nixpkgs: 2024-05-08 -> 2024-05-13, nixpkgs-wayland, sops-nix

``` • Updated input 'nixpkgs-next-unpatched': 'github:nixos/nixpkgs/c8e3f684443d7c2875ff169f6ef2533534105e7b' (2024-05-08) → 'github:nixos/nixpkgs/6a217e9b1d39415076c7a6cfc44be5e935e7a839' (2024-05-13) • Updated input 'nixpkgs-unpatched': 'github:nixos/nixpkgs/a751e2faa2fc94c1337c32aaf6a6e417afe90be9' (2024-05-08) → 'github:nixos/nixpkgs/6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5' (2024-05-13) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c' (2024-05-08) → 'github:nix-community/nixpkgs-wayland/5f7272dff81558143f93e2cb32189a52ef965892' (2024-05-13) • Updated input 'nixpkgs-wayland/lib-aggregate': 'github:nix-community/lib-aggregate/26fabca301e1133abd3d9192b1bcb6fb45b30f1d' (2024-05-05) → 'github:nix-community/lib-aggregate/09883ca828e8cfaacdb09e29190a7b84ad1d9925' (2024-05-12) • Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/4b620020fd73bdd5104e32c702e65b60b6869426' (2024-05-05) → 'github:nix-community/nixpkgs.lib/58e03b95f65dfdca21979a081aa62db0eed6b1d8' (2024-05-12) • Updated input 'nixpkgs-wayland/nix-eval-jobs': 'github:nix-community/nix-eval-jobs/7b6640f2a10701bf0db16aff048070f400e8ea7c' (2024-04-23) → 'github:nix-community/nix-eval-jobs/63154bdfb22091041b307d17863bdc0e01a32a00' (2024-05-09) • Updated input 'nixpkgs-wayland/nix-eval-jobs/nixpkgs': 'github:NixOS/nixpkgs/1e1dc66fe68972a76679644a5577828b6a7e8be4' (2024-04-22) → 'github:NixOS/nixpkgs/ad7efee13e0d216bf29992311536fce1d3eefbef' (2024-05-06) • Updated input 'sops-nix': 'github:Mic92/sops-nix/893e3df091f6838f4f9d71c61ab079d5c5dedbd1' (2024-05-06) → 'github:Mic92/sops-nix/b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e' (2024-05-12) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/b980b91038fc4b09067ef97bbe5ad07eecca1e76' (2024-05-04) → 'github:NixOS/nixpkgs/8e47858badee5594292921c2668c11004c3b0142' (2024-05-11) ```
2024-05-13 07:52:55 +00:00 · 2024-05-13 07:52:55 +00:00 · 2ae286ff75
commit 2ae286ff75
parent a05fa53ee1
4 changed files with 38 additions and 240 deletions
--- a/flake.lock
+++ b/flake.lock
@ -61,11 +61,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1714910950,
-        "narHash": "sha256-gaq5bphSsY+htEXFDkImOrH3MVCkxFTvCiwdCJj096E=",
+        "lastModified": 1715515815,
+        "narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
        "owner": "nix-community",
        "repo": "lib-aggregate",
-        "rev": "26fabca301e1133abd3d9192b1bcb6fb45b30f1d",
+        "rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
        "type": "github"
      },
      "original": {
@ -99,11 +99,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1713858845,
-        "narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=",
+        "lastModified": 1715248291,
+        "narHash": "sha256-npC9Swu4VIlRIiEP0XFGoIukd6vOufS/M3PdHk6rQpc=",
        "owner": "nix-community",
        "repo": "nix-eval-jobs",
-        "rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c",
+        "rev": "63154bdfb22091041b307d17863bdc0e01a32a00",
        "type": "github"
      },
      "original": {
@ -136,11 +136,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1713805509,
-        "narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=",
+        "lastModified": 1715037484,
+        "narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4",
+        "rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
        "type": "github"
      },
      "original": {
@ -152,11 +152,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1714870069,
+        "lastModified": 1715474941,
        "narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "4b620020fd73bdd5104e32c702e65b60b6869426",
+        "rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
        "type": "github"
      },
      "original": {
@ -167,11 +167,11 @@
    },
    "nixpkgs-next-unpatched": {
      "locked": {
-        "lastModified": 1715148084,
-        "narHash": "sha256-arUW5NSCMy7K8uO+1ODJqyptf71HP69XbJlSuf361rI=",
+        "lastModified": 1715580068,
+        "narHash": "sha256-EuE4shavKc+ZX3eKbeVFLvajC72taSCh5kPc+91K9/k=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c8e3f684443d7c2875ff169f6ef2533534105e7b",
+        "rev": "6a217e9b1d39415076c7a6cfc44be5e935e7a839",
        "type": "github"
      },
      "original": {
@ -183,11 +183,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1714858427,
-        "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
+        "lastModified": 1715458492,
+        "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
+        "rev": "8e47858badee5594292921c2668c11004c3b0142",
        "type": "github"
      },
      "original": {
@ -199,11 +199,11 @@
    },
    "nixpkgs-unpatched": {
      "locked": {
-        "lastModified": 1715156971,
-        "narHash": "sha256-sEgAH6EkkQf5Aux4JT5HvdKWia0ryePYI0RhioskVS8=",
+        "lastModified": 1715585398,
+        "narHash": "sha256-gkjMf9c+ggjxQ9hYDlVlLbz5IQ1WPtoyCl4EIImHJps=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a751e2faa2fc94c1337c32aaf6a6e417afe90be9",
+        "rev": "6bc8c8a7ac13182ee24a5e2caab7ad739f1c55c5",
        "type": "github"
      },
      "original": {
@ -223,11 +223,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715156333,
-        "narHash": "sha256-8V09AxlIyKh8maX5/fAo8JuijEu9KM1DVlPscxzmKsk=",
+        "lastModified": 1715584565,
+        "narHash": "sha256-lg2mUWqSG5puwVBMGWo1fUhLuLxnsZoxItJqi68caiA=",
        "owner": "nix-community",
        "repo": "nixpkgs-wayland",
-        "rev": "7dc8fb2aa7db995ac1ce2a8f2f8d8784b2af591c",
+        "rev": "5f7272dff81558143f93e2cb32189a52ef965892",
        "type": "github"
      },
      "original": {
@ -254,11 +254,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1715035358,
-        "narHash": "sha256-RY6kqhpCPa/q3vbqt3iYRyjO3hJz9KZnshMjbpPon8o=",
+        "lastModified": 1715482972,
+        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "893e3df091f6838f4f9d71c61ab079d5c5dedbd1",
+        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
        "type": "github"
      },
      "original": {
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -5,7 +5,6 @@
    ./dyn-dns.nix
    ./eg25-manager.nix
    ./kiwix-serve.nix
-    ./mautrix-signal.nix
    ./nixserve.nix
    ./trust-dns.nix
  ];
--- a/modules/services/mautrix-signal.nix
+++ b/modules/services/mautrix-signal.nix
@ -1,207 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  # TODO: upstream these "optional-dependencies"
-  # - search that phrase in <nixpkgs:doc/languages-frameworks/python.section.md>
-  pkg = pkgs.mautrix-signal.overridePythonAttrs (super: {
-    propagatedBuildInputs = super.propagatedBuildInputs ++ (with pkgs.python3.pkgs; [
-      # these optional deps come from mautrix-signal's "optional-requirements.txt"
-
-      # #/e2be
-      # python-olm>=3,<4
-      # pycryptodome>=3,<4
-      # unpaddedbase64>=1,<3
-      # XXX: ^above already included in nixpkgs package
-
-      # #/metrics
-      # prometheus_client>=0.6,<0.17
-      # XXX: ^above already included in nixpkgs package
-
-      # #/formattednumbers
-      # phonenumbers>=8,<9
-      # XXX: ^above already included in nixpkgs package
-
-      # #/qrlink
-      # qrcode>=6,<8
-      # Pillow>=4,<10
-      # XXX: ^above already included in nixpkgs package
-
-      # #/stickers
-      # signalstickers-client>=3,<4
-
-      # #/sqlite
-      # aiosqlite>=0.16,<0.19
-      aiosqlite
-    ]);
-  });
-  dataDir = "/var/lib/mautrix-signal";
-  registrationFile = "${dataDir}/signal-registration.yaml";
-  cfg = config.services.mautrix-signal;
-  settingsFormat = pkgs.formats.json {};
-  settingsFile =
-    settingsFormat.generate "mautrix-signal-config.json" cfg.settings;
-in
-{
-  options = {
-    services.mautrix-signal = {
-      enable = mkEnableOption (lib.mdDoc "Mautrix-Signal, a Matrix-Signal puppeting bridge");
-
-      settings = mkOption rec {
-        apply = recursiveUpdate default;
-        inherit (settingsFormat) type;
-        default = {
-          # defaults based on this upstream example config:
-          # - <https://github.com/mautrix/signal/blob/master/mautrix_signal/example-config.yaml>
-          homeserver = {
-            address = "http://localhost:8008";
-            software = "standard";
-            # domain = "SETME";
-          };
-
-          appservice = rec {
-            address = "http://${hostname}:${toString port}";
-            hostname = "localhost";
-            port = 29328;
-
-            database = "sqlite:///${dataDir}/mautrix-signal.db";
-            database_opts = {};
-            bot_username = "signalbot";
-          };
-
-          bridge = {
-            username_template = "signal_{userid}";
-            permissions."*" = "relay";
-            double_puppet_server_map = {};
-            login_shared_secret_map = {};
-          };
-
-          logging = {
-            version = 1;
-
-            formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
-
-            handlers.console = {
-              class = "logging.StreamHandler";
-              formatter = "precise";
-            };
-
-            # log to console/systemd instead of file
-            root = {
-              level = "INFO";
-              handlers = ["console"];
-            };
-          };
-        };
-        example = literalExpression ''
-          {
-            homeserver = {
-              address = "http://localhost:8008";
-              domain = "mydomain.example";
-            };
-
-            bridge.permissions = {
-              "@admin:mydomain.example" = "admin";
-              "mydomain.example" = "user";
-            };
-          }
-        '';
-        description = lib.mdDoc ''
-          {file}`config.yaml` configuration as a Nix attribute set.
-          Configuration options should match those described in
-          [example-config.yaml](https://github.com/mautrix/signale/blob/master/mautrix_signal/example-config.yaml).
-        '';
-      };
-
-      environmentFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        description = lib.mdDoc ''
-          File containing environment variables to be passed to the mautrix-signal service,
-          in which secret tokens can be specified securely by defining values for e.g.
-          `MAUTRIX_SIGNAL_APPSERVICE_AS_TOKEN`,
-          `MAUTRIX_SIGNAL_APPSERVICE_HS_TOKEN`
-
-          These environment variables can also be used to set other options by
-          replacing hierarchy levels by `.`, converting the name to uppercase
-          and prepending `MAUTRIX_SIGNAL_`.
-          For example, the first value above maps to
-          {option}`settings.appservice.as_token`.
-
-          The environment variable values can be prefixed with `json::` to have
-          them be parsed as JSON. For example, `login_shared_secret_map` can be
-          set as follows:
-          `MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET_MAP=json::{"example.com":"secret"}`.
-        '';
-      };
-
-      serviceDependencies = mkOption {
-        type = with types; listOf str;
-        default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
-        defaultText = literalExpression ''
-          optional config.services.matrix-synapse.enable "matrix-synapse.service"
-        '';
-        description = lib.mdDoc ''
-          List of Systemd services to require and wait for when starting the application service.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    users.groups.mautrix-signal = {};
-
-    users.users.mautrix-signal = {
-      group = "mautrix-signal";
-      isSystemUser = true;
-    };
-
-    systemd.services.mautrix-signal = {
-      description = "Mautrix-Signal, a Matrix-Signal puppeting bridge.";
-
-      wantedBy = [ "multi-user.target" ];
-      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
-      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
-      path = [ pkgs.ffmpeg ];  # voice messages need `ffmpeg`
-
-      # environment.HOME = dataDir;
-
-      preStart = ''
-        # generate the appservice's registration file if absent
-        if [ ! -f '${registrationFile}' ]; then
-          ${pkg}/bin/mautrix-signal \
-            --generate-registration \
-            --no-update \
-            --base-config='${pkg}/${pkg.pythonModule.sitePackages}/mautrix_signal/example-config.yaml' \
-            --config='${settingsFile}' \
-            --registration='${registrationFile}'
-        fi
-      '';
-
-      serviceConfig = {
-        Type = "simple";
-        Restart = "always";
-
-        User = "mautrix-signal";
-
-        ProtectSystem = "strict";
-        ProtectHome = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectControlGroups = true;
-
-        PrivateTmp = true;
-        WorkingDirectory = pkg;
-        StateDirectory = baseNameOf dataDir;
-        UMask = "0027";
-        EnvironmentFile = cfg.environmentFile;
-
-        ExecStart = ''
-          ${pkg}/bin/mautrix-signal \
-            --config='${settingsFile}' \
-            --no-update
-        '';
-      };
-    };
-  };
-}
--- a/nixpatches/list.nix
+++ b/nixpatches/list.nix
@ -32,6 +32,12 @@ in [
  # etc, where "date" is like "20240228181608"
  # and can be found with `nix-repl  > :lf .  > lastModifiedDate`

+  (fetchpatch' {
+    title = "nixos/zsh: fix `lib.lib.mkAfter` typo";
+    saneCommit = "e4fdd34dd9cf4797216f3ed37c416dcb147dd7a7";
+    hash = "sha256-VG1wn8Z1K28bZfrcg4qFmecRMJq/T0XkgACt73GioZs=";
+  })
+
  (fetchpatch' {
    # TODO: send upstream
    title = "python3Packages.dbus-python: fix build when doInstallCheck=false";
@ -141,12 +147,12 @@ in [
    saneCommit = "56348833b4411e9fe2016c24c7fc4af1e3c1d28a";
    hash = "sha256-RUw88u7CI2C1IpRUhGbdYamHsPT1jBV0ROyVvzLWdv8=";
  })
-  (fetchpatch' {
-    # TODO: send for review (it should be unblocked as of 2024/05/08)
-    title = "pidgin: support cross compilation";
-    saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a";
-    hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0=";
-  })
+  # (fetchpatch' {
+  #   # TODO: send for review (it should be unblocked as of 2024/05/08)
+  #   title = "pidgin: support cross compilation";
+  #   saneCommit = "caacbcc54e217f5ee9281422777a7f712765f71a";
+  #   hash = "sha256-UyZaNNp84zKShuo6zu0nfZ2FygHGcmV63Ww4Y4CtCF0=";
+  # })

  (fetchpatch' {
    title = "libgweather: enable introspection on cross builds";