mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 09:53:10 +00:00
Merge branch 'master' into haskell-updates
This commit is contained in:
commit
cb8de4139a
@ -145,26 +145,26 @@ As an example, we will take the case of display managers. There is a
|
||||
central display manager module for generic display manager options and a
|
||||
module file per display manager backend (sddm, gdm \...).
|
||||
|
||||
There are two approach to this module structure:
|
||||
There are two approaches we could take with this module structure:
|
||||
|
||||
- Managing the display managers independently by adding an enable
|
||||
- Configuring the display managers independently by adding an enable
|
||||
option to every display manager module backend. (NixOS)
|
||||
|
||||
- Managing the display managers in the central module by adding an
|
||||
option to select which display manager backend to use.
|
||||
- Configuring the display managers in the central module by adding
|
||||
an option to select which display manager backend to use.
|
||||
|
||||
Both approaches have problems.
|
||||
|
||||
Making backends independent can quickly become hard to manage. For
|
||||
display managers, there can be only one enabled at a time, but the type
|
||||
system can not enforce this restriction as there is no relation between
|
||||
each backend `enable` option. As a result, this restriction has to be
|
||||
done explicitely by adding assertions in each display manager backend
|
||||
module.
|
||||
display managers, there can only be one enabled at a time, but the
|
||||
type system cannot enforce this restriction as there is no relation
|
||||
between each backend's `enable` option. As a result, this restriction
|
||||
has to be done explicitly by adding assertions in each display manager
|
||||
backend module.
|
||||
|
||||
On the other hand, managing the display managers backends in the central
|
||||
module will require to change the central module option every time a new
|
||||
backend is added or removed.
|
||||
On the other hand, managing the display manager backends in the
|
||||
central module will require changing the central module option every
|
||||
time a new backend is added or removed.
|
||||
|
||||
By using extensible option types, it is possible to create a placeholder
|
||||
option in the central module
|
||||
@ -175,7 +175,7 @@ and to extend it in each backend module
|
||||
|
||||
As a result, `displayManager.enable` option values can be added without
|
||||
changing the main service module file and the type system automatically
|
||||
enforce that there can only be a single display manager enabled.
|
||||
enforces that there can only be a single display manager enabled.
|
||||
|
||||
::: {#ex-option-declaration-eot-service .example}
|
||||
::: {.title}
|
||||
|
@ -16,9 +16,9 @@ merging is handled.
|
||||
|
||||
`types.path`
|
||||
|
||||
: A filesystem path, defined as anything that when coerced to a string
|
||||
starts with a slash. Even if derivations can be considered as path,
|
||||
the more specific `types.package` should be preferred.
|
||||
: A filesystem path is anything that starts with a slash when
|
||||
coerced to a string. Even if derivations can be considered as
|
||||
paths, the more specific `types.package` should be preferred.
|
||||
|
||||
`types.package`
|
||||
|
||||
|
@ -215,21 +215,22 @@ lib.mkOption {
|
||||
manager backend (sddm, gdm ...).
|
||||
</para>
|
||||
<para>
|
||||
There are two approach to this module structure:
|
||||
There are two approaches we could take with this module
|
||||
structure:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Managing the display managers independently by adding an
|
||||
enable option to every display manager module backend.
|
||||
(NixOS)
|
||||
Configuring the display managers independently by adding
|
||||
an enable option to every display manager module
|
||||
backend. (NixOS)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Managing the display managers in the central module by
|
||||
adding an option to select which display manager backend
|
||||
to use.
|
||||
Configuring the display managers in the central module
|
||||
by adding an option to select which display manager
|
||||
backend to use.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
@ -238,16 +239,16 @@ lib.mkOption {
|
||||
</para>
|
||||
<para>
|
||||
Making backends independent can quickly become hard to
|
||||
manage. For display managers, there can be only one enabled
|
||||
manage. For display managers, there can only be one enabled
|
||||
at a time, but the type system cannot enforce this
|
||||
restriction as there is no relation between each backend
|
||||
restriction as there is no relation between each backend’s
|
||||
<literal>enable</literal> option. As a result, this
|
||||
restriction has to be done explicitely by adding assertions
|
||||
restriction has to be done explicitly by adding assertions
|
||||
in each display manager backend module.
|
||||
</para>
|
||||
<para>
|
||||
On the other hand, managing the display managers backends in
|
||||
the central module will require to change the central module
|
||||
On the other hand, managing the display manager backends in
|
||||
the central module will require changing the central module
|
||||
option every time a new backend is added or removed.
|
||||
</para>
|
||||
<para>
|
||||
@ -268,7 +269,7 @@ lib.mkOption {
|
||||
<para>
|
||||
As a result, <literal>displayManager.enable</literal> option
|
||||
values can be added without changing the main service module
|
||||
file and the type system automatically enforce that there
|
||||
file and the type system automatically enforces that there
|
||||
can only be a single display manager enabled.
|
||||
</para>
|
||||
<anchor xml:id="ex-option-declaration-eot-service" />
|
||||
|
@ -30,10 +30,10 @@
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A filesystem path, defined as anything that when coerced to
|
||||
a string starts with a slash. Even if derivations can be
|
||||
considered as path, the more specific
|
||||
<literal>types.package</literal> should be preferred.
|
||||
A filesystem path is anything that starts with a slash when
|
||||
coerced to a string. Even if derivations can be considered
|
||||
as paths, the more specific <literal>types.package</literal>
|
||||
should be preferred.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -388,6 +388,116 @@
|
||||
its reliance on python2.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>matrix-synapse</literal> service
|
||||
(<literal>services.matrix-synapse</literal>) has been
|
||||
converted to use the <literal>settings</literal> option
|
||||
defined in RFC42. This means that options that are part of
|
||||
your <literal>homeserver.yaml</literal> configuration, and
|
||||
that were specified at the top-level of the module
|
||||
(<literal>services.matrix-synapse</literal>) now need to be
|
||||
moved into
|
||||
<literal>services.matrix-synapse.settings</literal>. And while
|
||||
not all options you may use are defined in there, they are
|
||||
still supported, because you can set arbitrary values in this
|
||||
freeform type.
|
||||
</para>
|
||||
<para>
|
||||
An example to make the required migration clearer:
|
||||
</para>
|
||||
<para>
|
||||
Before:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
After:
|
||||
</para>
|
||||
<programlisting language="bash">
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||
# possible values.
|
||||
settings = {
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = [
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
};
|
||||
|
||||
extraConfigFiles = [
|
||||
/run/keys/matrix-synapse/secrets.yaml
|
||||
];
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The secrets in your original config should be migrated into a
|
||||
YAML file that is included via
|
||||
<literal>extraConfigFiles</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Additionally a few option defaults have been synced up with
|
||||
upstream default values, for example the
|
||||
<literal>max_upload_size</literal> grew from
|
||||
<literal>10M</literal> to <literal>50M</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The MoinMoin wiki engine
|
||||
@ -1185,6 +1295,14 @@
|
||||
<literal>tmux</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The polkit service, available at
|
||||
<literal>security.polkit.enable</literal>, is now disabled by
|
||||
default. It will automatically be enabled through services and
|
||||
desktop environments as needed.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -128,6 +128,95 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
|
||||
|
||||
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
|
||||
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
|
||||
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
|
||||
may use are defined in there, they are still supported, because you can set arbitrary values in this freeform type.
|
||||
|
||||
An example to make the required migration clearer:
|
||||
|
||||
Before:
|
||||
```nix
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
registration_shared_secret = "xohshaeyui8jic7uutuDogahkee3aehuaf6ei3Xouz4iicie5thie6nohNahceut";
|
||||
macaroon_secret_key = "xoo8eder9seivukaiPh1cheikohquuw8Yooreid0The4aifahth3Ou0aiShaiz4l";
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
After:
|
||||
```nix
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
|
||||
# this attribute set holds all values that go into your homeserver.yaml configuration
|
||||
# See https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml for
|
||||
# possible values.
|
||||
settings = {
|
||||
server_name = "example.com";
|
||||
public_baseurl = "https://example.com:8448";
|
||||
|
||||
enable_registration = false;
|
||||
# pass `registration_shared_secret` and `macaroon_secret_key` via `extraConfigFiles` instead
|
||||
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
tls_certificate_path = "/var/lib/acme/example.com/fullchain.pem";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_address = [
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
};
|
||||
|
||||
extraConfigFiles = [
|
||||
/run/keys/matrix-synapse/secrets.yaml
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
|
||||
|
||||
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`.
|
||||
|
||||
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
|
||||
|
||||
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
|
||||
@ -380,4 +469,6 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.
|
||||
|
||||
- The polkit service, available at `security.polkit.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -455,6 +455,7 @@
|
||||
./services/hardware/vdr.nix
|
||||
./services/hardware/xow.nix
|
||||
./services/home-automation/home-assistant.nix
|
||||
./services/home-automation/zigbee2mqtt.nix
|
||||
./services/logging/SystemdJournal2Gelf.nix
|
||||
./services/logging/awstats.nix
|
||||
./services/logging/filebeat.nix
|
||||
@ -499,6 +500,7 @@
|
||||
./services/mail/roundcube.nix
|
||||
./services/mail/sympa.nix
|
||||
./services/mail/nullmailer.nix
|
||||
./services/matrix/matrix-synapse.nix
|
||||
./services/matrix/mjolnir.nix
|
||||
./services/matrix/pantalaimon.nix
|
||||
./services/misc/ananicy.nix
|
||||
@ -565,7 +567,6 @@
|
||||
./services/misc/matrix-appservice-discord.nix
|
||||
./services/misc/matrix-appservice-irc.nix
|
||||
./services/misc/matrix-conduit.nix
|
||||
./services/misc/matrix-synapse.nix
|
||||
./services/misc/mautrix-facebook.nix
|
||||
./services/misc/mautrix-telegram.nix
|
||||
./services/misc/mbpfan.nix
|
||||
@ -626,7 +627,6 @@
|
||||
./services/misc/weechat.nix
|
||||
./services/misc/xmr-stak.nix
|
||||
./services/misc/xmrig.nix
|
||||
./services/misc/zigbee2mqtt.nix
|
||||
./services/misc/zoneminder.nix
|
||||
./services/misc/zookeeper.nix
|
||||
./services/monitoring/alerta.nix
|
||||
|
@ -134,6 +134,7 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
security.polkit.enable = true;
|
||||
security.pam.services.swaylock = {};
|
||||
hardware.opengl.enable = mkDefault true;
|
||||
fonts.enableDefaultFonts = mkDefault true;
|
||||
|
@ -12,11 +12,7 @@ in
|
||||
|
||||
options = {
|
||||
|
||||
security.polkit.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable PolKit.";
|
||||
};
|
||||
security.polkit.enable = mkEnableOption "polkit";
|
||||
|
||||
security.polkit.extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
|
@ -30,6 +30,8 @@ in {
|
||||
|
||||
environment.systemPackages = [ pkgs.flatpak ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.dbus.packages = [ pkgs.flatpak ];
|
||||
|
||||
systemd.packages = [ pkgs.flatpak ];
|
||||
|
@ -8,7 +8,7 @@
|
||||
},
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-rtkit",
|
||||
"name": "libpipewire-module-rt",
|
||||
"args": {},
|
||||
"flags": [
|
||||
"ifexists",
|
||||
|
@ -0,0 +1,118 @@
|
||||
{
|
||||
"context.properties": {
|
||||
"link.max-buffers": 16,
|
||||
"core.daemon": true,
|
||||
"core.name": "pipewire-0",
|
||||
"settings.check-quantum": true,
|
||||
"settings.check-rate": true,
|
||||
"vm.overrides": {
|
||||
"default.clock.min-quantum": 1024
|
||||
}
|
||||
},
|
||||
"context.spa-libs": {
|
||||
"audio.convert.*": "audioconvert/libspa-audioconvert",
|
||||
"api.alsa.*": "alsa/libspa-alsa",
|
||||
"support.*": "support/libspa-support"
|
||||
},
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-rt",
|
||||
"args": {
|
||||
"nice.level": -11
|
||||
},
|
||||
"flags": [
|
||||
"ifexists",
|
||||
"nofail"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-protocol-native"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-profiler"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-metadata"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-spa-node-factory"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-client-node"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-access",
|
||||
"args": {}
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-adapter"
|
||||
},
|
||||
{
|
||||
"name": "libpipewire-module-link-factory"
|
||||
}
|
||||
],
|
||||
"context.objects": [
|
||||
{
|
||||
"factory": "metadata",
|
||||
"args": {
|
||||
"metadata.name": "default"
|
||||
}
|
||||
},
|
||||
{
|
||||
"factory": "spa-node-factory",
|
||||
"args": {
|
||||
"factory.name": "support.node.driver",
|
||||
"node.name": "Dummy-Driver",
|
||||
"node.group": "pipewire.dummy",
|
||||
"priority.driver": 20000
|
||||
}
|
||||
},
|
||||
{
|
||||
"factory": "spa-node-factory",
|
||||
"args": {
|
||||
"factory.name": "support.node.driver",
|
||||
"node.name": "Freewheel-Driver",
|
||||
"priority.driver": 19000,
|
||||
"node.group": "pipewire.freewheel",
|
||||
"node.freewheel": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"factory": "adapter",
|
||||
"args": {
|
||||
"factory.name": "api.alsa.pcm.source",
|
||||
"node.name": "system",
|
||||
"node.description": "system",
|
||||
"media.class": "Audio/Source",
|
||||
"api.alsa.path": "hw:0",
|
||||
"node.suspend-on-idle": true,
|
||||
"resample.disable": true,
|
||||
"channelmix.disable": true,
|
||||
"adapter.auto-port-config": {
|
||||
"mode": "dsp",
|
||||
"monitor": false,
|
||||
"position": "unknown"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"factory": "adapter",
|
||||
"args": {
|
||||
"factory.name": "api.alsa.pcm.sink",
|
||||
"node.name": "system",
|
||||
"node.description": "system",
|
||||
"media.class": "Audio/Sink",
|
||||
"api.alsa.path": "hw:0",
|
||||
"node.suspend-on-idle": true,
|
||||
"resample.disable": true,
|
||||
"channelmix.disable": true,
|
||||
"adapter.auto-port-config": {
|
||||
"mode": "dsp",
|
||||
"monitor": false,
|
||||
"position": "unknown"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"context.exec": []
|
||||
}
|
@ -6,8 +6,10 @@
|
||||
},
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-rtkit",
|
||||
"args": {},
|
||||
"name": "libpipewire-module-rt",
|
||||
"args": {
|
||||
"nice.level": -11
|
||||
},
|
||||
"flags": [
|
||||
"ifexists",
|
||||
"nofail"
|
||||
@ -37,6 +39,61 @@
|
||||
}
|
||||
}
|
||||
],
|
||||
"context.exec": [],
|
||||
"stream.properties": {}
|
||||
"context.exec": [
|
||||
{
|
||||
"path": "pactl",
|
||||
"args": "load-module module-always-sink"
|
||||
}
|
||||
],
|
||||
"stream.properties": {},
|
||||
"pulse.rules": [
|
||||
{
|
||||
"matches": [
|
||||
{}
|
||||
],
|
||||
"actions": {
|
||||
"update-props": {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"matches": [
|
||||
{
|
||||
"application.process.binary": "teams"
|
||||
},
|
||||
{
|
||||
"application.process.binary": "skypeforlinux"
|
||||
}
|
||||
],
|
||||
"actions": {
|
||||
"quirks": [
|
||||
"force-s16-info"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"matches": [
|
||||
{
|
||||
"application.process.binary": "firefox"
|
||||
}
|
||||
],
|
||||
"actions": {
|
||||
"quirks": [
|
||||
"remove-capture-dont-move"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"matches": [
|
||||
{
|
||||
"application.name": "~speech-dispatcher*"
|
||||
}
|
||||
],
|
||||
"actions": {
|
||||
"update-props": {
|
||||
"pulse.min.req": "1024/48000",
|
||||
"pulse.min.quantum": "1024/48000"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -3,6 +3,7 @@
|
||||
"link.max-buffers": 16,
|
||||
"core.daemon": true,
|
||||
"core.name": "pipewire-0",
|
||||
"default.clock.min-quantum": 16,
|
||||
"vm.overrides": {
|
||||
"default.clock.min-quantum": 1024
|
||||
}
|
||||
@ -19,8 +20,10 @@
|
||||
},
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-rtkit",
|
||||
"args": {},
|
||||
"name": "libpipewire-module-rt",
|
||||
"args": {
|
||||
"nice.level": -11
|
||||
},
|
||||
"flags": [
|
||||
"ifexists",
|
||||
"nofail"
|
||||
|
@ -25,15 +25,18 @@ let
|
||||
client = lib.importJSON ./daemon/client.conf.json;
|
||||
client-rt = lib.importJSON ./daemon/client-rt.conf.json;
|
||||
jack = lib.importJSON ./daemon/jack.conf.json;
|
||||
minimal = lib.importJSON ./daemon/minimal.conf.json;
|
||||
pipewire = lib.importJSON ./daemon/pipewire.conf.json;
|
||||
pipewire-pulse = lib.importJSON ./daemon/pipewire-pulse.conf.json;
|
||||
};
|
||||
|
||||
useSessionManager = cfg.wireplumber.enable || cfg.media-session.enable;
|
||||
|
||||
configs = {
|
||||
client = recursiveUpdate defaults.client cfg.config.client;
|
||||
client-rt = recursiveUpdate defaults.client-rt cfg.config.client-rt;
|
||||
jack = recursiveUpdate defaults.jack cfg.config.jack;
|
||||
pipewire = recursiveUpdate defaults.pipewire cfg.config.pipewire;
|
||||
pipewire = recursiveUpdate (if useSessionManager then defaults.pipewire else defaults.minimal) cfg.config.pipewire;
|
||||
pipewire-pulse = recursiveUpdate defaults.pipewire-pulse cfg.config.pipewire-pulse;
|
||||
};
|
||||
in {
|
||||
|
@ -32,6 +32,8 @@ with lib;
|
||||
|
||||
environment.systemPackages = [ pkgs.udisks2 ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.dbus.packages = [ pkgs.udisks2 ];
|
||||
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/udisks2 0755 root root -" ];
|
||||
|
773
nixos/modules/services/matrix/matrix-synapse.nix
Normal file
773
nixos/modules/services/matrix/matrix-synapse.nix
Normal file
@ -0,0 +1,773 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse;
|
||||
format = pkgs.formats.yaml {};
|
||||
|
||||
# remove null values from the final configuration
|
||||
finalSettings = lib.filterAttrsRecursive (_: v: v != null) cfg.settings;
|
||||
configFile = format.generate "homeserver.yaml" finalSettings;
|
||||
logConfigFile = format.generate "log_config.yaml" cfg.logConfig;
|
||||
|
||||
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||
extraLibs = cfg.plugins;
|
||||
};
|
||||
|
||||
usePostgresql = cfg.settings.database.name == "psycopg2";
|
||||
hasLocalPostgresDB = let args = cfg.settings.database.args; in
|
||||
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
|
||||
|
||||
registerNewMatrixUser =
|
||||
let
|
||||
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
|
||||
listener =
|
||||
lib.findFirst (
|
||||
listener: lib.any (
|
||||
resource: lib.any (
|
||||
name: name == "client"
|
||||
) resource.names
|
||||
) listener.resources
|
||||
) (lib.last cfg.settings.listeners) cfg.settings.listeners;
|
||||
# FIXME: Handle cases with missing client listener properly,
|
||||
# don't rely on lib.last, this will not work.
|
||||
|
||||
# add a tail, so that without any bind_addresses we still have a useable address
|
||||
bindAddress = head (listener.bind_addresses ++ [ "127.0.0.1" ]);
|
||||
listenerProtocol = if listener.tls
|
||||
then "https"
|
||||
else "http";
|
||||
in
|
||||
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
|
||||
exec ${cfg.package}/bin/register_new_matrix_user \
|
||||
$@ \
|
||||
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
|
||||
"${listenerProtocol}://${
|
||||
if (isIpv6 bindAddress) then
|
||||
"[${bindAddress}]"
|
||||
else
|
||||
"${bindAddress}"
|
||||
}:${builtins.toString listener.port}/"
|
||||
'';
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
|
||||
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
|
||||
as the behavior is now obsolete.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
|
||||
Database configuration must be done manually. An exemplary setup is demonstrated in
|
||||
<nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
|
||||
You may add additional event types via
|
||||
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
|
||||
disable the default events via
|
||||
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
|
||||
'')
|
||||
|
||||
# options that don't exist in synapse anymore
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_host" ] "Use listener settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bind_port" ] "Use listener settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "expire_access_tokens" ] "" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "no_tls" ] "It is no longer supported by synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_dh_param_path" ] "It was removed from synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "unsecure_port" ] "Use settings.listeners instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "user_creation_max_duration" ] "It is no longer supported by synapse." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." )
|
||||
|
||||
# options that were moved into rfc42 style settigns
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_Files instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_type" ] "Use settings.database.name instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_user" ] "Use settings.database.args.user instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "dynamic_thumbnails" ] "Use settings.dynamic_thumbnails instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_metrics" ] "Use settings.enable_metrics instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration" ] "Use settings.enable_registration instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "extraConfig" ] "Use settings instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "listeners" ] "Use settings.listeners instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "logConfig" ] "Use settings.log_config instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_image_pixels" ] "Use settings.max_image_pixels instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "max_upload_size" ] "Use settings.max_upload_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "presence" "enabled" ] "Use settings.presence.enabled instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "public_baseurl" ] "Use settings.public_baseurl instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "report_stats" ] "Use settings.report_stats instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "server_name" ] "Use settings.server_name instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "servers" ] "Use settings.trusted_key_servers instead." )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_certificate_path" ] "Use settings.tls_certificate_path instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "tls_private_key_path" ] "Use settings.tls_private_key_path instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_shared_secret" ] "Use settings.turn_shared_secret instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_uris" ] "Use settings.turn_uris instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "turn_user_lifetime" ] "Use settings.turn_user_lifetime instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_enabled" ] "Use settings.url_preview_enabled instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_blacklist" ] "Use settings.url_preview_ip_range_blacklist instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_ip_range_whitelist" ] "Use settings.url_preview_ip_range_whitelist instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "url_preview_url_blacklist" ] "Use settings.url_preview_url_blacklist instead" )
|
||||
|
||||
# options that are too specific to mention them explicitly in settings
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "email" ] "Use settings.account_threepid_delegates.email instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "account_threepid_delegates" "msisdn" ] "Use settings.account_threepid_delegates.msisdn instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "allow_guest_access" ] "Use settings.allow_guest_access instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "bcrypt_rounds" ] "Use settings.bcrypt_rounds instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "enable_registration_captcha" ] "Use settings.enable_registration_captcha instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "event_cache_size" ] "Use settings.event_cache_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_concurrent" ] "Use settings.rc_federation.concurrent instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_reject_limit" ] "Use settings.rc_federation.reject_limit instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_delay" ] "Use settings.rc_federation.sleep_delay instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_sleep_limit" ] "Use settings.rc_federation.sleep_limit instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "federation_rc_window_size" ] "Use settings.rc_federation.window_size instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "key_refresh_interval" ] "Use settings.key_refresh_interval instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_burst_count" ] "Use settings.rc_messages.burst_count instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "rc_messages_per_second" ] "Use settings.rc_messages.per_second instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_private_key" ] "Use settings.recaptcha_private_key instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "recaptcha_public_key" ] "Use settings.recaptcha_public_key instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "redaction_retention_period" ] "Use settings.redaction_retention_period instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "additional_event_types" ] "Use settings.room_prejoin_state.additional_event_types instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_prejoin_state" "disable_default_event_types" ] "Use settings.room_prejoin-state.disable_default_event_types instead" )
|
||||
|
||||
# Options that should be passed via extraConfigFiles, so they are not persisted into the nix store
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "macaroon_secret_key" ] "Pass this value via extraConfigFiles instead" )
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "registration_shared_secret" ] "Pass this value via extraConfigFiles instead" )
|
||||
|
||||
];
|
||||
|
||||
options = {
|
||||
services.matrix-synapse = {
|
||||
enable = mkEnableOption "matrix.org synapse";
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.str;
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the configuration file on the target system. Useful to configure e.g. workers
|
||||
that also need this.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-synapse;
|
||||
defaultText = literalExpression "pkgs.matrix-synapse";
|
||||
description = ''
|
||||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
example = literalExpression ''
|
||||
with config.services.matrix-synapse.package.plugins; [
|
||||
matrix-synapse-ldap3
|
||||
matrix-synapse-pam
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
List of additional Matrix plugins to make available.
|
||||
'';
|
||||
};
|
||||
|
||||
withJemalloc = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/matrix-synapse";
|
||||
description = ''
|
||||
The directory where matrix-synapse stores its stateful data such as
|
||||
certificates, media and uploads.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
default = {};
|
||||
description = ''
|
||||
The primary synapse configuration. See the
|
||||
<link xlink:href="https://github.com/matrix-org/synapse/blob/v${cfg.package.version}/docs/sample_config.yaml">sample configuration</link>
|
||||
for possible values.
|
||||
|
||||
Secrets should be passed in by using the <literal>extraConfigFiles</literal> option.
|
||||
'';
|
||||
type = with types; submodule {
|
||||
freeformType = format.type;
|
||||
options = {
|
||||
# This is a reduced set of popular options and defaults
|
||||
# Do not add every available option here, they can be specified
|
||||
# by the user at their own discretion. This is a freeform type!
|
||||
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
default = config.networking.hostName;
|
||||
defaultText = literalExpression "config.networking.hostName";
|
||||
description = ''
|
||||
The domain name of the server, with optional explicit port.
|
||||
This is used by remote servers to look up the server address.
|
||||
This is also the last part of your UserID.
|
||||
|
||||
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
|
||||
'';
|
||||
};
|
||||
|
||||
enable_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable registration for new users.
|
||||
'';
|
||||
};
|
||||
|
||||
registration_shared_secret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
If set, allows registration by anyone who also has the shared
|
||||
secret, even if registration is otherwise disabled.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
macaroon_secret_key = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Secret key for authentication tokens. If none is specified,
|
||||
the registration_shared_secret is used, if one is given; otherwise,
|
||||
a secret key is derived from the signing key.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
enable_metrics = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable collection and rendering of performance metrics
|
||||
'';
|
||||
};
|
||||
|
||||
report_stats = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether or not to report anonymized homeserver usage statistics.
|
||||
'';
|
||||
};
|
||||
|
||||
signing_key_path = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.dataDir}/homeserver.signing.key";
|
||||
description = ''
|
||||
Path to the signing key to sign messages with.
|
||||
'';
|
||||
};
|
||||
|
||||
pid_file = mkOption {
|
||||
type = types.path;
|
||||
default = "/run/matrix-synapse.pid";
|
||||
readOnly = true;
|
||||
description = ''
|
||||
The file to store the PID in.
|
||||
'';
|
||||
};
|
||||
|
||||
log_config = mkOption {
|
||||
type = types.path;
|
||||
default = ./matrix-synapse-log_config.yaml;
|
||||
description = ''
|
||||
The file that holds the logging configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
media_store_path = mkOption {
|
||||
type = types.path;
|
||||
default = if lib.versionAtLeast config.system.stateVersion "22.05"
|
||||
then "${cfg.dataDir}/media_store"
|
||||
else "${cfg.dataDir}/media";
|
||||
description = ''
|
||||
Directory where uploaded images and attachments are stored.
|
||||
'';
|
||||
};
|
||||
|
||||
public_baseurl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "https://example.com:8448/";
|
||||
description = ''
|
||||
The public-facing base URL for the client API (not including _matrix/...)
|
||||
'';
|
||||
};
|
||||
|
||||
tls_certificate_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/acme/example.com/fullchain.pem";
|
||||
description = ''
|
||||
PEM encoded X509 certificate for TLS.
|
||||
You can replace the self-signed certificate that synapse
|
||||
autogenerates on launch with your own SSL certificate + key pair
|
||||
if you like. Any required intermediary certificates can be
|
||||
appended after the primary certificate in hierarchical order.
|
||||
'';
|
||||
};
|
||||
|
||||
tls_private_key_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/acme/example.com/key.pem";
|
||||
description = ''
|
||||
PEM encoded private key for TLS. Specify null if synapse is not
|
||||
speaking TLS directly.
|
||||
'';
|
||||
};
|
||||
|
||||
presence.enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Whether to enable presence tracking.
|
||||
|
||||
Presence tracking allows users to see the state (e.g online/offline)
|
||||
of other local and remote users.
|
||||
'';
|
||||
};
|
||||
|
||||
listeners = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
example = 8448;
|
||||
description = ''
|
||||
The port to listen for HTTP(S) requests on.
|
||||
'';
|
||||
};
|
||||
|
||||
bind_addresses = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"::1"
|
||||
"127.0.0.1"
|
||||
];
|
||||
example = literalExpression ''
|
||||
[
|
||||
"::"
|
||||
"0.0.0.0"
|
||||
]
|
||||
'';
|
||||
description = ''
|
||||
IP addresses to bind the listener to.
|
||||
'';
|
||||
};
|
||||
|
||||
type = mkOption {
|
||||
type = types.enum [
|
||||
"http"
|
||||
"manhole"
|
||||
"metrics"
|
||||
"replication"
|
||||
];
|
||||
default = "http";
|
||||
example = "metrics";
|
||||
description = ''
|
||||
The type of the listener, usually http.
|
||||
'';
|
||||
};
|
||||
|
||||
tls = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Whether to enable TLS on the listener socket.
|
||||
'';
|
||||
};
|
||||
|
||||
x_forwarded = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Use the X-Forwarded-For (XFF) header as the client IP and not the
|
||||
actual client IP.
|
||||
'';
|
||||
};
|
||||
|
||||
resources = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
names = mkOption {
|
||||
type = types.listOf (types.enum [
|
||||
"client"
|
||||
"consent"
|
||||
"federation"
|
||||
"keys"
|
||||
"media"
|
||||
"metrics"
|
||||
"openid"
|
||||
"replication"
|
||||
"static"
|
||||
]);
|
||||
description = ''
|
||||
List of resources to host on this listener.
|
||||
'';
|
||||
example = [
|
||||
"client"
|
||||
];
|
||||
};
|
||||
compress = mkOption {
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Should synapse compress HTTP responses to clients that support it?
|
||||
This should be disabled if running synapse behind a load balancer
|
||||
that can do automatic compression.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
List of HTTP resources to serve on this listener.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ {
|
||||
port = 8008;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [ {
|
||||
names = [ "client" ];
|
||||
compress = true;
|
||||
} {
|
||||
names = [ "federation" ];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
description = ''
|
||||
List of ports that Synapse should listen on, their purpose and their configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
database.name = mkOption {
|
||||
type = types.enum [
|
||||
"sqlite3"
|
||||
"psycopg2"
|
||||
];
|
||||
default = if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3";
|
||||
defaultText = literalExpression ''
|
||||
if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3"
|
||||
'';
|
||||
description = ''
|
||||
The database engine name. Can be sqlite3 or psycopg2.
|
||||
'';
|
||||
};
|
||||
|
||||
database.args.database = mkOption {
|
||||
type = types.str;
|
||||
default = {
|
||||
sqlite3 = "${cfg.dataDir}/homeserver.db";
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.${cfg.settings.database.name};
|
||||
defaultText = literalExpression ''
|
||||
{
|
||||
sqlite3 = "''${${options.services.matrix-synapse.dataDir}}/homeserver.db";
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.''${${options.services.matrix-synapse.settings}.database.name};
|
||||
'';
|
||||
description = ''
|
||||
Name of the database when using the psycopg2 backend,
|
||||
path to the database location when using sqlite3.
|
||||
'';
|
||||
};
|
||||
|
||||
database.args.user = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = {
|
||||
sqlite3 = null;
|
||||
psycopg2 = "matrix-synapse";
|
||||
}.${cfg.settings.database.name};
|
||||
description = ''
|
||||
Username to connect with psycopg2, set to null
|
||||
when using sqlite3.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
example = false;
|
||||
description = ''
|
||||
Is the preview URL API enabled? If enabled, you *must* specify an
|
||||
explicit url_preview_ip_range_blacklist of IPs that the spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_ip_range_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"10.0.0.0/8"
|
||||
"100.64.0.0/10"
|
||||
"127.0.0.0/8"
|
||||
"169.254.0.0/16"
|
||||
"172.16.0.0/12"
|
||||
"192.0.0.0/24"
|
||||
"192.0.2.0/24"
|
||||
"192.168.0.0/16"
|
||||
"192.88.99.0/24"
|
||||
"198.18.0.0/15"
|
||||
"198.51.100.0/24"
|
||||
"2001:db8::/32"
|
||||
"203.0.113.0/24"
|
||||
"224.0.0.0/4"
|
||||
"::1/128"
|
||||
"fc00::/7"
|
||||
"fe80::/10"
|
||||
"fec0::/10"
|
||||
"ff00::/8"
|
||||
];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is denied
|
||||
from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_ip_range_whitelist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is allowed
|
||||
to access even if they are specified in url_preview_ip_range_blacklist.
|
||||
'';
|
||||
};
|
||||
|
||||
url_preview_url_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Optional list of URL matches that the URL preview spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
|
||||
max_upload_size = mkOption {
|
||||
type = types.str;
|
||||
default = "50M";
|
||||
example = "100M";
|
||||
description = ''
|
||||
The largest allowed upload size in bytes
|
||||
'';
|
||||
};
|
||||
|
||||
max_image_pixels = mkOption {
|
||||
type = types.str;
|
||||
default = "32M";
|
||||
example = "64M";
|
||||
description = ''
|
||||
Maximum number of pixels that will be thumbnailed
|
||||
'';
|
||||
};
|
||||
|
||||
dynamic_thumbnails = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to generate new thumbnails on the fly to precisely match
|
||||
the resolution requested by the client. If true then whenever
|
||||
a new resolution is requested by the client the server will
|
||||
generate a new thumbnail. If false the server will pick a thumbnail
|
||||
from a precalculated list.
|
||||
'';
|
||||
};
|
||||
|
||||
turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [
|
||||
"turn:turn.example.com:3487?transport=udp"
|
||||
"turn:turn.example.com:3487?transport=tcp"
|
||||
"turns:turn.example.com:5349?transport=udp"
|
||||
"turns:turn.example.com:5349?transport=tcp"
|
||||
];
|
||||
description = ''
|
||||
The public URIs of the TURN server to give to clients
|
||||
'';
|
||||
};
|
||||
turn_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = literalExpression ''
|
||||
config.services.coturn.static-auth-secret
|
||||
'';
|
||||
description = ''
|
||||
The shared secret used to compute passwords for the TURN server.
|
||||
|
||||
Secrets should be passed in via <literal>extraConfigFiles</literal>!
|
||||
'';
|
||||
};
|
||||
|
||||
trusted_key_servers = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "matrix.org";
|
||||
description = ''
|
||||
Hostname of the trusted server.
|
||||
'';
|
||||
};
|
||||
|
||||
verify_keys = mkOption {
|
||||
type = types.nullOr (types.attrsOf types.str);
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
{
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Attribute set from key id to base64 encoded public key.
|
||||
|
||||
If specified synapse will check that the response is signed
|
||||
by at least one of the given keys.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [ {
|
||||
server_name = "matrix.org";
|
||||
verify_keys = {
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
};
|
||||
} ];
|
||||
description = ''
|
||||
The trusted servers to download signing keys from.
|
||||
'';
|
||||
};
|
||||
|
||||
app_service_config_files = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
A list of application service config file to use
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
extraConfigFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra config files to include.
|
||||
|
||||
The configuration files will be included based on the command line
|
||||
argument --config-path. This allows to configure secrets without
|
||||
having to go through the Nix store, e.g. based on deployment keys if
|
||||
NixOps is in use.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
|
||||
message = ''
|
||||
Cannot deploy matrix-synapse with a configuration for a local postgresql database
|
||||
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
|
||||
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
|
||||
further reference).
|
||||
|
||||
If you
|
||||
- try to deploy a fresh synapse, you need to configure the database yourself. An example
|
||||
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
|
||||
to your configuration.
|
||||
|
||||
For further information about this update, please read the release-notes of 20.03 carefully.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.matrix-synapse.configFile = configFile;
|
||||
|
||||
users.users.matrix-synapse = {
|
||||
group = "matrix-synapse";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
uid = config.ids.uids.matrix-synapse;
|
||||
};
|
||||
|
||||
users.groups.matrix-synapse = {
|
||||
gid = config.ids.gids.matrix-synapse;
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse = {
|
||||
description = "Synapse Matrix homeserver";
|
||||
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
--config-path ${configFile} \
|
||||
--keys-directory ${cfg.dataDir} \
|
||||
--generate-keys
|
||||
'';
|
||||
environment = {
|
||||
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||
} // optionalAttrs (cfg.withJemalloc) {
|
||||
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "matrix-synapse";
|
||||
Group = "matrix-synapse";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
|
||||
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
|
||||
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
|
||||
'')) ];
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
||||
--keys-directory ${cfg.dataDir}
|
||||
'';
|
||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||
Restart = "on-failure";
|
||||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ registerNewMatrixUser ];
|
||||
};
|
||||
|
||||
meta = {
|
||||
buildDocsInSandbox = false;
|
||||
doc = ./matrix-synapse.xml;
|
||||
maintainers = teams.matrix.members;
|
||||
};
|
||||
|
||||
}
|
@ -115,20 +115,21 @@ in {
|
||||
};
|
||||
services.matrix-synapse = {
|
||||
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.server_name">server_name</link> = config.networking.domain;
|
||||
<link linkend="opt-services.matrix-synapse.listeners">listeners</link> = [
|
||||
<link linkend="opt-services.matrix-synapse.settings.server_name">server_name</link> = config.networking.domain;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners">listeners</link> = [
|
||||
{
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.port">port</link> = 8008;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.bind_address">bind_address</link> = "::1";
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.type">type</link> = "http";
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.tls">tls</link> = false;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.x_forwarded">x_forwarded</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources">resources</link> = [
|
||||
{
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources._.names">names</link> = [ "client" "federation" ];
|
||||
<link linkend="opt-services.matrix-synapse.listeners._.resources._.compress">compress</link> = false;
|
||||
}
|
||||
];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.port">port</link> = 8008;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.bind_addresses">bind_address</link> = [ "::1" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.type">type</link> = "http";
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.tls">tls</link> = false;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.x_forwarded">x_forwarded</link> = true;
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources">resources</link> = [ {
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "client" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = true;
|
||||
} {
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "federation" ];
|
||||
<link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = false;
|
||||
} ];
|
||||
}
|
||||
];
|
||||
};
|
||||
@ -151,11 +152,11 @@ in {
|
||||
|
||||
<para>
|
||||
If you want to run a server with public registration by anybody, you can
|
||||
then enable <literal><link linkend="opt-services.matrix-synapse.enable_registration">services.matrix-synapse.enable_registration</link> =
|
||||
then enable <literal><link linkend="opt-services.matrix-synapse.settings.enable_registration">services.matrix-synapse.enable_registration</link> =
|
||||
true;</literal>. Otherwise, or you can generate a registration secret with
|
||||
<command>pwgen -s 64 1</command> and set it with
|
||||
<option><link linkend="opt-services.matrix-synapse.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>. To
|
||||
create a new user or admin, run the following after you have set the secret
|
||||
<option><link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">services.matrix-synapse.registration_shared_secret</link></option>.
|
||||
To create a new user or admin, run the following after you have set the secret
|
||||
and have rebuilt NixOS:
|
||||
<screen>
|
||||
<prompt>$ </prompt>nix run nixpkgs.matrix-synapse
|
||||
@ -170,7 +171,7 @@ Success!
|
||||
<literal>@your-username:example.org</literal>. Note that the registration
|
||||
secret ends up in the nix store and therefore is world-readable by any user
|
||||
on your machine, so it makes sense to only temporarily activate the
|
||||
<link linkend="opt-services.matrix-synapse.registration_shared_secret">registration_shared_secret</link>
|
||||
<link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">registration_shared_secret</link>
|
||||
option until a better solution for NixOS is in place.
|
||||
</para>
|
||||
</section>
|
@ -1,844 +0,0 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse;
|
||||
opt = options.services.matrix-synapse;
|
||||
pg = config.services.postgresql;
|
||||
usePostgresql = cfg.database_type == "psycopg2";
|
||||
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
|
||||
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}'';
|
||||
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
|
||||
pluginsEnv = cfg.package.python.buildEnv.override {
|
||||
extraLibs = cfg.plugins;
|
||||
};
|
||||
configFile = pkgs.writeText "homeserver.yaml" ''
|
||||
${optionalString (cfg.tls_certificate_path != null) ''
|
||||
tls_certificate_path: "${cfg.tls_certificate_path}"
|
||||
''}
|
||||
${optionalString (cfg.tls_private_key_path != null) ''
|
||||
tls_private_key_path: "${cfg.tls_private_key_path}"
|
||||
''}
|
||||
${optionalString (cfg.tls_dh_params_path != null) ''
|
||||
tls_dh_params_path: "${cfg.tls_dh_params_path}"
|
||||
''}
|
||||
no_tls: ${boolToString cfg.no_tls}
|
||||
${optionalString (cfg.bind_port != null) ''
|
||||
bind_port: ${toString cfg.bind_port}
|
||||
''}
|
||||
${optionalString (cfg.unsecure_port != null) ''
|
||||
unsecure_port: ${toString cfg.unsecure_port}
|
||||
''}
|
||||
${optionalString (cfg.bind_host != null) ''
|
||||
bind_host: "${cfg.bind_host}"
|
||||
''}
|
||||
server_name: "${cfg.server_name}"
|
||||
pid_file: "/run/matrix-synapse.pid"
|
||||
${optionalString (cfg.public_baseurl != null) ''
|
||||
public_baseurl: "${cfg.public_baseurl}"
|
||||
''}
|
||||
listeners: [${concatStringsSep "," (map mkListener cfg.listeners)}]
|
||||
database: {
|
||||
name: "${cfg.database_type}",
|
||||
args: {
|
||||
${concatStringsSep ",\n " (
|
||||
mapAttrsToList (n: v: "\"${n}\": ${builtins.toJSON v}") cfg.database_args
|
||||
)}
|
||||
}
|
||||
}
|
||||
event_cache_size: "${cfg.event_cache_size}"
|
||||
verbose: ${cfg.verbose}
|
||||
log_config: "${logConfigFile}"
|
||||
rc_messages_per_second: ${cfg.rc_messages_per_second}
|
||||
rc_message_burst_count: ${cfg.rc_message_burst_count}
|
||||
federation_rc_window_size: ${cfg.federation_rc_window_size}
|
||||
federation_rc_sleep_limit: ${cfg.federation_rc_sleep_limit}
|
||||
federation_rc_sleep_delay: ${cfg.federation_rc_sleep_delay}
|
||||
federation_rc_reject_limit: ${cfg.federation_rc_reject_limit}
|
||||
federation_rc_concurrent: ${cfg.federation_rc_concurrent}
|
||||
media_store_path: "${cfg.dataDir}/media"
|
||||
uploads_path: "${cfg.dataDir}/uploads"
|
||||
max_upload_size: "${cfg.max_upload_size}"
|
||||
max_image_pixels: "${cfg.max_image_pixels}"
|
||||
dynamic_thumbnails: ${boolToString cfg.dynamic_thumbnails}
|
||||
url_preview_enabled: ${boolToString cfg.url_preview_enabled}
|
||||
${optionalString (cfg.url_preview_enabled == true) ''
|
||||
url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist}
|
||||
url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist}
|
||||
url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist}
|
||||
''}
|
||||
recaptcha_private_key: "${cfg.recaptcha_private_key}"
|
||||
recaptcha_public_key: "${cfg.recaptcha_public_key}"
|
||||
enable_registration_captcha: ${boolToString cfg.enable_registration_captcha}
|
||||
turn_uris: ${builtins.toJSON cfg.turn_uris}
|
||||
turn_shared_secret: "${cfg.turn_shared_secret}"
|
||||
enable_registration: ${boolToString cfg.enable_registration}
|
||||
${optionalString (cfg.registration_shared_secret != null) ''
|
||||
registration_shared_secret: "${cfg.registration_shared_secret}"
|
||||
''}
|
||||
recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
|
||||
turn_user_lifetime: "${cfg.turn_user_lifetime}"
|
||||
user_creation_max_duration: ${cfg.user_creation_max_duration}
|
||||
bcrypt_rounds: ${cfg.bcrypt_rounds}
|
||||
allow_guest_access: ${boolToString cfg.allow_guest_access}
|
||||
|
||||
account_threepid_delegates:
|
||||
${optionalString (cfg.account_threepid_delegates.email != null) "email: ${cfg.account_threepid_delegates.email}"}
|
||||
${optionalString (cfg.account_threepid_delegates.msisdn != null) "msisdn: ${cfg.account_threepid_delegates.msisdn}"}
|
||||
|
||||
room_prejoin_state:
|
||||
disable_default_event_types: ${boolToString cfg.room_prejoin_state.disable_default_event_types}
|
||||
additional_event_types: ${builtins.toJSON cfg.room_prejoin_state.additional_event_types}
|
||||
${optionalString (cfg.macaroon_secret_key != null) ''
|
||||
macaroon_secret_key: "${cfg.macaroon_secret_key}"
|
||||
''}
|
||||
expire_access_token: ${boolToString cfg.expire_access_token}
|
||||
enable_metrics: ${boolToString cfg.enable_metrics}
|
||||
report_stats: ${boolToString cfg.report_stats}
|
||||
signing_key_path: "${cfg.dataDir}/homeserver.signing.key"
|
||||
key_refresh_interval: "${cfg.key_refresh_interval}"
|
||||
perspectives:
|
||||
servers: {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"verify_keys": {
|
||||
${concatStringsSep "},\n" (mapAttrsToList (n: v: ''
|
||||
"${n}": {
|
||||
"key": "${v}"
|
||||
}'') v)}
|
||||
}
|
||||
'') cfg.servers)}
|
||||
}
|
||||
}
|
||||
redaction_retention_period: ${toString cfg.redaction_retention_period}
|
||||
app_service_config_files: ${builtins.toJSON cfg.app_service_config_files}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
hasLocalPostgresDB = let args = cfg.database_args; in
|
||||
usePostgresql && (!(args ? host) || (elem args.host [ "localhost" "127.0.0.1" "::1" ]));
|
||||
|
||||
registerNewMatrixUser =
|
||||
let
|
||||
isIpv6 = x: lib.length (lib.splitString ":" x) > 1;
|
||||
listener =
|
||||
lib.findFirst (
|
||||
listener: lib.any (
|
||||
resource: lib.any (
|
||||
name: name == "client"
|
||||
) resource.names
|
||||
) listener.resources
|
||||
) (lib.last cfg.listeners) cfg.listeners;
|
||||
in
|
||||
pkgs.writeShellScriptBin "matrix-synapse-register_new_matrix_user" ''
|
||||
exec ${cfg.package}/bin/register_new_matrix_user \
|
||||
$@ \
|
||||
${lib.concatMapStringsSep " " (x: "-c ${x}") ([ configFile ] ++ cfg.extraConfigFiles)} \
|
||||
"${listener.type}://${
|
||||
if (isIpv6 listener.bind_address) then
|
||||
"[${listener.bind_address}]"
|
||||
else
|
||||
"${listener.bind_address}"
|
||||
}:${builtins.toString listener.port}/"
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
services.matrix-synapse = {
|
||||
enable = mkEnableOption "matrix.org synapse";
|
||||
configFile = mkOption {
|
||||
type = types.str;
|
||||
readOnly = true;
|
||||
description = ''
|
||||
Path to the configuration file on the target system. Useful to configure e.g. workers
|
||||
that also need this.
|
||||
'';
|
||||
};
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.matrix-synapse;
|
||||
defaultText = literalExpression "pkgs.matrix-synapse";
|
||||
description = ''
|
||||
Overridable attribute of the matrix synapse server package to use.
|
||||
'';
|
||||
};
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [ ];
|
||||
example = literalExpression ''
|
||||
with config.services.matrix-synapse.package.plugins; [
|
||||
matrix-synapse-ldap3
|
||||
matrix-synapse-pam
|
||||
];
|
||||
'';
|
||||
description = ''
|
||||
List of additional Matrix plugins to make available.
|
||||
'';
|
||||
};
|
||||
withJemalloc = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
|
||||
'';
|
||||
};
|
||||
no_tls = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Don't bind to the https port
|
||||
'';
|
||||
};
|
||||
bind_port = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
example = 8448;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
The port to listen for HTTPS requests on.
|
||||
For when matrix traffic is sent directly to synapse.
|
||||
'';
|
||||
};
|
||||
unsecure_port = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
example = 8008;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
The port to listen for HTTP requests on.
|
||||
For when matrix traffic passes through loadbalancer that unwraps TLS.
|
||||
'';
|
||||
};
|
||||
bind_host = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
DEPRECATED: Use listeners instead.
|
||||
Local interface to listen on.
|
||||
The empty string will cause synapse to listen on all interfaces.
|
||||
'';
|
||||
};
|
||||
tls_certificate_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.crt";
|
||||
description = ''
|
||||
PEM encoded X509 certificate for TLS.
|
||||
You can replace the self-signed certificate that synapse
|
||||
autogenerates on launch with your own SSL certificate + key pair
|
||||
if you like. Any required intermediary certificates can be
|
||||
appended after the primary certificate in hierarchical order.
|
||||
'';
|
||||
};
|
||||
tls_private_key_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.key";
|
||||
description = ''
|
||||
PEM encoded private key for TLS. Specify null if synapse is not
|
||||
speaking TLS directly.
|
||||
'';
|
||||
};
|
||||
tls_dh_params_path = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/var/lib/matrix-synapse/homeserver.tls.dh";
|
||||
description = ''
|
||||
PEM dh parameters for ephemeral keys
|
||||
'';
|
||||
};
|
||||
server_name = mkOption {
|
||||
type = types.str;
|
||||
example = "example.com";
|
||||
default = config.networking.hostName;
|
||||
defaultText = literalExpression "config.networking.hostName";
|
||||
description = ''
|
||||
The domain name of the server, with optional explicit port.
|
||||
This is used by remote servers to look up the server address.
|
||||
This is also the last part of your UserID.
|
||||
|
||||
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
|
||||
'';
|
||||
};
|
||||
public_baseurl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "https://example.com:8448/";
|
||||
description = ''
|
||||
The public-facing base URL for the client API (not including _matrix/...)
|
||||
'';
|
||||
};
|
||||
listeners = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
example = 8448;
|
||||
description = ''
|
||||
The port to listen for HTTP(S) requests on.
|
||||
'';
|
||||
};
|
||||
bind_address = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "203.0.113.42";
|
||||
description = ''
|
||||
Local interface to listen on.
|
||||
The empty string will cause synapse to listen on all interfaces.
|
||||
'';
|
||||
};
|
||||
type = mkOption {
|
||||
type = types.str;
|
||||
default = "http";
|
||||
description = ''
|
||||
Type of listener.
|
||||
'';
|
||||
};
|
||||
tls = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to listen for HTTPS connections rather than HTTP.
|
||||
'';
|
||||
};
|
||||
x_forwarded = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Use the X-Forwarded-For (XFF) header as the client IP and not the
|
||||
actual client IP.
|
||||
'';
|
||||
};
|
||||
resources = mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
names = mkOption {
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
List of resources to host on this listener.
|
||||
'';
|
||||
example = ["client" "federation"];
|
||||
};
|
||||
compress = mkOption {
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Should synapse compress HTTP responses to clients that support it?
|
||||
This should be disabled if running synapse behind a load balancer
|
||||
that can do automatic compression.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
List of HTTP resources to serve on this listener.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
default = [{
|
||||
port = 8448;
|
||||
bind_address = "";
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [
|
||||
{ names = ["client"]; compress = true; }
|
||||
{ names = ["federation"]; compress = false; }
|
||||
];
|
||||
}];
|
||||
description = ''
|
||||
List of ports that Synapse should listen on, their purpose and their configuration.
|
||||
'';
|
||||
};
|
||||
verbose = mkOption {
|
||||
type = types.str;
|
||||
default = "0";
|
||||
description = "Logging verbosity level.";
|
||||
};
|
||||
rc_messages_per_second = mkOption {
|
||||
type = types.str;
|
||||
default = "0.2";
|
||||
description = "Number of messages a client can send per second";
|
||||
};
|
||||
rc_message_burst_count = mkOption {
|
||||
type = types.str;
|
||||
default = "10.0";
|
||||
description = "Number of message a client can send before being throttled";
|
||||
};
|
||||
federation_rc_window_size = mkOption {
|
||||
type = types.str;
|
||||
default = "1000";
|
||||
description = "The federation window size in milliseconds";
|
||||
};
|
||||
federation_rc_sleep_limit = mkOption {
|
||||
type = types.str;
|
||||
default = "10";
|
||||
description = ''
|
||||
The number of federation requests from a single server in a window
|
||||
before the server will delay processing the request.
|
||||
'';
|
||||
};
|
||||
federation_rc_sleep_delay = mkOption {
|
||||
type = types.str;
|
||||
default = "500";
|
||||
description = ''
|
||||
The duration in milliseconds to delay processing events from
|
||||
remote servers by if they go over the sleep limit.
|
||||
'';
|
||||
};
|
||||
federation_rc_reject_limit = mkOption {
|
||||
type = types.str;
|
||||
default = "50";
|
||||
description = ''
|
||||
The maximum number of concurrent federation requests allowed
|
||||
from a single server
|
||||
'';
|
||||
};
|
||||
federation_rc_concurrent = mkOption {
|
||||
type = types.str;
|
||||
default = "3";
|
||||
description = "The number of federation requests to concurrently process from a single server";
|
||||
};
|
||||
database_type = mkOption {
|
||||
type = types.enum [ "sqlite3" "psycopg2" ];
|
||||
default = if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3";
|
||||
defaultText = literalExpression ''
|
||||
if versionAtLeast config.system.stateVersion "18.03"
|
||||
then "psycopg2"
|
||||
else "sqlite3"
|
||||
'';
|
||||
description = ''
|
||||
The database engine name. Can be sqlite or psycopg2.
|
||||
'';
|
||||
};
|
||||
database_name = mkOption {
|
||||
type = types.str;
|
||||
default = "matrix-synapse";
|
||||
description = "Database name.";
|
||||
};
|
||||
database_user = mkOption {
|
||||
type = types.str;
|
||||
default = "matrix-synapse";
|
||||
description = "Database user name.";
|
||||
};
|
||||
database_args = mkOption {
|
||||
type = types.attrs;
|
||||
default = {
|
||||
sqlite3 = { database = "${cfg.dataDir}/homeserver.db"; };
|
||||
psycopg2 = {
|
||||
user = cfg.database_user;
|
||||
database = cfg.database_name;
|
||||
};
|
||||
}.${cfg.database_type};
|
||||
defaultText = literalDocBook ''
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>using sqlite3</term>
|
||||
<listitem>
|
||||
<programlisting>
|
||||
{ database = "''${config.${opt.dataDir}}/homeserver.db"; }
|
||||
</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>using psycopg2</term>
|
||||
<listitem>
|
||||
<programlisting>
|
||||
psycopg2 = {
|
||||
user = config.${opt.database_user};
|
||||
database = config.${opt.database_name};
|
||||
}
|
||||
</programlisting>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
'';
|
||||
description = ''
|
||||
Arguments to pass to the engine.
|
||||
'';
|
||||
};
|
||||
event_cache_size = mkOption {
|
||||
type = types.str;
|
||||
default = "10K";
|
||||
description = "Number of events to cache in memory.";
|
||||
};
|
||||
url_preview_enabled = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Is the preview URL API enabled? If enabled, you *must* specify an
|
||||
explicit url_preview_ip_range_blacklist of IPs that the spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
url_preview_ip_range_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"127.0.0.0/8"
|
||||
"10.0.0.0/8"
|
||||
"172.16.0.0/12"
|
||||
"192.168.0.0/16"
|
||||
"100.64.0.0/10"
|
||||
"169.254.0.0/16"
|
||||
"::1/128"
|
||||
"fe80::/64"
|
||||
"fc00::/7"
|
||||
];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is denied
|
||||
from accessing.
|
||||
'';
|
||||
};
|
||||
url_preview_ip_range_whitelist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
List of IP address CIDR ranges that the URL preview spider is allowed
|
||||
to access even if they are specified in
|
||||
url_preview_ip_range_blacklist.
|
||||
'';
|
||||
};
|
||||
url_preview_url_blacklist = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Optional list of URL matches that the URL preview spider is
|
||||
denied from accessing.
|
||||
'';
|
||||
};
|
||||
recaptcha_private_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA private key.
|
||||
'';
|
||||
};
|
||||
recaptcha_public_key = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This Home Server's ReCAPTCHA public key.
|
||||
'';
|
||||
};
|
||||
enable_registration_captcha = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enables ReCaptcha checks when registering, preventing signup
|
||||
unless a captcha is answered. Requires a valid ReCaptcha
|
||||
public/private key.
|
||||
'';
|
||||
};
|
||||
turn_uris = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
The public URIs of the TURN server to give to clients
|
||||
'';
|
||||
};
|
||||
turn_shared_secret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
The shared secret used to compute passwords for the TURN server
|
||||
'';
|
||||
};
|
||||
turn_user_lifetime = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = "How long generated TURN credentials last";
|
||||
};
|
||||
enable_registration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable registration for new users.
|
||||
'';
|
||||
};
|
||||
registration_shared_secret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
If set, allows registration by anyone who also has the shared
|
||||
secret, even if registration is otherwise disabled.
|
||||
'';
|
||||
};
|
||||
enable_metrics = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable collection and rendering of performance metrics
|
||||
'';
|
||||
};
|
||||
report_stats = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "";
|
||||
};
|
||||
servers = mkOption {
|
||||
type = types.attrsOf (types.attrsOf types.str);
|
||||
default = {
|
||||
"matrix.org" = {
|
||||
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
The trusted servers to download signing keys from.
|
||||
'';
|
||||
};
|
||||
max_upload_size = mkOption {
|
||||
type = types.str;
|
||||
default = "10M";
|
||||
description = "The largest allowed upload size in bytes";
|
||||
};
|
||||
max_image_pixels = mkOption {
|
||||
type = types.str;
|
||||
default = "32M";
|
||||
description = "Maximum number of pixels that will be thumbnailed";
|
||||
};
|
||||
dynamic_thumbnails = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to generate new thumbnails on the fly to precisely match
|
||||
the resolution requested by the client. If true then whenever
|
||||
a new resolution is requested by the client the server will
|
||||
generate a new thumbnail. If false the server will pick a thumbnail
|
||||
from a precalculated list.
|
||||
'';
|
||||
};
|
||||
user_creation_max_duration = mkOption {
|
||||
type = types.str;
|
||||
default = "1209600000";
|
||||
description = ''
|
||||
Sets the expiry for the short term user creation in
|
||||
milliseconds. The default value is two weeks.
|
||||
'';
|
||||
};
|
||||
bcrypt_rounds = mkOption {
|
||||
type = types.str;
|
||||
default = "12";
|
||||
description = ''
|
||||
Set the number of bcrypt rounds used to generate password hash.
|
||||
Larger numbers increase the work factor needed to generate the hash.
|
||||
'';
|
||||
};
|
||||
allow_guest_access = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allows users to register as guests without a password/email/etc, and
|
||||
participate in rooms hosted on this server which have been made
|
||||
accessible to anonymous users.
|
||||
'';
|
||||
};
|
||||
account_threepid_delegates.email = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Delegate email sending to https://example.org
|
||||
'';
|
||||
};
|
||||
account_threepid_delegates.msisdn = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Delegate SMS sending to this local process (https://localhost:8090)
|
||||
'';
|
||||
};
|
||||
room_prejoin_state.additional_event_types = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
Additional events to share with users who received an invite.
|
||||
'';
|
||||
};
|
||||
room_prejoin_state.disable_default_event_types = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to disable the default state-event types for users invited to a room.
|
||||
These are:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>m.room.join_rules</para></listitem>
|
||||
<listitem><para>m.room.canonical_alias</para></listitem>
|
||||
<listitem><para>m.room.avatar</para></listitem>
|
||||
<listitem><para>m.room.encryption</para></listitem>
|
||||
<listitem><para>m.room.name</para></listitem>
|
||||
<listitem><para>m.room.create</para></listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
macaroon_secret_key = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Secret key for authentication tokens
|
||||
'';
|
||||
};
|
||||
expire_access_token = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable access token expiration.
|
||||
'';
|
||||
};
|
||||
key_refresh_interval = mkOption {
|
||||
type = types.str;
|
||||
default = "1d";
|
||||
description = ''
|
||||
How long key response published by this server is valid for.
|
||||
Used to set the valid_until_ts in /key/v2 APIs.
|
||||
Determines how quickly servers will query to check which keys
|
||||
are still valid.
|
||||
'';
|
||||
};
|
||||
app_service_config_files = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
A list of application service config file to use
|
||||
'';
|
||||
};
|
||||
redaction_retention_period = mkOption {
|
||||
type = types.int;
|
||||
default = 7;
|
||||
description = ''
|
||||
How long to keep redacted events in unredacted form in the database.
|
||||
'';
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra config options for matrix-synapse.
|
||||
'';
|
||||
};
|
||||
extraConfigFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra config files to include.
|
||||
|
||||
The configuration files will be included based on the command line
|
||||
argument --config-path. This allows to configure secrets without
|
||||
having to go through the Nix store, e.g. based on deployment keys if
|
||||
NixOPS is in use.
|
||||
'';
|
||||
};
|
||||
logConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = readFile ./matrix-synapse-log_config.yaml;
|
||||
description = ''
|
||||
A yaml python logging config file
|
||||
'';
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/matrix-synapse";
|
||||
description = ''
|
||||
The directory where matrix-synapse stores its stateful data such as
|
||||
certificates, media and uploads.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = hasLocalPostgresDB -> config.services.postgresql.enable;
|
||||
message = ''
|
||||
Cannot deploy matrix-synapse with a configuration for a local postgresql database
|
||||
and a missing postgresql service. Since 20.03 it's mandatory to manually configure the
|
||||
database (please read the thread in https://github.com/NixOS/nixpkgs/pull/80447 for
|
||||
further reference).
|
||||
|
||||
If you
|
||||
- try to deploy a fresh synapse, you need to configure the database yourself. An example
|
||||
for this can be found in <nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
- update your existing matrix-synapse instance, you simply need to add `services.postgresql.enable = true`
|
||||
to your configuration.
|
||||
|
||||
For further information about this update, please read the release-notes of 20.03 carefully.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.matrix-synapse.configFile = "${configFile}";
|
||||
|
||||
users.users.matrix-synapse = {
|
||||
group = "matrix-synapse";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
shell = "${pkgs.bash}/bin/bash";
|
||||
uid = config.ids.uids.matrix-synapse;
|
||||
};
|
||||
|
||||
users.groups.matrix-synapse = {
|
||||
gid = config.ids.gids.matrix-synapse;
|
||||
};
|
||||
|
||||
systemd.services.matrix-synapse = {
|
||||
description = "Synapse Matrix homeserver";
|
||||
after = [ "network.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
--config-path ${configFile} \
|
||||
--keys-directory ${cfg.dataDir} \
|
||||
--generate-keys
|
||||
'';
|
||||
environment = {
|
||||
PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ];
|
||||
} // optionalAttrs (cfg.withJemalloc) {
|
||||
LD_PRELOAD = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
User = "matrix-synapse";
|
||||
Group = "matrix-synapse";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
|
||||
chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
|
||||
chmod 0600 ${cfg.dataDir}/homeserver.signing.key
|
||||
'')) ];
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/synapse_homeserver \
|
||||
${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
|
||||
--keys-directory ${cfg.dataDir}
|
||||
'';
|
||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||
Restart = "on-failure";
|
||||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ registerNewMatrixUser ];
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
|
||||
The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
|
||||
as the behavior is now obsolete.
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "create_local_database" ] ''
|
||||
Database configuration must be done manually. An exemplary setup is demonstrated in
|
||||
<nixpkgs/nixos/tests/matrix-synapse.nix>
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "web_client" ] "")
|
||||
(mkRemovedOptionModule [ "services" "matrix-synapse" "room_invite_state_types" ] ''
|
||||
You may add additional event types via
|
||||
`services.matrix-synapse.room_prejoin_state.additional_event_types` and
|
||||
disable the default events via
|
||||
`services.matrix-synapse.room_prejoin_state.disable_default_event_types`.
|
||||
'')
|
||||
];
|
||||
|
||||
meta.doc = ./matrix-synapse.xml;
|
||||
meta.maintainers = teams.matrix.members;
|
||||
|
||||
}
|
@ -556,6 +556,7 @@ in {
|
||||
|
||||
boot.kernelModules = [ "ctr" ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
security.polkit.extraConfig = polkitConf;
|
||||
|
||||
services.dbus.packages = cfg.packages
|
||||
|
@ -81,6 +81,8 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
security.pam.services.cage.text = ''
|
||||
auth required pam_unix.so nullok
|
||||
account required pam_unix.so
|
||||
|
@ -267,6 +267,8 @@ in
|
||||
# Enable the accounts daemon to find lightdm's dbus interface
|
||||
environment.systemPackages = [ lightdm ];
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
security.pam.services.lightdm.text = ''
|
||||
auth substack login
|
||||
account include login
|
||||
|
@ -620,9 +620,6 @@ in
|
||||
in optional (driver != null) ({ inherit name; modules = []; driverName = name; display = true; } // driver));
|
||||
|
||||
assertions = [
|
||||
{ assertion = config.security.polkit.enable;
|
||||
message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
|
||||
}
|
||||
(let primaryHeads = filter (x: x.primary) cfg.xrandrHeads; in {
|
||||
assertion = length primaryHeads < 2;
|
||||
message = "Only one head is allowed to be primary in "
|
||||
|
@ -2,8 +2,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
configDir = "/var/lib/foobar";
|
||||
mqttUsername = "homeassistant";
|
||||
mqttPassword = "secret";
|
||||
in {
|
||||
name = "home-assistant";
|
||||
meta.maintainers = lib.teams.home-assistant.members;
|
||||
@ -11,18 +9,6 @@ in {
|
||||
nodes.hass = { pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ mosquitto ];
|
||||
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
listeners = [ {
|
||||
users = {
|
||||
"${mqttUsername}" = {
|
||||
acl = [ "readwrite #" ];
|
||||
password = mqttPassword;
|
||||
};
|
||||
};
|
||||
} ];
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "hass" ];
|
||||
@ -76,23 +62,6 @@ in {
|
||||
# https://www.home-assistant.io/integrations/frontend/
|
||||
frontend = {};
|
||||
|
||||
# configure an mqtt broker connection
|
||||
# https://www.home-assistant.io/integrations/mqtt
|
||||
mqtt = {
|
||||
broker = "127.0.0.1";
|
||||
username = mqttUsername;
|
||||
password = mqttPassword;
|
||||
};
|
||||
|
||||
# create a mqtt sensor that syncs state with its mqtt topic
|
||||
# https://www.home-assistant.io/integrations/sensor.mqtt/
|
||||
binary_sensor = [ {
|
||||
platform = "mqtt";
|
||||
state_topic = "home-assistant/test";
|
||||
payload_on = "let_there_be_light";
|
||||
payload_off = "off";
|
||||
} ];
|
||||
|
||||
# set up a wake-on-lan switch to test capset capability required
|
||||
# for the ping suid wrapper
|
||||
# https://www.home-assistant.io/integrations/wake_on_lan/
|
||||
@ -109,11 +78,9 @@ in {
|
||||
listen_port = 80;
|
||||
};
|
||||
|
||||
# show mqtt interaction in the log
|
||||
# https://www.home-assistant.io/integrations/logger/
|
||||
logger = {
|
||||
default = "info";
|
||||
logs."homeassistant.components.mqtt" = "debug";
|
||||
};
|
||||
};
|
||||
|
||||
@ -167,12 +134,6 @@ in {
|
||||
hass.wait_for_open_port(8123)
|
||||
hass.succeed("curl --fail http://localhost:8123/lovelace")
|
||||
|
||||
with subtest("Toggle a binary sensor using MQTT"):
|
||||
hass.wait_for_open_port(1883)
|
||||
hass.succeed(
|
||||
"mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
|
||||
)
|
||||
|
||||
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
|
||||
hass.wait_for_open_port(80)
|
||||
hass.succeed("curl --fail http://localhost:80/description.xml")
|
||||
@ -188,10 +149,6 @@ in {
|
||||
with subtest("Check that no errors were logged"):
|
||||
assert "ERROR" not in output_log
|
||||
|
||||
# example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light'
|
||||
with subtest("Check we received the mosquitto message"):
|
||||
assert "let_there_be_light" in output_log
|
||||
|
||||
with subtest("Check systemd unit hardening"):
|
||||
hass.log(hass.succeed("systemctl cat home-assistant.service"))
|
||||
hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
|
||||
|
@ -1,6 +1,6 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
let
|
||||
homeserverUrl = "http://homeserver:8448";
|
||||
homeserverUrl = "http://homeserver:8008";
|
||||
in
|
||||
{
|
||||
name = "matrix-appservice-irc";
|
||||
@ -14,28 +14,32 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
specialisation.running.configuration = {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
settings = {
|
||||
database.name = "sqlite3";
|
||||
app_service_config_files = [ "/registration.yml" ];
|
||||
|
||||
enable_registration = true;
|
||||
|
||||
listeners = [
|
||||
listeners = [ {
|
||||
# The default but tls=false
|
||||
{
|
||||
"bind_address" = "";
|
||||
"port" = 8448;
|
||||
"resources" = [
|
||||
{ "compress" = true; "names" = [ "client" ]; }
|
||||
{ "compress" = false; "names" = [ "federation" ]; }
|
||||
];
|
||||
"tls" = false;
|
||||
"type" = "http";
|
||||
"x_forwarded" = false;
|
||||
}
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
port = 8008;
|
||||
resources = [ {
|
||||
"compress" = true;
|
||||
"names" = [ "client" ];
|
||||
} {
|
||||
"compress" = false;
|
||||
"names" = [ "federation" ];
|
||||
} ];
|
||||
tls = false;
|
||||
type = "http";
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8448 ];
|
||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||
};
|
||||
};
|
||||
|
||||
@ -209,7 +213,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
)
|
||||
|
||||
homeserver.wait_for_unit("matrix-synapse.service")
|
||||
homeserver.wait_for_open_port(8448)
|
||||
homeserver.wait_for_open_port(8008)
|
||||
|
||||
with subtest("ensure messages can be exchanged"):
|
||||
client.succeed("do_test ${homeserverUrl} >&2")
|
||||
|
@ -33,6 +33,29 @@ import ./make-test-python.nix ({ pkgs, ... } : let
|
||||
testUser = "alice";
|
||||
testPassword = "alicealice";
|
||||
testEmail = "alice@example.com";
|
||||
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_addresses = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [ {
|
||||
names = [
|
||||
"client"
|
||||
];
|
||||
compress = true;
|
||||
} {
|
||||
names = [
|
||||
"federation"
|
||||
];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
|
||||
in {
|
||||
|
||||
name = "matrix-synapse";
|
||||
@ -48,22 +71,24 @@ in {
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "psycopg2";
|
||||
settings = {
|
||||
inherit listeners;
|
||||
database = {
|
||||
name = "psycopg2";
|
||||
args.password = "synapse";
|
||||
};
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
database_args = {
|
||||
password = "synapse";
|
||||
};
|
||||
registration_shared_secret = registrationSharedSecret;
|
||||
public_baseurl = "https://example.com";
|
||||
extraConfig = ''
|
||||
email:
|
||||
smtp_host: "${mailerDomain}"
|
||||
smtp_port: 25
|
||||
require_transport_security: true
|
||||
notif_from: "matrix <matrix@${mailerDomain}>"
|
||||
app_name: "Matrix"
|
||||
'';
|
||||
email = {
|
||||
smtp_host = mailerDomain;
|
||||
smtp_port = 25;
|
||||
require_transport_security = true;
|
||||
notif_from = "matrix <matrix@${mailerDomain}>";
|
||||
app_name = "Matrix";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
@ -165,12 +190,15 @@ in {
|
||||
serversqlite = args: {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
settings = {
|
||||
inherit listeners;
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
@ -38,26 +38,31 @@ import ../make-test-python.nix (
|
||||
homeserver = { pkgs, ... }: {
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
settings = {
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
enable_registration = true;
|
||||
registration_shared_secret = "supersecret-registration";
|
||||
|
||||
listeners = [
|
||||
listeners = [ {
|
||||
# The default but tls=false
|
||||
{
|
||||
"bind_address" = "";
|
||||
"port" = 8448;
|
||||
"resources" = [
|
||||
{ "compress" = true; "names" = [ "client" "webclient" ]; }
|
||||
{ "compress" = false; "names" = [ "federation" ]; }
|
||||
];
|
||||
"tls" = false;
|
||||
"type" = "http";
|
||||
"x_forwarded" = false;
|
||||
}
|
||||
bind_addresses = [
|
||||
"0.0.0.0"
|
||||
];
|
||||
port = 8448;
|
||||
resources = [ {
|
||||
compress = true;
|
||||
names = [ "client" ];
|
||||
} {
|
||||
compress = false;
|
||||
names = [ "federation" ];
|
||||
} ];
|
||||
tls = false;
|
||||
type = "http";
|
||||
x_forwarded = false;
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8448 ];
|
||||
|
@ -47,11 +47,34 @@ import ../make-test-python.nix (
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
database_type = "sqlite3";
|
||||
settings = {
|
||||
listeners = [ {
|
||||
port = 8448;
|
||||
bind_addresses = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
];
|
||||
type = "http";
|
||||
tls = true;
|
||||
x_forwarded = false;
|
||||
resources = [ {
|
||||
names = [
|
||||
"client"
|
||||
];
|
||||
compress = true;
|
||||
} {
|
||||
names = [
|
||||
"federation"
|
||||
];
|
||||
compress = false;
|
||||
} ];
|
||||
} ];
|
||||
database.name = "sqlite3";
|
||||
tls_certificate_path = "${cert}";
|
||||
tls_private_key_path = "${key}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
# Automatically login on tty1 as a normal user:
|
||||
imports = [ ./common/user-account.nix ];
|
||||
services.getty.autologinUser = "alice";
|
||||
security.polkit.enable = true;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ tinywl foot wayland-utils ];
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "erigon";
|
||||
version = "2022.02.03";
|
||||
version = "2022.02.04";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ledgerwatch";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-M8rCLkKoCx+5Eg53HfK6Ui4UrYsujGd7G8ckONclhTM=";
|
||||
sha256 = "sha256-86a1VtVyTRKpY41fAHskUfPZpXUutpyvxlRLhkiHTZ0=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-loYo1nAR1lARsfoY5Q+k/tgVBxNxcr++zwUjLN3TRLA=";
|
||||
vendorSha256 = "sha256-P3jdK+ubBHusTL4eWlA/TDJIrbuV17tL8Cv6c3ubjlc=";
|
||||
proxyVendor = true;
|
||||
|
||||
# Build errors in mdbx when format hardening is enabled:
|
||||
|
@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "exodus";
|
||||
version = "22.2.11";
|
||||
version = "22.2.25";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
||||
sha256 = "sha256-/K5dB5Qfaiv68YWTQ4j5QnqSo+TXPkWcQ+PlJpzDoe8=";
|
||||
sha256 = "sha256-YbApI9rIk1653Hp3hsXJrxBMpaGn6Wv3WhZiQWAfPQM=";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
36
pkgs/applications/graphics/skanpage/default.nix
Normal file
36
pkgs/applications/graphics/skanpage/default.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ lib
|
||||
, mkDerivation
|
||||
, fetchurl
|
||||
, extra-cmake-modules
|
||||
, kirigami2
|
||||
, ktextwidgets
|
||||
, libksane
|
||||
, qtquickcontrols2
|
||||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "skanpage";
|
||||
version = "1.0.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kde/stable/skanpage/${version}/${pname}-${version}.tar.xz";
|
||||
hash = "sha256-kPVAG64oPkKF3ztHB4V7M2xc1AcvwiHnYpMMLMQNYGA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ extra-cmake-modules ];
|
||||
|
||||
buildInputs = [
|
||||
kirigami2
|
||||
ktextwidgets
|
||||
libksane
|
||||
qtquickcontrols2
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "KDE utility to scan images and multi-page documents";
|
||||
homepage = "https://apps.kde.org/skanpage";
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = with maintainers; [ samuelgrf ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
@ -2,16 +2,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "genact";
|
||||
version = "0.11.0";
|
||||
version = "0.12.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "svenstaro";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "1hc4jwk5rr1yw3pfvriash7b03j181k8c9y7m3sglkk8xnff219c";
|
||||
sha256 = "sha256-ouDaOs72vivJBZVwcJhv4YoPKQOEBctUTqubvrpoBtI=";
|
||||
};
|
||||
|
||||
cargoSha256 = "0a5ic6c7fvmg2kh3qprzffnpw40cmrgbscrlhxxs3m7nxfjdh7bc";
|
||||
cargoSha256 = "sha256-csubycZaBUHPp8XJ1C+nWw7DzVGVJm38/Dgw41qUMYQ=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "A nonsense activity generator";
|
||||
|
@ -14,11 +14,11 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "mkgmap";
|
||||
version = "4895";
|
||||
version = "4896";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.mkgmap.org.uk/download/mkgmap-r${version}-src.tar.gz";
|
||||
sha256 = "jGSDH90ze0hHa9nAaeEkj1sfADEk7EatGrePM3+/SDk=";
|
||||
sha256 = "1tPKZASmU0xfQgNZJYzhtvm0f7ynrWk/RWCFZ1kseKs=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -15,12 +15,6 @@ stdenvNoCC.mkDerivation rec {
|
||||
substituteInPlace src/oil --replace \
|
||||
"LIBDIR=/usr/local/lib/oil" "LIBDIR=${placeholder "out"}/lib"
|
||||
|
||||
substituteInPlace Makefile --replace \
|
||||
"LIBDIR ?= /usr/local/lib/oil" "LIBDIR ?= ${placeholder "out"}/lib" \
|
||||
|
||||
substituteInPlace Makefile --replace \
|
||||
"BINDIR ?= /usr/local/bin" "BINDIR ?= ${placeholder "out"}/bin"
|
||||
|
||||
substituteInPlace src/json-to-line.jq --replace \
|
||||
"/usr/bin/env -S jq" "${jq}/bin/jq"
|
||||
|
||||
@ -28,6 +22,11 @@ stdenvNoCC.mkDerivation rec {
|
||||
"/usr/bin/env -S awk" "${gawk}/bin/awk"
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"BINDIR=${placeholder "out"}/bin"
|
||||
"LIBDIR=${placeholder "out"}/lib"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postFixup = ''
|
@ -1,23 +1,21 @@
|
||||
{ lib, buildGoPackage, fetchgit }:
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
buildGoModule rec {
|
||||
pname = "wego";
|
||||
version = "unstable-2019-02-11";
|
||||
rev = "994e4f141759a1070d7b0c8fbe5fad2cc7ee7d45";
|
||||
version = "2.1";
|
||||
|
||||
goPackagePath = "github.com/schachmat/wego";
|
||||
|
||||
src = fetchgit {
|
||||
inherit rev;
|
||||
url = "https://github.com/schachmat/wego";
|
||||
sha256 = "1affzwi5rbp4zkirhmby8bvlhsafw7a4rs27caqwyj8g3jhczmhy";
|
||||
src = fetchFromGitHub {
|
||||
owner = "schachmat";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-lMcrFwYtlnivNjSbzyiAEAVX6ME87yB/Em8Cxb1LUS4=";
|
||||
};
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
vendorSha256 = "sha256-kv8c0TZdxCIfmkgCLDiNyoGqQZEKUlrNLEbjlG9rSPs=";
|
||||
|
||||
meta = {
|
||||
license = lib.licenses.isc;
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/schachmat/wego";
|
||||
description = "Weather app for the terminal";
|
||||
license = licenses.isc;
|
||||
};
|
||||
}
|
||||
|
48
pkgs/applications/misc/wego/deps.nix
generated
48
pkgs/applications/misc/wego/deps.nix
generated
@ -1,48 +0,0 @@
|
||||
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
|
||||
[
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-colorable";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-colorable";
|
||||
rev = "98ec13f34aabf44cc914c65a1cfb7b9bc815aef1";
|
||||
sha256 = "1yxcz08kminqr1221zxpibnbzfcgs3fafin0z9zqb3gqvf74jywz";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-isatty";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-isatty";
|
||||
rev = "31745d66dd679ac0ac4f8d3ecff168fce6170c6a";
|
||||
sha256 = "0h671sv7hfprja495kavazkalkx7xzaqksjh13brcnwq67ijrali";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-runewidth";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-runewidth";
|
||||
rev = "18c3d09a134a52720932bbaa92c798a0ab111004";
|
||||
sha256 = "1snr8mk63vz2h44knq26dm81p83887v7kb09iywqmx0nqzngih66";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/schachmat/ingo";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/schachmat/ingo";
|
||||
rev = "a4bdc0729a3fda62cc4069b6e490fc657fd54e33";
|
||||
sha256 = "1gw0kddy7jh3467imsqni86cf9yq7k6vpfc0ywkbwj0zsjsdgd49";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "golang.org/x/sys";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://go.googlesource.com/sys";
|
||||
rev = "b016eb3dc98ea7f69ed55e8216b87187067ae621";
|
||||
sha256 = "1k0qr26046d228gi6ngkfxp4m1rjgxk4jj75h0kh1cpyp91n5rja";
|
||||
};
|
||||
}
|
||||
]
|
@ -91,11 +91,11 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "brave";
|
||||
version = "1.35.103";
|
||||
version = "1.36.109";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
|
||||
sha256 = "UgperKruN2quKdFTf/iTa+dd2GB57nt+mu6KBe4VvYk=";
|
||||
sha256 = "KKoMpMagq5lVoRFyWNs92LdPwNIlmAjfwqxfOArIFeo=";
|
||||
};
|
||||
|
||||
dontConfigure = true;
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"stable": {
|
||||
"version": "99.0.4844.52",
|
||||
"version": "99.0.4844.51",
|
||||
"sha256": "1qxsn8zvvvsnn0k7nn606rhaial8ikrlfh175msqpp50xibjxicp",
|
||||
"sha256bin64": "04kqfppa88g2q54vp53avyyhqzrxljz49p4wqk76kq7fz2rm94x1",
|
||||
"deps": {
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -7,10 +7,10 @@ in
|
||||
rec {
|
||||
firefox = common rec {
|
||||
pname = "firefox";
|
||||
version = "97.0.1";
|
||||
version = "97.0.2";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "8620aace77167593aab5acd230860eb3e67eeddc49c0aad0491b5dc20bd0ddb6089dbb8975aed241426f57b2ad772238b04d03b95390175f580cbd80bb6d5f6c";
|
||||
sha512 = "efbf33723f5979025454b6cc183927afb4bc72a51c00b5d45940122da596b8ac99080f3a6a59f5dd85a725e356349ec57e7eba1c36cdab7d55a28b04895d274c";
|
||||
};
|
||||
|
||||
meta = {
|
||||
@ -32,10 +32,10 @@ rec {
|
||||
|
||||
firefox-esr-91 = common rec {
|
||||
pname = "firefox-esr";
|
||||
version = "91.6.0esr";
|
||||
version = "91.6.1esr";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "3dd1929f93cdd087a93fc3597f32d9005c986b59832954e01a8c2472b179c92ad611eaa73d3fc000a08b838a0b70da73ff5ba82d6009160655ba6894cf04520e";
|
||||
sha512 = "e72ff7114e251ec3558f47bb45e4017fe4c665a95e0a108d5818c628b3de44c92f57cfb3dd9f5a25b7abad889be228f89dda838bc20fc9617c90655694184ed5";
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
@ -1,7 +1,9 @@
|
||||
{
|
||||
"version": "1.10.3-sc.0.test.1",
|
||||
"rev": "3a8eecb023c832acc4390d3a51c0940eafb2b3bd",
|
||||
"srcHash": "07amc69ghfz39jbps14ysfql4m42dmzbdjq9hqvzirhqz52mshf3",
|
||||
"webYarnHash": "0knkl8sanqcx0lxjclz6s8vm5wpn8aywx9vydz7lda3l6c2g5zqf",
|
||||
"version": "1.10.4-sc.1",
|
||||
"rev": "v1.10.4-sc.1",
|
||||
"srcHash": "0sxibzskbw9pa6wmbk1y3n7p74cfj9zvm2hsw76sp6wfac1wnbwl",
|
||||
"webYarnHash": "1z8xr35gh74y2iv9kfk6d6b6f3iclcrpkdds5q7rh2irpf14fwpw",
|
||||
"jsSdkYarnHash": "1cwvb0hwq19dh2937fmcbfvnkkfmalk9wrxf1yv81nsbyjnx86di",
|
||||
"reactSdkYarnHash": "0j4rxg11q35idfzvjrpmyrwkz9yqgzpwps3xqx1k4qcs844jjs9f",
|
||||
"desktopYarnHash": "0akmgib212gkygvs2snn9c43k3ika3ipg85d480j3hqyb6yxwqmn"
|
||||
}
|
||||
|
@ -25,10 +25,18 @@ in stdenv.mkDerivation rec {
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
webOfflineCache = fetchYarnDeps {
|
||||
yarnLock = src + "/element-web/yarn.lock";
|
||||
sha256 = pinData.webYarnHash;
|
||||
};
|
||||
jsSdkOfflineCache = fetchYarnDeps {
|
||||
yarnLock = src + "/matrix-js-sdk/yarn.lock";
|
||||
sha256 = pinData.jsSdkYarnHash;
|
||||
};
|
||||
reactSdkOfflineCache = fetchYarnDeps {
|
||||
yarnLock = src + "/matrix-react-sdk/yarn.lock";
|
||||
sha256 = pinData.reactSdkYarnHash;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ yarn fixup_yarn_lock jq nodejs ];
|
||||
|
||||
@ -37,14 +45,30 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
export HOME=$PWD/tmp
|
||||
mkdir -p $HOME
|
||||
|
||||
pushd element-web
|
||||
yarn config --offline set yarn-offline-mirror $offlineCache
|
||||
fixup_yarn_lock yarn.lock
|
||||
yarn config --offline set yarn-offline-mirror $webOfflineCache
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
patchShebangs node_modules
|
||||
rm -rf node_modules/matrix-react-sdk
|
||||
patchShebangs node_modules/ ../matrix-react-sdk/scripts/
|
||||
ln -s $PWD/../matrix-react-sdk node_modules/
|
||||
ln -s $PWD/node_modules ../matrix-react-sdk/
|
||||
rm -rf node_modules/matrix-js-sdk
|
||||
ln -s $PWD/../matrix-js-sdk node_modules/
|
||||
popd
|
||||
|
||||
pushd matrix-js-sdk
|
||||
fixup_yarn_lock yarn.lock
|
||||
yarn config --offline set yarn-offline-mirror $jsSdkOfflineCache
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
patchShebangs node_modules
|
||||
popd
|
||||
|
||||
pushd matrix-react-sdk
|
||||
fixup_yarn_lock yarn.lock
|
||||
yarn config --offline set yarn-offline-mirror $reactSdkOfflineCache
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
patchShebangs node_modules scripts
|
||||
popd
|
||||
|
||||
runHook postConfigure
|
||||
@ -54,7 +78,7 @@ in stdenv.mkDerivation rec {
|
||||
runHook preBuild
|
||||
|
||||
pushd matrix-react-sdk
|
||||
node_modules/.bin/reskindex -h ../element-web/src/header
|
||||
../element-web/node_modules/.bin/reskindex -h ../element-web/src/header
|
||||
popd
|
||||
|
||||
pushd element-web
|
||||
|
@ -27,6 +27,8 @@ src_hash=$(echo $src_data | jq -r .sha256)
|
||||
|
||||
web_yarn_hash=$(prefetch-yarn-deps $src/element-web/yarn.lock)
|
||||
desktop_yarn_hash=$(prefetch-yarn-deps $src/element-desktop/yarn.lock)
|
||||
js_sdk_yarn_hash=$(prefetch-yarn-deps $src/matrix-js-sdk/yarn.lock)
|
||||
react_sdk_yarn_hash=$(prefetch-yarn-deps $src/matrix-react-sdk/yarn.lock)
|
||||
|
||||
cat > pin.json << EOF
|
||||
{
|
||||
@ -34,6 +36,8 @@ cat > pin.json << EOF
|
||||
"rev": "$rev",
|
||||
"srcHash": "$src_hash",
|
||||
"webYarnHash": "$web_yarn_hash",
|
||||
"jsSdkYarnHash": "$js_sdk_yarn_hash",
|
||||
"reactSdkYarnHash": "$react_sdk_yarn_hash",
|
||||
"desktopYarnHash": "$desktop_yarn_hash"
|
||||
}
|
||||
EOF
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "signalbackup-tools";
|
||||
version = "20220301";
|
||||
version = "20220303";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bepaald";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-1Z6jl4trAzKrI9WO3MpCJtg0R3Riyd5wvunErCkkiig=";
|
||||
sha256 = "sha256-3fT9cHosg/A/JowIARQ46OxmsQWFOBb7tIiRWVNfUo4=";
|
||||
};
|
||||
|
||||
# Remove when Apple SDK is >= 10.13
|
||||
|
@ -8,19 +8,22 @@
|
||||
, lib
|
||||
, udev
|
||||
, wrapGAppsHook
|
||||
, libxshmfence
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "termius";
|
||||
version = "7.17.1";
|
||||
version = "7.34.1";
|
||||
|
||||
src = fetchurl {
|
||||
# find the latest version with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.version'
|
||||
# and the url with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_url' -r
|
||||
url = "https://api.snapcraft.io/api/v1/snaps/download/WkTBXwoX81rBe3s3OTt3EiiLKBx2QhuS_81.snap";
|
||||
sha256 = "sha256-jNwWQTjUy8nJ8gHlbP9WgDlARWOhTQAA7KAcQNXKhNg=";
|
||||
# and the sha512 with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_sha512' -r
|
||||
url = "https://api.snapcraft.io/api/v1/snaps/download/WkTBXwoX81rBe3s3OTt3EiiLKBx2QhuS_101.snap";
|
||||
sha512 = "7fdd82535fd288277b01fedde4739dc97782236fbf25372efa56114bba676c21277ed96b32a1d46ac86af19925b14935818af50985d43a1307639530db044af4";
|
||||
};
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
@ -40,7 +43,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook ];
|
||||
|
||||
buildInputs = atomEnv.packages;
|
||||
buildInputs = atomEnv.packages ++ [ libxshmfence ];
|
||||
|
||||
unpackPhase = ''
|
||||
runHook preUnpack
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ lib
|
||||
, fetchurl
|
||||
, fetchpatch
|
||||
, nixosTests
|
||||
, python3
|
||||
, ghostscript
|
||||
@ -54,6 +55,15 @@ py.pkgs.pythonPackages.buildPythonApplication rec {
|
||||
sha256 = "oVSq0AWksuWC81MF5xiZ6ZbdKKtqqphmL+xIzJLaDMw=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fix the `slow_write_pdf` test:
|
||||
# https://github.com/NixOS/nixpkgs/issues/136626
|
||||
(fetchpatch {
|
||||
url = "https://github.com/paperless-ngx/paperless-ngx/commit/4fbabe43ea12811864e9676b04d82a82b38e799d.patch";
|
||||
sha256 = "sha256-8ULep5aeW3wJAQGy2OEAjFYybELNq1DzCC1uBrZx36I=";
|
||||
})
|
||||
];
|
||||
|
||||
format = "other";
|
||||
|
||||
# Make bind address configurable
|
||||
@ -155,27 +165,6 @@ py.pkgs.pythonPackages.buildPythonApplication rec {
|
||||
zope_interface
|
||||
];
|
||||
|
||||
doCheck = true;
|
||||
checkInputs = with py.pkgs.pythonPackages; [
|
||||
pytest
|
||||
pytest-cov
|
||||
pytest-django
|
||||
pytest-env
|
||||
pytest-sugar
|
||||
pytest-xdist
|
||||
factory_boy
|
||||
];
|
||||
|
||||
# The tests require:
|
||||
# - PATH with runtime binaries
|
||||
# - A temporary HOME directory for gnupg
|
||||
# - XDG_DATA_DIRS with test-specific fonts
|
||||
checkPhase = ''
|
||||
pushd src
|
||||
PATH="${path}:$PATH" HOME=$(mktemp -d) XDG_DATA_DIRS="${liberation_ttf}/share:$XDG_DATA_DIRS" pytest
|
||||
popd
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib
|
||||
cp -r . $out/lib/paperless-ng
|
||||
@ -185,6 +174,31 @@ py.pkgs.pythonPackages.buildPythonApplication rec {
|
||||
--prefix PATH : "${path}"
|
||||
'';
|
||||
|
||||
checkInputs = with py.pkgs.pythonPackages; [
|
||||
pytest-django
|
||||
pytest-env
|
||||
pytest-sugar
|
||||
pytest-xdist
|
||||
factory_boy
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pytestFlagsArray = [ "src" ];
|
||||
|
||||
# The tests require:
|
||||
# - PATH with runtime binaries
|
||||
# - A temporary HOME directory for gnupg
|
||||
# - XDG_DATA_DIRS with test-specific fonts
|
||||
preCheck = ''
|
||||
export PATH="${path}:$PATH"
|
||||
export HOME=$(mktemp -d)
|
||||
export XDG_DATA_DIRS="${liberation_ttf}/share:$XDG_DATA_DIRS"
|
||||
|
||||
# Disable unneeded code coverage test
|
||||
substituteInPlace src/setup.cfg \
|
||||
--replace "--cov --cov-report=html" ""
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
# PYTHONPATH of all dependencies used by the package
|
||||
pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs;
|
||||
|
@ -39,5 +39,6 @@ buildPythonPackage rec {
|
||||
homepage = "https://openpaper.work/";
|
||||
license = lib.licenses.gpl3Plus;
|
||||
maintainers = with lib.maintainers; [ aszlig symphorien ];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -49,5 +49,6 @@ buildPythonPackage rec {
|
||||
homepage = "https://openpaper.work/";
|
||||
license = lib.licenses.gpl3Plus;
|
||||
maintainers = with lib.maintainers; [ aszlig symphorien ];
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -16,6 +16,7 @@
|
||||
, texlive
|
||||
, imagemagick
|
||||
, perlPackages
|
||||
, writeScript
|
||||
}:
|
||||
|
||||
let
|
||||
@ -27,12 +28,19 @@ let
|
||||
imagemagick
|
||||
perlPackages.Po4a
|
||||
];
|
||||
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
|
||||
in
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
inherit (import ./src.nix { inherit fetchFromGitLab; }) version src sample_documents;
|
||||
inherit src version;
|
||||
pname = "paperwork";
|
||||
|
||||
sample_docs = sample_documents // {
|
||||
# a trick for the update script
|
||||
name = "sample_documents";
|
||||
src = sample_documents;
|
||||
};
|
||||
|
||||
sourceRoot = "source/paperwork-gtk";
|
||||
|
||||
# Patch out a few paths that assume that we're using the FHS:
|
||||
@ -69,7 +77,7 @@ python3Packages.buildPythonApplication rec {
|
||||
|
||||
export XDG_DATA_DIRS=$XDG_DATA_DIRS:${gnome.adwaita-icon-theme}/share
|
||||
# build the user manual
|
||||
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_documents} make data
|
||||
PATH=$out/bin:$PATH PAPERWORK_TEST_DOCUMENTS=${sample_docs} make data
|
||||
for i in src/paperwork_gtk/model/help/out/*.pdf; do
|
||||
install -Dt $site/model/help/out $i
|
||||
done
|
||||
@ -122,12 +130,20 @@ python3Packages.buildPythonApplication rec {
|
||||
openpaperwork-core
|
||||
pypillowfight
|
||||
pyxdg
|
||||
python-dateutil
|
||||
setuptools
|
||||
];
|
||||
|
||||
disallowedRequisites = documentation_deps;
|
||||
|
||||
passthru.updateScript = writeScript "update.sh" ''
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl common-updater-scripts
|
||||
version=$(list-git-tags https://gitlab.gnome.org/World/OpenPaperwork/paperwork.git | sed 's/^v//' | sort -V | tail -n1)
|
||||
update-source-version paperwork "$version" --file=pkgs/applications/office/paperwork/src.nix
|
||||
docs_version="$(curl https://gitlab.gnome.org/World/OpenPaperwork/paperwork/-/raw/$version/paperwork-gtk/src/paperwork_gtk/model/help/screenshot.sh | grep TEST_DOCS_TAG= | cut -d'"' -f2)"
|
||||
update-source-version paperwork.sample_docs "$docs_version" --file=pkgs/applications/office/paperwork/src.nix --version-key=rev
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A personal document manager for scanned documents";
|
||||
homepage = "https://openpaper.work/";
|
||||
|
@ -1,13 +1,13 @@
|
||||
{fetchFromGitLab}:
|
||||
rec {
|
||||
version = "2.1.0";
|
||||
version = "2.1.1";
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
repo = "paperwork";
|
||||
group = "World";
|
||||
owner = "OpenPaperwork";
|
||||
rev = version;
|
||||
sha256 = "0d1cw6k1giqs8ji8h3h97ckb134s8pszgip0nac5hmw0mvqq84xa";
|
||||
sha256 = "2M2eMP54F3RRDMBuAZ1gBiBoMmTRJaHTUwtTjj4ZU+4=";
|
||||
};
|
||||
sample_documents = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "urh";
|
||||
version = "2.9.2";
|
||||
version = "2.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jopohl";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0ibcr2ypnyl2aq324sbmmr18ksxszg81yrhybawx46ba9vym6j99";
|
||||
sha256 = "sha256-TrvyPcpSMACrbKPVOjxHsVsC28LmruiVO/CyCPh0KZ8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ qt5.wrapQtAppsHook ];
|
||||
|
@ -4,14 +4,14 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "xterm";
|
||||
version = "370";
|
||||
version = "371";
|
||||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"ftp://ftp.invisible-island.net/xterm/${pname}-${version}.tgz"
|
||||
"https://invisible-mirror.net/archives/xterm/${pname}-${version}.tgz"
|
||||
];
|
||||
sha256 = "ljxdhAoPD0wHf/KEWG6LH4Pz+YPcpvdPSzYZdbU4jII=";
|
||||
sha256 = "MviIJ3sZ4o68CjESv/AAYHwHvtBnnKoL7rs2+crUhPU=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
@ -9,16 +9,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "lucky-commit";
|
||||
version = "2.1.0";
|
||||
version = "2.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "not-an-aardvark";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0vs668i1yglfcqs94jhwdk90v0lja2w5kr5gakz082wykilms0zg";
|
||||
sha256 = "sha256-FnH9rDy6opu0WJnCgAFvxJXWKyD2v5eGPNmbC1cvzko=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-MvopLKhovwXaEmRgXnAzJeuhPgqnMjt0EtKUGSWFpaY=";
|
||||
cargoSha256 = "sha256-iEYkOPAcWIwK7mthovrGFHfp/NsQ4ycqiTZvkHnYWzA=";
|
||||
|
||||
buildInputs = lib.optional withOpenCL (if stdenv.isDarwin then OpenCL else ocl-icd);
|
||||
|
||||
|
38
pkgs/applications/virtualization/distrobox/default.nix
Normal file
38
pkgs/applications/virtualization/distrobox/default.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ stdenvNoCC, lib, fetchFromGitHub }:
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "distrobox";
|
||||
version = "1.2.13";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "89luca89";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "047mrhsfi88mgwylnnyxg6xa7hjjrajn2pf7vfmb6161myqybvfy";
|
||||
};
|
||||
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin
|
||||
./install -p $out/bin
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Wrapper around podman or docker to create and start containers";
|
||||
longDescription = ''
|
||||
Use any linux distribution inside your terminal. Enable both backward and
|
||||
forward compatibility with software and freedom to use whatever distribution
|
||||
you’re more comfortable with
|
||||
'';
|
||||
homepage = "https://distrobox.privatedns.org/";
|
||||
license = licenses.gpl3Only;
|
||||
platforms = platforms.all;
|
||||
maintainers = with maintainers; [ atila ];
|
||||
};
|
||||
}
|
@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
|
||||
wayland-protocols
|
||||
];
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-mavx"; # Fix some sort of AVX compiler problem.
|
||||
cmakeFlags = [ "-DOPTIMIZE_FOR_NATIVE=OFF" ];
|
||||
|
||||
postUnpack = ''
|
||||
echo ${src.rev} > source/VERSION
|
||||
|
@ -2,28 +2,45 @@
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "spdx-license-list-data";
|
||||
version = "3.15";
|
||||
version = "3.16";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "spdx";
|
||||
repo = "license-list-data";
|
||||
rev = "v${version}";
|
||||
sha256 = "0r88j00shmhayfq8avswaxsaj1my1vq540rg0srma29862vrjpfk";
|
||||
hash = "sha256-FPN9EIwXtz0b1tUZ/AOWK2zj2nfd5+POGmRC52mSzcA=";
|
||||
};
|
||||
|
||||
# List of file formats to package.
|
||||
_types = [ "html" "json" "jsonld" "rdfa" "rdfnt" "rdfturtle" "rdfxml" "template" "text" ];
|
||||
|
||||
outputs = [ "out" ] ++ _types;
|
||||
|
||||
dontPatch = true;
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
install -vDt $out/json json/licenses.json
|
||||
mkdir -pv $out
|
||||
for t in $_types
|
||||
do
|
||||
_outpath=''${!t}
|
||||
mkdir -pv $_outpath
|
||||
cp -ar $t $_outpath && echo "$t format installed"
|
||||
done
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
dontFixup = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Various data formats for the SPDX License List";
|
||||
homepage = "https://github.com/spdx/license-list-data";
|
||||
license = licenses.cc0;
|
||||
maintainers = with maintainers; [ oxzi ];
|
||||
maintainers = with maintainers; [ oxzi c0bw3b ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
{ lib, buildGoModule, fetchFromGitHub, testVersion }:
|
||||
|
||||
buildGoModule rec {
|
||||
let self = buildGoModule rec {
|
||||
pname = "go-jsonnet";
|
||||
version = "0.18.0";
|
||||
|
||||
@ -15,12 +15,19 @@ buildGoModule rec {
|
||||
|
||||
doCheck = false;
|
||||
|
||||
subPackages = [ "cmd/jsonnet" "cmd/jsonnetfmt" ];
|
||||
subPackages = [ "cmd/jsonnet*" ];
|
||||
|
||||
passthru.tests.version = testVersion {
|
||||
package = self;
|
||||
version = "v${version}";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "An implementation of Jsonnet in pure Go";
|
||||
homepage = "https://github.com/google/go-jsonnet";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ nshalman ];
|
||||
maintainers = with maintainers; [ nshalman aaronjheng ];
|
||||
mainProgram = "jsonnet";
|
||||
};
|
||||
}
|
||||
};
|
||||
in self
|
||||
|
@ -9,54 +9,32 @@
|
||||
let
|
||||
python = python3.override {
|
||||
packageOverrides = self: super: {
|
||||
aiofiles = super.aiofiles.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.8.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "Tinche";
|
||||
repo = "aiofiles";
|
||||
rev = "v${version}";
|
||||
sha256 = "0mr9pzji4vqyf2yzh8yxz5q7fm8mgmkimx1xh49wh625m72pxcap";
|
||||
};
|
||||
});
|
||||
|
||||
asgiref = super.asgiref.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "3.4.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "django";
|
||||
repo = "asgiref";
|
||||
rev = version;
|
||||
sha256 = "0440321alpqb1cdsmfzmiiy8rpq0ic0wvraalzk39cgrl7mghw39";
|
||||
};
|
||||
});
|
||||
|
||||
click = super.click.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "8.0.3";
|
||||
src = fetchFromGitHub {
|
||||
owner = "pallets";
|
||||
repo = "click";
|
||||
rev = version;
|
||||
sha256 = "0pxvxgfhqjgsjbgfnilqjki1l24r0rdfd98cl77i71yqdd2f497g";
|
||||
semantic-version = super.semantic-version.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "2.9.0";
|
||||
src = fetchPypi {
|
||||
pname = "semantic_version";
|
||||
version = version;
|
||||
sha256 = "1chjd8019wnwb5mnd4x4jw9f8nhzg0xnapsdznk0fpiyamrlixdb";
|
||||
};
|
||||
});
|
||||
|
||||
starlette = super.starlette.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.17.0";
|
||||
version = "0.18.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "starlette";
|
||||
rev = version;
|
||||
sha256 = "1g76qpvqzivmwll5ir4bf45jx5kilnkadvy6b7qjisvr402i3qmw";
|
||||
sha256 = "1dpj33cggjjvpd3qdf6hv04z5ckcn9f5dfn98p5a8hx262kgsr9p";
|
||||
};
|
||||
disabledTestPaths = [];
|
||||
});
|
||||
|
||||
uvicorn = super.uvicorn.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.16.0";
|
||||
version = "0.17.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "uvicorn";
|
||||
rev = version;
|
||||
sha256 = "14jih6j4q2qp5c9rgl798i5p51b4y6zkkj434q2l1naw0csphk4s";
|
||||
sha256 = "142x8skb1yfys6gndfaay2r240j56dkr006p49pw4y9i0v85kynp";
|
||||
};
|
||||
});
|
||||
};
|
||||
@ -80,6 +58,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
pyserial
|
||||
requests
|
||||
semantic-version
|
||||
spdx-license-list-data.json
|
||||
starlette
|
||||
tabulate
|
||||
uvicorn
|
||||
@ -171,7 +150,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
|
||||
postPatch = ''
|
||||
substitute platformio/package/manifest/schema.py platformio/package/manifest/schema.py \
|
||||
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data}'
|
||||
--subst-var-by SPDX_LICENSE_LIST_DATA '${spdx-license-list-data.json}'
|
||||
|
||||
substituteInPlace setup.py \
|
||||
--replace "zeroconf==0.37.*" "zeroconf"
|
||||
@ -180,7 +159,7 @@ with python.pkgs; buildPythonApplication rec {
|
||||
meta = with lib; {
|
||||
broken = stdenv.isAarch64;
|
||||
description = "An open source ecosystem for IoT development";
|
||||
homepage = "http://platformio.org";
|
||||
homepage = "https://platformio.org";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ mog makefu ];
|
||||
};
|
||||
|
@ -4,14 +4,14 @@
|
||||
let
|
||||
callPackage = newScope self;
|
||||
|
||||
version = "5.2.4";
|
||||
version = "5.2.5";
|
||||
|
||||
# pypi tarballs don't contain tests - https://github.com/platformio/platformio-core/issues/1964
|
||||
src = fetchFromGitHub {
|
||||
owner = "platformio";
|
||||
repo = "platformio-core";
|
||||
rev = "v${version}";
|
||||
sha256 = "1dhyxrdxrca669qm6alxxn2jmvcwlpqrx9kfwh4iqy9za5717ag9";
|
||||
sha256 = "1x1jqprwzpb09ca953rqbh2jvizh7bz8yj30krphb6007bnjilwy";
|
||||
};
|
||||
|
||||
self = {
|
||||
|
@ -2,7 +2,7 @@ diff --git a/platformio/proc.py b/platformio/proc.py
|
||||
index 80e50201..15cee5a5 100644
|
||||
--- a/platformio/proc.py
|
||||
+++ b/platformio/proc.py
|
||||
@@ -167,7 +167,7 @@ def copy_pythonpath_to_osenv():
|
||||
@@ -181,7 +181,7 @@ def copy_pythonpath_to_osenv():
|
||||
conditions.append(isdir(join(p, "click")) or isdir(join(p, "platformio")))
|
||||
if all(conditions):
|
||||
_PYTHONPATH.append(p)
|
||||
|
@ -6,7 +6,7 @@ index 416dccfd..896c3649 100644
|
||||
@staticmethod
|
||||
@memoized(expire="1h")
|
||||
def load_spdx_licenses():
|
||||
- version = "3.15"
|
||||
- version = "3.16"
|
||||
- spdx_data_url = (
|
||||
- "https://raw.githubusercontent.com/spdx/license-list-data/"
|
||||
- "v%s/json/licenses.json" % version
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
buildGraalvmNativeImage rec {
|
||||
pname = "babashka";
|
||||
version = "0.7.6";
|
||||
version = "0.7.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/babashka/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar";
|
||||
sha256 = "sha256-bRuf9qUBgb+1Sr2US67NZZrrb2MycSvNbekLLSpvZss=";
|
||||
sha256 = "sha256-4aYYm2gCtfp+OiY6ouaTn4giHbX6JyULBHMpDnGMpbs=";
|
||||
};
|
||||
|
||||
executable = "bb";
|
||||
|
@ -1,23 +1,23 @@
|
||||
diff --git a/meson.build b/meson.build
|
||||
index d4a4cda7..a27569bd 100644
|
||||
index 2107c19ec..20ccdfd9f 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -353,8 +353,8 @@ libinotify_dep = (build_machine.system() == 'freebsd'
|
||||
|
||||
alsa_dep = dependency('alsa', version : '>=1.1.7', required: get_option('pipewire-alsa'))
|
||||
@@ -380,8 +380,8 @@ lilv_lib = dependency('lilv-0', required: get_option('lv2'))
|
||||
summary({'lilv (for lv2 plugins)': lilv_lib.found()}, bool_yn: true)
|
||||
cdata.set('HAVE_LILV', lilv_lib.found())
|
||||
|
||||
-installed_tests_metadir = pipewire_datadir / 'installed-tests' / pipewire_name
|
||||
-installed_tests_execdir = pipewire_libexecdir / 'installed-tests' / pipewire_name
|
||||
+installed_tests_metadir = get_option('installed_test_prefix') / 'share' / 'installed-tests' / pipewire_name
|
||||
+installed_tests_execdir = get_option('installed_test_prefix') / 'libexec' / 'installed-tests' / pipewire_name
|
||||
installed_tests_enabled = not get_option('installed_tests').disabled()
|
||||
installed_tests_enabled = get_option('installed_tests').allowed()
|
||||
installed_tests_template = files('template.test.in')
|
||||
|
||||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 1b915ac3..85beb86a 100644
|
||||
index 961ae2a76..a36e9e45f 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -29,6 +29,9 @@ option('installed_tests',
|
||||
@@ -22,6 +22,9 @@ option('installed_tests',
|
||||
description: 'Install manual and automated test executables',
|
||||
type: 'feature',
|
||||
value: 'disabled')
|
||||
|
@ -69,7 +69,7 @@ let
|
||||
|
||||
self = stdenv.mkDerivation rec {
|
||||
pname = "pipewire";
|
||||
version = "0.3.45";
|
||||
version = "0.3.48";
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
@ -87,7 +87,7 @@ let
|
||||
owner = "pipewire";
|
||||
repo = "pipewire";
|
||||
rev = version;
|
||||
sha256 = "sha256-OnQd98qfOekAsVXLbciZLNPrM84KBX6fOx/f8y2BYI0=";
|
||||
sha256 = "sha256-+gk/MJ9YimHBwN2I42DRP+I2OqBFFtZ81Fd/l89HcSk=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
@ -139,7 +139,7 @@ let
|
||||
++ lib.optional zeroconfSupport avahi
|
||||
++ lib.optional raopSupport openssl
|
||||
++ lib.optional rocSupport roc-toolkit
|
||||
++ lib.optionals x11Support [ libcanberra xorg.libxcb ];
|
||||
++ lib.optionals x11Support [ libcanberra xorg.libX11 xorg.libXfixes ];
|
||||
|
||||
# Valgrind binary is required for running one optional test.
|
||||
checkInputs = lib.optional withValgrind valgrind;
|
||||
@ -214,6 +214,7 @@ let
|
||||
"nix-support/client-rt.conf.json"
|
||||
"nix-support/client.conf.json"
|
||||
"nix-support/jack.conf.json"
|
||||
"nix-support/minimal.conf.json"
|
||||
"nix-support/pipewire.conf.json"
|
||||
"nix-support/pipewire-pulse.conf.json"
|
||||
];
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "suitesparse-graphblas";
|
||||
version = "6.2.1";
|
||||
version = "6.2.2";
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
||||
owner = "DrTimothyAldenDavis";
|
||||
repo = "GraphBLAS";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-YgQdhXxXcvhQ10hCGrGM49jjY4jyzqH9ea+gltdh+Uc=";
|
||||
sha256 = "sha256-uSPE7uFiG4xbsAeo/UmOP5Ns+3yZ7kKL2bNxzd8mzP8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiodiscover";
|
||||
version = "1.4.7";
|
||||
version = "1.4.8";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -21,7 +21,7 @@ buildPythonPackage rec {
|
||||
owner = "bdraco";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-NtiShZpPFl+elYNPLaKAg6uV8pDJv0pyR+NTUiFoMm0=";
|
||||
sha256 = "sha256-ts3PnL1ePWJHHaLuC0eQKqBOt+HeEeAayeVBAIhnUWs=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiohomekit";
|
||||
version = "0.6.11";
|
||||
version = "0.7.15";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -21,7 +21,7 @@ buildPythonPackage rec {
|
||||
owner = "Jc2k";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "1rrdzzb2gcl3lc8l5vb99hy2lmdj5723fds2q78n4sf83y93czw7";
|
||||
sha256 = "sha256-na94H1ll9aZz/mQ4/y3b2vhSaOgo4OjtIsAfW6zGYyI=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -34,6 +34,8 @@ buildPythonPackage rec {
|
||||
zeroconf
|
||||
];
|
||||
|
||||
doCheck = lib.versionAtLeast pytest-aiohttp.version "1.0.0";
|
||||
|
||||
checkInputs = [
|
||||
pytest-aiohttp
|
||||
pytestCheckHook
|
||||
|
@ -8,14 +8,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiohue";
|
||||
version = "4.2.1";
|
||||
version = "4.3.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-bcSCYNJt9xYBMmuZYM6s+PWV0TAUFOn3ibHE0KRX+iw=";
|
||||
hash = "sha256-PslmDeG/o9WAOc0FhidUNaISrlXa3rba3UEuvPVN/+A=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -46,6 +46,11 @@ buildPythonPackage rec {
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Failures seem related to changes in holidays-0.13, https://github.com/azogue/aiopvpc/issues/44
|
||||
"test_number_of_national_holidays"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pyproject.toml --replace \
|
||||
" --cov --cov-report term --cov-report html" ""
|
||||
|
@ -8,7 +8,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aioshelly";
|
||||
version = "1.0.10";
|
||||
version = "1.0.11";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
@ -17,7 +17,7 @@ buildPythonPackage rec {
|
||||
owner = "home-assistant-libs";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-YHdHh7uC9QF+dj+SI2Y4rEkBq+gGalNBmuWFVgq7XOM=";
|
||||
hash = "sha256-N+8vmB41AUu4aTUTBYX6SPVsW1PARaq5mCOdhg9h0/g=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -8,7 +8,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "asn1";
|
||||
version = "2.4.2";
|
||||
version = "2.5.0";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
@ -16,7 +16,7 @@ buildPythonPackage rec {
|
||||
owner = "andrivet";
|
||||
repo = "python-asn1";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-fx/kWOnh5Gk1DjeX0xiCJYnd5teD18RvKyOnawcfWWA=";
|
||||
sha256 = "sha256-5Fnk94aUkV9lHnd64wuHzGcPqW7AC0O0dEwXMBL+tuo=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
33
pkgs/development/python-modules/asyncsleepiq/default.nix
Normal file
33
pkgs/development/python-modules/asyncsleepiq/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, aiohttp
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "asyncsleepiq";
|
||||
version = "1.1.0";
|
||||
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "93c944ff84fd23832b188320b10681a3b1caf935dd584cdd4e508a9bcc8fec1b";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
];
|
||||
|
||||
# upstream has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "asyncsleepiq" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Async interface to SleepIQ API";
|
||||
homepage = "https://github.com/kbickar/asyncsleepiq";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dotlambda ];
|
||||
};
|
||||
}
|
@ -11,7 +11,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "elkm1-lib";
|
||||
version = "1.0.0";
|
||||
version = "1.2.0";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
@ -20,7 +20,7 @@ buildPythonPackage rec {
|
||||
owner = "gwww";
|
||||
repo = "elkm1";
|
||||
rev = version;
|
||||
sha256 = "04xidix6l5d9rqfwp6cmj6wvais04nlvz5ynp0zwgyjp9sh2nhp6";
|
||||
hash = "sha256-+rFW7qFpay/ebUz9EEB8nn0kuqVtVmG5ZHOWG2bMPts=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -36,15 +36,6 @@ buildPythonPackage rec {
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
patches = [
|
||||
# Switch to poetry-core, https://github.com/gwww/elkm1/pull/45
|
||||
(fetchpatch {
|
||||
name = "switch-to-poetry-core.patch";
|
||||
url = "https://github.com/gwww/elkm1/commit/807a17268498298908bf82af4933b158b37c8f32.patch";
|
||||
sha256 = "1539g8wsxppqj6dm6w81ps05frb8vrfaxahxn2cqs76zdhvly3p9";
|
||||
})
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "elkm1_lib" ];
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -19,7 +19,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "fastapi";
|
||||
version = "0.74.1";
|
||||
version = "0.75.0";
|
||||
format = "flit";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
@ -28,7 +28,7 @@ buildPythonPackage rec {
|
||||
owner = "tiangolo";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-aYSJ30nAS3cG1fVSXuX2m3bxUSnpbWWUxFQy7dzuiTA=";
|
||||
sha256 = "sha256-LCdScvQUdwOM8Don/5n/49bKrivT+bkhqWcBNku4fso=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -1,25 +1,38 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, substituteAll
|
||||
, pytestCheckHook
|
||||
, ffmpeg
|
||||
, future
|
||||
, pytest-runner
|
||||
, pytest-mock
|
||||
, pytestCheckHook
|
||||
, pythonAtLeast
|
||||
, pythonOlder
|
||||
, substituteAll
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "ffmpeg-python";
|
||||
version = "0.2.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "kkroening";
|
||||
repo = "ffmpeg-python";
|
||||
rev = version;
|
||||
sha256 = "0mmydmfz3yiclbgi4lqrv9fh2nalafg4bkm92y2qi50mwqgffk8f";
|
||||
hash = "sha256-Dk3nHuYVlIiFF6nORZ5TVFkBXdoZUxLfoiz68V1tvlY=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
future
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
pytest-mock
|
||||
];
|
||||
|
||||
patches = [
|
||||
(substituteAll {
|
||||
src = ./ffmpeg-location.patch;
|
||||
@ -27,14 +40,23 @@ buildPythonPackage rec {
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs = [ pytest-runner ];
|
||||
propagatedBuildInputs = [ future ];
|
||||
checkInputs = [ pytestCheckHook pytest-mock ];
|
||||
postPatch = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "'pytest-runner'" ""
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"ffmpeg"
|
||||
];
|
||||
|
||||
disabledTests = lib.optionals (pythonAtLeast "3.10") [
|
||||
"test__output__video_size"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python bindings for FFmpeg - with complex filtering support";
|
||||
homepage = "https://github.com/kkroening/ffmpeg-python";
|
||||
license = licenses.asl20;
|
||||
maintainers = [ maintainers.AluisioASG ];
|
||||
maintainers = with maintainers; [ AluisioASG ];
|
||||
};
|
||||
}
|
||||
|
57
pkgs/development/python-modules/gridnet/default.nix
Normal file
57
pkgs/development/python-modules/gridnet/default.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, pythonOlder
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, aiohttp
|
||||
, yarl
|
||||
, aresponses
|
||||
, pytest-asyncio
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "gridnet";
|
||||
version = "4.0.0";
|
||||
|
||||
disabled = pythonOlder "3.9";
|
||||
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "klaasnicolaas";
|
||||
repo = "python-gridnet";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Ihs8qUx50tAUcRBsVArRhzoLcQUi1vbYh8sPyK75AEk=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pyproject.toml \
|
||||
--replace "0.0.0" "${version}" \
|
||||
--replace "--cov" ""
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
yarl
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
aresponses
|
||||
pytest-asyncio
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "gridnet" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Asynchronous Python client for NET2GRID devices";
|
||||
homepage = "https://github.com/klaasnicolaas/python-gridnet";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dotlambda ];
|
||||
};
|
||||
}
|
@ -15,13 +15,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "hass-nabucasa";
|
||||
version = "0.52.0";
|
||||
version = "0.54.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nabucasa";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-mTbNuER26BPQIjcmlpkdFNeBcNF1vTldaNpoEla0XbM=";
|
||||
sha256 = "sha256-UL7HPmii65p+WO22y0qv8zq3yICKarRORqE+FK1u7OE=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
@ -41,6 +41,8 @@ buildPythonPackage rec {
|
||||
warrant
|
||||
];
|
||||
|
||||
doCheck = lib.versionAtLeast pytest-aiohttp.version "1.0.0";
|
||||
|
||||
checkInputs = [
|
||||
asynctest
|
||||
pytest-aiohttp
|
||||
|
@ -11,14 +11,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "holidays";
|
||||
version = "0.12";
|
||||
version = "0.13";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "d99f2b6ddc5bfab7b7f8bbed457a82104f8980122a04b982bfc0e4f8820a1d46";
|
||||
sha256 = "sha256-xvfDq4ralIBnAtqTHZTTfNYbz6kstNOdNRtqnFIQZ1w=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -3,11 +3,11 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "mathlibtools";
|
||||
version = "1.1.0";
|
||||
version = "1.1.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "789f070f35424e89e4f2e2c007382250133cc48877627e37c5c463bcf4a1b58a";
|
||||
sha256 = "sha256-0iW7SWIxb+Ek4T26hru5EgBgXfqRh6zOR73GAgLFNyE=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -16,7 +16,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "mypy-boto3-builder";
|
||||
version = "7.2.1";
|
||||
version = "7.3.0";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.10";
|
||||
@ -25,7 +25,7 @@ buildPythonPackage rec {
|
||||
owner = "vemel";
|
||||
repo = "mypy_boto3_builder";
|
||||
rev = version;
|
||||
hash = "sha256-jovvSNw2ahCwhA+9zOrn9bR2siXJetZPymQVG4EC9Us=";
|
||||
hash = "sha256-X/dPO2p6GmnyJwcVPOmyo9zYda2uYfBAkuKTeX0Bt0Q=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "openai";
|
||||
version = "0.14.0";
|
||||
version = "0.15.0";
|
||||
|
||||
disabled = pythonOlder "3.7.1";
|
||||
|
||||
@ -26,7 +26,7 @@ buildPythonPackage rec {
|
||||
owner = "openai";
|
||||
repo = "openai-python";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-AFfbMeYxdZaIABhf4XpszhLvFuMJebhl07sv9kuiknA=";
|
||||
sha256 = "sha256-HOMBVrAz3cP8r4w8CKXKy6epxf00myYJiKv1PQ1iqhQ=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -10,7 +10,7 @@ buildPythonPackage rec {
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-WCyuhk77QNJAiuzccrb2u0mfc81LYrYSSq9atgO0LdE=";
|
||||
hash = "sha256-WCyuhk77QNJAiuzccrb2u0mfc81LYrYSSq9atgO0LdE=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ aiohttp ];
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pydeconz";
|
||||
version = "86";
|
||||
version = "87";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -19,7 +19,7 @@ buildPythonPackage rec {
|
||||
owner = "Kane610";
|
||||
repo = "deconz";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-NqNXbF5rGMCbugzZY+AQPPHYmQx/RrSwqtnoF1shSSU=";
|
||||
sha256 = "sha256-scNTHbUL8TOhkUJyib4cgL8A4gZ73asmFLi8aGw3sX8=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -1,15 +1,18 @@
|
||||
{ lib
|
||||
, aiohttp
|
||||
, aresponses
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, iso4217
|
||||
, pytest-asyncio
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, pytz
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyefergy";
|
||||
version = "0.1.5";
|
||||
version = "22.1.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
@ -18,7 +21,7 @@ buildPythonPackage rec {
|
||||
owner = "tkdrob";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-8xcKgsZ6buaQdrKD8Qn7jB5IlQ0NkR0nZGuFk+Dd8Q8=";
|
||||
sha256 = "sha256-AdoM+PcVoajxhnEfkyN9UuNufChu8XGmZDLNC3mjrps=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
@ -27,10 +30,15 @@ buildPythonPackage rec {
|
||||
pytz
|
||||
];
|
||||
|
||||
# Project has no tests
|
||||
doCheck = false;
|
||||
checkInputs = [
|
||||
aresponses
|
||||
pytest-asyncio
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "pyefergy" ];
|
||||
pythonImportsCheck = [
|
||||
"pyefergy"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python API library for Efergy energy meters";
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pynina";
|
||||
version = "0.1.4";
|
||||
version = "0.1.7";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -15,7 +15,7 @@ buildPythonPackage rec {
|
||||
src = fetchPypi {
|
||||
pname = "PyNINA";
|
||||
inherit version;
|
||||
sha256 = "1q382b70ydzzbqb9sa5y5w7039rp6q0wyffarrsdw916kbc4zyqd";
|
||||
sha256 = "sha256-7sceYmzOmXJMKaIdGmXMuCAum0aJeVTxx1w/jZy5Eig=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -12,14 +12,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyrogram";
|
||||
version = "1.4.7";
|
||||
version = "1.4.8";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "Pyrogram";
|
||||
inherit version;
|
||||
hash = "sha256-2kBlTaP2tkUgP4TiP+9zv5pgCap9VnyB8BEHI6SY+uc=";
|
||||
hash = "sha256-mUJEV8DLYhXNvYiuiVDCfgMmZRDCNZuydngj9C9FvQU=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -2,16 +2,15 @@
|
||||
, aiohttp
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
|
||||
, ftfy
|
||||
, mailchecker
|
||||
, phonenumbers
|
||||
, pytestCheckHook
|
||||
, python-dateutil
|
||||
, python-fsutil
|
||||
, pythonOlder
|
||||
, python-slugify
|
||||
, pyyaml
|
||||
, ftfy
|
||||
, requests
|
||||
, six
|
||||
, toml
|
||||
@ -20,7 +19,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python-benedict";
|
||||
version = "0.24.3";
|
||||
version = "0.25.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -29,7 +28,7 @@ buildPythonPackage rec {
|
||||
owner = "fabiocaccamo";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-06n8MNoGQRSrBK2XeEBBoQ2NIXWf0qXPVBeP9ERMEj0=";
|
||||
hash = "sha256-G7pTbxNcESMUiKpQxjiF0gwN5mBhmuwIDlzauN5JCB4=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -9,12 +9,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python-slugify";
|
||||
version = "5.0.2";
|
||||
version = "6.1.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-8TODoLn8vmSaGJK5yOtPjqsdbYS4S7emJDF6+pgVnKs=";
|
||||
hash = "sha256-7/GQ5N+sl9L4wYkO5oJwns0jZQdCNhaH24LZXh5eJfU=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
@ -26,9 +28,13 @@ buildPythonPackage rec {
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pytestFlagsArray = [ "test.py" ];
|
||||
pytestFlagsArray = [
|
||||
"test.py"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "slugify" ];
|
||||
pythonImportsCheck = [
|
||||
"slugify"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python Slugify application that handles Unicode";
|
||||
|
32
pkgs/development/python-modules/python-trovo/default.nix
Normal file
32
pkgs/development/python-modules/python-trovo/default.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pythonOlder
|
||||
, requests
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python-trovo";
|
||||
version = "0.1.5";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-JUJax9nk4NqpMMrbDmQhcy22GIqPha+K4tudQ98PvlE=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ requests ];
|
||||
|
||||
# No tests found
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "trovoApi" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "A Python wrapper for the Trovo API";
|
||||
homepage = "https://codeberg.org/wolfangaukang/python-trovo";
|
||||
license = licenses.gpl3Only;
|
||||
maintainers = with maintainers; [ wolfangaukang ];
|
||||
};
|
||||
}
|
67
pkgs/development/python-modules/radios/default.nix
Normal file
67
pkgs/development/python-modules/radios/default.nix
Normal file
@ -0,0 +1,67 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, pythonOlder
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, aiodns
|
||||
, aiohttp
|
||||
, awesomeversion
|
||||
, backoff
|
||||
, cachetools
|
||||
, pycountry
|
||||
, pydantic
|
||||
, yarl
|
||||
, pytest-asyncio
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "radios";
|
||||
version = "0.1.0";
|
||||
|
||||
disabled = pythonOlder "3.9";
|
||||
|
||||
format = "pyproject";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "frenck";
|
||||
repo = "python-radios";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-3xRtOGY9DYnZN0g95213vWDbO3/XZZ5+s7A9sqNmO/w=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pyproject.toml \
|
||||
--replace "0.0.0" "${version}" \
|
||||
--replace "--cov" ""
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiodns
|
||||
aiohttp
|
||||
awesomeversion
|
||||
backoff
|
||||
cachetools
|
||||
pycountry
|
||||
pydantic
|
||||
yarl
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytest-asyncio
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "radios" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Asynchronous Python client for the Radio Browser API";
|
||||
homepage = "https://github.com/frenck/python-radios";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dotlambda ];
|
||||
};
|
||||
}
|
@ -11,7 +11,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "reolink";
|
||||
version = "0053";
|
||||
version = "0.60";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
@ -20,7 +20,7 @@ buildPythonPackage rec {
|
||||
owner = "fwestenberg";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0qjp7n2qa9n9fdhfcgfgw89hy19z5144cxhkhmhv1xnfdiz175qd";
|
||||
sha256 = "sha256-4yk05obra0icWHPXaJ+Wj+xxDRkVYg/VsrXTQUdHJIc=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -13,6 +13,7 @@
|
||||
, pytest-sugar
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, pythonAtLeast
|
||||
, sanic-routing
|
||||
, sanic-testing
|
||||
, ujson
|
||||
@ -26,7 +27,8 @@ buildPythonPackage rec {
|
||||
version = "21.12.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
disabled = pythonOlder "3.7" ||
|
||||
pythonAtLeast "3.10"; # see GHSA-7p79-6x2v-5h88
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "sanic-org";
|
||||
|
@ -11,13 +11,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "snitun";
|
||||
version = "0.30.0";
|
||||
version = "0.31.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "NabuCasa";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-IjdgxX6ed9IWMFaMXIXQWZWoODrZBzXtMAcMOIhPFVQ=";
|
||||
sha256 = "sha256-Ehafb35H462Ffn6omGh/MDJKQX5qJJZeiIBO3n0IGlA=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -9,13 +9,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "zha-quirks";
|
||||
version = "0.0.66";
|
||||
version = "0.0.67";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zigpy";
|
||||
repo = "zha-device-handlers";
|
||||
rev = version;
|
||||
sha256 = "18g0i6b60ndfmbvdsx5pniq56fyc5k39ylp3sjhrfjcj434wvbvc";
|
||||
sha256 = "sha256-qkXXrwqMEtfafHsXtlyy6HFwuo/8sOZuQ9SvGRJkGtA=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -2,6 +2,7 @@
|
||||
, aiohttp
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pydantic
|
||||
, pytest-aiohttp
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
@ -9,7 +10,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "zwave-js-server-python";
|
||||
version = "0.34.0";
|
||||
version = "0.35.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
@ -18,13 +19,16 @@ buildPythonPackage rec {
|
||||
owner = "home-assistant-libs";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-hqq/CYlM9ZahDiH3iFLFzfE22CB19WQnFIDt+gCrEXU=";
|
||||
sha256 = "sha256-WmpXQttcQ3Z/SFkNPfmvPWPGzWectQBoI9+bL2QYeaY=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
pydantic
|
||||
];
|
||||
|
||||
doCheck = lib.versionAtLeast pytest-aiohttp.version "1.0.0";
|
||||
|
||||
checkInputs = [
|
||||
pytest-aiohttp
|
||||
pytestCheckHook
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pmd";
|
||||
version = "6.42.0";
|
||||
version = "6.43.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/pmd/pmd-bin-${version}.zip";
|
||||
sha256 = "sha256-rVqHMhiuFLVTz/J9TGnA/42m9GaGORsf+CrUUqsdUfs=";
|
||||
sha256 = "sha256-+eJCN890vm4WBcMZ2VCGOS8WUyIckL+DfQVNaUSovGE=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper ];
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
buildGraalvmNativeImage rec {
|
||||
pname = "clj-kondo";
|
||||
version = "2022.02.09";
|
||||
version = "2022.03.04";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/clj-kondo/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar";
|
||||
sha256 = "sha256-WfPjn0S7Jd6zFcfaudcSsx9d5luyZuaeB8lFaOLg21w=";
|
||||
sha256 = "sha256-x/mDyWYxWR5H894n+BCBaxgRLQLPgVCip59nOUbavpk=";
|
||||
};
|
||||
|
||||
extraNativeImageBuildArgs = [
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user