nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 20:03:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
github-actions[bot] 2023-05-14 18:01:51 +00:00 committed by GitHub
commit 798fe41101
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
66 changed files with 3568 additions and 492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
.github/CODEOWNERS vendored
View File

@ -22,19 +22,19 @@
/.editorconfig @Mic92 @zowoq
# Libraries
/lib @edolstra @nbp @infinisil
/lib/systems @alyssais @nbp @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @nbp @Profpatsch
/lib/cli.nix @edolstra @nbp @Profpatsch
/lib/debug.nix @edolstra @nbp @Profpatsch
/lib/asserts.nix @edolstra @nbp @Profpatsch
/lib @edolstra @infinisil
/lib/systems @alyssais @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @Profpatsch
/lib/cli.nix @edolstra @Profpatsch
/lib/debug.nix @edolstra @Profpatsch
/lib/asserts.nix @edolstra @Profpatsch
/lib/path.* @infinisil @fricklerhandwerk
# Nixpkgs Internals
/default.nix @nbp
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer
/default.nix @Ericson2314
/pkgs/top-level/default.nix @Ericson2314
/pkgs/top-level/impure.nix @Ericson2314
/pkgs/top-level/stage.nix @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
@ -67,22 +67,9 @@
/doc/using @fricklerhandwerk
# NixOS Internals
/nixos/default.nix @nbp @infinisil
/nixos/lib/from-env.nix @nbp @infinisil
/nixos/lib/eval-config.nix @nbp @infinisil
/nixos/doc/manual/configuration/abstractions.xml @nbp
/nixos/doc/manual/configuration/config-file.xml @nbp
/nixos/doc/manual/configuration/config-syntax.xml @nbp
/nixos/doc/manual/configuration/modularity.xml @nbp
/nixos/doc/manual/development/assertions.xml @nbp
/nixos/doc/manual/development/meta-attributes.xml @nbp
/nixos/doc/manual/development/option-declarations.xml @nbp
/nixos/doc/manual/development/option-def.xml @nbp
/nixos/doc/manual/development/option-types.xml @nbp
/nixos/doc/manual/development/replace-modules.xml @nbp
/nixos/doc/manual/development/writing-modules.xml @nbp
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
/nixos/default.nix @infinisil
/nixos/lib/from-env.nix @infinisil
/nixos/lib/eval-config.nix @infinisil
/nixos/modules/system @dasJ
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius

22
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@ -38,6 +38,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
- [Pixelfed](https://pixelfed.org/), an Instagram-like ActivityPub server. Available as [services.pixelfed](options.html#opt-services.pixelfed.enable).
- [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable).
- [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable).
@ -383,6 +385,26 @@ In addition to numerous new and upgraded packages, this release has the followin
- `nextcloud` has an option to enable SSE-C in S3.
- NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the
underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so:
```nix
{
swapDevices = [
{
device = "/dev/disk/by-partlabel/swapspace";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
}
```
- `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`.
Before upgrading, read the release notes for PeerTube:
- [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0)

39
nixos/modules/config/swap.nix
View File

@ -38,6 +38,34 @@ let
'';
};
keySize = mkOption {
default = null;
example = "512";
type = types.nullOr types.int;
description = lib.mdDoc ''
Set the encryption key size for the plain device.
If not specified, the amount of data to read from `source` will be
determined by cryptsetup.
See `cryptsetup-open(8)` for details.
'';
};
sectorSize = mkOption {
default = null;
example = "4096";
type = types.nullOr types.int;
description = lib.mdDoc ''
Set the sector size for the plain encrypted device type.
If not specified, the default sector size is determined from the
underlying block device.
See `cryptsetup-open(8)` for details.
'';
};
source = mkOption {
default = "/dev/urandom";
example = "/dev/random";
@ -157,11 +185,11 @@ let
};
config = rec {
config = {
device = mkIf options.label.isDefined
"/dev/disk/by-label/${config.label}";
deviceName = lib.replaceStrings ["\\"] [""] (escapeSystemdPath config.device);
realDevice = if config.randomEncryption.enable then "/dev/mapper/${deviceName}" else config.device;
realDevice = if config.randomEncryption.enable then "/dev/mapper/${config.deviceName}" else config.device;
};
};
@ -247,7 +275,12 @@ in
''}
${optionalString sw.randomEncryption.enable ''
cryptsetup plainOpen -c ${sw.randomEncryption.cipher} -d ${sw.randomEncryption.source} \
${optionalString sw.randomEncryption.allowDiscards "--allow-discards"} ${sw.device} ${sw.deviceName}
'' + concatMapStrings (arg: arg + " \\\n") (flatten [
(optional (sw.randomEncryption.sectorSize != null) "--sector-size=${toString sw.randomEncryption.sectorSize}")
(optional (sw.randomEncryption.keySize != null) "--key-size=${toString sw.randomEncryption.keySize}")
(optional sw.randomEncryption.allowDiscards "--allow-discards")
]) + ''
${sw.device} ${sw.deviceName}
mkswap ${sw.realDevice}
''}
'';

2
nixos/modules/module-list.nix
View File

@ -1178,6 +1178,7 @@
./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix
./services/web-apps/grocy.nix
./services/web-apps/pixelfed.nix
./services/web-apps/healthchecks.nix
./services/web-apps/hedgedoc.nix
./services/web-apps/hledger-web.nix
@ -1373,6 +1374,7 @@
./tasks/filesystems/cifs.nix
./tasks/filesystems/ecryptfs.nix
./tasks/filesystems/envfs.nix
./tasks/filesystems/erofs.nix
./tasks/filesystems/exfat.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix

2
nixos/modules/services/backup/borgbackup.nix
View File

@ -109,7 +109,7 @@ let
};
environment = {
BORG_REPO = cfg.repo;
inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs;
inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs extraCompactArgs;
} // (mkPassEnv cfg) // cfg.environment;
};

478
nixos/modules/services/web-apps/pixelfed.nix Normal file
View File

@ -0,0 +1,478 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.pixelfed;
user = cfg.user;
group = cfg.group;
pixelfed = cfg.package.override { inherit (cfg) dataDir runtimeDir; };
# https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L185-L190
extraPrograms = with pkgs; [ jpegoptim optipng pngquant gifsicle ffmpeg ];
# Ensure PHP extensions: https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L135-L147
phpPackage = cfg.phpPackage.buildEnv {
extensions = { enabled, all }:
enabled
++ (with all; [ bcmath ctype curl mbstring gd intl zip redis imagick ]);
};
configFile =
pkgs.writeText "pixelfed-env" (lib.generators.toKeyValue { } cfg.settings);
# Management script
pixelfed-manage = pkgs.writeShellScriptBin "pixelfed-manage" ''
cd ${pixelfed}
sudo=exec
if [[ "$USER" != ${user} ]]; then
sudo='exec /run/wrappers/bin/sudo -u ${user}'
fi
$sudo ${cfg.phpPackage}/bin/php artisan "$@"
'';
dbSocket = {
"pgsql" = "/run/postgresql";
"mysql" = "/run/mysqld/mysqld.sock";
}.${cfg.database.type};
dbService = {
"pgsql" = "postgresql.service";
"mysql" = "mysql.service";
}.${cfg.database.type};
redisService = "redis-pixelfed.service";
in {
options.services = {
pixelfed = {
enable = mkEnableOption (lib.mdDoc "a Pixelfed instance");
package = mkPackageOptionMD pkgs "pixelfed" { };
phpPackage = mkPackageOptionMD pkgs "php81" { };
user = mkOption {
type = types.str;
default = "pixelfed";
description = lib.mdDoc ''
User account under which pixelfed runs.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the pixelfed application starts.
:::
'';
};
group = mkOption {
type = types.str;
default = "pixelfed";
description = lib.mdDoc ''
Group account under which pixelfed runs.
::: {.note}
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the pixelfed application starts.
:::
'';
};
domain = mkOption {
type = types.str;
description = lib.mdDoc ''
FQDN for the Pixelfed instance.
'';
};
secretFile = mkOption {
type = types.path;
description = lib.mdDoc ''
A secret file to be sourced for the .env settings.
Place `APP_KEY` and other settings that should not end up in the Nix store here.
'';
};
settings = mkOption {
type = with types; (attrsOf (oneOf [ bool int str ]));
description = lib.mdDoc ''
.env settings for Pixelfed.
Secrets should use `secretFile` option instead.
'';
};
nginx = mkOption {
type = types.nullOr (types.submodule
(import ../web-servers/nginx/vhost-options.nix {
inherit config lib;
}));
default = null;
example = lib.literalExpression ''
{
serverAliases = [
"pics.''${config.networking.domain}"
];
enableACME = true;
forceHttps = true;
}
'';
description = lib.mdDoc ''
With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr.
Set to {} if you do not need any customization to the virtual host.
If enabled, then by default, the {option}`serverName` is
`''${domain}`,
If this is set to null (the default), no nginx virtualHost will be configured.
'';
};
redis.createLocally = mkEnableOption
(lib.mdDoc "a local Redis database using UNIX socket authentication")
// {
default = true;
};
database = {
createLocally = mkEnableOption
(lib.mdDoc "a local database using UNIX socket authentication") // {
default = true;
};
automaticMigrations = mkEnableOption
(lib.mdDoc "automatic migrations for database schema and data") // {
default = true;
};
type = mkOption {
type = types.enum [ "mysql" "pgsql" ];
example = "pgsql";
default = "mysql";
description = lib.mdDoc ''
Database engine to use.
Note that PGSQL is not well supported: https://github.com/pixelfed/pixelfed/issues/2727
'';
};
name = mkOption {
type = types.str;
default = "pixelfed";
description = lib.mdDoc "Database name.";
};
};
maxUploadSize = mkOption {
type = types.str;
default = "8M";
description = lib.mdDoc ''
Max upload size with units.
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ int str bool ]);
default = { };
description = lib.mdDoc ''
Options for Pixelfed's PHP-FPM pool.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/pixelfed";
description = lib.mdDoc ''
State directory of the `pixelfed` user which holds
the application's state and data.
'';
};
runtimeDir = mkOption {
type = types.str;
default = "/run/pixelfed";
description = lib.mdDoc ''
Ruutime directory of the `pixelfed` user which holds
the application's caches and temporary files.
'';
};
schedulerInterval = mkOption {
type = types.str;
default = "1d";
description = lib.mdDoc "How often the Pixelfed cron task should run";
};
};
};
config = mkIf cfg.enable {
users.users.pixelfed = mkIf (cfg.user == "pixelfed") {
isSystemUser = true;
group = cfg.group;
extraGroups = lib.optional cfg.redis.createLocally "redis-pixelfed";
};
users.groups.pixelfed = mkIf (cfg.group == "pixelfed") { };
services.redis.servers.pixelfed.enable = lib.mkIf cfg.redis.createLocally true;
services.pixelfed.settings = mkMerge [
({
APP_ENV = mkDefault "production";
APP_DEBUG = mkDefault false;
# https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L312-L316
APP_URL = mkDefault "https://${cfg.domain}";
ADMIN_DOMAIN = mkDefault cfg.domain;
APP_DOMAIN = mkDefault cfg.domain;
SESSION_DOMAIN = mkDefault cfg.domain;
SESSION_SECURE_COOKIE = mkDefault true;
OPEN_REGISTRATION = mkDefault false;
# ActivityPub: https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L360-L364
ACTIVITY_PUB = mkDefault true;
AP_REMOTE_FOLLOW = mkDefault true;
AP_INBOX = mkDefault true;
AP_OUTBOX = mkDefault true;
AP_SHAREDINBOX = mkDefault true;
# Image optimization: https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L367-L404
PF_OPTIMIZE_IMAGES = mkDefault true;
IMAGE_DRIVER = mkDefault "imagick";
# Mobile APIs
OAUTH_ENABLED = mkDefault true;
# https://github.com/pixelfed/pixelfed/blob/dev/app/Console/Commands/Installer.php#L351
EXP_EMC = mkDefault true;
# Defer to systemd
LOG_CHANNEL = mkDefault "stderr";
# TODO: find out the correct syntax?
# TRUST_PROXIES = mkDefault "127.0.0.1/8, ::1/128";
})
(mkIf (cfg.redis.createLocally) {
BROADCAST_DRIVER = mkDefault "redis";
CACHE_DRIVER = mkDefault "redis";
QUEUE_DRIVER = mkDefault "redis";
SESSION_DRIVER = mkDefault "redis";
WEBSOCKET_REPLICATION_MODE = mkDefault "redis";
# Suppport phpredis and predis configuration-style.
REDIS_SCHEME = "unix";
REDIS_HOST = config.services.redis.servers.pixelfed.unixSocket;
REDIS_PATH = config.services.redis.servers.pixelfed.unixSocket;
})
(mkIf (cfg.database.createLocally) {
DB_CONNECTION = cfg.database.type;
DB_SOCKET = dbSocket;
DB_DATABASE = cfg.database.name;
DB_USERNAME = user;
# No TCP/IP connection.
DB_PORT = 0;
})
];
environment.systemPackages = [ pixelfed-manage ];
services.mysql =
mkIf (cfg.database.createLocally && cfg.database.type == "mysql") {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}];
};
services.postgresql =
mkIf (cfg.database.createLocally && cfg.database.type == "pgsql") {
enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = user;
ensurePermissions = { };
}];
};
# Make each individual option overridable with lib.mkDefault.
services.pixelfed.poolConfig = lib.mapAttrs' (n: v: lib.nameValuePair n (lib.mkDefault v)) {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
services.phpfpm.pools.pixelfed = {
inherit user group;
inherit phpPackage;
phpOptions = ''
post_max_size = ${toString cfg.maxUploadSize}
upload_max_filesize = ${toString cfg.maxUploadSize}
max_execution_time = 600;
'';
settings = {
"listen.owner" = user;
"listen.group" = group;
"listen.mode" = "0660";
"catch_workers_output" = "yes";
} // cfg.poolConfig;
};
systemd.services.phpfpm-pixelfed.after = [ "pixelfed-data-setup.service" ];
systemd.services.phpfpm-pixelfed.requires =
[ "pixelfed-horizon.service" "pixelfed-data-setup.service" ]
++ lib.optional cfg.database.createLocally dbService
++ lib.optional cfg.redis.createLocally redisService;
# Ensure image optimizations programs are available.
systemd.services.phpfpm-pixelfed.path = extraPrograms;
systemd.services.pixelfed-horizon = {
description = "Pixelfed task queueing via Laravel Horizon framework";
after = [ "network.target" "pixelfed-data-setup.service" ];
requires = [ "pixelfed-data-setup.service" ]
++ (lib.optional cfg.database.createLocally dbService)
++ (lib.optional cfg.redis.createLocally redisService);
wantedBy = [ "multi-user.target" ];
# Ensure image optimizations programs are available.
path = extraPrograms;
serviceConfig = {
Type = "simple";
ExecStart = "${pixelfed-manage}/bin/pixelfed-manage horizon";
StateDirectory =
lib.mkIf (cfg.dataDir == "/var/lib/pixelfed") "pixelfed";
User = user;
Group = group;
Restart = "on-failure";
};
};
systemd.timers.pixelfed-cron = {
description = "Pixelfed periodic tasks timer";
after = [ "pixelfed-data-setup.service" ];
requires = [ "phpfpm-pixelfed.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.schedulerInterval;
OnUnitActiveSec = cfg.schedulerInterval;
};
};
systemd.services.pixelfed-cron = {
description = "Pixelfed periodic tasks";
# Ensure image optimizations programs are available.
path = extraPrograms;
serviceConfig = {
ExecStart = "${pixelfed-manage}/bin/pixelfed-manage schedule:run";
User = user;
Group = group;
StateDirectory = cfg.dataDir;
};
};
systemd.services.pixelfed-data-setup = {
description =
"Pixelfed setup: migrations, environment file update, cache reload, data changes";
wantedBy = [ "multi-user.target" ];
after = lib.optional cfg.database.createLocally dbService;
requires = lib.optional cfg.database.createLocally dbService;
path = with pkgs; [ bash pixelfed-manage rsync ] ++ extraPrograms;
serviceConfig = {
Type = "oneshot";
User = user;
Group = group;
StateDirectory =
lib.mkIf (cfg.dataDir == "/var/lib/pixelfed") "pixelfed";
LoadCredential = "env-secrets:${cfg.secretFile}";
UMask = "077";
};
script = ''
# Concatenate non-secret .env and secret .env
rm -f ${cfg.dataDir}/.env
cp --no-preserve=all ${configFile} ${cfg.dataDir}/.env
echo -e '\n' >> ${cfg.dataDir}/.env
cat "$CREDENTIALS_DIRECTORY/env-secrets" >> ${cfg.dataDir}/.env
# Link the static storage (package provided) to the runtime storage
# Necessary for cities.json and static images.
mkdir -p ${cfg.dataDir}/storage
rsync -av --no-perms ${pixelfed}/storage-static/ ${cfg.dataDir}/storage
chmod -R +w ${cfg.dataDir}/storage
# Link the app.php in the runtime folder.
# We cannot link the cache folder only because bootstrap folder needs to be writeable.
ln -sf ${pixelfed}/bootstrap-static/app.php ${cfg.runtimeDir}/app.php
# https://laravel.com/docs/10.x/filesystem#the-public-disk
# Creating the public/storage → storage/app/public link
# is unnecessary as it's part of the installPhase of pixelfed.
# Install Horizon
# FIXME: require write access to public/ — should be done as part of install — pixelfed-manage horizon:publish
# Before running any PHP program, cleanup the bootstrap.
# It's necessary if you upgrade the application otherwise you might
# try to import non-existent modules.
rm -rf ${cfg.runtimeDir}/bootstrap/*
# Perform the first migration.
[[ ! -f ${cfg.dataDir}/.initial-migration ]] && pixelfed-manage migrate --force && touch ${cfg.dataDir}/.initial-migration
${lib.optionalString cfg.database.automaticMigrations ''
# Force migrate the database.
pixelfed-manage migrate --force
''}
# Import location data
pixelfed-manage import:cities
${lib.optionalString cfg.settings.ACTIVITY_PUB ''
# ActivityPub federation bookkeeping
[[ ! -f ${cfg.dataDir}/.instance-actor-created ]] && pixelfed-manage instance:actor && touch ${cfg.dataDir}/.instance-actor-created
''}
${lib.optionalString cfg.settings.OAUTH_ENABLED ''
# Generate Passport encryption keys
[[ ! -f ${cfg.dataDir}/.passport-keys-generated ]] && pixelfed-manage passport:keys && touch ${cfg.dataDir}/.passport-keys-generated
''}
pixelfed-manage route:cache
pixelfed-manage view:cache
pixelfed-manage config:cache
'';
};
systemd.tmpfiles.rules = [
# Cache must live across multiple systemd units runtimes.
"d ${cfg.runtimeDir}/ 0700 ${user} ${group} - -"
"d ${cfg.runtimeDir}/cache 0700 ${user} ${group} - -"
];
# Enable NGINX to access our phpfpm-socket.
users.users."${config.services.nginx.group}".extraGroups = [ cfg.group ];
services.nginx = mkIf (cfg.nginx != null) {
enable = true;
virtualHosts."${cfg.domain}" = mkMerge [
cfg.nginx
{
root = lib.mkForce "${pixelfed}/public/";
locations."/".tryFiles = "$uri $uri/ /index.php?query_string";
locations."/favicon.ico".extraConfig = ''
access_log off; log_not_found off;
'';
locations."/robots.txt".extraConfig = ''
access_log off; log_not_found off;
'';
locations."~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.pixelfed.socket};
fastcgi_index index.php;
'';
locations."~ /\\.(?!well-known).*".extraConfig = ''
deny all;
'';
extraConfig = ''
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
error_page 404 /index.php;
client_max_body_size ${toString cfg.maxUploadSize};
'';
}
];
};
};
}

2
nixos/modules/services/web-apps/wiki-js.nix
View File

@ -133,7 +133,7 @@ in {
WorkingDirectory = "/var/lib/${cfg.stateDirectoryName}";
DynamicUser = true;
PrivateTmp = true;
ExecStart = "${pkgs.nodejs_16}/bin/node ${pkgs.wiki-js}/server";
ExecStart = "${pkgs.nodejs_18}/bin/node ${pkgs.wiki-js}/server";
};
};
};

3
nixos/modules/system/boot/stage-1-init.sh
View File

@ -293,6 +293,9 @@ checkFS() {
# Skip fsck for inherently readonly filesystems.
if [ "$fsType" = squashfs ]; then return 0; fi
# Skip fsck.erofs because it is still experimental.
if [ "$fsType" = erofs ]; then return 0; fi
# If we couldn't figure out the FS type, then skip fsck.
if [ "$fsType" = auto ]; then
echo 'cannot check filesystem with type "auto"!'

21
nixos/modules/tasks/filesystems/erofs.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let
inInitrd = lib.any (fs: fs == "erofs") config.boot.initrd.supportedFilesystems;
inSystem = lib.any (fs: fs == "erofs") config.boot.supportedFilesystems;
in
{
config = lib.mkIf (inInitrd || inSystem) {
system.fsPackages = [ pkgs.erofs-utils ];
boot.initrd.availableKernelModules = lib.mkIf inInitrd [ "erofs" ];
# fsck.erofs is currently experimental and should not be run as a
# privileged user. Thus, it is not included in the initrd.
};
}

2
nixos/tests/all-tests.nix
View File

@ -432,6 +432,7 @@ in {
man = handleTest ./man.nix {};
mariadb-galera = handleTest ./mysql/mariadb-galera.nix {};
mastodon = discoverTests (import ./web-apps/mastodon { inherit handleTestOn; });
pixelfed = discoverTests (import ./web-apps/pixelfed { inherit handleTestOn; });
mate = handleTest ./mate.nix {};
matomo = handleTest ./matomo.nix {};
matrix-appservice-irc = handleTest ./matrix/appservice-irc.nix {};
@ -688,6 +689,7 @@ in {
sudo = handleTest ./sudo.nix {};
swap-file-btrfs = handleTest ./swap-file-btrfs.nix {};
swap-partition = handleTest ./swap-partition.nix {};
swap-random-encryption = handleTest ./swap-random-encryption.nix {};
sway = handleTest ./sway.nix {};
switchTest = handleTest ./switch-test.nix {};
sympa = handleTest ./sympa.nix {};

139
nixos/tests/non-default-filesystems.nix
View File

@ -1,55 +1,106 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
{
name = "non-default-filesystems";
nodes.machine =
{ config, pkgs, lib, ... }:
let
disk = config.virtualisation.rootDevice;
in
btrfs = makeTest
{
virtualisation.rootDevice = "/dev/vda";
virtualisation.useDefaultFilesystems = false;
name = "non-default-filesystems-btrfs";
boot.initrd.availableKernelModules = [ "btrfs" ];
boot.supportedFilesystems = [ "btrfs" ];
nodes.machine =
{ config, pkgs, lib, ... }:
let
disk = config.virtualisation.rootDevice;
in
{
virtualisation.rootDevice = "/dev/vda";
virtualisation.useDefaultFilesystems = false;
boot.initrd.postDeviceCommands = ''
FSTYPE=$(blkid -o value -s TYPE ${disk} || true)
if test -z "$FSTYPE"; then
modprobe btrfs
${pkgs.btrfs-progs}/bin/mkfs.btrfs ${disk}
boot.initrd.availableKernelModules = [ "btrfs" ];
boot.supportedFilesystems = [ "btrfs" ];
mkdir /nixos
mount -t btrfs ${disk} /nixos
boot.initrd.postDeviceCommands = ''
FSTYPE=$(blkid -o value -s TYPE ${disk} || true)
if test -z "$FSTYPE"; then
modprobe btrfs
${pkgs.btrfs-progs}/bin/mkfs.btrfs ${disk}
${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/root
${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/home
mkdir /nixos
mount -t btrfs ${disk} /nixos
umount /nixos
fi
${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/root
${pkgs.btrfs-progs}/bin/btrfs subvolume create /nixos/home
umount /nixos
fi
'';
virtualisation.fileSystems = {
"/" = {
device = disk;
fsType = "btrfs";
options = [ "subvol=/root" ];
};
"/home" = {
device = disk;
fsType = "btrfs";
options = [ "subvol=/home" ];
};
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
with subtest("BTRFS filesystems are mounted correctly"):
machine.succeed("grep -E '/dev/vda / btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/root 0 0' /proc/mounts")
machine.succeed("grep -E '/dev/vda /home btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/home 0 0' /proc/mounts")
'';
virtualisation.fileSystems = {
"/" = {
device = disk;
fsType = "btrfs";
options = [ "subvol=/root" ];
};
"/home" = {
device = disk;
fsType = "btrfs";
options = [ "subvol=/home" ];
};
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
erofs =
let
fsImage = "/tmp/non-default-filesystem.img";
in
makeTest {
name = "non-default-filesystems-erofs";
with subtest("BTRFS filesystems are mounted correctly"):
machine.succeed("grep -E '/dev/vda / btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/root 0 0' /proc/mounts")
machine.succeed("grep -E '/dev/vda /home btrfs rw,relatime,space_cache=v2,subvolid=[0-9]+,subvol=/home 0 0' /proc/mounts")
'';
})
nodes.machine = _: {
virtualisation.qemu.drives = [{
name = "non-default-filesystem";
file = fsImage;
}];
virtualisation.fileSystems."/non-default" = {
device = "/dev/vdb";
fsType = "erofs";
neededForBoot = true;
};
};
testScript = ''
import subprocess
import tempfile
with tempfile.TemporaryDirectory() as tmp_dir:
with open(f"{tmp_dir}/filesystem", "w") as f:
f.write("erofs")
subprocess.run([
"${pkgs.erofs-utils}/bin/mkfs.erofs",
"${fsImage}",
tmp_dir,
])
machine.start()
machine.wait_for_unit("default.target")
file_contents = machine.succeed("cat /non-default/filesystem")
assert "erofs" in file_contents
'';
};
}

80
nixos/tests/swap-random-encryption.nix Normal file
View File

@ -0,0 +1,80 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "swap-random-encryption";
nodes.machine =
{ config, pkgs, lib, ... }:
{
environment.systemPackages = [ pkgs.cryptsetup ];
virtualisation.useDefaultFilesystems = false;
virtualisation.rootDevice = "/dev/vda1";
boot.initrd.postDeviceCommands = ''
if ! test -b /dev/vda1; then
${pkgs.parted}/bin/parted --script /dev/vda -- mklabel msdos
${pkgs.parted}/bin/parted --script /dev/vda -- mkpart primary 1MiB -250MiB
${pkgs.parted}/bin/parted --script /dev/vda -- mkpart primary -250MiB 100%
sync
fi
FSTYPE=$(blkid -o value -s TYPE /dev/vda1 || true)
if test -z "$FSTYPE"; then
${pkgs.e2fsprogs}/bin/mke2fs -t ext4 -L root /dev/vda1
fi
'';
virtualisation.fileSystems = {
"/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
};
};
swapDevices = [
{
device = "/dev/vda2";
randomEncryption = {
enable = true;
cipher = "aes-xts-plain64";
keySize = 512;
sectorSize = 4096;
};
}
];
};
testScript = ''
machine.wait_for_unit("multi-user.target")
with subtest("Swap is active"):
# Doesn't matter if the numbers reported by `free` are slightly off due to unit conversions.
machine.succeed("free -h | grep -E 'Swap:\s+2[45][0-9]Mi'")
with subtest("Swap device has 4k sector size"):
import json
result = json.loads(machine.succeed("lsblk -Jo PHY-SEC,LOG-SEC /dev/mapper/dev-vda2"))
block_devices = result["blockdevices"]
if len(block_devices) != 1:
raise Exception ("lsblk output did not report exactly one block device")
swapDevice = block_devices[0];
if not (swapDevice["phy-sec"] == 4096 and swapDevice["log-sec"] == 4096):
raise Exception ("swap device does not have the sector size specified in the configuration")
with subtest("Swap encrypt has assigned cipher and keysize"):
import re
results = machine.succeed("cryptsetup status dev-vda2").splitlines()
cipher_pattern = re.compile(r"\s*cipher:\s+aes-xts-plain64\s*")
if not any(cipher_pattern.fullmatch(line) for line in results):
raise Exception ("swap device encryption does not use the cipher specified in the configuration")
key_size_pattern = re.compile(r"\s*keysize:\s+512\s+bits\s*")
if not any(key_size_pattern.fullmatch(line) for line in results):
raise Exception ("swap device encryption does not use the key size specified in the configuration")
'';
})

8
nixos/tests/web-apps/pixelfed/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ system ? builtins.currentSystem, handleTestOn }:
let
supportedSystems = [ "x86_64-linux" "i686-linux" ];
in
{
standard = handleTestOn supportedSystems ./standard.nix { inherit system; };
}

38
nixos/tests/web-apps/pixelfed/standard.nix Normal file
View File

@ -0,0 +1,38 @@
import ../../make-test-python.nix ({pkgs, ...}:
{
name = "pixelfed-standard";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes = {
server = { pkgs, ... }: {
services.pixelfed = {
enable = true;
domain = "pixelfed.local";
# Configure NGINX.
nginx = {};
secretFile = (pkgs.writeText "secrets.env" ''
# Snakeoil secret, can be any random 32-chars secret via CSPRNG.
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
'');
settings."FORCE_HTTPS_URLS" = false;
};
};
};
testScript = ''
# Wait for Pixelfed PHP pool
server.wait_for_unit("phpfpm-pixelfed.service")
# Wait for NGINX
server.wait_for_unit("nginx.service")
# Wait for HTTP port
server.wait_for_open_port(80)
# Access the homepage.
server.succeed("curl -H 'Host: pixelfed.local' http://localhost")
# Create an account
server.succeed("pixelfed-manage user:create --name=test --username=test --email=test@test.com --password=test")
# Create a OAuth token.
# TODO: figure out how to use it to send a image/toot
# server.succeed("pixelfed-manage passport:client --personal")
# server.succeed("curl -H 'Host: pixefed.local' -H 'Accept: application/json' -H 'Authorization: Bearer secret' -F'status'='test' http://localhost/api/v1/statuses")
'';
})

4
pkgs/applications/misc/logseq/default.nix
View File

@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
pname = "logseq";
version = "0.9.4";
version = "0.9.6";
src = fetchurl {
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
hash = "sha256-K04iIa/WnRtcHwRUHJbKqXO9c4l5xwHPvnwN5WX/Row=";
hash = "sha256-YC6oUKD48mKlX/bHWPMKm+0Ub0/5dnXmBFnVIGqzb/g=";
name = "${pname}-${version}.AppImage";
};

10
pkgs/applications/misc/wbg/default.nix
View File

@ -11,21 +11,23 @@
, wayland-protocols
, enablePNG ? true
, enableJPEG ? true
, enableWebp ? true
# Optional dependencies
, libpng
, libjpeg
, libwebp
}:
stdenv.mkDerivation rec {
pname = "wbg";
version = "1.0.2";
version = "1.1.0";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "dnkl";
repo = "wbg";
rev = version;
sha256 = "sha256-PKEOWRcSAB4Uv5TfameQIEZh6s6xCGdyoZ13etL1TKA=";
sha256 = "sha256-JJIIqSc0qHgjtpGKai8p6vihXg16unsO7vW91pioAmc=";
};
nativeBuildInputs = [
@ -41,13 +43,15 @@ stdenv.mkDerivation rec {
wayland
wayland-protocols
] ++ lib.optional enablePNG libpng
++ lib.optional enableJPEG libjpeg;
++ lib.optional enableJPEG libjpeg
++ lib.optional enableWebp libwebp;
mesonBuildType = "release";
mesonFlags = [
(lib.mesonEnable "png" enablePNG)
(lib.mesonEnable "jpeg" enableJPEG)
(lib.mesonEnable "webp" enableWebp)
];
meta = with lib; {

8
pkgs/applications/networking/cluster/cni/plugins.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "cni-plugins";
version = "1.2.0";
version = "1.3.0";
src = fetchFromGitHub {
owner = "containernetworking";
repo = "plugins";
rev = "v${version}";
sha256 = "sha256-p6gvXn8v7KZMiCPj2EQlk/2au1nZ6EJlLxcMZHzlEp8=";
hash = "sha256-cbmG9wK3yd79jCiNAKcSSx0COyh6CxR1bgIiCO3i++g=";
};
vendorSha256 = null;
vendorHash = null;
doCheck = false;
@ -30,6 +30,7 @@ buildGoModule rec {
"plugins/main/loopback"
"plugins/main/macvlan"
"plugins/main/ptp"
"plugins/main/tap"
"plugins/main/vlan"
"plugins/meta/bandwidth"
"plugins/meta/firewall"
@ -42,6 +43,7 @@ buildGoModule rec {
passthru.tests = { inherit (nixosTests) cri-o; };
meta = with lib; {
changelog = "https://github.com/containernetworking/plugins/releases/tag/${src.rev}";
description = "Some standard networking plugins, maintained by the CNI team";
homepage = "https://www.cni.dev/plugins/";
license = licenses.asl20;

10
pkgs/applications/networking/instant-messengers/fluffychat/default.nix
View File

@ -3,21 +3,22 @@
, imagemagick
, flutter37
, makeDesktopItem
, gnome
}:
flutter37.buildFlutterApplication rec {
version = "1.11.0";
version = "1.11.2";
name = "fluffychat";
src = fetchFromGitLab {
owner = "famedly";
repo = "fluffychat";
rev = "v${version}";
hash = "sha256-Z7BOGsirBVQxRJY4kmskCmPeZloc41/bf4/ExoO8VBk=";
hash = "sha256-vHzZDkSgxcZf3y/+A645hxBverm34J5xNnNwyxnSVUA=";
};
depsListFile = ./deps.json;
vendorHash = "sha256-axByNptbzGR7GQT4Gs2yaEyUCkCbI9RQNNOHN7CYd9A=";
vendorHash = "sha256-u8YI4UBnEfPpvjBfhbo4LGolb56w94EiUlnLlYITdXQ=";
desktopItem = makeDesktopItem {
name = "Fluffychat";
@ -27,8 +28,9 @@ flutter37.buildFlutterApplication rec {
genericName = "Chat with your friends (matrix client)";
categories = [ "Chat" "Network" "InstantMessaging" ];
};
nativeBuildInputs = [ imagemagick ];
nativeBuildInputs = [ imagemagick ];
extraWrapProgramArgs = "--prefix PATH : ${gnome.zenity}/bin";
postInstall = ''
FAV=$out/app/data/flutter_assets/assets/favicon.png
ICO=$out/share/icons

2
pkgs/applications/networking/instant-messengers/fluffychat/deps.json generated
View File

@ -1,7 +1,7 @@
[
{
"name": "fluffychat",
"version": "1.11.0+3254",
"version": "1.11.2+3360",
"kind": "root",
"source": "root",
"dependencies": [

8
pkgs/applications/networking/mailreaders/neomutt/default.nix
View File

@ -1,19 +1,19 @@
{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which
, ncurses, perl , cyrus_sasl, gss, gpgme, libkrb5, libidn, libxml2, notmuch, openssl
, ncurses, perl , cyrus_sasl, gss, gpgme, libkrb5, libidn2, libxml2, notmuch, openssl
, lua, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, w3m, mailcap, sqlite, zlib, lndir
, pkg-config, zstd, enableZstd ? true, enableMixmaster ? false, enableLua ? false
, withContrib ? true
}:
stdenv.mkDerivation rec {
version = "20230407";
version = "20230512";
pname = "neomutt";
src = fetchFromGitHub {
owner = "neomutt";
repo = "neomutt";
rev = version;
sha256 = "sha256-cTZua1AbLMjkMhlUk2aMttj6HdwpJYnRYPuvukSxfwc=";
sha256 = "sha256-/NeY9WrPXg6sSM1jnjgQKL7vSn8dTrAnvj229KcEEro=";
};
patches = [
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
];
buildInputs = [
cyrus_sasl gss gpgme libkrb5 libidn ncurses
cyrus_sasl gss gpgme libkrb5 libidn2 ncurses
notmuch openssl perl lmdb
mailcap sqlite
]

6
pkgs/applications/office/treesheets/default.nix
View File

@ -12,13 +12,13 @@
stdenv.mkDerivation rec {
pname = "treesheets";
version = "unstable-2023-05-04";
version = "unstable-2023-05-13";
src = fetchFromGitHub {
owner = "aardappel";
repo = "treesheets";
rev = "3694b16809daaa59b9198cd9645662e2a8cf4650";
sha256 = "NShLLBTBS88UXWWjsSeMVxj8HnnN4yA8gmz83wdpIzE=";
rev = "c48cc033c941fb1898e12189e96188a98df69b96";
sha256 = "EzLhsuDY/H3t69nuwWj/3fxJdAX6ze/IB/i5WsVJmOo=";
};
nativeBuildInputs = [

9
pkgs/applications/radio/cloudlog/default.nix
View File

@ -3,7 +3,8 @@
, fetchFromGitHub
, nix-update-script
, nixosTests
, php}:
, php
}:
stdenvNoCC.mkDerivation rec {
pname = "cloudlog";
@ -34,11 +35,7 @@ stdenvNoCC.mkDerivation rec {
};
meta = with lib; {
description = ''
Web based amateur radio logging application built using PHP & MySQL
supports general station logging tasks from HF to Microwave with
supporting applications to support CAT control.
'';
description = "Web based amateur radio logging application built using PHP & MySQL";
license = licenses.mit;
homepage = "https://www.magicbug.co.uk/cloudlog";
platforms = php.meta.platforms;

38
pkgs/applications/video/open-in-mpv/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "open-in-mpv";
version = "2.1.0";
src = fetchFromGitHub {
owner = "Baldomo";
repo = "open-in-mpv";
rev = "v${version}";
hash = "sha256-3Fsa3AwiHsb8VcKa4a/RKyYu+CD5nEX0nIXENhBZCWk=";
};
vendorHash = "sha256-G6GZO2+CfEAYcf7zBcqDa808A0eJjM8dq7+4VGZ+P4c=";
ldflags = [ "-s" "-w" ];
postInstall = ''
install -Dm444 -t $out/share/applications scripts/open-in-mpv.desktop
'';
meta = with lib; {
description = "Simple web extension to open videos in mpv";
longDescription = ''
To function the browser extension must be installed and open-in-mpv must be set as the default scheme-handler for mpv:// eg.:
xdg-mime default open-in-mpv.desktop x-scheme-handler/mpv
https://addons.mozilla.org/en-US/firefox/addon/iina-open-in-mpv/
https://chrome.google.com/webstore/detail/open-in-mpv/ggijpepdpiehgbiknmfpfbhcalffjlbj
'';
homepage = "https://github.com/Baldomo/open-in-mpv";
license = licenses.gpl3Only;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

8
pkgs/applications/virtualization/crosvm/default.nix
View File

@ -4,18 +4,18 @@
rustPlatform.buildRustPackage rec {
pname = "crosvm";
version = "112.0";
version = "113.0";
src = fetchgit {
url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";
rev = "014b853ebdba00c7bad751a37fa4271ff2a50d77";
sha256 = "qVfkNN6dHfMeDYMDvccU9PAz78Dh2ylL6UpoApoYKJw=";
rev = "f2871094c45bc3a8a2604cbba5b34da27d676af7";
sha256 = "seeqr453Qjk1MoYq2ZlPsgUOMaV7PbK4MKze2cl2NvI=";
fetchSubmodules = true;
};
separateDebugInfo = true;
cargoSha256 = "ath0x9dfQCWWU9+zKyYLC6Q/QXupifHhdQxrS+N2UWw=";
cargoSha256 = "hGhYzynNvsaSQO2lSEh/OGWkeE8bEinwb0QxX87TQU0=";
nativeBuildInputs = [
pkg-config protobuf python3 rustPlatform.bindgenHook wayland-scanner

4
pkgs/build-support/flutter/default.nix
View File

@ -21,6 +21,7 @@
, nativeBuildInputs ? [ ]
, preUnpack ? ""
, postFixup ? ""
, extraWrapProgramArgs ? ""
, ...
}@args:
let
@ -121,7 +122,8 @@ let
# which is not what application authors expect.
for f in "$out"/bin/*; do
wrapProgram "$f" \
--suffix LD_LIBRARY_PATH : '${lib.makeLibraryPath finalAttrs.runtimeDependencies}'
--suffix LD_LIBRARY_PATH : '${lib.makeLibraryPath finalAttrs.runtimeDependencies}' \
${extraWrapProgramArgs}
done
${postFixup}

4
pkgs/data/fonts/terminus-font-ttf/default.nix
View File

@ -2,11 +2,11 @@
stdenvNoCC.mkDerivation rec {
pname = "terminus-font-ttf";
version = "4.49.1";
version = "4.49.3";
src = fetchzip {
url = "https://files.ax86.net/terminus-ttf/files/${version}/terminus-ttf-${version}.zip";
hash = "sha256-NKswkZR05V21mszT56S2x85k//qhfzRShhepYaAybDc=";
hash = "sha256-dK7MH4I1RhsIGzcnRA+7f3P5oi9B63RA+uASVDNtxNI=";
};
installPhase = ''

11
pkgs/development/beam-modules/elixir-ls/default.nix
View File

@ -1,16 +1,15 @@
{ lib, elixir, fetchFromGitHub, fetchMixDeps, mixRelease }:
{ lib, elixir, fetchFromGitHub, fetchMixDeps, mixRelease, nix-update-script }:
# Based on the work of Hauleth
# None of this would have happened without him
let
pname = "elixir-ls";
pinData = lib.importJSON ./pin.json;
version = pinData.version;
version = "0.14.6";
src = fetchFromGitHub {
owner = "elixir-lsp";
repo = "elixir-ls";
rev = "v${version}";
sha256 = pinData.sha256;
hash = "sha256-O977DZLWPyLafIaOTPZKI4MOtK9E9TDProf2xyk05aI";
fetchSubmodules = true;
};
in
@ -20,7 +19,7 @@ mixRelease {
mixFodDeps = fetchMixDeps {
pname = "mix-deps-${pname}";
inherit src version elixir;
sha256 = pinData.depsSha256;
sha256 = "sha256-jF1Plkz1D85aWkiNgeBlJmHndhr7us+8+m/gMkXHvDw=";
};
# elixir-ls is an umbrella app
@ -71,5 +70,5 @@ mixRelease {
platforms = platforms.unix;
maintainers = teams.beam.members;
};
passthru.updateScript = ./update.sh;
passthru.updateScript = nix-update-script { };
}

5
pkgs/development/beam-modules/elixir-ls/pin.json
View File

@ -1,5 +0,0 @@
{
"version": "0.14.5",
"sha256": "sha256-F0c1vyeie8sf11SHfDKb8v1DZ5No3Rr3PPj3jMg0veg=",
"depsSha256": "sha256-/lKZ9Ns32A/elJTez72mH2tZ7ujwEX9p4FIKHpfGq78="
}

31
pkgs/development/beam-modules/elixir-ls/update.sh
View File

@ -1,31 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i oil -p jq sd nix-prefetch-github ripgrep
# TODO set to `verbose` or `extdebug` once implemented in oil
set -x
const directory = $(dirname $0 | xargs realpath)
const owner = "elixir-lsp"
const repo = "elixir-ls"
const latest_rev = $(curl -q https://api.github.com/repos/${owner}/${repo}/releases/latest | \
jq -r '.tag_name')
const latest_version = $(echo $latest_rev | sd 'v' '')
const current_version = $(jq -r '.version' $directory/pin.json)
if ("$latest_version" === "$current_version") {
echo "elixir-ls is already up-to-date"
return 0
} else {
const tarball_meta = $(nix-prefetch-github $owner $repo --rev "$latest_rev")
const tarball_hash = "sha256-$(echo $tarball_meta | jq -r '.sha256')"
const sha256s = $(rg '"sha256-.+"' $directory/default.nix | sd '.+"(.+)";' '$1' )
jq ".version = \"$latest_version\" | \
.\"sha256\" = \"$tarball_hash\" | \
.\"depsSha256\" = \"\"" $directory/pin.json | sponge $directory/pin.json
const new_mix_hash = $(nix-build -A elixir-ls.mixFodDeps 2>&1 | \
tail -n 1 | \
sd '\s+got:\s+' '')
jq ".depsSha256 = \"$new_mix_hash\"" $directory/pin.json | sponge $directory/pin.json
}

2
pkgs/development/compilers/mruby/default.nix
View File

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
# Necessary so it uses `gcc` instead of `ld` for linking.
# https://github.com/mruby/mruby/blob/35be8b252495d92ca811d76996f03c470ee33380/tasks/toolchains/gcc.rake#L25
preBuild = if stdenv.isLinux then "unset LD" else null;
preBuild = "unset LD";
installPhase = ''
mkdir $out

10
pkgs/development/python-modules/langchain/default.nix
View File

@ -53,6 +53,8 @@
, lark
, jq
, protobuf
, steamship
, pdfminer-six
# test dependencies
, pytest-vcr
, pytest-asyncio
@ -67,7 +69,7 @@
buildPythonPackage rec {
pname = "langchain";
version = "0.0.166";
version = "0.0.168";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -76,7 +78,7 @@ buildPythonPackage rec {
owner = "hwchase17";
repo = "langchain";
rev = "refs/tags/v${version}";
hash = "sha256-i6CvboYZigky49a7X8RuQH2EfcucJPtEtFEzZxaNJG8=";
hash = "sha256-2L5yFkXr6dioEP1QAMXWX6x+IRbGUIW3cxLLxJJjkMI=";
};
postPatch = ''
@ -194,6 +196,8 @@ buildPythonPackage rec {
# docarray
protobuf
# hnswlib
steamship
pdfminer-six
];
};
@ -210,7 +214,7 @@ buildPythonPackage rec {
pytestFlagsArray = [
# integration_tests have many network, db access and require `OPENAI_API_KEY`, etc.
"--ignore=tests/integration_tests"
"tests/unit_tests"
];
disabledTests = [

11
pkgs/development/python-modules/python-mapnik/default.nix
View File

@ -8,7 +8,7 @@
, pillow
, pycairo
, pkg-config
, boost
, boost182
, cairo
, harfbuzz
, icu
@ -23,6 +23,7 @@
, sqlite
, nose
, pytestCheckHook
, stdenv
}:
buildPythonPackage rec {
@ -60,7 +61,7 @@ buildPythonPackage rec {
buildInputs = [
mapnik
boost
boost182
cairo
harfbuzz
icu
@ -98,6 +99,9 @@ buildPythonPackage rec {
preCheck = ''
# import from $out
rm -r mapnik
'' + lib.optionalString stdenv.isDarwin ''
# Replace the hardcoded /tmp references with $TMPDIR
sed -i "s,/tmp,$TMPDIR,g" test/python_tests/*.py
'';
# https://github.com/mapnik/python-mapnik/issues/255
@ -106,6 +110,7 @@ buildPythonPackage rec {
"test_compare_map"
"test_dataraster_coloring"
"test_dataraster_query_point"
"test_geometry_type"
"test_good_files"
"test_layer_init"
"test_load_save_map"
@ -128,6 +133,8 @@ buildPythonPackage rec {
"test_visual_zoom_all_rendering1"
"test_visual_zoom_all_rendering2"
"test_wgs84_inverse_forward"
] ++ lib.optional stdenv.isDarwin [
"test_passing_pycairo_context_pdf"
];
pythonImportsCheck = [ "mapnik" ];

62
pkgs/development/python-modules/steamship/default.nix Normal file
View File

@ -0,0 +1,62 @@
{ lib
, buildPythonPackage
, fetchPypi
, setuptools-scm
, pythonRelaxDepsHook
, requests
, pydantic
, aiohttp
, inflection
, fluent-logger
, toml
, click
, semver
, tiktoken
}:
buildPythonPackage rec {
pname = "steamship";
version = "2.16.9";
format = "pyproject";
src = fetchPypi {
inherit pname version;
hash = "sha256-NHMrReRw8x7N7vy8BqmKx9fDfQYjlOWY7ChdLz+qGxQ=";
};
pythonRelaxDeps = [
"requests"
];
nativeBuildInputs = [
setuptools-scm
pythonRelaxDepsHook
];
propagatedBuildInputs = [
requests
pydantic
aiohttp
inflection
fluent-logger
toml
click
semver
tiktoken
];
# almost all tests require "steamship api key"
doCheck = false;
pythonImportsCheck = [
"steamship"
];
meta = with lib; {
description = "The fastest way to add language AI to your product";
homepage = "https://www.steamship.com/";
changelog = "https://github.com/steamship-core/python-client/releases/tag/${version}";
license = licenses.mit;
maintainers = with maintainers; [ natsukium ];
};
}

5
pkgs/development/tools/boomerang/default.nix
View File

@ -14,6 +14,11 @@ mkDerivation rec {
sha256 = "0xncdp0z8ry4lkzmvbj5d7hlzikivghpwicgywlv47spgh8ny0ix";
};
# Boomerang usually compiles with -Werror but has not been updated for newer
# compilers. Disable -Werror for now. Consider trying to remove this when
# updating this derivation.
NIX_CFLAGS_COMPILE = "-Wno-error";
nativeBuildInputs = [ cmake bison flex ];
buildInputs = [ qtbase capstone ];
patches = [

6
pkgs/development/tools/frugal/default.nix
View File

@ -2,18 +2,18 @@
buildGoModule rec {
pname = "frugal";
version = "3.16.18";
version = "3.16.19";
src = fetchFromGitHub {
owner = "Workiva";
repo = pname;
rev = "v${version}";
sha256 = "sha256-fIEHv0xO/dXof6ED99uCC0y8dF9fBkK5FFtvpoIfbKk=";
sha256 = "sha256-PEWjZeFIEfnAGVsv+oyF4R08FI+LzKBWlrlBmiXhJCQ=";
};
subPackages = [ "." ];
vendorHash = "sha256-vSUyxjVAmOKh4kcNoC25cDZEuparsJ7FDIslzOy8CNo=";
vendorHash = "sha256-OnPQZk+VpOx97mSNRx9lGtC03OXGGz9JwUSZYX0Ofkc=";
meta = with lib; {
description = "Thrift improved";

6
pkgs/development/tools/rust/cargo-semver-checks/default.nix
View File

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-semver-checks";
version = "0.20.0";
version = "0.20.1";
src = fetchFromGitHub {
owner = "obi1kenobi";
repo = pname;
rev = "v${version}";
sha256 = "sha256-z7mDGWU498KU6lEHqLhl0HdTA55Wz3RbZOlF6g1gwN4=";
sha256 = "sha256-pDyF8KCgAhugzTuMSVqfCda5kRAvJwR+OF+G+ZfjeDo=";
};
cargoSha256 = "sha256-JQdL4D6ECH8wLOCcAGm7HomJAfJD838KfI4/IRAeqD0=";
cargoSha256 = "sha256-zbraVGjEayJJcBH9/GVnTcQGLcNgxaRhbgdJeHCGEEo=";
nativeBuildInputs = [ pkg-config ];

6
pkgs/development/tools/sq/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "sq";
version = "0.33.0";
version = "0.35.0";
src = fetchFromGitHub {
owner = "neilotoole";
repo = pname;
rev = "v${version}";
sha256 = "sha256-1I6adQLbVx4Gj9rdocpEPyQagEpaI4a4sHUaSyntyGI=";
sha256 = "sha256-yCV/vn6c1FeHhPM+YCS6tr8M45SZiytrDjdocKVJ5Mk=";
};
vendorHash = "sha256-e14qz4KTD2aAl1G5wj2/T0cxocvscj0r+c8So+omA38=";
vendorHash = "sha256-SOnYK9JtP1V8Y6/GszU26kYM1e2xupBmHsJrVpRT2vc=";
proxyVendor = true;

6
pkgs/development/web/function-runner/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "function-runner";
version = "3.3.1";
version = "3.4.0";
src = fetchFromGitHub {
owner = "Shopify";
repo = pname;
rev = "v${version}";
sha256 = "sha256-bks73G9oZgZpkSbrRWD34+UcFOMkJJa4qkJIQxcx/Ao=";
sha256 = "sha256-oQtob1ugjMl8HoaHg9/2fhq8JG0xPU1Ht4OiSLOa96I=";
};
cargoHash = "sha256-V0lr1gqn8w4MrHQO5UVxUl+OdK/ODutAr+nMYHc+4hQ=";
cargoHash = "sha256-sUIbPW9lWirJUxy2AHENbPXYTQ1lkCtH4LyQ2pD4yXI=";
meta = with lib; {
description = "A CLI tool which allows you to run Wasm Functions intended for the Shopify Functions infrastructure";

16
pkgs/games/mindustry/default.nix
View File

@ -15,6 +15,7 @@
, alsa-lib
, alsa-plugins
, glew
, glew-egl
# for soloud
, libpulseaudio ? null
@ -30,6 +31,8 @@
, makeBuildVersion ? (v: v)
, enableClient ? true
, enableServer ? true
, enableWayland ? false
}:
let
@ -37,6 +40,8 @@ let
version = "143.1";
buildVersion = makeBuildVersion version;
selectedGlew = if enableWayland then glew-egl else glew;
Mindustry = fetchFromGitHub {
owner = "Anuken";
repo = "Mindustry";
@ -139,7 +144,7 @@ stdenv.mkDerivation rec {
buildInputs = lib.optionals enableClient [
SDL2
glew
selectedGlew
alsa-lib
];
nativeBuildInputs = [
@ -171,7 +176,7 @@ stdenv.mkDerivation rec {
pushd ../Arc
gradle --offline --no-daemon jnigenBuild -Pbuildversion=${buildVersion}
gradle --offline --no-daemon jnigenJarNativesDesktop -Pbuildversion=${buildVersion}
glewlib=${lib.getLib glew}/lib/libGLEW.so
glewlib=${lib.getLib selectedGlew}/lib/libGLEW.so
sdllib=${lib.getLib SDL2}/lib/libSDL2.so
patchelf backends/backend-sdl/libs/linux64/libsdl-arc*.so \
--add-needed $glewlib \
@ -194,7 +199,10 @@ stdenv.mkDerivation rec {
makeWrapper ${jdk}/bin/java $out/bin/mindustry \
--add-flags "-jar $out/share/mindustry.jar" \
--suffix LD_LIBRARY_PATH : ${lib.makeLibraryPath [libpulseaudio alsa-lib libjack2]} \
--set ALSA_PLUGIN_DIR ${alsa-plugins}/lib/alsa-lib/
--set ALSA_PLUGIN_DIR ${alsa-plugins}/lib/alsa-lib/'' + optionalString enableWayland '' \
--set SDL_VIDEODRIVER wayland \
--set SDL_VIDEO_WAYLAND_WMCLASS Mindustry
'' + ''
# Retain runtime depends to prevent them from being cleaned up.
# Since a jar is a compressed archive, nix can't figure out that the dependency is actually in there,
@ -202,7 +210,7 @@ stdenv.mkDerivation rec {
# This can cause issues.
# See https://github.com/NixOS/nixpkgs/issues/109798.
echo "# Retained runtime dependencies: " >> $out/bin/mindustry
for dep in ${SDL2.out} ${alsa-lib.out} ${glew.out}; do
for dep in ${SDL2.out} ${alsa-lib.out} ${selectedGlew.out}; do
echo "# $dep" >> $out/bin/mindustry
done

8
pkgs/games/pokete/default.nix
View File

@ -3,11 +3,12 @@
, fetchFromGitHub
, testers
, pokete
, faketty
}:
python3.pkgs.buildPythonApplication rec {
pname = "pokete";
version = "0.9.0";
version = "0.9.1";
format = "other";
@ -15,7 +16,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "lxgr-linux";
repo = "pokete";
rev = "refs/tags/${version}";
sha256 = "sha256-55BqUSZJPDz5g1FTdkuWa9wcsrLwh6YagD5bQ9ZpQv4=";
sha256 = "sha256-T18908Einsgful8hYMVHl0cL4sIYFvhpy0MbLIcVhxs=";
};
pythonPath = with python3.pkgs; [
@ -41,7 +42,8 @@ python3.pkgs.buildPythonApplication rec {
passthru.tests = {
pokete-version = testers.testVersion {
package = pokete;
command = "pokete --help";
command = "${faketty}/bin/faketty pokete --help";
version = "v${version}";
};
};

1
pkgs/games/soi/default.nix
View File

@ -16,6 +16,7 @@ stdenv.mkDerivation rec {
cmakeFlags = [
"-DEIGEN_INCLUDE_DIR=${eigen2}/include/eigen2"
"-DLUABIND_LIBRARY=${luabind}/lib/libluabind09.a"
];
meta = with lib; {

1
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -315,6 +315,7 @@ let
DRM_AMD_DC_DCN2_1 = whenBetween "5.4" "5.6" yes;
DRM_AMD_DC_DCN3_0 = whenBetween "5.9" "5.11" yes;
DRM_AMD_DC_DCN = whenBetween "5.11" "6.4" yes;
DRM_AMD_DC_FP = whenAtLeast "6.4" yes;
DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes;
DRM_AMD_DC_SI = whenAtLeast "5.10" yes;
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {

270
pkgs/os-specific/linux/zfs/default.nix
View File

@ -1,270 +0,0 @@
{ pkgs, lib, stdenv, fetchFromGitHub, fetchpatch
, autoreconfHook269, util-linux, nukeReferences, coreutils
, perl, nixosTests
, configFile ? "all"
# Userspace dependencies
, zlib, libuuid, python3, attr, openssl
, libtirpc
, nfs-utils, samba
, gawk, gnugrep, gnused, systemd
, smartmontools, enableMail ? false
, sysstat, pkg-config
, curl
# Kernel dependencies
, kernel ? null
, enablePython ? true
# for determining the latest compatible linuxPackages
, linuxPackages_6_1 ? pkgs.linuxKernel.packages.linux_6_1
, linuxPackages_6_2 ? pkgs.linuxKernel.packages.linux_6_2
}:
let
inherit (lib) any optionalString optionals optional makeBinPath;
smartmon = smartmontools.override { inherit enableMail; };
buildKernel = any (n: n == configFile) [ "kernel" "all" ];
buildUser = any (n: n == configFile) [ "user" "all" ];
# XXX: You always want to build kernel modules with the same stdenv as the
# kernel was built with. However, since zfs can also be built for userspace we
# need to correctly pick between the provided/default stdenv, and the one used
# by the kernel.
# If you don't do this your ZFS builds will fail on any non-standard (e.g.
# clang-built) kernels.
stdenv' = if kernel == null then stdenv else kernel.stdenv;
common = { version
, sha256
, extraPatches ? []
, rev ? "zfs-${version}"
, isUnstable ? false
, latestCompatibleLinuxPackages
, kernelCompatible ? null }:
stdenv'.mkDerivation {
name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
src = fetchFromGitHub {
owner = "openzfs";
repo = "zfs";
inherit rev sha256;
};
patches = [
(fetchpatch {
name = "musl.patch";
url = "https://github.com/openzfs/zfs/commit/1f19826c9ac85835cbde61a7439d9d1fefe43a4a.patch";
sha256 = "XEaK227ubfOwlB2s851UvZ6xp/QOtYUWYsKTkEHzmo0=";
})
] ++ extraPatches;
postPatch = optionalString buildKernel ''
patchShebangs scripts
# The arrays must remain the same length, so we repeat a flag that is
# already part of the command and therefore has no effect.
substituteInPlace ./module/os/linux/zfs/zfs_ctldir.c \
--replace '"/usr/bin/env", "umount"' '"${util-linux}/bin/umount", "-n"' \
--replace '"/usr/bin/env", "mount"' '"${util-linux}/bin/mount", "-n"'
'' + optionalString buildUser ''
substituteInPlace ./lib/libshare/os/linux/nfs.c --replace "/usr/sbin/exportfs" "${
# We don't *need* python support, but we set it like this to minimize closure size:
# If it's disabled by default, no need to enable it, even if we have python enabled
# And if it's enabled by default, only change that if we explicitly disable python to remove python from the closure
nfs-utils.override (old: { enablePython = old.enablePython or true && enablePython; })
}/bin/exportfs"
substituteInPlace ./lib/libshare/smb.h --replace "/usr/bin/net" "${samba}/bin/net"
# Disable dynamic loading of libcurl
substituteInPlace ./config/user-libfetch.m4 --replace "curl-config --built-shared" "true"
substituteInPlace ./config/user-systemd.m4 --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
substituteInPlace ./config/zfs-build.m4 --replace "\$sysconfdir/init.d" "$out/etc/init.d" \
--replace "/etc/default" "$out/etc/default"
substituteInPlace ./etc/zfs/Makefile.am --replace "\$(sysconfdir)" "$out/etc"
substituteInPlace ./contrib/initramfs/hooks/Makefile.am \
--replace "/usr/share/initramfs-tools/hooks" "$out/usr/share/initramfs-tools/hooks"
substituteInPlace ./contrib/initramfs/Makefile.am \
--replace "/usr/share/initramfs-tools" "$out/usr/share/initramfs-tools"
substituteInPlace ./contrib/initramfs/scripts/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts" "$out/usr/share/initramfs-tools/scripts"
substituteInPlace ./contrib/initramfs/scripts/local-top/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts/local-top" "$out/usr/share/initramfs-tools/scripts/local-top"
substituteInPlace ./contrib/initramfs/scripts/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts" "$out/usr/share/initramfs-tools/scripts"
substituteInPlace ./contrib/initramfs/scripts/local-top/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts/local-top" "$out/usr/share/initramfs-tools/scripts/local-top"
substituteInPlace ./etc/systemd/system/Makefile.am \
--replace '$(DESTDIR)$(systemdunitdir)' "$out"'$(DESTDIR)$(systemdunitdir)'
substituteInPlace ./contrib/initramfs/conf.d/Makefile.am \
--replace "/usr/share/initramfs-tools/conf.d" "$out/usr/share/initramfs-tools/conf.d"
substituteInPlace ./contrib/initramfs/conf-hooks.d/Makefile.am \
--replace "/usr/share/initramfs-tools/conf-hooks.d" "$out/usr/share/initramfs-tools/conf-hooks.d"
substituteInPlace ./cmd/vdev_id/vdev_id \
--replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
"PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
'';
nativeBuildInputs = [ autoreconfHook269 nukeReferences ]
++ optionals buildKernel (kernel.moduleBuildDependencies ++ [ perl ])
++ optional buildUser pkg-config;
buildInputs = optionals buildUser [ zlib libuuid attr libtirpc ]
++ optional buildUser openssl
++ optional buildUser curl
++ optional (buildUser && enablePython) python3;
# for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
NIX_CFLAGS_LINK = "-lgcc_s";
hardeningDisable = [ "fortify" "stackprotector" "pic" ];
configureFlags = [
"--with-config=${configFile}"
"--with-tirpc=1"
(lib.withFeatureAs (buildUser && enablePython) "python" python3.interpreter)
] ++ optionals buildUser [
"--with-dracutdir=$(out)/lib/dracut"
"--with-udevdir=$(out)/lib/udev"
"--with-systemdunitdir=$(out)/etc/systemd/system"
"--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
"--with-systemdgeneratordir=$(out)/lib/systemd/system-generator"
"--with-mounthelperdir=$(out)/bin"
"--libexecdir=$(out)/libexec"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-systemd"
] ++ optionals buildKernel ([
"--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
"--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
] ++ kernel.makeFlags);
makeFlags = optionals buildKernel kernel.makeFlags;
enableParallelBuilding = true;
installFlags = [
"sysconfdir=\${out}/etc"
"DEFAULT_INITCONF_DIR=\${out}/default"
"INSTALL_MOD_PATH=\${out}"
];
# Enabling BTF causes zfs to be build with debug symbols.
# Since zfs compress kernel modules on installation, our strip hooks skip stripping them.
# Hence we strip modules prior to compression.
postBuild = optionalString buildKernel ''
find . -name "*.ko" -print0 | xargs -0 -P$NIX_BUILD_CORES ${stdenv.cc.targetPrefix}strip --strip-debug
'';
postInstall = optionalString buildKernel ''
# Add reference that cannot be detected due to compressed kernel module
mkdir -p "$out/nix-support"
echo "${util-linux}" >> "$out/nix-support/extra-refs"
'' + optionalString buildUser ''
# Remove provided services as they are buggy
rm $out/etc/systemd/system/zfs-import-*.service
sed -i '/zfs-import-scan.service/d' $out/etc/systemd/system/*
for i in $out/etc/systemd/system/*; do
substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
done
# Remove tests because they add a runtime dependency on gcc
rm -rf $out/share/zfs/zfs-tests
# Add Bash completions.
install -v -m444 -D -t $out/share/bash-completion/completions contrib/bash_completion.d/zfs
(cd $out/share/bash-completion/completions; ln -s zfs zpool)
'';
postFixup = let
path = "PATH=${makeBinPath [ coreutils gawk gnused gnugrep util-linux smartmon sysstat ]}:$PATH";
in ''
for i in $out/libexec/zfs/zpool.d/*; do
sed -i '2i${path}' $i
done
'';
outputs = [ "out" ] ++ optionals buildUser [ "dev" ];
passthru = {
inherit enableMail latestCompatibleLinuxPackages;
tests =
if isUnstable then [
nixosTests.zfs.unstable
] else [
nixosTests.zfs.installer
nixosTests.zfs.stable
];
};
meta = {
description = "ZFS Filesystem Linux Kernel module";
longDescription = ''
ZFS is a filesystem that combines a logical volume manager with a
Copy-On-Write filesystem with data integrity detection and repair,
snapshotting, cloning, block devices, deduplication, and more.
'';
homepage = "https://github.com/openzfs/zfs";
changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";
license = lib.licenses.cddl;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ];
mainProgram = "zfs";
# If your Linux kernel version is not yet supported by zfs, try zfsUnstable.
# On NixOS set the option boot.zfs.enableUnstable.
broken = buildKernel && (kernelCompatible != null) && !kernelCompatible;
};
};
in {
# also check if kernel version constraints in
# ./nixos/modules/tasks/filesystems/zfs.nix needs
# to be adapted
zfsStable = common {
# check the release notes for compatible kernels
kernelCompatible =
if stdenv'.isx86_64
then kernel.kernelOlder "6.3"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages =
if stdenv'.isx86_64
then linuxPackages_6_2
else linuxPackages_6_1;
# this package should point to the latest release.
version = "2.1.11";
sha256 = "tJLwyqUj1l5F0WKZDeMGrEFa8fc/axKqm31xtN51a5M=";
};
zfsUnstable = common {
# check the release notes for compatible kernels
# NOTE:
# zfs-2.1.9<=x<=2.1.10 is broken with aarch64-linux-6.2
# for future releases, please delete this condition.
kernelCompatible =
if stdenv'.isx86_64
then kernel.kernelOlder "6.3"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages =
if stdenv'.isx86_64
then linuxPackages_6_2
else linuxPackages_6_1;
# this package should point to a version / git revision compatible with the latest kernel release
# IMPORTANT: Always use a tagged release candidate or commits from the
# zfs-<version>-staging branch, because this is tested by the OpenZFS
# maintainers.
version = "2.1.12-staging-2023-04-18";
rev = "e25f9131d679692704c11dc0c1df6d4585b70c35";
sha256 = "tJLwyqUj1l5F0WKZDeMGrEFa8fc/axKqm31xtN51a5M=";
isUnstable = true;
};
}

222
pkgs/os-specific/linux/zfs/generic.nix Normal file
View File

@ -0,0 +1,222 @@
{ pkgs, lib, stdenv, fetchFromGitHub, fetchpatch
, autoreconfHook269, util-linux, nukeReferences, coreutils
, perl, nixosTests
, configFile ? "all"
# Userspace dependencies
, zlib, libuuid, python3, attr, openssl
, libtirpc
, nfs-utils, samba
, gawk, gnugrep, gnused, systemd
, smartmontools, enableMail ? false
, sysstat, pkg-config
, curl
# Kernel dependencies
, kernel ? null
, enablePython ? true
, ...
}:
{ version
, sha256
, extraPatches ? []
, rev ? "zfs-${version}"
, isUnstable ? false
, latestCompatibleLinuxPackages
, kernelCompatible ? null
}:
let
inherit (lib) any optionalString optionals optional makeBinPath;
smartmon = smartmontools.override { inherit enableMail; };
buildKernel = any (n: n == configFile) [ "kernel" "all" ];
buildUser = any (n: n == configFile) [ "user" "all" ];
# XXX: You always want to build kernel modules with the same stdenv as the
# kernel was built with. However, since zfs can also be built for userspace we
# need to correctly pick between the provided/default stdenv, and the one used
# by the kernel.
# If you don't do this your ZFS builds will fail on any non-standard (e.g.
# clang-built) kernels.
stdenv' = if kernel == null then stdenv else kernel.stdenv;
in
stdenv'.mkDerivation {
name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
src = fetchFromGitHub {
owner = "openzfs";
repo = "zfs";
inherit rev sha256;
};
patches = [
(fetchpatch {
name = "musl.patch";
url = "https://github.com/openzfs/zfs/commit/1f19826c9ac85835cbde61a7439d9d1fefe43a4a.patch";
sha256 = "XEaK227ubfOwlB2s851UvZ6xp/QOtYUWYsKTkEHzmo0=";
})
] ++ extraPatches;
postPatch = optionalString buildKernel ''
patchShebangs scripts
# The arrays must remain the same length, so we repeat a flag that is
# already part of the command and therefore has no effect.
substituteInPlace ./module/os/linux/zfs/zfs_ctldir.c \
--replace '"/usr/bin/env", "umount"' '"${util-linux}/bin/umount", "-n"' \
--replace '"/usr/bin/env", "mount"' '"${util-linux}/bin/mount", "-n"'
'' + optionalString buildUser ''
substituteInPlace ./lib/libshare/os/linux/nfs.c --replace "/usr/sbin/exportfs" "${
# We don't *need* python support, but we set it like this to minimize closure size:
# If it's disabled by default, no need to enable it, even if we have python enabled
# And if it's enabled by default, only change that if we explicitly disable python to remove python from the closure
nfs-utils.override (old: { enablePython = old.enablePython or true && enablePython; })
}/bin/exportfs"
substituteInPlace ./lib/libshare/smb.h --replace "/usr/bin/net" "${samba}/bin/net"
# Disable dynamic loading of libcurl
substituteInPlace ./config/user-libfetch.m4 --replace "curl-config --built-shared" "true"
substituteInPlace ./config/user-systemd.m4 --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
substituteInPlace ./config/zfs-build.m4 --replace "\$sysconfdir/init.d" "$out/etc/init.d" \
--replace "/etc/default" "$out/etc/default"
substituteInPlace ./etc/zfs/Makefile.am --replace "\$(sysconfdir)" "$out/etc"
substituteInPlace ./contrib/initramfs/hooks/Makefile.am \
--replace "/usr/share/initramfs-tools/hooks" "$out/usr/share/initramfs-tools/hooks"
substituteInPlace ./contrib/initramfs/Makefile.am \
--replace "/usr/share/initramfs-tools" "$out/usr/share/initramfs-tools"
substituteInPlace ./contrib/initramfs/scripts/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts" "$out/usr/share/initramfs-tools/scripts"
substituteInPlace ./contrib/initramfs/scripts/local-top/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts/local-top" "$out/usr/share/initramfs-tools/scripts/local-top"
substituteInPlace ./contrib/initramfs/scripts/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts" "$out/usr/share/initramfs-tools/scripts"
substituteInPlace ./contrib/initramfs/scripts/local-top/Makefile.am \
--replace "/usr/share/initramfs-tools/scripts/local-top" "$out/usr/share/initramfs-tools/scripts/local-top"
substituteInPlace ./etc/systemd/system/Makefile.am \
--replace '$(DESTDIR)$(systemdunitdir)' "$out"'$(DESTDIR)$(systemdunitdir)'
substituteInPlace ./contrib/initramfs/conf.d/Makefile.am \
--replace "/usr/share/initramfs-tools/conf.d" "$out/usr/share/initramfs-tools/conf.d"
substituteInPlace ./contrib/initramfs/conf-hooks.d/Makefile.am \
--replace "/usr/share/initramfs-tools/conf-hooks.d" "$out/usr/share/initramfs-tools/conf-hooks.d"
substituteInPlace ./cmd/vdev_id/vdev_id \
--replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
"PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
'';
nativeBuildInputs = [ autoreconfHook269 nukeReferences ]
++ optionals buildKernel (kernel.moduleBuildDependencies ++ [ perl ])
++ optional buildUser pkg-config;
buildInputs = optionals buildUser [ zlib libuuid attr libtirpc ]
++ optional buildUser openssl
++ optional buildUser curl
++ optional (buildUser && enablePython) python3;
# for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
NIX_CFLAGS_LINK = "-lgcc_s";
hardeningDisable = [ "fortify" "stackprotector" "pic" ];
configureFlags = [
"--with-config=${configFile}"
"--with-tirpc=1"
(lib.withFeatureAs (buildUser && enablePython) "python" python3.interpreter)
] ++ optionals buildUser [
"--with-dracutdir=$(out)/lib/dracut"
"--with-udevdir=$(out)/lib/udev"
"--with-systemdunitdir=$(out)/etc/systemd/system"
"--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
"--with-systemdgeneratordir=$(out)/lib/systemd/system-generator"
"--with-mounthelperdir=$(out)/bin"
"--libexecdir=$(out)/libexec"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-systemd"
] ++ optionals buildKernel ([
"--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
"--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
] ++ kernel.makeFlags);
makeFlags = optionals buildKernel kernel.makeFlags;
enableParallelBuilding = true;
installFlags = [
"sysconfdir=\${out}/etc"
"DEFAULT_INITCONF_DIR=\${out}/default"
"INSTALL_MOD_PATH=\${out}"
];
# Enabling BTF causes zfs to be build with debug symbols.
# Since zfs compress kernel modules on installation, our strip hooks skip stripping them.
# Hence we strip modules prior to compression.
postBuild = optionalString buildKernel ''
find . -name "*.ko" -print0 | xargs -0 -P$NIX_BUILD_CORES ${stdenv.cc.targetPrefix}strip --strip-debug
'';
postInstall = optionalString buildKernel ''
# Add reference that cannot be detected due to compressed kernel module
mkdir -p "$out/nix-support"
echo "${util-linux}" >> "$out/nix-support/extra-refs"
'' + optionalString buildUser ''
# Remove provided services as they are buggy
rm $out/etc/systemd/system/zfs-import-*.service
sed -i '/zfs-import-scan.service/d' $out/etc/systemd/system/*
for i in $out/etc/systemd/system/*; do
substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
done
# Remove tests because they add a runtime dependency on gcc
rm -rf $out/share/zfs/zfs-tests
# Add Bash completions.
install -v -m444 -D -t $out/share/bash-completion/completions contrib/bash_completion.d/zfs
(cd $out/share/bash-completion/completions; ln -s zfs zpool)
'';
postFixup = let
path = "PATH=${makeBinPath [ coreutils gawk gnused gnugrep util-linux smartmon sysstat ]}:$PATH";
in ''
for i in $out/libexec/zfs/zpool.d/*; do
sed -i '2i${path}' $i
done
'';
outputs = [ "out" ] ++ optionals buildUser [ "dev" ];
passthru = {
inherit enableMail latestCompatibleLinuxPackages;
tests =
if isUnstable then [
nixosTests.zfs.unstable
] else [
nixosTests.zfs.installer
nixosTests.zfs.stable
];
};
meta = {
description = "ZFS Filesystem Linux Kernel module";
longDescription = ''
ZFS is a filesystem that combines a logical volume manager with a
Copy-On-Write filesystem with data integrity detection and repair,
snapshotting, cloning, block devices, deduplication, and more.
'';
homepage = "https://github.com/openzfs/zfs";
changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";
license = lib.licenses.cddl;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ];
mainProgram = "zfs";
# If your Linux kernel version is not yet supported by zfs, try zfsUnstable.
# On NixOS set the option boot.zfs.enableUnstable.
broken = buildKernel && (kernelCompatible != null) && !kernelCompatible;
};
}

26
pkgs/os-specific/linux/zfs/stable.nix Normal file
View File

@ -0,0 +1,26 @@
{ callPackage
, kernel ? null
, stdenv
, linuxKernel
, ...
} @ args:
let
stdenv' = if kernel == null then stdenv else kernel.stdenv;
in
callPackage ./generic.nix args {
# check the release notes for compatible kernels
kernelCompatible =
if stdenv'.isx86_64
then kernel.kernelOlder "6.3"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages =
if stdenv'.isx86_64
then linuxKernel.packages.linux_6_1
else linuxKernel.packages.linux_6_2;
# this package should point to the latest release.
version = "2.1.11";
sha256 = "tJLwyqUj1l5F0WKZDeMGrEFa8fc/axKqm31xtN51a5M=";
}

34
pkgs/os-specific/linux/zfs/unstable.nix Normal file
View File

@ -0,0 +1,34 @@
{ callPackage
, kernel ? null
, stdenv
, linuxKernel
, ...
} @ args:
let
stdenv' = if kernel == null then stdenv else kernel.stdenv;
in
callPackage ./generic.nix args {
# check the release notes for compatible kernels
# NOTE:
# zfs-2.1.9<=x<=2.1.10 is broken with aarch64-linux-6.2
# for future releases, please delete this condition.
kernelCompatible = if stdenv'.isx86_64
then kernel.kernelOlder "6.3"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages =
if stdenv'.isx86_64
then linuxKernel.packages.linux_6_2
else linuxKernel.packages.linux_6_1;
# this package should point to a version / git revision compatible with the latest kernel release
# IMPORTANT: Always use a tagged release candidate or commits from the
# zfs-<version>-staging branch, because this is tested by the OpenZFS
# maintainers.
version = "2.1.12-staging-2023-04-18";
rev = "e25f9131d679692704c11dc0c1df6d4585b70c35";
sha256 = "tJLwyqUj1l5F0WKZDeMGrEFa8fc/axKqm31xtN51a5M=";
isUnstable = true;
}

7
pkgs/servers/ldap/lldap/default.nix
View File

@ -90,6 +90,9 @@ let
});
in rustPlatform.buildRustPackage (commonDerivationAttrs // {
cargoBuildFlags = [ "-p" "lldap" "-p" "migration-tool" "-p" "lldap_set_password" ];
patches = [
./static-frontend-path.patch
];
@ -98,6 +101,10 @@ in rustPlatform.buildRustPackage (commonDerivationAttrs // {
substituteInPlace server/src/infra/tcp_server.rs --subst-var-by frontend '${frontend}'
'';
postInstall = ''
mv $out/bin/migration-tool $out/bin/lldap_migration_tool
'';
passthru = {
inherit frontend;
tests = {

2
pkgs/servers/mail/mailman/hyperkitty.nix
View File

@ -66,7 +66,7 @@ buildPythonPackage rec {
elasticsearch
mock
whoosh
];
] ++ beautifulsoup4.optional-dependencies.lxml;
checkPhase = ''
cd $NIX_BUILD_TOP/$sourceRoot

26
pkgs/servers/search/meilisearch/Cargo.lock generated
View File

@ -410,7 +410,7 @@ checksum = "b645a089122eccb6111b4f81cbc1a49f5900ac4666bb93ac027feaecf15607bf"
[[package]]
name = "benchmarks"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"anyhow",
"bytes",
@ -1150,7 +1150,7 @@ dependencies = [
[[package]]
name = "dump"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"anyhow",
"big_s",
@ -1371,7 +1371,7 @@ dependencies = [
[[package]]
name = "file-store"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"faux",
"tempfile",
@ -1393,7 +1393,7 @@ dependencies = [
[[package]]
name = "filter-parser"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"insta",
"nom",
@ -1413,7 +1413,7 @@ dependencies = [
[[package]]
name = "flatten-serde-json"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"criterion",
"serde_json",
@ -1890,7 +1890,7 @@ dependencies = [
[[package]]
name = "index-scheduler"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"anyhow",
"big_s",
@ -2049,7 +2049,7 @@ dependencies = [
[[package]]
name = "json-depth-checker"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"criterion",
"serde_json",
@ -2445,7 +2445,7 @@ checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771"
[[package]]
name = "meili-snap"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"insta",
"md5",
@ -2454,7 +2454,7 @@ dependencies = [
[[package]]
name = "meilisearch"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"actix-cors",
"actix-http",
@ -2542,7 +2542,7 @@ dependencies = [
[[package]]
name = "meilisearch-auth"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"base64 0.13.1",
"enum-iterator",
@ -2561,7 +2561,7 @@ dependencies = [
[[package]]
name = "meilisearch-types"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"actix-web",
"anyhow",
@ -2615,7 +2615,7 @@ dependencies = [
[[package]]
name = "milli"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"big_s",
"bimap",
@ -2969,7 +2969,7 @@ checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e"
[[package]]
name = "permissive-json-pointer"
version = "1.1.0"
version = "1.1.1"
dependencies = [
"big_s",
"serde_json",

12
pkgs/servers/search/meilisearch/default.nix
View File

@ -6,9 +6,10 @@
, DiskArbitration
, Foundation
, nixosTests
, nix-update-script
}:
let version = "1.1.0";
let version = "1.1.1";
in
rustPlatform.buildRustPackage {
pname = "meilisearch";
@ -18,7 +19,7 @@ rustPlatform.buildRustPackage {
owner = "meilisearch";
repo = "MeiliSearch";
rev = "refs/tags/v${version}";
hash = "sha256-mwrWHrndcLwdXJo+UISJdPxZFDgtZh9jEquz7jIHGP0=";
hash = "sha256-catbSe4KT52vNaMD/rq4B7myw76Ki4NSBPX8nTgxT18=";
};
cargoBuildFlags = [
@ -44,8 +45,11 @@ rustPlatform.buildRustPackage {
Foundation
];
passthru.tests = {
meilisearch = nixosTests.meilisearch;
passthru = {
updateScript = nix-update-script { };
tests = {
meilisearch = nixosTests.meilisearch;
};
};
# Tests will try to compile with mini-dashboard features which downloads something from the internet.

244
pkgs/servers/web-apps/pixelfed/composer-env.nix Normal file
View File

@ -0,0 +1,244 @@
# This file originates from composer2nix
{ stdenv, lib, writeTextFile, fetchurl, php, unzip, phpPackages }:
let
inherit (phpPackages) composer;
filterSrc = src:
builtins.filterSource (path: type: type != "directory" || (baseNameOf path != ".git" && baseNameOf path != ".git" && baseNameOf path != ".svn")) src;
buildZipPackage = { name, src }:
stdenv.mkDerivation {
inherit name src;
nativeBuildInputs = [ unzip ];
buildCommand = ''
shopt -s dotglob
unzip $src
baseDir=$(find . -type d -mindepth 1 -maxdepth 1)
cd $baseDir
mkdir -p $out
mv * $out
'';
};
buildPackage =
{ name
, src
, packages ? {}
, devPackages ? {}
, buildInputs ? []
, symlinkDependencies ? false
, executable ? false
, removeComposerArtifacts ? false
, postInstall ? ""
, noDev ? false
, composerExtraArgs ? ""
, unpackPhase ? "true"
, buildPhase ? "true"
, ...}@args:
let
reconstructInstalled = writeTextFile {
name = "reconstructinstalled.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
if(file_exists($argv[1]))
{
$composerLockStr = file_get_contents($argv[1]);
if($composerLockStr === false)
{
fwrite(STDERR, "Cannot open composer.lock contents\n");
exit(1);
}
else
{
$config = json_decode($composerLockStr, true);
if(array_key_exists("packages", $config))
$allPackages = $config["packages"];
else
$allPackages = array();
${lib.optionalString (!noDev) ''
if(array_key_exists("packages-dev", $config))
$allPackages = array_merge($allPackages, $config["packages-dev"]);
''}
$packagesStr = json_encode($allPackages, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
print($packagesStr);
}
}
else
print("[]");
?>
'';
};
constructBin = writeTextFile {
name = "constructbin.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
$composerJSONStr = file_get_contents($argv[1]);
if($composerJSONStr === false)
{
fwrite(STDERR, "Cannot open composer.json contents\n");
exit(1);
}
else
{
$config = json_decode($composerJSONStr, true);
if(array_key_exists("bin-dir", $config))
$binDir = $config["bin-dir"];
else
$binDir = "bin";
if(array_key_exists("bin", $config))
{
if(!file_exists("vendor/".$binDir))
mkdir("vendor/".$binDir);
foreach($config["bin"] as $bin)
symlink("../../".$bin, "vendor/".$binDir."/".basename($bin));
}
}
?>
'';
};
bundleDependencies = dependencies:
lib.concatMapStrings (dependencyName:
let
dependency = dependencies.${dependencyName};
in
''
${if dependency.targetDir == "" then ''
vendorDir="$(dirname ${dependencyName})"
mkdir -p "$vendorDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
else
''cp -av "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
}
'' else ''
namespaceDir="${dependencyName}/$(dirname "${dependency.targetDir}")"
mkdir -p "$namespaceDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
else
''cp -av "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
}
''}
'') (builtins.attrNames dependencies);
extraArgs = removeAttrs args [ "packages" "devPackages" "buildInputs" ];
in
stdenv.mkDerivation ({
buildInputs = [ php composer ] ++ buildInputs;
inherit unpackPhase buildPhase;
installPhase = ''
${if executable then ''
mkdir -p $out/share/php
cp -av $src $out/share/php/$name
chmod -R u+w $out/share/php/$name
cd $out/share/php/$name
'' else ''
cp -av $src $out
chmod -R u+w $out
cd $out
''}
# Remove unwanted files
rm -f *.nix
export HOME=$TMPDIR
# Remove the provided vendor folder if it exists
rm -Rf vendor
# If there is no composer.lock file, compose a dummy file.
# Otherwise, composer attempts to download the package.json file from
# the registry which we do not want.
if [ ! -f composer.lock ]
then
cat > composer.lock <<EOF
{
"packages": []
}
EOF
fi
# Reconstruct the installed.json file from the lock file
mkdir -p vendor/composer
${php}/bin/php ${reconstructInstalled} composer.lock > vendor/composer/installed.json
# Copy or symlink the provided dependencies
cd vendor
${bundleDependencies packages}
${lib.optionalString (!noDev) (bundleDependencies devPackages)}
cd ..
# Reconstruct autoload scripts
# We use the optimize feature because Nix packages cannot change after they have been built
# Using the dynamic loader for a Nix package is useless since there is nothing to dynamically reload.
composer dump-autoload --optimize ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
# Run the install step as a validation to confirm that everything works out as expected
composer install --optimize-autoloader ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
${lib.optionalString executable ''
# Reconstruct the bin/ folder if we deploy an executable project
${php}/bin/php ${constructBin} composer.json
ln -s $(pwd)/vendor/bin $out/bin
''}
${lib.optionalString (!symlinkDependencies) ''
# Patch the shebangs if possible
if [ -d $(pwd)/vendor/bin ]
then
# Look for all executables in bin/
for i in $(pwd)/vendor/bin/*
do
# Look for their location
realFile=$(readlink -f "$i")
# Restore write permissions
chmod u+wx "$(dirname "$realFile")"
chmod u+w "$realFile"
# Patch shebang
sed -e "s|#!/usr/bin/php|#!${php}/bin/php|" \
-e "s|#!/usr/bin/env php|#!${php}/bin/php|" \
"$realFile" > tmp
mv tmp "$realFile"
chmod u+x "$realFile"
done
fi
''}
if [ "$removeComposerArtifacts" = "1" ]
then
# Remove composer stuff
rm -f composer.json composer.lock
fi
# Execute post install hook
runHook postInstall
'';
} // extraArgs);
in
{
inherit filterSrc;
composer = lib.makeOverridable composer;
buildZipPackage = lib.makeOverridable buildZipPackage;
buildPackage = lib.makeOverridable buildPackage;
}

14
pkgs/servers/web-apps/pixelfed/composition.nix Normal file
View File

@ -0,0 +1,14 @@
{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, noDev ? false, php ? pkgs.php, phpPackages ? pkgs.phpPackages}:
let
composerEnv = import ./composer-env.nix {
inherit (pkgs) stdenv lib writeTextFile fetchurl unzip;
inherit php phpPackages;
};
in
import ./php-packages.nix {
inherit composerEnv noDev;
inherit (pkgs) fetchurl fetchgit fetchhg fetchsvn;
}

50
pkgs/servers/web-apps/pixelfed/default.nix Normal file
View File

@ -0,0 +1,50 @@
{ lib
, stdenv
, fetchFromGitHub
, php
, pkgs
, nixosTests
, dataDir ? "/var/lib/pixelfed"
, runtimeDir ? "/run/pixelfed"
}:
let
package = (import ./composition.nix {
inherit pkgs;
inherit (stdenv.hostPlatform) system;
noDev = true; # Disable development dependencies
}).overrideAttrs (attrs : {
installPhase = attrs.installPhase + ''
rm -R $out/bootstrap/cache
# Move static contents for the NixOS module to pick it up, if needed.
mv $out/bootstrap $out/bootstrap-static
mv $out/storage $out/storage-static
ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/
ln -s ${dataDir}/storage/app/public $out/public/storage
ln -s ${runtimeDir} $out/bootstrap
chmod +x $out/artisan
'';
});
in package.override rec {
pname = "pixelfed";
version = "0.11.5";
# GitHub distribution does not include vendored files
src = fetchFromGitHub {
owner = "pixelfed";
repo = pname;
rev = "v${version}";
hash = "sha256-ZrvYKMSx5WymWR46/UKr5jCsclXXzBeY21ju22zeqN0=";
};
passthru.tests = { inherit (nixosTests) pixelfed; };
meta = with lib; {
description = "A federated image sharing platform";
license = licenses.agpl3Only;
homepage = "https://pixelfed.org/";
maintainers = with maintainers; [ raitobezarius ];
platforms = php.meta.platforms;
};
}

1848
pkgs/servers/web-apps/pixelfed/php-packages.nix Normal file
View File

File diff suppressed because it is too large Load Diff

3
pkgs/servers/web-apps/plausible/default.nix
View File

@ -61,6 +61,7 @@ beamPackages.mixRelease {
export HOME=$TMPDIR
export NODE_OPTIONS=--openssl-legacy-provider # required for webpack compatibility with OpenSSL 3 (https://github.com/webpack/webpack/issues/14532)
ln -sf ${yarnDeps}/node_modules assets/node_modules
substituteInPlace assets/package.json --replace '$(npm bin)/' 'npx '
npm run deploy --prefix ./assets
# for external task you need a workaround for the no deps check flag
@ -70,8 +71,6 @@ beamPackages.mixRelease {
meta = with lib; {
license = licenses.agpl3Plus;
# broken since the deprecation of nodejs_16
broken = true;
homepage = "https://plausible.io/";
description = " Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.";
maintainers = with maintainers; [ ];

36
pkgs/servers/web-apps/wiki-js/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, lib, nixosTests }:
{ stdenv, fetchurl, lib, nixosTests, jq, moreutils }:
stdenv.mkDerivation rec {
pname = "wiki-js";
@ -9,6 +9,40 @@ stdenv.mkDerivation rec {
sha256 = "sha256-O7KQ134zh9ullYyQZimmxfdRwXeHkD8aAhy/pRzIjxo=";
};
# Implements nodejs 18 support as it's not planned to fix this before
# the release of v3[1] which is planned to happen in 2023, but not before
# NixOS 23.05. However, in the lifespan of 23.05 v16 will get EOLed, so
# we have to hack this on our own.
#
# The problem we fix here is that `exports."/public/"` in a `package.json`
# is prohibited, i.e. you cannot export full directories anymore.
#
# Unfortunately it's non-trivial to fix this because v10 of `extract-files`
# (where the problem is fixed) doesn't work for graphql-tools (which depends
# on this). Updating this as well is also quite complex because in later
# versions the package was split up into multiple smaller packages and
# thus a lot of parts of the code-base would need to be changed accordingly.
#
# Since this is the only breaking change of nodejs 17/18[2][3], this workaround
# will be necessary until we can upgrade to v3.
#
# [1] https://github.com/requarks/wiki/discussions/6388
# [2] https://nodejs.org/en/blog/release/v17.0.0
# [3] https://nodejs.org/en/blog/release/v18.0.0
nativeBuildInputs = [ jq moreutils ];
postPatch = ''
# Dirty hack to implement nodejs-18 support.
<./node_modules/extract-files/package.json jq '
# error out loud if the structure has changed and we need to change
# this expression
if .exports|has("./public/")|not then
halt_error(1)
else
.exports."./public/*" = "./public/*.js" | del(.exports."./public/")
end
' | sponge ./node_modules/extract-files/package.json
'';
sourceRoot = ".";
dontBuild = true;

12
pkgs/servers/x11/xorg/overrides.nix
View File

@ -1,6 +1,6 @@
{ abiCompat ? null,
callPackage,
lib, stdenv, makeWrapper, fetchurl, fetchpatch, fetchFromGitLab, buildPackages, substitute,
lib, stdenv, makeWrapper, fetchurl, fetchpatch, fetchFromGitLab, buildPackages,
automake, autoconf, libiconv, libtool, intltool,
freetype, tradcpp, fontconfig, meson, ninja, ed, fontforge,
libGL, spice-protocol, zlib, libGLU, dbus, libunwind, libdrm, netbsd,
@ -771,12 +771,14 @@ self: super:
name = "revert-fb-changes-2.patch";
})
./darwin/bundle_main.patch
(substitute {
src = ./darwin/stub.patch;
replacements = ["--subst-var-by" "XQUARTZ_APP" "${placeholder "out"}/Applications/XQuartz.app"];
})
./darwin/stub.patch
];
postPatch = attrs.postPatch + ''
substituteInPlace hw/xquartz/mach-startup/stub.c \
--subst-var-by XQUARTZ_APP "$out/Applications/XQuartz.app"
'';
configureFlags = [
# note: --enable-xquartz is auto
"CPPFLAGS=-I${./darwin/dri}"

11
pkgs/test/texlive/default.nix
View File

@ -199,4 +199,15 @@
{"$kpathsea","$schemeFull"/share/texmf-var}/web2c/fmtutil.cnf \
| tee "$out/fmtutil.cnf.patch"
'';
# verify that the restricted mode gets enabled when
# needed (detected by checking if it disallows --gscmd)
repstopdf = runCommand "texlive-test-repstopdf" {
nativeBuildInputs = [ (texlive.combine { inherit (texlive) scheme-infraonly epstopdf; }) ];
} ''
! (epstopdf --gscmd echo /dev/null 2>&1 || true) | grep forbidden >/dev/null
(repstopdf --gscmd echo /dev/null 2>&1 || true) | grep forbidden >/dev/null
mkdir "$out"
'';
}

4
pkgs/tools/networking/minissdpd/default.nix
View File

@ -10,6 +10,10 @@ stdenv.mkDerivation rec {
name = "${pname}-${version}.tar.gz";
};
patches = [
./makefile-install-dir.patch
];
buildInputs = [ libnfnetlink ];
installFlags = [ "PREFIX=$(out)" "INSTALLPREFIX=$(out)" ];

15
pkgs/tools/networking/minissdpd/makefile-install-dir.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/Makefile b/Makefile
index b14e2fa..4472598 100644
--- a/Makefile
+++ b/Makefile
@@ -74,8 +74,8 @@ install: minissdpd
$(INSTALL) -d $(DESTDIR)$(MANINSTALLDIR)/man1
$(INSTALL) minissdpd.1 $(DESTDIR)$(MANINSTALLDIR)/man1/minissdpd.1
ifeq (, $(findstring darwin, $(OS)))
- $(INSTALL) -d $(DESTDIR)/etc/init.d
- $(INSTALL) minissdpd.init.d.script $(DESTDIR)/etc/init.d/minissdpd
+ $(INSTALL) -d $(DESTDIR)$(INSTALLPREFIX)/etc/init.d
+ $(INSTALL) minissdpd.init.d.script $(DESTDIR)$(INSTALLPREFIX)/etc/init.d/minissdpd
endif
check: validateminissdpd validatecodelength

5
pkgs/tools/package-management/poetry/unwrapped.nix
View File

@ -151,6 +151,11 @@ buildPythonPackage rec {
"poetry"
];
# Unset ambient PYTHONPATH in the wrapper, so Poetry only ever runs with its own,
# isolated set of dependencies. This works because the correct PYTHONPATH is set
# in the Python script, which runs after the wrapper.
makeWrapperArgs = ["--unset PYTHONPATH"];
meta = with lib; {
changelog = "https://github.com/python-poetry/poetry/blob/${src.rev}/CHANGELOG.md";
homepage = "https://python-poetry.org/";

6
pkgs/tools/system/bottom/default.nix
View File

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "bottom";
version = "0.9.0";
version = "0.9.1";
src = fetchFromGitHub {
owner = "ClementTsang";
repo = pname;
rev = version;
sha256 = "sha256-/pjMxWQ66t9Jd8ziLJXDgnwfSgR1uS9U1uXVDTZze58=";
sha256 = "sha256-i1Vd2SA7Xb62gTVY6FdKzNe6ItfYrLXfgo0+VRm+Wdc=";
};
cargoHash = "sha256-0KweijC4gA9ELmQZ7lvOx2BypMuj8KsZHxGfcRXVi4g=";
cargoHash = "sha256-umBBUbkgVIj9d2eYEJCHjoo0AjH9K2R6C+cps+PkZcA=";
nativeBuildInputs = [ installShellFiles ];

9
pkgs/tools/typesetting/tex/texlive/combine.nix
View File

@ -289,15 +289,6 @@ in (buildEnv {
''
rm "$out"/bin/*-sys
wrapBin
'' +
# Perform a small test to verify that the restricted mode get enabled when
# needed (detected by checking if it disallows --gscmd)
''
if [[ -e "$out"/bin/epstopdf ]]; then
echo "Testing restricted mode for {,r}epstopdf"
! (epstopdf --gscmd echo /dev/null 2>&1 || true) | grep forbidden
(repstopdf --gscmd echo /dev/null 2>&1 || true) | grep forbidden
fi
'' +
# TODO: a context trigger https://www.preining.info/blog/2015/06/debian-tex-live-2015-the-new-layout/
# http://wiki.contextgarden.net/ConTeXt_Standalone#Unix-like_platforms_.28Linux.2FMacOS_X.2FFreeBSD.2FSolaris.29

15
pkgs/top-level/all-packages.nix
View File

@ -27711,10 +27711,12 @@ with pkgs;
zenmonitor = callPackage ../os-specific/linux/zenmonitor { };
inherit (callPackages ../os-specific/linux/zfs {
zfsStable = callPackage ../os-specific/linux/zfs/stable.nix {
configFile = "user";
}) zfsStable zfsUnstable;
};
zfsUnstable = callPackage ../os-specific/linux/zfs/unstable.nix {
configFile = "user";
};
zfs = zfsStable;
### DATA
@ -31159,6 +31161,8 @@ with pkgs;
pixel2svg = python310Packages.callPackage ../tools/graphics/pixel2svg { };
pixelfed = callPackage ../servers/web-apps/pixelfed { };
pixelnuke = callPackage ../applications/graphics/pixelnuke { };
pixelorama = callPackage ../applications/editors/pixelorama { };
@ -32515,6 +32519,8 @@ with pkgs;
cutter = callPackage ../applications/video/mpv/scripts/cutter.nix { };
};
open-in-mpv = callPackage ../applications/video/open-in-mpv { };
mrpeach = callPackage ../applications/audio/pd-plugins/mrpeach { };
mtpaint = callPackage ../applications/graphics/mtpaint { };
@ -35483,6 +35489,7 @@ with pkgs;
balanceofsatoshis = nodePackages.balanceofsatoshis;
bitcoin = libsForQt5.callPackage ../applications/blockchains/bitcoin {
stdenv = if stdenv.isDarwin then darwin.apple_sdk_11_0.stdenv else stdenv;
boost = boost17x;
withGui = true;
inherit (darwin) autoSignDarwinBinariesHook;
@ -36452,7 +36459,7 @@ with pkgs;
mindustry = callPackage ../games/mindustry { };
mindustry-wayland = callPackage ../games/mindustry {
glew = glew-egl;
enableWayland = true;
};
mindustry-server = callPackage ../games/mindustry {

12
pkgs/top-level/linux-kernels.nix
View File

@ -558,10 +558,14 @@ in {
zenpower = callPackage ../os-specific/linux/zenpower { };
inherit (callPackage ../os-specific/linux/zfs {
configFile = "kernel";
inherit pkgs kernel;
}) zfsStable zfsUnstable;
zfsStable = callPackage ../os-specific/linux/zfs/stable.nix {
configFile = "kernel";
inherit pkgs kernel;
};
zfsUnstable = callPackage ../os-specific/linux/zfs/unstable.nix {
configFile = "kernel";
inherit pkgs kernel;
};
zfs = zfsStable;
can-isotp = callPackage ../os-specific/linux/can-isotp { };

4
pkgs/top-level/python-packages.nix
View File

@ -9757,7 +9757,7 @@ self: super: with self; {
python-mapnik = callPackage ../development/python-modules/python-mapnik rec {
inherit (pkgs) pkg-config cairo icu libjpeg libpng libtiff libwebp proj zlib;
boost = pkgs.boost.override {
boost182 = pkgs.boost182.override {
enablePython = true;
inherit python;
};
@ -11567,6 +11567,8 @@ self: super: with self; {
steamodd = callPackage ../development/python-modules/steamodd { };
steamship = callPackage ../development/python-modules/steamship { };
stem = callPackage ../development/python-modules/stem { };
stestr = callPackage ../development/python-modules/stestr { };