Merge master into haskell-updates

This commit is contained in:
github-actions[bot] 2024-04-04 00:13:26 +00:00 committed by GitHub
commit c58b0d26b7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
292 changed files with 13631 additions and 15527 deletions

View File

@ -23,8 +23,11 @@ jobs:
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
# fix a commit from nixpkgs-unstable to avoid e.g. building nixfmt
# from staging
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/4b455dc2048f73a79eb3713f342369ff58f93e0b.tar.gz
- name: Install nixfmt
run: nix-env -f default.nix -iAP nixfmt-rfc-style
run: "nix-env -f '<nixpkgs>' -iAP nixfmt-rfc-style"
- name: Check that Nix files are formatted according to the RFC style
# Each environment variable beginning with NIX_FMT_PATHS_ is a list of
# paths to check with nixfmt.

View File

@ -1,66 +1,161 @@
# Fetchers {#chap-pkgs-fetchers}
Building software with Nix often requires downloading source code and other files from the internet.
To this end, Nixpkgs provides *fetchers*: functions to obtain remote sources via various protocols and services.
To this end, we use functions that we call _fetchers_, which obtain remote sources via various protocols and services.
Nix provides built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball).
Nixpkgs provides its own fetchers, which work differently:
Nixpkgs fetchers differ from built-in fetchers such as [`builtins.fetchTarball`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchTarball):
- A built-in fetcher will download and cache files at evaluation time and produce a [store path](https://nixos.org/manual/nix/stable/glossary#gloss-store-path).
A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/language/derivations), and files are downloaded at build time.
A Nixpkgs fetcher will create a ([fixed-output](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation)) [derivation](https://nixos.org/manual/nix/stable/glossary#gloss-derivation), and files are downloaded at build time.
- Built-in fetchers will invalidate their cache after [`tarball-ttl`](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-tarball-ttl) expires, and will require network activity to check if the cache entry is up to date.
Nixpkgs fetchers only re-download if the specified hash changes or the store object is not otherwise available.
Nixpkgs fetchers only re-download if the specified hash changes or the store object is not available.
- Built-in fetchers do not use [substituters](https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-substituters).
Derivations produced by Nixpkgs fetchers will use any configured binary cache transparently.
This significantly reduces the time needed to evaluate the entirety of Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org).
For these reasons, built-in fetchers are not allowed in Nixpkgs source code.
This significantly reduces the time needed to evaluate Nixpkgs, and allows [Hydra](https://nixos.org/hydra) to retain and re-distribute sources used by Nixpkgs in the [public binary cache](https://cache.nixos.org).
For these reasons, Nix's built-in fetchers are not allowed in Nixpkgs.
The following table shows an overview of the differences:
The following table summarises the differences:
| Fetchers | Download | Output | Cache | Re-download when |
|-|-|-|-|-|
| `builtins.fetch*` | evaluation time | store path | `/nix/store`, `~/.cache/nix` | `tarball-ttl` expires, cache miss in `~/.cache/nix`, output store object not in local store |
| `pkgs.fetch*` | build time | derivation | `/nix/store`, substituters | output store object not available |
:::{.tip}
`pkgs.fetchFrom*` helpers retrieve _snapshots_ of version-controlled sources, as opposed to the entire version history, which is more efficient.
`pkgs.fetchgit` by default also has the same behaviour, but can be changed through specific attributes given to it.
:::
## Caveats {#chap-pkgs-fetchers-caveats}
The fact that the hash belongs to the Nix derivation output and not the file itself can lead to confusion.
For example, consider the following fetcher:
Because Nixpkgs fetchers are fixed-output derivations, an [output hash](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-outputHash) has to be specified, usually indirectly through a `hash` attribute.
This hash refers to the derivation output, which can be different from the remote source itself!
```nix
fetchurl {
url = "http://www.example.org/hello-1.0.tar.gz";
hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=";
}
```
This has the following implications that you should be aware of:
A common mistake is to update a fetchers URL, or a version parameter, without updating the hash.
- Use Nix (or Nix-aware) tooling to produce the output hash.
```nix
fetchurl {
url = "http://www.example.org/hello-1.1.tar.gz";
hash = "sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=";
}
```
- When changing any fetcher parameters, always update the output hash.
Use one of the methods from [](#sec-pkgs-fetchers-updating-source-hashes).
Otherwise, existing store objects that match the output hash will be re-used rather than fetching new content.
**This will reuse the old contents**.
Remember to invalidate the hash argument, in this case by setting the `hash` attribute to an empty string.
:::{.note}
A similar problem arises while testing changes to a fetcher's implementation.
If the output of the derivation already exists in the Nix store, test failures can go undetected.
The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations.
:::
```nix
fetchurl {
url = "http://www.example.org/hello-1.1.tar.gz";
hash = "";
}
```
## Updating source hashes {#sec-pkgs-fetchers-updating-source-hashes}
Use the resulting error message to determine the correct hash.
There are several ways to obtain the hash corresponding to a remote source.
Unless you understand how the fetcher you're using calculates the hash from the downloaded contents, you should use [the fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method).
```
error: hash mismatch in fixed-output derivation '/path/to/my.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-lTeyxzJNQeMdu1IVdovNMtgn77jRIhSybLdMbTkf2Ww=
```
1. []{#sec-pkgs-fetchers-updating-source-hashes-fakehash-method} The fake hash method: In your package recipe, set the hash to one of
A similar problem arises while testing changes to a fetcher's implementation. If the output of the derivation already exists in the Nix store, test failures can go undetected. The [`invalidateFetcherByDrvHash`](#tester-invalidateFetcherByDrvHash) function helps prevent reusing cached derivations.
- `""`
- `lib.fakeHash`
- `lib.fakeSha256`
- `lib.fakeSha512`
Attempt to build, extract the calculated hashes from error messages, and put them into the recipe.
:::{.warning}
You must use one of these four fake hashes and not some arbitrarily-chosen hash.
See [](#sec-pkgs-fetchers-secure-hashes) for details.
:::
:::{.example #ex-fetchers-update-fod-hash}
# Update source hash with the fake hash method
Consider the following recipe that produces a plain file:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.05/.version";
hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM=";
}
```
A common mistake is to update a fetcher parameter, such as `url`, without updating the hash:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version";
hash = "sha256-ZHl1emidXVojm83LCVrwULpwIzKE/mYwfztVkvpruOM=";
}
```
**This will produce the same output as before!**
Set the hash to an empty string:
```nix
{ fetchurl }:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version";
hash = "";
}
```
When building the package, use the error message to determine the correct hash:
```shell
$ nix-build
(some output removed for clarity)
error: hash mismatch in fixed-output derivation '/nix/store/7yynn53jpc93l76z9zdjj4xdxgynawcw-version.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-BZqI7r0MNP29yGH5+yW2tjU9OOpOCEvwWKrWCv5CQ0I=
error: build of '/nix/store/bqdjcw5ij5ymfbm41dq230chk9hdhqff-version.drv' failed
```
:::
2. Prefetch the source with [`nix-prefetch-<type> <URL>`](https://search.nixos.org/packages?buckets={%22package_attr_set%22%3A[%22No%20package%20set%22]%2C%22package_license_set%22%3A[]%2C%22package_maintainers_set%22%3A[]%2C%22package_platforms%22%3A[]}&query=nix-prefetch), where `<type>` is one of
- `url`
- `git`
- `hg`
- `cvs`
- `bzr`
- `svn`
The hash is printed to stdout.
3. Prefetch by package source (with `nix-prefetch-url '<nixpkgs>' -A <package>.src`, where `<package>` is package attribute name).
The hash is printed to stdout.
This works well when you've upgraded the existing package version and want to find out new hash, but is useless if the package can't be accessed by attribute or the package has multiple sources (`.srcs`, architecture-dependent sources, etc).
4. Upstream hash: use it when upstream provides `sha256` or `sha512`.
Don't use it when upstream provides `md5`, compute `sha256` instead.
A little nuance is that `nix-prefetch-*` tools produce hashes with the `nix32` encoding (a Nix-specific base32 adaptation), but upstream usually provides hexadecimal (`base16`) encoding.
Fetchers understand both formats.
Nixpkgs does not standardise on any one format.
You can convert between hash formats with [`nix-hash`](https://nixos.org/manual/nix/stable/command-ref/nix-hash).
5. Extract the hash from a local source archive with `sha256sum`.
Use `nix-prefetch-url file:///path/to/archive` if you want the custom Nix `base32` hash.
## Obtaining hashes securely {#sec-pkgs-fetchers-secure-hashes}
It's always a good idea to avoid Man-in-the-Middle (MITM) attacks when downloading source contents.
Otherwise, you could unknowingly download malware instead of the intended source, and instead of the actual source hash, you'll end up using the hash of malware.
Here are security considerations for this scenario:
- `http://` URLs are not secure to prefetch hashes.
- Upstream hashes should be obtained via a secure protocol.
- `https://` URLs give you more protections when using `nix-prefetch-*` or for upstream hashes.
- `https://` URLs are secure when using the [fake hash method](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method) *only if* you use one of the listed fake hashes.
If you use any other hash, the download will be exposed to MITM attacks even if you use HTTPS URLs.
In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content.
## `fetchurl` and `fetchzip` {#fetchurl}

View File

@ -320,5 +320,7 @@
"login.defs(5)": "https://man.archlinux.org/man/login.defs.5",
"unshare(1)": "https://man.archlinux.org/man/unshare.1.en",
"nix-shell(1)": "https://nixos.org/manual/nix/stable/command-ref/nix-shell.html",
"mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en"
"mksquashfs(1)": "https://man.archlinux.org/man/extra/squashfs-tools/mksquashfs.1.en",
"curl(1)": "https://curl.se/docs/manpage.html",
"netrc(5)": "https://man.cx/netrc"
}

View File

@ -1237,12 +1237,6 @@
githubId = 29887;
name = "Andrew Smith";
};
andsild = {
email = "andsild@gmail.com";
github = "andsild";
githubId = 3808928;
name = "Anders Sildnes";
};
andys8 = {
github = "andys8";
githubId = 13085980;
@ -18594,6 +18588,12 @@
githubId = 20756843;
name = "Sofi";
};
soyouzpanda = {
name = "soyouzpanda";
email = "soyouzpanda@soyouzpanda.fr";
github = "soyouzpanda";
githubId = 23421201;
};
soywod = {
name = "Clément DOUIN";
email = "clement.douin@posteo.net";

View File

@ -177,8 +177,12 @@ in
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;

View File

@ -236,7 +236,8 @@ in
--instance ${escapeShellArg instance.url} \
--token "$TOKEN" \
--name ${escapeShellArg instance.name} \
--labels ${escapeShellArg (concatStringsSep "," instance.labels)}
--labels ${escapeShellArg (concatStringsSep "," instance.labels)} \
--config ${configFile}
# and write back the configured labels
echo "$LABELS_WANTED" > "$LABELS_FILE"

View File

@ -255,7 +255,7 @@ in
ln -fs ${ipc-config} config/IPC.config
''}
${lib.optionalString (cfg.ipcSettings != {}) ''
${lib.optionalString (cfg.bots != {}) ''
ln -fs ${createBotsScript}/* config/
''}

View File

@ -148,16 +148,13 @@ in
serviceConfig = {
User = "terraria";
Group = "terraria";
Type = "forking";
GuessMainPID = true;
UMask = 007;
ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
ExecStop = "${stopScript} $MAINPID";
};
postStart = ''
${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/terraria.sock
${pkgs.coreutils}/bin/chgrp terraria ${cfg.dataDir}/terraria.sock
'';
};
networking.firewall = mkIf cfg.openFirewall {

View File

@ -217,7 +217,6 @@ in
sed -e "s,#secretkey#,$KEY,g" \
-e "s,#dbpass#,$DBPASS,g" \
-i ${runConfig}
chmod 440 ${runConfig} ${secretKey}
''}
mkdir -p ${cfg.repositoryRoot}
@ -239,6 +238,7 @@ in
WorkingDirectory = cfg.stateDir;
ExecStart = "${pkgs.gogs}/bin/gogs web";
Restart = "always";
UMask = "0027";
};
environment = {

View File

@ -81,7 +81,6 @@ let
zonesdir: "${stateDir}"
# the list of dynamically added zones.
database: "${stateDir}/var/nsd.db"
pidfile: "${pidFile}"
xfrdfile: "${stateDir}/var/xfrd.state"
xfrdir: "${stateDir}/tmp"
@ -112,6 +111,7 @@ let
${maybeString "version: " cfg.version}
xfrd-reload-timeout: ${toString cfg.xfrdReloadTimeout}
zonefiles-check: ${yesOrNo cfg.zonefilesCheck}
zonefiles-write: ${toString cfg.zonefilesWrite}
${maybeString "rrl-ipv4-prefix-length: " cfg.ratelimit.ipv4PrefixLength}
${maybeString "rrl-ipv6-prefix-length: " cfg.ratelimit.ipv6PrefixLength}
@ -173,6 +173,7 @@ let
${maybeToString "min-retry-time: " zone.minRetrySecs}
allow-axfr-fallback: ${yesOrNo zone.allowAXFRFallback}
multi-master-check: ${yesOrNo zone.multiMasterCheck}
${forEach " allow-notify: " zone.allowNotify}
${forEach " request-xfr: " zone.requestXFR}
@ -201,7 +202,7 @@ let
allowAXFRFallback = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
'';
@ -213,7 +214,7 @@ let
example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name"
"10.0.3.4&255.255.0.0 BLOCKED"
];
description = lib.mdDoc ''
description = ''
Listed primary servers are allowed to notify this secondary server.
Format: `<ip> <key-name | NOKEY | BLOCKED>`
@ -243,7 +244,7 @@ let
# to default values, breaking the parent inheriting function.
type = types.attrsOf types.anything;
default = {};
description = lib.mdDoc ''
description = ''
Children zones inherit all options of their parents. Attributes
defined in a child will overwrite the ones of its parent. Only
leaf zones will be actually served. This way it's possible to
@ -256,29 +257,29 @@ let
data = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc ''
description = ''
The actual zone data. This is the content of your zone file.
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
'';
};
dnssec = mkEnableOption (lib.mdDoc "DNSSEC");
dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = lib.mdDoc "Which algorithm to use for DNSSEC";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = lib.mdDoc "TTL for dnssec records";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = lib.mdDoc ''
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
@ -289,7 +290,7 @@ let
postPublish = "1w";
rollPeriod = "1mo";
};
description = lib.mdDoc "Key policy for zone signing keys";
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
@ -298,14 +299,14 @@ let
postPublish = "1mo";
rollPeriod = "0";
};
description = lib.mdDoc "Key policy for key signing keys";
description = "Key policy for key signing keys";
};
};
maxRefreshSecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit refresh time for secondary zones. This is the timer which
checks to see if the zone has to be refetched when it expires.
Normally the value from the SOA record is used, but this option
@ -316,7 +317,7 @@ let
minRefreshSecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit refresh time for secondary zones.
'';
};
@ -324,7 +325,7 @@ let
maxRetrySecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit retry time for secondary zones. This is the timeout after
a failed fetch attempt for the zone. Normally the value from
the SOA record is used, but this option restricts that value.
@ -334,17 +335,26 @@ let
minRetrySecs = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Limit retry time for secondary zones.
'';
};
multiMasterCheck = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, checks all masters for the last zone version.
It uses the higher version from all configured masters.
Useful if you have multiple masters that have different version numbers served.
'';
};
notify = mkOption {
type = types.listOf types.str;
default = [];
example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ];
description = lib.mdDoc ''
description = ''
This primary server will notify all given secondary servers about
zone changes.
@ -361,7 +371,7 @@ let
notifyRetry = mkOption {
type = types.int;
default = 5;
description = lib.mdDoc ''
description = ''
Specifies the number of retries for failed notifies. Set this along with notify.
'';
};
@ -370,7 +380,7 @@ let
type = types.nullOr types.str;
default = null;
example = "2000::1@1234";
description = lib.mdDoc ''
description = ''
This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server.
Supply either a plain IPv4 or IPv6 address with an optional port
@ -382,7 +392,7 @@ let
type = types.listOf types.str;
default = [];
example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ];
description = lib.mdDoc ''
description = ''
Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
'';
@ -391,7 +401,7 @@ let
requestXFR = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
description = ''
Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>`
'';
};
@ -399,7 +409,7 @@ let
rrlWhitelist = mkOption {
type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]);
default = [];
description = lib.mdDoc ''
description = ''
Whitelists the given rrl-types.
'';
};
@ -408,7 +418,7 @@ let
type = types.nullOr types.str;
default = null;
example = "%s";
description = lib.mdDoc ''
description = ''
When set to something distinct to null NSD is able to collect
statistics per zone. All statistics of this zone(s) will be added
to the group specified by this given name. Use "%s" to use the zones
@ -423,19 +433,19 @@ let
options = {
keySize = mkOption {
type = types.int;
description = lib.mdDoc "Key size in bits";
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = lib.mdDoc "How long in advance to publish new keys";
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = lib.mdDoc "How long after deactivation to keep a key in the zone";
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = lib.mdDoc "How frequently to change keys";
description = "How frequently to change keys";
};
};
};
@ -478,14 +488,14 @@ in
# options are ordered alphanumerically
options.services.nsd = {
enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");
enable = mkEnableOption "NSD authoritative DNS server";
bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics");
bind8Stats = mkEnableOption "BIND8 like statistics";
dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = lib.mdDoc ''
description = ''
How often to check whether dnssec key rollover is required
'';
};
@ -493,7 +503,7 @@ in
extraConfig = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc ''
description = ''
Extra nsd config.
'';
};
@ -501,7 +511,7 @@ in
hideVersion = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.
'';
};
@ -509,7 +519,7 @@ in
identity = mkOption {
type = types.str;
default = "unidentified server";
description = lib.mdDoc ''
description = ''
Identify the server (CH TXT ID.SERVER entry).
'';
};
@ -517,7 +527,7 @@ in
interfaces = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.0" "::1" ];
description = lib.mdDoc ''
description = ''
What addresses the server should listen to.
'';
};
@ -525,7 +535,7 @@ in
ipFreebind = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Whether to bind to nonlocal addresses and interfaces that are down.
Similar to ip-transparent.
'';
@ -534,7 +544,7 @@ in
ipTransparent = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Allow binding to non local addresses.
'';
};
@ -542,7 +552,7 @@ in
ipv4 = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to listen on IPv4 connections.
'';
};
@ -550,7 +560,7 @@ in
ipv4EDNSSize = mkOption {
type = types.int;
default = 4096;
description = lib.mdDoc ''
description = ''
Preferred EDNS buffer size for IPv4.
'';
};
@ -558,7 +568,7 @@ in
ipv6 = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to listen on IPv6 connections.
'';
};
@ -566,7 +576,7 @@ in
ipv6EDNSSize = mkOption {
type = types.int;
default = 4096;
description = lib.mdDoc ''
description = ''
Preferred EDNS buffer size for IPv6.
'';
};
@ -574,7 +584,7 @@ in
logTimeAscii = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Log time in ascii, if false then in unix epoch seconds.
'';
};
@ -582,7 +592,7 @@ in
nsid = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
description = ''
NSID identity (hex string, or "ascii_somestring").
'';
};
@ -590,7 +600,7 @@ in
port = mkOption {
type = types.port;
default = 53;
description = lib.mdDoc ''
description = ''
Port the service should bind do.
'';
};
@ -599,7 +609,7 @@ in
type = types.bool;
default = pkgs.stdenv.isLinux;
defaultText = literalExpression "pkgs.stdenv.isLinux";
description = lib.mdDoc ''
description = ''
Whether to enable SO_REUSEPORT on all used sockets. This lets multiple
processes bind to the same port. This speeds up operation especially
if the server count is greater than one and makes fast restarts less
@ -610,18 +620,18 @@ in
rootServer = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
description = ''
Whether this server will be a root server (a DNS root server, you
usually don't want that).
'';
};
roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records");
roundRobin = mkEnableOption "round robin rotation of records";
serverCount = mkOption {
type = types.int;
default = 1;
description = lib.mdDoc ''
description = ''
Number of NSD servers to fork. Put the number of CPUs to use here.
'';
};
@ -629,7 +639,7 @@ in
statistics = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Statistics are produced every number of seconds. Prints to log.
If null no statistics are logged.
'';
@ -638,7 +648,7 @@ in
tcpCount = mkOption {
type = types.int;
default = 100;
description = lib.mdDoc ''
description = ''
Maximum number of concurrent TCP connections per server.
'';
};
@ -646,7 +656,7 @@ in
tcpQueryCount = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc ''
description = ''
Maximum number of queries served on a single TCP connection.
0 means no maximum.
'';
@ -655,7 +665,7 @@ in
tcpTimeout = mkOption {
type = types.int;
default = 120;
description = lib.mdDoc ''
description = ''
TCP timeout in seconds.
'';
};
@ -663,7 +673,7 @@ in
verbosity = mkOption {
type = types.int;
default = 0;
description = lib.mdDoc ''
description = ''
Verbosity level.
'';
};
@ -671,7 +681,7 @@ in
version = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
description = ''
The version string replied for CH TXT version.server and version.bind
queries. Will use the compiled package version on null.
See hideVersion for enabling/disabling this responses.
@ -681,7 +691,7 @@ in
xfrdReloadTimeout = mkOption {
type = types.int;
default = 1;
description = lib.mdDoc ''
description = ''
Number of seconds between reloads triggered by xfrd.
'';
};
@ -689,11 +699,22 @@ in
zonefilesCheck = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Whether to check mtime of all zone files on start and sighup.
'';
};
zonefilesWrite = mkOption {
type = types.int;
default = 0;
description = ''
Write changed secondary zones to their zonefile every N seconds.
If the zone (pattern) configuration has "" zonefile, it is not written.
Zones that have received zone transfer updates are written to their zonefile.
0 disables writing to zone files.
'';
};
keys = mkOption {
type = types.attrsOf (types.submodule {
@ -702,14 +723,14 @@ in
algorithm = mkOption {
type = types.str;
default = "hmac-sha256";
description = lib.mdDoc ''
description = ''
Authentication algorithm for this key.
'';
};
keyFile = mkOption {
type = types.path;
description = lib.mdDoc ''
description = ''
Path to the file which contains the actual base64 encoded
key. The key will be copied into "${stateDir}/private" before
NSD starts. The copied file is only accessibly by the NSD
@ -727,7 +748,7 @@ in
};
}
'';
description = lib.mdDoc ''
description = ''
Define your TSIG keys here.
'';
};
@ -735,12 +756,12 @@ in
ratelimit = {
enable = mkEnableOption (lib.mdDoc "ratelimit capabilities");
enable = mkEnableOption "ratelimit capabilities";
ipv4PrefixLength = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
IPv4 prefix length. Addresses are grouped by netblock.
'';
};
@ -748,7 +769,7 @@ in
ipv6PrefixLength = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
IPv6 prefix length. Addresses are grouped by netblock.
'';
};
@ -756,7 +777,7 @@ in
ratelimit = mkOption {
type = types.int;
default = 200;
description = lib.mdDoc ''
description = ''
Max qps allowed from any query source.
0 means unlimited. With an verbosity of 2 blocked and
unblocked subnets will be logged.
@ -766,7 +787,7 @@ in
slip = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc ''
description = ''
Number of packets that get discarded before replying a SLIP response.
0 disables SLIP responses. 1 will make every response a SLIP response.
'';
@ -775,7 +796,7 @@ in
size = mkOption {
type = types.int;
default = 1000000;
description = lib.mdDoc ''
description = ''
Size of the hashtable. More buckets use more memory but lower
the chance of hash hash collisions.
'';
@ -784,7 +805,7 @@ in
whitelistRatelimit = mkOption {
type = types.int;
default = 2000;
description = lib.mdDoc ''
description = ''
Max qps allowed from whitelisted sources.
0 means unlimited. Set the rrl-whitelist option for specific
queries to apply this limit instead of the default to them.
@ -796,12 +817,12 @@ in
remoteControl = {
enable = mkEnableOption (lib.mdDoc "remote control via nsd-control");
enable = mkEnableOption "remote control via nsd-control";
controlCertFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_control.pem";
description = lib.mdDoc ''
description = ''
Path to the client certificate signed with the server certificate.
This file is used by nsd-control and generated by nsd-control-setup.
'';
@ -810,7 +831,7 @@ in
controlKeyFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_control.key";
description = lib.mdDoc ''
description = ''
Path to the client private key, which is used by nsd-control
but not by the server. This file is generated by nsd-control-setup.
'';
@ -819,7 +840,7 @@ in
interfaces = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.1" "::1" ];
description = lib.mdDoc ''
description = ''
Which interfaces NSD should bind to for remote control.
'';
};
@ -827,7 +848,7 @@ in
port = mkOption {
type = types.port;
default = 8952;
description = lib.mdDoc ''
description = ''
Port number for remote control operations (uses TLS over TCP).
'';
};
@ -835,7 +856,7 @@ in
serverCertFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_server.pem";
description = lib.mdDoc ''
description = ''
Path to the server self signed certificate, which is used by the server
but and by nsd-control. This file is generated by nsd-control-setup.
'';
@ -844,7 +865,7 @@ in
serverKeyFile = mkOption {
type = types.path;
default = "/etc/nsd/nsd_server.key";
description = lib.mdDoc ''
description = ''
Path to the server private key, which is used by the server
but not by nsd-control. This file is generated by nsd-control-setup.
'';
@ -886,7 +907,7 @@ in
};
}
'';
description = lib.mdDoc ''
description = ''
Define your zones here. Zones can cascade other zones and therefore
inherit settings from parent zones. Look at the definition of
children to learn about inheritance and child zones.

View File

@ -42,7 +42,7 @@ with lib;
};
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iptables bash iproute2 ]; # required by v2rayA TProxy functionality
path = with pkgs; [ iptables bash iproute2 ] ++ lib.optionals nftablesEnabled [ nftables ]; # required by v2rayA TProxy functionality
};
};

View File

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.vaultwarden;
user = config.users.users.vaultwarden.name;
@ -11,60 +9,60 @@ let
nameToEnvVar = name:
let
parts = builtins.split "([A-Z0-9]+)" name;
partsToEnvVar = parts: foldl' (key: x: let last = stringLength key - 1; in
if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x
else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x
else key + toUpper x) "" parts;
partsToEnvVar = parts: lib.foldl' (key: x: let last = lib.stringLength key - 1; in
if lib.isList x then key + lib.optionalString (key != "" && lib.substring last 1 key != "_") "_" + lib.head x
else if key != "" && lib.elem (lib.substring 0 1 x) lib.lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ]
lib.substring 0 last key + lib.optionalString (lib.substring (last - 1) 1 key != "_") "_" + lib.substring last 1 key + lib.toUpper x
else key + lib.toUpper x) "" parts;
in if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts;
# Due to the different naming schemes allowed for config keys,
# we can only check for values consistently after converting them to their corresponding environment variable name.
configEnv =
let
configEnv = concatMapAttrs (name: value: optionalAttrs (value != null) {
${nameToEnvVar name} = if isBool value then boolToString value else toString value;
configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) {
${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value;
}) cfg.config;
in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
} // configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
configFile = pkgs.writeText "vaultwarden.env" (lib.concatStrings (lib.mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
vaultwarden = cfg.package.override { inherit (cfg) dbBackend; };
in {
imports = [
(mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ])
(lib.mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ])
];
options.services.vaultwarden = with types; {
enable = mkEnableOption (lib.mdDoc "vaultwarden");
options.services.vaultwarden = {
enable = lib.mkEnableOption "vaultwarden";
dbBackend = mkOption {
type = enum [ "sqlite" "mysql" "postgresql" ];
dbBackend = lib.mkOption {
type = lib.types.enum [ "sqlite" "mysql" "postgresql" ];
default = "sqlite";
description = lib.mdDoc ''
description = ''
Which database backend vaultwarden will be using.
'';
};
backupDir = mkOption {
type = nullOr str;
backupDir = lib.mkOption {
type = with lib.types; nullOr str;
default = null;
description = lib.mdDoc ''
description = ''
The directory under which vaultwarden will backup its persistent data.
'';
example = "/var/backup/vaultwarden";
};
config = mkOption {
type = attrsOf (nullOr (oneOf [ bool int str ]));
config = lib.mkOption {
type = with lib.types; attrsOf (nullOr (oneOf [ bool int str ]));
default = {
ROCKET_ADDRESS = "::1"; # default to localhost
ROCKET_PORT = 8222;
};
example = literalExpression ''
example = lib.literalExpression ''
{
DOMAIN = "https://bitwarden.example.com";
SIGNUPS_ALLOWED = false;
@ -101,7 +99,7 @@ in {
SMTP_FROM_NAME = "example.com Bitwarden server";
}
'';
description = lib.mdDoc ''
description = ''
The configuration of vaultwarden is done through environment variables,
therefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).
@ -125,11 +123,11 @@ in {
'';
};
environmentFile = mkOption {
type = with types; nullOr path;
environmentFile = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/var/lib/vaultwarden.env";
description = lib.mdDoc ''
description = ''
Additional environment file as defined in {manpage}`systemd.exec(5)`.
Secrets like {env}`ADMIN_TOKEN` and {env}`SMTP_PASSWORD`
@ -157,17 +155,17 @@ in {
'';
};
package = mkPackageOption pkgs "vaultwarden" { };
package = lib.mkPackageOption pkgs "vaultwarden" { };
webVaultPackage = mkOption {
type = package;
webVaultPackage = lib.mkOption {
type = lib.types.package;
default = pkgs.vaultwarden.webvault;
defaultText = literalExpression "pkgs.vaultwarden.webvault";
description = lib.mdDoc "Web vault package to use.";
defaultText = lib.literalExpression "pkgs.vaultwarden.webvault";
description = "Web vault package to use.";
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
assertions = [ {
assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite";
message = "Backups for database backends other than sqlite will need customization";
@ -185,7 +183,7 @@ in {
serviceConfig = {
User = user;
Group = group;
EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile;
EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${vaultwarden}/bin/vaultwarden";
LimitNOFILE = "1048576";
PrivateTmp = "true";
@ -200,7 +198,7 @@ in {
wantedBy = [ "multi-user.target" ];
};
systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) {
systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) {
description = "Backup vaultwarden";
environment = {
DATA_FOLDER = "/var/lib/bitwarden_rs";
@ -212,24 +210,24 @@ in {
serviceConfig = {
SyslogIdentifier = "backup-vaultwarden";
Type = "oneshot";
User = mkDefault user;
Group = mkDefault group;
User = lib.mkDefault user;
Group = lib.mkDefault group;
ExecStart = "${pkgs.bash}/bin/bash ${./backup.sh}";
};
wantedBy = [ "multi-user.target" ];
};
systemd.timers.backup-vaultwarden = mkIf (cfg.backupDir != null) {
systemd.timers.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) {
description = "Backup vaultwarden on time";
timerConfig = {
OnCalendar = mkDefault "23:00";
OnCalendar = lib.mkDefault "23:00";
Persistent = "true";
Unit = "backup-vaultwarden.service";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings = mkIf (cfg.backupDir != null) {
systemd.tmpfiles.settings = lib.mkIf (cfg.backupDir != null) {
"10-vaultwarden".${cfg.backupDir}.d = {
inherit user group;
mode = "0770";

View File

@ -315,10 +315,10 @@ in
services.davis.config =
{
APP_ENV = "prod";
CACHE_DIR = "${cfg.dataDir}/var/cache";
APP_CACHE_DIR = "${cfg.dataDir}/var/cache";
# note: we do not need the log dir (we log to stdout/journald), by davis/symfony will try to create it, and the default value is one in the nix-store
# so we set it to a path under dataDir to avoid something like: Unable to create the "logs" directory (/nix/store/5cfskz0ybbx37s1161gjn5klwb5si1zg-davis-4.4.1/var/log).
LOG_DIR = "${cfg.dataDir}/var/log";
APP_LOG_DIR = "${cfg.dataDir}/var/log";
LOG_FILE_PATH = "/dev/stdout";
DATABASE_DRIVER = db.driver;
INVITE_FROM_ADDRESS = mail.inviteFromAddress;
@ -340,9 +340,9 @@ in
else if
pgsqlLocal
# note: davis expects a non-standard postgres uri (due to the underlying doctrine library)
# specifically the charset query parameter, and the dummy hostname which is overriden by the host query parameter
# specifically the dummy hostname which is overriden by the host query parameter
then
"postgres://${user}@localhost/${db.name}?host=/run/postgresql&charset=UTF-8"
"postgres://${user}@localhost/${db.name}?host=/run/postgresql"
else if mysqlLocal then
"mysql://${user}@localhost/${db.name}?socket=/run/mysqld/mysqld.sock"
else
@ -378,8 +378,8 @@ in
'';
phpEnv = {
ENV_DIR = "${cfg.dataDir}";
CACHE_DIR = "${cfg.dataDir}/var/cache";
#LOG_DIR = "${cfg.dataDir}/var/log";
APP_CACHE_DIR = "${cfg.dataDir}/var/cache";
APP_LOG_DIR = "${cfg.dataDir}/var/log";
};
settings =
{
@ -447,8 +447,8 @@ in
RemainAfterExit = true;
Environment = [
"ENV_DIR=${cfg.dataDir}"
"CACHE_DIR=${cfg.dataDir}/var/cache"
"LOG_DIR=${cfg.dataDir}/var/log"
"APP_CACHE_DIR=${cfg.dataDir}/var/cache"
"APP_LOG_DIR=${cfg.dataDir}/var/log"
];
EnvironmentFile = "${cfg.dataDir}/.env.local";
};

View File

@ -5,10 +5,23 @@ let
poolName = "rss-bridge";
whitelist = pkgs.writeText "rss-bridge_whitelist.txt"
(concatStringsSep "\n" cfg.whitelist);
configAttr = lib.recursiveUpdate { FileCache.path = "${cfg.dataDir}/cache/"; } cfg.config;
cfgHalf = lib.mapAttrsRecursive (path: value: let
envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
envValue = if lib.isList value then
lib.concatStringsSep "," value
else if lib.isBool value then
lib.boolToString value
else
toString value;
in "fastcgi_param \"${envName}\" \"${envValue}\";") configAttr;
cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
in
{
imports = [
(mkRenamedOptionModule [ "services" "rss-bridge" "whitelist" ] [ "services" "rss-bridge" "config" "system" "enabled_bridges" ])
];
options = {
services.rss-bridge = {
enable = mkEnableOption (lib.mdDoc "rss-bridge");
@ -56,20 +69,26 @@ in
'';
};
whitelist = mkOption {
type = types.listOf types.str;
default = [];
config = mkOption {
type = with types; attrsOf (attrsOf (oneOf [ bool int str (listOf str) ]));
default = {};
defaultText = options.literalExpression "FileCache.path = \"\${config.services.rss-bridge.dataDir}/cache/\"";
example = options.literalExpression ''
[
"Facebook"
"Instagram"
"Twitter"
]
{
system.enabled_bridges = [ "*" ];
error = {
output = "http";
report_limit = 5;
};
FileCache = {
enable_purge = true;
};
}
'';
description = lib.mdDoc ''
List of bridges to be whitelisted.
If the list is empty, rss-bridge will use whitelist.default.txt.
Use `[ "*" ]` to whitelist all.
Attribute set of arbitrary config options.
Please consult the documentation at the [wiki](https://rss-bridge.github.io/rss-bridge/For_Hosts/Custom_Configuration.html)
and [sample config](https://github.com/RSS-Bridge/rss-bridge/blob/master/config.default.ini.php) to see a list of available options.
'';
};
};
@ -93,11 +112,16 @@ in
};
};
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}/cache' 0750 ${cfg.user} ${cfg.group} - -"
(mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}")
"z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings.rss-bridge = let
perm = {
mode = "0750";
user = cfg.user;
group = cfg.group;
};
in {
"${configAttr.FileCache.path}".d = perm;
"${cfg.dataDir}/config.ini.php".z = perm;
};
services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
@ -116,6 +140,7 @@ in
fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir};
${cfgEnv}
'';
};
};

View File

@ -33,7 +33,7 @@ in {
'';
};
package = lib.mkPackageOption pkgs "lxd" { };
package = lib.mkPackageOption pkgs "lxd-lts" { };
lxcPackage = lib.mkPackageOption pkgs "lxc" {
extraDescription = ''
@ -139,7 +139,7 @@ in {
ui = {
enable = lib.mkEnableOption (lib.mdDoc "(experimental) LXD UI");
package = lib.mkPackageOption pkgs [ "lxd-unwrapped" "ui" ] { };
package = lib.mkPackageOption pkgs [ "lxd-ui" ] { };
};
};
};

View File

@ -36,13 +36,6 @@
'';
};
services.postfix.enable = true;
nix = {
distributedBuilds = true;
buildMachines = [{
hostName = "localhost";
systems = [ system ];
}];
settings.substituters = [];
};
nix.settings.substituters = [];
};
}

View File

@ -1,149 +1,177 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
let
container = {
# We re-use the NixOS container option ...
boot.isContainer = true;
# ... and revert unwanted defaults
networking.useHostResolvConf = false;
container = { config, ... }: {
# We re-use the NixOS container option ...
boot.isContainer = true;
# ... and revert unwanted defaults
networking.useHostResolvConf = false;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
imports = [ ../modules/profiles/minimal.nix ];
imports = [ ../modules/profiles/minimal.nix ];
system.stateVersion = config.system.nixos.version;
};
containerSystem = (import ../lib/eval-config.nix {
inherit (pkgs) system;
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
containerTarball = pkgs.callPackage ../lib/make-system-tarball.nix {
storeContents = [
{
object = containerSystem;
symlink = "/nix/var/nix/profiles/system";
}
];
contents = [
{
source = containerSystem + "/etc/os-release";
target = "/etc/os-release";
}
{
source = containerSystem + "/init";
target = "/sbin/init";
}
];
};
in
{
name = "systemd-machinectl";
nodes.machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# do not try to access cache.nixos.org
nix.settings.substituters = lib.mkForce [ ];
# auto-start container
systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ];
virtualisation.additionalPaths = [ containerSystem containerTarball ];
systemd.tmpfiles.rules = [
"d /var/lib/machines/shared-decl 0755 root root - -"
];
systemd.nspawn.shared-decl = {
execConfig = {
Boot = false;
Parameters = "${containerSystem}/init";
};
filesConfig = {
BindReadOnly = "/nix/store";
};
};
containerSystem = (import ../lib/eval-config.nix {
inherit (pkgs) system;
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
in
{
name = "systemd-machinectl";
nodes.machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
networking.useDHCP = false;
# do not try to access cache.nixos.org
nix.settings.substituters = lib.mkForce [ ];
# auto-start container
systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ];
virtualisation.additionalPaths = [ containerSystem ];
systemd.tmpfiles.rules = [
"d /var/lib/machines/shared-decl 0755 root root - -"
systemd.services."systemd-nspawn@${containerName}" = {
serviceConfig.Environment = [
# Disable tmpfs for /tmp
"SYSTEMD_NSPAWN_TMPFS_TMP=0"
];
systemd.nspawn.shared-decl = {
execConfig = {
Boot = false;
Parameters = "${containerSystem}/init";
};
filesConfig = {
BindReadOnly = "/nix/store";
};
};
systemd.services."systemd-nspawn@${containerName}" = {
serviceConfig.Environment = [
# Disable tmpfs for /tmp
"SYSTEMD_NSPAWN_TMPFS_TMP=0"
];
overrideStrategy = "asDropin";
};
# open DHCP for container
networking.firewall.extraCommands = ''
${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept
'';
overrideStrategy = "asDropin";
};
testScript = ''
start_all()
machine.wait_for_unit("default.target");
# Test machinectl start stop of shared-decl
machine.succeed("machinectl start shared-decl");
machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target");
machine.succeed("machinectl stop shared-decl");
# create containers root
machine.succeed("mkdir -p ${containerRoot}");
# start container with shared nix store by using same arguments as for systemd-nspawn@.service
machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init")
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
# Install container
# Workaround for nixos-install
machine.succeed("chmod o+rx /var/lib/machines");
machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd");
# Allow systemd-nspawn to apply user namespace on immutable files
machine.succeed("chattr -i ${containerRoot}/var/empty");
# Test machinectl start
machine.succeed("machinectl start ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test nss_mymachines without nscd
machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}');
# Test nss_mymachines via nscd
machine.succeed("getent hosts ${containerName}");
# Test systemd-nspawn network configuration to container
machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'");
# Test systemd-nspawn network configuration to host
machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'");
# Test systemd-nspawn network configuration
machine.succeed("ping -n -c 1 ${containerName}");
# Test systemd-nspawn uses a user namespace
machine.succeed("test $(machinectl status ${containerName} | grep 'UID Shift: ' | wc -l) = 1")
# Test systemd-nspawn reboot
machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/reboot");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test machinectl reboot
machine.succeed("machinectl reboot ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Restart machine
machine.shutdown()
machine.start()
machine.wait_for_unit("default.target");
# Test auto-start
machine.succeed("machinectl show ${containerName}")
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive");
# Test tmpfs for /tmp
machine.fail("mountpoint /tmp");
# Show to to delete the container
machine.succeed("chattr -i ${containerRoot}/var/empty");
machine.succeed("rm -rf ${containerRoot}");
# open DHCP for container
networking.firewall.extraCommands = ''
${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept
'';
}
)
};
testScript = ''
start_all()
machine.wait_for_unit("default.target");
# Test machinectl start stop of shared-decl
machine.succeed("machinectl start shared-decl");
machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target");
machine.succeed("machinectl stop shared-decl");
# create containers root
machine.succeed("mkdir -p ${containerRoot}");
# start container with shared nix store by using same arguments as for systemd-nspawn@.service
machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init")
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
# Install container
# Workaround for nixos-install
machine.succeed("chmod o+rx /var/lib/machines");
machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd");
# Allow systemd-nspawn to apply user namespace on immutable files
machine.succeed("chattr -i ${containerRoot}/var/empty");
# Test machinectl start
machine.succeed("machinectl start ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test nss_mymachines without nscd
machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}');
# Test nss_mymachines via nscd
machine.succeed("getent hosts ${containerName}");
# Test systemd-nspawn network configuration to container
machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'");
# Test systemd-nspawn network configuration to host
machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'");
# Test systemd-nspawn network configuration
machine.succeed("ping -n -c 1 ${containerName}");
# Test systemd-nspawn uses a user namespace
machine.succeed("test $(machinectl status ${containerName} | grep 'UID Shift: ' | wc -l) = 1")
# Test systemd-nspawn reboot
machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/reboot");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Test machinectl reboot
machine.succeed("machinectl reboot ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
# Restart machine
machine.shutdown()
machine.start()
machine.wait_for_unit("default.target");
# Test auto-start
machine.succeed("machinectl show ${containerName}")
# Test machinectl stop
machine.succeed("machinectl stop ${containerName}");
machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive");
# Test tmpfs for /tmp
machine.fail("mountpoint /tmp");
# Show to to delete the container
machine.succeed("chattr -i ${containerRoot}/var/empty");
machine.succeed("rm -rf ${containerRoot}");
# Test import tarball, start, stop and remove
machine.succeed("machinectl import-tar ${containerTarball}/tarball/*.tar* ${containerName}");
machine.succeed("machinectl start ${containerName}");
machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target");
machine.succeed("machinectl stop ${containerName}");
machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive");
machine.succeed("machinectl remove ${containerName}");
'';
})

View File

@ -94,11 +94,7 @@ Now that this is out of the way. To add a package to Nixpkgs:
- All other [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes are optional, but its still a good idea to provide at least the `description`, `homepage` and [`license`](https://nixos.org/manual/nixpkgs/stable/#sec-meta-license).
- You can use `nix-prefetch-url url` to get the SHA-256 hash of source distributions. There are similar commands as `nix-prefetch-git` and `nix-prefetch-hg` available in `nix-prefetch-scripts` package.
- A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix).
The exact syntax and semantics of the Nix expression language, including the built-in function, are [described in the Nix manual](https://nixos.org/manual/nix/stable/language/).
- The exact syntax and semantics of the Nix expression language, including the built-in functions, are [Nix language reference](https://nixos.org/manual/nix/stable/language/).
5. To test whether the package builds, run the following command from the root of the nixpkgs source tree:
@ -397,7 +393,7 @@ All versions of a package _must_ be included in `all-packages.nix` to make sure
See the Nixpkgs manual for more details on [standard meta-attributes](https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes).
### Import From Derivation
## Import From Derivation
[Import From Derivation](https://nixos.org/manual/nix/unstable/language/import-from-derivation) (IFD) is disallowed in Nixpkgs for performance reasons:
[Hydra](https://github.com/NixOS/hydra) evaluates the entire package set, and sequential builds during evaluation would increase evaluation times to become impractical.
@ -406,13 +402,16 @@ Import From Derivation can be worked around in some cases by committing generate
## Sources
### Fetching Sources
Always fetch source files using [Nixpkgs fetchers](https://nixos.org/manual/nixpkgs/unstable/#chap-pkgs-fetchers).
Use reproducible sources with a high degree of availability.
Prefer protocols that support proxies.
There are multiple ways to fetch a package source in nixpkgs. The general guideline is that you should package reproducible sources with a high degree of availability. Right now there is only one fetcher which has mirroring support and that is `fetchurl`. Note that you should also prefer protocols which have a corresponding proxy environment variable.
A list of schemes for `mirror://` URLs can be found in [`pkgs/build-support/fetchurl/mirrors.nix`](build-support/fetchurl/mirrors.nix), and is supported by [`fetchurl`](https://nixos.org/manual/nixpkgs/unstable/#fetchurl).
Other fetchers which end up relying on `fetchurl` may also support mirroring.
You can find many source fetch helpers in `pkgs/build-support/fetch*`.
The preferred source hash type is `sha256`.
In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these have names on the form `fetchFrom*`. The intention of these are to provide snapshot fetches but using the same api as some of the version controlled fetchers from `pkgs/build-support/`. As an example going from bad to good:
Examples going from bad to best practices:
- Bad: Uses `git://` which won't be proxied.
@ -438,7 +437,7 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these
}
```
- Best: Fetches a snapshot archive and you get the rev you want.
- Best: Fetches a snapshot archive for the given revision.
```nix
{
@ -451,63 +450,14 @@ In the file `pkgs/top-level/all-packages.nix` you can find fetch helpers, these
}
```
When fetching from GitHub, commits must always be referenced by their full commit hash. This is because GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous. It already happens for some short, 6-character commit hashes in `nixpkgs`.
It is a practical vector for a denial-of-service attack by pushing large amounts of auto generated commits into forks and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html).
> [!Note]
> When fetching from GitHub, always reference revisions by their full commit hash.
> GitHub shares commit hashes among all forks and returns `404 Not Found` when a short commit hash is ambiguous.
> It already happened in Nixpkgs for short, 6-character commit hashes.
>
> Pushing large amounts of auto generated commits into forks is a practical vector for a denial-of-service attack, and was already [demonstrated against GitHub Actions Beta](https://blog.teddykatz.com/2019/11/12/github-actions-dos.html).
Find the value to put as `hash` by running `nix-shell -p nix-prefetch-github --run "nix-prefetch-github --rev 1f795f9f44607cc5bec70d1300150bfefcef2aae NixOS nix"`.
#### Obtaining source hash
Preferred source hash type is sha256. There are several ways to get it.
1. Prefetch URL (with `nix-prefetch-XXX URL`, where `XXX` is one of `url`, `git`, `hg`, `cvs`, `bzr`, `svn`). Hash is printed to stdout.
2. Prefetch by package source (with `nix-prefetch-url '<nixpkgs>' -A PACKAGE.src`, where `PACKAGE` is package attribute name). Hash is printed to stdout.
This works well when you've upgraded existing package version and want to find out new hash, but is useless if package can't be accessed by attribute or package has multiple sources (`.srcs`, architecture-dependent sources, etc).
3. Upstream provided hash: use it when upstream provides `sha256` or `sha512` (when upstream provides `md5`, don't use it, compute `sha256` instead).
A little nuance is that `nix-prefetch-*` tools produce hash encoded with `base32`, but upstream usually provides hexadecimal (`base16`) encoding. Fetchers understand both formats. Nixpkgs does not standardize on any one format.
You can convert between formats with nix-hash, for example:
```ShellSession
$ nix-hash --type sha256 --to-base32 HASH
```
4. Extracting hash from local source tarball can be done with `sha256sum`. Use `nix-prefetch-url file:///path/to/tarball` if you want base32 hash.
5. Fake hash: set the hash to one of
- `""`
- `lib.fakeHash`
- `lib.fakeSha256`
- `lib.fakeSha512`
in the package expression, attempt build and extract correct hash from error messages.
> [!Warning]
> You must use one of these four fake hashes and not some arbitrarily-chosen hash.
> See [here][secure-hashes]
This is last resort method when reconstructing source URL is non-trivial and `nix-prefetch-url -A` isnt applicable (for example, [one of `kodi` dependencies](https://github.com/NixOS/nixpkgs/blob/d2ab091dd308b99e4912b805a5eb088dd536adb9/pkgs/applications/video/kodi/default.nix#L73)). The easiest way then would be replace hash with a fake one and rebuild. Nix build will fail and error message will contain desired hash.
#### Obtaining hashes securely
[secure-hashes]: #obtaining-hashes-securely
Let's say Man-in-the-Middle (MITM) sits close to your network. Then instead of fetching source you can fetch malware, and instead of source hash you get hash of malware. Here are security considerations for this scenario:
- `http://` URLs are not secure to prefetch hash from;
- hashes from upstream (in method 3) should be obtained via secure protocol;
- `https://` URLs are secure in methods 1, 2, 3;
- `https://` URLs are secure in method 5 *only if* you use one of the listed fake hashes. If you use any other hash, `fetchurl` will pass `--insecure` to `curl` and may then degrade to HTTP in case of TLS certificate expiration.
### Patches
## Patches
Patches available online should be retrieved using `fetchpatch`.

View File

@ -41,13 +41,13 @@
stdenv.mkDerivation rec {
pname = "easyeffects";
version = "7.1.5";
version = "7.1.6";
src = fetchFromGitHub {
owner = "wwmm";
repo = "easyeffects";
rev = "v${version}";
hash = "sha256-QoH1dOzBtQHQQKA0+eZFX6yOvjRUmUZVxcdpISIpLLk=";
hash = "sha256-NViRZHNgsweoD1YbyWYrRTZPKTCkKk3fGDLLYDD7JfA=";
};
nativeBuildInputs = [

View File

@ -13,14 +13,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qpwgraph";
version = "0.6.2";
version = "0.6.3";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "rncbc";
repo = "qpwgraph";
rev = "v${finalAttrs.version}";
sha256 = "sha256-GlXUQz7tj7dfxVikvu0idzhQaq7raFC9jxJ2zFeHBQU=";
sha256 = "sha256-mTWmXHC9KkXgUIO5CIcGOoYYLx+5si/LETSmHFhmrRE=";
};
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];

View File

@ -33,14 +33,14 @@ let
in
stdenv.mkDerivation rec {
pname = if withGui then "bitcoin" else "bitcoind";
version = "26.0";
version = "26.1";
src = fetchurl {
urls = [
"https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
];
# hash retrieved from signed SHA256SUMS
sha256 = "ab1d99276e28db62d1d9f3901e85ac358d7f1ebcb942d348a9c4e46f0fcdc0a1";
sha256 = "9164ee5d717b4a20cb09f0496544d9d32f365734814fe399f5cdb4552a9b35ee";
};
nativeBuildInputs =

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +0,0 @@
diff --git a/sdk/program/src/account_info.rs b/sdk/program/src/account_info.rs
index 372370d0e15a0f2877b02ad29586e5b352438b24..3db3e9839b6535786e60be5602c03d0c909bf937 100644
--- a/sdk/program/src/account_info.rs
+++ b/sdk/program/src/account_info.rs
@@ -182,6 +182,7 @@ impl<'a> AccountInfo<'a> {
Ok(())
}
+ #[rustversion::attr(since(1.72), allow(invalid_reference_casting))]
pub fn assign(&self, new_owner: &Pubkey) {
// Set the non-mut owner field
unsafe {

View File

@ -22,6 +22,7 @@
"solana-log-analyzer"
"solana-net-shaper"
"solana-validator"
"solana-test-validator"
] ++ [
# XXX: Ensure `solana-genesis` is built LAST!
# See https://github.com/solana-labs/solana/issues/5826
@ -29,8 +30,8 @@
]
}:
let
version = "1.16.27";
sha256 = "sha256-xd0FCSlpPJDVWOlt9rIlnSbjksmvlXJWHkvlZONd2dM=";
version = "1.17.28";
sha256 = "y79zsUfYsX377ofsFSg9a2il99uJsA+qdCu3J+EU5nQ=";
inherit (darwin.apple_sdk_11_0) Libsystem;
inherit (darwin.apple_sdk_11_0.frameworks) System IOKit AppKit Security;
@ -51,16 +52,10 @@ rustPlatform.buildRustPackage rec {
outputHashes = {
"crossbeam-epoch-0.9.5" = "sha256-Jf0RarsgJiXiZ+ddy0vp4jQ59J9m0k3sgXhWhCdhgws=";
"ntapi-0.3.7" = "sha256-G6ZCsa3GWiI/FeGKiK9TWkmTxen7nwpXvm5FtjNtjWU=";
"tokio-1.29.1" = "sha256-Z/kewMCqkPVTXdoBcSaFKG5GSQAdkdpj3mAzLLCjjGk=";
};
};
patches = [
# Fix: https://github.com/solana-labs/solana/issues/34203
# From https://github.com/Homebrew/homebrew-core/pull/156930/files#diff-f27c55b86df31cd4935c956efee1be743eae0958e3850f3f9891d51bfea50b1cR76
./account-info.patch
];
strictDeps = true;
cargoBuildFlags = builtins.map (n: "--bin=${n}") solanaPkgs;

View File

@ -188,7 +188,12 @@ rec {
libxcrypt
lttng-ust_2_12
musl
]++ lib.optionals (stdenv.isLinux && stdenv.isAarch64) [
expat
libxml2
xz
];
}).overrideAttrs (attrs: {
postInstall = (attrs.postInstall or "") + lib.optionalString (stdenv.isLinux) ''
(

View File

@ -2093,6 +2093,18 @@ final: prev:
meta.homepage = "https://github.com/saadparwaiz1/cmp_luasnip/";
};
cmp_yanky = buildVimPlugin {
pname = "cmp_yanky";
version = "2023-11-16";
src = fetchFromGitHub {
owner = "chrisgrieser";
repo = "cmp_yanky";
rev = "c3d089186ccead26eba01023502f3eeadd7a92d2";
sha256 = "sha256-jWNoKzY0x5GPFP7JsQi4nqgg1YFJV4DqxwJRqsg6KaQ=";
};
meta.homepage = "https://github.com/chrisgrieser/cmp_yanky";
};
cobalt2-nvim = buildVimPlugin {
pname = "cobalt2.nvim";
version = "2024-04-01";
@ -2381,6 +2393,18 @@ final: prev:
meta.homepage = "https://github.com/tamago324/compe-zsh/";
};
competitest-nvim = buildVimPlugin {
pname = "competitest.nvim";
version = "2024-01-23";
src = fetchFromGitHub {
owner = "xeluxee";
repo = "competitest.nvim";
rev = "c3cb0e2b0916a879c4d3dcb5737e6c046dd0afc5";
sha256 = "16mycxnxa425rnl1xdk740ng6mg693ywzx5wsa56xr8nvxkms700";
};
meta.homepage = "https://github.com/xeluxee/competitest.nvim/";
};
compiler-explorer-nvim = buildVimPlugin {
pname = "compiler-explorer.nvim";
version = "2023-05-29";

View File

@ -404,6 +404,13 @@
'';
};
competitest-nvim = super.competitest-nvim.overrideAttrs {
dependencies = [ self.nui-nvim ];
doInstallCheck = true;
nvimRequireCheck = "competitest";
};
compe-tabnine = super.compe-tabnine.overrideAttrs {
buildInputs = [ tabnine ];

View File

@ -174,6 +174,7 @@ https://github.com/pontusk/cmp-vimwiki-tags/,HEAD,
https://github.com/hrsh7th/cmp-vsnip/,,
https://github.com/tamago324/cmp-zsh/,HEAD,
https://github.com/saadparwaiz1/cmp_luasnip/,,
https://github.com/chrisgrieser/cmp_yanky/,HEAD,
https://github.com/lalitmee/cobalt2.nvim/,,
https://github.com/vn-ki/coc-clap/,,
https://github.com/neoclide/coc-denite/,,
@ -198,6 +199,7 @@ https://github.com/hrsh7th/compe-conjure/,,
https://github.com/GoldsteinE/compe-latex-symbols/,,
https://github.com/tzachar/compe-tabnine/,,
https://github.com/tamago324/compe-zsh/,,
https://github.com/xeluxee/competitest.nvim/,HEAD,
https://github.com/krady21/compiler-explorer.nvim/,HEAD,
https://github.com/steelsojka/completion-buffers/,,
https://github.com/nvim-lua/completion-nvim/,,

View File

@ -2116,6 +2116,22 @@ let
};
};
hbenl.vscode-test-explorer = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-test-explorer";
publisher = "hbenl";
version = "2.21.1";
sha256 = "sha256-fHyePd8fYPt7zPHBGiVmd8fRx+IM3/cSBCyiI/C0VAg=";
};
meta = {
changelog = "https://github.com/hbenl/vscode-test-explorer/blob/master/CHANGELOG.md";
description = "A Visual Studio Code extension that runs your tests in the sidebar";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=hbenl.vscode-test-explorer";
homepage = "https://github.com/hbenl/vscode-test-explorer";
license = lib.licenses.mit;
};
};
hediet.vscode-drawio = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-drawio";

View File

@ -14,14 +14,14 @@
stdenv.mkDerivation rec {
pname = "ripes";
# Pulling unstable version as latest stable does not build against gcc-13.
version = "2.2.6-unstable-2024-03-03";
version = "2.2.6-unstable-2024-04-02";
src = fetchFromGitHub {
owner = "mortbopet";
repo = "Ripes";
rev = "b71f0ddd5d2d346cb97b28fd3f70fef55bb9b6b7";
rev = "027e678a44b7b9f3e81e5b6863b0d68af05fd69c";
fetchSubmodules = true;
hash = "sha256-zQrrWBHNIacRoAEIjR0dlgUTncBCiodcBeT/wbDClWg=";
hash = "sha256-u6JxXCX1BMdbHTF7EBGEnXOV+eF6rgoZZcHqB/1nVjE=";
};
nativeBuildInputs = [

View File

@ -0,0 +1,112 @@
{
lib,
stdenv,
fetchFromGitHub,
cmake,
pkg-config,
wrapQtAppsHook,
bluez,
libnotify,
libXdmcp,
libXtst,
opencv,
qtbase,
qtmultimedia,
qtscript,
qttools,
qtx11extras,
qtxmlpatterns,
# Running with TTS support causes the program to freeze for a few seconds every time at startup,
# so it is disabled by default
textToSpeechSupport ? false,
qtspeech,
}:
let
# For some reason qtscript wants to use the same version of qtbase as itself
# This override makes it think that they are the same version
qtscript' = qtscript.overrideAttrs (oldAttrs: {
inherit (qtbase) version;
postPatch = ''
substituteInPlace .qmake.conf \
--replace-fail ${oldAttrs.version} ${qtbase.version}
'';
});
in
stdenv.mkDerivation (finalAttrs: {
pname = "actiona";
version = "3.10.2";
src = fetchFromGitHub {
owner = "Jmgr";
repo = "actiona";
rev = "v${finalAttrs.version}";
hash = "sha256-4RKCNEniBBx0kDwdHVZOqXYeGCsH8g6SfVc8JdDV0hI=";
fetchSubmodules = true;
};
patches =
[
# Sets the proper search location for the `.so` files and the translations
./fix-paths.patch
]
++ lib.optionals (!textToSpeechSupport) [
# Removes TTS support
./disable-tts.patch
];
postPatch = ''
substituteInPlace gui/src/mainwindow.cpp executer/src/executer.cpp tools/src/languages.cpp \
--subst-var out
'';
nativeBuildInputs = [
cmake
pkg-config
wrapQtAppsHook
];
buildInputs = [
bluez
libnotify
libXdmcp
libXtst
opencv
qtbase
qtmultimedia
qtscript'
qttools
qtx11extras
qtxmlpatterns
] ++ lib.optionals textToSpeechSupport [ qtspeech ];
# RPATH of binary /nix/store/.../bin/... contains a forbidden reference to /build/
cmakeFlags = [ (lib.cmakeBool "CMAKE_SKIP_BUILD_RPATH" true) ];
# udev is used by the system-actionpack
env.NIX_LDFLAGS = "-ludev";
installPhase = ''
runHook preInstall
install -Dm755 {execution,actiontools,tools}/*.so -t $out/lib
install -Dm755 actions/actionpack*.so -t $out/lib/actions
install -Dm755 actiona actexec -t $out/bin
install -Dm644 translations/*.qm -t $out/share/actiona/translations
install -Dm644 $src/actiona.desktop -t $out/share/applications
install -Dm644 $src/gui/icons/actiona.png -t $out/share/icons/hicolor/48x48/apps
runHook postInstall
'';
meta = {
description = "A cross-platform automation tool";
homepage = "https://github.com/Jmgr/actiona";
license = lib.licenses.gpl3Only;
mainProgram = "actiona";
maintainers = with lib.maintainers; [ tomasajt ];
platforms = lib.platforms.linux;
};
})

View File

@ -0,0 +1,54 @@
diff --git a/actions/system/CMakeLists.txt b/actions/system/CMakeLists.txt
index ca861145..3e3d3d3b 100644
--- a/actions/system/CMakeLists.txt
+++ b/actions/system/CMakeLists.txt
@@ -66,8 +66,6 @@ set(HEADERS
${HEADERS_PREFIX}/actions/playsoundinstance.hpp
${HEADERS_PREFIX}/actions/systemdefinition.hpp
${HEADERS_PREFIX}/actions/systeminstance.hpp
- ${HEADERS_PREFIX}/actions/texttospeechdefinition.hpp
- ${HEADERS_PREFIX}/actions/texttospeechinstance.hpp
${HEADERS_PREFIX}/code/mediaplaylist.hpp
${HEADERS_PREFIX}/code/notify.hpp
${HEADERS_PREFIX}/code/process.hpp
@@ -131,7 +129,6 @@ find_package(Qt5 ${ACT_MINIMUM_QT_VERSION} COMPONENTS
DBus
Multimedia
MultimediaWidgets
- TextToSpeech
REQUIRED)
target_include_directories(${PROJECT}
@@ -153,7 +150,6 @@ target_link_libraries(${PROJECT}
Qt5::DBus
Qt5::Multimedia
Qt5::MultimediaWidgets
- Qt5::TextToSpeech
${LIBNOTIFY_LIBRARIES}
${BLUEZ_LIBRARIES}
${UDEV_LIBRARIES}
diff --git a/actions/system/src/actionpacksystem.hpp b/actions/system/src/actionpacksystem.hpp
index c5768415..27a899d6 100644
--- a/actions/system/src/actionpacksystem.hpp
+++ b/actions/system/src/actionpacksystem.hpp
@@ -31,10 +31,6 @@
#include "actions/playsounddefinition.hpp"
#include "actions/findimagedefinition.hpp"
-#if QT_VERSION >= QT_VERSION_CHECK(5, 10, 0)
-#include "actions/texttospeechdefinition.hpp"
-#endif
-
#include "code/system.hpp"
#include "code/mediaplaylist.hpp"
#include "code/notify.hpp"
@@ -67,9 +63,6 @@ public:
addActionDefinition(new Actions::DetachedCommandDefinition(this));
addActionDefinition(new Actions::PlaySoundDefinition(this));
addActionDefinition(new Actions::FindImageDefinition(this));
-#if QT_VERSION >= QT_VERSION_CHECK(5, 10, 0)
- addActionDefinition(new Actions::TextToSpeechDefinition(this));
-#endif
}
QString id() const override { return QStringLiteral("system"); }

View File

@ -0,0 +1,39 @@
diff --git a/executer/src/executer.cpp b/executer/src/executer.cpp
index da848dad..5bd7e986 100644
--- a/executer/src/executer.cpp
+++ b/executer/src/executer.cpp
@@ -45,7 +45,7 @@ bool Executer::start(QIODevice *device, const QString &filename)
QSettings settings;
QString locale = settings.value(QStringLiteral("gui/locale"), QLocale::system().name()).toString();
- mActionFactory->loadActionPacks(QApplication::applicationDirPath() + QStringLiteral("/actions"), locale);
+ mActionFactory->loadActionPacks(QStringLiteral("@out@/lib/actions"), locale);
#ifndef Q_OS_WIN
if(mActionFactory->actionPackCount() == 0)
mActionFactory->loadActionPacks(QStringLiteral("actiona/actions/"), locale);
diff --git a/gui/src/mainwindow.cpp b/gui/src/mainwindow.cpp
index 6052648e..3c802d93 100644
--- a/gui/src/mainwindow.cpp
+++ b/gui/src/mainwindow.cpp
@@ -322,7 +322,7 @@ void MainWindow::postInit()
if(mSplashScreen)
mSplashScreen->showMessage(tr("Loading actions..."));
- mActionFactory->loadActionPacks(QApplication::applicationDirPath() + QStringLiteral("/actions"), mUsedLocale);
+ mActionFactory->loadActionPacks(QStringLiteral("@out@/lib/actions"), mUsedLocale);
#ifndef Q_OS_WIN
if(mActionFactory->actionPackCount() == 0)
mActionFactory->loadActionPacks(QStringLiteral("actiona/actions/"), mUsedLocale);
diff --git a/tools/src/languages.cpp b/tools/src/languages.cpp
index 4926936e..18e9aabb 100644
--- a/tools/src/languages.cpp
+++ b/tools/src/languages.cpp
@@ -79,7 +79,7 @@ namespace Tools
void Languages::installTranslator(const QString &componentName, const QString &locale)
{
auto translator = new QTranslator(QCoreApplication::instance());
- if(!translator->load(QStringLiteral("%1/translations/%2_%3").arg(QCoreApplication::applicationDirPath()).arg(componentName).arg(locale)))
+ if(!translator->load(QStringLiteral("@out@/share/actiona/translations/%1_%2").arg(componentName).arg(locale)))
{
auto path = QStringLiteral("%1/translations/%2_%3").arg(QDir::currentPath()).arg(componentName).arg(locale);
if(!translator->load(path))

View File

@ -166,6 +166,16 @@ stdenv.mkDerivation rec {
)
'';
# needed to prevent collisions between the LICENSE.txt files of
# bambu-studio and orca-slicer.
postInstall = ''
mkdir -p $out/share/doc
mv $out/LICENSE.txt $out/share/doc/LICENSE.txt
if [ -f $out/README.md ]; then
mv $out/README.md $out/share/doc/README.md
fi
'';
meta = with lib; {
description = "PC Software for BambuLab's 3D printers";
homepage = "https://github.com/bambulab/BambuStudio";

View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "nwg-menu";
version = "0.1.2";
version = "0.1.3";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-menu";
rev = "v${version}";
sha256 = "sha256-UFyC0gpKn0Ei5aOPC28iG4YI2BM5lrnl/J7RM4GjInc=";
sha256 = "sha256-PMW5QUUZcdWNOMexJVy0hYXx+y2AopT3WL29iWb9MbM=";
};
vendorHash = "sha256-/kqhZcIuoN/XA0i1ua3lzVGn4ghkekFYScL1o3kgBX4=";
vendorHash = "sha256-PJvHDmyqE+eIELGRD8QHsZgZ7L0DKc2FYOvfvurzlhs=";
doCheck = false;

View File

@ -12,7 +12,7 @@
let
inherit (stdenv.hostPlatform) system;
pname = "obsidian";
version = "1.5.11";
version = "1.5.12";
appname = "Obsidian";
meta = with lib; {
description = "A powerful knowledge base that works on top of a local folder of plain text Markdown files";
@ -25,7 +25,7 @@ let
filename = if stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
src = fetchurl {
url = "https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";
hash = if stdenv.isDarwin then "sha256-RtIEjVaqYygylhZwFB9ObZPPhSSzvJTJniGVFzAa/VY=" else "sha256-QDxMgisyYc2lJ0OKn2hR0VA8OeAwysCq6Z4Q59qRvtU=";
hash = if stdenv.isDarwin then "sha256-MSJmF5WddxbC/S7w2nWjlDxt5HPUDCoRFwJ2MZMH9Ks=" else "sha256-UQLljP7eZELTuHwX+OylXY+Wy2YK1ZEJX1IQfIvBLe8=";
};
icon = fetchurl {

View File

@ -2,7 +2,7 @@
buildGoModule rec {
pname = "overmind";
version = "2.5.0";
version = "2.5.1";
nativeBuildInputs = [ makeWrapper ];
@ -14,10 +14,10 @@ buildGoModule rec {
owner = "DarthSim";
repo = pname;
rev = "v${version}";
sha256 = "sha256-/reRiSeYf8tnSUJICMDp7K7XZCYvTDFInPJ1xFuAqRs=";
sha256 = "sha256-wX29nFmzmbxbaXtwIWZNvueXFv9SKIOqexkc5pEITpw=";
};
vendorHash = "sha256-6/S5Sf2vvCp2RpRqcJPVc9mvMuPVn4Kj9QpSIlu6YFU=";
vendorHash = "sha256-XhF4oizOZ6g0351Q71Wp9IA3aFpocC5xGovDefIoL78=";
meta = with lib; {
homepage = "https://github.com/DarthSim/overmind";

View File

@ -14,26 +14,26 @@
let
wasm-bindgen-84 = wasm-bindgen-cli.override {
version = "0.2.84";
hash = "sha256-0rK+Yx4/Jy44Fw5VwJ3tG243ZsyOIBBehYU54XP/JGk=";
cargoHash = "sha256-vcpxcRlW1OKoD64owFF6mkxSqmNrvY+y3Ckn5UwEQ50=";
wasm-bindgen-92 = wasm-bindgen-cli.override {
version = "0.2.92";
hash = "sha256-1VwY8vQy7soKEgbki4LD+v259751kKxSxmo/gqE6yV0=";
cargoHash = "sha256-aACJ+lYNEU8FFBs158G1/JG8sc6Rq080PeKCMnwdpH0=";
};
in
rustPlatform.buildRustPackage rec {
pname = "pagefind";
version = "1.0.4";
version = "1.1.0";
src = fetchFromGitHub {
owner = "cloudcannon";
repo = "pagefind";
rev = "refs/tags/v${version}";
hash = "sha256-IN+l5Wq89tjppE0xCcvczQSkJc1CLymEFeieJhvQQ54=";
hash = "sha256-pcgcu9zylSTjj5rxNff+afFBWVpN5sGtlpadG1wb93M=";
};
cargoHash = "sha256-T7DBuqfpqaEmu9iItnFYsJVnEFxG1r9uXEkfqJp1mD8=";
cargoHash = "sha256-E4gjG5GrVWkMKgjQiAvEiSy2/tx/yHKe+5isveMZ9tU=";
env.npmDeps_web_js = fetchNpmDeps {
name = "npm-deps-web-js";
@ -50,6 +50,11 @@ rustPlatform.buildRustPackage rec {
src = "${src}/pagefind_ui/modular";
hash = "sha256-O0RqZUsRFtByxMQdwNGNcN38Rh+sDqqNo9YlBcrnsF4=";
};
env.cargoDeps_web = rustPlatform.fetchCargoTarball {
name = "cargo-deps-web";
src = "${src}/pagefind_web/";
hash = "sha256-vDkVXyDePKgYTYE5ZTLLfOHwPYfgaqP9p5/fKCQQi0g=";
};
postPatch = ''
# Tricky way to run npmConfigHook multiple times
@ -60,6 +65,11 @@ rustPlatform.buildRustPackage rec {
npmRoot=pagefind_ui/default npmDeps=$npmDeps_ui_default npmConfigHook
npmRoot=pagefind_ui/modular npmDeps=$npmDeps_ui_modular npmConfigHook
)
(
cd pagefind_web
cargoDeps=$cargoDeps_web cargoSetupPostUnpackHook
cargoDeps=$cargoDeps_web cargoSetupPostPatchHook
)
'';
nativeBuildInputs = [
@ -68,7 +78,7 @@ rustPlatform.buildRustPackage rec {
nodejs
rustc
rustc.llvmPackages.lld
wasm-bindgen-84
wasm-bindgen-92
wasm-pack
];
@ -76,22 +86,27 @@ rustPlatform.buildRustPackage rec {
# based on "test-and-build" in https://github.com/CloudCannon/pagefind/blob/main/.github/workflows/release.yml
preBuild = ''
export HOME=$(mktemp -d)
echo entering pagefind_web_js...
(
cd pagefind_web_js
npm run build-coupled
)
echo entering pagefind_web...
(
cd pagefind_web
export RUSTFLAGS="-C linker=lld"
bash ./local_build.sh
)
echo entering pagefind_ui/default...
(
cd pagefind_ui/default
npm run build
)
echo entering pagefind_ui/modular...
(
cd pagefind_ui/modular
npm run build

View File

@ -66,12 +66,12 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "prusa-slicer";
version = "2.7.2";
version = "2.7.3";
src = fetchFromGitHub {
owner = "prusa3d";
repo = "PrusaSlicer";
hash = "sha256-IZRw6qEe4hM/Sfhx0je11vaMHeuW/e4ZP5zMTuptb2k=";
hash = "sha256-pV9KQlZoCQZWi12VUKntKzFUuZgGpDoh1aNMoAHTbZI=";
rev = "version_${finalAttrs.version}";
};

View File

@ -1,32 +1,65 @@
{ stdenv, lib, fetchFromGitHub, pkg-config, cmake, libeb, lzo
, qtmultimedia, qttools, qtwebengine, wrapQtAppsHook }:
{ stdenv
, lib
, fetchFromGitHub
, cmake
, ninja
, qttools
, qtwebengine
, wrapQtAppsHook
}:
stdenv.mkDerivation rec {
let
eb = fetchFromGitHub {
owner = "mvf";
repo = "eb";
rev = "58e1c3bb9847ed5d05863f478f21e7a8ca3d74c8";
hash = "sha256-gZP+2P6fFADWht2c0hXmljVJQX8RpCq2mWP+KDi+GzE=";
};
in
stdenv.mkDerivation {
pname = "qolibri";
version = "2.1.4";
version = "2.1.5-unstable-2024-03-17";
src = fetchFromGitHub {
owner = "ludios";
owner = "mvf";
repo = "qolibri";
rev = version;
sha256 = "jyLF1MKDVH0Lt8lw+O93b+LQ4J+s42O3hebthJk83hg=";
rev = "99f0771184fcb2c5f47aad11c16002ebb8469a3f";
hash = "sha256-ArupqwejOO2YK9a3Ky0j20dIHs1jIqJksNIb4K2jwgI=";
};
nativeBuildInputs = [ pkg-config cmake qttools wrapQtAppsHook ];
nativeBuildInputs = [
cmake
ninja
qttools
wrapQtAppsHook
];
buildInputs = [
libeb lzo qtmultimedia qtwebengine
qtwebengine
];
cmakeFlags = [
"-DQOLIBRI_EB_SOURCE_DIR=${eb}"
];
postInstall = ''
install -D $src/qolibri.desktop -t $out/share/applications
install -Dm644 $src/qolibri.desktop -t $out/share/applications
for size in 16 32 48 64 128; do
install -Dm644 \
$src/images/qolibri-$size.png \
$out/share/icons/hicolor/''${size}x''${size}/apps/qolibri.png
done
'';
meta = with lib; {
homepage = "https://github.com/ludios/qolibri";
description = "EPWING reader for viewing Japanese dictionaries";
mainProgram = "qolibri";
platforms = platforms.linux;
maintainers = with maintainers; [ ];
homepage = "https://github.com/mvf/qolibri";
license = licenses.gpl2;
maintainers = with maintainers; [ azahi ];
platforms = platforms.unix;
broken = stdenv.isDarwin && stdenv.isx86_64; # Looks like a libcxx version mismatch problem.
mainProgram = "qolibri";
};
}

View File

@ -34,14 +34,14 @@ https://github.com/NixOS/nixpkgs/issues/199596#issuecomment-1310136382 */
}:
stdenv.mkDerivation (finalAttrs: {
version = "1.5.0";
version = "1.5.1";
pname = "syncthingtray";
src = fetchFromGitHub {
owner = "Martchus";
repo = "syncthingtray";
rev = "v${finalAttrs.version}";
hash = "sha256-O8FLjse2gY8KNWGXpUeZ83cNk0ZuRAZJJ3Am33/ABVw=";
hash = "sha256-6Q3nf6WjFgpBK7VR+ykmtIM68vwsmrYqmJPXsPpWjs4=";
};
buildInputs = [

View File

@ -3,10 +3,10 @@
{
firefox = buildMozillaMach rec {
pname = "firefox";
version = "124.0.1";
version = "124.0.2";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "282c45e5c468419536dd8b81c8ea687b10d8002d7521403330e6eeef49207143bee88a44c3785748d461ed9a72687606f5da14f4dfb98eb40a5cd08a4a12722b";
sha512 = "8cf340de6e34812f8ae3363265859a263330af770d981c3dd1ca1e7e0cfe513604d3e68184d4aa1446569aefbdf359d561fbc200faf19a5ed020a1709d9ef10e";
};
extraPatches = [

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "atmos";
version = "1.66.0";
version = "1.67.0";
src = fetchFromGitHub {
owner = "cloudposse";
repo = pname;
rev = "v${version}";
sha256 = "sha256-8cEJw4gCyh3aosck70vdLVYGOL3zR0AOpAMNv/j6rEM=";
sha256 = "sha256-bnecb0SucLcNrrQ0PAN31Z4nNV+0wrrzMLn7OyMOS5w=";
};
vendorHash = "sha256-k03pRrUzHvVjKt6w40JEiJTvbwhKa/0rjkZQsnmfe68=";
vendorHash = "sha256-oNAEe7g9kYZ4kolmVQat6l/tag0Bus7nJEfnzCrUtjA=";
ldflags = [ "-s" "-w" "-X github.com/cloudposse/atmos/cmd.Version=v${version}" ];

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "civo";
version = "1.0.77";
version = "1.0.80";
src = fetchFromGitHub {
owner = "civo";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-W9CJAFLGarDG/Y8g2Whoh4v9hxqb8txuLfAkooW8PNM=";
sha256 = "sha256-jzz9mny59YM5PLcQvcus3gHuRSbl/OISAOjDoS/4Y78=";
};
vendorHash = "sha256-Uh2/4qdJQfqQdjXbOBkUVv2nF1AN+QRKRI0+yta+G5Q=";

View File

@ -1,8 +1,8 @@
{
k3sVersion = "1.27.11+k3s1";
k3sCommit = "06d6bc80b469a61e5e90438b1f2639cd136a89e7";
k3sRepoSha256 = "0qkm8yqs9p34kb5k2q0j5wiykj78qc12n65n0clas5by23jrqcqa";
k3sVendorHash = "sha256-+z8pr30+28puv7yjA7ZvW++I0ipNEmen2OhCxFMzYOY=";
k3sVersion = "1.27.12+k3s1";
k3sCommit = "78ad57567c9eb1fd1831986f5fd7b4024add1767";
k3sRepoSha256 = "1j6xb3af4ypqq5m6a8x2yc2515zvlgqzfsfindjm9cbmq5iisphq";
k3sVendorHash = "sha256-65cmpRwD9C+fcbBSv1YpeukO7bfGngsLv/rk6sM59gU=";
chartVersions = import ./chart-versions.nix;
k3sRootVersion = "0.12.2";
k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k";

View File

@ -33,6 +33,6 @@ stdenvNoCC.mkDerivation {
homepage = "https://github.com/blendle/kns";
license = licenses.isc;
maintainers = with maintainers; [ mmlb ];
platforms = platforms.linux;
platforms = platforms.unix;
};
}

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubectl-gadget";
version = "0.26.0";
version = "0.27.0";
src = fetchFromGitHub {
owner = "inspektor-gadget";
repo = "inspektor-gadget";
rev = "v${version}";
hash = "sha256-G2FvKnO+YuLlRlzfB1YMRhCHWa6v4sMFLyDqp12bzn4=";
hash = "sha256-u5lzCIbSIOrhI2OE2PprvNZv7KetYGntyADVftSJrkY=";
};
vendorHash = "sha256-IrSx1iCOd95CWyLo6WuEtTFm6p62se/t8dcBmH5eOP4=";
vendorHash = "sha256-ZsSzLIVVoKZZEZOIYJTNl0DGere3sKfXsjXbRVmeYC4=";
CGO_ENABLED = 0;

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubergrunt";
version = "0.14.2";
version = "0.15.0";
src = fetchFromGitHub {
owner = "gruntwork-io";
repo = "kubergrunt";
rev = "v${version}";
sha256 = "sha256-r2lx+R/TQxD/miCJK3V//N3gKiCrg/mneT9BS+ZqRiU=";
sha256 = "sha256-yN5tpe3ayQPhTlBvxlt7CD6mSURCB4lxGatEK9OThzs=";
};
vendorHash = "sha256-K24y41qpuyBHqljUAtNQu3H8BNqznxYOsvEVo+57OtY=";
vendorHash = "sha256-VJkqg2cnpYHuEYOv5+spoyRWFAdFWE7YIVYaN9OmIZM=";
# Disable tests since it requires network access and relies on the
# presence of certain AWS infrastructure

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubeshark";
version = "52.1.77";
version = "52.2.1";
src = fetchFromGitHub {
owner = "kubeshark";
repo = "kubeshark";
rev = "v${version}";
hash = "sha256-BpixzQ88JfA1cS5bLMHmLhE5Si5UbC9zRf9GAELrJwM=";
hash = "sha256-MmKkM4nc9FkZkQIURPz63ryl0yhvxBwOvxkjrsaa67U=";
};
vendorHash = "sha256-SmvO9DYOXxnmN2dmHPPOguVwEbWSH/xNLBB+idpzopo=";

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubevpn";
version = "2.2.3";
version = "2.2.4";
src = fetchFromGitHub {
owner = "KubeNetworks";
repo = "kubevpn";
rev = "v${version}";
hash = "sha256-C1Fw7E7lXy9BRj8bTVUMzPK6wBiL6A3VGDYUqdD2Rjs=";
hash = "sha256-taeCOmjZqULxQf4dgLzSYgN43fFYH04Ev4O/SHHG+xI=";
};
vendorHash = null;

View File

@ -14,12 +14,12 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "waagent";
version = "2.9.1.1";
version = "2.10.0.8";
src = fetchFromGitHub {
owner = "Azure";
repo = "WALinuxAgent";
rev = "refs/tags/v${version}";
sha256 = "sha256-lnCDGUhAPNP8RNfDi+oUTEJ4x3ln6COqTrgk9rZWWEM=";
sha256 = "sha256-Ilm29z+BJToVxdJTUAZO3Lr2DyOIvK6GW79GxAmfeM4=";
};
patches = [
# Suppress the following error when waagent tries to configure sshd:

View File

@ -7,6 +7,7 @@ let
homepage = "https://sindresorhus.com/caprine";
license = licenses.mit;
maintainers = with maintainers; [ ShamrockLee ];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
x86_64-appimage = callPackage ./build-from-appimage.nix {
inherit pname version metaCommon;

View File

@ -30,7 +30,6 @@
, range-v3
, tl-expected
, hunspell
, glibmm_2_68
, webkitgtk_6_0
, jemalloc
, rnnoise
@ -64,14 +63,14 @@ let
in
stdenv.mkDerivation rec {
pname = "telegram-desktop";
version = "4.15.2";
version = "4.16.0";
src = fetchFromGitHub {
owner = "telegramdesktop";
repo = "tdesktop";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-gzwDezOmIvSF4fPHAslf8DyBAgCYkD5ySX+MKKMXhSg=";
hash = "sha256-llrHN/XCMKwAvbyUZ/92OUjAEOPJKPbDfldVChLZo5k=";
};
patches = [
@ -144,7 +143,6 @@ stdenv.mkDerivation rec {
libpulseaudio
pipewire
hunspell
glibmm_2_68
webkitgtk_6_0
jemalloc
] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk_11_0.frameworks; [

View File

@ -49,6 +49,70 @@ index 7ce90d3..dac3c2c 100644
const auto state = DetectBatteryState();
if (!state.has || !state.draining) {
return false;
Submodule Telegram/lib_webrtc contains modified content
diff --git a/Telegram/lib_webrtc/webrtc/platform/mac/webrtc_environment_mac.mm b/Telegram/lib_webrtc/webrtc/platform/mac/webrtc_environment_mac.mm
index 7521c08..5e22da2 100644
--- a/Telegram/lib_webrtc/webrtc/platform/mac/webrtc_environment_mac.mm
+++ b/Telegram/lib_webrtc/webrtc/platform/mac/webrtc_environment_mac.mm
@@ -364,6 +364,7 @@ EnvironmentMac::EnvironmentMac(not_null<EnvironmentDelegate*> delegate)
DefaultCaptureDeviceChangedMonitor.registerEnvironment(this);
AudioDeviceListChangedMonitor.registerEnvironment(this);
+#if 0
if (@available(macOS 14.0, *)) {
const auto weak = base::make_weak(this);
id block = [^(BOOL shouldBeMuted){
@@ -387,6 +388,7 @@ EnvironmentMac::EnvironmentMac(not_null<EnvironmentDelegate*> delegate)
setInputMuteStateChangeHandler:block
error:nil];
}
+#endif
}
EnvironmentMac::~EnvironmentMac() {
@@ -537,15 +539,18 @@ void EnvironmentMac::devicesRequested(DeviceType type) {
}
void EnvironmentMac::setCaptureMuted(bool muted) {
+#if 0
if (@available(macOS 14.0, *)) {
if (!_captureMuteNotification) {
const auto value = muted ? YES : NO;
[[AVAudioApplication sharedInstance] setInputMuted:value error:nil];
}
}
+#endif
}
void EnvironmentMac::captureMuteSubscribe() {
+#if 0
if (@available(macOS 14.0, *)) {
id observer = [[InputMuteObserver alloc] init];
[[[NSWorkspace sharedWorkspace] notificationCenter]
@@ -578,6 +583,7 @@ void EnvironmentMac::captureMuteSubscribe() {
[observer release];
});
}
+#endif
}
void EnvironmentMac::captureMuteUnsubscribe() {
@@ -595,6 +601,7 @@ void EnvironmentMac::captureMuteRestartAdm() {
void EnvironmentMac::setCaptureMuteTracker(
not_null<CaptureMuteTracker*> tracker,
bool track) {
+#if 0
if (@available(macOS 14.0, *)) {
if (track) {
if (!_captureMuteTracker) {
@@ -619,6 +626,7 @@ void EnvironmentMac::setCaptureMuteTracker(
}
}
}
+#endif
}
std::unique_ptr<Environment> CreateEnvironment(
Submodule Telegram/lib_webview contains modified content
diff --git a/Telegram/lib_webview/webview/platform/mac/webview_mac.mm b/Telegram/lib_webview/webview/platform/mac/webview_mac.mm
index 738e574..80ff5f0 100644

View File

@ -64,7 +64,7 @@ let
systemd
];
version = "2023.6";
version = "2024.1";
selectSystem = attrs: attrs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
@ -74,8 +74,8 @@ let
};
hash = selectSystem {
x86_64-linux = "sha256-IhE93NXX8iwlvso+ei9wbVyJJLtkjrZf8qB43AZre+4=";
aarch64-linux = "sha256-HRAGDps0Cf7qOWTS7die9uouxMpAaM83t1Ixz7ElF6g=";
x86_64-linux = "sha256-io6ROUHoSBij1ah6yi1Gbni6yWVVoYZKUd7BR+GXKLg=";
aarch64-linux = "sha256-bzKTASfqjmjyKZecr8MGaChd6g48aQhfpuc+gUqwoPI=";
};
in

View File

@ -51,7 +51,7 @@ let
mainProgram = "mumble-server";
homepage = "https://mumble.info";
license = licenses.bsd3;
maintainers = with maintainers; [ infinisil felixsinger ];
maintainers = with maintainers; [ infinisil felixsinger lilacious ];
platforms = platforms.linux;
};
});

View File

@ -26,7 +26,7 @@
stdenv.mkDerivation rec {
pname = "nextcloud-client";
version = "3.12.2";
version = "3.12.3";
outputs = [ "out" "dev" ];
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
hash = "sha256-qVb0omSWzwkbqdtYXy8VWYyCM0CDCAW9L78pli9TbO4=";
hash = "sha256-ScWkEOx2tHoCQbFwBvJQgk2YoYOTPi3PrVsaDNJBEUI=";
};
patches = [

View File

@ -33,14 +33,14 @@ let
}.${system} or throwSystem;
hash = {
x86_64-linux = "sha256-GcFds6PCEuvZ7oIfWMEkRIWMWU/jmCsj4zCkMe3+QM0=";
x86_64-linux = "sha256-s/1XyEXOyvAQNf32ckKotQ4jYdlo/Y+O9PY3wIUs80A=";
}.${system} or throwSystem;
displayname = "XPipe";
in stdenvNoCC.mkDerivation rec {
pname = "xpipe";
version = "8.5";
version = "8.6";
src = fetchzip {
url = "https://github.com/xpipe-io/xpipe/releases/download/${version}/xpipe-portable-linux-${arch}.tar.gz";

View File

@ -19,14 +19,14 @@
let
pname = "qownnotes";
appname = "QOwnNotes";
version = "24.3.5";
version = "24.4.0";
in
stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://github.com/pbek/QOwnNotes/releases/download/v${version}/qownnotes-${version}.tar.xz";
hash = "sha256-s3OeTK6XodIMrNTuImdljbQYX1Abj7SFOZmPJgm2teo=";
hash = "sha256-SxoZD5DYuPAJZwBiw38jZYI+e9FExj+TiUlczvbXkWA=";
};
nativeBuildInputs = [

View File

@ -2,7 +2,7 @@
, stdenv
, mkDerivation
, extra-cmake-modules
, fetchFromGitHub
, fetchurl
, kconfig
, kdoctools
, kguiaddons
@ -37,13 +37,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "kstars";
version = "3.6.9";
version = "3.7.0";
src = fetchFromGitHub {
owner = "KDE";
repo = "kstars";
rev = "stable-${finalAttrs.version}";
hash = "sha256-28RRW+ncMiQcBb/lybEKTeV08ZkF3IqLkeTHNW5nhls=";
src = fetchurl {
url = "mirror://kde/stable/kstars/kstars-${finalAttrs.version}.tar.xz";
hash = "sha256-yvN1k0LqUi5Odb34Nk8UP5qoIbFUcvUiyESpoMKmuqg=";
};
nativeBuildInputs = [

View File

@ -1,22 +1,21 @@
{ stdenv, lib, fetchFromGitHub
, qtbase, qttools, qtquickcontrols2, opencascade-occt, libGLU, libSM, freeimage, cmake, wrapQtAppsHook
, qtbase, qttools, qtquickcontrols2, opencascade-occt, libGLU, cmake, wrapQtAppsHook
}:
stdenv.mkDerivation rec {
pname = "librepcb";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "sha256-2o2Gue/RnDWxe8jk/Ehx9CM+B3ac5rEQn0H7yodUEZ8=";
sha256 = "sha256-Vyp7asVqvKFkkEb67LXapMkT1AQSburN3+B2dXIPcEU=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake qttools wrapQtAppsHook qtquickcontrols2 opencascade-occt libGLU ];
buildInputs = [ qtbase ];
propagatedBuildInputs = [ libSM freeimage ];
meta = with lib; {
description = "A free EDA software to develop printed circuit boards";

View File

@ -27,7 +27,7 @@
}:
let
version = "1.16.2";
version = "1.17.0";
# build stimuli file for PGO build and the script to generate it
# independently of the foot's build, so we can cache the result
@ -40,7 +40,7 @@ let
src = fetchurl {
url = "https://codeberg.org/dnkl/foot/raw/tag/${version}/scripts/generate-alt-random-writes.py";
hash = "sha256-NvkKJ75n/OzgEd2WHX1NQIXPn9R0Z+YI1rpFmNxaDhk=";
hash = "sha256-/KykHPqM0WQ1HO83bOrxJ88mvEAf0Ah3S8gSvKb3AJM=";
};
dontUnpack = true;
@ -99,7 +99,7 @@ stdenv.mkDerivation {
owner = "dnkl";
repo = "foot";
rev = version;
hash = "sha256-hT+btlfqfwGBDWTssYl8KN6SbR9/Y2ors4ipECliigM=";
hash = "sha256-H4a9WQox7vD5HsY9PP0nrNDZtyaRFpsphsv8/qstNH8=";
};
separateDebugInfo = true;

View File

@ -12,6 +12,8 @@
, patches ? [ ]
, extraLibs ? [ ]
, nixosTests
# update script dependencies
, gitUpdater
}:
stdenv.mkDerivation (finalAttrs: {
@ -60,13 +62,18 @@ stdenv.mkDerivation (finalAttrs: {
installFlags = [ "PREFIX=$(out)" ];
passthru.tests.test = nixosTests.terminal-emulators.st;
passthru = {
tests.test = nixosTests.terminal-emulators.st;
updateScript = gitUpdater {
url = "git://git.suckless.org/st";
};
};
meta = with lib; {
homepage = "https://st.suckless.org/";
description = "Simple Terminal for X from Suckless.org Community";
license = licenses.mit;
maintainers = with maintainers; [ andsild qusic ];
maintainers = with maintainers; [ qusic ];
platforms = platforms.unix;
mainProgram = "st";
};

View File

@ -2,15 +2,15 @@
buildGoModule rec {
pname = "gitsign";
version = "0.9.0";
version = "0.10.1";
src = fetchFromGitHub {
owner = "sigstore";
repo = pname;
rev = "v${version}";
hash = "sha256-52Vyh2aImus9ZTb082N2FRMIsfykfQ2+AVUT2VD6lJ4=";
hash = "sha256-WaiGkbjqty/MsTWPvx5DmmaNwWTJAEFKwVqArt2oZZc=";
};
vendorHash = "sha256-fQTd7J2l7W3E5RQIr2hn2wp9CPHn8N8TpDqfbb3TFgI=";
vendorHash = "sha256-p2E010k7uozpLvl9VpfG5/JyQR4mVUBKv2p78UdFlac=";
subPackages = [
"."

View File

@ -13,6 +13,7 @@ let
license = licenses.gpl2Only;
maintainers = with maintainers; [ ShamrockLee ];
mainProgram = "losslesscut";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
x86_64-appimage = callPackage ./build-from-appimage.nix {
inherit pname version metaCommon;

View File

@ -64,8 +64,10 @@ in python.pkgs.buildPythonApplication rec {
pythonRelaxDeps = [
"cloup"
"isosurfaces"
"pillow"
"skia-pathops"
"watchdog"
];
patches = [

View File

@ -64,6 +64,21 @@
"test_PointCloudDot"
"test_Torus"
# test_ImplicitFunction[/test_implicit_graph] failing with:
# E AssertionError:
# E Not equal to tolerance rtol=1e-07, atol=1.01
# E Frame no -1. You can use --show_diff to visually show the difference.
# E Mismatched elements: 1185[/633] / 1639680[/1639680] (0.0723[/0.0386]%)
# E Max absolute difference: 125[/121]
# E Max relative difference: 6.5[/1]
#
# These started failing after relaxing the “watchdog” and “isosurfaces” dependencies,
# likely due to a tolerance difference. They should, however, start working again when [1] is
# included in a Manim release.
# [1]: https://github.com/ManimCommunity/manim/pull/3376
"test_ImplicitFunction"
"test_implicit_graph"
# failing with:
# TypeError: __init__() got an unexpected keyword argument 'msg' - maybe you meant pytest.mark.skipif?
"test_force_window_opengl_render_with_movies"

View File

@ -26,14 +26,14 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qmplay2";
version = "24.03.16";
version = "24.04.02";
src = fetchFromGitHub {
owner = "zaps166";
repo = "QMPlay2";
rev = finalAttrs.version;
fetchSubmodules = true;
hash = "sha256-yIBQBRdmaY7qaBirANxMqfm5vn3T4usokJUxwSYUHjQ=";
hash = "sha256-eJWXTcJU24QzPChFTKbvNcuL9UpIQD8rFzd5h591tjg=";
};
nativeBuildInputs = [

View File

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "miriway";
version = "unstable-2024-03-15";
version = "unstable-2024-04-02";
src = fetchFromGitHub {
owner = "Miriway";
repo = "Miriway";
rev = "dcc44916d0b25dd06d792947c837cf4cd8c24925";
hash = "sha256-LnqhIVmC5F+FAIcYW+oT4t2ovRWeoV4zHpvbNhiY7Kw=";
rev = "ff58ed8f9f646ce11b5a43f39a03f7a916d8d695";
hash = "sha256-oqBGAAQxYoapCn2uvXFrc8L7P3lCXUCRbWE4q6Mp+oc=";
};
strictDeps = true;

View File

@ -23,7 +23,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "wayfireplugins";
repo = "focus-request";
rev = "v${finalAttrs.version}";
hash = "sha256-v0kGT+KrtfFJ/hp1Dr8izKVj6UHhuW6udHFjWt1y9TY=";
hash = "sha256-kUYvLC28IPrvnMT/wKFRlOVkc2ohF3k0T/Qrm/zVkpE=";
};
nativeBuildInputs = [

View File

@ -53,10 +53,6 @@
, gccForLibs ? if useCcForLibs then cc else null
, fortify-headers ? null
, includeFortifyHeaders ? null
# https://github.com/NixOS/nixpkgs/issues/295322
# should -march flag be used
, disableMarch ? false
}:
assert nativeTools -> !propagateDoc && nativePrefix != "";
@ -633,7 +629,7 @@ stdenv.mkDerivation {
# TODO: aarch64-darwin has mcpu incompatible with gcc
+ optionalString ((targetPlatform ? gcc.arch) && !isClang && !(stdenv.isDarwin && stdenv.isAarch64) &&
isGccArchSupported targetPlatform.gcc.arch && !disableMarch) ''
isGccArchSupported targetPlatform.gcc.arch) ''
echo "-march=${targetPlatform.gcc.arch}" >> $out/nix-support/cc-cflags-before
''
@ -729,7 +725,7 @@ stdenv.mkDerivation {
+ optionalString isClang ''
# Escape twice: once for this script, once for the one it gets substituted into.
export march=${escapeShellArg
(optionalString (targetPlatform ? gcc.arch && !disableMarch)
(optionalString (targetPlatform ? gcc.arch)
(escapeShellArg "-march=${targetPlatform.gcc.arch}"))}
export defaultTarget=${targetPlatform.config}
substituteAll ${./add-clang-cc-cflags-before.sh} $out/nix-support/add-local-cc-cflags-before.sh

View File

@ -5,8 +5,7 @@
}:
telegram-desktop.overrideAttrs (old: rec {
pname = "64Gram";
pname = "64gram";
version = "1.1.15";
src = fetchFromGitHub {

View File

@ -6,16 +6,16 @@
}:
buildGoModule rec {
pname = "athens";
version = "0.13.1";
version = "0.13.2";
src = fetchFromGitHub {
owner = "gomods";
repo = "athens";
rev = "v${version}";
hash = "sha256-tyheAQ+j1mkkkJr0yTyzWwoEFMcTfkJN+qFbb6Zcs+s=";
hash = "sha256-UKzR2eGIcAaQNXPx0P/V/1rO32JSr2fGl0U8mPzKjIM=";
};
vendorHash = "sha256-8+PdkanodNZW/xeFf+tDm3Ej7DRSpBBtiT/CqjnWthw=";
vendorHash = "sha256-NycAQsv/EZYVQz8FmVFcKoFpW7+MxguOxK4ry63A7N4=";
CGO_ENABLED = "0";
ldflags = [ "-s" "-w" "-X github.com/gomods/athens/pkg/build.version=${version}" ];

View File

@ -5,16 +5,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-pgo";
version = "0.2.6";
version = "0.2.8";
src = fetchFromGitHub {
owner = "kobzol";
repo = pname;
rev = "v${version}";
hash = "sha256-u3kWYPLJYarwwudRpeBdJglP9kNbLRTYgEvZT2pBBoY=";
hash = "sha256-yt9QAgpu667JkdNS7OiB/wB9BLXXpis0ZhWjYuETteU=";
};
cargoHash = "sha256-Peicupa2vFDzPCH0OQYk7plkWIn82o45oGutOyMlI2s=";
cargoHash = "sha256-T49RfBInMZeTPT7HhZIwhfK48ORKDD14fcShC6lFApI=";
# Integration tests do not run in Nix build environment due to needing to
# create and build Cargo workspaces.

File diff suppressed because it is too large Load Diff

View File

@ -1,78 +0,0 @@
diff --git a/bin/console b/bin/console
index 8fe9d49..3af9662 100755
--- a/bin/console
+++ b/bin/console
@@ -1,5 +1,8 @@
#!/usr/bin/env php
<?php
+if (getenv('ENV_DIR') !== false) {
+ $_SERVER['APP_RUNTIME_OPTIONS']['dotenv_path'] = getenv('ENV_DIR').'/.env';
+}
use App\Kernel;
use Symfony\Bundle\FrameworkBundle\Console\Application;
@@ -28,7 +31,11 @@ if ($input->hasParameterOption('--no-debug', true)) {
putenv('APP_DEBUG='.$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = '0');
}
-(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
+if (getenv('ENV_DIR') !== false) {
+ (new Dotenv())->bootEnv(getenv('ENV_DIR').'/.env');
+} else {
+ (new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
+}
if ($_SERVER['APP_DEBUG']) {
umask(0000);
diff --git a/public/index.php b/public/index.php
index 3f8b90e..c57ec21 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,5 +1,9 @@
<?php
+if (getenv('ENV_DIR') !== false) {
+ $_SERVER['APP_RUNTIME_OPTIONS']['dotenv_path'] = getenv('ENV_DIR').'/.env';
+}
+
use App\Kernel;
use Symfony\Component\Dotenv\Dotenv;
use Symfony\Component\ErrorHandler\Debug;
@@ -7,7 +11,11 @@ use Symfony\Component\HttpFoundation\Request;
require dirname(__DIR__).'/vendor/autoload.php';
-(new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
+if (getenv('ENV_DIR') !== false) {
+ (new Dotenv())->bootEnv(getenv('ENV_DIR').'/.env');
+} else {
+ (new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
+}
if ($_SERVER['APP_DEBUG']) {
umask(0000);
diff --git a/src/Kernel.php b/src/Kernel.php
index 0f43d2f..8863f2c 100644
--- a/src/Kernel.php
+++ b/src/Kernel.php
@@ -49,4 +49,20 @@ class Kernel extends BaseKernel
(require $path)($routes->withPath($path), $this);
}
}
+
+ public function getCacheDir(): string
+ {
+ if (getenv('CACHE_DIR') !== false) {
+ return getenv('CACHE_DIR') . '/' . $this->getEnvironment();
+ }
+ return parent::getCacheDir();
+ }
+
+ public function getLogDir(): string
+ {
+ if (getenv('LOG_DIR') !== false) {
+ return getenv('LOG_DIR') . '/' . $this->getEnvironment();
+ }
+ return parent::getLogDir();
+ }
}

View File

@ -1,27 +1,21 @@
{ lib, fetchFromGitHub, php, }:
{
lib,
fetchFromGitHub,
php,
}:
php.buildComposerProject (finalAttrs: {
pname = "davis";
version = "4.4.1";
version = "4.4.2";
src = fetchFromGitHub {
owner = "tchapi";
repo = "davis";
rev = "v${finalAttrs.version}";
hash = "sha256-UBekmxKs4dveHh866Ix8UzY2NL6ygb8CKor+V3Cblns=";
hash = "sha256-oPzMBCOcAJoHni9SO74RuJDEOcVYc4MtO5rGq1E9g3Q=";
};
composerLock = ./composer.lock;
vendorHash = "sha256-WGeNwBRzfUXa7kPIwd7/5dPXDjaBxXirAJcm6lNzueY=";
patches = [
# Symfony loads .env files from the same directory as composer.json
# The .env files contain runtime configuration that shouldn't be baked into deriviation for the package
# This patch adds a few extension points exposing three environment variables:
# RUNTIME_DIRECTORY (where to load .env from), CACHE_DIRECTORY and LOG_DIRECTORY (symfony cache and log rw directories)
# Upstream PR https://github.com/tchapi/davis/issues/154
./davis-data.patch
];
vendorHash = "sha256-NOb6rc9jVsf+/RVOW7SLBAJk9SihcRxoepUEGBGLi2w=";
postInstall = ''
# Only include the files needed for runtime in the derivation

View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication {
pname = "epub-thumbnailer";
version = "0-unstable-2024-03-16";
version = "0-unstable-2024-03-26";
pyproject = true;
src = fetchFromGitHub {
owner = "marianosimone";
repo = "epub-thumbnailer";
rev = "035c31e9269bcb30dcc20fed31b6dc54e9bfed63";
hash = "sha256-G/CeYmr+wgJidbavfvIuCbRLJGQzoxAnpo3t4YFJq0c=";
rev = "de4b5bf0fcd1817d560f180231f7bd22d330f1be";
hash = "sha256-r0t2enybUEminXOHjx6uH6LvQtmzTRPZm/gY3Vi2c64=";
};
nativeBuildInputs = with python3.pkgs; [

View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
source "https://rubygems.org"
# Specify your gem's dependencies in flatito.gemspec
gemspec
gem "minitest", "~> 5.22"
gem "rake", "~> 13.0"
gem "rubocop", "~> 1.62"
gem "rubocop-minitest", "~> 0.35"
gem "rubocop-performance", "~> 1.11"
gem "rubocop-rake", "~> 0.6"

View File

@ -0,0 +1,62 @@
PATH
remote: .
specs:
flatito (0.1.1)
colorize
GEM
remote: https://rubygems.org/
specs:
ast (2.4.2)
colorize (1.1.0)
json (2.7.1)
language_server-protocol (3.17.0.3)
minitest (5.22.3)
parallel (1.24.0)
parser (3.3.0.5)
ast (~> 2.4.1)
racc
racc (1.7.3)
rainbow (3.1.1)
rake (13.1.0)
regexp_parser (2.9.0)
rexml (3.2.6)
rubocop (1.62.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.31.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.31.2)
parser (>= 3.3.0.4)
rubocop-minitest (0.35.0)
rubocop (>= 1.61, < 2.0)
rubocop-ast (>= 1.31.1, < 2.0)
rubocop-performance (1.20.2)
rubocop (>= 1.48.1, < 2.0)
rubocop-ast (>= 1.30.0, < 2.0)
rubocop-rake (0.6.0)
rubocop (~> 1.0)
ruby-progressbar (1.13.0)
unicode-display_width (2.5.0)
PLATFORMS
arm64-darwin-22
ruby
DEPENDENCIES
flatito!
minitest (~> 5.22)
rake (~> 13.0)
rubocop (~> 1.62)
rubocop-minitest (~> 0.35)
rubocop-performance (~> 1.11)
rubocop-rake (~> 0.6)
BUNDLED WITH
2.5.6

View File

@ -0,0 +1,40 @@
# frozen_string_literal: true
require_relative "lib/flatito/version"
Gem::Specification.new do |spec|
spec.name = "flatito"
spec.version = Flatito::VERSION
spec.authors = ["José Galisteo"]
spec.email = ["ceritium@gmail.com"]
spec.summary = "Grep for YAML and JSON files"
spec.description = "A kind of grep for YAML and JSON files. It allows you to search for a key and get the value and the line number where it is located."
spec.homepage = "https://github.com/ceritium/flatito"
spec.license = "MIT"
spec.required_ruby_version = ">= 3.0.0"
spec.metadata["homepage_uri"] = spec.homepage
spec.metadata["source_code_uri"] = spec.homepage
# spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
# Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
spec.files = Dir.chdir(__dir__) do
`git ls-files -z`.split("\x0").reject do |f|
(File.expand_path(f) == __FILE__) ||
f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
end
end
spec.bindir = "exe"
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
spec.require_paths = ["lib"]
# Uncomment to register a new dependency of your gem
spec.add_dependency "colorize"
# For more information and examples about making a new gem, check out our
# guide at: https://bundler.io/guides/creating_gem.html
spec.metadata["rubygems_mfa_required"] = "true"
end

View File

@ -0,0 +1,208 @@
{
ast = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "04nc8x27hlzlrr5c2gn7mar4vdr0apw5xg22wp6m8dx3wqr04a0y";
type = "gem";
};
version = "2.4.2";
};
colorize = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0dy8ryhcdzgmbvj7jpa1qq3bhhk1m7a2pz6ip0m6dxh30rzj7d9h";
type = "gem";
};
version = "1.1.0";
};
flatito = {
dependencies = [ "colorize" ];
groups = [ "default" ];
platforms = [ ];
source = {
path = ./.;
type = "path";
};
version = "0.1.1";
};
json = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0r9jmjhg2ly3l736flk7r2al47b5c8cayh0gqkq0yhjqzc9a6zhq";
type = "gem";
};
version = "2.7.1";
};
language_server-protocol = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0gvb1j8xsqxms9mww01rmdl78zkd72zgxaap56bhv8j45z05hp1x";
type = "gem";
};
version = "3.17.0.3";
};
minitest = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a";
type = "gem";
};
version = "5.22.3";
};
parallel = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "15wkxrg1sj3n1h2g8jcrn7gcapwcgxr659ypjf75z1ipkgxqxwsv";
type = "gem";
};
version = "1.24.0";
};
parser = {
dependencies = [ "ast" "racc" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "11r6kp8wam0nkfvnwyc1fmvky102r1vcfr84vi2p1a2wa0z32j3p";
type = "gem";
};
version = "3.3.0.5";
};
racc = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp";
type = "gem";
};
version = "1.7.3";
};
rainbow = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0smwg4mii0fm38pyb5fddbmrdpifwv22zv3d3px2xx497am93503";
type = "gem";
};
version = "3.1.1";
};
rake = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy";
type = "gem";
};
version = "13.1.0";
};
regexp_parser = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1ndxm0xnv27p4gv6xynk6q41irckj76q1jsqpysd9h6f86hhp841";
type = "gem";
};
version = "2.9.0";
};
rexml = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "05i8518ay14kjbma550mv0jm8a6di8yp5phzrd8rj44z9qnrlrp0";
type = "gem";
};
version = "3.2.6";
};
rubocop = {
dependencies = [ "json" "language_server-protocol" "parallel" "parser" "rainbow" "regexp_parser" "rexml" "rubocop-ast" "ruby-progressbar" "unicode-display_width" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0daamn13fbm77rdwwa4w6j6221iq6091asivgdhk6n7g398frcdf";
type = "gem";
};
version = "1.62.1";
};
rubocop-ast = {
dependencies = [ "parser" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1v3q8n48w8h809rqbgzihkikr4g3xk72m1na7s97jdsmjjq6y83w";
type = "gem";
};
version = "1.31.2";
};
rubocop-minitest = {
dependencies = [ "rubocop" "rubocop-ast" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "001f4xcs3p0g04cyqfdkb2i1lld0yjmnx1s11y9z2id4b2lg64c4";
type = "gem";
};
version = "0.35.0";
};
rubocop-performance = {
dependencies = [ "rubocop" "rubocop-ast" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0cf7fn4dwf45r3nhnda0dhnwn8qghswyqbfxr2ippb3z8a6gmc8v";
type = "gem";
};
version = "1.20.2";
};
rubocop-rake = {
dependencies = [ "rubocop" ];
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1nyq07sfb3vf3ykc6j2d5yq824lzq1asb474yka36jxgi4hz5djn";
type = "gem";
};
version = "0.6.0";
};
ruby-progressbar = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "0cwvyb7j47m7wihpfaq7rc47zwwx9k4v7iqd9s1xch5nm53rrz40";
type = "gem";
};
version = "1.13.0";
};
unicode-display_width = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "1d0azx233nags5jx3fqyr23qa2rhgzbhv8pxp46dgbg1mpf82xky";
type = "gem";
};
version = "2.5.0";
};
}

View File

@ -0,0 +1,36 @@
{ lib, fetchFromGitHub, ruby, buildRubyGem, bundlerEnv }:
let
deps = bundlerEnv rec {
inherit ruby;
name = "flatito-${version}";
version = "0.1.1";
gemdir = ./.;
gemset = lib.recursiveUpdate (import ./gemset.nix) {
flatito.source = {
remotes = [ "https://rubygems.org" ];
sha256 = "9f5a8f899a14c1a0fe74cb89288f24ddc47bd5d83ac88ac8023d19b056ecb50f";
type = "gem";
};
};
};
in
buildRubyGem rec {
inherit ruby;
gemName = "flatito";
pname = gemName;
version = "0.1.1";
source.sha256 = "sha256-n1qPiZoUwaD+dMuJKI8k3cR71dg6yIrIAj0ZsFbstQ8=";
propagatedBuildInputs = [ deps ];
meta = with lib; {
description = "It allows you to search for a key and get the value and the line number where it is located in YAML and JSON files.";
homepage = "https://github.com/ceritium/flatito";
license = licenses.mit;
maintainers = with maintainers; [ rucadi ];
platforms = platforms.unix;
mainProgram = "flatito";
};
}

View File

@ -2,11 +2,24 @@
, fetchFromGitHub
, stdenvNoCC
, makeWrapper
, gh
, fzf
, coreutils
, gawk
, gnused
, withBat ? false
, bat
}:
let
binPath = lib.makeBinPath ([
gh
fzf
coreutils
gawk
gnused
]
++ lib.optional withBat bat);
in
stdenvNoCC.mkDerivation rec {
pname = "gh-f";
version = "1.1.5";
@ -27,7 +40,7 @@ stdenvNoCC.mkDerivation rec {
'';
postFixup = ''
wrapProgram "$out/bin/gh-f" --prefix PATH : "${lib.makeBinPath [fzf bat coreutils]}"
wrapProgram "$out/bin/gh-f" --prefix PATH : "${binPath}"
'';
meta = with lib; {

View File

@ -0,0 +1,55 @@
{ lib
, fetchFromGitHub
, stdenvNoCC
, makeWrapper
, gh
, gnugrep
, fzf
, python3
, withDelta ? false
, delta
, withBat ? false
, bat
}:
let
binPath = lib.makeBinPath ([
gh
gnugrep
fzf
python3
]
++ lib.optional withBat bat
++ lib.optional withDelta delta);
in
stdenvNoCC.mkDerivation {
pname = "gh-notify";
version = "0-unstable-2024-03-19";
src = fetchFromGitHub {
owner = "meiji163";
repo = "gh-notify";
rev = "0d8fa377d79cfef0f66d2f03a5921a5e598e6807";
hash = "sha256-Ao6gUtgW7enVlWBQhlQDc8ZW/gP90atc2F4rDNUnjj8=";
};
nativeBuildInputs = [
makeWrapper
];
installPhase = ''
install -D -m755 "gh-notify" "$out/bin/gh-notify"
'';
postFixup = ''
wrapProgram "$out/bin/gh-notify" --prefix PATH : "${binPath}"
'';
meta = with lib; {
homepage = "https://github.com/meiji163/gh-notify";
description = "GitHub CLI extension to display GitHub notifications";
maintainers = with maintainers; [ loicreynier ];
license = licenses.unlicense;
mainProgram = "gh-notify";
platforms = platforms.all;
};
}

View File

@ -0,0 +1,133 @@
{ autoPatchelfHook
, cairo
, copyDesktopItems
, dbus
, fetchurl
, fontconfig
, freetype
, glib
, gtk3
, lib
, libdrm
, libGL
, libkrb5
, libsecret
, libsForQt5
, libunwind
, libxkbcommon
, makeDesktopItem
, makeWrapper
, openssl
, stdenv
, xorg
, zlib
}:
let
srcs = builtins.fromJSON (builtins.readFile ./srcs.json);
in
stdenv.mkDerivation rec {
pname = "ida-free";
version = "8.4.240320";
src = fetchurl {
inherit (srcs.${stdenv.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}")) urls sha256;
};
icon = fetchurl {
urls = [
"https://www.hex-rays.com/products/ida/news/8_1/images/icon_free.png"
"https://web.archive.org/web/20221105181231if_/https://hex-rays.com/products/ida/news/8_1/images/icon_free.png"
];
sha256 = "sha256-widkv2VGh+eOauUK/6Sz/e2auCNFAsc8n9z0fdrSnW0=";
};
desktopItem = makeDesktopItem {
name = "ida-free";
exec = "ida64";
icon = icon;
comment = meta.description;
desktopName = "IDA Free";
genericName = "Interactive Disassembler";
categories = [ "Development" ];
};
nativeBuildInputs = [ makeWrapper copyDesktopItems autoPatchelfHook libsForQt5.wrapQtAppsHook ];
# We just get a runfile in $src, so no need to unpack it.
dontUnpack = true;
# Add everything to the RPATH, in case IDA decides to dlopen things.
runtimeDependencies = [
cairo
dbus
fontconfig
freetype
glib
gtk3
libdrm
libGL
libkrb5
libsecret
libsForQt5.qtbase
libunwind
libxkbcommon
openssl
stdenv.cc.cc
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXau
xorg.libxcb
xorg.libXext
xorg.libXi
xorg.libXrender
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
zlib
];
buildInputs = runtimeDependencies;
dontWrapQtApps = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/lib $out/opt
# IDA depends on quite some things extracted by the runfile, so first extract everything
# into $out/opt, then remove the unnecessary files and directories.
IDADIR=$out/opt
# Invoke the installer with the dynamic loader directly, avoiding the need
# to copy it to fix permissions and patch the executable.
$(cat $NIX_CC/nix-support/dynamic-linker) $src \
--mode unattended --prefix $IDADIR --installpassword ""
# Copy the exported libraries to the output.
cp $IDADIR/libida64.so $out/lib
# Some libraries come with the installer.
addAutoPatchelfSearchPath $IDADIR
for bb in ida64 assistant; do
wrapProgram $IDADIR/$bb \
--prefix QT_PLUGIN_PATH : $IDADIR/plugins/platforms
ln -s $IDADIR/$bb $out/bin/$bb
done
runHook postInstall
'';
meta = with lib; {
description = "Freeware version of the world's smartest and most feature-full disassembler";
homepage = "https://hex-rays.com/ida-free/";
license = licenses.unfree;
mainProgram = "ida64";
maintainers = with maintainers; [ msanft ];
platforms = [ "x86_64-linux" ]; # Right now, the installation script only supports Linux.
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
}

View File

@ -0,0 +1,20 @@
{
"x86_64-linux": {
"urls": [
"https://web.archive.org/web/20240330140328/https://out7.hex-rays.com/files/idafree84_linux.run"
],
"sha256": "1wg60afkhjj7my2la4x4qf6gdxzl2aqdbvd6zfnwf8n3bl7ckn2a"
},
"x86_64-darwin": {
"urls": [
"https://web.archive.org/web/20240330140623/https://out7.hex-rays.com/files/idafree84_mac.app.zip"
],
"sha256": "0a97xb0ah6rcq69whs5xvkar43ci8r5nan9wa29ad19w8k25ryym"
},
"aarch64-darwin": {
"urls": [
"https://web.archive.org/web/20240330140634/https://out7.hex-rays.com/files/arm_idafree84_mac.app.zip"
],
"sha256": "10wwq7ia1z1kxfigj4i7xr037bzv1cg3pyvrl27jdq9v7bghdf3m"
}
}

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "libmediainfo";
version = "24.01";
version = "24.03";
src = fetchurl {
url = "https://mediaarea.net/download/source/libmediainfo/${version}/libmediainfo_${version}.tar.xz";
hash = "sha256-oC38Zon0hc7Ab6EqNBTDw6ooU7Td4YrqtLVKVsgxYlk=";
hash = "sha256-zCu0TkB8iQq1ZpNMVnY5GFBatYwUE0tT8NHanuokLI0=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];

View File

@ -47,6 +47,17 @@
, sonic
, spdlog
, fmt
, espeak-ng
, piper-tts
# tests
, fetchzip
, fetchurl
, writeText
, writeTextFile
, symlinkJoin
, linkFarmFromDrvs
, jq
}:
let
BUILD_TYPE =
@ -148,6 +159,55 @@ let
'';
};
espeak-ng' = espeak-ng.overrideAttrs (self: {
name = "espeak-ng'";
inherit (go-piper) src;
sourceRoot = "source/espeak";
patches = [ ];
nativeBuildInputs = [ cmake ];
cmakeFlags = (self.cmakeFlags or [ ]) ++ [
# -DCMAKE_C_FLAGS="-D_FILE_OFFSET_BITS=64"
(lib.cmakeBool "BUILD_SHARED_LIBS" true)
(lib.cmakeBool "USE_ASYNC" false)
(lib.cmakeBool "USE_MBROLA" false)
(lib.cmakeBool "USE_LIBPCAUDIO" false)
(lib.cmakeBool "USE_KLATT" false)
(lib.cmakeBool "USE_SPEECHPLAYER" false)
(lib.cmakeBool "USE_LIBSONIC" false)
(lib.cmakeBool "CMAKE_POSITION_INDEPENDENT_CODE" true)
];
preConfigure = null;
postInstall = null;
});
piper-phonemize = stdenv.mkDerivation {
name = "piper-phonemize";
inherit (go-piper) src;
sourceRoot = "source/piper-phonemize";
buildInputs = [ espeak-ng' onnxruntime ];
nativeBuildInputs = [ cmake pkg-config ];
cmakeFlags = [
(lib.cmakeFeature "ONNXRUNTIME_DIR" "${onnxruntime.dev}")
(lib.cmakeFeature "ESPEAK_NG_DIR" "${espeak-ng'}")
];
passthru.espeak-ng = espeak-ng';
};
piper-tts' = (piper-tts.override { inherit piper-phonemize; }).overrideAttrs (self: {
name = "piper-tts'";
inherit (go-piper) src;
sourceRoot = "source/piper";
installPhase = null;
postInstall = ''
cp CMakeFiles/piper.dir/src/cpp/piper.cpp.o $out/piper.o
cd $out
mkdir bin lib
mv lib*so* lib/
mv piper piper_phonemize bin/
rm -rf cmake pkgconfig espeak-ng-data *.ort
'';
});
go-piper = stdenv.mkDerivation {
name = "go-piper";
src = fetchFromGitHub {
@ -157,25 +217,20 @@ let
hash = "sha256-Yv9LQkWwGpYdOS0FvtP0vZ0tRyBAx27sdmziBR4U4n8=";
fetchSubmodules = true;
};
patchPhase = ''
postUnpack = ''
cp -r --no-preserve=mode ${piper-tts'}/* source
'';
postPatch = ''
sed -i Makefile \
-e '/cd piper-phonemize/ s;cmake;cmake -DONNXRUNTIME_DIR=${onnxruntime.dev};' \
-e '/CXXFLAGS *= / s;$; -DSPDLOG_FMT_EXTERNAL=1;' \
-e '/cd piper\/build / s;cmake;cmake -DSPDLOG_DIR=${spdlog.src} -DFMT_DIR=${fmt};'
-e '/CXXFLAGS *= / s;$; -DSPDLOG_FMT_EXTERNAL=1;'
'';
buildFlags = [ "libpiper_binding.a" ];
dontUseCmakeConfigure = true;
nativeBuildInputs = [ cmake ];
buildInputs = [ sonic spdlog onnxruntime ];
buildInputs = [ piper-tts' espeak-ng' piper-phonemize sonic fmt spdlog onnxruntime ];
installPhase = ''
cp -r --no-preserve=mode $src $out
tar cf - *.a \
espeak/ei/lib \
piper/src/cpp \
piper-phonemize/pi/lib \
piper-phonemize/pi/include \
piper-phonemize/pi/share \
| tar xf - -C $out
mkdir -p $out/piper-phonemize/pi
cp -r --no-preserve=mode ${piper-phonemize}/share $out/piper-phonemize/pi
cp *.a $out
'';
};
@ -418,6 +473,8 @@ let
--prefix LD_LIBRARY_PATH : "${clblast}/lib:${ocl-icd}/lib" \
'' + lib.optionalString with_openblas ''
--prefix LD_LIBRARY_PATH : "${openblas}/lib" \
'' + lib.optionalString with_tts ''
--prefix LD_LIBRARY_PATH : "${piper-phonemize}/lib" \
'' + ''
--prefix PATH : "${ffmpeg}/bin"
'';
@ -425,7 +482,8 @@ let
passthru.local-packages = {
inherit
go-tiny-dream go-rwkv go-bert go-llama-ggml gpt4all go-piper
llama-cpp-grpc whisper-cpp go-tiny-dream-ncnn;
llama-cpp-grpc whisper-cpp go-tiny-dream-ncnn espeak-ng' piper-phonemize
piper-tts';
};
passthru.features = {
@ -448,7 +506,7 @@ let
nodes.machine = {
systemd.services.local-ai = {
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${self}/bin/local-ai --localai-config-dir . --address :${port}";
serviceConfig.ExecStart = "${self}/bin/local-ai --debug --localai-config-dir . --address :${port}";
};
};
testScript = ''
@ -456,6 +514,61 @@ let
machine.succeed("curl -f http://localhost:${port}/readyz")
'';
};
}
// lib.optionalAttrs with_tts {
# https://localai.io/features/text-to-audio/#piper
tts =
let
port = "8080";
voice-en-us = fetchzip {
url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-danny-low.tar.gz";
hash = "sha256-5wf+6H5HeQY0qgdqnAG1vSqtjIFM9lXH53OgouuPm0M=";
stripRoot = false;
};
ggml-tiny-en = fetchurl {
url = "https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-tiny.en-q5_1.bin";
hash = "sha256-x3xXZvHO8JtrfUfyG1Rsvd1BV4hrO11tT3CekeZsfCs=";
};
whisper-en = {
name = "whisper-en";
backend = "whisper";
parameters.model = ggml-tiny-en.name;
};
models = symlinkJoin {
name = "models";
paths = [
voice-en-us
(linkFarmFromDrvs "whisper-en" [
(writeText "whisper-en.yaml" (builtins.toJSON whisper-en))
ggml-tiny-en
])
];
};
in
testers.runNixOSTest {
name = pname + "-tts";
nodes.machine = {
systemd.services.local-ai = {
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${self}/bin/local-ai --debug --models-path ${models} --localai-config-dir . --address :${port}";
};
};
testScript =
let
request = {
model = "en-us-danny-low.onnx";
backend = "piper";
input = "Hello, how are you?";
};
in
''
machine.wait_for_open_port(${port})
machine.succeed("curl -f http://localhost:${port}/readyz")
machine.succeed("curl -f http://localhost:${port}/tts --json @${writeText "request.json" (builtins.toJSON request)} --output out.wav")
machine.succeed("curl -f http://localhost:${port}/v1/audio/transcriptions --header 'Content-Type: multipart/form-data' --form file=@out.wav --form model=${whisper-en.name} --output transcription.json")
machine.succeed("${jq}/bin/jq --exit-status 'debug | .segments | first.text == \"${request.input}\"' transcription.json")
'';
};
};
meta = with lib; {

View File

@ -0,0 +1,148 @@
{
lib,
lxd-unwrapped-lts,
linkFarm,
makeWrapper,
stdenv,
symlinkJoin,
writeShellScriptBin,
acl,
apparmor-parser,
apparmor-profiles,
attr,
bash,
btrfs-progs,
cdrkit,
criu,
dnsmasq,
e2fsprogs,
getent,
gnutar,
gptfdisk,
gzip,
iproute2,
iptables,
kmod,
lvm2,
minio,
nftables,
OVMF,
qemu_kvm,
qemu-utils,
rsync,
spice-gtk,
squashfsTools,
thin-provisioning-tools,
util-linux,
virtiofsd,
xz,
}:
let
binPath = lib.makeBinPath [
acl
attr
bash
btrfs-progs
cdrkit
criu
dnsmasq
e2fsprogs
getent
gnutar
gptfdisk
gzip
iproute2
iptables
kmod
lvm2
minio
nftables
qemu_kvm
qemu-utils
rsync
squashfsTools
thin-provisioning-tools
util-linux
virtiofsd
xz
(writeShellScriptBin "apparmor_parser" ''
exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
'')
];
clientBinPath = [ spice-gtk ];
ovmf-2mb = OVMF.override {
secureBoot = true;
fdSize2MB = true;
};
ovmf-4mb = OVMF.override {
secureBoot = true;
fdSize4MB = true;
};
ovmf-prefix = if stdenv.hostPlatform.isAarch64 then "AAVMF" else "OVMF";
# mimic ovmf from https://github.com/canonical/lxd-pkg-snap/blob/3abebe1dfeb20f9b7729556960c7e9fe6ad5e17c/snapcraft.yaml#L378
# also found in /snap/lxd/current/share/qemu/ on a snap install
ovmf = linkFarm "lxd-ovmf" [
{
name = "OVMF_CODE.2MB.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_CODE.fd";
}
{
name = "OVMF_CODE.4MB.fd";
path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_CODE.fd";
}
{
name = "OVMF_CODE.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_CODE.fd";
}
{
name = "OVMF_VARS.2MB.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
{
name = "OVMF_VARS.2MB.ms.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
{
name = "OVMF_VARS.4MB.fd";
path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
{
name = "OVMF_VARS.4MB.ms.fd";
path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
{
name = "OVMF_VARS.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
{
name = "OVMF_VARS.ms.fd";
path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd";
}
];
in
symlinkJoin {
name = "lxd-${lxd-unwrapped-lts.version}";
paths = [ lxd-unwrapped-lts ];
nativeBuildInputs = [ makeWrapper ];
postBuild = ''
wrapProgram $out/bin/lxd --prefix PATH : ${lib.escapeShellArg binPath}:${qemu_kvm}/libexec:$out/bin --set LXD_OVMF_PATH ${ovmf}
wrapProgram $out/bin/lxc --prefix PATH : ${lib.makeBinPath clientBinPath}
'';
passthru = {
inherit (lxd-unwrapped-lts) tests ui;
};
inherit (lxd-unwrapped-lts) meta pname version;
}

View File

@ -1,11 +1,12 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchYarnDeps
, nodejs
, prefetch-yarn-deps
, yarn
, nixosTests
{
lib,
stdenv,
fetchFromGitHub,
fetchYarnDeps,
nodejs,
prefetch-yarn-deps,
yarn,
nixosTests,
}:
stdenv.mkDerivation rec {

View File

@ -1,23 +1,25 @@
{ lib
, hwdata
, pkg-config
, lxc
, buildGoModule
, fetchurl
, acl
, libcap
, dqlite
, raft-canonical
, sqlite
, udev
, installShellFiles
, nixosTests
, gitUpdater
, callPackage
{
lib,
hwdata,
pkg-config,
lxc,
buildGo122Module,
fetchurl,
acl,
libcap,
dqlite,
raft-canonical,
sqlite,
udev,
installShellFiles,
nixosTests,
gitUpdater,
callPackage,
}:
buildGoModule rec {
pname = "lxd-unwrapped";
buildGo122Module rec {
pname = "lxd-unwrapped-lts";
# major/minor are used in updateScript to pin to LTS
version = "5.21.0";
src = fetchurl {
@ -32,9 +34,17 @@ buildGoModule rec {
--replace "/usr/share/misc/usb.ids" "${hwdata}/share/hwdata/usb.ids"
'';
excludedPackages = [ "test" "lxd/db/generate" "lxd-agent" "lxd-migrate" ];
excludedPackages = [
"test"
"lxd/db/generate"
"lxd-agent"
"lxd-migrate"
];
nativeBuildInputs = [ installShellFiles pkg-config ];
nativeBuildInputs = [
installShellFiles
pkg-config
];
buildInputs = [
lxc
acl
@ -45,7 +55,10 @@ buildGoModule rec {
udev.dev
];
ldflags = [ "-s" "-w" ];
ldflags = [
"-s"
"-w"
];
tags = [ "libsqlite3" ];
preBuild = ''
@ -59,13 +72,15 @@ buildGoModule rec {
'';
preCheck =
let skippedTests = [
"TestValidateConfig"
"TestConvertNetworkConfig"
"TestConvertStorageConfig"
"TestSnapshotCommon"
"TestContainerTestSuite"
]; in
let
skippedTests = [
"TestValidateConfig"
"TestConvertNetworkConfig"
"TestConvertStorageConfig"
"TestSnapshotCommon"
"TestContainerTestSuite"
];
in
''
# Disable tests requiring local operations
buildFlagsArray+=("-run" "[^(${builtins.concatStringsSep "|" skippedTests})]")
@ -77,17 +92,19 @@ buildGoModule rec {
passthru.tests.lxd = nixosTests.lxd;
passthru.tests.lxd-to-incus = nixosTests.incus.lxd-to-incus;
passthru.ui = callPackage ./ui.nix { };
passthru.updateScript = gitUpdater {
url = "https://github.com/canonical/lxd.git";
rev-prefix = "lxd-";
rev-prefix = "lxd-5.21";
};
meta = with lib; {
description = "Daemon based on liblxc offering a REST API to manage containers";
homepage = "https://ubuntu.com/lxd";
changelog = "https://github.com/canonical/lxd/releases/tag/lxd-${version}";
license = with licenses; [ asl20 agpl3Plus ];
license = with licenses; [
asl20
agpl3Plus
];
maintainers = teams.lxc.members;
platforms = platforms.linux;
};

View File

@ -0,0 +1,57 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "malwoverview";
version = "5.4.2";
pyproject = true;
src = fetchFromGitHub {
owner = "alexandreborges";
repo = "malwoverview";
rev = "refs/tags/v${version}";
hash = "sha256-WAlVEEukPOynCGpRdQu3wP+JZ1UKuSR6pH5ek81L73E=";
};
pythonRemoveDeps = [
"pathlib"
];
nativeBuildInputs = with python3.pkgs; [
pythonRelaxDepsHook
];
build-system = with python3.pkgs; [
setuptools
];
dependencies = with python3.pkgs; [
colorama
configparser
geocoder
pefile
polyswarm-api
python-magic
requests
simplejson
validators
];
# Project has no tests
doCheck = false;
pythonImportsCheck = [
"malwoverview"
];
meta = with lib; {
description = "Tool for threat hunting and gathering intel information from various sources";
homepage = "https://github.com/alexandreborges/malwoverview";
changelog = "https://github.com/alexandreborges/malwoverview/releases/tag/v${version}";
license = licenses.gpl3Only;
maintainers = with maintainers; [ fab ];
mainProgram = "malwoverview.py";
};
}

View File

@ -6,11 +6,11 @@ let
in
stdenv.mkDerivation rec {
pname = "mediainfo-gui";
version = "24.01.1";
version = "24.03";
src = fetchurl {
url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz";
hash = "sha256-MupkbVyGxj1UQY0QsnNiYKtD5Lcn+B6N1ez16bXj/TQ=";
hash = "sha256-b/jx+i+FmhMJH3Wiz5E0hmRPbiWa0cJa+5qT5IRExWM=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "mediainfo";
version = "24.01.1";
version = "24.03";
src = fetchurl {
url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz";
hash = "sha256-MupkbVyGxj1UQY0QsnNiYKtD5Lcn+B6N1ez16bXj/TQ=";
hash = "sha256-b/jx+i+FmhMJH3Wiz5E0hmRPbiWa0cJa+5qT5IRExWM=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];

View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "minijinja";
version = "1.0.15";
version = "1.0.16";
src = fetchFromGitHub {
owner = "mitsuhiko";
repo = "minijinja";
rev = version;
hash = "sha256-ync0MkLi+CV1g9eBDLcV1dnV101H5Gc6K0NrnVeh8Jw=";
hash = "sha256-/mWXtAu+4B0VTZsID7FOQkSnuTxOLUUrl+vubqPClCw=";
};
cargoHash = "sha256-j8GLpMU7xwc3BWkjcFmGODiKieedNIB8VbHjJcrq8z4=";
cargoHash = "sha256-iMRcQL7/Q/9UmwPwaQslMruyUQ2QSU+5y7VNeAFMzk8=";
# The tests relies on the presence of network connection
doCheck = false;

View File

@ -2,16 +2,16 @@
buildNpmPackage rec {
pname = "mystmd";
version = "1.1.48";
version = "1.1.50";
src = fetchFromGitHub {
owner = "executablebooks";
repo = "mystmd";
rev = "mystmd@${version}";
hash = "sha256-Uw/00EzgnrQYunABx7O35V+YwFnDDW+EI5NqMEUV8zk=";
hash = "sha256-2KzvjKtI3TK0y1zNX33MAz/I7x+09XVcwKBWhBTD0+M=";
};
npmDepsHash = "sha256-JSVdHhzOgzIwB61ST6vYVENtohjU6Q3lrp+hVPye02g=";
npmDepsHash = "sha256-mJXLmq6KZiKjctvGCf7YG6ivF1ut6qynzyM147pzGwM=";
dontNpmInstall = true;

View File

@ -5,14 +5,14 @@
python3Packages.buildPythonApplication rec {
pname = "oterm";
version = "0.2.4";
version = "0.2.5";
pyproject = true;
src = fetchFromGitHub {
owner = "ggozad";
repo = "oterm";
rev = "refs/tags/${version}";
hash = "sha256-p0ns+8qmcyX4gcg0CfYdDMn1Ie0atVBuQbVQoDRQ9+c=";
hash = "sha256-s+TqDrgy7sR0sli8BGKlF546TW1+vzF0k3IkAQV6TpM=";
};
pythonRelaxDeps = [

View File

@ -6,16 +6,16 @@
php.buildComposerProject (finalAttrs: {
pname = "phpactor";
version = "2023.12.03.0";
version = "2024.03.09.0";
src = fetchFromGitHub {
owner = "phpactor";
repo = "phpactor";
rev = finalAttrs.version;
hash = "sha256-zLSGzaUzroWkvFNCj3uA9KdZ3K/EIQOZ7HzV6Ms5/BE=";
hash = "sha256-1QPBq8S3mOkSackXyCuFdoxfAdUQaRuUfoOfKOGuiR0=";
};
vendorHash = "sha256-0jvWbQubPXDhsXqEp8q5R0Y7rQX3UiccGDF3HDBeh7o=";
vendorHash = "sha256-9YN+fy+AvNnF0Astrirpewjmh/bSINAhW9fLvN5HGGI=";
nativeBuildInputs = [ installShellFiles ];
@ -30,6 +30,6 @@ php.buildComposerProject (finalAttrs: {
homepage = "https://github.com/phpactor/phpactor";
license = lib.licenses.mit;
mainProgram = "phpactor";
maintainers = [ lib.maintainers.ryantm ] ++ lib.teams.php.members;
maintainers = [ lib.maintainers.patka ] ++ lib.teams.php.members;
};
})

Some files were not shown because too many files have changed in this diff Show More