mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-10-30 14:11:21 +00:00
Merge branch 'staging-next' into staging
Minor conflicts; I hope I didn't mess up: pkgs/development/tools/misc/binutils/default.nix pkgs/games/openjk/default.nix
This commit is contained in:
commit
d5d94127fd
@ -1043,7 +1043,7 @@ You can also specify a `runtimeDependencies` variable which lists dependencies t
|
||||
|
||||
In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value.
|
||||
|
||||
By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value.
|
||||
By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies.
|
||||
|
||||
The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories.
|
||||
|
||||
|
@ -4714,6 +4714,12 @@
|
||||
githubId = 343415;
|
||||
name = "Greg Roodt";
|
||||
};
|
||||
grnnja = {
|
||||
email = "grnnja@gmail.com";
|
||||
github = "grnnja";
|
||||
githubId = 31556469;
|
||||
name = "Prem Netsuwan";
|
||||
};
|
||||
gruve-p = {
|
||||
email = "groestlcoin@gmail.com";
|
||||
github = "gruve-p";
|
||||
@ -9945,6 +9951,12 @@
|
||||
fingerprint = "2CD2 B030 BD22 32EF DF5A 008A 3618 20A4 5DB4 1E9A";
|
||||
}];
|
||||
};
|
||||
podocarp = {
|
||||
email = "xdjiaxd@gmail.com";
|
||||
github = "podocarp";
|
||||
githubId = 10473184;
|
||||
name = "Jia Xiaodong";
|
||||
};
|
||||
polendri = {
|
||||
email = "paul@ijj.li";
|
||||
github = "polendri";
|
||||
@ -10204,6 +10216,12 @@
|
||||
githubId = 115877;
|
||||
name = "Kenny Shen";
|
||||
};
|
||||
quag = {
|
||||
email = "quaggy@gmail.com";
|
||||
github = "quag";
|
||||
githubId = 35086;
|
||||
name = "Jonathan Wright";
|
||||
};
|
||||
queezle = {
|
||||
email = "git@queezle.net";
|
||||
github = "qzle";
|
||||
@ -11528,6 +11546,12 @@
|
||||
githubId = 2770647;
|
||||
name = "Simon Vandel Sillesen";
|
||||
};
|
||||
sir4ur0n = {
|
||||
email = "sir4ur0n@users.noreply.github.com";
|
||||
github = "sir4ur0n";
|
||||
githubId = 1204125;
|
||||
name = "sir4ur0n";
|
||||
};
|
||||
siraben = {
|
||||
email = "bensiraphob@gmail.com";
|
||||
matrix = "@siraben:matrix.org";
|
||||
|
@ -381,6 +381,14 @@
|
||||
cluster resource manager
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://nifi.apache.org">nifi</link>, an
|
||||
easy to use, powerful, and reliable system to process and
|
||||
distribute data. Available as
|
||||
<link xlink:href="options.html#opt-services.nifi.enable">services.nifi</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-incompatibilities">
|
||||
@ -518,6 +526,13 @@
|
||||
}
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.prometheus.alertManagerTimeout</literal> has
|
||||
been removed as it has been deprecated upstream and has no
|
||||
effect.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The DHCP server (<literal>services.dhcpd4</literal>,
|
||||
@ -551,6 +566,17 @@
|
||||
work.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.paperless-ng</literal> was renamed to
|
||||
<literal>services.paperless</literal>. Accordingly, the
|
||||
<literal>paperless-ng-manage</literal> script (located in
|
||||
<literal>dataDir</literal>) was renamed to
|
||||
<literal>paperless-manage</literal>.
|
||||
<literal>services.paperless</literal> now uses
|
||||
<literal>paperless-ngx</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>matrix-synapse</literal> service
|
||||
@ -1689,6 +1715,13 @@
|
||||
<literal>true</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A module for declarative configuration of openconnect VPN
|
||||
profiles was added under
|
||||
<literal>networking.openconnect</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>element-desktop</literal> package now has an
|
||||
@ -1787,6 +1820,15 @@
|
||||
should now be used instead.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>security.pam.ussh</literal> has been added, which
|
||||
allows authorizing PAM sessions based on SSH
|
||||
<emphasis>certificates</emphasis> held within an SSH agent,
|
||||
using
|
||||
<link xlink:href="https://github.com/uber/pam-ussh">pam-ussh</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>zrepl</literal> package has been updated from
|
||||
@ -1882,7 +1924,10 @@
|
||||
<para>
|
||||
<literal>services.xserver.desktopManager.xfce</literal> now
|
||||
includes Xfce’s screen locker,
|
||||
<literal>xfce4-screensaver</literal>.
|
||||
<literal>xfce4-screensaver</literal> that is enabled by
|
||||
default. You can disable it by setting
|
||||
<literal>false</literal> to
|
||||
<link linkend="opt-services.xserver.desktopManager.xfce.enableScreensaver">services.xserver.desktopManager.xfce.enableScreensaver</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -109,6 +109,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- [pacemaker](https://clusterlabs.org/pacemaker/) cluster resource manager
|
||||
|
||||
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable).
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
@ -173,6 +175,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
}
|
||||
```
|
||||
|
||||
- `services.prometheus.alertManagerTimeout` has been removed as it has been deprecated upstream and has no effect.
|
||||
|
||||
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
|
||||
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
|
||||
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
|
||||
@ -182,6 +186,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
- `services.ipfs.extraFlags` is now escaped with `utils.escapeSystemdExecArgs`. If you rely on systemd interpolating `extraFlags` in the service `ExecStart`, this will no longer work.
|
||||
|
||||
- `services.paperless-ng` was renamed to `services.paperless`. Accordingly, the `paperless-ng-manage` script (located in `dataDir`) was renamed to `paperless-manage`. `services.paperless` now uses `paperless-ngx`.
|
||||
|
||||
- The `matrix-synapse` service (`services.matrix-synapse`) has been converted to use the `settings` option defined in RFC42.
|
||||
This means that options that are part of your `homeserver.yaml` configuration, and that were specified at the top-level of the
|
||||
module (`services.matrix-synapse`) now need to be moved into `services.matrix-synapse.settings`. And while not all options you
|
||||
@ -583,6 +589,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
using `fetchgit` or `fetchhg` if the argument `fetchSubmodules`
|
||||
is set to `true`.
|
||||
|
||||
- A module for declarative configuration of openconnect VPN profiles was added under `networking.openconnect`.
|
||||
|
||||
- The `element-desktop` package now has an `useKeytar` option (defaults to `true`),
|
||||
which allows disabling `keytar` and in turn `libsecret` usage
|
||||
(which binds to native credential managers / keychain libraries).
|
||||
@ -613,6 +621,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
and [services.logrotate.extraConfig](#opt-services.logrotate.extraConfig) will work, but issue deprecation
|
||||
warnings and [services.logrotate.settings](#opt-services.logrotate.settings) should now be used instead.
|
||||
|
||||
- `security.pam.ussh` has been added, which allows authorizing PAM sessions based on SSH _certificates_ held within an SSH agent, using [pam-ussh](https://github.com/uber/pam-ussh).
|
||||
|
||||
- The `zrepl` package has been updated from 0.4.0 to 0.5:
|
||||
|
||||
- The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
|
||||
@ -642,7 +652,7 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
- xfsprogs was update to version 5.15, which enables inobtcount and bigtime by default on filesystem creation. Support for these features was added in kernel 5.10 and deemed stable in kernel 5.15.
|
||||
If you want to be able to mount XFS filesystems created with this release of xfsprogs on kernel releases older than 5.10, you need to format them with `mkfs.xfs -m bigtime=0 -m inobtcount=0`.
|
||||
|
||||
- `services.xserver.desktopManager.xfce` now includes Xfce's screen locker, `xfce4-screensaver`.
|
||||
- `services.xserver.desktopManager.xfce` now includes Xfce's screen locker, `xfce4-screensaver` that is enabled by default. You can disable it by setting `false` to [services.xserver.desktopManager.xfce.enableScreensaver](#opt-services.xserver.desktopManager.xfce.enableScreensaver).
|
||||
|
||||
- The `hadoop` package has added support for `aarch64-linux` and `aarch64-darwin` as of 3.3.1 ([#158613](https://github.com/NixOS/nixpkgs/pull/158613)).
|
||||
|
||||
|
@ -194,6 +194,22 @@ rec {
|
||||
(( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit
|
||||
'';
|
||||
|
||||
/* Remove packages of packagesToRemove from packages, based on their names.
|
||||
Relies on package names and has quadratic complexity so use with caution!
|
||||
|
||||
Type:
|
||||
removePackagesByName :: [package] -> [package] -> [package]
|
||||
|
||||
Example:
|
||||
removePackagesByName [ nautilus file-roller ] [ file-roller totem ]
|
||||
=> [ nautilus ]
|
||||
*/
|
||||
removePackagesByName = packages: packagesToRemove:
|
||||
let
|
||||
namesToRemove = map lib.getName packagesToRemove;
|
||||
in
|
||||
lib.filter (x: !(builtins.elem (lib.getName x) namesToRemove)) packages;
|
||||
|
||||
systemdUtils = {
|
||||
lib = import ./systemd-lib.nix { inherit lib config pkgs; };
|
||||
unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; };
|
||||
|
@ -1,9 +1,33 @@
|
||||
# This module manages the terminfo database
|
||||
# and its integration in the system.
|
||||
{ config, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
options.environment.enableAllTerminfo = with lib; mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to install all terminfo outputs
|
||||
'';
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
# can be generated with: filter (drv: (builtins.tryEval (drv ? terminfo)).value) (attrValues pkgs)
|
||||
environment.systemPackages = mkIf config.environment.enableAllTerminfo (map (x: x.terminfo) (with pkgs; [
|
||||
alacritty
|
||||
foot
|
||||
kitty
|
||||
mtm
|
||||
rxvt-unicode-unwrapped
|
||||
rxvt-unicode-unwrapped-emoji
|
||||
termite
|
||||
wezterm
|
||||
]));
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/share/terminfo"
|
||||
];
|
||||
|
@ -597,7 +597,7 @@
|
||||
./services/misc/osrm.nix
|
||||
./services/misc/owncast.nix
|
||||
./services/misc/packagekit.nix
|
||||
./services/misc/paperless-ng.nix
|
||||
./services/misc/paperless.nix
|
||||
./services/misc/parsoid.nix
|
||||
./services/misc/plex.nix
|
||||
./services/misc/plikd.nix
|
||||
@ -853,6 +853,7 @@
|
||||
./services/networking/ofono.nix
|
||||
./services/networking/oidentd.nix
|
||||
./services/networking/onedrive.nix
|
||||
./services/networking/openconnect.nix
|
||||
./services/networking/openvpn.nix
|
||||
./services/networking/ostinato.nix
|
||||
./services/networking/owamp.nix
|
||||
@ -1054,6 +1055,7 @@
|
||||
./services/web-apps/netbox.nix
|
||||
./services/web-apps/nextcloud.nix
|
||||
./services/web-apps/nexus.nix
|
||||
./services/web-apps/nifi.nix
|
||||
./services/web-apps/node-red.nix
|
||||
./services/web-apps/pict-rs.nix
|
||||
./services/web-apps/peertube.nix
|
||||
|
@ -61,6 +61,19 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
usshAuth = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
If set, users with an SSH certificate containing an authorized principal
|
||||
in their SSH agent are able to log in. Specific options are controlled
|
||||
using the <option>security.pam.ussh</option> options.
|
||||
|
||||
Note that the <option>security.pam.ussh.enable</option> must also be
|
||||
set for this option to take effect.
|
||||
'';
|
||||
};
|
||||
|
||||
yubicoAuth = mkOption {
|
||||
default = config.security.pam.yubico.enable;
|
||||
defaultText = literalExpression "config.security.pam.yubico.enable";
|
||||
@ -475,6 +488,9 @@ let
|
||||
optionalString cfg.usbAuth ''
|
||||
auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so
|
||||
'' +
|
||||
(let ussh = config.security.pam.ussh; in optionalString (config.security.pam.ussh.enable && cfg.usshAuth) ''
|
||||
auth ${ussh.control} ${pkgs.pam_ussh}/lib/security/pam_ussh.so ${optionalString (ussh.caFile != null) "ca_file=${ussh.caFile}"} ${optionalString (ussh.authorizedPrincipals != null) "authorized_principals=${ussh.authorizedPrincipals}"} ${optionalString (ussh.authorizedPrincipalsFile != null) "authorized_principals_file=${ussh.authorizedPrincipalsFile}"} ${optionalString (ussh.group != null) "group=${ussh.group}"}
|
||||
'') +
|
||||
(let oath = config.security.pam.oath; in optionalString cfg.oathAuth ''
|
||||
auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}
|
||||
'') +
|
||||
@ -927,6 +943,96 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
security.pam.ussh = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enables Uber's USSH PAM (<literal>pam-ussh</literal>) module.
|
||||
|
||||
This is similar to <literal>pam-ssh-agent</literal>, except that
|
||||
the presence of a CA-signed SSH key with a valid principal is checked
|
||||
instead.
|
||||
|
||||
Note that this module must both be enabled using this option and on a
|
||||
per-PAM-service level as well (using <literal>usshAuth</literal>).
|
||||
|
||||
More information can be found <link
|
||||
xlink:href="https://github.com/uber/pam-ussh">here</link>.
|
||||
'';
|
||||
};
|
||||
|
||||
caFile = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr path;
|
||||
description = ''
|
||||
By default <literal>pam-ussh</literal> reads the trusted user CA keys
|
||||
from <filename>/etc/ssh/trusted_user_ca</filename>.
|
||||
|
||||
This should be set the same as your <literal>TrustedUserCAKeys</literal>
|
||||
option for sshd.
|
||||
'';
|
||||
};
|
||||
|
||||
authorizedPrincipals = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr commas;
|
||||
description = ''
|
||||
Comma-separated list of authorized principals to permit; if the user
|
||||
presents a certificate with one of these principals, then they will be
|
||||
authorized.
|
||||
|
||||
Note that <literal>pam-ussh</literal> also requires that the certificate
|
||||
contain a principal matching the user's username. The principals from
|
||||
this list are in addition to those principals.
|
||||
|
||||
Mutually exclusive with <literal>authorizedPrincipalsFile</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
authorizedPrincipalsFile = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr path;
|
||||
description = ''
|
||||
Path to a list of principals; if the user presents a certificate with
|
||||
one of these principals, then they will be authorized.
|
||||
|
||||
Note that <literal>pam-ussh</literal> also requires that the certificate
|
||||
contain a principal matching the user's username. The principals from
|
||||
this file are in addition to those principals.
|
||||
|
||||
Mutually exclusive with <literal>authorizedPrincipals</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr str;
|
||||
description = ''
|
||||
If set, then the authenticating user must be a member of this group
|
||||
to use this module.
|
||||
'';
|
||||
};
|
||||
|
||||
control = mkOption {
|
||||
default = "sufficient";
|
||||
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
|
||||
description = ''
|
||||
This option sets pam "control".
|
||||
If you want to have multi factor authentication, use "required".
|
||||
If you want to use the SSH certificate instead of the regular password,
|
||||
use "sufficient".
|
||||
|
||||
Read
|
||||
<citerefentry>
|
||||
<refentrytitle>pam.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
for better understanding of this option.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
security.pam.yubico = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
@ -1111,6 +1217,9 @@ in
|
||||
optionalString (isEnabled (cfg: cfg.usbAuth)) ''
|
||||
mr ${pkgs.pam_usb}/lib/security/pam_usb.so,
|
||||
'' +
|
||||
optionalString (isEnabled (cfg: cfg.usshAuth)) ''
|
||||
mr ${pkgs.pam_ussh}/lib/security/pam_ussh.so,
|
||||
'' +
|
||||
optionalString (isEnabled (cfg: cfg.oathAuth)) ''
|
||||
"mr ${pkgs.oathToolkit}/lib/security/pam_oath.so,
|
||||
'' +
|
||||
|
@ -245,7 +245,7 @@ in
|
||||
|
||||
environment.systemPackages = [ sudo ];
|
||||
|
||||
security.pam.services.sudo = { sshAgentAuth = true; };
|
||||
security.pam.services.sudo = { sshAgentAuth = true; usshAuth = true; };
|
||||
|
||||
environment.etc.sudoers =
|
||||
{ source =
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -6,46 +6,44 @@ let
|
||||
cfg = config.services.cockroachdb;
|
||||
crdb = cfg.package;
|
||||
|
||||
escape = builtins.replaceStrings ["%"] ["%%"];
|
||||
ifNotNull = v: s: optionalString (v != null) s;
|
||||
|
||||
startupCommand = lib.concatStringsSep " "
|
||||
[ # Basic startup
|
||||
"${crdb}/bin/cockroach start"
|
||||
startupCommand = utils.escapeSystemdExecArgs
|
||||
([
|
||||
# Basic startup
|
||||
"${crdb}/bin/cockroach"
|
||||
"start"
|
||||
"--logtostderr"
|
||||
"--store=/var/lib/cockroachdb"
|
||||
(ifNotNull cfg.locality "--locality='${cfg.locality}'")
|
||||
|
||||
# WebUI settings
|
||||
"--http-addr='${cfg.http.address}:${toString cfg.http.port}'"
|
||||
"--http-addr=${cfg.http.address}:${toString cfg.http.port}"
|
||||
|
||||
# Cluster listen address
|
||||
"--listen-addr='${cfg.listen.address}:${toString cfg.listen.port}'"
|
||||
"--listen-addr=${cfg.listen.address}:${toString cfg.listen.port}"
|
||||
|
||||
# Cluster configuration
|
||||
(ifNotNull cfg.join "--join=${cfg.join}")
|
||||
|
||||
# Cache and memory settings. Must be escaped.
|
||||
"--cache='${escape cfg.cache}'"
|
||||
"--max-sql-memory='${escape cfg.maxSqlMemory}'"
|
||||
# Cache and memory settings.
|
||||
"--cache=${cfg.cache}"
|
||||
"--max-sql-memory=${cfg.maxSqlMemory}"
|
||||
|
||||
# Certificate/security settings.
|
||||
(if cfg.insecure then "--insecure" else "--certs-dir=${cfg.certsDir}")
|
||||
];
|
||||
]
|
||||
++ lib.optional (cfg.join != null) "--join=${cfg.join}"
|
||||
++ lib.optional (cfg.locality != null) "--locality=${cfg.locality}"
|
||||
++ cfg.extraArgs);
|
||||
|
||||
addressOption = descr: defaultPort: {
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Address to bind to for ${descr}";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = defaultPort;
|
||||
description = "Port to bind to for ${descr}";
|
||||
};
|
||||
addressOption = descr: defaultPort: {
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Address to bind to for ${descr}";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = defaultPort;
|
||||
description = "Port to bind to for ${descr}";
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
@ -159,6 +157,16 @@ in
|
||||
only contain open source features and open source code).
|
||||
'';
|
||||
};
|
||||
|
||||
extraArgs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "--advertise-addr" "[fe80::f6f2:::]" ];
|
||||
description = ''
|
||||
Extra CLI arguments passed to <command>cockroach start</command>.
|
||||
For the full list of supported argumemnts, check <link xlink:href="https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags"/>
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -23,17 +23,16 @@ let
|
||||
nixosRules = ''
|
||||
# Miscellaneous devices.
|
||||
KERNEL=="kvm", MODE="0666"
|
||||
KERNEL=="kqemu", MODE="0666"
|
||||
|
||||
# Needed for gpm.
|
||||
SUBSYSTEM=="input", KERNEL=="mice", TAG+="systemd"
|
||||
'';
|
||||
|
||||
# Perform substitutions in all udev rules files.
|
||||
udevRules = pkgs.runCommand "udev-rules"
|
||||
udevRulesFor = { name, udevPackages, udevPath, udev, systemd, binPackages, initrdBin ? null }: pkgs.runCommand name
|
||||
{ preferLocalBuild = true;
|
||||
allowSubstitutes = false;
|
||||
packages = unique (map toString cfg.packages);
|
||||
packages = unique (map toString udevPackages);
|
||||
}
|
||||
''
|
||||
mkdir -p $out
|
||||
@ -61,6 +60,9 @@ let
|
||||
--replace \"/bin/mount \"${pkgs.util-linux}/bin/mount \
|
||||
--replace /usr/bin/readlink ${pkgs.coreutils}/bin/readlink \
|
||||
--replace /usr/bin/basename ${pkgs.coreutils}/bin/basename
|
||||
${optionalString (initrdBin != null) ''
|
||||
substituteInPlace $i --replace '/run/current-system/systemd' "${removeSuffix "/bin" initrdBin}"
|
||||
''}
|
||||
done
|
||||
|
||||
echo -n "Checking that all programs called by relative paths in udev rules exist in ${udev}/lib/udev... "
|
||||
@ -85,8 +87,9 @@ let
|
||||
for i in $import_progs $run_progs; do
|
||||
# if the path refers to /run/current-system/systemd, replace with config.systemd.package
|
||||
if [[ $i == /run/current-system/systemd* ]]; then
|
||||
i="${config.systemd.package}/''${i#/run/current-system/systemd/}"
|
||||
i="${systemd}/''${i#/run/current-system/systemd/}"
|
||||
fi
|
||||
|
||||
if [[ ! -x $i ]]; then
|
||||
echo "FAIL"
|
||||
echo "$i is called in udev rules but is not executable or does not exist"
|
||||
@ -103,7 +106,7 @@ let
|
||||
echo "Consider fixing the following udev rules:"
|
||||
echo "$filesToFixup" | while read localFile; do
|
||||
remoteFile="origin unknown"
|
||||
for i in ${toString cfg.packages}; do
|
||||
for i in ${toString binPackages}; do
|
||||
for j in "$i"/*/udev/rules.d/*; do
|
||||
[ -e "$out/$(basename "$j")" ] || continue
|
||||
[ "$(basename "$j")" = "$(basename "$localFile")" ] || continue
|
||||
@ -126,7 +129,7 @@ let
|
||||
${optionalString (!config.boot.hardwareScan) ''
|
||||
ln -s /dev/null $out/80-drivers.rules
|
||||
''}
|
||||
''; # */
|
||||
'';
|
||||
|
||||
hwdbBin = pkgs.runCommand "hwdb.bin"
|
||||
{ preferLocalBuild = true;
|
||||
@ -202,20 +205,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
initrdRules = mkOption {
|
||||
default = "";
|
||||
example = ''
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
|
||||
'';
|
||||
type = types.lines;
|
||||
description = ''
|
||||
<command>udev</command> rules to include in the initrd
|
||||
<emphasis>only</emphasis>. They'll be written into file
|
||||
<filename>99-local.rules</filename>. Thus they are read and applied
|
||||
after the essential initrd rules.
|
||||
'';
|
||||
};
|
||||
|
||||
extraRules = mkOption {
|
||||
default = "";
|
||||
example = ''
|
||||
@ -283,6 +272,52 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
boot.initrd.services.udev = {
|
||||
|
||||
packages = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
visible = false;
|
||||
description = ''
|
||||
<emphasis>This will only be used when systemd is used in stage 1.</emphasis>
|
||||
|
||||
List of packages containing <command>udev</command> rules that will be copied to stage 1.
|
||||
All files found in
|
||||
<filename><replaceable>pkg</replaceable>/etc/udev/rules.d</filename> and
|
||||
<filename><replaceable>pkg</replaceable>/lib/udev/rules.d</filename>
|
||||
will be included.
|
||||
'';
|
||||
};
|
||||
|
||||
binPackages = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
visible = false;
|
||||
description = ''
|
||||
<emphasis>This will only be used when systemd is used in stage 1.</emphasis>
|
||||
|
||||
Packages to search for binaries that are referenced by the udev rules in stage 1.
|
||||
This list always contains /bin of the initrd.
|
||||
'';
|
||||
apply = map getBin;
|
||||
};
|
||||
|
||||
rules = mkOption {
|
||||
default = "";
|
||||
example = ''
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
|
||||
'';
|
||||
type = types.lines;
|
||||
description = ''
|
||||
<command>udev</command> rules to include in the initrd
|
||||
<emphasis>only</emphasis>. They'll be written into file
|
||||
<filename>99-local.rules</filename>. Thus they are read and applied
|
||||
after the essential initrd rules.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
@ -298,16 +333,54 @@ in
|
||||
|
||||
boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
|
||||
|
||||
boot.initrd.extraUdevRulesCommands = optionalString (cfg.initrdRules != "")
|
||||
boot.initrd.extraUdevRulesCommands = optionalString (!config.boot.initrd.systemd.enable && config.boot.initrd.services.udev.rules != "")
|
||||
''
|
||||
cat <<'EOF' > $out/99-local.rules
|
||||
${cfg.initrdRules}
|
||||
${config.boot.initrd.services.udev.rules}
|
||||
EOF
|
||||
'';
|
||||
|
||||
boot.initrd.systemd.additionalUpstreamUnits = [
|
||||
# TODO: "initrd-udevadm-cleanup-db.service" is commented out because of https://github.com/systemd/systemd/issues/12953
|
||||
"systemd-udevd-control.socket"
|
||||
"systemd-udevd-kernel.socket"
|
||||
"systemd-udevd.service"
|
||||
"systemd-udev-settle.service"
|
||||
"systemd-udev-trigger.service"
|
||||
];
|
||||
boot.initrd.systemd.storePaths = [
|
||||
"${config.boot.initrd.systemd.package}/lib/systemd/systemd-udevd"
|
||||
"${config.boot.initrd.systemd.package}/lib/udev"
|
||||
] ++ map (x: "${x}/bin") config.boot.initrd.services.udev.binPackages;
|
||||
|
||||
# Generate the udev rules for the initrd
|
||||
boot.initrd.systemd.contents = {
|
||||
"/etc/udev/rules.d".source = udevRulesFor {
|
||||
name = "initrd-udev-rules";
|
||||
initrdBin = config.boot.initrd.systemd.contents."/bin".source;
|
||||
udevPackages = config.boot.initrd.services.udev.packages;
|
||||
udevPath = config.boot.initrd.systemd.contents."/bin".source;
|
||||
udev = config.boot.initrd.systemd.package;
|
||||
systemd = config.boot.initrd.systemd.package;
|
||||
binPackages = config.boot.initrd.services.udev.binPackages ++ [ config.boot.initrd.systemd.contents."/bin".source ];
|
||||
};
|
||||
};
|
||||
# Insert custom rules
|
||||
boot.initrd.services.udev.packages = mkIf (config.boot.initrd.services.udev.rules != "") (pkgs.writeTextFile {
|
||||
name = "initrd-udev-rules";
|
||||
destination = "/etc/udev/rules.d/99-local.rules";
|
||||
text = config.boot.initrd.services.udev.rules;
|
||||
});
|
||||
|
||||
environment.etc =
|
||||
{
|
||||
"udev/rules.d".source = udevRules;
|
||||
"udev/rules.d".source = udevRulesFor {
|
||||
name = "udev-rules";
|
||||
udevPackages = cfg.packages;
|
||||
systemd = config.systemd.package;
|
||||
binPackages = cfg.packages;
|
||||
inherit udevPath udev;
|
||||
};
|
||||
"udev/hwdb.bin".source = hwdbBin;
|
||||
};
|
||||
|
||||
@ -338,4 +411,8 @@ in
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "udev" "initrdRules" ] [ "boot" "initrd" "services" "udev" "rules" ])
|
||||
];
|
||||
}
|
||||
|
@ -192,7 +192,6 @@ in {
|
||||
log_dir = "/var/log/mailman";
|
||||
lock_dir = "$var_dir/lock";
|
||||
etc_dir = "/etc";
|
||||
ext_dir = "$etc_dir/mailman.d";
|
||||
pid_file = "/run/mailman/master.pid";
|
||||
};
|
||||
|
||||
|
@ -2,11 +2,13 @@
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.paperless-ng;
|
||||
cfg = config.services.paperless;
|
||||
|
||||
defaultUser = "paperless";
|
||||
|
||||
hasCustomRedis = hasAttr "PAPERLESS_REDIS" cfg.extraConfig;
|
||||
# Don't start a redis instance if the user sets a custom redis connection
|
||||
enableRedis = !hasAttr "PAPERLESS_REDIS" cfg.extraConfig;
|
||||
redisServer = config.services.redis.servers.paperless;
|
||||
|
||||
env = {
|
||||
PAPERLESS_DATA_DIR = cfg.dataDir;
|
||||
@ -15,15 +17,15 @@ let
|
||||
GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}";
|
||||
} // (
|
||||
lib.mapAttrs (_: toString) cfg.extraConfig
|
||||
) // (optionalAttrs (!hasCustomRedis) {
|
||||
PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless-ng.unixSocket}";
|
||||
) // (optionalAttrs enableRedis {
|
||||
PAPERLESS_REDIS = "unix://${redisServer.unixSocket}";
|
||||
});
|
||||
|
||||
manage = let
|
||||
setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
|
||||
in pkgs.writeShellScript "manage" ''
|
||||
${setupEnv}
|
||||
exec ${cfg.package}/bin/paperless-ng "$@"
|
||||
exec ${cfg.package}/bin/paperless-ngx "$@"
|
||||
'';
|
||||
|
||||
# Secure the services
|
||||
@ -36,7 +38,7 @@ let
|
||||
"-/etc/hosts"
|
||||
"-/etc/localtime"
|
||||
"-/run/postgresql"
|
||||
] ++ (optional (!hasCustomRedis) config.services.redis.servers.paperless-ng.unixSocket);
|
||||
] ++ (optional enableRedis redisServer.unixSocket);
|
||||
BindPaths = [
|
||||
cfg.consumptionDir
|
||||
cfg.dataDir
|
||||
@ -53,7 +55,6 @@ let
|
||||
PrivateNetwork = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
# Breaks if the home dir of the user is in /home
|
||||
# Also does not add much value in combination with the TemporaryFileSystem.
|
||||
@ -66,11 +67,15 @@ let
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
# Don't restrict ProcSubset because django-q requires read access to /proc/stat
|
||||
# to query CPU and memory information.
|
||||
# Note that /proc only contains processes of user `paperless`, so this is safe.
|
||||
# ProcSubset = "pid";
|
||||
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SupplementaryGroups = optional (!hasCustomRedis) config.services.redis.servers.paperless-ng.user;
|
||||
SupplementaryGroups = optional enableRedis redisServer.user;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
|
||||
# Does not work well with the temporary root
|
||||
@ -81,26 +86,22 @@ in
|
||||
meta.maintainers = with maintainers; [ earvstedt Flakebi ];
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "paperless"] ''
|
||||
The paperless module has been removed as the upstream project died.
|
||||
Users should migrate to the paperless-ng module (services.paperless-ng).
|
||||
More information can be found in the NixOS 21.11 release notes.
|
||||
'')
|
||||
(mkRenamedOptionModule [ "services" "paperless-ng" ] [ "services" "paperless" ])
|
||||
];
|
||||
|
||||
options.services.paperless-ng = {
|
||||
options.services.paperless = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable Paperless-ng.
|
||||
Enable Paperless.
|
||||
|
||||
When started, the Paperless database is automatically created if it doesn't
|
||||
exist and updated if the Paperless package has changed.
|
||||
Both tasks are achieved by running a Django migration.
|
||||
|
||||
A script to manage the Paperless instance (by wrapping Django's manage.py) is linked to
|
||||
<literal>''${dataDir}/paperless-ng-manage</literal>.
|
||||
<literal>''${dataDir}/paperless-manage</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -133,13 +134,13 @@ in
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/paperless-ng-password";
|
||||
example = "/run/keys/paperless-password";
|
||||
description = ''
|
||||
A file containing the superuser password.
|
||||
|
||||
A superuser is required to access the web interface.
|
||||
If unset, you can create a superuser manually by running
|
||||
<literal>''${dataDir}/paperless-ng-manage createsuperuser</literal>.
|
||||
<literal>''${dataDir}/paperless-manage createsuperuser</literal>.
|
||||
|
||||
The default superuser name is <literal>admin</literal>. To change it, set
|
||||
option <option>extraConfig.PAPERLESS_ADMIN_USER</option>.
|
||||
@ -168,9 +169,9 @@ in
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = ''
|
||||
Extra paperless-ng config options.
|
||||
Extra paperless config options.
|
||||
|
||||
See <link xlink:href="https://paperless-ng.readthedocs.io/en/latest/configuration.html">the documentation</link>
|
||||
See <link xlink:href="https://paperless-ngx.readthedocs.io/en/latest/configuration.html">the documentation</link>
|
||||
for available options.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
@ -188,15 +189,14 @@ in
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.paperless-ng;
|
||||
defaultText = literalExpression "pkgs.paperless-ng";
|
||||
default = pkgs.paperless-ngx;
|
||||
defaultText = literalExpression "pkgs.paperless-ngx";
|
||||
description = "The Paperless package to use.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Enable redis if no special url is set
|
||||
services.redis.servers.paperless-ng.enable = mkIf (!hasCustomRedis) true;
|
||||
services.redis.servers.paperless.enable = mkIf enableRedis true;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
|
||||
@ -208,11 +208,11 @@ in
|
||||
)
|
||||
];
|
||||
|
||||
systemd.services.paperless-ng-server = {
|
||||
description = "Paperless document server";
|
||||
systemd.services.paperless-scheduler = {
|
||||
description = "Paperless scheduler";
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
User = cfg.user;
|
||||
ExecStart = "${cfg.package}/bin/paperless-ng qcluster";
|
||||
ExecStart = "${cfg.package}/bin/paperless-ngx qcluster";
|
||||
Restart = "on-failure";
|
||||
# The `mbind` syscall is needed for running the classifier.
|
||||
SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "mbind" ];
|
||||
@ -221,15 +221,15 @@ in
|
||||
};
|
||||
environment = env;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "paperless-ng-consumer.service" "paperless-ng-web.service" ];
|
||||
wants = [ "paperless-consumer.service" "paperless-web.service" ];
|
||||
|
||||
preStart = ''
|
||||
ln -sf ${manage} ${cfg.dataDir}/paperless-ng-manage
|
||||
ln -sf ${manage} ${cfg.dataDir}/paperless-manage
|
||||
|
||||
# Auto-migrate on first run or if the package has changed
|
||||
versionFile="${cfg.dataDir}/src-version"
|
||||
if [[ $(cat "$versionFile" 2>/dev/null) != ${cfg.package} ]]; then
|
||||
${cfg.package}/bin/paperless-ng migrate
|
||||
${cfg.package}/bin/paperless-ngx migrate
|
||||
echo ${cfg.package} > "$versionFile"
|
||||
fi
|
||||
''
|
||||
@ -240,20 +240,18 @@ in
|
||||
superuserStateFile="${cfg.dataDir}/superuser-state"
|
||||
|
||||
if [[ $(cat "$superuserStateFile" 2>/dev/null) != $superuserState ]]; then
|
||||
${cfg.package}/bin/paperless-ng manage_superuser
|
||||
${cfg.package}/bin/paperless-ngx manage_superuser
|
||||
echo "$superuserState" > "$superuserStateFile"
|
||||
fi
|
||||
'';
|
||||
} // optionalAttrs (!hasCustomRedis) {
|
||||
after = [ "redis-paperless-ng.service" ];
|
||||
} // optionalAttrs enableRedis {
|
||||
after = [ "redis-paperless.service" ];
|
||||
};
|
||||
|
||||
# Password copying can't be implemented as a privileged preStart script
|
||||
# in 'paperless-ng-server' because 'defaultServiceConfig' limits the filesystem
|
||||
# paths accessible by the service.
|
||||
systemd.services.paperless-ng-copy-password = mkIf (cfg.passwordFile != null) {
|
||||
requiredBy = [ "paperless-ng-server.service" ];
|
||||
before = [ "paperless-ng-server.service" ];
|
||||
# Reading the user-provided password file requires root access
|
||||
systemd.services.paperless-copy-password = mkIf (cfg.passwordFile != null) {
|
||||
requiredBy = [ "paperless-scheduler.service" ];
|
||||
before = [ "paperless-scheduler.service" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.coreutils}/bin/install --mode 600 --owner '${cfg.user}' --compare \
|
||||
@ -263,27 +261,27 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.paperless-ng-consumer = {
|
||||
systemd.services.paperless-consumer = {
|
||||
description = "Paperless document consumer";
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
User = cfg.user;
|
||||
ExecStart = "${cfg.package}/bin/paperless-ng document_consumer";
|
||||
ExecStart = "${cfg.package}/bin/paperless-ngx document_consumer";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
environment = env;
|
||||
# Bind to `paperless-ng-server` so that the consumer never runs
|
||||
# Bind to `paperless-scheduler` so that the consumer never runs
|
||||
# during migrations
|
||||
bindsTo = [ "paperless-ng-server.service" ];
|
||||
after = [ "paperless-ng-server.service" ];
|
||||
bindsTo = [ "paperless-scheduler.service" ];
|
||||
after = [ "paperless-scheduler.service" ];
|
||||
};
|
||||
|
||||
systemd.services.paperless-ng-web = {
|
||||
systemd.services.paperless-web = {
|
||||
description = "Paperless web server";
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
User = cfg.user;
|
||||
ExecStart = ''
|
||||
${pkgs.python3Packages.gunicorn}/bin/gunicorn \
|
||||
-c ${cfg.package}/lib/paperless-ng/gunicorn.conf.py paperless.asgi:application
|
||||
-c ${cfg.package}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
|
||||
@ -296,15 +294,15 @@ in
|
||||
};
|
||||
environment = env // {
|
||||
PATH = mkForce cfg.package.path;
|
||||
PYTHONPATH = "${cfg.package.pythonPath}:${cfg.package}/lib/paperless-ng/src";
|
||||
PYTHONPATH = "${cfg.package.pythonPath}:${cfg.package}/lib/paperless-ngx/src";
|
||||
};
|
||||
# Allow the web interface to access the private /tmp directory of the server.
|
||||
# This is required to support uploading files via the web interface.
|
||||
unitConfig.JoinsNamespaceOf = "paperless-ng-server.service";
|
||||
# Bind to `paperless-ng-server` so that the web server never runs
|
||||
unitConfig.JoinsNamespaceOf = "paperless-scheduler.service";
|
||||
# Bind to `paperless-scheduler` so that the web server never runs
|
||||
# during migrations
|
||||
bindsTo = [ "paperless-ng-server.service" ];
|
||||
after = [ "paperless-ng-server.service" ];
|
||||
bindsTo = [ "paperless-scheduler.service" ];
|
||||
after = [ "paperless-scheduler.service" ];
|
||||
};
|
||||
|
||||
users = optionalAttrs (cfg.user == defaultUser) {
|
@ -74,7 +74,6 @@ let
|
||||
}"
|
||||
"--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}"
|
||||
"--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}"
|
||||
"--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s"
|
||||
] ++ optional (cfg.webExternalUrl != null) "--web.external-url=${cfg.webExternalUrl}"
|
||||
++ optional (cfg.retentionTime != null) "--storage.tsdb.retention.time=${cfg.retentionTime}";
|
||||
|
||||
@ -1563,6 +1562,8 @@ in
|
||||
(mkRenamedOptionModule [ "services" "prometheus2" ] [ "services" "prometheus" ])
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "environmentFile" ]
|
||||
"It has been removed since it was causing issues (https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files, i.e. `basic_auth.password_file` and `authorization.credentials_file`.")
|
||||
(mkRemovedOptionModule [ "services" "prometheus" "alertmanagerTimeout" ]
|
||||
"Deprecated upstream and no longer had any effect")
|
||||
];
|
||||
|
||||
options.services.prometheus = {
|
||||
@ -1719,14 +1720,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
alertmanagerTimeout = mkOption {
|
||||
type = types.int;
|
||||
default = 10;
|
||||
description = ''
|
||||
Alert manager HTTP API timeout (in seconds).
|
||||
'';
|
||||
};
|
||||
|
||||
webExternalUrl = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
137
nixos/modules/services/networking/openconnect.nix
Normal file
137
nixos/modules/services/networking/openconnect.nix
Normal file
@ -0,0 +1,137 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.networking.openconnect;
|
||||
openconnect = cfg.package;
|
||||
pkcs11 = types.strMatching "pkcs11:.+" // {
|
||||
name = "pkcs11";
|
||||
description = "PKCS#11 URI";
|
||||
};
|
||||
interfaceOptions = {
|
||||
options = {
|
||||
gateway = mkOption {
|
||||
description = "Gateway server to connect to.";
|
||||
example = "gateway.example.com";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
protocol = mkOption {
|
||||
description = "Protocol to use.";
|
||||
example = "anyconnect";
|
||||
type =
|
||||
types.enum [ "anyconnect" "array" "nc" "pulse" "gp" "f5" "fortinet" ];
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
description = "Username to authenticate with.";
|
||||
example = "example-user";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
# Note: It does not make sense to provide a way to declaratively
|
||||
# set an authentication cookie, because they have to be requested
|
||||
# for every new connection and would only work once.
|
||||
passwordFile = mkOption {
|
||||
description = ''
|
||||
File containing the password to authenticate with. This
|
||||
is passed to <code>openconnect</code> via the
|
||||
<code>--passwd-on-stdin</code> option.
|
||||
'';
|
||||
default = null;
|
||||
example = "/var/lib/secrets/openconnect-passwd";
|
||||
type = types.nullOr types.path;
|
||||
};
|
||||
|
||||
certificate = mkOption {
|
||||
description = "Certificate to authenticate with.";
|
||||
default = null;
|
||||
example = "/var/lib/secrets/openconnect_certificate.pem";
|
||||
type = with types; nullOr (either path pkcs11);
|
||||
};
|
||||
|
||||
privateKey = mkOption {
|
||||
description = "Private key to authenticate with.";
|
||||
example = "/var/lib/secrets/openconnect_private_key.pem";
|
||||
default = null;
|
||||
type = with types; nullOr (either path pkcs11);
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
description = ''
|
||||
Extra config to be appended to the interface config. It should
|
||||
contain long-format options as would be accepted on the command
|
||||
line by <code>openconnect</code>
|
||||
(see https://www.infradead.org/openconnect/manual.html).
|
||||
Non-key-value options like <code>deflate</code> can be used by
|
||||
declaring them as booleans, i. e. <code>deflate = true;</code>.
|
||||
'';
|
||||
default = { };
|
||||
example = {
|
||||
compression = "stateless";
|
||||
|
||||
no-http-keepalive = true;
|
||||
no-dtls = true;
|
||||
};
|
||||
type = with types; attrsOf (either str bool);
|
||||
};
|
||||
};
|
||||
};
|
||||
generateExtraConfig = extra_cfg:
|
||||
strings.concatStringsSep "\n" (attrsets.mapAttrsToList
|
||||
(name: value: if (value == true) then name else "${name}=${value}")
|
||||
(attrsets.filterAttrs (_: value: value != false) extra_cfg));
|
||||
generateConfig = name: icfg:
|
||||
pkgs.writeText "config" ''
|
||||
interface=${name}
|
||||
${optionalString (icfg.user != null) "user=${icfg.user}"}
|
||||
${optionalString (icfg.passwordFile != null) "passwd-on-stdin"}
|
||||
${optionalString (icfg.certificate != null)
|
||||
"certificate=${icfg.certificate}"}
|
||||
${optionalString (icfg.privateKey != null) "sslkey=${icfg.privateKey}"}
|
||||
|
||||
${generateExtraConfig icfg.extraOptions}
|
||||
'';
|
||||
generateUnit = name: icfg: {
|
||||
description = "OpenConnect Interface - ${name}";
|
||||
requires = [ "network-online.target" ];
|
||||
after = [ "network.target" "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${openconnect}/bin/openconnect --config=${
|
||||
generateConfig name icfg
|
||||
} ${icfg.gateway}";
|
||||
StandardInput = "file:${icfg.passwordFile}";
|
||||
|
||||
ProtectHome = true;
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.networking.openconnect = {
|
||||
package = mkPackageOption pkgs "openconnect" { };
|
||||
|
||||
interfaces = mkOption {
|
||||
description = "OpenConnect interfaces.";
|
||||
default = { };
|
||||
example = {
|
||||
openconnect0 = {
|
||||
gateway = "gateway.example.com";
|
||||
protocol = "anyconnect";
|
||||
user = "example-user";
|
||||
passwordFile = "/var/lib/secrets/openconnect-passwd";
|
||||
};
|
||||
};
|
||||
type = with types; attrsOf (submodule interfaceOptions);
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.services = mapAttrs' (name: value: {
|
||||
name = "openconnect-${name}";
|
||||
value = generateUnit name value;
|
||||
}) cfg.interfaces;
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ alyaeanyx ];
|
||||
}
|
@ -1,31 +1,37 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.shellhub-agent;
|
||||
in {
|
||||
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.shellhub-agent = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
enable = mkEnableOption "ShellHub Agent daemon";
|
||||
|
||||
package = mkPackageOption pkgs "shellhub-agent" { };
|
||||
|
||||
preferredHostname = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Whether to enable the ShellHub Agent daemon, which allows
|
||||
secure remote logins.
|
||||
Set the device preferred hostname. This provides a hint to
|
||||
the server to use this as hostname if it is available.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.shellhub-agent;
|
||||
defaultText = literalExpression "pkgs.shellhub-agent";
|
||||
keepAliveInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 30;
|
||||
description = ''
|
||||
Which ShellHub Agent package to use.
|
||||
Determine the interval to send the keep alive message to
|
||||
the server. This has a direct impact of the bandwidth
|
||||
used by the device.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -74,9 +80,13 @@ in {
|
||||
"time-sync.target"
|
||||
];
|
||||
|
||||
environment.SERVER_ADDRESS = cfg.server;
|
||||
environment.PRIVATE_KEY = cfg.privateKey;
|
||||
environment.TENANT_ID = cfg.tenantId;
|
||||
environment = {
|
||||
SHELLHUB_SERVER_ADDRESS = cfg.server;
|
||||
SHELLHUB_PRIVATE_KEY = cfg.privateKey;
|
||||
SHELLHUB_TENANT_ID = cfg.tenantId;
|
||||
SHELLHUB_KEEPALIVE_INTERVAL = toString cfg.keepAliveInterval;
|
||||
SHELLHUB_PREFERRED_HOSTNAME = cfg.preferredHostname;
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
# The service starts sessions for different users.
|
||||
@ -85,7 +95,6 @@ in {
|
||||
ExecStart = "${cfg.package}/bin/agent";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -609,6 +609,7 @@ in
|
||||
connection_reaper_interval = 30;
|
||||
relative_url_root = null;
|
||||
message_bus_max_backlog_size = 100;
|
||||
message_bus_clear_every = 50;
|
||||
secret_key_base = cfg.secretKeyBaseFile;
|
||||
fallback_assets_path = null;
|
||||
|
||||
@ -655,7 +656,12 @@ in
|
||||
long_polling_interval = null;
|
||||
};
|
||||
|
||||
services.redis.enable = lib.mkDefault (cfg.redis.host == "localhost");
|
||||
services.redis.servers.discourse =
|
||||
lib.mkIf (lib.elem cfg.redis.host [ "localhost" "127.0.0.1" ]) {
|
||||
enable = true;
|
||||
bind = cfg.redis.host;
|
||||
port = cfg.backendSettings.redis_port;
|
||||
};
|
||||
|
||||
services.postgresql = lib.mkIf databaseActuallyCreateLocally {
|
||||
enable = true;
|
||||
@ -696,12 +702,12 @@ in
|
||||
systemd.services.discourse = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"redis.service"
|
||||
"redis-discourse.service"
|
||||
"postgresql.service"
|
||||
"discourse-postgresql.service"
|
||||
];
|
||||
bindsTo = [
|
||||
"redis.service"
|
||||
"redis-discourse.service"
|
||||
] ++ lib.optionals (cfg.database.host == null) [
|
||||
"postgresql.service"
|
||||
"discourse-postgresql.service"
|
||||
|
318
nixos/modules/services/web-apps/nifi.nix
Normal file
318
nixos/modules/services/web-apps/nifi.nix
Normal file
@ -0,0 +1,318 @@
|
||||
{ lib, pkgs, config, options, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.nifi;
|
||||
opt = options.services.nifi;
|
||||
|
||||
env = {
|
||||
NIFI_OVERRIDE_NIFIENV = "true";
|
||||
NIFI_HOME = "/var/lib/nifi";
|
||||
NIFI_PID_DIR = "/run/nifi";
|
||||
NIFI_LOG_DIR = "/var/log/nifi";
|
||||
};
|
||||
|
||||
envFile = pkgs.writeText "nifi.env" (lib.concatMapStrings (s: s + "\n") (
|
||||
(lib.concatLists (lib.mapAttrsToList (name: value:
|
||||
if value != null then [
|
||||
"${name}=\"${toString value}\""
|
||||
] else []
|
||||
) env))));
|
||||
|
||||
nifiEnv = pkgs.writeShellScriptBin "nifi-env" ''
|
||||
set -a
|
||||
source "${envFile}"
|
||||
eval -- "\$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
options = {
|
||||
services.nifi = {
|
||||
enable = lib.mkEnableOption "Apache NiFi";
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = pkgs.nifi;
|
||||
defaultText = lib.literalExpression "pkgs.nifi";
|
||||
description = "Apache NiFi package to use.";
|
||||
};
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "nifi";
|
||||
description = "User account where Apache NiFi runs.";
|
||||
};
|
||||
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "nifi";
|
||||
description = "Group account where Apache NiFi runs.";
|
||||
};
|
||||
|
||||
enableHTTPS = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Enable HTTPS protocol. Don`t use in production.";
|
||||
};
|
||||
|
||||
listenHost = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = if cfg.enableHTTPS then "0.0.0.0" else "127.0.0.1";
|
||||
defaultText = lib.literalExpression ''
|
||||
if config.${opt.enableHTTPS}
|
||||
then "0.0.0.0"
|
||||
else "127.0.0.1"
|
||||
'';
|
||||
description = "Bind to an ip for Apache NiFi web-ui.";
|
||||
};
|
||||
|
||||
listenPort = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = if cfg.enableHTTPS then 8443 else 8080;
|
||||
defaultText = lib.literalExpression ''
|
||||
if config.${opt.enableHTTPS}
|
||||
then "8443"
|
||||
else "8000"
|
||||
'';
|
||||
description = "Bind to a port for Apache NiFi web-ui.";
|
||||
};
|
||||
|
||||
proxyHost = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = if cfg.enableHTTPS then "0.0.0.0" else null;
|
||||
defaultText = lib.literalExpression ''
|
||||
if config.${opt.enableHTTPS}
|
||||
then "0.0.0.0"
|
||||
else null
|
||||
'';
|
||||
description = "Allow requests from a specific host.";
|
||||
};
|
||||
|
||||
proxyPort = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = if cfg.enableHTTPS then 8443 else null;
|
||||
defaultText = lib.literalExpression ''
|
||||
if config.${opt.enableHTTPS}
|
||||
then "8443"
|
||||
else null
|
||||
'';
|
||||
description = "Allow requests from a specific port.";
|
||||
};
|
||||
|
||||
initUser = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
description = "Initial user account for Apache NiFi. Username must be at least 4 characters.";
|
||||
};
|
||||
|
||||
initPasswordFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
example = "/run/keys/nifi/password-nifi";
|
||||
description = "nitial password for Apache NiFi. Password must be at least 12 characters.";
|
||||
};
|
||||
|
||||
initJavaHeapSize = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = null;
|
||||
example = 1024;
|
||||
description = "Set the initial heap size for the JVM in MB.";
|
||||
};
|
||||
|
||||
maxJavaHeapSize = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = null;
|
||||
example = 2048;
|
||||
description = "Set the initial heap size for the JVM in MB.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.initUser!=null || cfg.initPasswordFile==null;
|
||||
message = ''
|
||||
<option>services.nifi.initUser</option> needs to be set if <option>services.nifi.initPasswordFile</option> enabled.
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.initUser==null || cfg.initPasswordFile!=null;
|
||||
message = ''
|
||||
<option>services.nifi.initPasswordFile</option> needs to be set if <option>services.nifi.initUser</option> enabled.
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.proxyHost==null || cfg.proxyPort!=null;
|
||||
message = ''
|
||||
<option>services.nifi.proxyPort</option> needs to be set if <option>services.nifi.proxyHost</option> value specified.
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.proxyHost!=null || cfg.proxyPort==null;
|
||||
message = ''
|
||||
<option>services.nifi.proxyHost</option> needs to be set if <option>services.nifi.proxyPort</option> value specified.
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.initJavaHeapSize==null || cfg.maxJavaHeapSize!=null;
|
||||
message = ''
|
||||
<option>services.nifi.maxJavaHeapSize</option> needs to be set if <option>services.nifi.initJavaHeapSize</option> value specified.
|
||||
'';
|
||||
}
|
||||
{ assertion = cfg.initJavaHeapSize!=null || cfg.maxJavaHeapSize==null;
|
||||
message = ''
|
||||
<option>services.nifi.initJavaHeapSize</option> needs to be set if <option>services.nifi.maxJavaHeapSize</option> value specified.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
warnings = lib.optional (cfg.enableHTTPS==false) ''
|
||||
Please do not disable HTTPS mode in production. In this mode, access to the nifi is opened without authentication.
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '/var/lib/nifi/conf' 0750 ${cfg.user} ${cfg.group}"
|
||||
"L+ '/var/lib/nifi/lib' - - - - ${cfg.package}/lib"
|
||||
];
|
||||
|
||||
|
||||
systemd.services.nifi = {
|
||||
description = "Apache NiFi";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = env;
|
||||
path = [ pkgs.gawk ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
PIDFile = "/run/nifi/nifi.pid";
|
||||
ExecStartPre = pkgs.writeScript "nifi-pre-start.sh" ''
|
||||
#!/bin/sh
|
||||
umask 077
|
||||
test -f '/var/lib/nifi/conf/authorizers.xml' || (cp '${cfg.package}/share/nifi/conf/authorizers.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/authorizers.xml')
|
||||
test -f '/var/lib/nifi/conf/bootstrap.conf' || (cp '${cfg.package}/share/nifi/conf/bootstrap.conf' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/bootstrap.conf')
|
||||
test -f '/var/lib/nifi/conf/bootstrap-hashicorp-vault.conf' || (cp '${cfg.package}/share/nifi/conf/bootstrap-hashicorp-vault.conf' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/bootstrap-hashicorp-vault.conf')
|
||||
test -f '/var/lib/nifi/conf/bootstrap-notification-services.xml' || (cp '${cfg.package}/share/nifi/conf/bootstrap-notification-services.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/bootstrap-notification-services.xml')
|
||||
test -f '/var/lib/nifi/conf/logback.xml' || (cp '${cfg.package}/share/nifi/conf/logback.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/logback.xml')
|
||||
test -f '/var/lib/nifi/conf/login-identity-providers.xml' || (cp '${cfg.package}/share/nifi/conf/login-identity-providers.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/login-identity-providers.xml')
|
||||
test -f '/var/lib/nifi/conf/nifi.properties' || (cp '${cfg.package}/share/nifi/conf/nifi.properties' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/nifi.properties')
|
||||
test -f '/var/lib/nifi/conf/stateless-logback.xml' || (cp '${cfg.package}/share/nifi/conf/stateless-logback.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/stateless-logback.xml')
|
||||
test -f '/var/lib/nifi/conf/stateless.properties' || (cp '${cfg.package}/share/nifi/conf/stateless.properties' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/stateless.properties')
|
||||
test -f '/var/lib/nifi/conf/state-management.xml' || (cp '${cfg.package}/share/nifi/conf/state-management.xml' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/state-management.xml')
|
||||
test -f '/var/lib/nifi/conf/zookeeper.properties' || (cp '${cfg.package}/share/nifi/conf/zookeeper.properties' '/var/lib/nifi/conf/' && chmod 0640 '/var/lib/nifi/conf/zookeeper.properties')
|
||||
test -d '/var/lib/nifi/docs/html' || (mkdir -p /var/lib/nifi/docs && cp -r '${cfg.package}/share/nifi/docs/html' '/var/lib/nifi/docs/html')
|
||||
${lib.optionalString ((cfg.initUser != null) && (cfg.initPasswordFile != null)) ''
|
||||
awk -F'[<|>]' '/property name="Username"/ {if ($3!="") f=1} END{exit !f}' /var/lib/nifi/conf/login-identity-providers.xml || ${cfg.package}/bin/nifi.sh set-single-user-credentials ${cfg.initUser} $(cat ${cfg.initPasswordFile})
|
||||
''}
|
||||
${lib.optionalString (cfg.enableHTTPS == false) ''
|
||||
sed -i /var/lib/nifi/conf/nifi.properties \
|
||||
-e 's|nifi.remote.input.secure=.*|nifi.remote.input.secure=false|g' \
|
||||
-e 's|nifi.web.http.host=.*|nifi.web.http.host=${cfg.listenHost}|g' \
|
||||
-e 's|nifi.web.http.port=.*|nifi.web.http.port=${(toString cfg.listenPort)}|g' \
|
||||
-e 's|nifi.web.https.host=.*|nifi.web.https.host=|g' \
|
||||
-e 's|nifi.web.https.port=.*|nifi.web.https.port=|g' \
|
||||
-e 's|nifi.security.keystore=.*|nifi.security.keystore=|g' \
|
||||
-e 's|nifi.security.keystoreType=.*|nifi.security.keystoreType=|g' \
|
||||
-e 's|nifi.security.truststore=.*|nifi.security.truststore=|g' \
|
||||
-e 's|nifi.security.truststoreType=.*|nifi.security.truststoreType=|g' \
|
||||
-e '/nifi.security.keystorePasswd/s|^|#|' \
|
||||
-e '/nifi.security.keyPasswd/s|^|#|' \
|
||||
-e '/nifi.security.truststorePasswd/s|^|#|'
|
||||
''}
|
||||
${lib.optionalString (cfg.enableHTTPS == true) ''
|
||||
sed -i /var/lib/nifi/conf/nifi.properties \
|
||||
-e 's|nifi.remote.input.secure=.*|nifi.remote.input.secure=true|g' \
|
||||
-e 's|nifi.web.http.host=.*|nifi.web.http.host=|g' \
|
||||
-e 's|nifi.web.http.port=.*|nifi.web.http.port=|g' \
|
||||
-e 's|nifi.web.https.host=.*|nifi.web.https.host=${cfg.listenHost}|g' \
|
||||
-e 's|nifi.web.https.port=.*|nifi.web.https.port=${(toString cfg.listenPort)}|g' \
|
||||
-e 's|nifi.security.keystore=.*|nifi.security.keystore=./conf/keystore.p12|g' \
|
||||
-e 's|nifi.security.keystoreType=.*|nifi.security.keystoreType=PKCS12|g' \
|
||||
-e 's|nifi.security.truststore=.*|nifi.security.truststore=./conf/truststore.p12|g' \
|
||||
-e 's|nifi.security.truststoreType=.*|nifi.security.truststoreType=PKCS12|g' \
|
||||
-e '/nifi.security.keystorePasswd/s|^#\+||' \
|
||||
-e '/nifi.security.keyPasswd/s|^#\+||' \
|
||||
-e '/nifi.security.truststorePasswd/s|^#\+||'
|
||||
''}
|
||||
${lib.optionalString ((cfg.enableHTTPS == true) && (cfg.proxyHost != null) && (cfg.proxyPort != null)) ''
|
||||
sed -i /var/lib/nifi/conf/nifi.properties \
|
||||
-e 's|nifi.web.proxy.host=.*|nifi.web.proxy.host=${cfg.proxyHost}:${(toString cfg.proxyPort)}|g'
|
||||
''}
|
||||
${lib.optionalString ((cfg.enableHTTPS == false) || (cfg.proxyHost == null) && (cfg.proxyPort == null)) ''
|
||||
sed -i /var/lib/nifi/conf/nifi.properties \
|
||||
-e 's|nifi.web.proxy.host=.*|nifi.web.proxy.host=|g'
|
||||
''}
|
||||
${lib.optionalString ((cfg.initJavaHeapSize != null) && (cfg.maxJavaHeapSize != null))''
|
||||
sed -i /var/lib/nifi/conf/bootstrap.conf \
|
||||
-e 's|java.arg.2=.*|java.arg.2=-Xms${(toString cfg.initJavaHeapSize)}m|g' \
|
||||
-e 's|java.arg.3=.*|java.arg.3=-Xmx${(toString cfg.maxJavaHeapSize)}m|g'
|
||||
''}
|
||||
${lib.optionalString ((cfg.initJavaHeapSize == null) && (cfg.maxJavaHeapSize == null))''
|
||||
sed -i /var/lib/nifi/conf/bootstrap.conf \
|
||||
-e 's|java.arg.2=.*|java.arg.2=-Xms512m|g' \
|
||||
-e 's|java.arg.3=.*|java.arg.3=-Xmx512m|g'
|
||||
''}
|
||||
'';
|
||||
ExecStart = "${cfg.package}/bin/nifi.sh start";
|
||||
ExecStop = "${cfg.package}/bin/nifi.sh stop";
|
||||
# User and group
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
# Runtime directory and mode
|
||||
RuntimeDirectory = "nifi";
|
||||
RuntimeDirectoryMode = "0750";
|
||||
# State directory and mode
|
||||
StateDirectory = "nifi";
|
||||
StateDirectoryMode = "0750";
|
||||
# Logs directory and mode
|
||||
LogsDirectory = "nifi";
|
||||
LogsDirectoryMode = "0750";
|
||||
# Proc filesystem
|
||||
ProcSubset = "pid";
|
||||
ProtectProc = "invisible";
|
||||
# Access write directories
|
||||
ReadWritePaths = [ cfg.initPasswordFile ];
|
||||
UMask = "0027";
|
||||
# Capabilities
|
||||
CapabilityBoundingSet = "";
|
||||
# Security
|
||||
NoNewPrivileges = true;
|
||||
# Sandboxing
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateIPC = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = false;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RemoveIPC = true;
|
||||
PrivateMounts = true;
|
||||
# System Call Filtering
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @resources @privileged @setuid" "@chown" ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users = lib.mkMerge [
|
||||
(lib.mkIf (cfg.user == "nifi") {
|
||||
nifi = {
|
||||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
home = cfg.package;
|
||||
};
|
||||
})
|
||||
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package nifiEnv ])
|
||||
];
|
||||
|
||||
users.groups = lib.optionalAttrs (cfg.group == "nifi") {
|
||||
nifi = { };
|
||||
};
|
||||
};
|
||||
}
|
@ -255,20 +255,22 @@ let
|
||||
else defaultListen;
|
||||
|
||||
listenString = { addr, port, ssl, extraParameters ? [], ... }:
|
||||
"listen ${addr}:${toString port} "
|
||||
+ optionalString ssl "ssl "
|
||||
+ optionalString (ssl && vhost.http2) "http2 "
|
||||
+ optionalString vhost.default "default_server "
|
||||
+ optionalString (extraParameters != []) (concatStringsSep " " extraParameters)
|
||||
+ ";"
|
||||
+ (if ssl && vhost.http3 then ''
|
||||
(if ssl && vhost.http3 then "
|
||||
# UDP listener for **QUIC+HTTP/3
|
||||
listen ${addr}:${toString port} http3 reuseport;
|
||||
# Advertise that HTTP/3 is available
|
||||
add_header Alt-Svc 'h3=":443"';
|
||||
# Sent when QUIC was used
|
||||
add_header QUIC-Status $quic;
|
||||
'' else "");
|
||||
listen ${addr}:${toString port} http3 "
|
||||
+ optionalString vhost.default "default_server "
|
||||
+ optionalString vhost.reuseport "reuseport "
|
||||
+ optionalString (extraParameters != []) (concatStringsSep " " extraParameters)
|
||||
+ ";" else "")
|
||||
+ "
|
||||
|
||||
listen ${addr}:${toString port} "
|
||||
+ optionalString (ssl && vhost.http2) "http2 "
|
||||
+ optionalString ssl "ssl "
|
||||
+ optionalString vhost.default "default_server "
|
||||
+ optionalString vhost.reuseport "reuseport "
|
||||
+ optionalString (extraParameters != []) (concatStringsSep " " extraParameters)
|
||||
+ ";";
|
||||
|
||||
redirectListen = filter (x: !x.ssl) defaultListen;
|
||||
|
||||
@ -321,6 +323,11 @@ let
|
||||
ssl_conf_command Options KTLS;
|
||||
''}
|
||||
|
||||
${optionalString (hasSSL && vhost.http3) ''
|
||||
# Advertise that HTTP/3 is available
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400' always;
|
||||
''}
|
||||
|
||||
${mkBasicAuth vhostName vhost}
|
||||
|
||||
${mkLocations vhost.locations}
|
||||
|
@ -20,7 +20,7 @@ with lib;
|
||||
serverAliases = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = ["www.example.org" "example.org"];
|
||||
example = [ "www.example.org" "example.org" ];
|
||||
description = ''
|
||||
Additional names of virtual hosts served by this virtual host configuration.
|
||||
'';
|
||||
@ -31,11 +31,11 @@ with lib;
|
||||
addr = mkOption { type = str; description = "IP address."; };
|
||||
port = mkOption { type = int; description = "Port number."; default = 80; };
|
||||
ssl = mkOption { type = bool; description = "Enable SSL."; default = false; };
|
||||
extraParameters = mkOption { type = listOf str; description = "Extra parameters of this listen directive."; default = []; example = [ "reuseport" "deferred" ]; };
|
||||
extraParameters = mkOption { type = listOf str; description = "Extra parameters of this listen directive."; default = []; example = [ "backlog=1024" "deferred" ]; };
|
||||
}; });
|
||||
default = [];
|
||||
example = [
|
||||
{ addr = "195.154.1.1"; port = 443; ssl = true;}
|
||||
{ addr = "195.154.1.1"; port = 443; ssl = true; }
|
||||
{ addr = "192.154.1.1"; port = 80; }
|
||||
];
|
||||
description = ''
|
||||
@ -207,6 +207,15 @@ with lib;
|
||||
'';
|
||||
};
|
||||
|
||||
reuseport = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Create an individual listening socket .
|
||||
It is required to specify only once on one of the hosts.
|
||||
'';
|
||||
};
|
||||
|
||||
root = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -196,7 +196,7 @@ in
|
||||
programs.evince.enable = mkDefault true;
|
||||
programs.file-roller.enable = mkDefault true;
|
||||
|
||||
environment.systemPackages = (with pkgs // pkgs.gnome // pkgs.cinnamon; pkgs.gnome.removePackagesByName [
|
||||
environment.systemPackages = with pkgs // pkgs.gnome // pkgs.cinnamon; utils.removePackagesByName [
|
||||
# cinnamon team apps
|
||||
bulky
|
||||
blueberry
|
||||
@ -212,7 +212,7 @@ in
|
||||
# external apps shipped with linux-mint
|
||||
hexchat
|
||||
gnome-calculator
|
||||
] config.environment.cinnamon.excludePackages);
|
||||
] config.environment.cinnamon.excludePackages;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -42,7 +42,8 @@ let
|
||||
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
|
||||
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
|
||||
[org.gnome.desktop.background]
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}'
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-blue.gnomeFilePath}'
|
||||
picture-uri-dark='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}'
|
||||
|
||||
[org.gnome.desktop.screensaver]
|
||||
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}'
|
||||
@ -455,7 +456,7 @@ in
|
||||
(mkIf serviceCfg.core-utilities.enable {
|
||||
environment.systemPackages =
|
||||
with pkgs.gnome;
|
||||
removePackagesByName
|
||||
utils.removePackagesByName
|
||||
([
|
||||
baobab
|
||||
cheese
|
||||
@ -515,7 +516,7 @@ in
|
||||
})
|
||||
|
||||
(mkIf serviceCfg.games.enable {
|
||||
environment.systemPackages = (with pkgs.gnome; removePackagesByName [
|
||||
environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [
|
||||
aisleriot
|
||||
atomix
|
||||
five-or-more
|
||||
@ -536,12 +537,12 @@ in
|
||||
quadrapassel
|
||||
swell-foop
|
||||
tali
|
||||
] config.environment.gnome.excludePackages);
|
||||
] config.environment.gnome.excludePackages;
|
||||
})
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/3.38.0/elements/core/meta-gnome-core-developer-tools.bst
|
||||
(mkIf serviceCfg.core-developer-tools.enable {
|
||||
environment.systemPackages = (with pkgs.gnome; removePackagesByName [
|
||||
environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [
|
||||
dconf-editor
|
||||
devhelp
|
||||
pkgs.gnome-builder
|
||||
@ -550,7 +551,7 @@ in
|
||||
# in default configurations.
|
||||
# https://github.com/NixOS/nixpkgs/issues/60908
|
||||
/* gnome-boxes */
|
||||
] config.environment.gnome.excludePackages);
|
||||
] config.environment.gnome.excludePackages;
|
||||
|
||||
services.sysprof.enable = notExcluded pkgs.sysprof;
|
||||
})
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -51,7 +51,7 @@ in
|
||||
environment.systemPackages =
|
||||
pkgs.lxqt.preRequisitePackages ++
|
||||
pkgs.lxqt.corePackages ++
|
||||
(pkgs.gnome.removePackagesByName
|
||||
(utils.removePackagesByName
|
||||
pkgs.lxqt.optionalPackages
|
||||
config.environment.lxqt.excludePackages);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -47,7 +47,7 @@ in
|
||||
# Debugging
|
||||
environment.sessionVariables.MATE_SESSION_DEBUG = mkIf cfg.debug "1";
|
||||
|
||||
environment.systemPackages = pkgs.gnome.removePackagesByName
|
||||
environment.systemPackages = utils.removePackagesByName
|
||||
(pkgs.mate.basePackages ++
|
||||
pkgs.mate.extraPackages ++
|
||||
[
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, utils, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -214,7 +214,7 @@ in
|
||||
elementary-settings-daemon
|
||||
pantheon-agent-geoclue2
|
||||
pantheon-agent-polkit
|
||||
]) ++ (gnome.removePackagesByName [
|
||||
]) ++ (utils.removePackagesByName [
|
||||
gnome.gnome-font-viewer
|
||||
gnome.gnome-settings-daemon338
|
||||
] config.environment.pantheon.excludePackages);
|
||||
@ -272,7 +272,7 @@ in
|
||||
})
|
||||
|
||||
(mkIf serviceCfg.apps.enable {
|
||||
environment.systemPackages = with pkgs.pantheon; pkgs.gnome.removePackagesByName ([
|
||||
environment.systemPackages = with pkgs.pantheon; utils.removePackagesByName ([
|
||||
elementary-calculator
|
||||
elementary-calendar
|
||||
elementary-camera
|
||||
|
@ -66,6 +66,12 @@ in
|
||||
default = true;
|
||||
description = "Enable the XFWM (default) window manager.";
|
||||
};
|
||||
|
||||
enableScreensaver = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable the XFCE screensaver.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -99,7 +105,6 @@ in
|
||||
ristretto
|
||||
xfce4-appfinder
|
||||
xfce4-notifyd
|
||||
xfce4-screensaver
|
||||
xfce4-screenshooter
|
||||
xfce4-session
|
||||
xfce4-settings
|
||||
@ -123,7 +128,7 @@ in
|
||||
] ++ optionals (!cfg.noDesktop) [
|
||||
xfce4-panel
|
||||
xfdesktop
|
||||
];
|
||||
] ++ optional cfg.enableScreensaver xfce4-screensaver;
|
||||
|
||||
environment.pathsToLink = [
|
||||
"/share/xfce4"
|
||||
@ -169,6 +174,6 @@ in
|
||||
xfce4-notifyd
|
||||
];
|
||||
|
||||
security.pam.services.xfce4-screensaver.unixAuth = true;
|
||||
security.pam.services.xfce4-screensaver.unixAuth = cfg.enableScreensaver;
|
||||
};
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, utils, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -181,6 +181,13 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
excludePackages = mkOption {
|
||||
default = [];
|
||||
example = literalExpression "[ pkgs.xterm ]";
|
||||
type = types.listOf types.package;
|
||||
description = "Which X11 packages to exclude from the default environment";
|
||||
};
|
||||
|
||||
exportConfiguration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -655,7 +662,7 @@ in
|
||||
${cfgPath}.source = xorg.xf86inputevdev.out + "/share" + cfgPath;
|
||||
});
|
||||
|
||||
environment.systemPackages =
|
||||
environment.systemPackages = utils.removePackagesByName
|
||||
[ xorg.xorgserver.out
|
||||
xorg.xrandr
|
||||
xorg.xrdb
|
||||
@ -671,7 +678,7 @@ in
|
||||
pkgs.xdg-utils
|
||||
xorg.xf86inputevdev.out # get evdev.4 man page
|
||||
pkgs.nixos-icons # needed for gnome and pantheon about dialog, nixos-manual and maybe more
|
||||
]
|
||||
] config.services.xserver.excludePackages
|
||||
++ optional (elem "virtualbox" cfg.videoDrivers) xorg.xrefresh;
|
||||
|
||||
environment.pathsToLink = [ "/share/X11" ];
|
||||
|
@ -55,11 +55,15 @@ let
|
||||
substituteInPlace $out/dry-activate --subst-var out
|
||||
chmod u+x $out/activate $out/dry-activate
|
||||
unset activationScript dryActivationScript
|
||||
${pkgs.stdenv.shellDryRun} $out/activate
|
||||
${pkgs.stdenv.shellDryRun} $out/dry-activate
|
||||
|
||||
cp ${config.system.build.bootStage2} $out/init
|
||||
substituteInPlace $out/init --subst-var-by systemConfig $out
|
||||
${if config.boot.initrd.systemd.enable then ''
|
||||
cp ${config.system.build.bootStage2} $out/prepare-root
|
||||
substituteInPlace $out/prepare-root --subst-var-by systemConfig $out
|
||||
ln -s "$systemd/lib/systemd/systemd" $out/init
|
||||
'' else ''
|
||||
cp ${config.system.build.bootStage2} $out/init
|
||||
substituteInPlace $out/init --subst-var-by systemConfig $out
|
||||
''}
|
||||
|
||||
ln -s ${config.system.build.etc}/etc $out/etc
|
||||
ln -s ${config.system.path} $out/sw
|
||||
|
@ -10,6 +10,36 @@ let
|
||||
|
||||
check = {
|
||||
|
||||
global = {
|
||||
sectionNetwork = checkUnitConfig "Network" [
|
||||
(assertOnlyFields [
|
||||
"SpeedMeter"
|
||||
"SpeedMeterIntervalSec"
|
||||
"ManageForeignRoutingPolicyRules"
|
||||
"ManageForeignRoutes"
|
||||
"RouteTable"
|
||||
])
|
||||
(assertValueOneOf "SpeedMeter" boolValues)
|
||||
(assertInt "SpeedMeterIntervalSec")
|
||||
(assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
|
||||
(assertValueOneOf "ManageForeignRoutes" boolValues)
|
||||
];
|
||||
|
||||
sectionDHCPv4 = checkUnitConfig "DHCPv4" [
|
||||
(assertOnlyFields [
|
||||
"DUIDType"
|
||||
"DUIDRawData"
|
||||
])
|
||||
];
|
||||
|
||||
sectionDHCPv6 = checkUnitConfig "DHCPv6" [
|
||||
(assertOnlyFields [
|
||||
"DUIDType"
|
||||
"DUIDRawData"
|
||||
])
|
||||
];
|
||||
};
|
||||
|
||||
link = {
|
||||
|
||||
sectionLink = checkUnitConfig "Link" [
|
||||
@ -871,6 +901,44 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
networkdOptions = {
|
||||
networkConfig = mkOption {
|
||||
default = {};
|
||||
example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; };
|
||||
type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork;
|
||||
description = ''
|
||||
Each attribute in this set specifies an option in the
|
||||
<literal>[Network]</literal> section of the networkd config.
|
||||
See <citerefentry><refentrytitle>networkd.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
dhcpV4Config = mkOption {
|
||||
default = {};
|
||||
example = { DUIDType = "vendor"; };
|
||||
type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4;
|
||||
description = ''
|
||||
Each attribute in this set specifies an option in the
|
||||
<literal>[DHCPv4]</literal> section of the networkd config.
|
||||
See <citerefentry><refentrytitle>networkd.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
dhcpV6Config = mkOption {
|
||||
default = {};
|
||||
example = { DUIDType = "vendor"; };
|
||||
type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6;
|
||||
description = ''
|
||||
Each attribute in this set specifies an option in the
|
||||
<literal>[DHCPv6]</literal> section of the networkd config.
|
||||
See <citerefentry><refentrytitle>networkd.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
linkOptions = commonNetworkOptions // {
|
||||
# overwrite enable option from above
|
||||
enable = mkOption {
|
||||
@ -1519,6 +1587,39 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
networkdConfig = { config, ... }: {
|
||||
options = {
|
||||
routeTables = mkOption {
|
||||
default = {};
|
||||
example = { foo = 27; };
|
||||
type = with types; attrsOf int;
|
||||
description = ''
|
||||
Defines route table names as an attrset of name to number.
|
||||
See <citerefentry><refentrytitle>networkd.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
addRouteTablesToIPRoute2 = mkOption {
|
||||
default = true;
|
||||
example = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
If true and routeTables are set, then the specified route tables
|
||||
will also be installed into /etc/iproute2/rt_tables.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
networkConfig = optionalAttrs (config.routeTables != { }) {
|
||||
RouteTable = mapAttrsToList
|
||||
(name: number: "${name}:${toString number}")
|
||||
config.routeTables;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
commonMatchText = def: optionalString (def.matchConfig != { }) ''
|
||||
[Match]
|
||||
${attrsToSection def.matchConfig}
|
||||
@ -1600,6 +1701,20 @@ let
|
||||
+ def.extraConfig;
|
||||
};
|
||||
|
||||
renderConfig = def:
|
||||
{ text = ''
|
||||
[Network]
|
||||
${attrsToSection def.networkConfig}
|
||||
''
|
||||
+ optionalString (def.dhcpV4Config != { }) ''
|
||||
[DHCPv4]
|
||||
${attrsToSection def.dhcpV4Config}
|
||||
''
|
||||
+ optionalString (def.dhcpV6Config != { }) ''
|
||||
[DHCPv6]
|
||||
${attrsToSection def.dhcpV6Config}
|
||||
''; };
|
||||
|
||||
networkToUnit = name: def:
|
||||
{ inherit (def) enable;
|
||||
text = commonMatchText def
|
||||
@ -1732,6 +1847,12 @@ in
|
||||
description = "Definition of systemd networks.";
|
||||
};
|
||||
|
||||
systemd.network.config = mkOption {
|
||||
default = {};
|
||||
type = with types; submodule [ { options = networkdOptions; } networkdConfig ];
|
||||
description = "Definition of global systemd network config.";
|
||||
};
|
||||
|
||||
systemd.network.units = mkOption {
|
||||
description = "Definition of networkd units.";
|
||||
default = {};
|
||||
@ -1823,7 +1944,9 @@ in
|
||||
systemd.services.systemd-networkd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
aliases = [ "dbus-org.freedesktop.network1.service" ];
|
||||
restartTriggers = map (x: x.source) (attrValues unitFiles);
|
||||
restartTriggers = map (x: x.source) (attrValues unitFiles) ++ [
|
||||
config.environment.etc."systemd/networkd.conf".source
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.systemd-networkd-wait-online = {
|
||||
@ -1846,6 +1969,17 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."systemd/networkd.conf" = renderConfig cfg.config;
|
||||
|
||||
networking.iproute2 = mkIf (cfg.config.addRouteTablesToIPRoute2 && cfg.config.routeTables != { }) {
|
||||
enable = mkDefault true;
|
||||
rttablesExtraConfig = ''
|
||||
|
||||
# Extra tables defined in NixOS systemd.networkd.config.routeTables.
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: number: "${toString number} ${name}") cfg.config.routeTables)}
|
||||
'';
|
||||
};
|
||||
|
||||
services.resolved.enable = mkDefault true;
|
||||
})
|
||||
];
|
||||
|
@ -5,28 +5,30 @@ systemConfig=@systemConfig@
|
||||
export HOME=/root PATH="@path@"
|
||||
|
||||
|
||||
# Process the kernel command line.
|
||||
for o in $(</proc/cmdline); do
|
||||
case $o in
|
||||
boot.debugtrace)
|
||||
# Show each command.
|
||||
set -x
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then
|
||||
# Process the kernel command line.
|
||||
for o in $(</proc/cmdline); do
|
||||
case $o in
|
||||
boot.debugtrace)
|
||||
# Show each command.
|
||||
set -x
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
# Print a greeting.
|
||||
echo
|
||||
echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
|
||||
echo
|
||||
# Print a greeting.
|
||||
echo
|
||||
echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
|
||||
echo
|
||||
|
||||
|
||||
# Normally, stage 1 mounts the root filesystem read/writable.
|
||||
# However, in some environments, stage 2 is executed directly, and the
|
||||
# root is read-only. So make it writable here.
|
||||
if [ -z "$container" ]; then
|
||||
mount -n -o remount,rw none /
|
||||
# Normally, stage 1 mounts the root filesystem read/writable.
|
||||
# However, in some environments, stage 2 is executed directly, and the
|
||||
# root is read-only. So make it writable here.
|
||||
if [ -z "$container" ]; then
|
||||
mount -n -o remount,rw none /
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -39,6 +41,12 @@ if [ ! -e /proc/1 ]; then
|
||||
local options="$3"
|
||||
local fsType="$4"
|
||||
|
||||
# We must not overwrite this mount because it's bind-mounted
|
||||
# from stage 1's /run
|
||||
if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" = true ] && [ "${mountPoint}" = /run ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
install -m 0755 -d "$mountPoint"
|
||||
mount -n -t "$fsType" -o "$options" "$device" "$mountPoint"
|
||||
}
|
||||
@ -46,7 +54,11 @@ if [ ! -e /proc/1 ]; then
|
||||
fi
|
||||
|
||||
|
||||
echo "booting system configuration $systemConfig" > /dev/kmsg
|
||||
if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" = true ]; then
|
||||
echo "booting system configuration ${systemConfig}"
|
||||
else
|
||||
echo "booting system configuration $systemConfig" > /dev/kmsg
|
||||
fi
|
||||
|
||||
|
||||
# Make /nix/store a read-only bind mount to enforce immutability of
|
||||
@ -68,24 +80,26 @@ if [ -n "@readOnlyStore@" ]; then
|
||||
fi
|
||||
|
||||
|
||||
# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
|
||||
if [ -n "@useHostResolvConf@" ] && [ -e /etc/resolv.conf ]; then
|
||||
resolvconf -m 1000 -a host </etc/resolv.conf
|
||||
fi
|
||||
if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then
|
||||
# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
|
||||
if [ -n "@useHostResolvConf@" ] && [ -e /etc/resolv.conf ]; then
|
||||
resolvconf -m 1000 -a host </etc/resolv.conf
|
||||
fi
|
||||
|
||||
|
||||
# Log the script output to /dev/kmsg or /run/log/stage-2-init.log.
|
||||
# Only at this point are all the necessary prerequisites ready for these commands.
|
||||
exec {logOutFd}>&1 {logErrFd}>&2
|
||||
if test -w /dev/kmsg; then
|
||||
exec > >(tee -i /proc/self/fd/"$logOutFd" | while read -r line; do
|
||||
if test -n "$line"; then
|
||||
echo "<7>stage-2-init: $line" > /dev/kmsg
|
||||
fi
|
||||
done) 2>&1
|
||||
else
|
||||
mkdir -p /run/log
|
||||
exec > >(tee -i /run/log/stage-2-init.log) 2>&1
|
||||
# Log the script output to /dev/kmsg or /run/log/stage-2-init.log.
|
||||
# Only at this point are all the necessary prerequisites ready for these commands.
|
||||
exec {logOutFd}>&1 {logErrFd}>&2
|
||||
if test -w /dev/kmsg; then
|
||||
exec > >(tee -i /proc/self/fd/"$logOutFd" | while read -r line; do
|
||||
if test -n "$line"; then
|
||||
echo "<7>stage-2-init: $line" > /dev/kmsg
|
||||
fi
|
||||
done) 2>&1
|
||||
else
|
||||
mkdir -p /run/log
|
||||
exec > >(tee -i /run/log/stage-2-init.log) 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -116,11 +130,15 @@ ln -sfn "$systemConfig" /run/booted-system
|
||||
: >> /etc/machine-id
|
||||
|
||||
|
||||
# Reset the logging file descriptors.
|
||||
exec 1>&$logOutFd 2>&$logErrFd
|
||||
exec {logOutFd}>&- {logErrFd}>&-
|
||||
# No need to restore the stdout/stderr streams we never redirected and
|
||||
# especially no need to start systemd
|
||||
if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then
|
||||
# Reset the logging file descriptors.
|
||||
exec 1>&$logOutFd 2>&$logErrFd
|
||||
exec {logOutFd}>&- {logErrFd}>&-
|
||||
|
||||
|
||||
# Start systemd in a clean environment.
|
||||
echo "starting systemd..."
|
||||
exec @systemdExecutable@ "$@"
|
||||
# Start systemd in a clean environment.
|
||||
echo "starting systemd..."
|
||||
exec @systemdExecutable@ "$@"
|
||||
fi
|
||||
|
@ -573,14 +573,6 @@ in
|
||||
})
|
||||
(filterAttrs (name: service: service.enable && service.startAt != []) cfg.services);
|
||||
|
||||
# Generate timer units for all services that have a ‘startAt’ value.
|
||||
systemd.user.timers =
|
||||
mapAttrs (name: service:
|
||||
{ wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = service.startAt;
|
||||
})
|
||||
(filterAttrs (name: service: service.startAt != []) cfg.user.services);
|
||||
|
||||
# Some overrides to upstream units.
|
||||
systemd.services."systemd-backlight@".restartIfChanged = false;
|
||||
systemd.services."systemd-fsck@".restartIfChanged = false;
|
||||
|
@ -34,7 +34,6 @@ let
|
||||
"initrd-switch-root.service"
|
||||
"initrd-switch-root.target"
|
||||
"initrd.target"
|
||||
"initrd-udevadm-cleanup-db.service"
|
||||
"kexec.target"
|
||||
"kmod-static-nodes.service"
|
||||
"local-fs-pre.target"
|
||||
@ -71,12 +70,6 @@ let
|
||||
"systemd-sysctl.service"
|
||||
"systemd-tmpfiles-setup-dev.service"
|
||||
"systemd-tmpfiles-setup.service"
|
||||
"systemd-udevd-control.socket"
|
||||
"systemd-udevd-kernel.socket"
|
||||
"systemd-udevd.service"
|
||||
"systemd-udev-settle.service"
|
||||
"systemd-udev-trigger.service"
|
||||
"systemd-vconsole-setup.service"
|
||||
"timers.target"
|
||||
"umount.target"
|
||||
|
||||
@ -125,7 +118,7 @@ let
|
||||
};
|
||||
|
||||
initrdBinEnv = pkgs.buildEnv {
|
||||
name = "initrd-emergency-env";
|
||||
name = "initrd-bin-env";
|
||||
paths = map getBin cfg.initrdBin;
|
||||
pathsToLink = ["/bin" "/sbin"];
|
||||
postBuild = concatStringsSep "\n" (mapAttrsToList (n: v: "ln -s '${v}' $out/bin/'${n}'") cfg.extraBin);
|
||||
@ -355,8 +348,9 @@ in {
|
||||
boot.initrd.availableKernelModules = [ "autofs4" ]; # systemd needs this for some features
|
||||
|
||||
boot.initrd.systemd = {
|
||||
initrdBin = [pkgs.bash pkgs.coreutils pkgs.kmod cfg.package] ++ config.system.fsPackages;
|
||||
initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package] ++ config.system.fsPackages;
|
||||
extraBin = {
|
||||
less = "${pkgs.less}/bin/less";
|
||||
mount = "${cfg.package.util-linux}/bin/mount";
|
||||
umount = "${cfg.package.util-linux}/bin/umount";
|
||||
};
|
||||
@ -367,7 +361,7 @@ in {
|
||||
|
||||
"/etc/systemd/system.conf".text = ''
|
||||
[Manager]
|
||||
DefaultEnvironment=PATH=/bin:/sbin
|
||||
DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"}
|
||||
'';
|
||||
|
||||
"/etc/fstab".source = fstab;
|
||||
@ -384,6 +378,11 @@ in {
|
||||
|
||||
"/etc/sysctl.d/nixos.conf".text = "kernel.modprobe = /sbin/modprobe";
|
||||
"/etc/modprobe.d/systemd.conf".source = "${cfg.package}/lib/modprobe.d/systemd.conf";
|
||||
"/etc/modprobe.d/ubuntu.conf".source = pkgs.runCommand "initrd-kmod-blacklist-ubuntu" { } ''
|
||||
${pkgs.buildPackages.perl}/bin/perl -0pe 's/## file: iwlwifi.conf(.+?)##/##/s;' $src > $out
|
||||
'';
|
||||
"/etc/modprobe.d/debian.conf".source = pkgs.kmod-debian-aliases;
|
||||
|
||||
};
|
||||
|
||||
storePaths = [
|
||||
@ -394,15 +393,15 @@ in {
|
||||
"${cfg.package}/lib/systemd/systemd-journald"
|
||||
"${cfg.package}/lib/systemd/systemd-makefs"
|
||||
"${cfg.package}/lib/systemd/systemd-modules-load"
|
||||
"${cfg.package}/lib/systemd/systemd-random-seed"
|
||||
"${cfg.package}/lib/systemd/systemd-remount-fs"
|
||||
"${cfg.package}/lib/systemd/systemd-shutdown"
|
||||
"${cfg.package}/lib/systemd/systemd-sulogin-shell"
|
||||
"${cfg.package}/lib/systemd/systemd-sysctl"
|
||||
"${cfg.package}/lib/systemd/systemd-udevd"
|
||||
"${cfg.package}/lib/systemd/systemd-vconsole-setup"
|
||||
|
||||
# additional systemd directories
|
||||
"${cfg.package}/lib/systemd/system-generators"
|
||||
"${cfg.package}/lib/udev"
|
||||
|
||||
# utilities needed by systemd
|
||||
"${cfg.package.util-linux}/bin/mount"
|
||||
@ -410,7 +409,7 @@ in {
|
||||
"${cfg.package.util-linux}/bin/sulogin"
|
||||
|
||||
# so NSS can look up usernames
|
||||
"${pkgs.glibc}/lib/libnss_files.so"
|
||||
"${pkgs.glibc}/lib/libnss_files.so.2"
|
||||
] ++ jobScripts;
|
||||
|
||||
targets.initrd.aliases = ["default.target"];
|
||||
@ -428,9 +427,6 @@ in {
|
||||
(v: let n = escapeSystemdPath v.where;
|
||||
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
|
||||
|
||||
services.emergency = mkIf (isBool cfg.emergencyAccess && cfg.emergencyAccess) {
|
||||
environment.SYSTEMD_SULOGIN_FORCE = "1";
|
||||
};
|
||||
# The unit in /run/systemd/generator shadows the unit in
|
||||
# /etc/systemd/system, but will still apply drop-ins from
|
||||
# /etc/systemd/system/foo.service.d/
|
||||
@ -445,6 +441,67 @@ in {
|
||||
'')];
|
||||
services."systemd-makefs@".unitConfig.IgnoreOnIsolate = true;
|
||||
services."systemd-growfs@".unitConfig.IgnoreOnIsolate = true;
|
||||
|
||||
services.initrd-nixos-activation = {
|
||||
after = [ "initrd-fs.target" ];
|
||||
requiredBy = [ "initrd.target" ];
|
||||
unitConfig.AssertPathExists = "/etc/initrd-release";
|
||||
serviceConfig.Type = "oneshot";
|
||||
description = "NixOS Activation";
|
||||
|
||||
script = /* bash */ ''
|
||||
set -uo pipefail
|
||||
export PATH="/bin:${cfg.package.util-linux}/bin"
|
||||
|
||||
# Figure out what closure to boot
|
||||
closure=
|
||||
for o in $(< /proc/cmdline); do
|
||||
case $o in
|
||||
init=*)
|
||||
IFS== read -r -a initParam <<< "$o"
|
||||
closure="$(dirname "''${initParam[1]}")"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Sanity check
|
||||
if [ -z "''${closure:-}" ]; then
|
||||
echo 'No init= parameter on the kernel command line' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# If we are not booting a NixOS closure (e.g. init=/bin/sh),
|
||||
# we don't know what root to prepare so we don't do anything
|
||||
if ! [ -x "/sysroot$closure/prepare-root" ]; then
|
||||
echo "NEW_INIT=''${initParam[1]}" > /etc/switch-root.conf
|
||||
echo "$closure does not look like a NixOS installation - not activating"
|
||||
exit 0
|
||||
fi
|
||||
echo 'NEW_INIT=' > /etc/switch-root.conf
|
||||
|
||||
|
||||
# We need to propagate /run for things like /run/booted-system
|
||||
# and /run/current-system.
|
||||
mkdir -p /sysroot/run
|
||||
mount --bind /run /sysroot/run
|
||||
|
||||
# Initialize the system
|
||||
export IN_NIXOS_SYSTEMD_STAGE1=true
|
||||
exec chroot /sysroot $closure/prepare-root
|
||||
'';
|
||||
};
|
||||
|
||||
# This will either call systemctl with the new init as the last parameter (which
|
||||
# is the case when not booting a NixOS system) or with an empty string, causing
|
||||
# systemd to bypass its verification code that checks whether the next file is a systemd
|
||||
# and using its compiled-in value
|
||||
services.initrd-switch-root.serviceConfig = {
|
||||
EnvironmentFile = "-/etc/switch-root.conf";
|
||||
ExecStart = [
|
||||
""
|
||||
''systemctl --no-block switch-root /sysroot "''${NEW_INIT}"''
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -853,8 +853,12 @@ in
|
||||
(mkIf (pkgs.stdenv.isAarch32 || pkgs.stdenv.isAarch64) [
|
||||
"-device virtio-gpu-pci" "-device usb-ehci,id=usb0" "-device usb-kbd" "-device usb-tablet"
|
||||
])
|
||||
(mkIf (!cfg.useBootLoader) [
|
||||
"-kernel \${NIXPKGS_QEMU_KERNEL_${config.system.name}:-${config.system.build.toplevel}/kernel}"
|
||||
(let
|
||||
alphaNumericChars = lowerChars ++ upperChars ++ (map toString (range 0 9));
|
||||
# Replace all non-alphanumeric characters with underscores
|
||||
sanitizeShellIdent = s: concatMapStrings (c: if builtins.elem c alphaNumericChars then c else "_") (stringToCharacters s);
|
||||
in mkIf (!cfg.useBootLoader) [
|
||||
"-kernel \${NIXPKGS_QEMU_KERNEL_${sanitizeShellIdent config.system.name}:-${config.system.build.toplevel}/kernel}"
|
||||
"-initrd ${config.system.build.toplevel}/initrd"
|
||||
''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"''
|
||||
])
|
||||
|
31
nixos/tests/all-terminfo.nix
Normal file
31
nixos/tests/all-terminfo.nix
Normal file
@ -0,0 +1,31 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: rec {
|
||||
name = "all-terminfo";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ jkarlson ];
|
||||
};
|
||||
|
||||
nodes.machine = { pkgs, config, lib, ... }:
|
||||
let
|
||||
infoFilter = name: drv:
|
||||
let
|
||||
o = builtins.tryEval drv;
|
||||
in
|
||||
o.success && lib.isDerivation o.value && o.value ? outputs && builtins.elem "terminfo" o.value.outputs;
|
||||
terminfos = lib.filterAttrs infoFilter pkgs;
|
||||
excludedTerminfos = lib.filterAttrs (_: drv: !(builtins.elem drv.terminfo config.environment.systemPackages)) terminfos;
|
||||
includedOuts = lib.filterAttrs (_: drv: builtins.elem drv.out config.environment.systemPackages) terminfos;
|
||||
in
|
||||
{
|
||||
environment = {
|
||||
enableAllTerminfo = true;
|
||||
etc."terminfo-missing".text = builtins.concatStringsSep "\n" (builtins.attrNames excludedTerminfos);
|
||||
etc."terminfo-extra-outs".text = builtins.concatStringsSep "\n" (builtins.attrNames includedOuts);
|
||||
};
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
machine.fail("grep . /etc/terminfo-missing >&2")
|
||||
machine.fail("grep . /etc/terminfo-extra-outs >&2")
|
||||
'';
|
||||
})
|
@ -35,6 +35,7 @@ in
|
||||
agate = handleTest ./web-servers/agate.nix {};
|
||||
agda = handleTest ./agda.nix {};
|
||||
airsonic = handleTest ./airsonic.nix {};
|
||||
allTerminfo = handleTest ./all-terminfo.nix {};
|
||||
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
||||
apfs = handleTest ./apfs.nix {};
|
||||
apparmor = handleTest ./apparmor.nix {};
|
||||
@ -362,6 +363,7 @@ in
|
||||
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
|
||||
nginx-sso = handleTest ./nginx-sso.nix {};
|
||||
nginx-variants = handleTest ./nginx-variants.nix {};
|
||||
nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {};
|
||||
nitter = handleTest ./nitter.nix {};
|
||||
nix-ld = handleTest ./nix-ld {};
|
||||
nix-serve = handleTest ./nix-serve.nix {};
|
||||
@ -398,9 +400,10 @@ in
|
||||
pam-file-contents = handleTest ./pam/pam-file-contents.nix {};
|
||||
pam-oath-login = handleTest ./pam/pam-oath-login.nix {};
|
||||
pam-u2f = handleTest ./pam/pam-u2f.nix {};
|
||||
pam-ussh = handleTest ./pam/pam-ussh.nix {};
|
||||
pantalaimon = handleTest ./matrix/pantalaimon.nix {};
|
||||
pantheon = handleTest ./pantheon.nix {};
|
||||
paperless-ng = handleTest ./paperless-ng.nix {};
|
||||
paperless = handleTest ./paperless.nix {};
|
||||
parsedmarc = handleTest ./parsedmarc {};
|
||||
pdns-recursor = handleTest ./pdns-recursor.nix {};
|
||||
peerflix = handleTest ./peerflix.nix {};
|
||||
|
@ -878,7 +878,7 @@ let
|
||||
linkConfig.Name = "custom_name";
|
||||
};
|
||||
}
|
||||
else { services.udev.initrdRules = ''
|
||||
else { boot.initrd.services.udev.rules = ''
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="custom_name"
|
||||
'';
|
||||
});
|
||||
|
70
nixos/tests/pam/pam-ussh.nix
Normal file
70
nixos/tests/pam/pam-ussh.nix
Normal file
@ -0,0 +1,70 @@
|
||||
import ../make-test-python.nix ({ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
testOnlySSHCredentials = pkgs.runCommand "pam-ussh-test-ca" {
|
||||
nativeBuildInputs = [ pkgs.openssh ];
|
||||
} ''
|
||||
mkdir $out
|
||||
ssh-keygen -t ed25519 -N "" -f $out/ca
|
||||
|
||||
ssh-keygen -t ed25519 -N "" -f $out/alice
|
||||
ssh-keygen -s $out/ca -I "alice user key" -n "alice,root" -V 19700101:forever $out/alice.pub
|
||||
|
||||
ssh-keygen -t ed25519 -N "" -f $out/bob
|
||||
ssh-keygen -s $out/ca -I "bob user key" -n "bob" -V 19700101:forever $out/bob.pub
|
||||
'';
|
||||
makeTestScript = user: pkgs.writeShellScript "pam-ussh-${user}-test-script" ''
|
||||
set -euo pipefail
|
||||
|
||||
eval $(${pkgs.openssh}/bin/ssh-agent)
|
||||
|
||||
mkdir -p $HOME/.ssh
|
||||
chmod 700 $HOME/.ssh
|
||||
cp ${testOnlySSHCredentials}/${user}{,.pub,-cert.pub} $HOME/.ssh
|
||||
chmod 600 $HOME/.ssh/${user}
|
||||
chmod 644 $HOME/.ssh/${user}{,-cert}.pub
|
||||
|
||||
set -x
|
||||
|
||||
${pkgs.openssh}/bin/ssh-add $HOME/.ssh/${user}
|
||||
${pkgs.openssh}/bin/ssh-add -l &>2
|
||||
|
||||
exec sudo id -u -n
|
||||
'';
|
||||
in {
|
||||
name = "pam-ussh";
|
||||
meta.maintainers = with lib.maintainers; [ lukegb ];
|
||||
|
||||
machine =
|
||||
{ ... }:
|
||||
{
|
||||
users.users.alice = { isNormalUser = true; extraGroups = [ "wheel" ]; };
|
||||
users.users.bob = { isNormalUser = true; extraGroups = [ "wheel" ]; };
|
||||
|
||||
security.pam.ussh = {
|
||||
enable = true;
|
||||
authorizedPrincipals = "root";
|
||||
caFile = "${testOnlySSHCredentials}/ca.pub";
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
Defaults lecture="never"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
with subtest("alice should be allowed to escalate to root"):
|
||||
machine.succeed(
|
||||
'su -c "${makeTestScript "alice"}" -l alice | grep root'
|
||||
)
|
||||
|
||||
with subtest("bob should not be allowed to escalate to root"):
|
||||
machine.fail(
|
||||
'su -c "${makeTestScript "bob"}" -l bob | grep root'
|
||||
)
|
||||
'';
|
||||
})
|
@ -1,30 +1,32 @@
|
||||
import ./make-test-python.nix ({ lib, ... }: {
|
||||
name = "paperless-ng";
|
||||
name = "paperless";
|
||||
meta.maintainers = with lib.maintainers; [ earvstedt Flakebi ];
|
||||
|
||||
nodes.machine = { pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ imagemagick jq ];
|
||||
services.paperless-ng = {
|
||||
services.paperless = {
|
||||
enable = true;
|
||||
passwordFile = builtins.toFile "password" "admin";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("paperless-ng-consumer.service")
|
||||
import json
|
||||
|
||||
with subtest("Create test doc"):
|
||||
machine.wait_for_unit("paperless-consumer.service")
|
||||
|
||||
with subtest("Add a document via the file system"):
|
||||
machine.succeed(
|
||||
"convert -size 400x40 xc:white -font 'DejaVu-Sans' -pointsize 20 -fill black "
|
||||
"-annotate +5+20 'hello world 16-10-2005' /var/lib/paperless/consume/doc.png"
|
||||
)
|
||||
|
||||
with subtest("Web interface gets ready"):
|
||||
machine.wait_for_unit("paperless-ng-web.service")
|
||||
machine.wait_for_unit("paperless-web.service")
|
||||
# Wait until server accepts connections
|
||||
machine.wait_until_succeeds("curl -fs localhost:28981")
|
||||
|
||||
with subtest("Create web test doc"):
|
||||
with subtest("Add a document via the web interface"):
|
||||
machine.succeed(
|
||||
"convert -size 400x40 xc:white -font 'DejaVu-Sans' -pointsize 20 -fill black "
|
||||
"-annotate +5+20 'hello web 16-10-2005' /tmp/webdoc.png"
|
||||
@ -35,11 +37,8 @@ import ./make-test-python.nix ({ lib, ... }: {
|
||||
machine.wait_until_succeeds(
|
||||
"(($(curl -u admin:admin -fs localhost:28981/api/documents/ | jq .count) == 2))"
|
||||
)
|
||||
assert "2005-10-16" in machine.succeed(
|
||||
"curl -u admin:admin -fs localhost:28981/api/documents/ | jq '.results | .[0] | .created'"
|
||||
)
|
||||
assert "2005-10-16" in machine.succeed(
|
||||
"curl -u admin:admin -fs localhost:28981/api/documents/ | jq '.results | .[1] | .created'"
|
||||
)
|
||||
docs = json.loads(machine.succeed("curl -u admin:admin -fs localhost:28981/api/documents/"))['results']
|
||||
assert "2005-10-16" in docs[0]['created']
|
||||
assert "2005-10-16" in docs[1]['created']
|
||||
'';
|
||||
})
|
@ -14,14 +14,31 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
|
||||
testScript = ''
|
||||
import subprocess
|
||||
|
||||
oldAvail = machine.succeed("df --output=avail / | sed 1d")
|
||||
machine.shutdown()
|
||||
with subtest("handover to stage-2 systemd works"):
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.succeed("systemd-analyze | grep -q '(initrd)'") # direct handover
|
||||
machine.succeed("touch /testfile") # / is writable
|
||||
machine.fail("touch /nix/store/testfile") # /nix/store is not writable
|
||||
# Special filesystems are mounted by systemd
|
||||
machine.succeed("[ -e /run/booted-system ]") # /run
|
||||
machine.succeed("[ -e /sys/class ]") # /sys
|
||||
machine.succeed("[ -e /dev/null ]") # /dev
|
||||
machine.succeed("[ -e /proc/1 ]") # /proc
|
||||
# stage-2-init mounted more special filesystems
|
||||
machine.succeed("[ -e /dev/shm ]") # /dev/shm
|
||||
machine.succeed("[ -e /dev/pts/ptmx ]") # /dev/pts
|
||||
machine.succeed("[ -e /run/keys ]") # /run/keys
|
||||
|
||||
subprocess.check_call(["qemu-img", "resize", "vm-state-machine/machine.qcow2", "+1G"])
|
||||
|
||||
machine.start()
|
||||
newAvail = machine.succeed("df --output=avail / | sed 1d")
|
||||
with subtest("growfs works"):
|
||||
oldAvail = machine.succeed("df --output=avail / | sed 1d")
|
||||
machine.shutdown()
|
||||
|
||||
assert int(oldAvail) < int(newAvail), "File system did not grow"
|
||||
subprocess.check_call(["qemu-img", "resize", "vm-state-machine/machine.qcow2", "+1G"])
|
||||
|
||||
machine.start()
|
||||
newAvail = machine.succeed("df --output=avail / | sed 1d")
|
||||
|
||||
assert int(oldAvail) < int(newAvail), "File system did not grow"
|
||||
'';
|
||||
})
|
||||
|
@ -8,6 +8,9 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
|
||||
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
config = {
|
||||
routeTables.custom = 23;
|
||||
};
|
||||
netdevs = {
|
||||
"90-wg0" = {
|
||||
netdevConfig = { Kind = "wireguard"; Name = "wg0"; };
|
||||
@ -39,6 +42,7 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: {
|
||||
address = [ "10.0.0.${nodeId}/32" ];
|
||||
routes = [
|
||||
{ routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; }
|
||||
{ routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; Table = "custom"; }; }
|
||||
];
|
||||
};
|
||||
"30-eth1" = {
|
||||
@ -87,6 +91,12 @@ testScript = ''
|
||||
node1.wait_for_unit("systemd-networkd-wait-online.service")
|
||||
node2.wait_for_unit("systemd-networkd-wait-online.service")
|
||||
|
||||
# ================================
|
||||
# Networkd Config
|
||||
# ================================
|
||||
node1.succeed("grep RouteTable=custom:23 /etc/systemd/networkd.conf")
|
||||
node1.succeed("sudo ip route show table custom | grep '10.0.0.0/24 via 10.0.0.1 dev wg0 proto static'")
|
||||
|
||||
# ================================
|
||||
# Wireguard
|
||||
# ================================
|
||||
|
30
nixos/tests/web-apps/nifi.nix
Normal file
30
nixos/tests/web-apps/nifi.nix
Normal file
@ -0,0 +1,30 @@
|
||||
import ../make-test-python.nix ({pkgs, ...}:
|
||||
{
|
||||
name = "nifi";
|
||||
meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
|
||||
|
||||
nodes = {
|
||||
nifi = { pkgs, ... }: {
|
||||
virtualisation = {
|
||||
memorySize = 2048;
|
||||
diskSize = 4096;
|
||||
};
|
||||
services.nifi = {
|
||||
enable = true;
|
||||
enableHTTPS = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
nifi.start()
|
||||
|
||||
nifi.wait_for_unit("nifi.service")
|
||||
nifi.wait_for_open_port(8080)
|
||||
|
||||
# Check if NiFi is running
|
||||
nifi.succeed("curl --fail http://127.0.0.1:8080/nifi/login 2> /dev/null | grep 'NiFi Login'")
|
||||
|
||||
nifi.shutdown()
|
||||
'';
|
||||
})
|
@ -1,13 +1,13 @@
|
||||
{ stdenv, lib, fetchFromGitHub, faust2jaqt, faust2lv2 }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "faustPhysicalModeling";
|
||||
version = "2.37.3";
|
||||
version = "2.40.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "grame-cncm";
|
||||
repo = "faust";
|
||||
rev = version;
|
||||
sha256 = "sha256-h6L+qRkN2chnI4821WrjD3uRFw3J0sUYVLL8w57vR1U=";
|
||||
sha256 = "sha256-t3I3j5s2ACHfub+fxxaTwu+5ptEwH0JQpVdmHYOzbCA=";
|
||||
};
|
||||
|
||||
buildInputs = [ faust2jaqt faust2lv2 ];
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "JMusicBot";
|
||||
version = "0.3.6";
|
||||
version = "0.3.8";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/jagrosh/MusicBot/releases/download/${version}/JMusicBot-${version}.jar";
|
||||
sha256 = "sha256-Hc3dsOADC+jVZScY19OYDkHimntMjdw/BoB3EUS/d0k=";
|
||||
sha256 = "sha256-wzmrh9moY6oo3RqOy9Zl1X70BZlvbJkQmz8BaBIFtIM=";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
@ -25,7 +25,7 @@
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "lollypop";
|
||||
version = "1.4.26";
|
||||
version = "1.4.31";
|
||||
|
||||
format = "other";
|
||||
doCheck = false;
|
||||
@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
|
||||
url = "https://gitlab.gnome.org/World/lollypop";
|
||||
rev = "refs/tags/${version}";
|
||||
fetchSubmodules = true;
|
||||
sha256 = "sha256-Q/z9oET06DimMRZl03TgjEeheoVHtIkH+Z69qWZetcI=";
|
||||
sha256 = "sha256-kWqTDhk7QDmN0yr6x8ER5oHkUAkP3i5yOabnNXSHSqA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -11,11 +11,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ocenaudio";
|
||||
version = "3.11.7";
|
||||
version = "3.11.10";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.ocenaudio.com/downloads/index.php/ocenaudio_debian9_64.deb?version=${version}";
|
||||
sha256 = "sha256-fTeDRo7gCM1jXTQGm9MsmKu4KvTGDUogF3VSZWk91RM=";
|
||||
sha256 = "sha256-Ah6Ni5EbFdIQ/wN7uGeMrSP5ybQfI4iy9gI1VT5LztU=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
79
pkgs/applications/audio/odin2/default.nix
Normal file
79
pkgs/applications/audio/odin2/default.nix
Normal file
@ -0,0 +1,79 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, fetchFromGitHub
|
||||
, cmake
|
||||
, pkg-config
|
||||
, alsa-lib
|
||||
, freetype
|
||||
, libjack2
|
||||
, lv2
|
||||
, libX11
|
||||
, libXcursor
|
||||
, libXext
|
||||
, libXinerama
|
||||
, libXrandr
|
||||
, libGL
|
||||
, gcc-unwrapped
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "odin2";
|
||||
version = "unstable-2022-02-23";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "baconpaul";
|
||||
repo = "odin2";
|
||||
rev = "ed02d06cfb5db8a118d291c00bd2e4cd6e262cde";
|
||||
fetchSubmodules = true;
|
||||
sha256 = "sha256-VkZ+mqCmqWQafdN0nQxJdPxbiaZ37/0jOhLvVbnGLvQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
alsa-lib
|
||||
freetype
|
||||
libjack2
|
||||
lv2
|
||||
libX11
|
||||
libXcursor
|
||||
libXext
|
||||
libXinerama
|
||||
libXrandr
|
||||
libGL
|
||||
];
|
||||
|
||||
# JUCE dlopen's these at runtime, crashes without them
|
||||
NIX_LDFLAGS = (toString [
|
||||
"-lX11"
|
||||
"-lXext"
|
||||
"-lXcursor"
|
||||
"-lXinerama"
|
||||
"-lXrandr"
|
||||
]);
|
||||
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_AR=${gcc-unwrapped}/bin/gcc-ar"
|
||||
"-DCMAKE_RANLIB=${gcc-unwrapped}/bin/gcc-ranlib"
|
||||
"-DCMAKE_NM=${gcc-unwrapped}/bin/gcc-nm"
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin $out/lib/vst3
|
||||
cd Odin2_artefacts/Release
|
||||
cp -r VST3/Odin2.vst3 $out/lib/vst3
|
||||
cp -r Standalone/Odin2 $out/bin
|
||||
'';
|
||||
|
||||
|
||||
meta = with lib; {
|
||||
description = "Odin 2 Synthesizer Plugin";
|
||||
homepage = "https://thewavewarden.com/odin2";
|
||||
license = licenses.gpl3;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
maintainers = with maintainers; [ magnetophon ];
|
||||
};
|
||||
}
|
50
pkgs/applications/audio/pipecontrol/default.nix
Normal file
50
pkgs/applications/audio/pipecontrol/default.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, pipewire
|
||||
, cmake
|
||||
, extra-cmake-modules
|
||||
, gnumake
|
||||
, wrapQtAppsHook
|
||||
, qtbase
|
||||
, qttools
|
||||
, kirigami2
|
||||
, kcoreaddons
|
||||
, ki18n
|
||||
, qtquickcontrols2
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pipecontrol";
|
||||
version = "0.2.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "portaloffreedom";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-BeubRDx82MQX1gB7GnGJlQ2FyYX1S83C3gqPZgIjgoM=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
extra-cmake-modules
|
||||
wrapQtAppsHook
|
||||
qttools
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
pipewire
|
||||
qtbase
|
||||
kirigami2
|
||||
kcoreaddons
|
||||
ki18n
|
||||
qtquickcontrols2
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Pipewire control GUI program in Qt (Kirigami2)";
|
||||
homepage = "https://github.com/portaloffreedom/pipecontrol";
|
||||
license = licenses.gpl3Only;
|
||||
maintainers = with maintainers; [ tilcreator ];
|
||||
};
|
||||
}
|
@ -2,12 +2,12 @@
|
||||
|
||||
let
|
||||
pname = "plexamp";
|
||||
version = "4.1.0";
|
||||
version = "4.2.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
||||
name="${pname}-${version}.AppImage";
|
||||
sha512 = "N+WkH6n7MWfRd2rsk/2b/rABL6pcjpKa1iBZSHslIOEc5fYWjGAxjwwTU0RgSaqptS1DyPeCUeWuphWPZJsQgw==";
|
||||
sha512 = "yIdZoKTJJEpUzEqvixQ7JJBxzrtCRov31dGBDOjMiK/oA2q00Xo6XVDvAhYuIn6ocZqK+I5jHfmf4qYaRePDvg==";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
|
||||
meta = with lib; {
|
||||
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
|
||||
homepage = "https://plexamp.com/";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/42";
|
||||
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/43";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ killercup synthetica ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
|
27
pkgs/applications/audio/sonixd/default.nix
Normal file
27
pkgs/applications/audio/sonixd/default.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ lib
|
||||
, fetchurl
|
||||
, appimageTools
|
||||
}:
|
||||
|
||||
appimageTools.wrapType2 rec {
|
||||
pname = "sonixd";
|
||||
version = "0.14.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/jeffvli/sonixd/releases/download/v${version}/Sonixd-${version}-linux-x86_64.AppImage";
|
||||
sha256 = "sha256-q+26Ut5wN9gFDBdqirR+he/ppu/b1wiqq23WkcRAQd4=";
|
||||
};
|
||||
|
||||
extraInstallCommands = ''
|
||||
mv $out/bin/sonixd-${version} $out/bin/sonixd
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Full-featured Subsonic/Jellyfin compatible desktop music player";
|
||||
homepage = "https://github.com/jeffvli/sonixd";
|
||||
license = licenses.gpl3Only;
|
||||
maintainers = with maintainers; [ onny ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
||||
|
@ -3,12 +3,12 @@
|
||||
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "20220107";
|
||||
version = "20220327";
|
||||
pname = "x42-plugins";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
|
||||
sha256 = "sha256-+lzgkRQHe6moid3h6az/iqt2XL5vbyM0BjSTwMBvd3I=";
|
||||
sha256 = "sha256-IhuPqTlCbCxExT5B9Au42RQQl4sDEvz6+HhsuT02KVs=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
|
@ -5,16 +5,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "lightning-loop";
|
||||
version = "0.17.0-beta";
|
||||
version = "0.18.0-beta";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lightninglabs";
|
||||
repo = "loop";
|
||||
rev = "v${version}";
|
||||
sha256 = "0hjawagn1dfgj67i52bvf3phvm9f9708z3jqs6cvyz0w7vp107py";
|
||||
sha256 = "1kg5nlvb4lb3cjn84wcylhq0l73d2n6rg4n1srnxmgs96v41y78f";
|
||||
};
|
||||
|
||||
vendorSha256 = "1fpc73hwdn3baz5ykrykvqdr5861gj9p6liy8qll5525kdv560f6";
|
||||
vendorSha256 = "0q3wbjfaqdj29sjlhx6fhc0p4d12aa31s6ia36jalcvf659ybb0l";
|
||||
|
||||
subPackages = [ "cmd/loop" "cmd/loopd" ];
|
||||
|
||||
|
@ -38,13 +38,13 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cudatext";
|
||||
version = "1.160.0";
|
||||
version = "1.160.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Alexey-T";
|
||||
repo = "CudaText";
|
||||
rev = version;
|
||||
sha256 = "sha256-42V6RFa+mAXyaUuKeDQa9Voi1MjnzcVl+cOA65VabxM=";
|
||||
sha256 = "sha256-moKuiW5kd0jdAk0lBLX8ZWeT/locxGAvM4oOqvMGsr4=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
@ -26,8 +26,8 @@
|
||||
},
|
||||
"EControl": {
|
||||
"owner": "Alexey-T",
|
||||
"rev": "2022.03.28",
|
||||
"sha256": "sha256-jh3lqisiPNMxCapP6O5oJdUL3PLQ3JyomtgWix+bML0="
|
||||
"rev": "2022.04.08",
|
||||
"sha256": "sha256-pPlb8rr5loYVzKw/7R2kogSAosmViwGM3cehVwf4EYY="
|
||||
},
|
||||
"ATSynEdit_Ex": {
|
||||
"owner": "Alexey-T",
|
||||
|
@ -0,0 +1,22 @@
|
||||
{ callPackage
|
||||
, wolfram-engine
|
||||
}:
|
||||
|
||||
# To test:
|
||||
# $(nix-build -E 'with import ./. {}; jupyter.override { definitions = { wolfram = wolfram-for-jupyter-kernel.definition; }; }')/bin/jupyter-notebook
|
||||
let kernel = callPackage ./kernel.nix {};
|
||||
in {
|
||||
definition = {
|
||||
displayName = "Wolfram Language ${wolfram-engine.version}";
|
||||
argv = [
|
||||
"${wolfram-engine}/bin/wolfram"
|
||||
"-script"
|
||||
"${kernel}/share/Wolfram/WolframLanguageForJupyter/Resources/KernelForWolframLanguageForJupyter.wl"
|
||||
"{connection_file}"
|
||||
"ScriptInstall" # suppresses prompt
|
||||
];
|
||||
language = "Wolfram Language";
|
||||
logo32 = "${wolfram-engine}/share/icons/hicolor/32x32/apps/wolfram-wolframlanguage.png";
|
||||
logo64 = "${wolfram-engine}/share/icons/hicolor/64x64/apps/wolfram-wolframlanguage.png";
|
||||
};
|
||||
}
|
32
pkgs/applications/editors/jupyter-kernels/wolfram/kernel.nix
Normal file
32
pkgs/applications/editors/jupyter-kernels/wolfram/kernel.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ stdenv, lib, fetchFromGitHub }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "wolfram-for-jupyter-kernel";
|
||||
version = "0.9.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "WolframResearch";
|
||||
repo = "WolframLanguageForJupyter";
|
||||
rev = "v${version}";
|
||||
sha256 = "19d9dvr0bv7iy0x8mk4f576ha7z7h7id39nyrggwf9cp7gymxf47";
|
||||
};
|
||||
|
||||
dontConfigure = true;
|
||||
|
||||
installPhase = ''
|
||||
patchShebangs ./configure-jupyter.wls
|
||||
mkdir -p $out/share/Wolfram
|
||||
cp -r {WolframLanguageForJupyter,images,extras,LICENSE} $out/share/Wolfram
|
||||
'';
|
||||
|
||||
# no tests
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "A Jupyter kernel for Wolfram Language.";
|
||||
homepage = "https://github.com/WolframResearch/WolframLanguageForJupyter";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ fbeffa ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
@ -21,18 +21,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "lapce";
|
||||
version = "0.0.10";
|
||||
version = "0.0.12";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lapce";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "tOVFm4DFQurFU4DtpPwxXQLbTGCZnrV1FfYKtvkRxRE=";
|
||||
sha256 = "sha256-ZFQjQ5+G0b0Fgg3+du/drt+62rC/TCNR5MIdJXAkTrE=";
|
||||
};
|
||||
|
||||
cargoPatches = [ ./fix-version.patch ];
|
||||
|
||||
cargoSha256 = "BwB3KgmI5XnZ5uHv6f+kGKBzpyxPWcoKvF7qw90eorI=";
|
||||
cargoSha256 = "sha256-sMTootPsenaWzLLFImo6HWC1pcm2uFupPhVWsUJp1Ak=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
|
@ -1,31 +0,0 @@
|
||||
diff --git a/Cargo.lock b/Cargo.lock
|
||||
index bc9a0f8..45a74ad 100644
|
||||
--- a/Cargo.lock
|
||||
+++ b/Cargo.lock
|
||||
@@ -2165,7 +2165,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "lapce"
|
||||
-version = "0.0.9"
|
||||
+version = "0.0.10"
|
||||
dependencies = [
|
||||
"lapce-core",
|
||||
"lapce-proxy",
|
||||
@@ -2173,7 +2173,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "lapce-core"
|
||||
-version = "0.0.9"
|
||||
+version = "0.0.10"
|
||||
dependencies = [
|
||||
"Inflector",
|
||||
"alacritty_terminal 0.15.0",
|
||||
@@ -2233,7 +2233,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "lapce-proxy"
|
||||
-version = "0.0.9"
|
||||
+version = "0.0.10"
|
||||
dependencies = [
|
||||
"alacritty_terminal 0.16.0-rc2",
|
||||
"anyhow",
|
File diff suppressed because it is too large
Load Diff
@ -956,6 +956,7 @@ https://github.com/tpope/vim-vinegar/,,
|
||||
https://github.com/triglav/vim-visual-increment/,,
|
||||
https://github.com/mg979/vim-visual-multi/,,
|
||||
https://github.com/thinca/vim-visualstar/,,
|
||||
https://github.com/ngemily/vim-vp4/,HEAD,
|
||||
https://github.com/hrsh7th/vim-vsnip/,,
|
||||
https://github.com/hrsh7th/vim-vsnip-integ/,,
|
||||
https://github.com/posva/vim-vue/,,
|
||||
|
28
pkgs/applications/emulators/basiliskii/default.nix
Normal file
28
pkgs/applications/emulators/basiliskii/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ stdenv, lib, fetchFromGitHub, autoconf, automake, pkg-config, SDL2, gtk2 }:
|
||||
stdenv.mkDerivation {
|
||||
pname = "basiliskii";
|
||||
version = "unstable-2022-04-05";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "kanjitalk755";
|
||||
repo = "macemu";
|
||||
rev = "d4baa318e49a29d7ea5fc71a637191d6c470546f";
|
||||
sha256 = "jBKTC2fIPJ6mSkMABNxcd2ujXJ+duCXw291iz5ZmiVg=";
|
||||
};
|
||||
sourceRoot = "source/BasiliskII/src/Unix";
|
||||
patches = [ ./remove-redhat-6-workaround-for-scsi-sg.h.patch ];
|
||||
nativeBuildInputs = [ autoconf automake pkg-config ];
|
||||
buildInputs = [ SDL2 gtk2 ];
|
||||
preConfigure = ''
|
||||
NO_CONFIGURE=1 ./autogen.sh
|
||||
'';
|
||||
configureFlags = [ "--enable-sdl-video" "--enable-sdl-audio" "--with-bincue" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "68k Macintosh emulator";
|
||||
homepage = "https://basilisk.cebix.net/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ quag ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
@ -0,0 +1,10 @@
|
||||
diff --git a/Linux/scsi_linux.cpp b/Linux/scsi_linux.cpp
|
||||
--- a/Linux/scsi_linux.cpp
|
||||
+++ b/Linux/scsi_linux.cpp
|
||||
@@ -22,5 +22,5 @@
|
||||
#include <sys/ioctl.h>
|
||||
#include <linux/param.h>
|
||||
-#include <linux/../scsi/sg.h> // workaround for broken RedHat 6.0 /usr/include/scsi
|
||||
+#include <scsi/sg.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
@ -15,13 +15,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "flycast";
|
||||
version = "1.2";
|
||||
version = "1.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "flyinghead";
|
||||
repo = "flycast";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-MzHAGK++oukIs84OR/l6gBwCJssdi8Iyte5Rtro2+Q0=";
|
||||
sha256 = "sha256-FAHm8Fu/yv2rJvWCY+g50TYH4zOT6rO7F+jTL2T6EOU=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -45,13 +45,13 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "imagemagick";
|
||||
version = "7.1.0-26";
|
||||
version = "7.1.0-29";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ImageMagick";
|
||||
repo = "ImageMagick";
|
||||
rev = version;
|
||||
hash = "sha256-q1CL64cfyb5fN9aVYJfls+v0XRFd4jH+B8n+UJqPE1I=";
|
||||
hash = "sha256-46fJMOIGnK5aNIcG7+8mJdZDcSFyFmhmkLcuVlnupSU=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big
|
||||
@ -64,9 +64,7 @@ stdenv.mkDerivation rec {
|
||||
++ (if arch != null then [ "--with-gcc-arch=${arch}" ] else [ "--without-gcc-arch" ])
|
||||
++ lib.optional (librsvg != null) "--with-rsvg"
|
||||
++ lib.optional (liblqr1 != null) "--with-lqr"
|
||||
# libjxl is broken on aarch64 (see meta.broken in libjxl) for now,
|
||||
# let's disable it for now to unbreak the imagemagick build.
|
||||
++ lib.optional (libjxl != null && !stdenv.isAarch64) "--with-jxl"
|
||||
++ lib.optional (libjxl != null ) "--with-jxl"
|
||||
++ lib.optionals (ghostscript != null)
|
||||
[
|
||||
"--with-gs-font-dir=${ghostscript}/share/ghostscript/fonts"
|
||||
@ -92,11 +90,8 @@ stdenv.mkDerivation rec {
|
||||
libxml2
|
||||
libheif
|
||||
djvulibre
|
||||
libjxl
|
||||
]
|
||||
# libjxl is broken on aarch64 (see meta.broken in libjxl) for now,
|
||||
# let's disable it for now to unbreak the imagemagick build.
|
||||
++ lib.optionals (!stdenv.isAarch64)
|
||||
[ libjxl ]
|
||||
++ lib.optionals (!stdenv.hostPlatform.isMinGW)
|
||||
[ openexr librsvg openjpeg ]
|
||||
++ lib.optionals stdenv.isDarwin [
|
||||
|
@ -1,13 +1,16 @@
|
||||
{ lib
|
||||
, mkDerivation
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, cmake
|
||||
, dxflib
|
||||
, boost
|
||||
, cgal_5
|
||||
, eigen
|
||||
, flann
|
||||
, gdal
|
||||
, gmp
|
||||
, LASzip
|
||||
, libLAS
|
||||
, mpfr
|
||||
, pdal
|
||||
, pcl
|
||||
, qtbase
|
||||
@ -15,36 +18,43 @@
|
||||
, qttools
|
||||
, tbb
|
||||
, xercesc
|
||||
, wrapGAppsHook
|
||||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "cloudcompare";
|
||||
# Released version(v2.11.3) doesn't work with packaged PCL.
|
||||
version = "unstable-2021-10-14";
|
||||
version = "2.12.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "CloudCompare";
|
||||
repo = "CloudCompare";
|
||||
rev = "1f65ba63756e23291ae91ff52d04da468ade8249";
|
||||
sha256 = "x1bDjFjXIl3r+yo1soWvRB+4KGP50/WBoGlrH013JQo=";
|
||||
# As of writing includes (https://github.com/CloudCompare/CloudCompare/blob/a1c589c006fc325e8b560c77340809b9c7e7247a/.gitmodules):
|
||||
# * libE57Format
|
||||
# * PoissonRecon
|
||||
# * CCCoreLib
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-hu3ckVocExi9lvxelHAwKb/MZacH4CcCE+vIzElgP/A=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
patches = [
|
||||
# fix issues compiling on aarch64. remove once upgraded past 2.12.0
|
||||
(fetchpatch {
|
||||
url = "https://github.com/CloudCompare/CloudCompare/commit/7e71861fdbd6ea704add5ba69343f47d8fc3d5ae.patch";
|
||||
sha256 = "sha256-CRUPjxtKUbsqOyYsjKF+dRZ+E3rqrv5mS3ZaOay2wk8=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
eigen # header-only
|
||||
wrapGAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
dxflib
|
||||
boost
|
||||
cgal_5
|
||||
flann
|
||||
gdal
|
||||
gmp
|
||||
LASzip
|
||||
libLAS
|
||||
mpfr
|
||||
pdal
|
||||
pcl
|
||||
qtbase
|
||||
@ -72,9 +82,32 @@ mkDerivation rec {
|
||||
"-DPLUGIN_IO_QPHOTOSCAN=ON"
|
||||
"-DPLUGIN_IO_QRDB=OFF" # Riegl rdblib is proprietary; not packaged in nixpkgs
|
||||
|
||||
"-DCCCORELIB_USE_CGAL=ON" # enables Delauney triangulation support
|
||||
"-DPLUGIN_STANDARD_QPCL=ON" # Adds PCD import and export support
|
||||
"-DPLUGIN_STANDARD_QANIMATION=ON"
|
||||
"-DPLUGIN_STANDARD_QBROOM=ON"
|
||||
"-DPLUGIN_STANDARD_QCANUPO=ON"
|
||||
"-DPLUGIN_STANDARD_QCOMPASS=ON"
|
||||
"-DPLUGIN_STANDARD_QCSF=ON"
|
||||
"-DPLUGIN_STANDARD_QFACETS=ON"
|
||||
"-DPLUGIN_STANDARD_QHOUGH_NORMALS=ON"
|
||||
"-DEIGEN_ROOT_DIR=${eigen}/include/eigen3" # needed for hough normals
|
||||
"-DPLUGIN_STANDARD_QHPR=ON"
|
||||
"-DPLUGIN_STANDARD_QM3C2=ON"
|
||||
"-DPLUGIN_STANDARD_QMPLANE=ON"
|
||||
"-DPLUGIN_STANDARD_QPOISSON_RECON=ON"
|
||||
"-DPLUGIN_STANDARD_QRANSAC_SD=ON"
|
||||
"-DPLUGIN_STANDARD_QSRA=ON"
|
||||
"-DPLUGIN_STANDARD_QCLOUDLAYERS=ON"
|
||||
];
|
||||
|
||||
dontWrapGApps = true;
|
||||
|
||||
# fix file dialogs crashing on non-NixOS (and avoid double wrapping)
|
||||
preFixup = ''
|
||||
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "3D point cloud and mesh processing software";
|
||||
homepage = "https://cloudcompare.org";
|
||||
|
@ -11,11 +11,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "drawio";
|
||||
version = "17.2.4";
|
||||
version = "17.4.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/jgraph/drawio-desktop/releases/download/v${version}/drawio-x86_64-${version}.rpm";
|
||||
sha256 = "sha256-dKl7DxNneoQEL+QhZmpfQCd15RoeDRnkZt3sv8t2KM4=";
|
||||
sha256 = "294f99d9060bc394490b20d2ddab75ed5c0166d7960850f065eb8897ef31a2e3";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "geeqie";
|
||||
version = "1.7.2";
|
||||
version = "1.7.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BestImageViewer";
|
||||
repo = "geeqie";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-Abr7trlms6bxOAqE6xNKRv51TBGNilNdBhUZUg7OTKY=";
|
||||
sha256 = "sha256-O+yz/uNxueR+naEJG8EZ+k/JutRjJ5wwbB9DYb8YNLw=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
95
pkgs/applications/graphics/unigine-tropics/default.nix
Normal file
95
pkgs/applications/graphics/unigine-tropics/default.nix
Normal file
@ -0,0 +1,95 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, makeWrapper
|
||||
, autoPatchelfHook
|
||||
, libX11
|
||||
, libXext
|
||||
, libXrandr
|
||||
, libXinerama
|
||||
, libglvnd
|
||||
, openal
|
||||
, glibc
|
||||
, makeDesktopItem
|
||||
, copyDesktopItems
|
||||
, imagemagick
|
||||
}:
|
||||
let
|
||||
version = "1.3";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
pname = "unigine-tropics";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://m12-assets.unigine.com/d/Unigine_Tropics-${version}.run";
|
||||
sha256 = "0icasdp46fjnic7gk83pknjx0gpap9j202dm0llcfg5zin5kbq7x";
|
||||
};
|
||||
|
||||
libPath = lib.makeLibraryPath [
|
||||
libglvnd
|
||||
openal
|
||||
glibc
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
bash $src --target $name
|
||||
|
||||
install -D -m 0755 $name/bin/libUnigine_x86.so $out/lib/unigine/tropics/bin/libUnigine_x86.so
|
||||
install -D -m 0755 $name/bin/Tropics $out/lib/unigine/tropics/bin/Tropics
|
||||
install -D -m 0755 $name/1024x768_windowed.sh $out/bin/Tropics
|
||||
|
||||
cp -R $name/data $out/lib/unigine/tropics
|
||||
|
||||
wrapProgram $out/bin/Tropics \
|
||||
--prefix LD_LIBRARY_PATH : $libPath:$out/lib/unigine/tropics/bin \
|
||||
--run "cd $out/lib/unigine/tropics"
|
||||
|
||||
convert -size 256x256 xc:Transparent -fill gradient:'dodgerblue-white' -stroke Transparent -draw "roundrectangle 0,0 256,256 50,50" $name/icon.png
|
||||
convert $name/icon.png -fill white -stroke white -draw "polygon 69.2564,84.1261 117.9,84.1261 117.9,206.56 138.1,206.56 138.1,84.1261 186.744,84.1261 186.744,65.9877 69.2564,65.9877 69.2564,84.1261" $name/icon.png
|
||||
|
||||
for RES in 16 24 32 48 64 128 256
|
||||
do
|
||||
mkdir -p $out/share/icons/hicolor/"$RES"x"$RES"/apps
|
||||
convert $name/icon.png -resize "$RES"x"$RES" $out/share/icons/hicolor/"$RES"x"$RES"/apps/Tropics.png
|
||||
done
|
||||
convert $name/icon.png -resize 128x128 $out/share/icons/Tropics.png
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
desktopItems = [
|
||||
(makeDesktopItem {
|
||||
name = "Tropics";
|
||||
exec = "Tropics";
|
||||
genericName = "A GPU Stress test tool from the UNIGINE";
|
||||
icon = "Tropics";
|
||||
desktopName = "Tropics Benchmark";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoPatchelfHook
|
||||
makeWrapper
|
||||
imagemagick
|
||||
copyDesktopItems
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
stdenv.cc.cc
|
||||
libX11
|
||||
libXext
|
||||
libXrandr
|
||||
libXinerama
|
||||
];
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
meta = {
|
||||
description = "The Unigine Heaven GPU benchmarking tool";
|
||||
homepage = "https://benchmark.unigine.com/tropics";
|
||||
license = lib.licenses.unfree;
|
||||
maintainers = [ lib.maintainers.BarinovMaxim ];
|
||||
platforms = [ "x86_64-linux" "i686-linux" ];
|
||||
};
|
||||
}
|
@ -11,6 +11,7 @@
|
||||
|
||||
buildDotnetModule rec {
|
||||
pname = "archisteamfarm";
|
||||
# nixpkgs-update: no auto update
|
||||
version = "5.2.2.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
|
@ -2,18 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "charm";
|
||||
version = "0.10.3";
|
||||
version = "0.11.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "charmbracelet";
|
||||
repo = "charm";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-7WdSIpmpN8Zz2k5PveYZoCueQo5sLxLLZvZdzxRlkaE=";
|
||||
sha256 = "sha256-98TUiFy4X7lMUostkgZikk6r6wzBPF0pqWthrS9nU+U=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-5cqZxh2uvmJV7DtAGzQwt//heF3kF9mjyB0KAs8nWZY=";
|
||||
|
||||
doCheck = false;
|
||||
vendorSha256 = "sha256-enkt7BUAntbB75LR12NB0vW6z9dTPzk0bGdRrn3JHm4=";
|
||||
|
||||
ldflags = [ "-s" "-w" "-X=main.Version=${version}" ];
|
||||
|
||||
|
@ -9,7 +9,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
version = "4.1.5";
|
||||
version = "4.2.0";
|
||||
|
||||
libsecp256k1_name =
|
||||
if stdenv.isLinux then "libsecp256k1.so.0"
|
||||
@ -20,19 +20,6 @@ let
|
||||
if stdenv.isLinux then "libzbar.so.0"
|
||||
else "libzbar${stdenv.hostPlatform.extensions.sharedLibrary}";
|
||||
|
||||
py = python3.override {
|
||||
packageOverrides = self: super: {
|
||||
|
||||
aiorpcx = super.aiorpcx.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.18.7";
|
||||
src = oldAttrs.src.override {
|
||||
inherit version;
|
||||
sha256 = "1rswrspv27x33xa5bnhrkjqzhv0sknv5kd7pl1vidw9d2z4rx2l0";
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
python3.pkgs.buildPythonApplication {
|
||||
@ -43,17 +30,12 @@ python3.pkgs.buildPythonApplication {
|
||||
owner = "Groestlcoin";
|
||||
repo = "electrum-grs";
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "0wvbjj80r1zxpz24adkicxsdjnv3nciga6rl1wfmky463w03rca2";
|
||||
sha256 = "15n6snrs1kgdqkhp4wgs0bxxdz6mzl8dvf8h7s0jzc6r4b74vv3n";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace contrib/requirements/requirements.txt \
|
||||
--replace "dnspython>=2.0,<2.1" "dnspython>=2.0"
|
||||
'';
|
||||
|
||||
nativeBuildInputs = lib.optionals enableQt [ wrapQtAppsHook ];
|
||||
|
||||
propagatedBuildInputs = with py.pkgs; [
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
aiohttp
|
||||
aiohttp-socks
|
||||
aiorpcx
|
||||
|
@ -2,10 +2,10 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gremlin-console";
|
||||
version = "3.5.2";
|
||||
version = "3.5.3";
|
||||
src = fetchzip {
|
||||
url = "https://downloads.apache.org/tinkerpop/${version}/apache-tinkerpop-gremlin-console-${version}-bin.zip";
|
||||
sha256 = "sha256-PCr8lDQzypgozKCzD8FV4X4ls5lYZRMey1vfcFzo+Uc=";
|
||||
sha256 = "sha256-pcxJYK+hBFlJ8CmuHGcI+U3x3nE/f9Nu37Nkd3C2Hy8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
{ lib, buildGoModule, fetchFromGitHub, kubectl, stdenv }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "gsctl";
|
||||
@ -13,10 +13,16 @@ buildGoModule rec {
|
||||
|
||||
vendorSha256 = "sha256-NeRABlKUpD2ZHRid/vu34Dh9uHZ+7IXWFPX8jkexUog=";
|
||||
|
||||
ldflags =
|
||||
[ "-s" "-w" "-X github.com/giantswarm/gsctl/buildinfo.Version=${version}" ];
|
||||
ldflags = [
|
||||
"-s" "-w"
|
||||
"-X github.com/giantswarm/gsctl/buildinfo.Version=${version}"
|
||||
];
|
||||
|
||||
doCheck = false;
|
||||
checkInputs = [
|
||||
kubectl
|
||||
];
|
||||
|
||||
doCheck = !stdenv.isDarwin;
|
||||
|
||||
meta = with lib; {
|
||||
description = "The Giant Swarm command line interface";
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "hugo";
|
||||
version = "0.92.2";
|
||||
version = "0.96.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "gohugoio";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-kwqN/9H/ZI2eL09K/9bOMBWW9bow8LtKpbfxyfxIucA=";
|
||||
sha256 = "sha256-3O+ZdOloh5gILPQssztt7s/MwRgDOnpJItwLn7FXnPU=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-7dJUl0IxsLj0ds2jqtChNCQEBiK9PahG159IhyFxwdM=";
|
||||
vendorSha256 = "sha256-TgE/ToHBg2QBgtk0gPZTV/icIbQN14RpVAbL/8b+W0U=";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
@ -27,9 +27,9 @@ buildGoModule rec {
|
||||
$out/bin/hugo gen man
|
||||
installManPage man/*
|
||||
installShellCompletion --cmd hugo \
|
||||
--bash <($out/bin/hugo gen autocomplete --type=bash) \
|
||||
--fish <($out/bin/hugo gen autocomplete --type=fish) \
|
||||
--zsh <($out/bin/hugo gen autocomplete --type=zsh)
|
||||
--bash <($out/bin/hugo completion bash) \
|
||||
--fish <($out/bin/hugo completion fish) \
|
||||
--zsh <($out/bin/hugo completion zsh)
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -15,13 +15,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "otpclient";
|
||||
version = "2.4.9.1";
|
||||
version = "2.5.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "paolostivanin";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-QcdPyuwbGK12Kul+gGTfRGmXfghr0qugpBEcrgATOT4=";
|
||||
sha256 = "sha256-VUrLbGaDfPE+Ak20ZCJDmO/sgBzdf4S+SqvyQ7F6SQU=";
|
||||
};
|
||||
|
||||
buildInputs = [ gtk3 jansson libgcrypt libzip libpng libcotp zbar ];
|
||||
|
56
pkgs/applications/misc/sioyek/default.nix
Normal file
56
pkgs/applications/misc/sioyek/default.nix
Normal file
@ -0,0 +1,56 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, installShellFiles
|
||||
, fetchFromGitHub
|
||||
, gumbo
|
||||
, harfbuzz
|
||||
, jbig2dec
|
||||
, mupdf
|
||||
, openjpeg
|
||||
, qt3d
|
||||
, qtbase
|
||||
, qmake
|
||||
, wrapQtAppsHook
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sioyek";
|
||||
version = "1.2.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ahrm";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-G4iZi6xTJjWZN0T3lO0jPquxJ3p8Mc0ewmjJEKcGJ34=";
|
||||
};
|
||||
|
||||
buildInputs = [ gumbo harfbuzz jbig2dec mupdf openjpeg qt3d qtbase ];
|
||||
|
||||
nativeBuildInputs = [ installShellFiles wrapQtAppsHook qmake ];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pdf_viewer_build_config.pro \
|
||||
--replace "-lmupdf-threads" "-lfreetype -lgumbo -ljbig2dec -lopenjp2 -ljpeg"
|
||||
substituteInPlace pdf_viewer/main.cpp \
|
||||
--replace "/usr/share/sioyek" "$out/share" \
|
||||
--replace "/etc/sioyek" "$out/etc"
|
||||
'';
|
||||
|
||||
qmakeFlags = "DEFINES+=\"LINUX_STANDARD_PATHS\" pdf_viewer_build_config.pro";
|
||||
|
||||
postInstall = ''
|
||||
install -Dm644 tutorial.pdf $out/share/tutorial.pdf
|
||||
cp -r pdf_viewer/shaders $out/share/
|
||||
install -Dm644 -t $out/etc/ pdf_viewer/{keys,prefs}.config
|
||||
installManPage resources/sioyek.1
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Sioyek is a PDF viewer designed for reading research papers and technical books.";
|
||||
homepage = "https://sioyek.info/";
|
||||
changelog = "https://github.com/ahrm/sioyek/releases";
|
||||
license = licenses.gpl3Only;
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.podocarp ];
|
||||
};
|
||||
}
|
@ -2,14 +2,14 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "toipe";
|
||||
version = "0.3.1";
|
||||
version = "0.4.0";
|
||||
|
||||
src = fetchCrate {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-/vO5ABMldw3soh7mscjhN5TAZOcs+iMTaMxcdMmV0Xo=";
|
||||
sha256 = "sha256-lAvFCvNm55SjRmrhIkMBiM0nSlAG+jUEKLlLaGs1RkY=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-AsRQ8kvDy1cH4/kaFAoU7en3dzDiG1T+O+4r6PKa0hM=";
|
||||
cargoSha256 = "sha256-WmWH/x69H17uHQEB0+GRUtApJnSEkoeFLLweP8NoBrk=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "Trusty terminal typing tester";
|
||||
|
@ -4,13 +4,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "xmrig";
|
||||
version = "6.16.4";
|
||||
version = "6.17.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "xmrig";
|
||||
repo = "xmrig";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-hfdKhTUGoVN4DIURO+e3MOSpsL6GWxOV3LItd0nA51Y=";
|
||||
sha256 = "sha256-K8mN3Wzlay2Qgoo70mu3Bh4lXUXNDpXYt17aNnwWkIc=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
@ -10,11 +10,11 @@
|
||||
# Based on https://gist.github.com/msteen/96cb7df66a359b827497c5269ccbbf94 and joplin-desktop nixpkgs.
|
||||
let
|
||||
pname = "zettlr";
|
||||
version = "2.2.4";
|
||||
version = "2.2.5";
|
||||
name = "${pname}-${version}";
|
||||
src = fetchurl {
|
||||
url = "https://github.com/Zettlr/Zettlr/releases/download/v${version}/Zettlr-${version}-x86_64.appimage";
|
||||
sha256 = "sha256-lzXciToyUsHl8WV0IvdP6R2pYegL7/G04YPLb6gbCgQ=";
|
||||
sha256 = "sha256-KP3lt0CweT1f/BR3IpnjwCqNvhFbrpz9KLg6K8OMs+I=";
|
||||
};
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
inherit name src;
|
||||
|
@ -87,11 +87,11 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "appgate-sdp";
|
||||
version = "5.5.3";
|
||||
version = "5.5.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb";
|
||||
sha256 = "sha256-qSo4JX/Jj+JkeetZIMw88MK7SzOgT8aNbQby2kJ91oo=";
|
||||
sha256 = "sha256-7qfgUYD7uPb+ZEierREVfnHoGz0/b/J+hcsX/duDFWU=";
|
||||
};
|
||||
|
||||
# just patch interpreter
|
||||
|
@ -37,6 +37,7 @@
|
||||
, pango
|
||||
, pipewire
|
||||
, udev
|
||||
, wayland
|
||||
, xorg
|
||||
, zlib
|
||||
, xdg-utils
|
||||
@ -82,6 +83,7 @@ rpath = lib.makeLibraryPath [
|
||||
pango
|
||||
pipewire
|
||||
udev
|
||||
wayland
|
||||
xdg-utils
|
||||
xorg.libxcb
|
||||
zlib
|
||||
@ -160,6 +162,7 @@ stdenv.mkDerivation rec {
|
||||
preFixup = ''
|
||||
# Add command line args to wrapGApp.
|
||||
gappsWrapperArgs+=(--add-flags ${lib.escapeShellArg commandLineArgs})
|
||||
gappsWrapperArgs+=(--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}")
|
||||
'';
|
||||
|
||||
installCheckPhase = ''
|
||||
|
@ -38,9 +38,9 @@ for entry in feed.entries:
|
||||
else:
|
||||
print('chromium: TODO -> ' + version + '\n')
|
||||
print(url)
|
||||
if fixes := re.search(r'This update includes .+ security fixes\.', content).group(0):
|
||||
zero_days = re.search(r'Google is aware( of reports)? th(e|at) .+ in the wild\.', content)
|
||||
if zero_days:
|
||||
if fixes := re.search(r'This update includes .+ security fix(es)?\.', content):
|
||||
fixes = fixes.group(0)
|
||||
if zero_days := re.search(r'Google is aware( of reports)? th(e|at) .+ in the wild\.', content):
|
||||
fixes += " " + zero_days.group(0)
|
||||
print('\n' + '\n'.join(textwrap.wrap(fixes, width=72)))
|
||||
if cve_list := re.findall(r'CVE-[^: ]+', content):
|
||||
|
@ -1,8 +1,8 @@
|
||||
{
|
||||
"stable": {
|
||||
"version": "100.0.4896.75",
|
||||
"sha256": "1h60l1g340gvm4lz2lps6dqpvahpzn24hz47y2qvc6mavx9d6ki4",
|
||||
"sha256bin64": "0nrrkgwcnqg4l8x1nk1rdxnv9xa0c24ync1yls7s9rc34wkk8sc5",
|
||||
"version": "100.0.4896.88",
|
||||
"sha256": "0l628x41krsjgzff9996k5wkbcvcjqf4128z32hpj1pkg23719f5",
|
||||
"sha256bin64": "1wqzs3f70ayi9vy3ncm5mild22xvhwn4d2lcfra31wwnzxi1nqxm",
|
||||
"deps": {
|
||||
"gn": {
|
||||
"version": "2022-01-21",
|
||||
@ -19,9 +19,9 @@
|
||||
}
|
||||
},
|
||||
"beta": {
|
||||
"version": "101.0.4951.15",
|
||||
"sha256": "1gm70mz6gzildh1g082q4dg5q9namm9kvxfj5qrdcj67gvz5m66y",
|
||||
"sha256bin64": "0z2rx7mw9wg5ly8wmxkflk8f9gifq4cxqvi224v9dr11qqj8gwm2",
|
||||
"version": "101.0.4951.26",
|
||||
"sha256": "1wpdi5l0bic0z9ydvx5vj35z6fh21b3n8dsxyvcbm0rq4fca5zcg",
|
||||
"sha256bin64": "13mx2jxq5pjzp6dxvnzkfs83krhvpbw0pim7z4c7hhyphjc4fhzr",
|
||||
"deps": {
|
||||
"gn": {
|
||||
"version": "2022-03-14",
|
||||
@ -32,22 +32,22 @@
|
||||
}
|
||||
},
|
||||
"dev": {
|
||||
"version": "102.0.4972.0",
|
||||
"sha256": "1aihdym7h8sd52wiybnrgjrd618f3yby4bpbkc26xyrl8gviz31d",
|
||||
"sha256bin64": "0mb67cfr397aclkiy0v9xqga07c166qdylq257k2kmhj7df1gcvn",
|
||||
"version": "102.0.4997.0",
|
||||
"sha256": "05y9b426wcarq18faw5i79qrfqy158dinvba5d7lwrcjnbqyfr1f",
|
||||
"sha256bin64": "0846y3dbs7vghrb8s2s57a2lk7a0x2dha5q0d915qrn29g5x9c6p",
|
||||
"deps": {
|
||||
"gn": {
|
||||
"version": "2022-03-29",
|
||||
"version": "2022-04-07",
|
||||
"url": "https://gn.googlesource.com/gn",
|
||||
"rev": "e39d5251c25155b9dfdb96adeab31b795095fd3b",
|
||||
"sha256": "1clr0f847rmwwpmsl9zv4q6rw1shn09my775666v480szpahj9pk"
|
||||
"rev": "ae110f8b525009255ba1f9ae96982176d3bfad3d",
|
||||
"sha256": "131y1v2m59hn7s00zc9p7rhfi956p744mp96g2i80f0i020dyl6w"
|
||||
}
|
||||
}
|
||||
},
|
||||
"ungoogled-chromium": {
|
||||
"version": "100.0.4896.75",
|
||||
"sha256": "1h60l1g340gvm4lz2lps6dqpvahpzn24hz47y2qvc6mavx9d6ki4",
|
||||
"sha256bin64": "0nrrkgwcnqg4l8x1nk1rdxnv9xa0c24ync1yls7s9rc34wkk8sc5",
|
||||
"version": "100.0.4896.88",
|
||||
"sha256": "0l628x41krsjgzff9996k5wkbcvcjqf4128z32hpj1pkg23719f5",
|
||||
"sha256bin64": "1wqzs3f70ayi9vy3ncm5mild22xvhwn4d2lcfra31wwnzxi1nqxm",
|
||||
"deps": {
|
||||
"gn": {
|
||||
"version": "2022-01-21",
|
||||
@ -56,8 +56,8 @@
|
||||
"sha256": "1dzdvcn2r5c9giknvasf3y5y4901kav7igivjvrpww66ywsj8fzr"
|
||||
},
|
||||
"ungoogled-patches": {
|
||||
"rev": "100.0.4896.75-1",
|
||||
"sha256": "0s31dclgk3x9302wr5yij77361bqam2sfki39p651gwysfizb73n"
|
||||
"rev": "100.0.4896.88-1",
|
||||
"sha256": "0f0c5mrjvk6lg59p4x6lg2az4f83y7zzikv5hlmqzpgydivk7c13"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -7,10 +7,10 @@ in
|
||||
rec {
|
||||
firefox = common rec {
|
||||
pname = "firefox";
|
||||
version = "99.0";
|
||||
version = "99.0.1";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
|
||||
sha512 = "08f6d5a668140c4275aba6df463ed3af596043dfe5f27573583afbc1e9f6b27ebca79a52ce2c9598261c631b400b5378744e9e70f51ef9c4098b419e9904aa7c";
|
||||
sha512 = "0006b773ef1057a6e0b959d4f39849ad4a79272b38d565da98062b9aaf0effd2b729349c1f9fa10fccf7d2462d2c536b02c167ae6ad4556d6e519c6d22c25a7f";
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
@ -46,12 +46,12 @@ assert with lib.strings; (
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "palemoon";
|
||||
version = "29.4.5.1";
|
||||
version = "29.4.6";
|
||||
|
||||
src = fetchzip {
|
||||
name = "${pname}-${version}";
|
||||
url = "http://archive.palemoon.org/source/${pname}-${version}.source.tar.xz";
|
||||
sha256 = "sha256-IC7E88dECAz2diVLEEdjMltpNMBhPTlPvbz05BniBMI=";
|
||||
sha256 = "sha256-6bI3AnIhp0x3BCgTvmbOXDBGrJXg3cN+AmwI8XCKD8g=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -1,10 +1,12 @@
|
||||
{ stdenv, lib, fetchurl, fetchzip, python3
|
||||
, mkDerivationWith, wrapQtAppsHook, wrapGAppsHook, qtbase, qtwebengine, glib-networking
|
||||
, asciidoc, docbook_xml_dtd_45, docbook_xsl, libxml2, pipewire_0_2
|
||||
, asciidoc, docbook_xml_dtd_45, docbook_xsl, libxml2
|
||||
, libxslt, gst_all_1 ? null
|
||||
, withPdfReader ? true
|
||||
, withMediaPlayback ? true
|
||||
, backend ? "webengine"
|
||||
, pipewireSupport ? stdenv.isLinux
|
||||
, pipewire_0_2
|
||||
}:
|
||||
|
||||
assert withMediaPlayback -> gst_all_1 != null;
|
||||
@ -77,7 +79,7 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
|
||||
postPatch = ''
|
||||
substituteInPlace qutebrowser/misc/quitter.py --subst-var-by qutebrowser "$out/bin/qutebrowser"
|
||||
|
||||
sed -i "s,/usr/share/,$out/share/,g" qutebrowser/utils/standarddir.py
|
||||
sed -i "s,/usr,$out,g" qutebrowser/utils/standarddir.py
|
||||
'' + lib.optionalString withPdfReader ''
|
||||
sed -i "s,/usr/share/pdf.js,${pdfjs},g" qutebrowser/browser/pdfjs.py
|
||||
'';
|
||||
@ -121,7 +123,7 @@ in mkDerivationWith python3Packages.buildPythonApplication rec {
|
||||
"''${qtWrapperArgs[@]}"
|
||||
--add-flags '--backend ${backend}'
|
||||
--set QUTE_QTWEBENGINE_VERSION_OVERRIDE "${lib.getVersion qtwebengine}"
|
||||
${lib.optionalString (!stdenv.isDarwin && backend == "webengine") ''--prefix LD_LIBRARY_PATH : ${libPath}''}
|
||||
${lib.optionalString (pipewireSupport && backend == "webengine") ''--prefix LD_LIBRARY_PATH : ${libPath}''}
|
||||
)
|
||||
'';
|
||||
|
||||
|
@ -1,22 +1,33 @@
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
{ lib, buildGoModule, fetchFromGitHub, stdenv }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "cloudflared";
|
||||
version = "2022.4.0";
|
||||
version = "2022.4.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cloudflare";
|
||||
repo = "cloudflared";
|
||||
rev = version;
|
||||
hash = "sha256-+40OK2q4WdvlLhoPfZH6q+pghgS7ZLmaZl2VbZK4rdA=";
|
||||
hash = "sha256-dgvXbWtLP6sXBlqcx/xpw9LIbcE4VlYZQO5rrS34+9I=";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
||||
doCheck = false;
|
||||
|
||||
ldflags = [ "-X main.Version=${version}" ];
|
||||
|
||||
preCheck = ''
|
||||
# Workaround for: sshgen_test.go:74: mkdir /homeless-shelter/.cloudflared: no such file or directory
|
||||
export HOME="$(mktemp -d)";
|
||||
|
||||
# Workaround for: protocol_test.go:11:
|
||||
# lookup protocol-v2.argotunnel.com on [::1]:53: read udp [::1]:51876->[::1]:53: read: connection refused
|
||||
|
||||
substituteInPlace "edgediscovery/protocol_test.go" \
|
||||
--replace "TestProtocolPercentage" "SkipProtocolPercentage"
|
||||
'';
|
||||
|
||||
doCheck = !stdenv.isDarwin;
|
||||
|
||||
meta = with lib; {
|
||||
description = "CloudFlare Tunnel daemon (and DNS-over-HTTPS client)";
|
||||
homepage = "https://www.cloudflare.com/products/tunnel";
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "argocd-autopilot";
|
||||
version = "0.3.1";
|
||||
version = "0.3.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "argoproj-labs";
|
||||
repo = "argocd-autopilot";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-L8+sb0lGPuc6smOFwijRGFS+oSCxEqB5c1tG55MPlgE=";
|
||||
sha256 = "sha256-9si2zqYhmAqzhdUWMkfQ/yLeyNcZSAWypvZTbDDrPvA=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-sxPTOao3scTmiVKFyGeWPMzXQz/d0HSVmUYocNGm1vA=";
|
||||
vendorSha256 = "sha256-UfZCGG24JjPoc5nbX9vPeFCP8YGMNF5oUrdwTC6RpKI=";
|
||||
|
||||
proxyVendor = true;
|
||||
|
||||
|
@ -6,13 +6,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "arkade";
|
||||
version = "0.8.20";
|
||||
version = "0.8.22";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "alexellis";
|
||||
repo = "arkade";
|
||||
rev = version;
|
||||
sha256 = "sha256-DIXvsYYckNlxFzeJqk3TYRQIAtafAfylyDc/a20kl+0=";
|
||||
sha256 = "sha256-mn/UX2xNMthCtXYFUXqiiPnMltwO2Hk/qveudEYAOZ0=";
|
||||
};
|
||||
|
||||
CGO_ENABLED = 0;
|
||||
|
@ -2,21 +2,24 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "atlantis";
|
||||
version = "0.16.1";
|
||||
version = "0.19.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "runatlantis";
|
||||
repo = "atlantis";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-D549pInoK8ispgcn8LYdix19Hp7wO6w2/d2Y1L/9Px8=";
|
||||
sha256 = "sha256-cd2dhrqJl/VRhOYB1g9OpOnPV92EQm8f3rRGZGVN+IY=";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
||||
doCheck = false;
|
||||
vendorSha256 = "sha256-ux+Hw/TjeiY9VYhIQxaltZGk5CkxAab8R7kAsTaMUGc=";
|
||||
|
||||
subPackages = [ "." ];
|
||||
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
$out/bin/atlantis version | grep ${version} > /dev/null
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/runatlantis/atlantis";
|
||||
description = "Terraform Pull Request Automation";
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "cmctl";
|
||||
version = "1.7.2";
|
||||
version = "1.8.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cert-manager";
|
||||
repo = "cert-manager";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-Hx6MG5GCZyOX0tfpg1bfUT0BOI3p7Mws1VCz2PuUuw8=";
|
||||
sha256 = "sha256-h7GyzjVrfyMHY7yuNmmsym6KGKCQr5R71gjPBTUeMCg=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-4zhdpedOmLl/i1G0QCto4ACxguWRZLzOm5HfMBMtvPY=";
|
||||
vendorSha256 = "sha256-UYw9WdQ6VwzuuiOsa1yovkLZG7NmLYSW51p8UhmQMeI=";
|
||||
|
||||
subPackages = [ "cmd/ctl" ];
|
||||
|
||||
|
@ -46,12 +46,12 @@ with lib;
|
||||
# Those pieces of software we entirely ignore upstream's handling of, and just
|
||||
# make sure they're in the path if desired.
|
||||
let
|
||||
k3sVersion = "1.23.4+k3s1"; # k3s git tag
|
||||
k3sCommit = "43b1cb48200d8f6af85c16ed944d68fcc96b6506"; # k3s git commit at the above version
|
||||
k3sRepoSha256 = "1sn7rd5hqfqvwj036blk0skmq6r8igbmiqk1dnpaqnkkddpzdgmc";
|
||||
k3sVendorSha256 = "sha256-1/kQvNqFUWwch1JH+twWzBdjNYseoZyVObB1+s9WPM4=";
|
||||
k3sVersion = "1.23.5+k3s1"; # k3s git tag
|
||||
k3sCommit = "313aaca547f030752788dce696fdf8c9568bc035"; # k3s git commit at the above version
|
||||
k3sRepoSha256 = "0vk72609cyyh64irp14jp2zspnxw34jm710cbwgklx0ch6kiz88d";
|
||||
k3sVendorSha256 = "sha256-d7kQsJi/eQbaTUDglp3gFpc5Im6CyD9coKeM3kMrbjI=";
|
||||
|
||||
k3sServerVendorSha256 = "sha256-2KIFff43jfqWdxX61aWofrjmc5mMkr5aEJRFdGpLyU8=";
|
||||
k3sServerVendorSha256 = "sha256-E3USXNuXY0lzZH+t3O7BOQ8rKNNQ6avOMItgOEi1cEg=";
|
||||
|
||||
# taken from ./manifests/traefik.yaml, extracted from '.spec.chart' https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/download#L9
|
||||
# The 'patch' and 'minor' versions are currently hardcoded as single digits only, so ignore the trailing two digits. Weird, I know.
|
||||
@ -68,8 +68,8 @@ let
|
||||
|
||||
# taken from go.mod, the 'github.com/containerd/containerd' line
|
||||
# run `grep github.com/containerd/containerd go.mod | head -n1 | awk '{print $4}'`
|
||||
containerdVersion = "1.5.9-k3s1";
|
||||
containerdSha256 = "09wfy20z3c9fnla353pibpsb10xzl0f4xwp8qdjh3fwa1q2626gg";
|
||||
containerdVersion = "1.5.10-k3s1";
|
||||
containerdSha256 = "1ff2sfaqpjimq7w0lprci6ibyi6v65ap6b9sr6b0j12gqr2sqwa5";
|
||||
|
||||
# run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag
|
||||
criCtlVersion = "1.22.0-k3s1";
|
||||
@ -228,9 +228,24 @@ buildGoModule rec {
|
||||
|
||||
patches = [
|
||||
./patches/0001-scrips-download-strip-downloading-just-package-CRD.patch
|
||||
./patches/0002-Don-t-build-a-static-binary-in-package-cli.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# Nix prefers dynamically linked binaries over static binary.
|
||||
|
||||
substituteInPlace scripts/package-cli \
|
||||
--replace '"$LDFLAGS $STATIC" -o' \
|
||||
'"$LDFLAGS" -o' \
|
||||
--replace "STATIC=\"-extldflags \'-static\'\"" \
|
||||
""
|
||||
|
||||
# Upstream codegen fails with trimpath set. Removes "trimpath" for 'go generate':
|
||||
|
||||
substituteInPlace scripts/package-cli \
|
||||
--replace '"''${GO}" generate' \
|
||||
'GOFLAGS="" "''${GO}" generate'
|
||||
'';
|
||||
|
||||
# Important utilities used by the kubelet, see
|
||||
# https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494
|
||||
# Note the list in that issue is stale and some aren't relevant for k3s.
|
||||
|
@ -1,37 +0,0 @@
|
||||
From 49c000c7c5dd7a502a2be4c638d2c32b65673c00 Mon Sep 17 00:00:00 2001
|
||||
From: Euan Kemp <euank@euank.com>
|
||||
Date: Sun, 6 Feb 2022 23:13:00 -0800
|
||||
Subject: [PATCH] Don't build a static binary in package-cli
|
||||
|
||||
since nixpkgs prefers dynamically linked binaries.
|
||||
|
||||
Also remove "trimpath" for the 'go generate' step because the codegen
|
||||
they use doesn't work with trimpath set.
|
||||
---
|
||||
scripts/package-cli | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/scripts/package-cli b/scripts/package-cli
|
||||
index 28927327b7..95dbb469f1 100755
|
||||
--- a/scripts/package-cli
|
||||
+++ b/scripts/package-cli
|
||||
@@ -48,14 +48,13 @@ fi
|
||||
|
||||
CMD_NAME=dist/artifacts/k3s${BIN_SUFFIX}
|
||||
|
||||
-"${GO}" generate
|
||||
+GOFLAGS="" "${GO}" generate
|
||||
LDFLAGS="
|
||||
-X github.com/rancher/k3s/pkg/version.Version=$VERSION
|
||||
-X github.com/rancher/k3s/pkg/version.GitCommit=${COMMIT:0:8}
|
||||
-w -s
|
||||
"
|
||||
-STATIC="-extldflags '-static'"
|
||||
-CGO_ENABLED=0 "${GO}" build -ldflags "$LDFLAGS $STATIC" -o ${CMD_NAME} ./cmd/k3s/main.go
|
||||
+CGO_ENABLED=0 "${GO}" build -ldflags "$LDFLAGS" -o ${CMD_NAME} ./cmd/k3s/main.go
|
||||
|
||||
stat ${CMD_NAME}
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
@ -2,36 +2,42 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "starboard";
|
||||
version = "0.14.1";
|
||||
version = "0.15.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aquasecurity";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-sB7C0IKadgpQ2h6HuH4D6ku/GXnFfFS+fGCW/RBSc10=";
|
||||
sha256 = "sha256-EBjAB0uSMAyiVr6KxqrT/F+GIkntmOKNPHL1D0RBdG0=";
|
||||
# populate values that require us to use git. By doing this in postFetch we
|
||||
# can delete .git afterwards and maintain better reproducibility of the src.
|
||||
leaveDotGit = true;
|
||||
postFetch = ''
|
||||
cd "$out"
|
||||
commit="$(git rev-parse HEAD)"
|
||||
source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad)
|
||||
substituteInPlace "$out/cmd/starboard/main.go" \
|
||||
--replace 'commit = "none"' "commit = \"$commit\"" \
|
||||
--replace 'date = "unknown"' "date = \"$source_date_epoch\""
|
||||
git rev-parse HEAD > $out/COMMIT
|
||||
# 0000-00-00T00:00:00Z
|
||||
date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
|
||||
find "$out" -name .git -print0 | xargs -0 rm -rf
|
||||
'';
|
||||
};
|
||||
vendorSha256 = "sha256-R7tF724y5WNIByE+9nRoNSZDZzfLtPfK/9tSBkARaN0=";
|
||||
vendorSha256 = "sha256-BxXH+dJyAQRGAq25CljUImxYIT+nCQpmUPUjHOYF0kc=";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
subPackages = [ "cmd/starboard" ];
|
||||
|
||||
ldflags = [
|
||||
"-s" "-w" "-X main.version=v${version}"
|
||||
"-s"
|
||||
"-w"
|
||||
"-X main.version=v${version}"
|
||||
];
|
||||
|
||||
# ldflags based on metadata from git and source
|
||||
preBuild = ''
|
||||
ldflags+=" -X main.gitCommit=$(cat COMMIT)"
|
||||
ldflags+=" -X main.buildDate=$(cat SOURCE_DATE_EPOCH)"
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
# Remove test that requires networking
|
||||
rm pkg/plugin/aqua/client/client_integration_test.go
|
||||
|
@ -40,10 +40,10 @@
|
||||
"owner": "aliyun",
|
||||
"provider-source-address": "registry.terraform.io/aliyun/alicloud",
|
||||
"repo": "terraform-provider-alicloud",
|
||||
"rev": "v1.162.0",
|
||||
"sha256": "sha256-xqZv15Tst+7o9HhNu6/bW+a4z7FTkra+MfS8jKrfeNs=",
|
||||
"vendorSha256": "sha256-RbOf/S0rkbhW0s+/YOqu+BQuE0V4aS2x36Xf+hgBkqY=",
|
||||
"version": "1.162.0"
|
||||
"rev": "v1.163.0",
|
||||
"sha256": "sha256-lSg8jAzQfRc++U6zAhkfbVf/+hIW/1Nov35o6M8mRrw=",
|
||||
"vendorSha256": "sha256-8dAk23ISxYuYKj5s0W6g93RBW1++NuZEPva5MaNBSyw=",
|
||||
"version": "1.163.0"
|
||||
},
|
||||
"ansible": {
|
||||
"owner": "nbering",
|
||||
@ -76,10 +76,10 @@
|
||||
"owner": "vmware",
|
||||
"provider-source-address": "registry.terraform.io/vmware/avi",
|
||||
"repo": "terraform-provider-avi",
|
||||
"rev": "v21.1.3",
|
||||
"sha256": "160l9864p73283hc27qaabd3lrh7lm8fyh6k9xlal5isfd9vrm5p",
|
||||
"vendorSha256": "1hw1xp20nhs4p1q9l887m82456fg5977pm66165gdkczwrq2zr6v",
|
||||
"version": "21.1.3"
|
||||
"rev": "v21.1.4",
|
||||
"sha256": "sha256-6H56TRA3I0CQ9/d8JdP5JNL0u3lpS8YhCvdSM5bxYp8=",
|
||||
"vendorSha256": "sha256-b0MwGmgugZdmVk7ZVBSCivDQ4n+tLABymH/igo/S1Wc=",
|
||||
"version": "21.1.4"
|
||||
},
|
||||
"aviatrix": {
|
||||
"owner": "AviatrixSystems",
|
||||
@ -148,10 +148,10 @@
|
||||
"owner": "DrFaust92",
|
||||
"provider-source-address": "registry.terraform.io/DrFaust92/bitbucket",
|
||||
"repo": "terraform-provider-bitbucket",
|
||||
"rev": "v2.13.1",
|
||||
"sha256": "sha256-P/6scAuRMRrACHmEdWjn+W37ptVmVgtj+iTXQDrG+WM=",
|
||||
"vendorSha256": "sha256-o1CZ4VuGCPALqSIz8KSm1zCwd3r9bR13CRvP7XpVBAM=",
|
||||
"version": "2.13.1"
|
||||
"rev": "v2.14.0",
|
||||
"sha256": "sha256-tF1Q55mxwPU6dziiNzdacNtHvemd9ciQHE2E6een1WY=",
|
||||
"vendorSha256": "sha256-L8QYz1xgw8ZQjrU33uP18XxNUjImPYATZ02h46G4aXs=",
|
||||
"version": "2.14.0"
|
||||
},
|
||||
"brightbox": {
|
||||
"owner": "brightbox",
|
||||
@ -194,10 +194,10 @@
|
||||
"owner": "cloudflare",
|
||||
"provider-source-address": "registry.terraform.io/cloudflare/cloudflare",
|
||||
"repo": "terraform-provider-cloudflare",
|
||||
"rev": "v3.12.0",
|
||||
"sha256": "sha256-y2qq0asEnhnOjthLBFxyQjf1N5KNlXXK0eXjT1/vCXg=",
|
||||
"rev": "v3.12.1",
|
||||
"sha256": "sha256-8l6+hyjW+N3N5OGj/cviH97EFqouSrnJULk/SXrYCTk=",
|
||||
"vendorSha256": "sha256-v6fUzYwrYt4rk5LT0LyNd8e9X79r3dwtd3s1QIV/w/s=",
|
||||
"version": "3.12.0"
|
||||
"version": "3.12.1"
|
||||
},
|
||||
"cloudfoundry": {
|
||||
"owner": "cloudfoundry-community",
|
||||
@ -471,6 +471,15 @@
|
||||
"vendorSha256": "sha256-HrsjhaMlzs+uel5tBlxJD69Kkjl+4qVisWWREANBx40=",
|
||||
"version": "5.0.2"
|
||||
},
|
||||
"htpasswd": {
|
||||
"owner": "loafoe",
|
||||
"provider-source-address": "registry.terraform.io/loafoe/htpasswd",
|
||||
"repo": "terraform-provider-htpasswd",
|
||||
"rev": "v1.0.1",
|
||||
"sha256": "sha256-RUkPIsKVMooGy2hYsNFkctMFdJ8MEbtbMB9Qak6HJgQ=",
|
||||
"vendorSha256": "sha256-4P3IX7KGDqcWVYRiD6tXoEjF/phI89rz5QdR09xtnAo=",
|
||||
"version": "1.0.1"
|
||||
},
|
||||
"http": {
|
||||
"owner": "hashicorp",
|
||||
"provider-source-address": "registry.terraform.io/hashicorp/http",
|
||||
@ -754,10 +763,10 @@
|
||||
"owner": "vmware",
|
||||
"provider-source-address": "registry.terraform.io/vmware/nsxt",
|
||||
"repo": "terraform-provider-nsxt",
|
||||
"rev": "v3.2.5",
|
||||
"sha256": "0j5kspfmqxdnvk3sfb476rckkn9fdgpw5haf495901a114wynr2l",
|
||||
"rev": "v3.2.6",
|
||||
"sha256": "sha256-1uQMjzqMJ1NQVVCXy5aHrrZ4vDK5s1JqUnLyYf1qLVw=",
|
||||
"vendorSha256": null,
|
||||
"version": "3.2.5"
|
||||
"version": "3.2.6"
|
||||
},
|
||||
"null": {
|
||||
"owner": "hashicorp",
|
||||
@ -791,10 +800,10 @@
|
||||
"owner": "okta",
|
||||
"provider-source-address": "registry.terraform.io/okta/okta",
|
||||
"repo": "terraform-provider-okta",
|
||||
"rev": "v3.22.1",
|
||||
"sha256": "sha256-G1KJJSxJmzFlIUWOs+7htcgp61oWCu+ryCKaIHzxhzw=",
|
||||
"vendorSha256": "sha256-n7ih8QtapA+xno1twlM2b2XGEesdJdJIPD+QWpmJDVA=",
|
||||
"version": "3.22.1"
|
||||
"rev": "v3.23.0",
|
||||
"sha256": "sha256-azqWTQA4FW79U+GrdCBO4BWA5c+Cce3ELANS2Os5bSs=",
|
||||
"vendorSha256": "sha256-S4HVfl/PbgpgWFedkWM+EGyYAL5P0cdkLMYL+y+aX8w=",
|
||||
"version": "3.23.0"
|
||||
},
|
||||
"oktaasa": {
|
||||
"owner": "oktadeveloper",
|
||||
|
@ -2,6 +2,7 @@
|
||||
, stdenv
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
, installShellFiles
|
||||
, pkg-config
|
||||
, gpgme
|
||||
, glibc
|
||||
@ -11,18 +12,18 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "werf";
|
||||
version = "1.2.78";
|
||||
version = "1.2.87";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "werf";
|
||||
repo = "werf";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-ehrzb7WvkYL8oj2RSzKc1KDagV0zg6vMzgpT2sPyhcI=";
|
||||
sha256 = "sha256-DMP//gh79WuQ8VY4sV6lQlwR+k+rwqODf/pagOBP+4U=";
|
||||
};
|
||||
vendorSha256 = "sha256-w8ZeAQbZIVOBoRa9fJhXgTeYRCYpkh/U4pwb5u6A9mQ=";
|
||||
vendorSha256 = "sha256-OrvGDNj48W1tVAs3tdtAuesHnh8fHRsGd6KL0Uaf9Zg=";
|
||||
proxyVendor = true;
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
nativeBuildInputs = [ installShellFiles pkg-config ];
|
||||
buildInputs = [ gpgme ]
|
||||
++ lib.optionals stdenv.isLinux [ glibc.static lvm2 btrfs-progs ];
|
||||
|
||||
@ -44,6 +45,12 @@ buildGoModule rec {
|
||||
|
||||
subPackages = [ "cmd/werf" ];
|
||||
|
||||
postInstall = ''
|
||||
installShellCompletion --cmd werf \
|
||||
--bash <($out/bin/werf completion --shell=bash) \
|
||||
--zsh <($out/bin/werf completion --shell=zsh)
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/werf/werf";
|
||||
description = "GitOps delivery tool";
|
||||
|
@ -2,7 +2,7 @@
|
||||
"name": "element-desktop",
|
||||
"productName": "Element",
|
||||
"main": "lib/electron-main.js",
|
||||
"version": "1.10.8",
|
||||
"version": "1.10.9",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "Element",
|
||||
"repository": {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"version": "1.10.8",
|
||||
"desktopSrcHash": "S9MQIn773BzCH4dsTkD1DpIThDzoIGr4Heaie2Qs0jY=",
|
||||
"desktopYarnHash": "1imx43qbpj08l6d0fji31kcxqshcpr0ch8dzfbbgxyjvblq2p8ln",
|
||||
"webHash": "02i6l3armzr19kki3hgshhzkdpb3001nilh4h10hr3xw5z711ppr"
|
||||
"version": "1.10.9",
|
||||
"desktopSrcHash": "vbVnkb/sVW+c7JGIT8Fcjtwe7i10aY0mBoiNeAD8tvY=",
|
||||
"desktopYarnHash": "0jm0i1yyfkg1ll11pb3qif1vdxx6rp0yl9kd8jg9nhsg2jzw66pr",
|
||||
"webHash": "0yp29h2cmi18y8g8scqx3zmc1l80q28gid709ysqqb349gy1kls8"
|
||||
}
|
||||
|
@ -12,6 +12,7 @@
|
||||
, knotifications
|
||||
, zxing-cpp
|
||||
, qxmpp
|
||||
, sonnet
|
||||
, gst_all_1
|
||||
}:
|
||||
|
||||
@ -38,6 +39,7 @@ mkDerivation rec {
|
||||
knotifications
|
||||
zxing-cpp
|
||||
qxmpp
|
||||
sonnet
|
||||
gstreamer
|
||||
gst-plugins-bad
|
||||
gst-plugins-base
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user