard via any of:
${itemize (descriptions extractions)}
${unusual}
'';
environment.systemPackages = [ cfg.package pkgs.wireguard-tools ];
systemd.services.rosenpass =
let
filterNonNull = filterAttrsRecursive (_: v: v != null);
config = settingsFormat.generate "config.toml" (
filterNonNull (cfg.settings
//
(
let
credentialPath = id: "$CREDENTIALS_DIRECTORY/${id}";
# NOTE: We would like to remove all `null` values inside `cfg.settings`
# recursively, since `settingsFormat.generate` cannot handle `null`.
# This would require to traverse both attribute sets and lists recursively.
# `filterAttrsRecursive` only recurses into attribute sets, but not
# into values that might contain other attribute sets (such as lists,
# e.g. `cfg.settings.peers`). Here, we just specialize on `cfg.settings.peers`,
# and this may break unexpectedly whenever a `null` value is contained
# in a list in `cfg.settings`, other than `cfg.settings.peers`.
peersWithoutNulls = map filterNonNull cfg.settings.peers;
in
{
secret_key = credentialPath "pqsk";
public_key = credentialPath "pqpk";
peers = peersWithoutNulls;
}
)
)
);
in
rec {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = [ cfg.package pkgs.wireguard-tools ];
serviceConfig = {
User = "rosenpass";
Group = "rosenpass";
RuntimeDirectory = "rosenpass";
DynamicUser = true;
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
LoadCredential = [
"pqsk:${cfg.settings.secret_key}"
"pqpk:${cfg.settings.public_key}"
];
};
# See <https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers>
environment.CONFIG = "%t/${serviceConfig.RuntimeDirectory}/config.toml";
preStart = "${getExe pkgs.envsubst} -i ${config} -o \"$CONFIG\"";
script = "rosenpass exchange-config \"$CONFIG\"";
};
};
}

28
nixos/modules/services/networking/syncthing.nix
View File

@ -10,6 +10,21 @@ let
settingsFormat = pkgs.formats.json { };
cleanedConfig = converge (filterAttrsRecursive (_: v: v != null && v != {})) cfg.settings;
isUnixGui = (builtins.substring 0 1 cfg.guiAddress) == "/";
# Syncthing supports serving the GUI over Unix sockets. If that happens, the
# API is served over the Unix socket as well. This function returns the correct
# curl arguments for the address portion of the curl command for both network
# and Unix socket addresses.
curlAddressArgs = path: if isUnixGui
# if cfg.guiAddress is a unix socket, tell curl explicitly about it
# note that the dot in front of `${path}` is the hostname, which is
# required.
then "--unix-socket ${cfg.guiAddress} http://.${path}"
# no adjustements are needed if cfg.guiAddress is a network address
else "${cfg.guiAddress}${path}"
;
devices = mapAttrsToList (_: device: device // {
deviceID = device.id;
}) cfg.settings.devices;
@ -62,14 +77,14 @@ let
GET_IdAttrName = "deviceID";
override = cfg.overrideDevices;
conf = devices;
baseAddress = "${cfg.guiAddress}/rest/config/devices";
baseAddress = curlAddressArgs "/rest/config/devices";
};
dirs = {
new_conf_IDs = map (v: v.id) folders;
GET_IdAttrName = "id";
override = cfg.overrideFolders;
conf = folders;
baseAddress = "${cfg.guiAddress}/rest/config/folders";
baseAddress = curlAddressArgs "/rest/config/folders";
};
} [
# Now for each of these attributes, write the curl commands that are
@ -117,15 +132,14 @@ let
builtins.attrNames
(lib.subtractLists ["folders" "devices"])
(map (subOption: ''
curl -X PUT -d ${lib.escapeShellArg (builtins.toJSON cleanedConfig.${subOption})} \
${cfg.guiAddress}/rest/config/${subOption}
curl -X PUT -d ${lib.escapeShellArg (builtins.toJSON cleanedConfig.${subOption})} ${curlAddressArgs "/rest/config/${subOption}"}
''))
(lib.concatStringsSep "\n")
]) + ''
# restart Syncthing if required
if curl ${cfg.guiAddress}/rest/config/restart-required |
if curl ${curlAddressArgs "/rest/config/restart-required"} |
${jq} -e .requiresRestart > /dev/null; then
curl -X POST ${cfg.guiAddress}/rest/system/restart
curl -X POST ${curlAddressArgs "/rest/system/restart"}
fi
'');
in {
@ -651,7 +665,7 @@ in {
ExecStart = ''
${cfg.package}/bin/syncthing \
-no-browser \
-gui-address=${cfg.guiAddress} \
-gui-address=${if isUnixGui then "unix://" else ""}${cfg.guiAddress} \
-home=${cfg.configDir} ${escapeShellArgs cfg.extraFlags}
'';
MemoryDenyWriteExecute = true;

2
nixos/modules/services/networking/wpa_supplicant.nix
View File

@ -530,5 +530,5 @@ in {
'';
};
meta.maintainers = with lib.maintainers; [ globin rnhmjoj ];
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
}

17
nixos/modules/services/web-apps/akkoma.nix
View File

@ -282,11 +282,11 @@ let
AKKOMA_CONFIG_PATH="$RUNTIME_DIRECTORY/config.exs" \
ERL_EPMD_ADDRESS="${cfg.dist.address}" \
ERL_EPMD_PORT="${toString cfg.dist.epmdPort}" \
ERL_FLAGS="${concatStringsSep " " [
"-kernel inet_dist_use_interface '${erlAddr cfg.dist.address}'"
"-kernel inet_dist_listen_min ${toString cfg.dist.portMin}"
"-kernel inet_dist_listen_max ${toString cfg.dist.portMax}"
]}" \
ERL_FLAGS=${lib.escapeShellArg (lib.escapeShellArgs ([
"-kernel" "inet_dist_use_interface" (erlAddr cfg.dist.address)
"-kernel" "inet_dist_listen_min" (toString cfg.dist.portMin)
"-kernel" "inet_dist_listen_max" (toString cfg.dist.portMax)
] ++ cfg.dist.extraFlags))} \
RELEASE_COOKIE="$(<"$RUNTIME_DIRECTORY/cookie")" \
RELEASE_NAME="akkoma" \
exec "${cfg.package}/bin/$(basename "$0")" "$@"
@ -553,6 +553,13 @@ in {
description = mdDoc "TCP port to bind Erlang Port Mapper Daemon to.";
};
extraFlags = mkOption {
type = with types; listOf str;
default = [ ];
description = mdDoc "Extra flags to pass to Erlang";
example = [ "+sbwt" "none" "+sbwtdcpu" "none" "+sbwtdio" "none" ];
};
portMin = mkOption {
type = types.port;
default = 49152;

100
nixos/modules/services/web-apps/lanraragi.nix Normal file
View File

@ -0,0 +1,100 @@
{ pkgs, lib, config, ... }:
let
cfg = config.services.lanraragi;
in
{
meta.maintainers = with lib.maintainers; [ tomasajt ];
options.services = {
lanraragi = {
enable = lib.mkEnableOption (lib.mdDoc "LANraragi");
package = lib.mkPackageOptionMD pkgs "lanraragi" { };
port = lib.mkOption {
type = lib.types.port;
default = 3000;
description = lib.mdDoc "Port for LANraragi's web interface.";
};
passwordFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/lanraragi-password";
description = lib.mdDoc ''
A file containing the password for LANraragi's admin interface.
'';
};
redis = {
port = lib.mkOption {
type = lib.types.port;
default = 6379;
description = lib.mdDoc "Port for LANraragi's Redis server.";
};
passwordFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/redis-lanraragi-password";
description = lib.mdDoc ''
A file containing the password for LANraragi's Redis server.
'';
};
};
};
};
config = lib.mkIf cfg.enable {
services.redis.servers.lanraragi = {
enable = true;
port = cfg.redis.port;
requirePassFile = cfg.redis.passwordFile;
};
systemd.services.lanraragi = {
description = "LANraragi main service";
after = [ "network.target" "redis-lanraragi.service" ];
requires = [ "redis-lanraragi.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = lib.getExe cfg.package;
DynamicUser = true;
StateDirectory = "lanraragi";
RuntimeDirectory = "lanraragi";
LogsDirectory = "lanraragi";
Restart = "on-failure";
WorkingDirectory = "/var/lib/lanraragi";
};
environment = {
"LRR_TEMP_DIRECTORY" = "/run/lanraragi";
"LRR_LOG_DIRECTORY" = "/var/log/lanraragi";
"LRR_NETWORK" = "http://*:${toString cfg.port}";
"HOME" = "/var/lib/lanraragi";
};
preStart = ''
REDIS_PASS=${lib.optionalString (cfg.redis.passwordFile != null) "$(head -n1 ${cfg.redis.passwordFile})"}
cat > lrr.conf <<EOF
{
redis_address => "127.0.0.1:${toString cfg.redis.port}",
redis_password => "$REDIS_PASS",
redis_database => "0",
redis_database_minion => "1",
redis_database_config => "2",
redis_database_search => "3",
}
EOF
'' + lib.optionalString (cfg.passwordFile != null) ''
PASS_HASH=$(
PASS=$(head -n1 ${cfg.passwordFile}) ${cfg.package.perlEnv}/bin/perl -I${cfg.package}/share/lanraragi/lib -e \
'use LANraragi::Controller::Config; print LANraragi::Controller::Config::make_password_hash($ENV{PASS})' \
2>/dev/null
)
${lib.getExe pkgs.redis} -h 127.0.0.1 -p ${toString cfg.redis.port} -a "$REDIS_PASS" <<EOF
SELECT 2
HSET LRR_CONFIG password $PASS_HASH
EOF
'';
};
};
}

2
nixos/modules/services/web-servers/jboss/builder.sh
View File

@ -1,6 +1,6 @@
set -e
if [ -e .attrs.sh ]; then source .attrs.sh; fi
if [ -e "$NIX_ATTRS_SH_FILE" ]; then . "$NIX_ATTRS_SH_FILE"; elif [ -f .attrs.sh ]; then . .attrs.sh; fi
source $stdenv/setup
mkdir -p $out/bin

104
nixos/modules/system/boot/systemd/tmpfiles.nix
View File

@ -20,6 +20,102 @@ in
'';
};
systemd.tmpfiles.settings = mkOption {
description = lib.mdDoc ''
Declare systemd-tmpfiles rules to create, delete, and clean up volatile
and temporary files and directories.
Even though the service is called `*tmp*files` you can also create
persistent files.
'';
example = {
"10-mypackage" = {
"/var/lib/my-service/statefolder".d = {
mode = "0755";
user = "root";
group = "root";
};
};
};
default = {};
type = types.attrsOf (types.attrsOf (types.attrsOf (types.submodule ({ name, config, ... }: {
options.type = mkOption {
type = types.str;
default = name;
example = "d";
description = lib.mdDoc ''
The type of operation to perform on the file.
The type consists of a single letter and optionally one or more
modifier characters.
Please see the upstream documentation for the available types and
more details:
<https://www.freedesktop.org/software/systemd/man/tmpfiles.d>
'';
};
options.mode = mkOption {
type = types.str;
default = "-";
example = "0755";
description = lib.mdDoc ''
The file access mode to use when creating this file or directory.
'';
};
options.user = mkOption {
type = types.str;
default = "-";
example = "root";
description = lib.mdDoc ''
The user of the file.
This may either be a numeric ID or a user/group name.
If omitted or when set to `"-"`, the user and group of the user who
invokes systemd-tmpfiles is used.
'';
};
options.group = mkOption {
type = types.str;
default = "-";
example = "root";
description = lib.mdDoc ''
The group of the file.
This may either be a numeric ID or a user/group name.
If omitted or when set to `"-"`, the user and group of the user who
invokes systemd-tmpfiles is used.
'';
};
options.age = mkOption {
type = types.str;
default = "-";
example = "10d";
description = lib.mdDoc ''
Delete a file when it reaches a certain age.
If a file or directory is older than the current time minus the age
field, it is deleted.
If set to `"-"` no automatic clean-up is done.
'';
};
options.argument = mkOption {
type = types.str;
default = "";
example = "";
description = lib.mdDoc ''
An argument whose meaning depends on the type of operation.
Please see the upstream documentation for the meaning of this
parameter in different situations:
<https://www.freedesktop.org/software/systemd/man/tmpfiles.d>
'';
};
}))));
};
systemd.tmpfiles.packages = mkOption {
type = types.listOf types.package;
default = [];
@ -100,7 +196,13 @@ in
${concatStringsSep "\n" cfg.rules}
'';
})
];
] ++ (mapAttrsToList (name: paths:
pkgs.writeTextDir "lib/tmpfiles.d/${name}.conf" (concatStrings (mapAttrsToList (path: types:
concatStrings (mapAttrsToList (_type: entry: ''
'${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${entry.argument}
'') types)
) paths ))
) cfg.settings);
systemd.tmpfiles.rules = [
"d /nix/var 0755 root root - -"

51
nixos/modules/tasks/filesystems/bcachefs.nix
View File

@ -6,23 +6,39 @@ let
bootFs = filterAttrs (n: fs: (fs.fsType == "bcachefs") && (utils.fsNeededForBoot fs)) config.fileSystems;
mountCommand = pkgs.runCommand "mount.bcachefs" {} ''
mkdir -p $out/bin
cat > $out/bin/mount.bcachefs <<EOF
#!/bin/sh
exec "/bin/bcachefs" mount "\$@"
EOF
chmod +x $out/bin/mount.bcachefs
'';
commonFunctions = ''
prompt() {
local name="$1"
printf "enter passphrase for $name: "
}
tryUnlock() {
local name="$1"
local path="$2"
local success=false
local target
local uuid=$(echo -n $path | sed -e 's,UUID=\(.*\),\1,g')
printf "waiting for device to appear $path"
for try in $(seq 10); do
if [ -e $path ]; then
success=true
break
else
target=$(blkid --uuid $uuid)
if [ $? == 0 ]; then
success=true
break
fi
fi
echo -n "."
sleep 1
done
printf "\n"
if [ $success == true ]; then
path=$target
fi
if bcachefs unlock -c $path > /dev/null 2> /dev/null; then # test for encryption
prompt $name
until bcachefs unlock $path 2> /dev/null; do # repeat until successfully unlocked
@ -30,6 +46,8 @@ let
prompt $name
done
printf "unlocking successful.\n"
else
echo "Cannot unlock device $uuid with path $path" >&2
fi
}
'';
@ -51,28 +69,25 @@ in
{
config = mkIf (elem "bcachefs" config.boot.supportedFilesystems) (mkMerge [
{
# We do not want to include bachefs in the fsPackages for systemd-initrd
# because we provide the unwrapped version of mount.bcachefs
# through the extraBin option, which will make it available for use.
system.fsPackages = lib.optional (!config.boot.initrd.systemd.enable) pkgs.bcachefs-tools;
environment.systemPackages = lib.optional (config.boot.initrd.systemd.enable) pkgs.bcachefs-tools;
# needed for systemd-remount-fs
system.fsPackages = [ pkgs.bcachefs-tools ];
# use kernel package with bcachefs support until it's in mainline
# TODO replace with requireKernelConfig
boot.kernelPackages = pkgs.linuxPackages_testing_bcachefs;
}
(mkIf ((elem "bcachefs" config.boot.initrd.supportedFilesystems) || (bootFs != {})) {
# chacha20 and poly1305 are required only for decryption attempts
boot.initrd.availableKernelModules = [ "bcachefs" "sha256" "chacha20" "poly1305" ];
boot.initrd.systemd.extraBin = {
# do we need this? boot/systemd.nix:566 & boot/systemd/initrd.nix:357
"bcachefs" = "${pkgs.bcachefs-tools}/bin/bcachefs";
"mount.bcachefs" = "${mountCommand}/bin/mount.bcachefs";
"mount.bcachefs" = "${pkgs.bcachefs-tools}/bin/mount.bcachefs";
};
boot.initrd.extraUtilsCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/bcachefs
copy_bin_and_libs ${mountCommand}/bin/mount.bcachefs
copy_bin_and_libs ${pkgs.bcachefs-tools}/bin/mount.bcachefs
'';
boot.initrd.extraUtilsCommandsTest = ''
$out/bin/bcachefs version

18
nixos/modules/virtualisation/lxc-container.nix
View File

@ -37,7 +37,6 @@ in {
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# TODO: build rootfs as squashfs for faster unpack
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
extraArgs = "--owner=0";
@ -64,6 +63,23 @@ in {
extraCommands = "mkdir -p proc sys dev";
};
system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {
fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";
noStrip = true; # keep directory structure
comp = "zstd -Xcompression-level 6";
storeContents = [config.system.build.toplevel];
pseudoFiles = [
"/sbin d 0755 0 0"
"/sbin/init s 0555 0 0 ${config.system.build.toplevel}/init"
"/dev d 0755 0 0"
"/proc d 0555 0 0"
"/sys d 0555 0 0"
];
};
system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
#!${pkgs.runtimeShell}
${pkgs.coreutils}/bin/ln -fs "$1/init" /sbin/init

4
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -690,8 +690,8 @@ in
package =
mkOption {
type = types.package;
default = hostPkgs.qemu_kvm;
defaultText = literalExpression "config.virtualisation.host.pkgs.qemu_kvm";
default = if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then hostPkgs.qemu_kvm else hostPkgs.qemu;
defaultText = literalExpression "if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then config.virtualisation.host.pkgs.qemu_kvm else config.virtualisation.host.pkgs.qemu";
example = literalExpression "pkgs.qemu_test";
description = lib.mdDoc "QEMU package to use.";
};

2
nixos/release-combined.nix
View File

@ -97,6 +97,7 @@ in rec {
(onSystems ["x86_64-linux"] "nixos.tests.installer.simpleUefiSystemdBoot")
(onSystems ["x86_64-linux"] "nixos.tests.installer.simple")
(onSystems ["x86_64-linux"] "nixos.tests.installer.swraid")
(onSystems ["x86_64-linux"] "nixos.tests.nixos-rebuild-specialisations")
(onFullSupported "nixos.tests.ipv6")
(onFullSupported "nixos.tests.keymap.azerty")
(onFullSupported "nixos.tests.keymap.colemak")
@ -163,7 +164,6 @@ in rec {
(onFullSupported "nixos.tests.switchTest")
(onFullSupported "nixos.tests.udisks2")
(onFullSupported "nixos.tests.xfce")
(onSystems ["i686-linux"] "nixos.tests.zfs.installer")
(onFullSupported "nixpkgs.emacs")
(onFullSupported "nixpkgs.jdk")
["nixpkgs.tarball"]

15
nixos/release.nix
View File

@ -328,6 +328,21 @@ in rec {
);
lxdContainerImageSquashfs = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:
with import ./.. { inherit system; };
hydraJob ((import lib/eval-config.nix {
inherit system;
modules =
[ configuration
versionModule
./maintainers/scripts/lxd/lxd-container-image.nix
];
}).config.system.build.squashfs)
);
# Metadata for the lxd image
lxdContainerMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:

6
nixos/tests/all-tests.nix
View File

@ -248,6 +248,7 @@ in {
ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {};
ecryptfs = handleTest ./ecryptfs.nix {};
fscrypt = handleTest ./fscrypt.nix {};
fastnetmon-advanced = runTest ./fastnetmon-advanced.nix;
ejabberd = handleTest ./xmpp/ejabberd.nix {};
elk = handleTestOn ["x86_64-linux"] ./elk.nix {};
emacs-daemon = handleTest ./emacs-daemon.nix {};
@ -431,6 +432,7 @@ in {
kubo = import ./kubo { inherit recurseIntoAttrs runTest; };
ladybird = handleTest ./ladybird.nix {};
languagetool = handleTest ./languagetool.nix {};
lanraragi = handleTest ./lanraragi.nix {};
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
leaps = handleTest ./leaps.nix {};
lemmy = handleTest ./lemmy.nix {};
@ -569,7 +571,8 @@ in {
nix-serve-ssh = handleTest ./nix-serve-ssh.nix {};
nixops = handleTest ./nixops/default.nix {};
nixos-generate-config = handleTest ./nixos-generate-config.nix {};
nixos-rebuild-specialisations = handleTest ./nixos-rebuild-specialisations.nix {};
nixos-rebuild-install-bootloader = handleTestOn ["x86_64-linux"] ./nixos-rebuild-install-bootloader.nix {};
nixos-rebuild-specialisations = handleTestOn ["x86_64-linux"] ./nixos-rebuild-specialisations.nix {};
nixpkgs = pkgs.callPackage ../modules/misc/nixpkgs/test.nix { inherit evalMinimalConfig; };
node-red = handleTest ./node-red.nix {};
nomad = handleTest ./nomad.nix {};
@ -702,6 +705,7 @@ in {
rkvm = handleTest ./rkvm {};
robustirc-bridge = handleTest ./robustirc-bridge.nix {};
roundcube = handleTest ./roundcube.nix {};
rosenpass = handleTest ./rosenpass.nix {};
rshim = handleTest ./rshim.nix {};
rspamd = handleTest ./rspamd.nix {};
rss2email = handleTest ./rss2email.nix {};

3
nixos/tests/cockpit.nix
View File

@ -50,7 +50,8 @@ import ./make-test-python.nix (
options = Options()
options.add_argument("--headless")
driver = webdriver.Firefox(options=options)
service = webdriver.FirefoxService(executable_path="${lib.getExe pkgs.geckodriver}") # noqa: E501
driver = webdriver.Firefox(options=options, service=service)
driver.implicitly_wait(10)

65
nixos/tests/fastnetmon-advanced.nix Normal file
View File

@ -0,0 +1,65 @@
{ pkgs, lib, ... }:
{
name = "fastnetmon-advanced";
meta.maintainers = lib.teams.wdz.members;
nodes = {
bird = { ... }: {
networking.firewall.allowedTCPPorts = [ 179 ];
services.bird2 = {
enable = true;
config = ''
router id 192.168.1.1;
protocol bgp fnm {
local 192.168.1.1 as 64513;
neighbor 192.168.1.2 as 64514;
multihop;
ipv4 {
import all;
export none;
};
}
'';
};
};
fnm = { ... }: {
networking.firewall.allowedTCPPorts = [ 179 ];
services.fastnetmon-advanced = {
enable = true;
settings = {
networks_list = [ "172.23.42.0/24" ];
gobgp = true;
gobgp_flow_spec_announces = true;
};
bgpPeers = {
bird = {
local_asn = 64514;
remote_asn = 64513;
local_address = "192.168.1.2";
remote_address = "192.168.1.1";
description = "Bird";
ipv4_unicast = true;
multihop = true;
active = true;
};
};
};
};
};
testScript = { nodes, ... }: ''
start_all()
fnm.wait_for_unit("fastnetmon.service")
bird.wait_for_unit("bird2.service")
fnm.wait_until_succeeds('journalctl -eu fastnetmon.service | grep "BGP daemon restarted correctly"')
fnm.wait_until_succeeds("journalctl -eu gobgp.service | grep BGP_FSM_OPENCONFIRM")
bird.wait_until_succeeds("birdc show protocol fnm | grep Estab")
fnm.wait_until_succeeds('journalctl -eu fastnetmon.service | grep "API server listening"')
fnm.succeed("fcli set blackhole 172.23.42.123")
bird.succeed("birdc show route | grep 172.23.42.123")
'';
}

23
nixos/tests/forgejo.nix
View File

@ -37,7 +37,7 @@ let
settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
settings.actions.ENABLED = true;
};
environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq ];
environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq pkgs.file ];
services.openssh.enable = true;
specialisation.runner = {
@ -53,6 +53,14 @@ let
tokenFile = "/var/lib/forgejo/runner_token";
};
};
specialisation.dump = {
inheritParentConfig = true;
configuration.services.forgejo.dump = {
enable = true;
type = "tar.zst";
file = "dump.tar.zst";
};
};
};
client1 = { config, pkgs, ... }: {
environment.systemPackages = [ pkgs.git ];
@ -66,8 +74,10 @@ let
let
inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
serverSystem = nodes.server.system.build.toplevel;
dumpFile = with nodes.server.specialisation.dump.configuration.services.forgejo.dump; "${backupDir}/${file}";
in
''
import json
GIT_SSH_COMMAND = "ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no"
REPO = "forgejo@server:test/repo"
PRIVK = "${snakeOilPrivateKey}"
@ -137,6 +147,11 @@ let
client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git clone {REPO}")
client2.succeed('test "$(cat repo/testfile | xargs echo -n)" = "hello world"')
with subtest("Testing git protocol version=2 over ssh"):
git_protocol = client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' GIT_TRACE2_EVENT=true git -C repo fetch |& grep negotiated-version")
version = json.loads(git_protocol).get("value")
assert version == "2", f"git did not negotiate protocol version 2, but version {version} instead."
server.wait_until_succeeds(
'test "$(curl http://localhost:3000/api/v1/repos/test/repo/commits '
+ '-H "Accept: application/json" | jq length)" = "1"',
@ -150,6 +165,12 @@ let
server.succeed("${serverSystem}/specialisation/runner/bin/switch-to-configuration test")
server.wait_for_unit("gitea-runner-test.service")
server.succeed("journalctl -o cat -u gitea-runner-test.service | grep -q 'Runner registered successfully'")
with subtest("Testing backup service"):
server.succeed("${serverSystem}/specialisation/dump/bin/switch-to-configuration test")
server.systemctl("start forgejo-dump")
assert "Zstandard compressed data" in server.succeed("file ${dumpFile}")
server.copy_from_vm("${dumpFile}")
'';
});
in

32
nixos/tests/installer.nix
View File

@ -69,8 +69,8 @@ let
# disk, and then reboot from the hard disk. It's parameterized with
# a test script fragment `createPartitions', which must create
# partitions and filesystems.
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi
, grubIdentifier, preBootCommands, postBootCommands, extraConfig
testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier
, postInstallCommands, preBootCommands, postBootCommands, extraConfig
, testSpecialisationConfig, testFlakeSwitch
}:
let iface = "virtio";
@ -153,6 +153,8 @@ let
"""
)
${postInstallCommands}
with subtest("Shutdown system after installation"):
machine.succeed("umount -R /mnt")
machine.succeed("sync")
@ -368,7 +370,9 @@ let
makeInstallerTest = name:
{ createPartitions, preBootCommands ? "", postBootCommands ? "", extraConfig ? ""
{ createPartitions
, postInstallCommands ? "", preBootCommands ? "", postBootCommands ? ""
, extraConfig ? ""
, extraInstallerConfig ? {}
, bootLoader ? "grub" # either "grub" or "systemd-boot"
, grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false
@ -479,7 +483,7 @@ let
};
testScript = testScriptFun {
inherit bootLoader createPartitions preBootCommands postBootCommands
inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands
grubDevice grubIdentifier grubUseEfi extraConfig
testSpecialisationConfig testFlakeSwitch;
};
@ -682,20 +686,32 @@ in {
createPartitions = ''
machine.succeed(
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
+ " mkpart primary linux-swap 1M 1024M"
+ " mkpart primary 1024M -1s",
+ " mkpart primary 1M 100MB" # bpool
+ " mkpart primary linux-swap 100M 1024M"
+ " mkpart primary 1024M -1s", # rpool
"udevadm settle",
"mkswap /dev/vda1 -L swap",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
"zpool create rpool /dev/vda2",
"zpool create rpool /dev/vda3",
"zfs create -o mountpoint=legacy rpool/root",
"mount -t zfs rpool/root /mnt",
"zfs create -o mountpoint=legacy rpool/root/usr",
"mkdir /mnt/usr",
"mount -t zfs rpool/root/usr /mnt/usr",
"zpool create -o compatibility=grub2 bpool /dev/vda1",
"zfs create -o mountpoint=legacy bpool/boot",
"mkdir /mnt/boot",
"mount -t zfs bpool/boot /mnt/boot",
"udevadm settle",
)
'';
# umount & export bpool before shutdown
# this is a fix for "cannot import 'bpool': pool was previously in use from another system."
postInstallCommands = ''
machine.succeed("umount /mnt/boot")
machine.succeed("zpool export bpool")
'';
};
# Create two physical LVM partitions combined into one volume group

40
nixos/tests/lanraragi.nix Normal file
View File

@ -0,0 +1,40 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "lanraragi";
meta.maintainers = with lib.maintainers; [ tomasajt ];
nodes = {
machine1 = { pkgs, ... }: {
services.lanraragi.enable = true;
};
machine2 = { pkgs, ... }: {
services.lanraragi = {
enable = true;
passwordFile = pkgs.writeText "lrr-test-pass" ''
ultra-secure-password
'';
port = 4000;
redis = {
port = 4001;
passwordFile = pkgs.writeText "redis-lrr-test-pass" ''
still-a-very-secure-password
'';
};
};
};
};
testScript = ''
start_all()
machine1.wait_for_unit("lanraragi.service")
machine1.wait_until_succeeds("curl -f localhost:3000")
machine1.succeed("[ $(curl -o /dev/null -X post 'http://localhost:3000/login' --data-raw 'password=kamimamita' -w '%{http_code}') -eq 302 ]")
machine2.wait_for_unit("lanraragi.service")
machine2.wait_until_succeeds("curl -f localhost:4000")
machine2.succeed("[ $(curl -o /dev/null -X post 'http://localhost:4000/login' --data-raw 'password=ultra-secure-password' -w '%{http_code}') -eq 302 ]")
'';
})

13
nixos/tests/lxd/container.nix
View File

@ -13,6 +13,7 @@ let
lxd-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};
lxd-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};
lxd-image-rootfs-squashfs = releases.lxdContainerImageSquashfs.${pkgs.stdenv.hostPlatform.system};
in {
name = "lxd-container";
@ -23,7 +24,7 @@ in {
nodes.machine = { lib, ... }: {
virtualisation = {
diskSize = 4096;
diskSize = 6144;
# Since we're testing `limits.cpu`, we've gotta have a known number of
# cores to lean on
@ -65,6 +66,16 @@ in {
machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")
machine.succeed("lxc delete -f container")
with subtest("Squashfs image is functional"):
machine.succeed(
"lxc image import ${lxd-image-metadata}/*/*.tar.xz ${lxd-image-rootfs-squashfs} --alias nixos-squashfs"
)
machine.succeed("lxc launch nixos-squashfs container")
with machine.nested("Waiting for instance to start and be usable"):
retry(instance_is_up)
machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")
machine.succeed("lxc delete -f container")
with subtest("Container is mounted with lxcfs inside"):
machine.succeed("lxc launch nixos container")
with machine.nested("Waiting for instance to start and be usable"):

4
nixos/tests/misc.nix
View File

@ -13,6 +13,7 @@ in {
environment.variables.EDITOR = lib.mkOverride 0 "emacs";
documentation.nixos.enable = lib.mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
systemd.tmpfiles.settings."10-test"."/tmp/somefile".d = {};
virtualisation.fileSystems = { "/tmp2" =
{ fsType = "tmpfs";
options = [ "mode=1777" "noauto" ];
@ -117,6 +118,9 @@ in {
)
machine.fail("[ -e /tmp/foo ]")
with subtest("whether systemd-tmpfiles settings works"):
machine.succeed("[ -e /tmp/somefile ]")
with subtest("whether automounting works"):
machine.fail("grep '/tmp2 tmpfs' /proc/mounts")
machine.succeed("touch /tmp2/x")

73
nixos/tests/nixos-rebuild-install-bootloader.nix Normal file
View File

@ -0,0 +1,73 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nixos-rebuild-install-bootloader";
nodes = {
machine = { lib, pkgs, ... }: {
imports = [
../modules/profiles/installation-device.nix
../modules/profiles/base.nix
];
nix.settings = {
substituters = lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = 1;
};
system.includeBuildDependencies = true;
virtualisation = {
cores = 2;
memorySize = 2048;
};
virtualisation.useBootLoader = true;
};
};
testScript =
let
configFile = pkgs.writeText "configuration.nix" ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
<nixpkgs/nixos/modules/testing/test-instrumentation.nix>
];
boot.loader.grub = {
enable = true;
device = "/dev/vda";
forceInstall = true;
};
documentation.enable = false;
}
'';
in
''
machine.start()
machine.succeed("udevadm settle")
machine.wait_for_unit("multi-user.target")
machine.succeed("nixos-generate-config")
machine.copy_from_host(
"${configFile}",
"/etc/nixos/configuration.nix",
)
machine.succeed("nixos-rebuild switch")
# Need to run `nixos-rebuild` twice because the first run will install
# GRUB anyway
with subtest("Switch system again and install bootloader"):
result = machine.succeed("nixos-rebuild switch --install-bootloader")
# install-grub2.pl messages
assert "updating GRUB 2 menu..." in result
assert "installing the GRUB 2 boot loader on /dev/vda..." in result
# GRUB message
assert "Installation finished. No error reported." in result
# at this point we've tested regression #262724, but haven't tested the bootloader itself
# TODO: figure out how to how to tell the test driver to start the bootloader instead of
# booting into the kernel directly.
'';
})

14
nixos/tests/openssh.nix
View File

@ -22,7 +22,7 @@ in {
];
};
server_lazy =
server-lazy =
{ ... }:
{
@ -34,7 +34,7 @@ in {
];
};
server_localhost_only =
server-localhost-only =
{ ... }:
{
@ -43,7 +43,7 @@ in {
};
};
server_localhost_only_lazy =
server-localhost-only-lazy =
{ ... }:
{
@ -52,7 +52,7 @@ in {
};
};
server_match_rule =
server-match-rule =
{ ... }:
{
@ -119,11 +119,11 @@ in {
)
client.succeed(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'echo hello world' >&2",
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server-lazy 'echo hello world' >&2",
timeout=30
)
client.succeed(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'ulimit -l' | grep 1024",
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server-lazy 'ulimit -l' | grep 1024",
timeout=30
)
@ -137,7 +137,7 @@ in {
timeout=30
)
client.succeed(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server_lazy true",
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-lazy true",
timeout=30
)

6
nixos/tests/prometheus-exporters.nix
View File

@ -416,8 +416,8 @@ let
};
kea = let
controlSocketPathV4 = "/run/kea/dhcp4.sock";
controlSocketPathV6 = "/run/kea/dhcp6.sock";
controlSocketPathV4 = "/run/kea-dhcp4/dhcp4.sock";
controlSocketPathV6 = "/run/kea-dhcp6/dhcp6.sock";
in
{
exporterConfig = {
@ -512,7 +512,7 @@ let
wait_for_unit("knot.service")
wait_for_unit("prometheus-knot-exporter.service")
wait_for_open_port(9433)
succeed("curl -sSf 'localhost:9433' | grep 'knot_server_zone_count 1.0'")
succeed("curl -sSf 'localhost:9433' | grep '2\.019031301'")
'';
};

217
nixos/tests/rosenpass.nix Normal file
View File

@ -0,0 +1,217 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
deviceName = "rp0";
server = {
ip = "fe80::1";
wg = {
public = "mQufmDFeQQuU/fIaB2hHgluhjjm1ypK4hJr1cW3WqAw=";
secret = "4N5Y1dldqrpsbaEiY8O0XBUGUFf8vkvtBtm8AoOX7Eo=";
listen = 10000;
};
};
client = {
ip = "fe80::2";
wg = {
public = "Mb3GOlT7oS+F3JntVKiaD7SpHxLxNdtEmWz/9FMnRFU=";
secret = "uC5dfGMv7Oxf5UDfdPkj6rZiRZT2dRWp5x8IQxrNcUE=";
};
};
in
{
name = "rosenpass";
nodes =
let
shared = peer: { config, modulesPath, ... }: {
imports = [ "${modulesPath}/services/networking/rosenpass.nix" ];
boot.kernelModules = [ "wireguard" ];
services.rosenpass = {
enable = true;
defaultDevice = deviceName;
settings = {
verbosity = "Verbose";
public_key = "/etc/rosenpass/pqpk";
secret_key = "/etc/rosenpass/pqsk";
};
};
networking.firewall.allowedUDPPorts = [ 9999 ];
systemd.network = {
enable = true;
networks."rosenpass" = {
matchConfig.Name = deviceName;
networkConfig.IPForward = true;
address = [ "${peer.ip}/64" ];
};
netdevs."10-rp0" = {
netdevConfig = {
Kind = "wireguard";
Name = deviceName;
};
wireguardConfig.PrivateKeyFile = "/etc/wireguard/wgsk";
};
};
environment.etc."wireguard/wgsk" = {
text = peer.wg.secret;
user = "systemd-network";
group = "systemd-network";
};
};
in
{
server = {
imports = [ (shared server) ];
networking.firewall.allowedUDPPorts = [ server.wg.listen ];
systemd.network.netdevs."10-${deviceName}" = {
wireguardConfig.ListenPort = server.wg.listen;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "::/0" ];
PublicKey = client.wg.public;
};
}
];
};
services.rosenpass.settings = {
listen = [ "0.0.0.0:9999" ];
peers = [
{
public_key = "/etc/rosenpass/peers/client/pqpk";
peer = client.wg.public;
}
];
};
};
client = {
imports = [ (shared client) ];
systemd.network.netdevs."10-${deviceName}".wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "::/0" ];
PublicKey = server.wg.public;
Endpoint = "server:${builtins.toString server.wg.listen}";
};
}
];
services.rosenpass.settings.peers = [
{
public_key = "/etc/rosenpass/peers/server/pqpk";
endpoint = "server:9999";
peer = server.wg.public;
}
];
};
};
testScript = { ... }: ''
from os import system
# Full path to rosenpass in the store, to avoid fiddling with `$PATH`.
rosenpass = "${pkgs.rosenpass}/bin/rosenpass"
# Path in `/etc` where keys will be placed.
etc = "/etc/rosenpass"
start_all()
for machine in [server, client]:
machine.wait_for_unit("multi-user.target")
# Gently stop Rosenpass to avoid crashes during key generation/distribution.
for machine in [server, client]:
machine.execute("systemctl stop rosenpass.service")
for (name, machine, remote) in [("server", server, client), ("client", client, server)]:
pk, sk = f"{name}.pqpk", f"{name}.pqsk"
system(f"{rosenpass} gen-keys --force --secret-key {sk} --public-key {pk}")
machine.copy_from_host(sk, f"{etc}/pqsk")
machine.copy_from_host(pk, f"{etc}/pqpk")
remote.copy_from_host(pk, f"{etc}/peers/{name}/pqpk")
for machine in [server, client]:
machine.execute("systemctl start rosenpass.service")
for machine in [server, client]:
machine.wait_for_unit("rosenpass.service")
with subtest("ping"):
client.succeed("ping -c 2 -i 0.5 ${server.ip}%${deviceName}")
with subtest("preshared-keys"):
# Rosenpass works by setting the WireGuard preshared key at regular intervals.
# Thus, if it is not active, then no key will be set, and the output of `wg show` will contain "none".
# Otherwise, if it is active, then the key will be set and "none" will not be found in the output of `wg show`.
for machine in [server, client]:
machine.wait_until_succeeds("wg show all preshared-keys | grep --invert-match none", timeout=5)
'';
# NOTE: Below configuration is for "interactive" (=developing/debugging) only.
interactive.nodes =
let
inherit (import ./ssh-keys.nix pkgs) snakeOilPublicKey snakeOilPrivateKey;
sshAndKeyGeneration = {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
environment.systemPackages = [
(pkgs.writeShellApplication {
name = "gen-keys";
runtimeInputs = [ pkgs.rosenpass ];
text = ''
HOST="$(hostname)"
if [ "$HOST" == "server" ]
then
PEER="client"
else
PEER="server"
fi
# Generate keypair.
mkdir -vp /etc/rosenpass/peers/$PEER
rosenpass gen-keys --force --secret-key /etc/rosenpass/pqsk --public-key /etc/rosenpass/pqpk
# Set up SSH key.
mkdir -p /root/.ssh
cp ${snakeOilPrivateKey} /root/.ssh/id_ecdsa
chmod 0400 /root/.ssh/id_ecdsa
# Copy public key to other peer.
# shellcheck disable=SC2029
ssh -o StrictHostKeyChecking=no $PEER "mkdir -pv /etc/rosenpass/peers/$HOST"
scp /etc/rosenpass/pqpk "$PEER:/etc/rosenpass/peers/$HOST/pqpk"
'';
})
];
};
# Use kmscon <https://www.freedesktop.org/wiki/Software/kmscon/>
# to provide a slightly nicer console, and while we're at it,
# also use a nice font.
# With kmscon, we can for example zoom in/out using [Ctrl] + [+]
# and [Ctrl] + [-]
niceConsoleAndAutologin.services.kmscon = {
enable = true;
autologinUser = "root";
fonts = [{
name = "Fira Code";
package = pkgs.fira-code;
}];
};
in
{
server = sshAndKeyGeneration // niceConsoleAndAutologin;
client = sshAndKeyGeneration // niceConsoleAndAutologin;
};
})

4
nixos/tests/stratis/encryption.nix
View File

@ -26,7 +26,7 @@ import ../make-test-python.nix ({ pkgs, ... }:
# test rebinding encrypted pool
machine.succeed("stratis pool rebind keyring testpool testkey2")
# test restarting encrypted pool
machine.succeed("stratis pool stop testpool")
machine.succeed("stratis pool start --name testpool --unlock-method keyring")
machine.succeed("stratis pool stop --name testpool")
machine.succeed("stratis pool start --name testpool --unlock-method keyring")
'';
})

16
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -1,29 +1,19 @@
{ stdenv, lib, fetchFromGitHub, fetchpatch, buildPackages, pkg-config, cmake
{ stdenv, lib, fetchFromGitHub, buildPackages, pkg-config, cmake
, alsa-lib, glib, libjack2, libsndfile, libpulseaudio
, AppKit, AudioUnit, CoreAudio, CoreMIDI, CoreServices
}:
stdenv.mkDerivation rec {
pname = "fluidsynth";
version = "2.3.3";
version = "2.3.4";
src = fetchFromGitHub {
owner = "FluidSynth";
repo = "fluidsynth";
rev = "v${version}";
sha256 = "sha256-RqhlpvMbRSwdcY2uuFAdJnihN3aObcLVMuvCZ294dgo=";
hash = "sha256-3qLmo9Ibl44v6Jj5Ix17ixwqfPt3ITTXUqBETF5pzE4=";
};
patches = [
# Fixes bad CMAKE_INSTALL_PREFIX + CMAKE_INSTALL_LIBDIR concatenation for Darwin install name dir
# Remove when PR merged & in release
(fetchpatch {
name = "0001-Fix-incorrect-way-of-turning-CMAKE_INSTALL_LIBDIR-absolute.patch";
url = "https://github.com/FluidSynth/fluidsynth/pull/1261/commits/03cd38dd909fc24aa39553d869afbb4024416de8.patch";
hash = "sha256-nV+MbFttnbNBO4zWnPLpnnEuoiESkV9BGFlUS9tQQfk=";
})
];
outputs = [ "out" "dev" "man" ];
nativeBuildInputs = [ buildPackages.stdenv.cc pkg-config cmake ];

2
pkgs/applications/audio/industrializer/default.nix
View File

@ -6,6 +6,7 @@
, automake
, gnome2
, gtk2
, libGL
, libjack2
, libtool
, libxml2
@ -27,6 +28,7 @@ stdenv.mkDerivation rec {
audiofile
gnome2.gtkglext
gtk2
libGL
libjack2
libtool
libxml2

3
pkgs/applications/audio/kapitonov-plugins-pack/default.nix
View File

@ -1,5 +1,5 @@
{ lib, stdenv, fetchFromGitHub, faust, meson, ninja, pkg-config
, boost, cairo, fftw, ladspa-sdk, libxcb, lv2, xcbutilwm
, boost, cairo, fftw, ladspa-sdk, libxcb, lv2, xcbutilwm, xorg
, zita-convolver, zita-resampler
}:
@ -29,6 +29,7 @@ stdenv.mkDerivation rec {
libxcb
lv2
xcbutilwm
xorg.xcbutil
zita-convolver
zita-resampler
];

4
pkgs/applications/audio/mpg123/default.nix
View File

@ -21,11 +21,11 @@ assert withConplay -> !libOnly;
stdenv.mkDerivation rec {
pname = "${lib.optionalString libOnly "lib"}mpg123";
version = "1.31.3";
version = "1.32.3";
src = fetchurl {
url = "mirror://sourceforge/mpg123/mpg123-${version}.tar.bz2";
hash = "sha256-HKd9Omml/4RbegU294P+5VThBBE5prl49q/hT1gUrRo=";
hash = "sha256-LZkTpX1O6PSXoYLG6CWCYCQJeCpPtIHpif7r9ENYZ7Q=";
};
outputs = [ "out" "dev" "man" ] ++ lib.optional withConplay "conplay";

3
pkgs/applications/audio/paulstretch/default.nix
View File

@ -30,8 +30,9 @@ stdenv.mkDerivation {
];
patches = [
# https://github.com/paulnasca/paulstretch_cpp/pull/12
(fetchpatch {
url = "https://github.com/paulnasca/paulstretch_cpp/pull/12.patch";
url = "https://github.com/paulnasca/paulstretch_cpp/commit/d8671b36135fe66839b11eadcacb474cc8dae0d1.patch";
sha256 = "0lx1rfrs53afkiz1drp456asqgj5yv6hx3lkc01165cv1jsbw6q4";
})
];

2
pkgs/applications/audio/pavucontrol/default.nix
View File

@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
license = lib.licenses.gpl2Plus;
maintainers = with maintainers; [ abbradar globin ];
maintainers = with maintainers; [ abbradar ];
platforms = platforms.linux;
mainProgram = "pavucontrol";
};

10
pkgs/applications/audio/spotify/linux.nix
View File

@ -2,7 +2,7 @@
, glib, pango, cairo, atk, gdk-pixbuf, gtk3, cups, nspr, nss_latest, libpng, libnotify
, libgcrypt, systemd, fontconfig, dbus, expat, ffmpeg_4, curlWithGnuTls, zlib, gnome
, at-spi2-atk, at-spi2-core, libpulseaudio, libdrm, mesa, libxkbcommon
, pname, meta, harfbuzz
, pname, meta, harfbuzz, libayatana-appindicator, libdbusmenu
# High-DPI support: Spotify's --force-device-scale-factor argument
# not added if `null`, otherwise, should be a number.
, deviceScaleFactor ? null
@ -14,14 +14,14 @@ let
# If an update breaks things, one of those might have valuable info:
# https://aur.archlinux.org/packages/spotify/
# https://community.spotify.com/t5/Desktop-Linux
version = "1.2.13.661.ga588f749";
version = "1.2.22.982.g794acc0a";
# To get the latest stable revision:
# curl -H 'X-Ubuntu-Series: 16' 'https://api.snapcraft.io/api/v1/snaps/details/spotify?channel=stable' | jq '.download_url,.version,.last_updated'
# To get general information:
# curl -H 'Snap-Device-Series: 16' 'https://api.snapcraft.io/v2/snaps/info/spotify' | jq '.'
# More examples of api usage:
# https://github.com/canonical-websites/snapcraft.io/blob/master/webapp/publisher/snaps/views.py
rev = "68";
rev = "70";
deps = [
alsa-lib
@ -40,6 +40,8 @@ let
glib
gtk3
harfbuzz
libayatana-appindicator
libdbusmenu
libdrm
libgcrypt
libnotify
@ -84,7 +86,7 @@ stdenv.mkDerivation {
# https://community.spotify.com/t5/Desktop-Linux/Redistribute-Spotify-on-Linux-Distributions/td-p/1695334
src = fetchurl {
url = "https://api.snapcraft.io/api/v1/snaps/download/pOBIoZ2LrCB3rDohMxoYGnbN14EHOgD7_${rev}.snap";
hash = "sha512-THGSRx0sGOVEB6bOHWHiy1G0Acq0hUa94tG/v+i5DA+CluI58pqj8gYQ61k/ACLJXTUyM8SA92C8DK1Go18X8w==";
hash = "sha512-oxDUZqyMLxCbUBb1A+BBznByQ1rZAJcEIkaSUQ93/k1DX3rTaBHzEXmBtJhmN6L8L3fw1pa9GvE7eDaD8+jeGg==";
};
nativeBuildInputs = [ wrapGAppsHook makeShellWrapper squashfsTools ];

4
pkgs/applications/audio/stone-phaser/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, xorg, cairo, lv2, libjack2, mesa, pkg-config }:
{ lib, stdenv, fetchFromGitHub, xorg, cairo, libGL, lv2, libjack2, mesa, pkg-config }:
stdenv.mkDerivation rec {
pname = "stone-phaser";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [
xorg.libX11 cairo lv2 libjack2 mesa
xorg.libX11 cairo libGL lv2 libjack2 mesa
];
postPatch = ''

4
pkgs/applications/audio/strawberry/default.nix
View File

@ -42,13 +42,13 @@ let
in
stdenv.mkDerivation rec {
pname = "strawberry";
version = "1.0.20";
version = "1.0.21";
src = fetchFromGitHub {
owner = "jonaski";
repo = pname;
rev = version;
hash = "sha256-/utd2uYoxPHQ4kQwA0tZW5HwmN90vXL23EiNFh3wXoE=";
hash = "sha256-McwnYHaw0LYDeHLDQzfqRIYMV2FoiMdHyOL/EE8/esU=";
};
# the big strawberry shown in the context menu is *very* much in your face, so use the grey version instead

4
pkgs/applications/audio/string-machine/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, boost, cairo, lv2, pkg-config }:
{ lib, stdenv, fetchFromGitHub, boost, cairo, libGL, lv2, pkg-config }:
stdenv.mkDerivation rec {
pname = "string-machine";
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [
boost cairo lv2
boost cairo libGL lv2
];
makeFlags = [

4
pkgs/applications/blockchains/btcpayserver/default.nix
View File

@ -6,13 +6,13 @@
buildDotnetModule rec {
pname = "btcpayserver";
version = "1.11.6";
version = "1.11.7";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-PORzTbvB9HriilaBCsC6R323RFvsI55WgSojJJ6uoIs=";
sha256 = "sha256-6DhVsN8VZmQ1lU7imXInL1y4Fu+JFr4R1nFthMHrQQ8=";
};
projectFile = "BTCPayServer/BTCPayServer.csproj";

32
pkgs/applications/blockchains/btcpayserver/deps.nix generated
View File

@ -2,8 +2,8 @@
# Please dont edit it manually, your changes might get overwritten!
{ fetchNuGet }: [
(fetchNuGet { pname = "AngleSharp"; version = "0.14.0"; sha256 = "1zgwhh1fp2mmaplvpgm86rpmslix3wqfxf0d3hxx1gxwfgr6wxm6"; })
(fetchNuGet { pname = "AngleSharp.Css"; version = "0.14.2"; sha256 = "1d34a8ab5dri4wlw07jvk7b1z0d0zizwihwpdfva3sxhb4279ahd"; })
(fetchNuGet { pname = "AngleSharp"; version = "0.17.1"; sha256 = "038idg33ydy72362qplsd7y8ldifi9zg02dhjli6wy4p47hyqcph"; })
(fetchNuGet { pname = "AngleSharp.Css"; version = "0.17.0"; sha256 = "0q5vfj4l24kz1djigl0fva0dv64j2f90x3g1db59vbiz8vvfjz5i"; })
(fetchNuGet { pname = "AWSSDK.Core"; version = "3.3.104.14"; sha256 = "157694kb63z1szbsv861515fvjv7amrjrfmgbm3idpyw31afk650"; })
(fetchNuGet { pname = "AWSSDK.S3"; version = "3.3.110.10"; sha256 = "1lf1hfbx792dpa1hxgn0a0jrrvldd16hgbxx229dk2qcz5qlnc38"; })
(fetchNuGet { pname = "BIP78.Sender"; version = "0.2.2"; sha256 = "12pm2s35c0qzc06099q2z1pxwq94rq85n74yz8fs8gwvm2ksgp4p"; })
@ -20,7 +20,7 @@
(fetchNuGet { pname = "BTCPayServer.NETCore.Plugins.Mvc"; version = "1.4.4"; sha256 = "1kmmj5m7s41wc1akpqw1b1j7pp4c0vn6sqxb487980ibpj6hyisl"; })
(fetchNuGet { pname = "CsvHelper"; version = "15.0.5"; sha256 = "01y8bhsnxghn3flz0pr11vj6wjrpmia8rpdrsp7kjfc1zmhqlgma"; })
(fetchNuGet { pname = "Dapper"; version = "2.0.123"; sha256 = "15hxrchfgiqnmgf8fqhrf4pb4c8l9igg5qnkw9yk3rkagcqfkk91"; })
(fetchNuGet { pname = "DigitalRuby.ExchangeSharp"; version = "1.0.2"; sha256 = "1l6g61l18jqnc0h8rpsilfjjnyapm4ld8wcsr8bp0hp34p6wpidm"; })
(fetchNuGet { pname = "DigitalRuby.ExchangeSharp"; version = "1.0.4"; sha256 = "1hkdls4wjrxq6df1zq9saa6hn5hynalq3gxb486w59j7i9f3g7d8"; })
(fetchNuGet { pname = "Fido2"; version = "2.0.2"; sha256 = "1wqlk48apm7h637da7sav0r1a8yz2yy2gxhifpvydjqk1n3qybz4"; })
(fetchNuGet { pname = "Fido2.AspNet"; version = "2.0.2"; sha256 = "0x2k1wyd0p7cy4ir15m2bxiggckl98znc65b4vq75ckjyd6dm1a1"; })
(fetchNuGet { pname = "Fido2.Models"; version = "2.0.2"; sha256 = "1vk4h9sv2dhdr0jvh2a7yk6v9rhxk9y8hxz4mkal8vd9psajz5cg"; })
@ -34,7 +34,7 @@
(fetchNuGet { pname = "Google.Apis.Core"; version = "1.38.0"; sha256 = "012gslhnx65vqfyzjnqx4bqk9kb8bwbx966q2f9fdgrfcn26gj9j"; })
(fetchNuGet { pname = "Google.Apis.Storage.v1"; version = "1.38.0.1470"; sha256 = "0mfrz7fmpfbjvp4zfpjasmnfbgxgxrrjkf8xgp9p6h9g8qh2f2h2"; })
(fetchNuGet { pname = "Google.Cloud.Storage.V1"; version = "2.3.0"; sha256 = "01jhrd6m6md8m28chzg2dkdfd4yris79j1xi7r1ydm1cfjhmlj64"; })
(fetchNuGet { pname = "HtmlSanitizer"; version = "5.0.372"; sha256 = "1gllp58vdbql2ybwf05i2178x7p4g8zyyk64317d1pyss5217g7r"; })
(fetchNuGet { pname = "HtmlSanitizer"; version = "8.0.723"; sha256 = "1x621v4ypgd1zrmq7zd7j9wcrc30f6rm9qh0i1sm4yfqd983yf4g"; })
(fetchNuGet { pname = "Humanizer.Core"; version = "2.8.26"; sha256 = "1v8xd12yms4qq1md4vh6faxicmqrvahqdd7sdkyzrphab9v44nsm"; })
(fetchNuGet { pname = "libsodium"; version = "1.0.18"; sha256 = "15qzl5k31yaaapqlijr336lh4lzz1qqxlimgxy8fdyig8jdmgszn"; })
(fetchNuGet { pname = "LNURL"; version = "0.0.34"; sha256 = "1sbkqsln7wq5fsbw63wdha8kqwxgd95j0iblv4kxa1shyg3c5d9x"; })
@ -145,12 +145,11 @@
(fetchNuGet { pname = "Microsoft.IdentityModel.Tokens"; version = "6.6.0"; sha256 = "0h5vbsd5x9cf7nqyrwn7d7y1axhf1zz0jr9prvi4xpxawa3kajyj"; })
(fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.0.1"; sha256 = "01al6cfxp68dscl15z7rxfw9zvhm64dncsw09a1vmdkacsa2v6lr"; })
(fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; sha256 = "08vh1r12g6ykjygq5d3vq09zylgb84l63k49jc4v8faw9g93iqqm"; })
(fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.0.0"; sha256 = "1fk2fk2639i7nzy58m9dvpdnzql4vb8yl8vr19r2fp8lmj9w2jr0"; })
(fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.1.2"; sha256 = "1507hnpr9my3z4w1r6xk5n0s1j3y6a2c2cnynj76za7cphxi1141"; })
(fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.0.1"; sha256 = "0ppdkwy6s9p7x9jix3v4402wb171cdiibq7js7i13nxpdky7074p"; })
(fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; sha256 = "193xwf33fbm0ni3idxzbr5fdq3i2dlfgihsac9jj7whj0gd902nh"; })
(fetchNuGet { pname = "Microsoft.Win32.Primitives"; version = "4.3.0"; sha256 = "0j0c1wj4ndj21zsgivsc24whiya605603kxrbiw6wkfdync464wq"; })
(fetchNuGet { pname = "Microsoft.Win32.SystemEvents"; version = "6.0.0"; sha256 = "0c6pcj088g1yd1vs529q3ybgsd2vjlk5y1ic6dkmbhvrp5jibl9p"; })
(fetchNuGet { pname = "Microsoft.Win32.SystemEvents"; version = "7.0.0"; sha256 = "1bh77misznh19m1swqm3dsbji499b8xh9gk6w74sgbkarf6ni8lb"; })
(fetchNuGet { pname = "MimeKit"; version = "3.3.0"; sha256 = "0rslxmwlv6w2fssv0mz2v6qi6zg1v0lmly6hvh258xqdfxrhn0y8"; })
(fetchNuGet { pname = "MySqlConnector"; version = "2.1.2"; sha256 = "12wgwns172vjldp1cvcq212zizpw18za7z3438rdh40zkq55s5yz"; })
(fetchNuGet { pname = "NBitcoin"; version = "5.0.40"; sha256 = "1rqzn84yaww4afagwg8jg1l5qdkvqyjdfcyd5widddqwxabbsjvh"; })
@ -170,7 +169,7 @@
(fetchNuGet { pname = "NicolasDorier.CommandLine.Configuration"; version = "2.0.0"; sha256 = "1cng096r3kb85lf5wjill4yhxx8nv9v0d6ksbn1i1vvdawwl6fkw"; })
(fetchNuGet { pname = "NicolasDorier.RateLimits"; version = "1.2.3"; sha256 = "197cqb0yxd2hfxyikxw53m4lmxh87l9sqrr8xihg1j0knvwzgyyp"; })
(fetchNuGet { pname = "NicolasDorier.StandardConfiguration"; version = "2.0.1"; sha256 = "1jiinqj1y8vv78p766asml4bd0k5gwrpl9ksi176h0z7wsj6ilrx"; })
(fetchNuGet { pname = "NLog"; version = "4.7.14"; sha256 = "1pjkxlf20vrh9b8r6wzay1563fdhhxslxb7acdkn5ss8gvd2m23n"; })
(fetchNuGet { pname = "NLog"; version = "5.1.3"; sha256 = "0r09pd9cax95gn5bxskfhmalfd5qi3xx5j14znvryd1vn2vy6fln"; })
(fetchNuGet { pname = "Npgsql"; version = "6.0.7"; sha256 = "0c5zyd9n3597ryzqh9qfisp3wvr7q0krbnl26w2sy33xm4hvls2c"; })
(fetchNuGet { pname = "Npgsql.EntityFrameworkCore.PostgreSQL"; version = "6.0.7"; sha256 = "0gsvjf0vk7anmc889my8x68wpd47bsdgsk1rwbg77rrb9zsf4nxp"; })
(fetchNuGet { pname = "NSec.Cryptography"; version = "20.2.0"; sha256 = "19slji51v8s8i4836nqqg7qb3i3p4ahqahz0fbb3gwpp67pn6izx"; })
@ -248,7 +247,7 @@
(fetchNuGet { pname = "Serilog.Sinks.Console"; version = "3.1.1"; sha256 = "0j99as641y1k6havwwkhyr0n08vibiblmfjj6nz051mz8g3864fn"; })
(fetchNuGet { pname = "Serilog.Sinks.Debug"; version = "1.0.1"; sha256 = "0969mb254kr59bgkq01ybyzca89z3f4n9ng5mdj8m53d5653zf22"; })
(fetchNuGet { pname = "Serilog.Sinks.File"; version = "4.1.0"; sha256 = "1ry7p9hf1zlnai1j5zjhjp4dqm2agsbpq6cvxgpf5l8m26x6mgca"; })
(fetchNuGet { pname = "SocketIOClient"; version = "3.0.6"; sha256 = "0yvvwyg05sjlam8841kxy1qv6bc7a1kykdk5jdy2jvw89d40k31d"; })
(fetchNuGet { pname = "SocketIOClient"; version = "3.0.8"; sha256 = "1k3csni1zyy55rdzcyivppqmyxvrmm31bqm6gffc25v959jp73wv"; })
(fetchNuGet { pname = "SQLitePCLRaw.bundle_e_sqlite3"; version = "2.0.6"; sha256 = "1ip0a653dx5cqybxg27zyz5ps31f2yz50g3jvz3vx39isx79gax3"; })
(fetchNuGet { pname = "SQLitePCLRaw.core"; version = "2.0.6"; sha256 = "1w4iyg0v1v1z2m7akq7rv8lsgixp2m08732vr14vgpqs918bsy1i"; })
(fetchNuGet { pname = "SQLitePCLRaw.lib.e_sqlite3"; version = "2.0.6"; sha256 = "16378rh1lcqxynf5qj0kh8mrsb0jp37qqwg4285kqc5pknvh1bx3"; })
@ -265,7 +264,8 @@
(fetchNuGet { pname = "System.Collections.Concurrent"; version = "4.3.0"; sha256 = "0wi10md9aq33jrkh2c24wr2n9hrpyamsdhsxdcnf43b7y86kkii8"; })
(fetchNuGet { pname = "System.Collections.Immutable"; version = "5.0.0"; sha256 = "1kvcllagxz2q92g81zkz81djkn2lid25ayjfgjalncyc68i15p0r"; })
(fetchNuGet { pname = "System.Collections.Immutable"; version = "6.0.0"; sha256 = "1js98kmjn47ivcvkjqdmyipzknb9xbndssczm8gq224pbaj1p88c"; })
(fetchNuGet { pname = "System.Configuration.ConfigurationManager"; version = "6.0.0"; sha256 = "0sqapr697jbb4ljkq46msg0xx1qpmc31ivva6llyz2wzq3mpmxbw"; })
(fetchNuGet { pname = "System.Collections.Immutable"; version = "7.0.0"; sha256 = "1n9122cy6v3qhsisc9lzwa1m1j62b8pi2678nsmnlyvfpk0zdagm"; })
(fetchNuGet { pname = "System.Configuration.ConfigurationManager"; version = "7.0.0"; sha256 = "149d9kmakzkbw69cip1ny0wjlgcvnhrr7vz5pavpsip36k2mw02a"; })
(fetchNuGet { pname = "System.Console"; version = "4.3.0"; sha256 = "1flr7a9x920mr5cjsqmsy9wgnv3lvd0h1g521pdr1lkb2qycy7ay"; })
(fetchNuGet { pname = "System.Diagnostics.Debug"; version = "4.0.11"; sha256 = "0gmjghrqmlgzxivd2xl50ncbglb7ljzb66rlx8ws6dv8jm0d5siz"; })
(fetchNuGet { pname = "System.Diagnostics.Debug"; version = "4.3.0"; sha256 = "00yjlf19wjydyr6cfviaph3vsjzg3d5nvnya26i2fvfg53sknh3y"; })
@ -274,7 +274,7 @@
(fetchNuGet { pname = "System.Diagnostics.Tools"; version = "4.3.0"; sha256 = "0in3pic3s2ddyibi8cvgl102zmvp9r9mchh82ns9f0ms4basylw1"; })
(fetchNuGet { pname = "System.Diagnostics.Tracing"; version = "4.1.0"; sha256 = "1d2r76v1x610x61ahfpigda89gd13qydz6vbwzhpqlyvq8jj6394"; })
(fetchNuGet { pname = "System.Diagnostics.Tracing"; version = "4.3.0"; sha256 = "1m3bx6c2s958qligl67q7grkwfz3w53hpy7nc97mh6f7j5k168c4"; })
(fetchNuGet { pname = "System.Drawing.Common"; version = "6.0.0"; sha256 = "02n8rzm58dac2np8b3xw8ychbvylja4nh6938l5k2fhyn40imlgz"; })
(fetchNuGet { pname = "System.Drawing.Common"; version = "7.0.0"; sha256 = "0jwyv5zjxzr4bm4vhmz394gsxqa02q6pxdqd2hwy1f116f0l30dp"; })
(fetchNuGet { pname = "System.Dynamic.Runtime"; version = "4.0.11"; sha256 = "1pla2dx8gkidf7xkciig6nifdsb494axjvzvann8g2lp3dbqasm9"; })
(fetchNuGet { pname = "System.Formats.Asn1"; version = "6.0.0"; sha256 = "1vvr7hs4qzjqb37r0w1mxq7xql2b17la63jwvmgv65s1hj00g8r9"; })
(fetchNuGet { pname = "System.Globalization"; version = "4.0.11"; sha256 = "070c5jbas2v7smm660zaf1gh0489xanjqymkvafcs4f8cdrs1d5d"; })
@ -312,7 +312,6 @@
(fetchNuGet { pname = "System.ObjectModel"; version = "4.3.0"; sha256 = "191p63zy5rpqx7dnrb3h7prvgixmk168fhvvkkvhlazncf8r3nc2"; })
(fetchNuGet { pname = "System.Private.Uri"; version = "4.0.1"; sha256 = "0k57qhawjysm4cpbfpc49kl4av7lji310kjcamkl23bwgij5ld9j"; })
(fetchNuGet { pname = "System.Private.Uri"; version = "4.3.0"; sha256 = "04r1lkdnsznin0fj4ya1zikxiqr0h6r6a1ww2dsm60gqhdrf0mvx"; })
(fetchNuGet { pname = "System.Reactive"; version = "5.0.0"; sha256 = "1lafmpnadhiwxyd543kraxa3jfdpm6ipblxrjlibym9b1ykpr5ik"; })
(fetchNuGet { pname = "System.Reflection"; version = "4.1.0"; sha256 = "1js89429pfw79mxvbzp8p3q93il6rdff332hddhzi5wqglc4gml9"; })
(fetchNuGet { pname = "System.Reflection"; version = "4.3.0"; sha256 = "0xl55k0mw8cd8ra6dxzh974nxif58s3k1rjv1vbd7gjbjr39j11m"; })
(fetchNuGet { pname = "System.Reflection.Emit"; version = "4.0.1"; sha256 = "0ydqcsvh6smi41gyaakglnv252625hf29f7kywy2c70nhii2ylqp"; })
@ -347,7 +346,6 @@
(fetchNuGet { pname = "System.Runtime.InteropServices.RuntimeInformation"; version = "4.0.0"; sha256 = "0glmvarf3jz5xh22iy3w9v3wyragcm4hfdr17v90vs7vcrm7fgp6"; })
(fetchNuGet { pname = "System.Runtime.InteropServices.RuntimeInformation"; version = "4.3.0"; sha256 = "0q18r1sh4vn7bvqgd6dmqlw5v28flbpj349mkdish2vjyvmnb2ii"; })
(fetchNuGet { pname = "System.Runtime.Numerics"; version = "4.3.0"; sha256 = "19rav39sr5dky7afygh309qamqqmi9kcwvz3i0c5700v0c5cg61z"; })
(fetchNuGet { pname = "System.Security.AccessControl"; version = "6.0.0"; sha256 = "0a678bzj8yxxiffyzy60z2w1nczzpi8v97igr4ip3byd2q89dv58"; })
(fetchNuGet { pname = "System.Security.Claims"; version = "4.3.0"; sha256 = "0jvfn7j22l3mm28qjy3rcw287y9h65ha4m940waaxah07jnbzrhn"; })
(fetchNuGet { pname = "System.Security.Cryptography.Algorithms"; version = "4.3.0"; sha256 = "03sq183pfl5kp7gkvq77myv7kbpdnq3y0xj7vi4q1kaw54sny0ml"; })
(fetchNuGet { pname = "System.Security.Cryptography.Cng"; version = "4.3.0"; sha256 = "1k468aswafdgf56ab6yrn7649kfqx2wm9aslywjam1hdmk5yypmv"; })
@ -357,22 +355,22 @@
(fetchNuGet { pname = "System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0givpvvj8yc7gv4lhb6s1prq6p2c4147204a0wib89inqzd87gqc"; })
(fetchNuGet { pname = "System.Security.Cryptography.Pkcs"; version = "6.0.0"; sha256 = "1q80znpwkv5wrzgx0qnzxqaa5k1s72fnk3g1yng62l7y14d8ki64"; })
(fetchNuGet { pname = "System.Security.Cryptography.Primitives"; version = "4.3.0"; sha256 = "0pyzncsv48zwly3lw4f2dayqswcfvdwq2nz0dgwmi7fj3pn64wby"; })
(fetchNuGet { pname = "System.Security.Cryptography.ProtectedData"; version = "6.0.0"; sha256 = "05kd3a8w7658hjxq9vvszxip30a479fjmfq4bq1r95nrsvs4hbss"; })
(fetchNuGet { pname = "System.Security.Cryptography.ProtectedData"; version = "7.0.0"; sha256 = "15s9s6hsj9bz0nzw41mxbqdjgjd71w2djqbv0aj413gfi9amybk9"; })
(fetchNuGet { pname = "System.Security.Cryptography.X509Certificates"; version = "4.3.0"; sha256 = "0valjcz5wksbvijylxijjxb1mp38mdhv03r533vnx1q3ikzdav9h"; })
(fetchNuGet { pname = "System.Security.Permissions"; version = "6.0.0"; sha256 = "0jsl4xdrkqi11iwmisi1r2f2qn5pbvl79mzq877gndw6ans2zhzw"; })
(fetchNuGet { pname = "System.Security.Permissions"; version = "7.0.0"; sha256 = "0wkm6bj4abknzj41ygkziifx8mzhj4bix92wjvj6lihaw1gniq8c"; })
(fetchNuGet { pname = "System.Security.Principal"; version = "4.3.0"; sha256 = "12cm2zws06z4lfc4dn31iqv7072zyi4m910d4r6wm8yx85arsfxf"; })
(fetchNuGet { pname = "System.Security.Principal.Windows"; version = "4.3.0"; sha256 = "00a0a7c40i3v4cb20s2cmh9csb5jv2l0frvnlzyfxh848xalpdwr"; })
(fetchNuGet { pname = "System.Text.Encoding"; version = "4.0.11"; sha256 = "1dyqv0hijg265dwxg6l7aiv74102d6xjiwplh2ar1ly6xfaa4iiw"; })
(fetchNuGet { pname = "System.Text.Encoding"; version = "4.3.0"; sha256 = "1f04lkir4iladpp51sdgmis9dj4y8v08cka0mbmsy0frc9a4gjqr"; })
(fetchNuGet { pname = "System.Text.Encoding.CodePages"; version = "4.5.0"; sha256 = "19x38911pawq4mrxrm04l2bnxwxxlzq8v8rj4cbxnfjj8pnd3vj3"; })
(fetchNuGet { pname = "System.Text.Encoding.CodePages"; version = "4.5.1"; sha256 = "1z21qyfs6sg76rp68qdx0c9iy57naan89pg7p6i3qpj8kyzn921w"; })
(fetchNuGet { pname = "System.Text.Encoding.CodePages"; version = "6.0.0"; sha256 = "0gm2kiz2ndm9xyzxgi0jhazgwslcs427waxgfa30m7yqll1kcrww"; })
(fetchNuGet { pname = "System.Text.Encoding.Extensions"; version = "4.0.11"; sha256 = "08nsfrpiwsg9x5ml4xyl3zyvjfdi4mvbqf93kjdh11j4fwkznizs"; })
(fetchNuGet { pname = "System.Text.Encoding.Extensions"; version = "4.3.0"; sha256 = "11q1y8hh5hrp5a3kw25cb6l00v5l5dvirkz8jr3sq00h1xgcgrxy"; })
(fetchNuGet { pname = "System.Text.Encodings.Web"; version = "4.4.0"; sha256 = "05qp3yivh6gz0vva0v3wjlj3g1b45d5jmz362f2y8ah6yb3rx088"; })
(fetchNuGet { pname = "System.Text.Encodings.Web"; version = "6.0.0"; sha256 = "06n9ql3fmhpjl32g3492sj181zjml5dlcc5l76xq2h38c4f87sai"; })
(fetchNuGet { pname = "System.Text.Encodings.Web"; version = "7.0.0"; sha256 = "1151hbyrcf8kyg1jz8k9awpbic98lwz9x129rg7zk1wrs6vjlpxl"; })
(fetchNuGet { pname = "System.Text.Json"; version = "6.0.0"; sha256 = "1si2my1g0q0qv1hiqnji4xh9wd05qavxnzj9dwgs23iqvgjky0gl"; })
(fetchNuGet { pname = "System.Text.Json"; version = "6.0.2"; sha256 = "1lz6gx1r4if8sbx6yp9h0mi0g9ffr40x0cg518l0z2aiqgil3fk0"; })
(fetchNuGet { pname = "System.Text.Json"; version = "7.0.2"; sha256 = "1i6yinxvbwdk5g5z9y8l4a5hj2gw3h9ijlz2f1c1ngyprnwz2ivf"; })
(fetchNuGet { pname = "System.Text.RegularExpressions"; version = "4.3.0"; sha256 = "1bgq51k7fwld0njylfn7qc5fmwrk2137gdq7djqdsw347paa9c2l"; })
(fetchNuGet { pname = "System.Threading"; version = "4.0.11"; sha256 = "19x946h926bzvbsgj28csn46gak2crv2skpwsx80hbgazmkgb1ls"; })
(fetchNuGet { pname = "System.Threading"; version = "4.3.0"; sha256 = "0rw9wfamvhayp5zh3j7p1yfmx9b5khbf4q50d8k5rk993rskfd34"; })
@ -385,7 +383,7 @@
(fetchNuGet { pname = "System.Threading.ThreadPool"; version = "4.3.0"; sha256 = "027s1f4sbx0y1xqw2irqn6x161lzj8qwvnh2gn78ciiczdv10vf1"; })
(fetchNuGet { pname = "System.Threading.Timer"; version = "4.0.1"; sha256 = "15n54f1f8nn3mjcjrlzdg6q3520571y012mx7v991x2fvp73lmg6"; })
(fetchNuGet { pname = "System.Threading.Timer"; version = "4.3.0"; sha256 = "1nx773nsx6z5whv8kaa1wjh037id2f1cxhb69pvgv12hd2b6qs56"; })
(fetchNuGet { pname = "System.Windows.Extensions"; version = "6.0.0"; sha256 = "1wy9pq9vn1bqg5qnv53iqrbx04yzdmjw4x5yyi09y3459vaa1sip"; })
(fetchNuGet { pname = "System.Windows.Extensions"; version = "7.0.0"; sha256 = "11r9f0v7qp365bdpq5ax023yra4qvygljz18dlqs650d44iay669"; })
(fetchNuGet { pname = "System.Xml.ReaderWriter"; version = "4.3.0"; sha256 = "0c47yllxifzmh8gq6rq6l36zzvw4kjvlszkqa9wq3fr59n0hl3s1"; })
(fetchNuGet { pname = "System.Xml.XDocument"; version = "4.3.0"; sha256 = "08h8fm4l77n0nd4i4fk2386y809bfbwqb7ih9d7564ifcxr5ssxd"; })
(fetchNuGet { pname = "TwentyTwenty.Storage"; version = "2.12.1"; sha256 = "0m41dxzc3hh0f4j1k4q915pvcq6zr0hv1pj6b3sayrn8vjhk64qb"; })

623
pkgs/applications/blockchains/polkadot/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

17
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -11,13 +11,13 @@
}:
rustPlatform.buildRustPackage rec {
pname = "polkadot";
version = "1.1.0";
version = "1.2.0";
src = fetchFromGitHub {
owner = "paritytech";
repo = "polkadot-sdk";
rev = "polkadot-v${version}";
hash = "sha256-B9egLeXZ6xGJ5g5+A9KXYGdesN5Gkrr2qQJe/7hwB5I=";
hash = "sha256-Xgu1BlSGDAj79TKSM9vCbzBT4quOMBd6evImkkKycH4=";
# the build process of polkadot requires a .git folder in order to determine
# the git commit hash that is being built and add it to the version string.
@ -41,13 +41,14 @@ rustPlatform.buildRustPackage rec {
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"ark-secret-scalar-0.0.2" = "sha256-Nbf77KSsAjDKiFIP5kgzl23fRB+68x1EirNuZlS7jeM=";
"common-0.1.0" = "sha256-3OKBPpk0exdlV0N9rJRVIncSrkwdI8bkYL2QNsJl+sY=";
"ark-secret-scalar-0.0.2" = "sha256-Tcrz2tT561ICAJzMgarSTOnaUEPeTFKZzE7rkdL3eUQ=";
"common-0.1.0" = "sha256-dnZKDx3Rw5cd4ejcilo3Opsn/1XK9yWGxhceuwvBE0o=";
"fflonk-0.1.0" = "sha256-MNvlePHQdY8DiOq6w7Hc1pgn7G58GDTeghCKHJdUy7E=";
"sub-tokens-0.1.0" = "sha256-GvhgZhOIX39zF+TbQWtTCgahDec4lQjH+NqamLFLUxM=";
};
};
buildType = "production";
cargoBuildFlags = [ "-p" "polkadot" ];
# NOTE: tests currently fail to compile due to an issue with cargo-auditable
@ -61,9 +62,9 @@ rustPlatform.buildRustPackage rec {
rustc-wasm32.llvmPackages.lld
];
buildInputs = [
rust-jemalloc-sys-unprefixed
] ++ lib.optionals stdenv.isDarwin [ Security SystemConfiguration ];
# NOTE: jemalloc is used by default on Linux with unprefixed enabled
buildInputs = lib.optionals stdenv.isLinux [ rust-jemalloc-sys-unprefixed ] ++
lib.optionals stdenv.isDarwin [ Security SystemConfiguration ];
# NOTE: we need to force lld otherwise rust-lld is not found for wasm32 target
CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_LINKER = "lld";

13
pkgs/applications/editors/helix/default.nix
View File

@ -2,24 +2,17 @@
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "23.05";
version = "23.10";
# This release tarball includes source code for the tree-sitter grammars,
# which is not ordinarily part of the repository.
src = fetchzip {
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
hash = "sha256-3ZEToXwW569P7IFLqz6Un8rClnWrW5RiYKmRVFt7My8=";
hash = "sha256-PH4n+zm5ShwOrzzQm0Sn8b8JzAW/CF8UzzKZYE3e2WA=";
stripRoot = false;
};
cargoHash = "sha256-/LCtfyDAA2JuioBD/CDMv6OOxM0B9A3PpuVP/YY5oF0=";
patches = [
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/helix-editor/helix/pull/7227.patch";
hash = "sha256-dObMKHNJfc5TODUjZ28TVxuTen02rl8HzcXpFWnhB1k=";
})
];
cargoHash = "sha256-B8RO6BADDbPchowSfNVgviGvVgH23iF42DdhEBKBQzs=";
nativeBuildInputs = [ git installShellFiles makeWrapper ];

4
pkgs/applications/editors/neovim/neovim-qt.nix
View File

@ -2,13 +2,13 @@
mkDerivation rec {
pname = "neovim-qt-unwrapped";
version = "0.2.17";
version = "0.2.18";
src = fetchFromGitHub {
owner = "equalsraf";
repo = "neovim-qt";
rev = "v${version}";
sha256 = "sha256-UJXaHENqau5EEe5c94pJuNxZU5rutJs642w9Cof8Sa4=";
sha256 = "sha256-BitFHHwL2aqBUpY/8eHaZIFvnDCeABC6w33Vmbx0z2g=";
};
cmakeFlags = [

2
pkgs/applications/editors/neovim/tests/default.nix
View File

@ -212,7 +212,7 @@ rec {
# having no RC generated should autodisable init.vim wrapping
nvim_autowrap = runTest nvim_via_override ''
! grep "-u" ${nvimShouldntWrap}/bin/nvim
! grep ${nvimShouldntWrap}/bin/nvim
'';

56
pkgs/applications/editors/neovim/wrapper.nix
View File

@ -7,8 +7,10 @@
, neovimUtils
, vimUtils
, perl
, lndir
}:
neovim:
neovim-unwrapped:
let
wrapper = {
@ -62,7 +64,7 @@ let
# wrapper with most arguments we need, excluding those that cause problems to
# generate rplugin.vim, but still required for the final wrapper.
finalMakeWrapperArgs =
[ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim" ]
[ "${neovim-unwrapped}/bin/nvim" "${placeholder "out"}/bin/nvim" ]
++ [ "--set" "NVIM_SYSTEM_RPLUGIN_MANIFEST" "${placeholder "out"}/rplugin.vim" ]
++ lib.optionals wrapRc [ "--add-flags" "-u ${writeText "init.vim" neovimRcContent}" ]
++ commonWrapperArgs
@ -72,36 +74,45 @@ let
in
assert withPython2 -> throw "Python2 support has been removed from the neovim wrapper, please remove withPython2 and python2Env.";
symlinkJoin {
name = "neovim-${lib.getVersion neovim}${extraName}";
stdenv.mkDerivation (finalAttrs: {
name = "neovim-${lib.getVersion neovim-unwrapped}${extraName}";
__structuredAttrs = true;
dontUnpack = true;
inherit viAlias vimAlias withNodeJs withPython3 withPerl;
inherit wrapRc providerLuaRc packpathDirs;
inherit python3Env rubyEnv;
withRuby = rubyEnv != null;
inherit wrapperArgs;
# Remove the symlinks created by symlinkJoin which we need to perform
# extra actions upon
postBuild = lib.optionalString stdenv.isLinux ''
rm $out/share/applications/nvim.desktop
substitute ${neovim}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \
substitute ${neovim-unwrapped}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \
--replace 'Name=Neovim' 'Name=Neovim wrapper'
''
+ lib.optionalString withPython3 ''
+ lib.optionalString finalAttrs.withPython3 ''
makeWrapper ${python3Env.interpreter} $out/bin/nvim-python3 --unset PYTHONPATH
''
+ lib.optionalString (rubyEnv != null) ''
ln -s ${rubyEnv}/bin/neovim-ruby-host $out/bin/nvim-ruby
+ lib.optionalString (finalAttrs.rubyEnv != null) ''
ln -s ${finalAttrs.rubyEnv}/bin/neovim-ruby-host $out/bin/nvim-ruby
''
+ lib.optionalString withNodeJs ''
+ lib.optionalString finalAttrs.withNodeJs ''
ln -s ${nodePackages.neovim}/bin/neovim-node-host $out/bin/nvim-node
''
+ lib.optionalString withPerl ''
+ lib.optionalString finalAttrs.withPerl ''
ln -s ${perlEnv}/bin/perl $out/bin/nvim-perl
''
+ lib.optionalString vimAlias ''
+ lib.optionalString finalAttrs.vimAlias ''
ln -s $out/bin/nvim $out/bin/vim
''
+ lib.optionalString viAlias ''
+ lib.optionalString finalAttrs.viAlias ''
ln -s $out/bin/nvim $out/bin/vi
''
+ lib.optionalString (manifestRc != null) (let
manifestWrapperArgs =
[ "${neovim}/bin/nvim" "${placeholder "out"}/bin/nvim-wrapper" ] ++ commonWrapperArgs;
[ "${neovim-unwrapped}/bin/nvim" "${placeholder "out"}/bin/nvim-wrapper" ] ++ commonWrapperArgs;
in ''
echo "Generating remote plugin manifest"
export NVIM_RPLUGIN_MANIFEST=$out/rplugin.vim
@ -139,26 +150,33 @@ let
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgsStr}
'';
paths = [ neovim ];
buildPhase = ''
runHook preBuild
mkdir -p $out
for i in ${neovim-unwrapped}; do
lndir -silent $i $out
done
runHook postBuild
'';
preferLocalBuild = true;
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper lndir ];
passthru = {
inherit providerLuaRc packpathDirs;
unwrapped = neovim;
unwrapped = neovim-unwrapped;
initRc = neovimRcContent;
tests = callPackage ./tests {
};
};
meta = neovim.meta // {
meta = neovim-unwrapped.meta // {
# To prevent builds on hydra
hydraPlatforms = [];
# prefer wrapper over the package
priority = (neovim.meta.priority or 0) - 1;
priority = (neovim-unwrapped.meta.priority or 0) - 1;
};
};
});
in
lib.makeOverridable wrapper

4
pkgs/applications/editors/setzer/default.nix
View File

@ -20,13 +20,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "setzer";
version = "60";
version = "61";
src = fetchFromGitHub {
owner = "cvfosammmm";
repo = "Setzer";
rev = "v${version}";
hash = "sha256-SfMqGQKJtPTMSv4B70jOvTAIzNQc0AC16mum4fuNch4=";
hash = "sha256-7qkQelB0Y+DBihhaYVVQjK66pk8p2Sjhno87bW554SY=";
};
format = "other";

23
pkgs/applications/editors/textadept/default.nix
View File

@ -1,6 +1,9 @@
{ lib, stdenv, fetchFromGitHub, fetchurl, cmake, qtbase, wrapQtAppsHook }:
{ lib, stdenv, fetchFromGitHub, fetchurl, cmake
, withQt ? true, qtbase, wrapQtAppsHook
, withCurses ? false, ncurses
}:
stdenv.mkDerivation rec {
version = "12.0";
version = "12.1";
pname = "textadept";
src = fetchFromGitHub {
@ -8,15 +11,19 @@ stdenv.mkDerivation rec {
owner = "orbitalquark";
repo = "textadept";
rev = "textadept_${version}";
sha256 = "sha256-KziVN0Fl/IvSnIJKK5s7UikXi3iP5mTauP0YxffKy9c=";
sha256 = "sha256-ce7U/GR/4zkjnRN3fx3FLecc9vuvFqCONy275SWnpNc=";
};
nativeBuildInputs = [ cmake wrapQtAppsHook ];
buildInputs = [ qtbase ];
nativeBuildInputs = [ cmake ]
++ lib.optionals withQt [ wrapQtAppsHook ];
cmakeFlags = [
"CMAKE_INSTALL_PREFIX=build/install"
];
buildInputs =
lib.optionals withQt [ qtbase ]
++ lib.optionals withCurses ncurses;
cmakeFlags =
lib.optional withQt [ "-DQT=ON" ]
++ lib.optional withCurses [ "-DCURSES=ON" "-DQT=OFF"];
preConfigure = ''
mkdir -p $PWD/build/_deps

21
pkgs/applications/editors/textadept/deps.nix generated
View File

@ -1,36 +1,45 @@
{
# scintilla
"scintilla536.tgz" = {
url = "https://www.scintilla.org/scintilla536.tgz";
sha256 = "sha256-ib6CeKg+eBOSWq/il32quH0r1r69F7AXn+cq/dVIyyQ=";
};
# lexilla
"lexilla510.tgz" = {
url = "https://www.scintilla.org/lexilla510.tgz";
sha256 = "sha256-azWVJ0AFSYZxuFTPV73uwiVJZvNxcS/POnFtl6p/P9g=";
};
# scinterm
"scinterm_5.0.zip" = {
url = "https://github.com/orbitalquark/scinterm/archive/scinterm_5.0.zip";
sha256 = "sha256-l1qeLMCrhyoZA/GfmXFR20rY5EsUoO5e+1vZJtYdb24=";
};
"scintillua_6.2.zip" = {
url = "https://github.com/orbitalquark/scintillua/archive/scintillua_6.2.zip";
sha256 = "sha256-vjlN6MBz0xjBwWd8dpx/ks37WvdXt2vE1A71YM3uDik=";
# scintillua
"e88bbcfecae46b48b79d8156ea7129411b5c847d.zip" = {
url = "https://github.com/orbitalquark/scintillua/archive/e88bbcfecae46b48b79d8156ea7129411b5c847d.zip";
sha256 = "sha256-sWqpVtcAwysGn86XFwaEkKSPemk2247SydOQi6klFrQ=";
};
# lua
"lua-5.4.6.tar.gz" = {
url = "http://www.lua.org/ftp/lua-5.4.6.tar.gz";
sha256 = "sha256-fV6huctqoLWco93hxq3LV++DobqOVDLA7NBr9DmzrYg=";
};
# lpeg
"lpeg-1.1.0.tar.gz" = {
url = "http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-1.1.0.tar.gz";
sha256 = "sha256-SxVdZ9IkbB/6ete8RmweqJm7xA/vAlfMnAPOy67UNSo=";
};
# luafilesystem
"v1_8_0.zip" = {
url = "https://github.com/keplerproject/luafilesystem/archive/v1_8_0.zip";
sha256 = "sha256-46a+ynqKkFIu7THbbM3F7WWkM4JlAMaGJ4TidnG54Yo=";
};
"cdk-5.0-20200923.tgz" = {
url = "http://invisible-mirror.net/archives/cdk/cdk-5.0-20200923.tgz";
sha256 = "sha256-AH9d6IDLLuvYVW335M2Gc9XmTJlwFH7uaSOoFMKfqu0=";
# cdk
"t20200923.tar.gz" = {
url = "http://github.com/ThomasDickey/cdk-snapshots/archive/refs/tags/t20200923.tar.gz";
sha256 = "sha256-rjL4oMSDJZWAZJ8pG8FApfpvrVNJvY+6D8ZV+gwvDnI=";
};
# libtermkey
"libtermkey-0.22.tar.gz" = {
url = "http://www.leonerd.org.uk/code/libtermkey/libtermkey-0.22.tar.gz";
sha256 = "sha256-aUW9PEqqg9qD2AoEXFVj2k7dfQN0xiwNNa7AnrMBRgA=";

4
pkgs/applications/editors/typora/default.nix
View File

@ -22,10 +22,10 @@
let
pname = "typora";
version = "1.7.5";
version = "1.7.6";
src = fetchurl {
url = "https://download.typora.io/linux/typora_${version}_amd64.deb";
hash = "sha256-4Q+fx1kNu98+nxnI/7hLhE6zOdNsaAiAnW6xVd+hZOI=";
hash = "sha256-o91elUN8sFlzVfIQj29amsiUdSBjZc51tLCO+Qfar6c=";
};
typoraBase = stdenv.mkDerivation {

4
pkgs/applications/editors/vim/common.nix
View File

@ -1,12 +1,12 @@
{ lib, fetchFromGitHub }:
rec {
version = "9.0.1897";
version = "9.0.2048";
src = fetchFromGitHub {
owner = "vim";
repo = "vim";
rev = "v${version}";
hash = "sha256-ywxJ9evXWbqZ6o6EqDIQWK16J05McAdvPl0Y9cW5Zvc=";
hash = "sha256-zR2iPiD4/gf5BnxYoe3cx2ebGWE1P2bY4Cg15gveFgg=";
};
enableParallelBuilding = true;

617
pkgs/applications/editors/vim/plugins/generated.nix
View File

File diff suppressed because it is too large Load Diff

90
pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix
View File

@ -360,12 +360,12 @@
};
dart = buildGrammar {
language = "dart";
version = "0.0.0+rev=7e447dc";
version = "0.0.0+rev=e14bbac";
src = fetchFromGitHub {
owner = "UserNobody14";
repo = "tree-sitter-dart";
rev = "7e447dc18a2d293498670fb5ea16138648c883e5";
hash = "sha256-BCWtpTgEv/3ahiflK3wHmnhHjTmtmvJxHGo2X7FggsE=";
rev = "e14bbac8a0fcb6fab1b3becf6ed3fe464123c377";
hash = "sha256-9CNKTaP9XudM6BDUlXmroJZ31c3eqjF2s0+Bb5mcfm4=";
};
meta.homepage = "https://github.com/UserNobody14/tree-sitter-dart";
};
@ -745,6 +745,17 @@
};
meta.homepage = "https://github.com/theHamsta/tree-sitter-glsl";
};
gn = buildGrammar {
language = "gn";
version = "0.0.0+rev=bc06955";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-gn";
rev = "bc06955bc1e3c9ff8e9b2b2a55b38b94da923c05";
hash = "sha256-Sn6He4YRrKJe4QvGiaauquYBVQol0lWeIuOwkdUEzkQ=";
};
meta.homepage = "https://github.com/amaanq/tree-sitter-gn";
};
go = buildGrammar {
language = "go";
version = "0.0.0+rev=bbaa67a";
@ -868,12 +879,12 @@
};
haskell = buildGrammar {
language = "haskell";
version = "0.0.0+rev=d7ac98f";
version = "0.0.0+rev=ca10c43";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-haskell";
rev = "d7ac98f49e3ed7e17541256fe3881a967d7ffdd3";
hash = "sha256-XEfZSNnvF2BMOWwTfk6GXSnSpbKVfAYk7I3XbO1tIBg=";
rev = "ca10c43a4c9bfe588c480d2941726c2fadcae699";
hash = "sha256-HyS9Q6+WSUgyQ9mL5sZvQ4CHW+3MypT2U9b1X5NnMHc=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-haskell";
};
@ -1196,14 +1207,25 @@
};
meta.homepage = "https://github.com/cbarrete/tree-sitter-ledger";
};
leo = buildGrammar {
language = "leo";
version = "0.0.0+rev=91d7aa6";
src = fetchFromGitHub {
owner = "r001";
repo = "tree-sitter-leo";
rev = "91d7aa606f524cf4f5df7f4aacb45b4056fac704";
hash = "sha256-8nea6Qg0eT5ciif+tzD13TcFqP9/uJVxgVSW93OdiVY=";
};
meta.homepage = "https://github.com/r001/tree-sitter-leo";
};
liquidsoap = buildGrammar {
language = "liquidsoap";
version = "0.0.0+rev=bbef4df";
version = "0.0.0+rev=4620ab7";
src = fetchFromGitHub {
owner = "savonet";
repo = "tree-sitter-liquidsoap";
rev = "bbef4df4dc5b324455ad1ea4770bbed0df5130ea";
hash = "sha256-SGWO/sQ022atbX8qTXWeSnrYlSX13N03LhXJoc9YgPQ=";
rev = "4620ab746d1e9e5b6ebccaaa6afc5ebce06b4d75";
hash = "sha256-M9HTG58WMvQ1PS7oRDeJ+bUwe+bmXf/fuTc6inEtkek=";
};
meta.homepage = "https://github.com/savonet/tree-sitter-liquidsoap";
};
@ -1441,6 +1463,17 @@
};
meta.homepage = "https://github.com/amaanq/tree-sitter-objc";
};
objdump = buildGrammar {
language = "objdump";
version = "0.0.0+rev=64e4741";
src = fetchFromGitHub {
owner = "ColinKennedy";
repo = "tree-sitter-objdump";
rev = "64e4741d58345c36ded639f5a3bcd7811be7f8f8";
hash = "sha256-v5skJKQ/c0YeGVj3Vs+SNnFqTkp0mblZU4DyJ9hg7s4=";
};
meta.homepage = "https://github.com/ColinKennedy/tree-sitter-objdump";
};
ocaml = buildGrammar {
language = "ocaml";
version = "0.0.0+rev=694c577";
@ -1534,23 +1567,23 @@
};
perl = buildGrammar {
language = "perl";
version = "0.0.0+rev=79e88f6";
version = "0.0.0+rev=495ea4b";
src = fetchFromGitHub {
owner = "ganezdragon";
owner = "tree-sitter-perl";
repo = "tree-sitter-perl";
rev = "79e88f64681660f3961939bf764d8f3b4bbb0d27";
hash = "sha256-cadmD6kXhA3TENHhM03+iX2J0+Z0UhHizFiZLnknXLk=";
rev = "495ea4b2bb2ca7ebc64c598e4a60d8c0856b2811";
hash = "sha256-6xLeT4dfBnxysrfW7kX3KyW96dfJgN4L040xI8IWVMU=";
};
meta.homepage = "https://github.com/ganezdragon/tree-sitter-perl";
meta.homepage = "https://github.com/tree-sitter-perl/tree-sitter-perl";
};
php = buildGrammar {
language = "php";
version = "0.0.0+rev=92a98ad";
version = "0.0.0+rev=0e02e7f";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-php";
rev = "92a98adaa534957b9a70b03e9acb9ccf9345033a";
hash = "sha256-/JI1eyf1UZmtQ7bhfBLpA+8mMfIc8jRncri8Mz2mf5M=";
rev = "0e02e7fab7913a0e77343edb347c8f17cac1f0ba";
hash = "sha256-cHXstpU5XaBv9vO59DKol7PfrVLc0olBLlhkb3wFNDE=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-php";
};
@ -1587,6 +1620,17 @@
};
meta.homepage = "https://github.com/erasin/tree-sitter-po";
};
pod = buildGrammar {
language = "pod";
version = "0.0.0+rev=ea5d557";
src = fetchFromGitHub {
owner = "tree-sitter-perl";
repo = "tree-sitter-pod";
rev = "ea5d557cbd185cdcb5efcfdb6bc846fe909d86ae";
hash = "sha256-CFPfpFQYlaryMX/k6tBT9k0WbQRz2vdVzh++lIVYe80=";
};
meta.homepage = "https://github.com/tree-sitter-perl/tree-sitter-pod";
};
poe_filter = buildGrammar {
language = "poe_filter";
version = "0.0.0+rev=d7b43b5";
@ -2033,12 +2077,12 @@
};
sql = buildGrammar {
language = "sql";
version = "0.0.0+rev=36c4de3";
version = "0.0.0+rev=caf2938";
src = fetchFromGitHub {
owner = "derekstride";
repo = "tree-sitter-sql";
rev = "36c4de35f76dfa732493aae606feb69dce4b1daa";
hash = "sha256-D8gt0shaEU1zPjLHe+h/cCk6Z1xx5Va17A/0XDB1rvo=";
rev = "caf2938f1bc6b174e5bf5b6f3b5522cb723ee55b";
hash = "sha256-PbbPp6CsnrFj7/OwF957MEbSf3PekXon7dMkcoHMO7c=";
};
meta.homepage = "https://github.com/derekstride/tree-sitter-sql";
};
@ -2470,12 +2514,12 @@
};
wing = buildGrammar {
language = "wing";
version = "0.0.0+rev=bde9356";
version = "0.0.0+rev=8abdb5e";
src = fetchFromGitHub {
owner = "winglang";
repo = "wing";
rev = "bde93562c6dae6aaffd641cb367356386da412d0";
hash = "sha256-Fv2tc7KmY9Hn5TqO5JKjbj33rYQvLQwpzBYO+W0bySU=";
rev = "8abdb5e1846a56004bcba6e1d9a735e22bb5fff4";
hash = "sha256-Pmj7Tk9GSeRNIvWODo9StI1c0Hx35B/G15r4kGvErgs=";
};
location = "libs/tree-sitter-wing";
generate = true;

2
pkgs/applications/editors/vim/plugins/overrides.nix
View File

@ -999,7 +999,7 @@ self: super: {
pname = "sg-nvim-rust";
inherit (old) version src;
cargoHash = "sha256-wJpJELVgzixzu8T9EHACur3LNm/sqfkkbGn+AkApzW4=";
cargoHash = "sha256-Rqs9INcc53SYGXHRyeTbLkGGU035i2i6n6A4ekFKve0=";
nativeBuildInputs = [ pkg-config ];

3
pkgs/applications/editors/vim/plugins/vim-plugin-names
View File

@ -190,6 +190,7 @@ https://github.com/aca/completion-tabnine/,,
https://github.com/nvim-treesitter/completion-treesitter/,,
https://github.com/chikatoike/concealedyank.vim/,,
https://github.com/rhysd/conflict-marker.vim/,,
https://github.com/stevearc/conform.nvim/,HEAD,
https://github.com/Olical/conjure/,,
https://github.com/wellle/context.vim/,,
https://github.com/Shougo/context_filetype.vim/,,
@ -277,7 +278,6 @@ https://github.com/freddiehaddad/feline.nvim/,,
https://github.com/bakpakin/fennel.vim/,,
https://github.com/lambdalisue/fern.vim/,,
https://github.com/wincent/ferret/,,
https://github.com/mrcjkb/ferris.nvim/,HEAD,
https://github.com/j-hui/fidget.nvim/,legacy,
https://github.com/bogado/file-line/,,
https://github.com/glacambre/firenvim/,HEAD,
@ -734,6 +734,7 @@ https://github.com/keith/rspec.vim/,,
https://github.com/ccarpita/rtorrent-syntax-file/,,
https://github.com/simrat39/rust-tools.nvim/,,
https://github.com/rust-lang/rust.vim/,,
https://github.com/mrcjkb/rustaceanvim/,HEAD,
https://github.com/hauleth/sad.vim/,,
https://github.com/vmware-archive/salt-vim/,,
https://github.com/lewis6991/satellite.nvim/,HEAD,

12
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -377,8 +377,8 @@ let
mktplcRef = {
name = "Millet";
publisher = "azdavis";
version = "0.12.5";
sha256 = "sha256-gJIxCdoxWGThalY+qJ930UtRLFkvr34LfaSioAZH9TQ=";
version = "0.13.5";
sha256 = "sha256-sWM7N+axgu1zOGWexR4JVupVmYhZrd4cZz3pmLxRj8Q=";
};
nativeBuildInputs = [ jq moreutils ];
postInstall = ''
@ -3298,8 +3298,8 @@ let
mktplcRef = {
name = "svelte-vscode";
publisher = "svelte";
version = "107.4.3";
sha256 = "sha256-z1foIJXVKmJ0G4FfO9xsjiQgmq/ZtoB3b6Ch8Nyj1zY=";
version = "107.12.0";
sha256 = "036ri011fd0cf91iwv59j57m05mxliy27ms4di2y9jlk7jzmr4s2";
};
meta = {
changelog = "https://github.com/sveltejs/language-tools/releases";
@ -3521,8 +3521,8 @@ let
mktplcRef = {
name = "uiua-vscode";
publisher = "uiua-lang";
version = "0.0.19";
sha256 = "sha256-Tww1urq6CfLma254Sn5lwOYwbvxAeDZuBuFBQlzks1c=";
version = "0.0.21";
sha256 = "sha256-u57U/MmxvionFZp/tLK/KpddaxA/SUffeggKBSzmsXo=";
};
meta = {
description = "VSCode language extension for Uiua";

10
pkgs/applications/emulators/blink/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, lib }:
{ stdenv, fetchFromGitHub, fetchpatch, lib }:
stdenv.mkDerivation (finalAttrs: {
pname = "blink";
@ -11,6 +11,14 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-W7yL7Ut3MRygJhFGr+GIj/CK57MkuDTcenft8IvH7jU=";
};
# Drop after next release
patches = [
(fetchpatch {
url = "https://github.com/jart/blink/commit/b31fed832b10d32eadaec885fb20dacbb0eb6986.patch";
hash = "sha256-DfZxW/H58qXAjkQz31YS4SPMz7152ZzNHK7wHopgnQA=";
})
];
# 'make check' requires internet connection
doCheck = true;
checkTarget = "test";

2
pkgs/applications/emulators/retroarch/cores.nix
View File

@ -568,6 +568,7 @@ in
mame2015 = mkLibretroCore {
core = "mame2015";
patches = [ ./patches/mame2015-python311.patch ];
makeFlags = [ "PYTHON=python3" ];
extraNativeBuildInputs = [ python3 ];
extraBuildInputs = [ alsa-lib ];
@ -581,6 +582,7 @@ in
mame2016 = mkLibretroCore {
core = "mame2016";
patches = [ ./patches/mame2016-python311.patch ];
extraNativeBuildInputs = [ python3 ];
extraBuildInputs = [ alsa-lib ];
makeFlags = [ "PYTHON_EXECUTABLE=python3" ];

61
pkgs/applications/emulators/retroarch/patches/mame2015-python311.patch Normal file
View File

@ -0,0 +1,61 @@
diff --git a/src/emu/cpu/m6502/m6502make.py b/src/emu/cpu/m6502/m6502make.py
index da29fc722a..3de641dd69 100755
--- a/src/emu/cpu/m6502/m6502make.py
+++ b/src/emu/cpu/m6502/m6502make.py
@@ -16,7 +16,7 @@ def load_opcodes(fname):
opcodes = []
logging.info("load_opcodes: %s", fname)
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
logging.error("cannot read opcodes file %s [%s]", fname, err)
@@ -39,7 +39,7 @@ def load_disp(fname):
logging.info("load_disp: %s", fname)
states = []
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
logging.error("cannot read display file %s [%s]", fname, err)
diff --git a/src/emu/cpu/m6809/m6809make.py b/src/emu/cpu/m6809/m6809make.py
index c3d5b0f66e..79f6f90cdd 100644
--- a/src/emu/cpu/m6809/m6809make.py
+++ b/src/emu/cpu/m6809/m6809make.py
@@ -14,7 +14,7 @@ def load_file(fname, lines):
if path != "":
path += '/'
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
sys.stderr.write("Cannot read opcodes file %s [%s]\n" % (fname, err))
diff --git a/src/emu/cpu/mcs96/mcs96make.py b/src/emu/cpu/mcs96/mcs96make.py
index ec5ec37a78..7ab806a653 100644
--- a/src/emu/cpu/mcs96/mcs96make.py
+++ b/src/emu/cpu/mcs96/mcs96make.py
@@ -71,7 +71,7 @@ def __init__(self, fname, is_196):
self.ea = {}
self.macros = {}
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
sys.stderr.write("Cannot read opcodes file %s [%s]\n" % (fname, err))
diff --git a/src/emu/cpu/tms57002/tmsmake.py b/src/emu/cpu/tms57002/tmsmake.py
index 62092097d9..78f9fe43cd 100755
--- a/src/emu/cpu/tms57002/tmsmake.py
+++ b/src/emu/cpu/tms57002/tmsmake.py
@@ -326,7 +326,7 @@ def ins_cmp_dasm(a, b):
def LoadLst(filename):
instructions = []
ins = None
- for n, line in enumerate(open(filename, "rU")):
+ for n, line in enumerate(open(filename, "r")):
line = line.rstrip()
if not line and ins:
# new lines separate intructions

74
pkgs/applications/emulators/retroarch/patches/mame2016-python311.patch Normal file
View File

@ -0,0 +1,74 @@
diff --git a/scripts/build/verinfo.py b/scripts/build/verinfo.py
index a73d8ad268..82a80c0984 100644
--- a/scripts/build/verinfo.py
+++ b/scripts/build/verinfo.py
@@ -63,7 +63,7 @@ def extract_version(input):
build, outfmt, srcfile, dstfile = parse_args()
try:
- fp = open(srcfile, 'rU')
+ fp = open(srcfile, 'r')
except IOError:
sys.stderr.write("Unable to open source file '%s'\n" % srcfile)
sys.exit(1)
diff --git a/src/devices/cpu/m6502/m6502make.py b/src/devices/cpu/m6502/m6502make.py
index 8bcd85f8e2..557b175966 100755
--- a/src/devices/cpu/m6502/m6502make.py
+++ b/src/devices/cpu/m6502/m6502make.py
@@ -18,7 +18,7 @@ def load_opcodes(fname):
opcodes = []
logging.info("load_opcodes: %s", fname)
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
logging.error("cannot read opcodes file %s [%s]", fname, err)
@@ -41,7 +41,7 @@ def load_disp(fname):
logging.info("load_disp: %s", fname)
states = []
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
logging.error("cannot read display file %s [%s]", fname, err)
diff --git a/src/devices/cpu/m6809/m6809make.py b/src/devices/cpu/m6809/m6809make.py
index 8838b96019..e1ea25db06 100644
--- a/src/devices/cpu/m6809/m6809make.py
+++ b/src/devices/cpu/m6809/m6809make.py
@@ -16,7 +16,7 @@ def load_file(fname, lines):
if path != "":
path += '/'
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
sys.stderr.write("Cannot read opcodes file %s [%s]\n" % (fname, err))
diff --git a/src/devices/cpu/mcs96/mcs96make.py b/src/devices/cpu/mcs96/mcs96make.py
index b4844942e3..207208d2b6 100644
--- a/src/devices/cpu/mcs96/mcs96make.py
+++ b/src/devices/cpu/mcs96/mcs96make.py
@@ -73,7 +73,7 @@ def __init__(self, fname, is_196):
self.ea = {}
self.macros = {}
try:
- f = open(fname, "rU")
+ f = open(fname, "r")
except Exception:
err = sys.exc_info()[1]
sys.stderr.write("Cannot read opcodes file %s [%s]\n" % (fname, err))
diff --git a/src/devices/cpu/tms57002/tmsmake.py b/src/devices/cpu/tms57002/tmsmake.py
index e2e12b5a4b..942ec09537 100755
--- a/src/devices/cpu/tms57002/tmsmake.py
+++ b/src/devices/cpu/tms57002/tmsmake.py
@@ -323,7 +323,7 @@ def AddInfo(self, line):
def LoadLst(filename):
instructions = []
ins = None
- for n, line in enumerate(open(filename, "rU")):
+ for n, line in enumerate(open(filename, "r")):
line = line.rstrip()
if not line and ins:
# new lines separate intructions

4
pkgs/applications/emulators/xemu/default.nix
View File

@ -28,13 +28,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "xemu";
version = "0.7.111";
version = "0.7.116";
src = fetchFromGitHub {
owner = "xemu-project";
repo = "xemu";
rev = "v${finalAttrs.version}";
hash = "sha256-j7VNNKGm8mFEz+8779ylw1Yjd+jDuoL19Sw52kJll4s=";
hash = "sha256-/fUTQYi6EDG4wUFc17nuBUt/F1zBdhk/MEizwTo5I8Q=";
fetchSubmodules = true;
};

4
pkgs/applications/gis/grass/default.nix
View File

@ -34,13 +34,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "grass";
version = "8.3.0";
version = "8.3.1";
src = fetchFromGitHub {
owner = "OSGeo";
repo = "grass";
rev = finalAttrs.version;
hash = "sha256-YHQtvp/AYMWme46yIc4lE/izjqVePnPxn3GY5RRfPq4=";
hash = "sha256-SoJq4SuDYImfkM2e991s47vYusrmnrQaXn7p3xwyOOQ=";
};
nativeBuildInputs = [

6
pkgs/applications/graphics/ImageMagick/default.nix
View File

@ -30,6 +30,7 @@
, Foundation
, testers
, imagemagick
, nixos-icons
, perlPackages
, python3
}:
@ -48,13 +49,13 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "imagemagick";
version = "7.1.1-19";
version = "7.1.1-21";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = finalAttrs.version;
hash = "sha256-SxvaodAjSlOvmGPnD0AcXHrE5dTX2eX1sDM/441rP64=";
hash = "sha256-DqVonNh6bFNK91Pd6MwIO1yMrshfGAWNWPpHHQUA2sQ=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big
@ -126,6 +127,7 @@ stdenv.mkDerivation (finalAttrs: {
passthru.tests = {
version = testers.testVersion { package = finalAttrs.finalPackage; };
inherit nixos-icons;
inherit (perlPackages) ImageMagick;
inherit (python3.pkgs) img2pdf;
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;

3
pkgs/applications/graphics/autotrace/default.nix
View File

@ -26,8 +26,9 @@ stdenv.mkDerivation rec {
patches = [
(fetchpatch {
# https://github.com/autotrace/autotrace/pull/105
name = "imagemagick7-support.patch";
url = "https://github.com/autotrace/autotrace/pull/105.patch";
url = "https://github.com/autotrace/autotrace/compare/170488e1871d50aad7a800b901e33ded7d31773a...c26a2a059926c595a00839c8d9961e9381206579.patch";
hash = "sha256-Q82LRF/BsJ/Ii2s+7yaYHs9agMKYVYIMnbwqz8P92s0=";
})
];

4
pkgs/applications/graphics/fbida/default.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, libGL
, libjpeg
, libexif
, giflib
@ -17,6 +18,7 @@
, sane-backends
, libXpm
, libepoxy
, pixman
, poppler
, mesa
, lirc
@ -42,6 +44,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config which ];
buildInputs = [
libGL
libexif
libjpeg
libpng
@ -56,6 +59,7 @@ stdenv.mkDerivation rec {
libdrm
libXpm
libepoxy
pixman
poppler
lirc
mesa

4
pkgs/applications/graphics/pineapple-pictures/default.nix
View File

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "pineapple-pictures";
version = "0.7.2";
version = "0.7.3";
src = fetchFromGitHub {
owner = "BLumia";
repo = "pineapple-pictures";
rev = finalAttrs.version;
hash = "sha256-dD0pHqw1Gxp+yxzYdm2ZgxiHKyuJKBGYpjv99B1Da1g=";
hash = "sha256-UZVpyrUFf/uJNs2GHLYXpb81e7yzC8EFuoD+0Bzj6xQ=";
};
nativeBuildInputs = [

4
pkgs/applications/kde/marble.nix
View File

@ -2,7 +2,7 @@
, extra-cmake-modules, kdoctools
, qtscript, qtsvg, qtquickcontrols, qtwebengine
, krunner, shared-mime-info, kparts, knewstuff
, gpsd, perl, protobuf3_21
, gpsd, perl, protobuf_21
}:
mkDerivation {
@ -15,7 +15,7 @@ mkDerivation {
outputs = [ "out" "dev" ];
nativeBuildInputs = [ extra-cmake-modules kdoctools perl ];
propagatedBuildInputs = [
protobuf3_21 qtscript qtsvg qtquickcontrols qtwebengine shared-mime-info krunner kparts
protobuf_21 qtscript qtsvg qtquickcontrols qtwebengine shared-mime-info krunner kparts
knewstuff gpsd
];
preConfigure = ''

Some files were not shown because too many files have changed in this diff Show More