colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2023-11-01 00:13:02 +00:00 committed by GitHub
commit 0f196bb1eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
252 changed files with 11951 additions and 10145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/CODEOWNERS vendored
View File

@ -48,6 +48,8 @@
/pkgs/build-support/setup-hooks/auto-patchelf.sh @layus
/pkgs/build-support/setup-hooks/auto-patchelf.py @layus
/pkgs/pkgs-lib @infinisil
## Format generators/serializers
/pkgs/pkgs-lib/formats/libconfig @ckiee
# pkgs/by-name
/pkgs/test/nixpkgs-check-by-name @infinisil

76
.github/ISSUE_TEMPLATE/unreproducible_package.md vendored
View File

@ -7,25 +7,81 @@ assignees: ''
---
Building this package twice does not produce the bit-by-bit identical result each time, making it harder to detect CI breaches. You can read more about this at https://reproducible-builds.org/ .
<!--
Hello dear reporter,
Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems.
Thank you for bringing attention to this issue. Your insights are valuable to
us, and we appreciate the time you took to document the problem.
I wanted to kindly point out that in this issue template, it would be beneficial
to replace the placeholder `<package>` with the actual, canonical name of the
package you're reporting the issue for. Doing so will provide better context and
facilitate quicker troubleshooting for anyone who reads this issue in the
future.
Best regards
-->
Building this package multiple times does not yield bit-by-bit identical
results, complicating the detection of Continuous Integration (CI) breaches. For
more information on this issue, visit
[reproducible-builds.org](https://reproducible-builds.org/).
Fixing bit-by-bit reproducibility also has additional advantages, such as
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
and reducing rebuilds in such systems.
### Steps To Reproduce
```
nix-build '<nixpkgs>' -A ... && nix-build '<nixpkgs>' -A ... --check --keep-failed
```
In the following steps, replace `<package>` with the canonical name of the
package.
If this command completes successfully, no differences where found. However, when it ends in `error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>'`, you can use `diffoscope <Y> <Z>` to analyze the differences in the output of the two builds.
#### 1. Build the package
To view the build log of the build that produced the artifact in the binary cache:
This step will build the package. Specific arguments are passed to the command
to keep the build artifacts so we can compare them in case of differences.
Execute the following command:
```
nix-store --read-log $(nix-instantiate '<nixpkgs>' -A ...)
nix-build '<nixpkgs>' -A <package> && nix-build '<nixpkgs>' -A <package> --check --keep-failed
```
Or using the new command line style:
```
nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed
```
#### 2. Compare the build artifacts
If the previous command completes successfully, no differences were found and
there's nothing to do, builds are reproducible.
If it terminates with the error message `error: derivation '<X>' may not be
deterministic: output '<Y>' differs from '<Z>'`, use `diffoscope` to investigate
the discrepancies between the two build outputs. You may need to add the
`--exclude-directory-metadata recursive` option to ignore files and directories
metadata (*e.g. timestamp*) differences.
```
nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>
```
#### 3. Examine the build log
To examine the build log, use:
```
nix-store --read-log $(nix-instantiate '<nixpkgs>' -A <package>)
```
Or with the new command line style:
```
nix log $(nix path-info --derivation nixpkgs#<package>)
```
### Additional context
(please share the relevant fragment of the diffoscope output here,
and any additional analysis you may have done)
(please share the relevant fragment of the diffoscope output here, and any
additional analysis you may have done)

2
lib/fixed-points.nix
View File

@ -45,7 +45,7 @@ rec {
}
```
This is where `fix` comes in, it contains the syntactic that's not in `f` anymore.
This is where `fix` comes in, it contains the syntactic recursion that's not in `f` anymore.
```nix
nix-repl> fix = f:

9
lib/meta.nix
View File

@ -162,5 +162,12 @@ rec {
getExe' pkgs.imagemagick "convert"
=> "/nix/store/5rs48jamq7k6sal98ymj9l4k2bnwq515-imagemagick-7.1.1-15/bin/convert"
*/
getExe' = x: y: "${lib.getBin x}/bin/${y}";
getExe' = x: y:
assert lib.assertMsg (lib.isDerivation x)
"lib.meta.getExe': The first argument is of type ${builtins.typeOf x}, but it should be a derivation instead.";
assert lib.assertMsg (lib.isString y)
"lib.meta.getExe': The second argument is of type ${builtins.typeOf y}, but it should be a string instead.";
assert lib.assertMsg (builtins.length (lib.splitString "/" y) == 1)
"lib.meta.getExe': The second argument \"${y}\" is a nested path with a \"/\" character, but it should just be the name of the executable instead.";
"${lib.getBin x}/bin/${y}";
}

28
lib/tests/misc.nix
View File

@ -1906,4 +1906,32 @@ runTests {
expr = (with types; either int (listOf (either bool str))).description;
expected = "signed integer or list of (boolean or string)";
};
# Meta
testGetExe'Output = {
expr = getExe' {
type = "derivation";
out = "somelonghash";
bin = "somelonghash";
} "executable";
expected = "somelonghash/bin/executable";
};
testGetExeOutput = {
expr = getExe {
type = "derivation";
out = "somelonghash";
bin = "somelonghash";
meta.mainProgram = "mainProgram";
};
expected = "somelonghash/bin/mainProgram";
};
testGetExe'FailureFirstArg = testingThrow (
getExe' "not a derivation" "executable"
);
testGetExe'FailureSecondArg = testingThrow (
getExe' { type = "derivation"; } "dir/executable"
);
}

14
maintainers/maintainer-list.nix
View File

@ -5969,6 +5969,11 @@
githubId = 119691;
name = "Michael Gough";
};
franciscod = {
github = "franciscod";
githubId = 726447;
name = "Francisco Demartino";
};
franzmondlichtmann = {
name = "Franz Schroepf";
email = "franz-schroepf@t-online.de";
@ -6111,7 +6116,7 @@
};
fugi = {
email = "me@fugi.dev";
github = "FugiMuffi";
github = "fugidev";
githubId = 21362942;
name = "Fugi";
};
@ -18862,6 +18867,13 @@
fingerprint = "47F7 009E 3AE3 1DA7 988E 12E1 8C9B 0A8F C0C0 D862";
}];
};
wamirez = {
email = "wamirez@protonmail.com";
matrix = "@wamirez:matrix.org";
github = "wamirez";
githubId = 24505474;
name = "Daniel Ramirez";
};
wamserma = {
name = "Markus S. Wamser";
email = "github-dev@mail2013.wamser.eu";

0
nixos/modules/image/repart.md → nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md
View File

1
nixos/doc/manual/installation/installation.md
View File

@ -8,4 +8,5 @@ installing.chapter.md
changing-config.chapter.md
upgrading.chapter.md
building-nixos.chapter.md
building-images-via-systemd-repart.chapter.md
```

10
nixos/doc/manual/release-notes/rl-2311.section.md
View File

@ -38,6 +38,8 @@
true`. This is generally safe behavior, but for anyone needing to opt out from
the check `users.users.${USERNAME}.ignoreShellProgramCheck = true` will do the job.
- Cassandra now defaults to 4.x, updated from 3.11.x.
## New Services {#sec-release-23.11-new-services}
- [MCHPRS](https://github.com/MCHPR/MCHPRS), a multithreaded Minecraft server built for redstone. Available as [services.mchprs](#opt-services.mchprs.enable).
@ -72,6 +74,8 @@
- [LibreNMS](https://www.librenms.org), a auto-discovering PHP/MySQL/SNMP based network monitoring. Available as [services.librenms](#opt-services.librenms.enable).
- [Livebook](https://livebook.dev/), an interactive notebook with support for Elixir, graphs, machine learning, and more.
- [sitespeed-io](https://sitespeed.io), a tool that can generate metrics (timings, diagnostics) for websites. Available as [services.sitespeed-io](#opt-services.sitespeed-io.enable).
- [stalwart-mail](https://stalw.art), an all-in-one email server (SMTP, IMAP, JMAP). Available as [services.stalwart-mail](#opt-services.stalwart-mail.enable).
@ -337,6 +341,8 @@
- `service.borgmatic.settings.location` and `services.borgmatic.configurations.<name>.location` are deprecated, please move your options out of sections to the global scope.
- `privacyidea` (and the corresponding `privacyidea-ldap-proxy`) has been removed from nixpkgs because it has severely outdated dependencies that became unmaintainable with nixpkgs' python package-set.
- `dagger` was removed because using a package called `dagger` and packaging it from source violates their trademark policy.
- `win-virtio` package was renamed to `virtio-win` to be consistent with the upstream package name.
@ -488,10 +494,14 @@ The module update takes care of the new config syntax and the data itself (user
If you use this feature, updates to CoreDNS may require updating `vendorHash` by following these steps again.
- `postgresql_11` has been removed since it'll stop receiving fixes on November 9 2023.
- `ffmpeg` default upgraded from `ffmpeg_5` to `ffmpeg_6`.
- `fusuma` now enables the following plugins: [appmatcher](https://github.com/iberianpig/fusuma-plugin-appmatcher), [keypress](https://github.com/iberianpig/fusuma-plugin-keypress), [sendkey](https://github.com/iberianpig/fusuma-plugin-sendkey), [tap](https://github.com/iberianpig/fusuma-plugin-tap) and [wmctrl](https://github.com/iberianpig/fusuma-plugin-wmctrl).
- `services.bitcoind` now properly respects the `enable` option.
## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals}
- The use of `sourceRoot = "source";`, `sourceRoot = "source/subdir";`, and similar lines in package derivations using the default `unpackPhase` is deprecated as it requires `unpackPhase` to always produce a directory named "source". Use `sourceRoot = src.name`, `sourceRoot = "${src.name}/subdir";`, or `setSourceRoot = "sourceRoot=$(echo */subdir)";` or similar instead.

3
nixos/lib/systemd-lib.nix
View File

@ -21,11 +21,12 @@ in rec {
{ preferLocalBuild = true;
allowSubstitutes = false;
inherit (unit) text;
passAsFile = [ "text" ];
}
''
name=${shellEscape name}
mkdir -p "$out/$(dirname -- "$name")"
echo -n "$text" > "$out/$name"
mv "$textPath" "$out/$name"
''
else
pkgs.runCommand "unit-${mkPathSafeName name}-disabled"

2
nixos/modules/config/nix-channel.nix
View File

@ -99,7 +99,7 @@ in
systemd.tmpfiles.rules = lib.mkIf cfg.channel.enable [
"f /root/.nix-channels -"
''w "/root/.nix-channels" - - - - "${config.system.defaultChannel} nixos\n"''
''w+ "/root/.nix-channels" - - - - ${config.system.defaultChannel} nixos\n''
];
};
}

57
nixos/modules/image/repart.nix
View File

@ -34,12 +34,13 @@ let
};
});
default = { };
example = lib.literalExpression '' {
"/EFI/BOOT/BOOTX64.EFI".source =
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
example = lib.literalExpression ''
{
"/EFI/BOOT/BOOTX64.EFI".source =
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
"/loader/entries/nixos.conf".source = systemdBootEntry;
}
"/loader/entries/nixos.conf".source = systemdBootEntry;
}
'';
description = lib.mdDoc "The contents to end up in the filesystem image.";
};
@ -90,34 +91,33 @@ in
package = lib.mkPackageOption pkgs "systemd-repart" {
default = "systemd";
example = lib.literalExpression ''
pkgs.systemdMinimal.override { withCryptsetup = true; }
'';
example = "pkgs.systemdMinimal.override { withCryptsetup = true; }";
};
partitions = lib.mkOption {
type = with lib.types; attrsOf (submodule partitionOptions);
default = { };
example = lib.literalExpression '' {
"10-esp" = {
contents = {
"/EFI/BOOT/BOOTX64.EFI".source =
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
}
repartConfig = {
Type = "esp";
Format = "fat";
example = lib.literalExpression ''
{
"10-esp" = {
contents = {
"/EFI/BOOT/BOOTX64.EFI".source =
"''${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
}
repartConfig = {
Type = "esp";
Format = "fat";
};
};
"20-root" = {
storePaths = [ config.system.build.toplevel ];
repartConfig = {
Type = "root";
Format = "ext4";
Minimize = "guess";
};
};
};
"20-root" = {
storePaths = [ config.system.build.toplevel ];
repartConfig = {
Type = "root";
Format = "ext4";
Minimize = "guess";
};
};
};
'';
description = lib.mdDoc ''
Specify partitions as a set of the names of the partitions with their
@ -208,10 +208,7 @@ in
| tee repart-output.json
'';
meta = {
maintainers = with lib.maintainers; [ nikstur ];
doc = ./repart.md;
};
meta.maintainers = with lib.maintainers; [ nikstur ];
};
}

8
nixos/modules/module-list.nix
View File

@ -485,6 +485,7 @@
./services/development/hoogle.nix
./services/development/jupyter/default.nix
./services/development/jupyterhub/default.nix
./services/development/livebook.nix
./services/development/lorri.nix
./services/development/rstudio-server/default.nix
./services/development/zammad.nix
@ -1175,7 +1176,6 @@
./services/security/opensnitch.nix
./services/security/pass-secret-service.nix
./services/security/physlock.nix
./services/security/privacyidea.nix
./services/security/shibboleth-sp.nix
./services/security/sks.nix
./services/security/sshguard.nix
@ -1530,5 +1530,9 @@
./virtualisation/waydroid.nix
./virtualisation/xe-guest-utilities.nix
./virtualisation/xen-dom0.nix
{ documentation.nixos.extraModules = [ ./virtualisation/qemu-vm.nix ]; }
{ documentation.nixos.extraModules = [
./virtualisation/qemu-vm.nix
./image/repart.nix
];
}
]

2
nixos/modules/programs/direnv.nix
View File

@ -54,7 +54,7 @@ in {
};
imports = [
(lib.mkRemovedOptionModule ["programs" "direnv" "persistDerivations"] "persistDerivations was removed as it is on longer necessary")
(lib.mkRemovedOptionModule ["programs" "direnv" "persistDerivations"] "persistDerivations was removed as it is no longer necessary")
];
config = lib.mkIf cfg.enable {

4
nixos/modules/services/backup/postgresql-wal-receiver.nix
View File

@ -7,7 +7,7 @@ let
options = {
postgresqlPackage = mkOption {
type = types.package;
example = literalExpression "pkgs.postgresql_11";
example = literalExpression "pkgs.postgresql_15";
description = lib.mdDoc ''
PostgreSQL package to use.
'';
@ -124,7 +124,7 @@ in {
example = literalExpression ''
{
main = {
postgresqlPackage = pkgs.postgresql_11;
postgresqlPackage = pkgs.postgresql_15;
directory = /mnt/pg_wal/main/;
slot = "main_wal_receiver";
connection = "postgresql://user@somehost";

32
nixos/modules/services/databases/postgresql.md
View File

@ -17,9 +17,9 @@ PostgreSQL is an advanced, free relational database.
To enable PostgreSQL, add the following to your {file}`configuration.nix`:
```
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_11;
services.postgresql.package = pkgs.postgresql_15;
```
Note that you are required to specify the desired version of PostgreSQL (e.g. `pkgs.postgresql_11`). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for [](#opt-services.postgresql.package) such as the most recent release of PostgreSQL.
Note that you are required to specify the desired version of PostgreSQL (e.g. `pkgs.postgresql_15`). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for [](#opt-services.postgresql.package) such as the most recent release of PostgreSQL.
<!--
After running {command}`nixos-rebuild`, you can verify
@ -119,27 +119,27 @@ A complete list of options for the PostgreSQL module may be found [here](#opt-se
## Plugins {#module-services-postgres-plugins}
Plugins collection for each PostgreSQL version can be accessed with `.pkgs`. For example, for `pkgs.postgresql_11` package, its plugin collection is accessed by `pkgs.postgresql_11.pkgs`:
Plugins collection for each PostgreSQL version can be accessed with `.pkgs`. For example, for `pkgs.postgresql_15` package, its plugin collection is accessed by `pkgs.postgresql_15.pkgs`:
```ShellSession
$ nix repl '<nixpkgs>'
Loading '<nixpkgs>'...
Added 10574 variables.
nix-repl> postgresql_11.pkgs.<TAB><TAB>
postgresql_11.pkgs.cstore_fdw postgresql_11.pkgs.pg_repack
postgresql_11.pkgs.pg_auto_failover postgresql_11.pkgs.pg_safeupdate
postgresql_11.pkgs.pg_bigm postgresql_11.pkgs.pg_similarity
postgresql_11.pkgs.pg_cron postgresql_11.pkgs.pg_topn
postgresql_11.pkgs.pg_hll postgresql_11.pkgs.pgjwt
postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga
nix-repl> postgresql_15.pkgs.<TAB><TAB>
postgresql_15.pkgs.cstore_fdw postgresql_15.pkgs.pg_repack
postgresql_15.pkgs.pg_auto_failover postgresql_15.pkgs.pg_safeupdate
postgresql_15.pkgs.pg_bigm postgresql_15.pkgs.pg_similarity
postgresql_15.pkgs.pg_cron postgresql_15.pkgs.pg_topn
postgresql_15.pkgs.pg_hll postgresql_15.pkgs.pgjwt
postgresql_15.pkgs.pg_partman postgresql_15.pkgs.pgroonga
...
```
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:
```
services.postgresql.package = pkgs.postgresql_11;
services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [
services.postgresql.package = pkgs.postgresql_12;
services.postgresql.extraPlugins = with pkgs.postgresql_12.pkgs; [
pg_repack
postgis
];
@ -148,7 +148,7 @@ services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:
```
self: super: {
postgresql_custom = self.postgresql_11.withPackages (ps: [
postgresql_custom = self.postgresql_12.withPackages (ps: [
ps.pg_repack
ps.postgis
]);
@ -158,9 +158,9 @@ self: super: {
Here's a recipe on how to override a particular plugin through an overlay:
```
self: super: {
postgresql_11 = super.postgresql_11.override { this = self.postgresql_11; } // {
pkgs = super.postgresql_11.pkgs // {
pg_repack = super.postgresql_11.pkgs.pg_repack.overrideAttrs (_: {
postgresql_15 = super.postgresql_15.override { this = self.postgresql_15; } // {
pkgs = super.postgresql_15.pkgs // {
pg_repack = super.postgresql_15.pkgs.pg_repack.overrideAttrs (_: {
name = "pg_repack-v20181024";
src = self.fetchzip {
url = "https://github.com/reorg/pg_repack/archive/923fa2f3c709a506e111cc963034bf2fd127aa00.tar.gz";

10
nixos/modules/services/databases/postgresql.nix
View File

@ -55,7 +55,7 @@ in
package = mkOption {
type = types.package;
example = literalExpression "pkgs.postgresql_11";
example = literalExpression "pkgs.postgresql_15";
description = lib.mdDoc ''
PostgreSQL package to use.
'';
@ -78,7 +78,7 @@ in
dataDir = mkOption {
type = types.path;
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"'';
example = "/var/lib/postgresql/11";
example = "/var/lib/postgresql/15";
description = lib.mdDoc ''
The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
@ -387,7 +387,7 @@ in
extraPlugins = mkOption {
type = types.listOf types.path;
default = [];
example = literalExpression "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]";
example = literalExpression "with pkgs.postgresql_15.pkgs; [ postgis pg_repack ]";
description = lib.mdDoc ''
List of PostgreSQL plugins. PostgreSQL version for each plugin should
match version for `services.postgresql.package` value.
@ -399,7 +399,7 @@ in
default = {};
description = lib.mdDoc ''
PostgreSQL configuration. Refer to
<https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE>
<https://www.postgresql.org/docs/15/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE>
for an overview of `postgresql.conf`.
::: {.note}
@ -461,7 +461,7 @@ in
base = if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11
else if versionAtLeast config.system.stateVersion "20.03" then mkThrow "11"
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"
else mkThrow "9_5";
in

39
nixos/modules/services/development/livebook.md Normal file
View File

@ -0,0 +1,39 @@
# Livebook {#module-services-livebook}
[Livebook](https://livebook.dev/) is a web application for writing
interactive and collaborative code notebooks.
## Basic Usage {#module-services-livebook-basic-usage}
Enabling the `livebook` service creates a user
[`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) unit
which runs the server.
```
{ ... }:
{
services.livebook = {
enableUserService = true;
port = 20123;
# See note below about security
environmentFile = pkgs.writeText "livebook.env" ''
LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
'';
};
}
```
::: {.note}
The Livebook server has the ability to run any command as the user it
is running under, so securing access to it with a password is highly
recommended.
Putting the password in the Nix configuration like above is an easy
way to get started but it is not recommended in the real world because
the `livebook.env` file will be added to the world-readable Nix store.
A better approach would be to put the password in some secure
user-readable location and set `environmentFile = /home/user/secure/livebook.env`.
:::

90
nixos/modules/services/development/livebook.nix Normal file
View File

@ -0,0 +1,90 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.livebook;
in
{
options.services.livebook = {
# Since livebook doesn't have a granular permission system (a user
# either has access to all the data or none at all), the decision
# was made to run this as a user service. If that changes in the
# future, this can be changed to a system service.
enableUserService = mkEnableOption "a user service for Livebook";
environmentFile = mkOption {
type = types.path;
description = lib.mdDoc ''
Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.
This must contain at least `LIVEBOOK_PASSWORD` or
`LIVEBOOK_TOKEN_ENABLED=false`. See `livebook server --help`
for other options.'';
};
erlang_node_short_name = mkOption {
type = with types; nullOr str;
default = null;
example = "livebook";
description = "A short name for the distributed node.";
};
erlang_node_name = mkOption {
type = with types; nullOr str;
default = null;
example = "livebook@127.0.0.1";
description = "The name for the app distributed node.";
};
port = mkOption {
type = types.port;
default = 8080;
description = "The port to start the web application on.";
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
The address to start the web application on. Must be a valid IPv4 or
IPv6 address.
'';
};
options = mkOption {
type = with types; attrsOf str;
default = { };
description = lib.mdDoc ''
Additional options to pass as command-line arguments to the server.
'';
example = literalExpression ''
{
cookie = "a value shared by all nodes in this cluster";
}
'';
};
};
config = mkIf cfg.enableUserService {
systemd.user.services.livebook = {
serviceConfig = {
Restart = "always";
EnvironmentFile = cfg.environmentFile;
ExecStart =
let
args = lib.cli.toGNUCommandLineShell { } ({
inherit (cfg) port;
ip = cfg.address;
name = cfg.erlang_node_name;
sname = cfg.erlang_node_short_name;
} // cfg.options);
in
"${pkgs.livebook}/bin/livebook server ${args}";
};
path = [ pkgs.bash ];
wantedBy = [ "default.target" ];
};
};
meta.doc = ./livebook.md;
}

3
nixos/modules/services/networking/bitcoind.nix
View File

@ -3,8 +3,7 @@
with lib;
let
eachBitcoind = config.services.bitcoind;
eachBitcoind = filterAttrs (bitcoindName: cfg: cfg.enable) config.services.bitcoind;
rpcUserOpts = { name, ... }: {
options = {

458
nixos/modules/services/security/privacyidea.nix
View File

@ -1,458 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.privacyidea;
opt = options.services.privacyidea;
uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; python3 = pkgs.python310; };
python = uwsgi.python3;
penv = python.withPackages (const [ pkgs.privacyidea ]);
logCfg = pkgs.writeText "privacyidea-log.cfg" ''
[formatters]
keys=detail
[handlers]
keys=stream
[formatter_detail]
class=privacyidea.lib.log.SecureFormatter
format=[%(asctime)s][%(process)d][%(thread)d][%(levelname)s][%(name)s:%(lineno)d] %(message)s
[handler_stream]
class=StreamHandler
level=NOTSET
formatter=detail
args=(sys.stdout,)
[loggers]
keys=root,privacyidea
[logger_privacyidea]
handlers=stream
qualname=privacyidea
level=INFO
[logger_root]
handlers=stream
level=ERROR
'';
piCfgFile = pkgs.writeText "privacyidea.cfg" ''
SUPERUSER_REALM = [ '${concatStringsSep "', '" cfg.superuserRealm}' ]
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2:///privacyidea'
SECRET_KEY = '${cfg.secretKey}'
PI_PEPPER = '${cfg.pepper}'
PI_ENCFILE = '${cfg.encFile}'
PI_AUDIT_KEY_PRIVATE = '${cfg.auditKeyPrivate}'
PI_AUDIT_KEY_PUBLIC = '${cfg.auditKeyPublic}'
PI_LOGCONFIG = '${logCfg}'
${cfg.extraConfig}
'';
renderValue = x:
if isList x then concatMapStringsSep "," (x: ''"${x}"'') x
else if isString x && hasInfix "," x then ''"${x}"''
else x;
ldapProxyConfig = pkgs.writeText "ldap-proxy.ini"
(generators.toINI {}
(flip mapAttrs cfg.ldap-proxy.settings
(const (mapAttrs (const renderValue)))));
privacyidea-token-janitor = pkgs.writeShellScriptBin "privacyidea-token-janitor" ''
exec -a privacyidea-token-janitor \
/run/wrappers/bin/sudo -u ${cfg.user} \
env PRIVACYIDEA_CONFIGFILE=${cfg.stateDir}/privacyidea.cfg \
${penv}/bin/privacyidea-token-janitor $@
'';
in
{
options = {
services.privacyidea = {
enable = mkEnableOption (lib.mdDoc "PrivacyIDEA");
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/root/privacyidea.env";
description = lib.mdDoc ''
File to load as environment file. Environment variables
from this file will be interpolated into the config file
using `envsubst` which is helpful for specifying
secrets:
```
{ services.privacyidea.secretKey = "$SECRET"; }
```
The environment-file can now specify the actual secret key:
```
SECRET=veryverytopsecret
```
'';
};
stateDir = mkOption {
type = types.str;
default = "/var/lib/privacyidea";
description = lib.mdDoc ''
Directory where all PrivacyIDEA files will be placed by default.
'';
};
superuserRealm = mkOption {
type = types.listOf types.str;
default = [ "super" "administrators" ];
description = lib.mdDoc ''
The realm where users are allowed to login as administrators.
'';
};
secretKey = mkOption {
type = types.str;
example = "t0p s3cr3t";
description = lib.mdDoc ''
This is used to encrypt the auth_token.
'';
};
pepper = mkOption {
type = types.str;
example = "Never know...";
description = lib.mdDoc ''
This is used to encrypt the admin passwords.
'';
};
encFile = mkOption {
type = types.str;
default = "${cfg.stateDir}/enckey";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/enckey"'';
description = lib.mdDoc ''
This is used to encrypt the token data and token passwords
'';
};
auditKeyPrivate = mkOption {
type = types.str;
default = "${cfg.stateDir}/private.pem";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/private.pem"'';
description = lib.mdDoc ''
Private Key for signing the audit log.
'';
};
auditKeyPublic = mkOption {
type = types.str;
default = "${cfg.stateDir}/public.pem";
defaultText = literalExpression ''"''${config.${opt.stateDir}}/public.pem"'';
description = lib.mdDoc ''
Public key for checking signatures of the audit log.
'';
};
adminPasswordFile = mkOption {
type = types.path;
description = lib.mdDoc "File containing password for the admin user";
};
adminEmail = mkOption {
type = types.str;
example = "admin@example.com";
description = lib.mdDoc "Mail address for the admin user";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc ''
Extra configuration options for pi.cfg.
'';
};
user = mkOption {
type = types.str;
default = "privacyidea";
description = lib.mdDoc "User account under which PrivacyIDEA runs.";
};
group = mkOption {
type = types.str;
default = "privacyidea";
description = lib.mdDoc "Group account under which PrivacyIDEA runs.";
};
tokenjanitor = {
enable = mkEnableOption (lib.mdDoc "automatic runs of the token janitor");
interval = mkOption {
default = "quarterly";
type = types.str;
description = lib.mdDoc ''
Interval in which the cleanup program is supposed to run.
See {manpage}`systemd.time(7)` for further information.
'';
};
action = mkOption {
type = types.enum [ "delete" "mark" "disable" "unassign" ];
description = lib.mdDoc ''
Which action to take for matching tokens.
'';
};
unassigned = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Whether to search for **unassigned** tokens
and apply [](#opt-services.privacyidea.tokenjanitor.action)
onto them.
'';
};
orphaned = mkOption {
default = true;
type = types.bool;
description = lib.mdDoc ''
Whether to search for **orphaned** tokens
and apply [](#opt-services.privacyidea.tokenjanitor.action)
onto them.
'';
};
};
ldap-proxy = {
enable = mkEnableOption (lib.mdDoc "PrivacyIDEA LDAP Proxy");
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini).
'';
};
user = mkOption {
type = types.str;
default = "pi-ldap-proxy";
description = lib.mdDoc "User account under which PrivacyIDEA LDAP proxy runs.";
};
group = mkOption {
type = types.str;
default = "pi-ldap-proxy";
description = lib.mdDoc "Group account under which PrivacyIDEA LDAP proxy runs.";
};
settings = mkOption {
type = with types; attrsOf (attrsOf (oneOf [ str bool int (listOf str) ]));
default = {};
description = lib.mdDoc ''
Attribute-set containing the settings for `privacyidea-ldap-proxy`.
It's possible to pass secrets using env-vars as substitutes and
use the option [](#opt-services.privacyidea.ldap-proxy.environmentFile)
to inject them via `envsubst`.
'';
};
environmentFile = mkOption {
default = null;
type = types.nullOr types.str;
description = lib.mdDoc ''
Environment file containing secrets to be substituted into
[](#opt-services.privacyidea.ldap-proxy.settings).
'';
};
};
};
};
config = mkMerge [
(mkIf cfg.enable {
assertions = [
{
assertion = cfg.tokenjanitor.enable -> (cfg.tokenjanitor.orphaned || cfg.tokenjanitor.unassigned);
message = ''
privacyidea-token-janitor has no effect if neither orphaned nor unassigned tokens
are to be searched.
'';
}
];
environment.systemPackages = [ pkgs.privacyidea (hiPrio privacyidea-token-janitor) ];
services.postgresql.enable = mkDefault true;
systemd.services.privacyidea-tokenjanitor = mkIf cfg.tokenjanitor.enable {
environment.PRIVACYIDEA_CONFIGFILE = "${cfg.stateDir}/privacyidea.cfg";
path = [ penv ];
serviceConfig = {
CapabilityBoundingSet = [ "" ];
ExecStart = "${pkgs.writeShellScript "pi-token-janitor" ''
${optionalString cfg.tokenjanitor.orphaned ''
echo >&2 "Removing orphaned tokens..."
privacyidea-token-janitor find \
--orphaned true \
--action ${cfg.tokenjanitor.action}
''}
${optionalString cfg.tokenjanitor.unassigned ''
echo >&2 "Removing unassigned tokens..."
privacyidea-token-janitor find \
--assigned false \
--action ${cfg.tokenjanitor.action}
''}
''}";
Group = cfg.group;
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ReadWritePaths = cfg.stateDir;
Type = "oneshot";
User = cfg.user;
WorkingDirectory = cfg.stateDir;
};
};
systemd.timers.privacyidea-tokenjanitor = mkIf cfg.tokenjanitor.enable {
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.tokenjanitor.interval;
timerConfig.Persistent = true;
};
systemd.services.privacyidea = let
piuwsgi = pkgs.writeText "uwsgi.json" (builtins.toJSON {
uwsgi = {
buffer-size = 8192;
plugins = [ "python3" ];
pythonpath = "${penv}/${uwsgi.python3.sitePackages}";
socket = "/run/privacyidea/socket";
uid = cfg.user;
gid = cfg.group;
chmod-socket = 770;
chown-socket = "${cfg.user}:nginx";
chdir = cfg.stateDir;
wsgi-file = "${penv}/etc/privacyidea/privacyideaapp.wsgi";
processes = 4;
harakiri = 60;
reload-mercy = 8;
stats = "/run/privacyidea/stats.socket";
max-requests = 2000;
limit-as = 1024;
reload-on-as = 512;
reload-on-rss = 256;
no-orphans = true;
vacuum = true;
};
});
in {
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
path = with pkgs; [ openssl ];
environment.PRIVACYIDEA_CONFIGFILE = "${cfg.stateDir}/privacyidea.cfg";
preStart = let
pi-manage = "${config.security.sudo.package}/bin/sudo -u privacyidea -HE ${penv}/bin/pi-manage";
pgsu = config.services.postgresql.superUser;
psql = config.services.postgresql.package;
in ''
mkdir -p ${cfg.stateDir} /run/privacyidea
chown ${cfg.user}:${cfg.group} -R ${cfg.stateDir} /run/privacyidea
umask 077
${lib.getBin pkgs.envsubst}/bin/envsubst -o ${cfg.stateDir}/privacyidea.cfg \
-i "${piCfgFile}"
chown ${cfg.user}:${cfg.group} ${cfg.stateDir}/privacyidea.cfg
if ! test -e "${cfg.stateDir}/db-created"; then
${config.security.sudo.package}/bin/sudo -u ${pgsu} ${psql}/bin/createuser --no-superuser --no-createdb --no-createrole ${cfg.user}
${config.security.sudo.package}/bin/sudo -u ${pgsu} ${psql}/bin/createdb --owner ${cfg.user} privacyidea
${pi-manage} create_enckey
${pi-manage} create_audit_keys
${pi-manage} createdb
${pi-manage} admin add admin -e ${cfg.adminEmail} -p "$(cat ${cfg.adminPasswordFile})"
${pi-manage} db stamp head -d ${penv}/lib/privacyidea/migrations
touch "${cfg.stateDir}/db-created"
chmod g+r "${cfg.stateDir}/enckey" "${cfg.stateDir}/private.pem"
fi
${pi-manage} db upgrade -d ${penv}/lib/privacyidea/migrations
'';
serviceConfig = {
Type = "notify";
ExecStart = "${uwsgi}/bin/uwsgi --json ${piuwsgi}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
NotifyAccess = "main";
KillSignal = "SIGQUIT";
};
};
users.users.privacyidea = mkIf (cfg.user == "privacyidea") {
group = cfg.group;
isSystemUser = true;
};
users.groups.privacyidea = mkIf (cfg.group == "privacyidea") {};
})
(mkIf cfg.ldap-proxy.enable {
assertions = [
{ assertion = let
xor = a: b: a && !b || !a && b;
in xor (cfg.ldap-proxy.settings == {}) (cfg.ldap-proxy.configFile == null);
message = "configFile & settings are mutually exclusive for services.privacyidea.ldap-proxy!";
}
];
warnings = mkIf (cfg.ldap-proxy.configFile != null) [
"Using services.privacyidea.ldap-proxy.configFile is deprecated! Use the RFC42-style settings option instead!"
];
systemd.services.privacyidea-ldap-proxy = let
ldap-proxy-env = pkgs.python3.withPackages (ps: [ ps.privacyidea-ldap-proxy ]);
in {
description = "privacyIDEA LDAP proxy";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.ldap-proxy.user;
Group = cfg.ldap-proxy.group;
StateDirectory = "privacyidea-ldap-proxy";
EnvironmentFile = mkIf (cfg.ldap-proxy.environmentFile != null)
[ cfg.ldap-proxy.environmentFile ];
ExecStartPre =
"${pkgs.writeShellScript "substitute-secrets-ldap-proxy" ''
umask 0077
${pkgs.envsubst}/bin/envsubst \
-i ${ldapProxyConfig} \
-o $STATE_DIRECTORY/ldap-proxy.ini
''}";
ExecStart = let
configPath = if cfg.ldap-proxy.settings != {}
then "%S/privacyidea-ldap-proxy/ldap-proxy.ini"
else cfg.ldap-proxy.configFile;
in ''
${ldap-proxy-env}/bin/twistd \
--nodaemon \
--pidfile= \
-u ${cfg.ldap-proxy.user} \
-g ${cfg.ldap-proxy.group} \
ldap-proxy \
-c ${configPath}
'';
Restart = "always";
};
};
users.users.pi-ldap-proxy = mkIf (cfg.ldap-proxy.user == "pi-ldap-proxy") {
group = cfg.ldap-proxy.group;
isSystemUser = true;
};
users.groups.pi-ldap-proxy = mkIf (cfg.ldap-proxy.group == "pi-ldap-proxy") {};
})
];
}

155
nixos/modules/services/web-apps/peertube.nix
View File

@ -352,6 +352,7 @@ in {
};
storage = {
tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/";
tmp_persistent = lib.mkDefault "/var/lib/peertube/storage/tmp_persistent/";
bin = lib.mkDefault "/var/lib/peertube/storage/bin/";
avatars = lib.mkDefault "/var/lib/peertube/storage/avatars/";
videos = lib.mkDefault "/var/lib/peertube/storage/videos/";
@ -521,6 +522,21 @@ in {
'';
};
locations."~ ^/api/v1/runners/jobs/[^/]+/(update|success)$" = {
tryFiles = "/dev/null @api";
root = cfg.settings.storage.tmp;
priority = 1135;
extraConfig = ''
client_max_body_size 12G;
add_header X-File-Maximum-Size 8G always;
'' + lib.optionalString cfg.enableWebHttps ''
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains';
'' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 ''
add_header Alt-Svc 'h3=":443"; ma=86400';
'';
};
locations."~ ^/api/v1/(videos|video-playlists|video-channels|users/me)" = {
tryFiles = "/dev/null @api";
priority = 1140;
@ -607,70 +623,7 @@ in {
'';
};
locations."^~ /lazy-static/avatars/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.avatars;
priority = 1330;
extraConfig = ''
if ($request_method = 'OPTIONS') {
${nginxCommonHeaders}
add_header Access-Control-Max-Age 1728000;
add_header Cache-Control 'no-cache';
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
${nginxCommonHeaders}
add_header Cache-Control 'public, max-age=7200';
rewrite ^/lazy-static/avatars/(.*)$ /$1 break;
'';
};
locations."^~ /lazy-static/banners/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.avatars;
priority = 1340;
extraConfig = ''
if ($request_method = 'OPTIONS') {
${nginxCommonHeaders}
add_header Access-Control-Max-Age 1728000;
add_header Cache-Control 'no-cache';
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
${nginxCommonHeaders}
add_header Cache-Control 'public, max-age=7200';
rewrite ^/lazy-static/banners/(.*)$ /$1 break;
'';
};
locations."^~ /lazy-static/previews/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.previews;
priority = 1350;
extraConfig = ''
if ($request_method = 'OPTIONS') {
${nginxCommonHeaders}
add_header Access-Control-Max-Age 1728000;
add_header Cache-Control 'no-cache';
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
${nginxCommonHeaders}
add_header Cache-Control 'public, max-age=7200';
rewrite ^/lazy-static/previews/(.*)$ /$1 break;
'';
};
locations."^~ /static/streaming-playlists/private/" = {
locations."^~ /download/" = {
proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}";
priority = 1410;
extraConfig = ''
@ -682,7 +635,7 @@ in {
'';
};
locations."^~ /static/webseed/private/" = {
locations."^~ /static/streaming-playlists/private/" = {
proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}";
priority = 1420;
extraConfig = ''
@ -694,31 +647,34 @@ in {
'';
};
locations."^~ /static/thumbnails/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.thumbnails;
locations."^~ /static/web-videos/private/" = {
proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}";
priority = 1430;
extraConfig = ''
if ($request_method = 'OPTIONS') {
${nginxCommonHeaders}
add_header Access-Control-Max-Age 1728000;
add_header Cache-Control 'no-cache';
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
${nginxCommonHeaders}
add_header Cache-Control 'public, max-age=7200';
proxy_limit_rate 5M;
'';
};
rewrite ^/static/thumbnails/(.*)$ /$1 break;
locations."^~ /static/webseed/private/" = {
proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}";
priority = 1440;
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_limit_rate 5M;
'';
};
locations."^~ /static/redundancy/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.redundancy;
priority = 1440;
priority = 1450;
extraConfig = ''
set $peertube_limit_rate 800k;
@ -753,7 +709,42 @@ in {
locations."^~ /static/streaming-playlists/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.streaming_playlists;
priority = 1450;
priority = 1460;
extraConfig = ''
set $peertube_limit_rate 800k;
if ($request_uri ~ -fragmented.mp4$) {
set $peertube_limit_rate 5M;
}
if ($request_method = 'OPTIONS') {
${nginxCommonHeaders}
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
if ($request_method = 'GET') {
${nginxCommonHeaders}
access_log off;
}
aio threads;
sendfile on;
sendfile_max_chunk 1M;
limit_rate $peertube_limit_rate;
limit_rate_after 5M;
rewrite ^/static/streaming-playlists/(.*)$ /$1 break;
'';
};
locations."^~ /static/web-videos/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.streaming_playlists;
priority = 1470;
extraConfig = ''
set $peertube_limit_rate 800k;
@ -788,7 +779,7 @@ in {
locations."^~ /static/webseed/" = {
tryFiles = "$uri @api";
root = cfg.settings.storage.videos;
priority = 1460;
priority = 1480;
extraConfig = ''
set $peertube_limit_rate 800k;

39
nixos/modules/virtualisation/oci-containers.nix
View File

@ -239,6 +239,26 @@ let
mkService = name: container: let
dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn;
escapedName = escapeShellArg name;
preStartScript = pkgs.writeShellApplication {
name = "pre-start";
runtimeInputs = [ ];
text = ''
${cfg.backend} rm -f ${name} || true
${optionalString (isValidLogin container.login) ''
cat ${container.login.passwordFile} | \
${cfg.backend} login \
${container.login.registry} \
--username ${container.login.username} \
--password-stdin
''}
${optionalString (container.imageFile != null) ''
${cfg.backend} load -i ${container.imageFile}
''}
${optionalString (cfg.backend == "podman") ''
rm -f /run/podman-${escapedName}.ctr-id
''}
'';
};
in {
wantedBy = [] ++ optional (container.autoStart) "multi-user.target";
after = lib.optionals (cfg.backend == "docker") [ "docker.service" "docker.socket" ]
@ -253,23 +273,6 @@ let
else if cfg.backend == "podman" then [ config.virtualisation.podman.package ]
else throw "Unhandled backend: ${cfg.backend}";
preStart = ''
${cfg.backend} rm -f ${name} || true
${optionalString (isValidLogin container.login) ''
cat ${container.login.passwordFile} | \
${cfg.backend} login \
${container.login.registry} \
--username ${container.login.username} \
--password-stdin
''}
${optionalString (container.imageFile != null) ''
${cfg.backend} load -i ${container.imageFile}
''}
${optionalString (cfg.backend == "podman") ''
rm -f /run/podman-${escapedName}.ctr-id
''}
'';
script = concatStringsSep " \\\n " ([
"exec ${cfg.backend} run"
"--rm"
@ -318,7 +321,7 @@ let
###
# ExecReload = ...;
###
ExecStartPre = [ "${preStartScript}/bin/pre-start" ];
TimeoutStartSec = 0;
TimeoutStopSec = 120;
Restart = "always";

5
nixos/tests/activation/nix-channel.nix
View File

@ -10,7 +10,8 @@
nix.channel.enable = true;
};
testScript = ''
print(machine.succeed("cat /root/.nix-channels"))
testScript = { nodes, ... }: ''
assert machine.succeed("cat /root/.nix-channels") == "${nodes.machine.system.defaultChannel} nixos\n"
'';
}

4
nixos/tests/all-tests.nix
View File

@ -306,6 +306,7 @@ in {
forgejo = handleTest ./forgejo.nix { };
freenet = handleTest ./freenet.nix {};
freeswitch = handleTest ./freeswitch.nix {};
freetube = discoverTests (import ./freetube.nix);
freshrss-sqlite = handleTest ./freshrss-sqlite.nix {};
freshrss-pgsql = handleTest ./freshrss-pgsql.nix {};
frigate = handleTest ./frigate.nix {};
@ -371,6 +372,7 @@ in {
honk = runTest ./honk.nix;
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
invidious = handleTest ./invidious.nix {};
livebook-service = handleTest ./livebook-service.nix {};
oci-containers = handleTestOn ["aarch64-linux" "x86_64-linux"] ./oci-containers.nix {};
odoo = handleTest ./odoo.nix {};
odoo15 = handleTest ./odoo.nix { package = pkgs.odoo15; };
@ -571,7 +573,6 @@ in {
nginx-njs = handleTest ./nginx-njs.nix {};
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
nginx-sso = handleTest ./nginx-sso.nix {};
nginx-status-page = handleTest ./nginx-status-page.nix {};
nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};
@ -683,7 +684,6 @@ in {
predictable-interface-names = handleTest ./predictable-interface-names.nix {};
printing-socket = handleTest ./printing.nix { socket = true; };
printing-service = handleTest ./printing.nix { socket = false; };
privacyidea = handleTest ./privacyidea.nix {};
privoxy = handleTest ./privoxy.nix {};
prometheus = handleTest ./prometheus.nix {};
prometheus-exporters = handleTest ./prometheus-exporters.nix {};

41
nixos/tests/freetube.nix Normal file
View File

@ -0,0 +1,41 @@
let
tests = {
wayland = { pkgs, ... }: {
imports = [ ./common/wayland-cage.nix ];
services.cage.program = "${pkgs.freetube}/bin/freetube";
virtualisation.memorySize = 2047;
environment.variables.NIXOS_OZONE_WL = "1";
environment.variables.DISPLAY = "do not use";
};
xorg = { pkgs, ... }: {
imports = [ ./common/user-account.nix ./common/x11.nix ];
virtualisation.memorySize = 2047;
services.xserver.enable = true;
services.xserver.displayManager.sessionCommands = ''
${pkgs.freetube}/bin/freetube
'';
test-support.displayManager.auto.user = "alice";
};
};
mkTest = name: machine:
import ./make-test-python.nix ({ pkgs, ... }: {
inherit name;
nodes = { "${name}" = machine; };
meta.maintainers = with pkgs.lib.maintainers; [ kirillrdy ];
enableOCR = true;
testScript = ''
start_all()
machine.wait_for_unit('graphical.target')
machine.wait_for_text('Your Subscription list is currently empty')
machine.send_key("ctrl-r")
machine.wait_for_text('Your Subscription list is currently empty')
machine.screenshot("main.png")
machine.send_key("ctrl-comma")
machine.wait_for_text('General Settings', timeout=30)
machine.screenshot("preferences.png")
'';
});
in
builtins.mapAttrs (k: v: mkTest k v { }) tests

43
nixos/tests/livebook-service.nix Normal file
View File

@ -0,0 +1,43 @@
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "livebook-service";
nodes = {
machine = { config, pkgs, ... }: {
imports = [
./common/user-account.nix
];
services.livebook = {
enableUserService = true;
port = 20123;
environmentFile = pkgs.writeText "livebook.env" ''
LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
'';
options = {
cookie = "chocolate chip";
};
};
};
};
testScript = { nodes, ... }:
let
user = nodes.machine.config.users.users.alice;
sudo = lib.concatStringsSep " " [
"XDG_RUNTIME_DIR=/run/user/${toString user.uid}"
"sudo"
"--preserve-env=XDG_RUNTIME_DIR"
"-u"
"alice"
];
in
''
machine.wait_for_unit("multi-user.target")
machine.succeed("loginctl enable-linger alice")
machine.wait_until_succeeds("${sudo} systemctl --user is-active livebook.service")
machine.wait_for_open_port(20123)
machine.succeed("curl -L localhost:20123 | grep 'Type password'")
'';
})

65
nixos/tests/nginx-sandbox.nix
View File

@ -1,65 +0,0 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nginx-sandbox";
meta = with pkgs.lib.maintainers; {
maintainers = [ izorkin ];
};
# This test checks the creation and reading of a file in sandbox mode. Used simple lua script.
nodes.machine = { pkgs, ... }: {
nixpkgs.overlays = [
(self: super: {
nginx-lua = super.nginx.override {
modules = [
pkgs.nginxModules.lua
];
};
})
];
services.nginx.enable = true;
services.nginx.package = pkgs.nginx-lua;
services.nginx.virtualHosts.localhost = {
extraConfig = ''
location /test1-write {
content_by_lua_block {
local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
}
}
location /test1-read {
root /tmp;
}
location /test2-write {
content_by_lua_block {
local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
}
}
location /test2-read {
root /var/web;
}
'';
};
users.users.foo.isNormalUser = true;
};
testScript = ''
machine.wait_for_unit("nginx")
machine.wait_for_open_port(80)
# Checking write in temporary folder
machine.succeed("$(curl -vvv http://localhost/test1-write)")
machine.succeed('test "$(curl -fvvv http://localhost/test1-read/foo.txt)" = worked')
# Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
# in read-only mode.
machine.succeed("mkdir -p /var/web")
machine.succeed("chown nginx:nginx /var/web")
machine.succeed("$(curl -vvv http://localhost/test2-write)")
assert "404 Not Found" in machine.succeed(
"curl -vvv -s http://localhost/test2-read/bar.txt"
)
'';
})

48
nixos/tests/openresty-lua.nix
View File

@ -16,6 +16,12 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
nodes = {
webserver = { pkgs, lib, ... }: {
networking = {
extraHosts = ''
127.0.0.1 default.test
127.0.0.1 sandbox.test
'';
};
services.nginx = {
enable = true;
package = pkgs.openresty;
@ -24,7 +30,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
lua_package_path '${luaPath};;';
'';
virtualHosts."default" = {
virtualHosts."default.test" = {
default = true;
locations."/" = {
extraConfig = ''
@ -36,6 +42,33 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
'';
};
};
virtualHosts."sandbox.test" = {
locations."/test1-write" = {
extraConfig = ''
content_by_lua_block {
local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
}
'';
};
locations."/test1-read" = {
root = "/tmp";
};
locations."/test2-write" = {
extraConfig = ''
content_by_lua_block {
local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
}
'';
};
locations."/test2-read" = {
root = "/var/web";
};
};
};
};
};
@ -51,5 +84,18 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
f"curl -w '%{{http_code}}' --head --fail {url}"
)
assert http_code.split("\n")[-1] == "200"
# This test checks the creation and reading of a file in sandbox mode.
# Checking write in temporary folder
webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
# Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
# in read-only mode.
webserver.succeed("mkdir -p /var/web")
webserver.succeed("chown nginx:nginx /var/web")
webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
assert "404 Not Found" in machine.succeed(
"curl -vvv -s http://sandbox.test/test2-read/bar.txt"
)
'';
})

4
nixos/tests/postgresql.nix
View File

@ -219,8 +219,6 @@ let
in
concatMapAttrs (name: package: {
${name} = make-postgresql-test name package false;
${name + "-backup-all"} = make-postgresql-test "${name + "-backup-all"}" package true;
${name + "-clauses"} = mk-ensure-clauses-test name package;
}) postgresql-versions
// {
postgresql_11-backup-all = make-postgresql-test "postgresql_11-backup-all" postgresql-versions.postgresql_11 true;
}

43
nixos/tests/privacyidea.nix
View File

@ -1,43 +0,0 @@
# Miscellaneous small tests that don't warrant their own VM run.
import ./make-test-python.nix ({ pkgs, ...} : rec {
name = "privacyidea";
meta = with pkgs.lib.maintainers; {
maintainers = [ ];
};
nodes.machine = { ... }: {
virtualisation.cores = 2;
services.privacyidea = {
enable = true;
secretKey = "$SECRET_KEY";
pepper = "$PEPPER";
adminPasswordFile = pkgs.writeText "admin-password" "testing";
adminEmail = "root@localhost";
# Don't try this at home!
environmentFile = pkgs.writeText "pi-secrets.env" ''
SECRET_KEY=testing
PEPPER=testing
'';
};
services.nginx = {
enable = true;
virtualHosts."_".locations."/".extraConfig = ''
uwsgi_pass unix:/run/privacyidea/socket;
'';
};
};
testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("curl --fail http://localhost | grep privacyIDEA")
machine.succeed("grep \"SECRET_KEY = 'testing'\" /var/lib/privacyidea/privacyidea.cfg")
machine.succeed("grep \"PI_PEPPER = 'testing'\" /var/lib/privacyidea/privacyidea.cfg")
machine.succeed(
"curl --fail http://localhost/auth -F username=admin -F password=testing | grep token"
)
'';
})

2
pkgs/applications/audio/qpwgraph/default.nix
View File

@ -19,6 +19,8 @@ mkDerivation rec {
buildInputs = [ alsa-lib pipewire ];
cmakeFlags = [ "-DCONFIG_WAYLAND=ON" ];
meta = with lib; {
description = "Qt graph manager for PipeWire, similar to QjackCtl.";
longDescription = ''

4
pkgs/applications/blockchains/fulcrum/default.nix
View File

@ -11,13 +11,13 @@
stdenv.mkDerivation rec {
pname = "fulcrum";
version = "1.9.2";
version = "1.9.3";
src = fetchFromGitHub {
owner = "cculianu";
repo = "Fulcrum";
rev = "v${version}";
sha256 = "sha256-iHVrJySNdbZ9RXP7QgsDy2o2U/EISAp1/9NFpcEOGeI=";
sha256 = "sha256-hSunoltau1eG0DDM/bxZ/ssxd7pbutNC34Nwtbu9Fqk=";
};
nativeBuildInputs = [ pkg-config qmake ];

4
pkgs/applications/editors/codux/default.nix
View File

@ -5,11 +5,11 @@
let
pname = "codux";
version = "15.10.0";
version = "15.13.0";
src = fetchurl {
url = "https://github.com/wixplosives/codux-versions/releases/download/${version}/Codux-${version}.x86_64.AppImage";
sha256 = "sha256-lz1dDbYq7aTGQoED07K8I9E0/XsnSlPL81/4W8Vix3E=";
sha256 = "sha256-63t3v6abr9cZ0mKSPogevKwcFsvGh2udBPRn4k4XAd4=";
};
appimageContents = appimageTools.extractType2 { inherit pname version src; };

21
pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
View File

@ -688,6 +688,27 @@ let
--replace '"mozc_emacs_helper"' '"${pkgs.ibus-engines.mozc}/lib/mozc/mozc_emacs_helper"'
'';
});
# Build a helper executable that interacts with the macOS Dictionary.app
osx-dictionary =
if pkgs.stdenv.isDarwin
then super.osx-dictionary.overrideAttrs (old: {
buildInputs =
old.buildInputs ++
(with pkgs.darwin.apple_sdk.frameworks; [CoreServices Foundation]);
dontUnpack = false;
buildPhase = (old.buildPhase or "") + ''
cd source
$CXX -O3 -framework CoreServices -framework Foundation osx-dictionary.m -o osx-dictionary-cli
'';
postInstall = (old.postInstall or "") + "\n" + ''
outd=$out/share/emacs/site-lisp/elpa/osx-dictionary-*
mkdir -p $out/bin
install -m444 -t $out/bin osx-dictionary-cli
rm $outd/osx-dictionary.m
'';
})
else super.osx-dictionary;
};
in lib.mapAttrs (n: v: if lib.hasAttr n overrides then overrides.${n} else v) super);

724
pkgs/applications/editors/vim/plugins/vim-clap/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

7
pkgs/applications/editors/vim/plugins/vim-clap/default.nix
View File

@ -11,13 +11,13 @@
}:
let
version = "0.45";
version = "0.46";
src = fetchFromGitHub {
owner = "liuchengxu";
repo = "vim-clap";
rev = "v${version}";
hash = "sha256-espFos1Mrxdq2p+qi0ooTWAV8EgV/lTx9KuP3GkMWos=";
hash = "sha256-KWBuoZ2GxjwIu7L1PPq/7u3iuYFp5QrlsleL2RQTdUE=";
};
meta = with lib; {
@ -47,8 +47,7 @@ let
libgit2
zlib
] ++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.CoreFoundation
darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.CoreServices
];
};
in

6
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -3537,15 +3537,15 @@ let
mktplcRef = {
name = "uiua-vscode";
publisher = "uiua-lang";
version = "0.0.21";
sha256 = "sha256-u57U/MmxvionFZp/tLK/KpddaxA/SUffeggKBSzmsXo=";
version = "0.0.22";
sha256 = "sha256-fJcSJwwRVofduWEEMa5f2VrSfyONKPkFl9OW+++lSRw=";
};
meta = {
description = "VSCode language extension for Uiua";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=uiua-lang.uiua-vscode";
homepage = "https://github.com/uiua-lang/uiua-vscode";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.wackbyte ];
maintainers = with lib.maintainers; [ tomasajt wackbyte ];
};
};

4
pkgs/applications/emulators/mame/default.nix
View File

@ -38,14 +38,14 @@ let
in
stdenv.mkDerivation rec {
pname = "mame";
version = "0.259";
version = "0.260";
srcVersion = builtins.replaceStrings [ "." ] [ "" ] version;
src = fetchFromGitHub {
owner = "mamedev";
repo = "mame";
rev = "mame${srcVersion}";
hash = "sha256-F8psPvwuaILXZF7dCStJApVTD9zzzBwjf1CKGelHlqE=";
hash = "sha256-spWnaf7xXK2xzgdUagsgN5doVrpJk7EA6fzYd9FlFm0=";
};
outputs = [ "out" "tools" ];

4
pkgs/applications/graphics/imgcat/default.nix
View File

@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "imgcat";
version = "2.5.1";
version = "2.5.2";
buildInputs = [ ncurses cimg ];
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
owner = "eddieantonio";
repo = pname;
rev = "v${version}";
sha256 = "sha256-EkVE6BgoA1lo4oqlNETTxLILIVvGXspFyXykxpmYk8M=";
sha256 = "sha256-61xIB/Fa+Utu694aITzBoMQeYa0Trh5L0oIKp8Be+D0=";
};
env.NIX_CFLAGS_COMPILE = "-Wno-error";

4
pkgs/applications/misc/ddcui/default.nix
View File

@ -10,13 +10,13 @@
mkDerivation rec {
pname = "ddcui";
version = "0.3.0";
version = "0.4.2";
src = fetchFromGitHub {
owner = "rockowitz";
repo = "ddcui";
rev = "v${version}";
sha256 = "sha256-P8dh6k8lht1/JNILzNZEyYD8loNoJjG5869K2Hl11z8=";
sha256 = "sha256-T4/c8K1P/o91DWJik/9HtHav948vbVa40qPdy7nKmos=";
};
nativeBuildInputs = [

5
pkgs/applications/misc/glom/default.nix
View File

@ -28,7 +28,7 @@
, isocodes
, gtksourceview
, gtksourceviewmm
, postgresql_11
, postgresql_15
, gobject-introspection
, yelp-tools
, wrapGAppsHook
@ -93,7 +93,7 @@ in stdenv.mkDerivation rec {
python3.pkgs.pygobject3
gtksourceview
gtksourceviewmm
postgresql_11 # for pg_config
postgresql_15 # for postgresql utils
];
enableParallelBuilding = true;
@ -102,6 +102,7 @@ in stdenv.mkDerivation rec {
configureFlags = [
"--with-boost-python=boost_python${lib.versions.major python3.version}${lib.versions.minor python3.version}"
"--with-postgres-utils=${lib.getBin postgresql_15}/bin"
];
makeFlags = [

4
pkgs/applications/misc/limesctl/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "limesctl";
version = "3.3.0";
version = "3.3.1";
src = fetchFromGitHub {
owner = "sapcc";
repo = pname;
rev = "v${version}";
hash = "sha256-zR0+tTPRdmv04t3V0KDA/hG5ZJMT2RYI3+2dkmZHdhk=";
hash = "sha256-osXwVZuMB9cMj0tEMBOQ8hrKWAmfXui4ELoi0dm9yB4=";
};
vendorHash = null;

263
pkgs/applications/misc/privacyidea/default.nix
View File

@ -1,263 +0,0 @@
{ lib, fetchFromGitHub, cacert, openssl, nixosTests
, python310, fetchPypi, fetchpatch
}:
let
dropDocOutput = { outputs, ... }: {
outputs = lib.filter (x: x != "doc") outputs;
};
# Follow issue below for Python 3.11 support
# https://github.com/privacyidea/privacyidea/issues/3593
python3' = python310.override {
packageOverrides = self: super: {
django = super.django_3;
sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec {
version = "1.3.24";
src = fetchPypi {
inherit (oldAttrs) pname;
inherit version;
hash = "sha256-67t3fL+TEjWbiXv4G6ANrg9ctp+6KhgmXcwYpvXvdRk=";
};
doCheck = false;
});
# version 3.3.0+ does not support SQLAlchemy 1.3
factory-boy = super.factory-boy.overridePythonAttrs (oldAttrs: rec {
version = "3.2.1";
src = oldAttrs.src.override {
inherit version;
hash = "sha256-qY0newwEfHXrbkq4UIp/gfsD0sshmG9ieRNUbveipV4=";
};
postPatch = "";
});
# fails with `no tests ran in 1.75s`
alembic = super.alembic.overridePythonAttrs (lib.const {
doCheck = false;
});
flask-migrate = super.flask-migrate.overridePythonAttrs (oldAttrs: rec {
version = "2.7.0";
src = fetchPypi {
pname = "Flask-Migrate";
inherit version;
hash = "sha256-ri8FZxWIdi3YOiHYsYxR/jVehng+JFlJlf+Nc4Df/jg=";
};
});
flask-sqlalchemy = super.flask-sqlalchemy.overridePythonAttrs (old: rec {
version = "2.5.1";
format = "setuptools";
src = fetchPypi {
pname = "Flask-SQLAlchemy";
inherit version;
hash = "sha256:2bda44b43e7cacb15d4e05ff3cc1f8bc97936cc464623424102bfc2c35e95912";
};
});
# Taken from by https://github.com/NixOS/nixpkgs/pull/173090/commits/d2c0c7eb4cc91beb0a1adbaf13abc0a526a21708
werkzeug = super.werkzeug.overridePythonAttrs (old: rec {
version = "1.0.1";
src = old.src.override {
inherit version;
hash = "sha256-bICx5a02ZSkOo5MguR4b4eDV9gZSuWSjBwIW3oPS5Hw=";
};
nativeCheckInputs = old.nativeCheckInputs ++ (with self; [
requests
]);
doCheck = false;
});
# Required by flask-1.1
jinja2 = super.jinja2.overridePythonAttrs (old: rec {
version = "2.11.3";
src = old.src.override {
inherit version;
hash = "sha256-ptWEM94K6AA0fKsfowQ867q+i6qdKeZo8cdoy4ejM8Y=";
};
patches = [
# python 3.10 compat fixes. In later upstream releases, but these
# are not compatible with flask 1 which we need here :(
(fetchpatch {
url = "https://github.com/thmo/jinja/commit/1efb4cc918b4f3d097c376596da101de9f76585a.patch";
hash = "sha256-GFaSvYxgzOEFmnnDIfcf0ImScNTh1lR4lxt2Uz1DYdU=";
})
(fetchpatch {
url = "https://github.com/mkrizek/jinja/commit/bd8bad37d1c0e2d8995a44fd88e234f5340afec5.patch";
hash = "sha256-Uow+gaO+/dH6zavC0X/SsuMAfhTLRWpamVlL87DXDRA=";
excludes = [ "CHANGES.rst" ];
})
];
});
# Required by jinja2-2.11.3
markupsafe = super.markupsafe.overridePythonAttrs (old: rec {
version = "2.0.1";
src = old.src.override {
inherit version;
hash = "sha256-WUxngH+xYjizDES99082wCzfItHIzake+KDtjav1Ygo=";
};
});
itsdangerous = super.itsdangerous.overridePythonAttrs (old: rec {
version = "1.1.0";
src = old.src.override {
inherit version;
hash = "sha256-MhsDPQfypBNtPsdi6snxahDM1g9TwMka+QIXrOe6Hxk=";
};
});
flask = super.flask.overridePythonAttrs (old: rec {
version = "1.1.4";
src = old.src.override {
inherit version;
hash = "sha256-D762GA04OpGG0NbtlU4AQq2fGODo3giLK0GdUmkn0ZY=";
};
});
sqlsoup = super.sqlsoup.overrideAttrs ({ meta ? {}, ... }: {
meta = meta // { broken = false; };
});
click = super.click.overridePythonAttrs (old: rec {
version = "7.1.2";
src = old.src.override {
inherit version;
hash = "sha256-0rUlXHxjSbwb0eWeCM0SrLvWPOZJ8liHVXg6qU37axo=";
};
disabledTests = [ "test_bytes_args" ]; # https://github.com/pallets/click/commit/6e05e1fa1c2804
});
# Now requires `lingua` as check input that requires a newer `click`,
# however `click-7` is needed by the older flask we need here. Since it's just
# for the test-suite apparently, let's skip it for now.
mako = super.mako.overridePythonAttrs (lib.const {
nativeCheckInputs = [];
doCheck = false;
});
# Requires pytest-httpserver as checkInput now which requires Werkzeug>=2 which is not
# supported by current privacyIDEA.
responses = super.responses.overridePythonAttrs (lib.const {
doCheck = false;
});
flask-babel = (super.flask-babel.override {
sphinxHook = null;
furo = null;
}).overridePythonAttrs (old: (dropDocOutput old) // rec {
pname = "Flask-Babel";
version = "2.0.0";
format = "setuptools";
src = fetchPypi {
inherit pname;
inherit version;
hash = "sha256:f9faf45cdb2e1a32ea2ec14403587d4295108f35017a7821a2b1acb8cfd9257d";
};
disabledTests = [
# AssertionError: assert 'Apr 12, 2010...46:00\u202fPM' == 'Apr 12, 2010, 1:46:00 PM'
# Note the `\u202f` (narrow, no-break space) vs space.
"test_basics"
"test_init_app"
"test_custom_locale_selector"
"test_refreshing"
];
});
psycopg2 = (super.psycopg2.override {
sphinxHook = null;
sphinx-better-theme = null;
}).overridePythonAttrs dropDocOutput;
pyjwt = (super.pyjwt.override {
sphinxHook = null;
sphinx-rtd-theme = null;
}).overridePythonAttrs (old: (dropDocOutput old) // { format = "setuptools"; });
beautifulsoup4 = (super.beautifulsoup4.override {
sphinxHook = null;
}).overridePythonAttrs dropDocOutput;
pydash = (super.pydash.override {
sphinx-rtd-theme = null;
}).overridePythonAttrs (old: rec {
version = "5.1.0";
src = fetchPypi {
inherit (old) pname;
inherit version;
hash = "sha256-GysFCsG64EnNB/WSCxT6u+UmOPSF2a2h6xFanuv/aDU=";
};
format = "setuptools";
doCheck = false;
});
pyopenssl = (super.pyopenssl.override {
sphinxHook = null;
sphinx-rtd-theme = null;
}).overridePythonAttrs dropDocOutput;
deprecated = (super.deprecated.override {
sphinxHook = null;
}).overridePythonAttrs dropDocOutput;
wrapt = (super.wrapt.override {
sphinxHook = null;
sphinx-rtd-theme = null;
}).overridePythonAttrs dropDocOutput;
};
};
in
python3'.pkgs.buildPythonPackage rec {
pname = "privacyIDEA";
version = "3.8.1";
format = "setuptools";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-SYXw8PBCb514v3rcy15W/vZS5JyMsu81D2sJmviLRtw=";
fetchSubmodules = true;
};
patches = [
# https://github.com/privacyidea/privacyidea/pull/3611
(fetchpatch {
url = "https://github.com/privacyidea/privacyidea/commit/7db6509721726a34e8528437ddbd4210019b11ef.patch";
sha256 = "sha256-ZvtauCs1vWyxzGbA0B2+gG8q5JyUO8DF8nm/3/vcYmE=";
})
];
propagatedBuildInputs = with python3'.pkgs; [
cryptography pyrad pymysql python-dateutil flask-versioned flask-script
defusedxml croniter flask-migrate pyjwt configobj sqlsoup pillow
python-gnupg passlib pyopenssl beautifulsoup4 smpplib flask-babel
ldap3 huey pyyaml qrcode oauth2client requests lxml cbor2 psycopg2
pydash ecdsa google-auth importlib-metadata argon2-cffi bcrypt segno
];
passthru.tests = { inherit (nixosTests) privacyidea; };
nativeCheckInputs = with python3'.pkgs; [ openssl mock pytestCheckHook responses testfixtures ];
preCheck = "export HOME=$(mktemp -d)";
postCheck = "unset HOME";
disabledTests = [
# expects `/home/` to exist, fails with `FileNotFoundError: [Errno 2] No such file or directory: '/home/'`.
"test_01_loading_scripts"
# Tries to connect to `fcm.googleapis.com`.
"test_02_api_push_poll"
"test_04_decline_auth_request"
# Timezone info not available in build sandbox
"test_14_convert_timestamp_to_utc"
# Fails because of different logger configurations
"test_01_create_default_app"
"test_03_logging_config_file"
"test_04_logging_config_yaml"
"test_05_logging_config_broken_yaml"
];
pythonImportsCheck = [ "privacyidea" ];
postPatch = ''
patchShebangs tests/testdata/scripts
substituteInPlace privacyidea/lib/resolvers/LDAPIdResolver.py --replace \
"/etc/privacyidea/ldap-ca.crt" \
"${cacert}/etc/ssl/certs/ca-bundle.crt"
'';
postInstall = ''
rm -r $out/${python3'.sitePackages}/tests
'';
meta = with lib; {
description = "Multi factor authentication system (2FA, MFA, OTP Server)";
license = licenses.agpl3Plus;
homepage = "http://www.privacyidea.org";
maintainers = with maintainers; [ ma27 ];
platforms = platforms.linux;
};
}

2
pkgs/applications/networking/browsers/firefox/wrapper.nix
View File

@ -46,7 +46,7 @@ let
, extraPrefs ? ""
, extraPrefsFiles ? []
# For more information about policies visit
# https://github.com/mozilla/policy-templates#enterprisepoliciesenabled
# https://mozilla.github.io/policy-templates/
, extraPolicies ? {}
, extraPoliciesFiles ? []
, libName ? browser.libName or "firefox" # Important for tor package or the like

10
pkgs/applications/networking/browsers/librewolf/src.json
View File

@ -1,15 +1,15 @@
{
"packageVersion": "118.0.1-1",
"packageVersion": "119.0-5",
"source": {
"rev": "118.0.1-1",
"sha256": "1wdqiif1la97w9b3xsz20xrcg2d1c0j13pdfcj7z23jz8846iqk4"
"rev": "119.0-5",
"sha256": "0ql4i6b4fvydiyscj8ki2pnzr67bmb3azpdm6kk5y8yyw2697230"
},
"settings": {
"rev": "9c862f06f970d69e00c1035e0d4774fb44fd84a6",
"sha256": "0ay58wrhfn0b56748phpn0ahz11ls9y8d2fd1z4zrj6dv398vlmb"
},
"firefox": {
"version": "118.0.1",
"sha512": "b1efa1afea70434dc2a18d335bb8b526883cde200f1503b8c5fd2e7db8285e6a999cfa3aac354ea1c15a91d13a46d68db37023235314240b59eb8f55e01554ad"
"version": "119.0",
"sha512": "4b555c444add36567fd538752b122f227cf78bb70b72c79e6d8ae8d9c2e61c3cdacfae79c37970753b8b5c7716b28c686071eb7b551773c30a76852f3550676c"
}
}

6
pkgs/applications/networking/cluster/helm/plugins/helm-unittest.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "helm-unittest";
version = "0.3.3";
version = "0.3.5";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-11rgARUfTbr8FkmR2lI4uoIqzi9cRuVPalUOsxsnO3E=";
hash = "sha256-RgEYFTI1uaW1aTr+/lpKQ39o5CLsj/p0JeSTUXti/IM=";
};
vendorHash = "sha256-E9HSP8c/rGG+PLbnT8V5GflpnFItCeXyeLGiqDj4tRI=";
vendorHash = "sha256-P0PVzgaUN9X9x77v1psV13vNl06HrHbdlA1YHCq/eCo=";
# NOTE: Remove the install and upgrade hooks.
postPatch = ''

2
pkgs/applications/networking/cluster/kubelogin/default.nix
View File

@ -22,6 +22,6 @@ buildGoModule rec {
description = "A Kubernetes credential plugin implementing Azure authentication";
inherit (src.meta) homepage;
license = licenses.mit;
maintainers = with maintainers; [ yurrriq ];
maintainers = [];
};
}

6
pkgs/applications/networking/cluster/nomad/default.nix
View File

@ -75,9 +75,9 @@ rec {
nomad_1_6 = generic {
buildGoModule = buildGo121Module;
version = "1.6.2";
sha256 = "sha256-Q0RyO9FZWGxWgVmTU07/pw5P4Ebcwcednq8TDmshuAk=";
vendorHash = "sha256-XCuWhKuBtSPTK8fXwgjMKMjwLnl1KWZKSJ4Ih9XDIDc=";
version = "1.6.3";
sha256 = "sha256-5UWGriDy15PX3+9UppcUsEwih/e9COLVBis3fn+24L0=";
vendorHash = "sha256-gXoheW6Ww9Iu4utKNHweP2blzhWid+Q9Tp0ZgCmBAVg=";
passthru.tests.nomad = nixosTests.nomad;
preCheck = ''
export PATH="$PATH:$NIX_BUILD_TOP/go/bin"

6
pkgs/applications/networking/cluster/timoni/default.nix
View File

@ -6,16 +6,16 @@
buildGo121Module rec {
pname = "timoni";
version = "0.14.2";
version = "0.15.0";
src = fetchFromGitHub {
owner = "stefanprodan";
repo = "timoni";
rev = "v${version}";
hash = "sha256-45OIj57gb8njYoks7SgIlcMjz07ShEz2G/EECaTRTQg=";
hash = "sha256-kMqQiFicuKa0j/li9UmitEeSof0vLlgGR4AMtJksROs=";
};
vendorHash = "sha256-lRZFRnft8vEntVxiLOBcR00FP8AXexLyo3h2LCNWN00=";
vendorHash = "sha256-tAqmTl+5tScXOaYWEvMs2RPTdyLTAemQN1VqOQGe6lU=";
subPackages = [ "cmd/timoni" ];
nativeBuildInputs = [ installShellFiles ];

4
pkgs/applications/networking/newsreaders/liferea/default.nix
View File

@ -24,11 +24,11 @@
stdenv.mkDerivation rec {
pname = "liferea";
version = "1.15.3";
version = "1.15.4";
src = fetchurl {
url = "https://github.com/lwindolf/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2";
hash = "sha256-FKjsosSSW0U8fQwV6QYhsbuuaTeCt6SfHEcY0v5xUO4=";
hash = "sha256-twczHU41xXJvBg4nTQyJrmNCCSoJWAnRLs4DV0uKpjE=";
};
nativeBuildInputs = [

6
pkgs/applications/networking/p2p/libutp/3.4.nix
View File

@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
pname = "libutp";
version = "unstable-2023-08-04";
version = "unstable-2023-10-16";
src = fetchFromGitHub {
# Use transmission fork from post-3.4-transmission branch
owner = "transmission";
repo = pname;
rev = "09ef1be66397873516c799b4ec070690ff7365b2";
hash = "sha256-DlEbU7uAcQOiBf7QS/1kiw3E0nk3xKhlzhAi8buQNCI=";
rev = "2589200eac82fc91b65979680e4b3c026dff0278";
hash = "sha256-wsDqdbMWVm3ubTbg5XClEWutJz1irSIazVLFeCyAAL4=";
};
nativeBuildInputs = [ cmake ];

23
pkgs/applications/office/todoman/default.nix
View File

@ -5,29 +5,20 @@
, installShellFiles
, jq
, python3
, fetchpatch
}:
python3.pkgs.buildPythonApplication rec {
pname = "todoman";
version = "4.3.2";
version = "4.4.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "pimutils";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-dxyI9ypZZBouTUF72wzvi7j+CeoQ9JNSiXrVeV7ForY=";
hash = "sha256-5tQaNT6QVN9mxa9t6OvMux4ZGy4flUqszTAwet2QL0w=";
};
patches = [
(fetchpatch {
name = "disable-broken-urwid-test.patch";
url = "https://github.com/pimutils/todoman/commit/7ff0d2e2e69e24df5d66fecc58f8cd0b4e5ced6d.patch";
hash = "sha256-MMNnnIthNqobexd8GaA6lYxzv5gr1l0e9YK+Ygeje2w=";
})
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
nativeBuildInputs = [
@ -64,7 +55,7 @@ python3.pkgs.buildPythonApplication rec {
postInstall = ''
installShellCompletion --bash contrib/completion/bash/_todo
substituteInPlace contrib/completion/zsh/_todo --replace "jq " "${jq}/bin/jq "
substituteInPlace contrib/completion/zsh/_todo --replace "jq " "${lib.getExe jq} "
installShellCompletion --zsh contrib/completion/zsh/_todo
'';
@ -85,7 +76,7 @@ python3.pkgs.buildPythonApplication rec {
"todoman"
];
meta = with lib; {
meta = {
homepage = "https://github.com/pimutils/todoman";
description = "Standards-based task manager based on iCalendar";
longDescription = ''
@ -99,9 +90,9 @@ python3.pkgs.buildPythonApplication rec {
now.
Unsupported fields may not be shown but are never deleted or altered.
'';
changelog = "https://github.com/pimutils/todoman/raw/v${version}/CHANGELOG.rst";
license = licenses.isc;
maintainers = with maintainers; [ leenaars antonmosich ];
changelog = "https://todoman.readthedocs.io/en/stable/changelog.html#v${builtins.replaceStrings ["."] ["-"] version}";
license = lib.licenses.isc;
maintainers = with lib.maintainers; [ leenaars antonmosich ];
mainProgram = "todo";
};
}

8
pkgs/applications/radio/sdrangel/default.nix
View File

@ -24,7 +24,7 @@
, libbladeRF
, mbelib
, ninja
, opencv3
, opencv4
, pkg-config
, qtcharts
, qtdeclarative
@ -52,13 +52,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "sdrangel";
version = "7.16.0";
version = "7.17.0";
src = fetchFromGitHub {
owner = "f4exb";
repo = "sdrangel";
rev = "v${finalAttrs.version}";
hash = "sha256-k35TZ2H8GX3gSYyb27hTY6gHHnxPkFwp1v4OJXhvV7A=";
hash = "sha256-v2ESMFAbsYbZVVIHlGCU01QPDorUZyLiUEhexr6zF5o=";
};
nativeBuildInputs = [
@ -90,7 +90,7 @@ stdenv.mkDerivation (finalAttrs: {
libusb1
limesuite
mbelib
opencv3
opencv4
qtcharts
qtdeclarative
qtgamepad

4
pkgs/applications/science/logic/lean4/default.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "lean4";
version = "4.1.0";
version = "4.2.0";
src = fetchFromGitHub {
owner = "leanprover";
repo = "lean4";
rev = "v${version}";
hash = "sha256-6qbCafG0bL5KxQt2gL6hV4PFDsEMM0UXfldeOOqxsaE=";
hash = "sha256-56YtHCiNMP5fJoddSokEl0ws06IwetYLer4aLCnujZA=";
};
postPatch = ''

12
pkgs/applications/science/math/caffe/default.nix
View File

@ -1,12 +1,13 @@
{ config, stdenv, lib
, fetchFromGitHub
, fetchurl
, fetchpatch
, cmake
, boost
, gflags
, glog
, hdf5-cpp
, opencv3
, opencv4
, protobuf
, doxygen
, blas
@ -71,7 +72,7 @@ stdenv.mkDerivation rec {
++ ["-DUSE_LEVELDB=${toggle leveldbSupport}"]
++ ["-DUSE_LMDB=${toggle lmdbSupport}"];
buildInputs = [ boost gflags glog protobuf hdf5-cpp opencv3 blas ]
buildInputs = [ boost gflags glog protobuf hdf5-cpp opencv4 blas ]
++ lib.optional cudaSupport cudatoolkit
++ lib.optional cudnnSupport cudnn
++ lib.optional lmdbSupport lmdb
@ -96,6 +97,11 @@ stdenv.mkDerivation rec {
patches = [
./darwin.patch
(fetchpatch {
name = "support-opencv4";
url = "https://github.com/BVLC/caffe/pull/6638/commits/0a04cc2ccd37ba36843c18fea2d5cbae6e7dd2b5.patch";
hash = "sha256-ZegTvp0tTHlopQv+UzHDigs6XLkP2VfqLCWXl6aKJSI=";
})
] ++ lib.optional pythonSupport (substituteAll {
src = ./python.patch;
inherit (python.sourceVersion) major minor; # Should be changed in case of PyPy
@ -148,7 +154,7 @@ stdenv.mkDerivation rec {
'';
homepage = "http://caffe.berkeleyvision.org/";
maintainers = with maintainers; [ ];
broken = pythonSupport && (python.isPy310);
broken = (pythonSupport && (python.isPy310)) || cudaSupport;
license = licenses.bsd2;
platforms = platforms.linux ++ platforms.darwin;
};

4
pkgs/applications/science/math/mxnet/default.nix
View File

@ -1,5 +1,5 @@
{ config, stdenv, lib, fetchurl, fetchpatch, bash, cmake
, opencv3, gtest, blas, gomp, llvmPackages, perl
, opencv4, gtest, blas, gomp, llvmPackages, perl
, cudaSupport ? config.cudaSupport, cudaPackages ? { }, nvidia_x11
, cudnnSupport ? cudaSupport
}:
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake perl ];
buildInputs = [ opencv3 gtest blas.provider ]
buildInputs = [ opencv4 gtest blas.provider ]
++ lib.optional stdenv.cc.isGNU gomp
++ lib.optional stdenv.cc.isClang llvmPackages.openmp
# FIXME: when cuda build is fixed, remove nvidia_x11, and use /run/opengl-driver/lib

4
pkgs/applications/science/misc/boinc/default.nix
View File

@ -27,14 +27,14 @@
stdenv.mkDerivation rec {
pname = "boinc";
version = "7.24.1";
version = "7.24.2";
src = fetchFromGitHub {
name = "${pname}-${version}-src";
owner = "BOINC";
repo = "boinc";
rev = "client_release/${lib.versions.majorMinor version}/${version}";
hash = "sha256-CAzAKxNHG8ew9v2B1jK7MxfWGwTfdmDncDe7QT+twd8=";
hash = "sha256-Aaoqf53wagCkzkZUs7mVbE2Z2P6GvxiQYxPrL6ahGqA=";
};
nativeBuildInputs = [ libtool automake autoconf m4 pkg-config ];

6
pkgs/applications/version-management/git-mit/default.nix
View File

@ -10,7 +10,7 @@
}:
let
version = "5.12.167";
version = "5.12.169";
in
rustPlatform.buildRustPackage {
pname = "git-mit";
@ -20,10 +20,10 @@ rustPlatform.buildRustPackage {
owner = "PurpleBooth";
repo = "git-mit";
rev = "v${version}";
hash = "sha256-tselj673Zkur0IAuOt0l/RffJiA6x2PYkdV+dCrNx+M=";
hash = "sha256-+PBZZhWTm+as6eZjPq+dsUVBOIPN2qvj3zoqN2+xEmA=";
};
cargoHash = "sha256-t2u8umPy8fJLjbUEpkufE96n+FXcV0ZCVYrK0lNBhHA=";
cargoHash = "sha256-TQR9yAV4aYuMH36hvx7y47403V7h54yCed44heSkMd8=";
nativeBuildInputs = [ pkg-config ];

9
pkgs/applications/video/freetube/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, appimageTools, makeWrapper, electron_22 }:
{ stdenv, lib, fetchurl, appimageTools, makeWrapper, electron, nixosTests }:
stdenv.mkDerivation rec {
pname = "freetube";
@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
sha256 = "add96ad3509d4d5c6d8658b005dfd046963cd6bb0a4e1f3e88f726a86c05810f";
};
passthru.tests = nixosTests.freetube;
appimageContents = appimageTools.extractType2 {
name = "${pname}-${version}";
inherit src;
@ -35,9 +37,8 @@ stdenv.mkDerivation rec {
runHook postInstall
'';
# Electron version is set to 22 in order to match upstream
postFixup = ''
makeWrapper ${electron_22}/bin/electron $out/bin/${pname} \
makeWrapper ${electron}/bin/electron $out/bin/${pname} \
--add-flags $out/share/${pname}/resources/app.asar
'';
@ -46,6 +47,6 @@ stdenv.mkDerivation rec {
homepage = "https://freetubeapp.io/";
license = licenses.agpl3Only;
maintainers = with maintainers; [ ryneeverett alyaeanyx ];
inherit (electron_22.meta) platforms;
inherit (electron.meta) platforms;
};
}

2
pkgs/applications/video/obs-studio/plugins/default.nix
View File

@ -42,6 +42,8 @@
obs-pipewire-audio-capture = callPackage ./obs-pipewire-audio-capture.nix { };
obs-replay-source = qt6Packages.callPackage ./obs-replay-source.nix { };
obs-rgb-levels-filter = callPackage ./obs-rgb-levels-filter.nix { };
obs-scale-to-sound = callPackage ./obs-scale-to-sound.nix { };

4
pkgs/applications/video/obs-studio/plugins/obs-pipewire-audio-capture.nix
View File

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "obs-pipewire-audio-capture";
version = "1.1.1";
version = "1.1.2";
src = fetchFromGitHub {
owner = "dimtpap";
repo = pname;
rev = version;
sha256 = "sha256-D4ONz/4S5Kt23Tmfa6jvw0X7680R9YDqG8/N6HhIQLE=";
sha256 = "sha256-9HPQ17swMlsCnKkYQXIUzEbx2vKuBUfGf58Up2hHVGI=";
};
nativeBuildInputs = [ cmake ninja pkg-config ];

40
pkgs/applications/video/obs-studio/plugins/obs-replay-source.nix Normal file
View File

@ -0,0 +1,40 @@
{ stdenv
, lib
, fetchFromGitHub
, cmake
, libcaption
, obs-studio
, qtbase
}:
stdenv.mkDerivation (finalAttrs: {
pname = "obs-replay-source";
version = "1.6.12";
src = fetchFromGitHub {
owner = "exeldro";
repo = "obs-replay-source";
rev = finalAttrs.version;
sha256 = "sha256-MzugH6r/jY5Kg7GIR8/o1BN36FenBzMnqrPUceJmbPs=";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ libcaption obs-studio qtbase ];
postInstall = ''
mkdir -p "$out/lib" "$out/share"
mv "$out/obs-plugins/64bit" "$out/lib/obs-plugins"
rm -rf "$out/obs-plugins"
mv "$out/data" "$out/share/obs"
'';
dontWrapQtApps = true;
meta = with lib; {
description = "Replay source for OBS studio";
homepage = "https://github.com/exeldro/obs-replay-source";
license = licenses.gpl2Only;
platforms = platforms.linux;
maintainers = with maintainers; [ pschmitt ];
};
})

4
pkgs/applications/virtualization/crun/default.nix
View File

@ -39,13 +39,13 @@ let
in
stdenv.mkDerivation rec {
pname = "crun";
version = "1.10";
version = "1.11";
src = fetchFromGitHub {
owner = "containers";
repo = pname;
rev = version;
hash = "sha256-deva/IPyjcGGAnUIofev3RV2ia7uI+OgSiUz/GtHhxE=";
hash = "sha256-38IqVt/XZeZQRXjiPNz4qDibBHMBVZwzAcxrobzEWdI=";
fetchSubmodules = true;
};

1
pkgs/build-support/rust/build-rust-crate/build-crate.nix
View File

@ -41,6 +41,7 @@
);
binRustcOpts = lib.concatStringsSep " " (
[ "-C linker=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" ] ++
baseRustcOpts
);

38
pkgs/by-name/ax/axmldec/package.nix Normal file
View File

@ -0,0 +1,38 @@
{ lib
, stdenv
, fetchFromGitHub
, cmake
, doxygen
, boost
, zlib
}:
stdenv.mkDerivation rec {
pname = "axmldec";
version = "1.2.0";
src = fetchFromGitHub {
owner = "ytsutano";
repo = "axmldec";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-LFDZZbRDa8mQmglgS4DA/OqXp0HJZ2uqg1hbStdgvUw=";
};
nativeBuildInputs = [ cmake doxygen ];
buildInputs = [ boost zlib ];
meta = with lib; {
description = "Stand-alone binary AndroidManifest.xml decoder";
longDescription = ''
This tool accepts either a binary or a text XML file and prints the
decoded XML to the standard output or a file. It also allows you to
extract the decoded AndroidManifest.xml directly from an APK file.
'';
homepage = "https://github.com/ytsutano/axmldec";
license = licenses.isc;
mainProgram = "axmldec";
maintainers = with maintainers; [ franciscod ];
platforms = platforms.unix ++ platforms.windows;
};
}

1
pkgs/by-name/ho/hottext/lock.json Normal file
View File

@ -0,0 +1 @@
{"depends":[{"method":"fetchzip","path":"/nix/store/vx0a8hw7hs5an0dnbrn6l16bd6is7hdr-source","rev":"07f6ba8ab96238e5bd1264cf0cea1d1746abb00c","sha256":"005nrldaasfl09zdsni1vi8s7dk0y85ijv6rm2wpj94435x66s36","url":"https://github.com/treeform/flatty/archive/07f6ba8ab96238e5bd1264cf0cea1d1746abb00c.tar.gz","ref":"0.3.4","packages":["flatty"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/lk4hcmvwvliliyyidx7k3fk9yfijddc5-source","rev":"b2e71179174e040884ebf6a16cbac711c84620b9","sha256":"0pi6cq43ysm1wy5vva3i2dqvyh4dqppjjjl04yj9wfq7mngpqaa1","url":"https://github.com/treeform/chroma/archive/b2e71179174e040884ebf6a16cbac711c84620b9.tar.gz","ref":"0.2.7","packages":["chroma"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/bah1zq369ikykm6dz3r0hzhcq4s88sxq-source","rev":"a2a5165c36e0098dea526712890fb7e988ba27f2","sha256":"0n42hlvh0d9wkjr01p04jnkyn7y4y62pwjdcqw52absapbpsr1lb","url":"https://github.com/treeform/typography/archive/a2a5165c36e0098dea526712890fb7e988ba27f2.tar.gz","ref":"0.7.14","packages":["typography"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/9hfg3703m28w76ics7rn0hw1qymz0jrh-source","rev":"156e424306756a106442aca985eed61a8d12097b","sha256":"0hg9iq509rjsgd33cp3452v7whgbc30b5lnajifkls0z66rc2ndh","url":"https://github.com/guzba/nimsimd/archive/156e424306756a106442aca985eed61a8d12097b.tar.gz","ref":"1.2.6","packages":["nimsimd"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/xjk8cg4dmja48rcswy0nphy3xhmf7nsz-source","rev":"f3e73f722fbb0e5d496fbc59ee860a9fd49983de","sha256":"12mqlczckhxcrg6il213fn7mcnqz3khwkh7i4bn57l55nzrhfvrh","url":"https://github.com/treeform/pixie/archive/f3e73f722fbb0e5d496fbc59ee860a9fd49983de.tar.gz","ref":"5.0.6","packages":["pixie"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/f9dp6njaay5rf32f6l9gkw0dm25gim47-source","rev":"7282ae1247f2f384ebeaec3826d7fa38fd0e1df1","sha256":"1plw9lfrm42qar01rnjhm0d9mkzsc7c3b8kz43w5pb8j8drx1lyn","url":"https://github.com/treeform/vmath/archive/7282ae1247f2f384ebeaec3826d7fa38fd0e1df1.tar.gz","ref":"2.0.0","packages":["vmath"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/16h19n8ndv42v8gn2vfdisdszv2wrln1-source","rev":"fb09637d6ebd6416b322a2b9bb95dd513040dea7","sha256":"1lyfnirwpy12lq9gr0sbnkf7ih7ayfvb1acjxk2z5gzlgxm1azp1","url":"https://github.com/treeform/print/archive/fb09637d6ebd6416b322a2b9bb95dd513040dea7.tar.gz","ref":"1.0.2","packages":["print"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/zrm3y895iwn057y5c4374bviih962w0v-source","rev":"d0c9ad33ae72aece49093d7688fc78a7101aa4b0","sha256":"14qgxcnyznjc180kdbilqzzya589rqaznfpp75yp37n47zdknfw0","url":"https://github.com/guzba/crunchy/archive/d0c9ad33ae72aece49093d7688fc78a7101aa4b0.tar.gz","ref":"0.1.9","packages":["crunchy"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/da49jl6rhz6jlix6mds0alhlbq1qlkfy-source","rev":"84d4702e838d684b7304882ffe796f57ef422fb6","sha256":"1vilid9xx5mp2yvssa3wf6g9svqdan87090klis891k9w1dd8i51","url":"https://github.com/nim-lang/sdl2/archive/84d4702e838d684b7304882ffe796f57ef422fb6.tar.gz","ref":"v2.0.5","packages":["sdl2"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/rpa0bv740i3yagp0ldkb68jp6scw4i5l-source","rev":"d7eaf00c24820ad0317c9926737402e62431e931","sha256":"0wrvdpvbwv4ysjsqc6hhvd97vql4k0m5l0zdrsrjlljd1n5g2haq","url":"https://github.com/treeform/bumpy/archive/d7eaf00c24820ad0317c9926737402e62431e931.tar.gz","ref":"1.1.2","packages":["bumpy"],"srcDir":"src"},{"method":"fetchzip","path":"/nix/store/b98qlpki45417ws4pmjq052q1s7333wc-source","rev":"a3fd6f0458ffdd7cbbd416be99f2ca80a7852d82","sha256":"0zmavr2jnyyqkvvi6hlg2kh6qv6lzakwvsqjy0sjm3qdsna0aldg","url":"https://github.com/guzba/zippy/archive/a3fd6f0458ffdd7cbbd416be99f2ca80a7852d82.tar.gz","ref":"0.10.10","packages":["zippy"],"srcDir":"src"}]}

41
pkgs/by-name/ho/hottext/package.nix Normal file
View File

@ -0,0 +1,41 @@
{ lib, nim2Packages, fetchFromSourcehut, gentium, makeDesktopItem, nim_lk, SDL2 }:
nim2Packages.buildNimPackage (finalAttrs: {
pname = "hottext";
version = "20231003";
nimBinOnly = true;
src = fetchFromSourcehut {
owner = "~ehmry";
repo = "hottext";
rev = finalAttrs.version;
hash = "sha256-ncH/1PV4vZY7JCUJ87FPz5bdrQsNlYxzGdc5BQNfQeA=";
};
buildInputs = [ SDL2 ];
nimFlags = nim_lk.passthru.nimFlagsFromLockFile ./lock.json;
HOTTEXT_FONT_PATH = "${gentium}/share/fonts/truetype/GentiumPlus-Regular.ttf";
desktopItem = makeDesktopItem {
categories = [ "Utility" ];
comment = finalAttrs.meta.description;
desktopName = finalAttrs.pname;
exec = finalAttrs.pname;
name = finalAttrs.pname;
};
postInstall = ''
cp -r $desktopItem/* $out
'';
meta = finalAttrs.src.meta // {
description = "Simple RSVP speed-reading utility";
license = lib.licenses.unlicense;
homepage = "https://git.sr.ht/~ehmry/hottext";
maintainers = with lib.maintainers; [ ehmry ];
mainProgram = "hottext";
};
})

14
pkgs/tools/misc/libcpuid/default.nix → pkgs/by-name/li/libcpuid/package.nix
View File

@ -2,25 +2,15 @@
stdenv.mkDerivation rec {
pname = "libcpuid";
version = "0.6.3";
version = "0.6.4";
src = fetchFromGitHub {
owner = "anrieff";
repo = "libcpuid";
rev = "v${version}";
sha256 = "sha256-lhoHqdS5tke462guORg+PURjVmjAgviT5KJHp6PyvUA=";
sha256 = "sha256-Zs5GKvSasdfLqo8oErDQNAuXRG27Bm9vNwyooqbol0Q=";
};
patches = [
# Fixes cross-compilation to NetBSD
# https://github.com/anrieff/libcpuid/pull/190
(fetchpatch {
name = "pass-pthread-to-linker.patch";
url = "https://github.com/anrieff/libcpuid/commit/c28436e7239f28dab0e2a3bcdbce95f41e1363b1.patch";
sha256 = "sha256-J2mB010JcE4si0rERjcrL9kJgbWHKaQCIZPDkmRvcq4=";
})
];
nativeBuildInputs = [ autoreconfHook ];
meta = with lib; {

71
pkgs/by-name/mo/monophony/package.nix Normal file
View File

@ -0,0 +1,71 @@
{ lib
, fetchFromGitLab
, python3Packages
, wrapGAppsHook4
, gst_all_1
, gobject-introspection
, yt-dlp
, libadwaita
, libsoup_3
, glib-networking
}:
python3Packages.buildPythonApplication rec {
pname = "monophony";
version = "2.3.1";
format = "other";
sourceRoot = "source/source";
src = fetchFromGitLab {
owner = "zehkira";
repo = "monophony";
rev = "v${version}";
hash = "sha256-dpRTHsujaIwzgr+qY5LC9xtXz40g3akdpEiHuxiilZM=";
};
pythonPath = with python3Packages; [
mpris-server
pygobject3
ytmusicapi
];
nativeBuildInputs = [
python3Packages.nuitka
gobject-introspection
wrapGAppsHook4
];
buildInputs =
[
libadwaita
# needed for gstreamer https
libsoup_3
glib-networking
]
++ (with gst_all_1; [
gst-plugins-base
gst-plugins-good
gstreamer
]);
installFlags = [ "prefix=$(out)" ];
preFixup = ''
buildPythonPath "$pythonPath"
gappsWrapperArgs+=(
--prefix PYTHONPATH : "$program_PYTHONPATH"
--prefix PATH : "${lib.makeBinPath [yt-dlp]}"
# needed for gstreamer https
--prefix LD_LIBRARY_PATH : "${libsoup_3.out}/lib"
)
'';
meta = with lib; {
homepage = "https://gitlab.com/zehkira/monophony";
description = "Linux app for streaming music from YouTube";
longDescription = "Monophony is a free and open source Linux app for streaming music from YouTube. It has no ads and does not require an account.";
license = licenses.agpl3Plus;
mainProgram = "monophony";
platforms = platforms.linux;
maintainers = with maintainers; [ quadradical ];
};
}

1
pkgs/by-name/ni/nim_lk/lock.json Normal file
View File

@ -0,0 +1 @@
{"depends":[{"method":"fetchzip","packages":["npeg"],"path":"/nix/store/ffkxmjmigfs7zhhiiqm0iw2c34smyciy-source","ref":"1.2.1","rev":"26d62fdc40feb84c6533956dc11d5ee9ea9b6c09","sha256":"0xpzifjkfp49w76qmaylan8q181bs45anmp46l4bwr3lkrr7bpwh","srcDir":"src","url":"https://github.com/zevv/npeg/archive/26d62fdc40feb84c6533956dc11d5ee9ea9b6c09.tar.gz"},{"method":"fetchzip","packages":["preserves"],"path":"/nix/store/nrcpzf9hx70kry3gwhrdzcs3qicjncjh-source","ref":"20231021","rev":"edece399be70818208bf2263c30cb2bcf435bbff","sha256":"0xmw35wmw3a4lja9q4qvlvpxv3xk0hnkjg4fwfw6f3inh6zfiqki","srcDir":"src","url":"https://git.syndicate-lang.org/ehmry/preserves-nim/archive/edece399be70818208bf2263c30cb2bcf435bbff.tar.gz"}]}

52
pkgs/by-name/ni/nim_lk/package.nix Normal file
View File

@ -0,0 +1,52 @@
{ lib, buildPackages, nim2Packages, fetchFromSourcehut, openssl }:
nim2Packages.buildNimPackage (finalAttrs: {
pname = "nim_lk";
version = "20231031";
nimBinOnly = true;
src = fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = finalAttrs.version;
hash = "sha256-dXm3dfXAxgucek19f1KdRShOsJyELPTB32qgGSKId6A=";
};
buildInputs = [ openssl ];
nimFlags = finalAttrs.passthru.nimFlagsFromLockFile ./lock.json;
meta = finalAttrs.src.meta // {
description = "Generate Nix specific lock files for Nim packages";
homepage = "https://git.sr.ht/~ehmry/nim_lk";
mainProgram = "nim_lk";
license = lib.licenses.bsd3;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [ ehmry ];
};
passthru.nimFlagsFromLockFile = let
fetchDependency = let
methods = {
fetchzip = { url, sha256, ... }:
buildPackages.fetchzip {
name = "source";
inherit url sha256;
};
git = { fetchSubmodules, leaveDotGit, rev, sha256, url, ... }:
buildPackages.fetchgit {
inherit fetchSubmodules leaveDotGit rev sha256 url;
};
};
in attrs@{ method, ... }: methods.${method} attrs // attrs;
in lockFile:
with builtins;
lib.pipe lockFile [
readFile
fromJSON
(getAttr "depends")
(map fetchDependency)
(map ({ outPath, srcDir, ... }: ''--path:"${outPath}/${srcDir}"''))
];
})

102
pkgs/by-name/oc/ocsinventory-agent/package.nix Normal file
View File

@ -0,0 +1,102 @@
{ lib
, stdenv
, perlPackages
, fetchFromGitHub
, makeWrapper
, shortenPerlShebang
, coreutils
, dmidecode
, findutils
, inetutils
, ipmitool
, iproute2
, lvm2
, nmap
, pciutils
, usbutils
, util-linux
, testers
, ocsinventory-agent
, nix-update-script
}:
perlPackages.buildPerlPackage rec {
version = "2.10.1";
pname = "ocsinventory-agent";
src = fetchFromGitHub {
owner = "OCSInventory-NG";
repo = "UnixAgent";
rev = "refs/tags/v${version}-MAC";
hash = "sha256-aFzBrUsVttUhpYGEYd/yYuXmE90PGCiBmBsVjtHcHLg=";
};
nativeBuildInputs = [ makeWrapper ] ++ lib.optional stdenv.isDarwin shortenPerlShebang;
buildInputs = with perlPackages; [
perl
DataUUID
IOCompress
IOSocketSSL
LWP
LWPProtocolHttps
NetIP
NetNetmask
NetSNMP
ParseEDID
ProcDaemon
ProcPIDFile
XMLSimple
] ++ lib.optionals stdenv.isLinux (with perlPackages; [
NetCUPS # cups-filters is broken on darwin
]) ++ lib.optionals stdenv.isDarwin (with perlPackages; [
MacSysProfile
]);
postInstall = let
runtimeDependencies = [
coreutils # uname, cut, df, stat, uptime
findutils # find
inetutils # ifconfig
ipmitool # ipmitool
nmap # nmap
pciutils # lspci
] ++ lib.optionals stdenv.isLinux [
dmidecode # dmidecode
iproute2 # ip
lvm2 # pvs
usbutils # lsusb
util-linux # last, lsblk, mount
];
in lib.optionalString stdenv.isDarwin ''
shortenPerlShebang $out/bin/ocsinventory-agent
'' + ''
wrapProgram $out/bin/ocsinventory-agent --prefix PATH : ${lib.makeBinPath runtimeDependencies}
'';
passthru = {
tests.version = testers.testVersion {
package = ocsinventory-agent;
command = "ocsinventory-agent --version";
# upstream has not updated version in lib/Ocsinventory/Agent/Config.pm
version = "2.10.0";
};
updateScript = nix-update-script { };
};
meta = with lib; {
description = "OCS Inventory unified agent for Unix operating systems";
longDescription = ''
Open Computers and Software Inventory (OCS) is an application designed
to help a network or system administrator to keep track of the hardware and
software configurations of computers that are installed on the network.
'';
homepage = "https://ocsinventory-ng.org";
changelog = "https://github.com/OCSInventory-NG/UnixAgent/releases/tag/v${version}";
downloadPage = "https://github.com/OCSInventory-NG/UnixAgent/releases";
license = licenses.gpl2Only;
mainProgram = "ocsinventory-agent";
maintainers = with maintainers; [ totoroot anthonyroussel ];
platforms = platforms.unix;
};
}

7
pkgs/tools/misc/spigot/default.nix → pkgs/by-name/sp/spigot/package.nix
View File

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, callPackage
, cmake
, gmp
, halibut
@ -32,6 +33,12 @@ stdenv.mkDerivation (finalAttrs: {
strictDeps = true;
passthru.tests = {
approximation = callPackage ./tests/approximation.nix {
spigot = finalAttrs.finalPackage;
};
};
meta = {
homepage = "https://www.chiark.greenend.org.uk/~sgtatham/spigot/";
description = "A command-line exact real calculator";

21
pkgs/by-name/sp/spigot/tests/approximation.nix Normal file
View File

@ -0,0 +1,21 @@
{ lib
, stdenv
, spigot
}:
stdenv.mkDerivation {
pname = "spigot-approximation";
inherit (spigot) version;
nativeBuildInputs = [ spigot ];
dontInstall = true;
buildCommand = ''
[ "$(spigot -b2 -d32 '(pi/1-355/113)')" = "-0.00000000000000000000010001111001" ]
[ "$(spigot -b2 -d32 '(e/1-1457/536)')" = "-0.00000000000000000001110101101011" ]
touch $out
'';
meta.timeout = 10;
}

17
pkgs/by-name/th/thud/package.nix
View File

@ -2,20 +2,21 @@
, rustPlatform
, fetchFromGitHub
, installShellFiles
, nix-update-script
}:
rustPlatform.buildRustPackage rec {
pname = "thud";
version = "0.3.0";
version = "0.3.1";
src = fetchFromGitHub {
owner = "donovanglover";
repo = "thud";
rev = version;
hash = "sha256-3MxmVKs0huXPnL9mqDniaIarkAvJmwSOMii2ntXtOos=";
hash = "sha256-BmrJaZ1IKXjx4/QkBDZyXvTTaalfEOKsBp9ZCW8px7I=";
};
cargoHash = "sha256-Hk3HlcA253FAA9hw5p9W+Mvec84zLo7bEmM2/BbmjiM=";
cargoHash = "sha256-rmVVdes7GuGV+ClqJGxNIrs7oSwe8/ZHFD6OfP/UW7A=";
nativeBuildInputs = [
installShellFiles
@ -25,14 +26,16 @@ rustPlatform.buildRustPackage rec {
install -Dm644 assets/thud.thumbnailer $out/share/thumbnailers/thud.thumbnailer
substituteInPlace $out/share/thumbnailers/thud.thumbnailer --replace "thud" "$out/bin/thud"
installManPage man/thud.1
installManPage target/man/thud.1
installShellCompletion --cmd thud \
--bash <(cat completions/thud.bash) \
--fish <(cat completions/thud.fish) \
--zsh <(cat completions/_thud)
--bash <(cat target/completions/thud.bash) \
--fish <(cat target/completions/thud.fish) \
--zsh <(cat target/completions/_thud)
'';
passthru.updateScript = nix-update-script { };
meta = with lib; {
description = "Generate directory thumbnails for GTK-based file browsers from images inside them";
homepage = "https://github.com/donovanglover/thud";

6
pkgs/by-name/ui/uiua/package.nix
View File

@ -14,16 +14,16 @@
rustPlatform.buildRustPackage rec {
pname = "uiua";
version = "0.0.23";
version = "0.0.25";
src = fetchFromGitHub {
owner = "uiua-lang";
repo = "uiua";
rev = version;
hash = "sha256-+Q/dn0pGZ3R+UlAt9stQZU1n+WITujJzTxY5dpXc+Bc=";
hash = "sha256-3ALtWcHLkwu+ddZfYMTtAPM9fQI4ceF0KG1jxozi3EQ=";
};
cargoHash = "sha256-R4jQ9Or9vh3dtqJH7nPvYM4o1h277sFUf+nC1VQl1Uk=";
cargoHash = "sha256-2qlvAZCKBZlkM7EYceITx1Py1/9F0dS2xorpCtKGi9I=";
nativeBuildInputs = lib.optionals stdenv.isDarwin [
rustPlatform.bindgenHook

2
pkgs/by-name/ui/uiua386/package.nix
View File

@ -14,7 +14,7 @@ stdenvNoCC.mkDerivation {
'';
meta = {
description = "An Uiua font";
description = "A Uiua font";
homepage = "https://uiua.org/";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ skykanin ];

15
pkgs/tools/networking/yggdrasil/default.nix → pkgs/by-name/yg/yggdrasil/package.nix
View File

@ -2,28 +2,25 @@
buildGoModule rec {
pname = "yggdrasil";
version = "0.4.7";
version = "0.5.1";
src = fetchFromGitHub {
owner = "yggdrasil-network";
repo = "yggdrasil-go";
rev = "v${version}";
sha256 = "sha256-01ciAutRIn4DmqlvDTXhRiuZHTtF8b6js7SUrLOjtAY=";
sha256 = "sha256-JeeOT3fb+4+eUyWl7rAXa5+Yf1XCT20xJeCdhBC0oeo=";
};
vendorHash = "sha256-hwDi59Yp92eMDqA8OD56nxsKSX2ngxs0lYdmEMLX+Oc=";
# Change the default location of the management socket on Linux
# systems so that the yggdrasil system service unit does not have to
# be granted write permission to /run.
patches = [ ./change-runtime-dir.patch ];
vendorHash = "sha256-yu725RgKDRmpNFNuffBFKZjZOFyzt00kKGuz696JHk0=";
subPackages = [ "cmd/genkeys" "cmd/yggdrasil" "cmd/yggdrasilctl" ];
ldflags = [
"-X github.com/yggdrasil-network/yggdrasil-go/src/version.buildVersion=${version}"
"-X github.com/yggdrasil-network/yggdrasil-go/src/version.buildName=${pname}"
"-s" "-w"
"-X github.com/yggdrasil-network/yggdrasil-go/src/config.defaultAdminListen=unix:///var/run/yggdrasil/yggdrasil.sock"
"-s"
"-w"
];
passthru.tests.basic = nixosTests.yggdrasil;

10
pkgs/data/fonts/commit-mono/default.nix
View File

@ -4,11 +4,11 @@
}:
stdenvNoCC.mkDerivation rec {
pname = "commit-mono";
version = "1.138";
version = "1.139";
src = fetchzip {
url = "https://github.com/eigilnikolajsen/commit-mono/releases/download/${version}/CommitMono-${version}.zip";
sha256 = "sha256-ae2eeHh57i6d0kDMZ68aXvLGFj+rXhwg1CC8cV3ndAQ=";
url = "https://github.com/eigilnikolajsen/commit-mono/releases/download/v${version}/CommitMono-${version}.zip";
hash = "sha256-TrXuWQzNlJsFwwOsnLuCCEj/9B9XrTNHSDVES68gIYs=";
stripRoot = false;
};
@ -20,8 +20,8 @@ stdenvNoCC.mkDerivation rec {
installPhase = ''
runHook preInstall
install -Dm644 -t $out/share/fonts/opentype/ CommitMono-${version}/*.otf
install -Dm644 -t $out/share/fonts/truetype/ CommitMono-${version}/ttfautohint/*.ttf
install -Dm644 CommitMono-${version}/*.otf -t $out/share/fonts/opentype
install -Dm644 CommitMono-${version}/ttfautohint/*.ttf -t $out/share/fonts/truetype
runHook postInstall
'';

6
pkgs/data/fonts/intel-one-mono/default.nix
View File

@ -2,16 +2,16 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "intel-one-mono";
version = "1.2.1";
version = "1.3.0";
srcs = [
(fetchurl {
url = "https://github.com/intel/intel-one-mono/releases/download/V${finalAttrs.version}/otf.zip";
hash = "sha256-RBJwIUkmAZIRaIEWUxFZlRMfFTUFdLbHCMRkagU0gU0=";
hash = "sha256-iZIfkXH+GplVwES4LaQBIaCWs7OKmEto9J2SpzvagSs=";
})
(fetchurl {
url = "https://github.com/intel/intel-one-mono/releases/download/V${finalAttrs.version}/ttf.zip";
hash = "sha256-DV/PT+P+GGq/ejS5cx5ENuCy+iiE32AMOirwuTCP3vY=";
hash = "sha256-EeUTEMuoTHKmuO5Uj0jjiDRF9t7jxbIy45nTWozlgfc=";
})
];

6
pkgs/data/fonts/unifont/default.nix
View File

@ -4,16 +4,16 @@
stdenv.mkDerivation rec {
pname = "unifont";
version = "15.1.02";
version = "15.1.03";
otf = fetchurl {
url = "mirror://gnu/unifont/${pname}-${version}/${pname}-${version}.otf";
hash = "sha256-fmhm74zc6wJK2f5XkDq/BRc5Lv+rCvcDRodgHCSiUQA=";
hash = "sha256-DGRIxE0HDX/cx7mQMBmGgRrbbj7fzWDAOMlhZM1/EEw=";
};
pcf = fetchurl {
url = "mirror://gnu/unifont/${pname}-${version}/${pname}-${version}.pcf.gz";
hash = "sha256-cCDXjSbpCe1U+Fx/xH/9NXWg6bkdRBV5AawFR0NyOHM=";
hash = "sha256-/fogZ8mkOz/4YFZVxU3tTZfYwZw7zGizoQ3yQkF+aME=";
};
nativeBuildInputs = [ libfaketime xorg.fonttosfnt xorg.mkfontscale ];

4
pkgs/data/themes/matcha/default.nix
View File

@ -19,13 +19,13 @@ lib.checkListOfEnum "${pname}: theme variants" [ "aliz" "azul" "sea" "pueril" "a
stdenvNoCC.mkDerivation rec {
inherit pname;
version = "2023-04-03";
version = "2023-10-30";
src = fetchFromGitHub {
owner = "vinceliuice";
repo = pname;
rev = version;
sha256 = "mr9X7p/H8H2QKZxAQC9j/8OLK4D3EnWLxriFlh16diE=";
sha256 = "+sWYUCFp5J+fhPHxicwtsHCQkFTpKwjj9H3GAXqNaYo=";
};
nativeBuildInputs = [

6
pkgs/development/compilers/erg/default.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "erg";
version = "0.6.23";
version = "0.6.24";
src = fetchFromGitHub {
owner = "erg-lang";
repo = "erg";
rev = "v${version}";
hash = "sha256-7UzITXvEpzMdKj9YIsuz6uYBLtk//OmTlnUegTLu+HA=";
hash = "sha256-J8Zw79TXYpDfnsx6UgB4sqY1vdwVHildqtCcXlBvUxQ=";
};
cargoHash = "sha256-A2HjobYgM22CIWYJusJUfPObNHlhN7y1lsv2mVzvluk=";
cargoHash = "sha256-4FhD9MvAhP88WGqVIUG2JHxd/gbDYf++bdlS6lVW0xs=";
nativeBuildInputs = [
makeWrapper

2
pkgs/development/coq-modules/coqeal/default.nix
View File

@ -8,6 +8,7 @@
inherit version;
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (range "8.16" "8.18") (isGe "2.0.0") ]; out = "2.0.0"; }
{ cases = [ (range "8.15" "8.18") (isGe "1.15.0") ]; out = "1.1.3"; }
{ cases = [ (range "8.13" "8.17") (isGe "1.13.0") ]; out = "1.1.1"; }
{ cases = [ (range "8.10" "8.15") (isGe "1.12.0") ]; out = "1.1.0"; }
@ -16,6 +17,7 @@
{ cases = [ (isGe "8.7") "1.10.0" ]; out = "1.0.3"; }
] null;
release."2.0.0".sha256 = "sha256-SG/KVnRJz2P+ZxkWVp1dDOnc/JVgigoexKfRUh1Y0GM";
release."1.1.3".sha256 = "sha256-xhqWpg86xbU1GbDtXXInNCTArjjPnWZctWiiasq1ScU=";
release."1.1.1".sha256 = "sha256-ExAdC3WuArNxS+Sa1r4x5aT7ylbCvP/BZXfkdQNAvZ8=";
release."1.1.0".sha256 = "1vyhfna5frkkq2fl1fkg2mwzpg09k3sbzxxpyp14fjay81xajrxr";

4
pkgs/development/coq-modules/fourcolor/default.nix
View File

@ -10,10 +10,12 @@ mkCoqDerivation {
release."1.2.4".sha256 = "sha256-iSW2O1kuunvOqTolmGGXmsYTxo2MJYCdW3BnEhp6Ksg=";
release."1.2.5".sha256 = "sha256-3qOPNCRjGK2UdHGMSqElpIXhAPVCklpeQgZwf9AFals=";
release."1.3.0".sha256 = "sha256-h9pa6vaKT6jCEaIdEdcu0498Ou5kEXtZdb9P7WXK1DQ=";
release."1.3.1".sha256 = "sha256-wBizm1hJXPYBu0tHFNScQHd22FebsJYoggT5OlhY/zM=";
inherit version;
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (isGe "8.16") (isGe "2.0") ]; out = "1.3.0"; }
{ cases = [ (isGe "8.16") (isGe "2.0") ]; out = "1.3.1"; }
{ cases = [ (isGe "8.16") "2.0.0" ]; out = "1.3.0"; }
{ cases = [ (isGe "8.11") (range "1.12" "1.17") ]; out = "1.2.5"; }
{ cases = [ (isGe "8.11") (range "1.11" "1.14") ]; out = "1.2.4"; }
{ cases = [ (isLe "8.13") (lib.pred.inter (isGe "1.11.0") (isLt "1.13")) ]; out = "1.2.3"; }

2
pkgs/development/coq-modules/mathcomp-algebra-tactics/default.nix
View File

@ -9,12 +9,14 @@ mkCoqDerivation {
defaultVersion = with lib.versions;
lib.switch [ coq.coq-version mathcomp-algebra.version ] [
{ cases = [ (range "8.16" "8.18") (isGe "2.0") ]; out = "1.2.2"; }
{ cases = [ (range "8.16" "8.18") (isGe "1.15") ]; out = "1.1.1"; }
{ cases = [ (range "8.13" "8.16") (isGe "1.12") ]; out = "1.0.0"; }
] null;
release."1.0.0".sha256 = "sha256-kszARPBizWbxSQ/Iqpf2vLbxYc6AjpUCLnSNlPcNfls=";
release."1.1.1".sha256 = "sha256-5wItMeeTRoJlRBH3zBNc2VUZn6pkDde60YAvXTx+J3U=";
release."1.2.2".sha256 = "sha256-EU9RJGV3BvnmsX+mGH+6+MDXiGHgDI7aP5sIYiMUXTs=";
propagatedBuildInputs = [ mathcomp-algebra coq-elpi mathcomp-zify ];

2
pkgs/development/coq-modules/mathcomp-real-closed/default.nix
View File

@ -8,6 +8,7 @@ mkCoqDerivation {
owner = "math-comp";
inherit version;
release = {
"2.0.0".sha256 = "sha256-sZvfiC5+5Lg4nRhfKKqyFzovCj2foAhqaq/w9F2bdU8=";
"1.1.4".sha256 = "sha256-8Hs6XfowbpeRD8RhMRf4ZJe2xf8kE0e8m7bPUzR/IM4=";
"1.1.3".sha256 = "1vwmmnzy8i4f203i2s60dn9i0kr27lsmwlqlyyzdpsghvbr8h5b7";
"1.1.2".sha256 = "0907x4nf7nnvn764q3x9lx41g74rilvq5cki5ziwgpsdgb98pppn";
@ -19,6 +20,7 @@ mkCoqDerivation {
};
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (isGe "8.16") (isGe "2.0.0") ]; out = "2.0.0"; }
{ cases = [ (isGe "8.13") (isGe "1.13.0") ]; out = "1.1.4"; }
{ cases = [ (isGe "8.13") (isGe "1.12.0") ]; out = "1.1.3"; }
{ cases = [ (isGe "8.10") (isGe "1.12.0") ]; out = "1.1.2"; }

6
pkgs/development/coq-modules/multinomials/default.nix
View File

@ -8,8 +8,9 @@
owner = "math-comp";
inherit version;
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (isGe "8.16") (isGe "2.0.0") ]; out = "2.0.0"; }
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (isGe "8.16") (isGe "2.1.0") ]; out = "2.1.0"; }
{ cases = [ (isGe "8.16") "2.0.0" ]; out = "2.0.0"; }
{ cases = [ (isGe "8.15") (range "1.15.0" "1.17.0") ]; out = "1.6.0"; }
{ cases = [ (isGe "8.10") (range "1.13.0" "1.17.0") ]; out = "1.5.6"; }
{ cases = [ (range "8.10" "8.16") (range "1.12.0" "1.15.0") ]; out = "1.5.5"; }
@ -20,6 +21,7 @@
{ cases = [ "8.6" (range "1.6" "1.7") ]; out = "1.1"; }
] null;
release = {
"2.1.0".sha256 = "sha256-QT91SBJ6DXhyg4j/okTvPP6yj2DnnPbnSlJ/p8pvZbY=";
"2.0.0".sha256 = "sha256-2zWHzMBsO2j8EjN7CgCmKQcku9Be8aVlme0LD5p4ab8=";
"1.6.0".sha256 = "sha256-lEM+sjqajIOm1c3lspHqcSIARgMR9RHbTQH4veHLJfU=";
"1.5.6".sha256 = "sha256-cMixgc34T9Ic6v+tYmL49QUNpZpPV5ofaNuHqblX6oY=";

10
pkgs/development/coq-modules/reglang/default.nix
View File

@ -1,20 +1,22 @@
{ lib, mkCoqDerivation, coq, ssreflect, version ? null }:
{ lib, mkCoqDerivation, coq, mathcomp, version ? null }:
mkCoqDerivation {
pname = "reglang";
releaseRev = v: "v${v}";
release."1.2.0".sha256 = "sha256-gSqQ7D2HLwM4oYopTWkMFYfYXxsH/7VxI3AyrLwNf3o=";
release."1.1.3".sha256 = "sha256-kaselYm8K0JBsTlcI6K24m8qpv8CZ9+VNDJrOtFaExg=";
release."1.1.2".sha256 = "sha256-SEnMilLNxh6a3oiDNGLaBr8quQ/nO2T9Fwdf/1il2Yk=";
inherit version;
defaultVersion = with lib.versions; lib.switch coq.coq-version [
{ case = range "8.10" "8.18"; out = "1.1.3"; }
defaultVersion = with lib.versions; lib.switch [ coq.coq-version mathcomp.version ] [
{ cases = [ (range "8.16" "8.18") (isGe "2.0.0") ]; out = "1.2.0"; }
{ cases = [ (range "8.10" "8.18") (isLt "2.0.0") ]; out = "1.1.3"; }
] null;
propagatedBuildInputs = [ ssreflect ];
propagatedBuildInputs = [ mathcomp.ssreflect ];
meta = with lib; {
description = "Regular Language Representations in Coq";

4
pkgs/development/interpreters/luau/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "luau";
version = "0.600";
version = "0.601";
src = fetchFromGitHub {
owner = "Roblox";
repo = "luau";
rev = version;
hash = "sha256-fu4ALQ6mpxSQAWdz6zzcHRC4Z5ykVB0G7e2QzpHt8K8=";
hash = "sha256-RkclNY5ZDP0Urht/JBx00SbeQ958CJCTIru2YUIYFa4=";
};
nativeBuildInputs = [ cmake ];

10
pkgs/development/interpreters/zuo/default.nix
View File

@ -1,18 +1,20 @@
{ lib, stdenv, fetchFromGitHub }:
{ lib, stdenv, fetchFromGitHub, unstableGitUpdater }:
stdenv.mkDerivation rec {
pname = "zuo";
version = "unstable-2023-01-02";
version = "unstable-2023-10-17";
src = fetchFromGitHub {
owner = "racket";
repo = "zuo";
rev = "464aae9ae90dcb43ab003b922e4ae4d08611c55b";
hash = "sha256-O8p3dEXqAP2UNPNBla9AtkndxgL8UoVp/QygXOmcgWg=";
rev = "493e9cd08147add01bba9247f36759f095b87678";
hash = "sha256-gsCjB3V+A0kMZJZ9onZ57R6b1Ha0K+Q383DQoVGfY7I=";
};
doCheck = true;
passthru.updateScript = unstableGitUpdater { };
meta = with lib; {
description = "A Tiny Racket for Scripting";
homepage = "https://github.com/racket/zuo";

4
pkgs/development/libraries/graphene/default.nix
View File

@ -77,6 +77,10 @@ stdenv.mkDerivation rec {
"-Dintrospection=enabled"
"-Dinstalled_test_datadir=${placeholder "installedTests"}/share"
"-Dinstalled_test_bindir=${placeholder "installedTests"}/libexec"
] ++ lib.optionals stdenv.isAarch32 [
# the box test is failing with SIGBUS on armv7l-linux
# https://github.com/ebassi/graphene/issues/215
"-Darm_neon=false"
];
doCheck = true;

11
pkgs/development/libraries/libbap/default.nix
View File

@ -3,20 +3,15 @@
stdenv.mkDerivation {
pname = "libbap";
version = "master-2020-11-25";
version = "master-2022-07-13";
src = fetchFromGitHub {
owner = "BinaryAnalysisPlatform";
repo = "bap-bindings";
rev = "3193cb31e1b1f2455406ea0c819dad9dfa2ba10d";
sha256 = "0m4spva3z6fgbwlg4zq53l5p227dic893q2qq65pvzxyf7k7nmil";
rev = "4d324dd794f8e022e8eddecbb2ae2e7b28173947";
hash = "sha256-la47HR+i99ueDEWR91YIXGdKflpE1E0qmmJjeowmGSI=";
};
postPatch = ''
substituteInPlace Makefile.in \
--replace "-linkpkg" "-thread -linkpkg"
'';
nativeBuildInputs = [ autoreconfHook which ocaml findlib ];
buildInputs = [ bap ctypes ];

30
pkgs/development/libraries/libcaption/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ stdenv
, lib
, fetchFromGitHub
, cmake
, re2c
}:
stdenv.mkDerivation (finalAttrs: {
pname = "libcaption";
version = "0.7";
src = fetchFromGitHub {
owner = "szatmary";
repo = "libcaption";
rev = finalAttrs.version;
sha256 = "sha256-OBtxoFJF0cxC+kfSK8TIKIdLkmCh5WOJlI0fejnisJo=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];
buildInputs = [ re2c ];
meta = with lib; {
description = "Free open-source CEA608 / CEA708 closed-caption encoder/decoder";
homepage = "https://github.com/szatmary/libcaption";
license = licenses.mit;
platforms = platforms.all;
maintainers = with maintainers; [ pschmitt ];
};
})

1
pkgs/development/libraries/libhugetlbfs/default.nix
View File

@ -47,7 +47,6 @@ stdenv.mkDerivation rec {
badPlatforms = flatten [
systems.inspect.platformPatterns.isStatic
systems.inspect.patterns.isMusl
systems.inspect.patterns.isAarch64
];
};
}

4
pkgs/development/libraries/vapoursynth/default.nix
View File

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "vapoursynth";
version = "64";
version = "65";
src = fetchFromGitHub {
owner = "vapoursynth";
repo = "vapoursynth";
rev = "R${version}";
sha256 = "sha256-EdIe0hWsx0W9+03O0Avk4DV2jKv8s4wGAKk0NxIAuTU=";
sha256 = "sha256-HrTXhRoKSFeLXYQM7W2FvYf7yCD1diSZGtPop9urrSk=";
};
patches = [

1
pkgs/development/node-packages/node-packages.json
View File

@ -153,7 +153,6 @@
, "katex"
, "keyoxide"
, "lcov-result-merger"
, "lean-language-server"
, "lerna"
, "less"
, "less-plugin-clean-css"

11451
pkgs/development/node-packages/node-packages.nix generated
View File

File diff suppressed because it is too large Load Diff

7
pkgs/development/ocaml-modules/ocamlformat/generic.nix
View File

@ -1,6 +1,6 @@
{ lib, fetchurl, version, astring, base, camlp-streams, cmdliner_1_0
{ lib, fetchurl, version ? "0.26.1", astring, base, camlp-streams, cmdliner_1_0
, cmdliner_1_1, csexp, dune-build-info, either, fix, fpath, menhirLib, menhirSdk
, ocaml-version, ocp-indent, odoc-parser, result, stdio, uuseg, uutf }:
, ocaml-version, ocp-indent, odoc-parser, result, stdio, uuseg, uutf, ... }:
# The ocamlformat package have been split into two in version 0.25.1:
# one for the library and one for the executable.
@ -23,9 +23,12 @@ rec {
"0.24.1" = "sha256-AjQl6YGPgOpQU3sjcaSnZsFJqZV9BYB+iKAE0tX0Qc4=";
"0.25.1" = "sha256-3I8qMwyjkws2yssmI7s2Dti99uSorNKT29niJBpv0z0=";
"0.26.0" = "sha256-AxSUq3cM7xCo9qocvrVmDkbDqmwM1FexEP7IWadeh30=";
"0.26.1" = "sha256-2gBuQn8VuexhL7gI1EZZm9m3w+4lq+s9VVdHpw10xtc=";
}."${version}";
};
inherit version;
odoc-parser_v = odoc-parser.override {
version = if lib.versionAtLeast version "0.24.0" then
"2.0.0"

Some files were not shown because too many files have changed in this diff Show More