From 479d8f4fd82b042627d2e6b7e9ffacdcf32b7a6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 26 Jun 2022 04:30:12 +0000 Subject: [PATCH 01/19] qutebrowser: 2.5.1 -> 2.5.2 https://github.com/qutebrowser/qutebrowser/releases/tag/v2.5.2 --- pkgs/applications/networking/browsers/qutebrowser/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix index a9e6436c8da..ce2392ab4ed 100644 --- a/pkgs/applications/networking/browsers/qutebrowser/default.nix +++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix @@ -32,12 +32,12 @@ let in mkDerivationWith python3Packages.buildPythonApplication rec { pname = "qutebrowser"; - version = "2.5.1"; + version = "2.5.2"; # the release tarballs are different from the git checkout! src = fetchurl { url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz"; - hash = "sha256-5ohYhqhM0WamumM3lKWKTGfYccJxiBJ+XdvFJ2127bw="; + hash = "sha256-qb/OFN3EA94N6y7t+YPCMc4APgdZmV7H706jTkl06Qg="; }; # Needs tox From e2649aef4e48696cc2eaef204a385649ec4c9444 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 30 Jun 2022 02:06:49 +0000 Subject: [PATCH 02/19] python310Packages.pulumi-aws: 5.9.1 -> 5.9.2 --- pkgs/development/python-modules/pulumi-aws/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pulumi-aws/default.nix b/pkgs/development/python-modules/pulumi-aws/default.nix index 838422a31a2..c1636998590 100644 --- a/pkgs/development/python-modules/pulumi-aws/default.nix +++ b/pkgs/development/python-modules/pulumi-aws/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "pulumi-aws"; # Version is independant of pulumi's. - version = "5.9.1"; + version = "5.9.2"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "pulumi"; repo = "pulumi-aws"; rev = "refs/tags/v${version}"; - hash = "sha256-LYWxdqortazhev73JSTItrEyZZYFmeXkAko/2aFKaSw="; + hash = "sha256-5jeLSTG2HITEUdgQB3B9nQLAaNRliGspKnOgzUscCpU="; }; sourceRoot = "${src.name}/sdk/python"; From 6ed6ef2ea1b60edbf2f47932494b62c3486a7973 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:58:30 +0300 Subject: [PATCH 03/19] linux: 5.10.126 -> 5.10.127 --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 87ac3427f7a..34fce5c16d5 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.126"; + version = "5.10.127"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0qsg5mxvq11xdbssz3qsmd794c8nydq297jwmgfwbzwkx1ll61ci"; + sha256 = "100m4b6w1kbc1lc3gwlmkp8xl42xai0v5wdbx0mxrq8y1gp374j1"; }; } // (args.argsOverride or {})) From 5a52c81969a9c8d6b32753adb0c2fe41e1379775 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:58:33 +0300 Subject: [PATCH 04/19] linux: 5.15.50 -> 5.15.51 --- pkgs/os-specific/linux/kernel/linux-5.15.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.15.nix b/pkgs/os-specific/linux/kernel/linux-5.15.nix index 1fb189b1ef9..9a9950a301c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.50"; + version = "5.15.51"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "03yp3gz45059gkzqbijbg503rxx4wihjg4c3ikz10f526xym0kam"; + sha256 = "1229m4r4n61n5l8anp2pcqdhajkwmavhr1z00n8gvx3yn9w4ifhz"; }; } // (args.argsOverride or { })) From 7c4567e0d4bb5a54c3827ca95d1222ac5b5b39df Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:58:35 +0300 Subject: [PATCH 05/19] linux: 5.18.7 -> 5.18.8 --- pkgs/os-specific/linux/kernel/linux-5.18.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.18.nix b/pkgs/os-specific/linux/kernel/linux-5.18.nix index ae2406b0372..43505e9d5d1 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.18.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.18.7"; + version = "5.18.8"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0nsj44p1wn7ysckhv4a99ncj0a9xxhvi54v63w1047sspxjd18m1"; + sha256 = "0dhaj1zcsr5sfg62byzvvkhm9j419px6v9v04ngcy0d0vc2yn8q8"; }; } // (args.argsOverride or { })) From 7b061f8eb6de460c9622ad473f9ee4cc6efca8ee Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:58:36 +0300 Subject: [PATCH 06/19] linux: 5.4.201 -> 5.4.202 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index cd79e9680b1..6c0011b4471 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.201"; + version = "5.4.202"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0qbfqfca4ism7k7y8grjqsxby3j50ach576szrljxxy140qxfgc1"; + sha256 = "0gak58h5l2d8rmbmjw48460bgqi73yf1m7swsbbhfsmbkvhvr8aw"; }; } // (args.argsOverride or {})) From 02281899164fd848736c8ad278e25c98e76df85e Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:59:10 +0300 Subject: [PATCH 07/19] linux/hardened/patches/5.10: 5.10.125-hardened1 -> 5.10.127-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 079ea453bbf..42fd2c12392 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -22,12 +22,12 @@ "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.125-hardened1.patch", - "sha256": "04hdgzx7yqv26i74k6yzdh3k4dzyvcmxn9y93whdw0jyal34nj5w", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.125-hardened1/linux-hardened-5.10.125-hardened1.patch" + "name": "linux-hardened-5.10.127-hardened1.patch", + "sha256": "0lmsmmj1f0zqm5plb3c4sfqkq70msa24l1hcsrynavmzys8hndmq", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.127-hardened1/linux-hardened-5.10.127-hardened1.patch" }, - "sha256": "0q4garkqdkr2280ygz44053cbmzv59yfd0lsn7q67h1j4nh6wddr", - "version": "5.10.125" + "sha256": "100m4b6w1kbc1lc3gwlmkp8xl42xai0v5wdbx0mxrq8y1gp374j1", + "version": "5.10.127" }, "5.15": { "patch": { From 362d5a564f3c2b8cf93ea33381ab86a9126cb8fa Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:59:13 +0300 Subject: [PATCH 08/19] linux/hardened/patches/5.15: 5.15.50-hardened1 -> 5.15.51-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 42fd2c12392..675b2005ff1 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -32,12 +32,12 @@ "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.50-hardened1.patch", - "sha256": "0vridxhn9s21d3r877ndnm7zg5iyqpm9lm319ccw47fwyydwwh4y", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.50-hardened1/linux-hardened-5.15.50-hardened1.patch" + "name": "linux-hardened-5.15.51-hardened1.patch", + "sha256": "0rfj0ypag0wn0ja77c920ppbqbik07i9yfrlhjanrz66vdip0z1r", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.51-hardened1/linux-hardened-5.15.51-hardened1.patch" }, - "sha256": "03yp3gz45059gkzqbijbg503rxx4wihjg4c3ikz10f526xym0kam", - "version": "5.15.50" + "sha256": "1229m4r4n61n5l8anp2pcqdhajkwmavhr1z00n8gvx3yn9w4ifhz", + "version": "5.15.51" }, "5.18": { "patch": { From 87f3f3ab17074e6e969ce0aa4425e792d076e311 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:59:17 +0300 Subject: [PATCH 09/19] linux/hardened/patches/5.18: 5.18.7-hardened1 -> 5.18.8-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 675b2005ff1..c4f5c25dcf7 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -42,12 +42,12 @@ "5.18": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.18.7-hardened1.patch", - "sha256": "085skg598k5q0kgk5zb2ns6m0a6j5bpdi0aa5r8iidln1pqw2894", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.18.7-hardened1/linux-hardened-5.18.7-hardened1.patch" + "name": "linux-hardened-5.18.8-hardened1.patch", + "sha256": "1i0y11flb4alxaqf2inms8x2yzar20zg6vc9s9gs507z97yh24v2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.18.8-hardened1/linux-hardened-5.18.8-hardened1.patch" }, - "sha256": "0nsj44p1wn7ysckhv4a99ncj0a9xxhvi54v63w1047sspxjd18m1", - "version": "5.18.7" + "sha256": "0dhaj1zcsr5sfg62byzvvkhm9j419px6v9v04ngcy0d0vc2yn8q8", + "version": "5.18.8" }, "5.4": { "patch": { From f8b452f1278baa0530d354facfbcd7ead5a9f773 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 30 Jun 2022 14:59:20 +0300 Subject: [PATCH 10/19] linux/hardened/patches/5.4: 5.4.201-hardened1 -> 5.4.202-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index c4f5c25dcf7..e60cfeaec7f 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -52,11 +52,11 @@ "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.201-hardened1.patch", - "sha256": "1l0qgkwsp12wn2k78m04bpb88qknckbwn6610xj9jxvhq0n0qg4l", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.201-hardened1/linux-hardened-5.4.201-hardened1.patch" + "name": "linux-hardened-5.4.202-hardened1.patch", + "sha256": "1gkgipw7ic0l3gh6haylcyss46wbph7zhx91fdp4na20jy4dxrzv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.202-hardened1/linux-hardened-5.4.202-hardened1.patch" }, - "sha256": "0qbfqfca4ism7k7y8grjqsxby3j50ach576szrljxxy140qxfgc1", - "version": "5.4.201" + "sha256": "0gak58h5l2d8rmbmjw48460bgqi73yf1m7swsbbhfsmbkvhvr8aw", + "version": "5.4.202" } } From 461bdf0a7abde1521d9a8ed5c19f57bd3d412126 Mon Sep 17 00:00:00 2001 From: wyndon Date: Tue, 31 May 2022 07:54:25 +0200 Subject: [PATCH 11/19] lokinet: init at 0.9.9 --- .../networking/p2p/lokinet/default.nix | 64 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 66 insertions(+) create mode 100644 pkgs/applications/networking/p2p/lokinet/default.nix diff --git a/pkgs/applications/networking/p2p/lokinet/default.nix b/pkgs/applications/networking/p2p/lokinet/default.nix new file mode 100644 index 00000000000..e3e2c8e5883 --- /dev/null +++ b/pkgs/applications/networking/p2p/lokinet/default.nix @@ -0,0 +1,64 @@ +{ stdenv +, lib +, fetchFromGitHub +, cmake +, libevent +, libsodium +, libuv +, nlohmann_json +, pkg-config +, sqlite +, systemd +, unbound +, zeromq +}: + +stdenv.mkDerivation rec { + pname = "lokinet"; + version = "0.9.9"; + + src = fetchFromGitHub { + owner = "oxen-io"; + repo = "lokinet"; + rev = "v${version}"; + fetchSubmodules = true; + sha256 = "sha256-AaGsRg9S9Cng9emI/mN09QSOIRbE+x3916clWAwLnRs="; + }; + + nativeBuildInputs = [ + cmake + pkg-config + ]; + + buildInputs = [ + libevent + libuv + libsodium + nlohmann_json + sqlite + systemd + unbound + zeromq + ]; + + cmakeFlags = [ + "-DGIT_VERSION=v${version}" + "-DWITH_BOOTSTRAP=OFF" # we provide bootstrap files manually + "-DWITH_SETCAP=OFF" + ]; + + # copy bootstrap files + # see https://github.com/oxen-io/lokinet/issues/1765#issuecomment-938208774 + postInstall = '' + mkdir -p $out/share/testnet + cp $src/contrib/bootstrap/mainnet.signed $out/share/bootstrap.signed + cp $src/contrib/bootstrap/testnet.signed $out/share/testnet/bootstrap.signed + ''; + + meta = with lib; { + description = "Anonymous, decentralized and IP based overlay network for the internet"; + homepage = "https://lokinet.org/"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ wyndon ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6b396cf5618..6ff981e99b1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28105,6 +28105,8 @@ with pkgs; portaudio = null; }; + lokinet = callPackage ../applications/networking/p2p/lokinet { }; + losslesscut-bin = callPackage ../applications/video/losslesscut-bin { }; loxodo = callPackage ../applications/misc/loxodo { }; From 69e1e00ebbdf40c1a1b2cc622f7e58aa927b4044 Mon Sep 17 00:00:00 2001 From: wyndon Date: Tue, 31 May 2022 07:54:41 +0200 Subject: [PATCH 12/19] nixos/lokinet: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/lokinet.nix | 157 ++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 nixos/modules/services/networking/lokinet.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b757e05edce..c8e1216813e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -825,6 +825,7 @@ ./services/networking/libreswan.nix ./services/networking/lldpd.nix ./services/networking/logmein-hamachi.nix + ./services/networking/lokinet.nix ./services/networking/lxd-image-server.nix ./services/networking/magic-wormhole-mailbox-server.nix ./services/networking/matterbridge.nix diff --git a/nixos/modules/services/networking/lokinet.nix b/nixos/modules/services/networking/lokinet.nix new file mode 100644 index 00000000000..cf091341c83 --- /dev/null +++ b/nixos/modules/services/networking/lokinet.nix @@ -0,0 +1,157 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.lokinet; + dataDir = "/var/lib/lokinet"; + settingsFormat = pkgs.formats.ini { listsAsDuplicateKeys = true; }; + configFile = settingsFormat.generate "lokinet.ini" (lib.filterAttrsRecursive (n: v: v != null) cfg.settings); +in with lib; { + options.services.lokinet = { + enable = mkEnableOption "Lokinet daemon"; + + package = mkOption { + type = types.package; + default = pkgs.lokinet; + defaultText = literalExpression "pkgs.lokinet"; + description = "Lokinet package to use."; + }; + + useLocally = mkOption { + type = types.bool; + default = false; + example = true; + description = "Whether to use Lokinet locally."; + }; + + settings = mkOption { + type = with types; + submodule { + freeformType = settingsFormat.type; + + options = { + dns = { + bind = mkOption { + type = str; + default = "127.3.2.1"; + description = "Address to bind to for handling DNS requests."; + }; + + upstream = mkOption { + type = listOf str; + default = [ "9.9.9.10" ]; + example = [ "1.1.1.1" "8.8.8.8" ]; + description = '' + Upstream resolver(s) to use as fallback for non-loki addresses. + Multiple values accepted. + ''; + }; + }; + + network = { + exit = mkOption { + type = bool; + default = false; + description = '' + Whether to act as an exit node. Beware that this + increases demand on the server and may pose liability concerns. + Enable at your own risk. + ''; + }; + + exit-node = mkOption { + type = nullOr (listOf str); + default = null; + example = '' + exit-node = [ "example.loki" ]; # maps all exit traffic to example.loki + exit-node = [ "example.loki:100.0.0.0/24" ]; # maps 100.0.0.0/24 to example.loki + ''; + description = '' + Specify a `.loki` address and an optional ip range to use as an exit broker. + See for + a list of exit nodes. + ''; + }; + + keyfile = mkOption { + type = nullOr str; + default = null; + example = "snappkey.private"; + description = '' + The private key to persist address with. If not specified the address will be ephemeral. + This keyfile is generated automatically if the specified file doesn't exist. + ''; + }; + }; + }; + }; + default = { }; + example = literalExpression '' + { + dns = { + bind = "127.3.2.1"; + upstream = [ "1.1.1.1" "8.8.8.8" ]; + }; + + network.exit-node = [ "example.loki" "example2.loki" ]; + } + ''; + description = '' + Configuration for Lokinet. + Currently, the best way to view the available settings is by + generating a config file using `lokinet -g`. + ''; + }; + }; + + config = mkIf cfg.enable { + networking.resolvconf.extraConfig = mkIf cfg.useLocally '' + name_servers="${cfg.settings.dns.bind}" + ''; + + systemd.services.lokinet = { + description = "Lokinet"; + after = [ "network-online.target" "network.target" ]; + wants = [ "network-online.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + ln -sf ${cfg.package}/share/bootstrap.signed ${dataDir} + ${pkgs.coreutils}/bin/install -m 600 ${configFile} ${dataDir}/lokinet.ini + + ${optionalString (cfg.settings.network.keyfile != null) '' + ${pkgs.crudini}/bin/crudini --set ${dataDir}/lokinet.ini network keyfile "${dataDir}/${cfg.settings.network.keyfile}" + ''} + ''; + + serviceConfig = { + DynamicUser = true; + StateDirectory = "lokinet"; + AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; + ExecStart = "${cfg.package}/bin/lokinet ${dataDir}/lokinet.ini"; + Restart = "always"; + RestartSec = "5s"; + + # hardening + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateTmp = true; + PrivateMounts = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + ReadWritePaths = "/dev/net/tun"; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + }; + + environment.systemPackages = [ cfg.package ]; + }; +} From c856c35fe9cc736ebab69027f2c2191d7dc2720d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 30 Jun 2022 16:31:52 +0000 Subject: [PATCH 13/19] python310Packages.hcloud: 1.16.0 -> 1.17.0 --- pkgs/development/python-modules/hcloud/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/hcloud/default.nix b/pkgs/development/python-modules/hcloud/default.nix index 3183560ba00..6c79629919d 100644 --- a/pkgs/development/python-modules/hcloud/default.nix +++ b/pkgs/development/python-modules/hcloud/default.nix @@ -13,12 +13,12 @@ buildPythonPackage rec { pname = "hcloud"; - version = "1.16.0"; + version = "1.17.0"; disabled = isPy27; src = fetchPypi { inherit pname version; - sha256 = "c8b94557d93bcfe437f20a8176693ea4f54358b74986cc19d94ebc23f48e40cc"; + sha256 = "sha256-+BQuBDi+J3xvod3uE67NXaFStIxt7H/Ulw3vG13CGeI="; }; propagatedBuildInputs = [ future requests python-dateutil ]; From d54b22f9ac6271e3e2b158ed80770ad8a7f552b0 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 1 Jul 2022 00:50:50 +0000 Subject: [PATCH 14/19] python310Packages.qiskit-finance: 0.3.2 -> 0.3.3 --- pkgs/development/python-modules/qiskit-finance/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/qiskit-finance/default.nix b/pkgs/development/python-modules/qiskit-finance/default.nix index ad80eb3698f..45764b4983e 100644 --- a/pkgs/development/python-modules/qiskit-finance/default.nix +++ b/pkgs/development/python-modules/qiskit-finance/default.nix @@ -22,7 +22,7 @@ buildPythonPackage rec { pname = "qiskit-finance"; - version = "0.3.2"; + version = "0.3.3"; disabled = pythonOlder "3.6"; @@ -30,7 +30,7 @@ buildPythonPackage rec { owner = "qiskit"; repo = pname; rev = "refs/tags/${version}"; - sha256 = "sha256-ZmK4nYuv3DBJ0Ah819zGAh7inGVBWDnzJvl0FABJ6KU="; + sha256 = "sha256-1XM4gBuMsvjwU4GSdQJobMyyDFZOOTbwvnUPG0nXFoc="; }; postPatch = '' From a046e6c8f31a4766d8374c5269ebb492f623072a Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Fri, 1 Jul 2022 08:50:39 +0200 Subject: [PATCH 15/19] python310Packages.hcloud: enable all tests - add pythonImportsCheck - remove lint inputs - disable on older Python releases - add format - update description --- .../python-modules/hcloud/default.nix | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/pkgs/development/python-modules/hcloud/default.nix b/pkgs/development/python-modules/hcloud/default.nix index 6c79629919d..ad8e79b63fd 100644 --- a/pkgs/development/python-modules/hcloud/default.nix +++ b/pkgs/development/python-modules/hcloud/default.nix @@ -2,39 +2,44 @@ , buildPythonPackage , fetchPypi , future -, requests -, python-dateutil -, flake8 -, isort , mock -, pytest -, isPy27 +, pytestCheckHook +, python-dateutil +, pythonOlder +, requests }: buildPythonPackage rec { pname = "hcloud"; version = "1.17.0"; - disabled = isPy27; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-+BQuBDi+J3xvod3uE67NXaFStIxt7H/Ulw3vG13CGeI="; + hash = "sha256-+BQuBDi+J3xvod3uE67NXaFStIxt7H/Ulw3vG13CGeI="; }; - propagatedBuildInputs = [ future requests python-dateutil ]; + propagatedBuildInputs = [ + future + requests + python-dateutil + ]; - checkInputs = [ flake8 isort mock pytest ]; + checkInputs = [ + mock + pytestCheckHook + ]; - # Skip integration tests since they require a separate external fake API endpoint. - checkPhase = '' - pytest --ignore=tests/integration - ''; + pythonImportsCheck = [ + "hcloud" + ]; meta = with lib; { - description = "Official Hetzner Cloud python library"; + description = "Library for the Hetzner Cloud API"; homepage = "https://github.com/hetznercloud/hcloud-python"; license = licenses.mit; - platforms = platforms.all; maintainers = with maintainers; [ liff ]; }; } From d20dd119683e1b9b2f8ca557e3ca8414424bb9c3 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 1 Jul 2022 07:47:54 +0000 Subject: [PATCH 16/19] pantheon.wingpanel-indicator-network: 2.3.2 -> 2.3.3 --- .../pantheon/desktop/wingpanel-indicators/network/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/desktops/pantheon/desktop/wingpanel-indicators/network/default.nix b/pkgs/desktops/pantheon/desktop/wingpanel-indicators/network/default.nix index fdb6481f7e7..013884cb349 100644 --- a/pkgs/desktops/pantheon/desktop/wingpanel-indicators/network/default.nix +++ b/pkgs/desktops/pantheon/desktop/wingpanel-indicators/network/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "wingpanel-indicator-network"; - version = "2.3.2"; + version = "2.3.3"; src = fetchFromGitHub { owner = "elementary"; repo = pname; rev = version; - sha256 = "sha256-4Fg8/Gm9mUqaL3wEc8h+/pMvOfD75ILjo7LhLz6LQmo="; + sha256 = "sha256-fcR8gcexxIzSvR27SUyDhyCOlev+0r7YPPJlCNydCYM="; }; nativeBuildInputs = [ From aa6d3e68171d35e68d6aa7f9987f8aa651bf8d66 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Thu, 30 Jun 2022 08:48:25 +0000 Subject: [PATCH 17/19] top-level/linux-kernels.nix: add vendor kernels note This codifies existing practice of avoiding adding new vendor kernels to Nixpkgs. Hopefully I've put this comment at the place in the file somebody hoping to add a new vendor kernel would be most likely to look. --- pkgs/top-level/linux-kernels.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 0d2d7cc835c..a7376042a6e 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -57,6 +57,10 @@ in { kernels = recurseIntoAttrs (lib.makeExtensible (self: with self; let callPackage = newScope self; in { + # NOTE: PLEASE DO NOT ADD NEW VENDOR KERNELS TO NIXPKGS. + # New vendor kernels should go to nixos-hardware instead. + # e.g. https://github.com/NixOS/nixos-hardware/tree/master/microsoft/surface/kernel + linux_mptcp_95 = callPackage ../os-specific/linux/kernel/linux-mptcp-95.nix { kernelPatches = linux_4_19.kernelPatches; }; From 5932186344b312cbb3fa9b0b0be7a90b688843ae Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Mon, 27 Jun 2022 01:40:31 +0200 Subject: [PATCH 18/19] signal-desktop: fix missing tray icon Fixes: #178892 --- .../networking/instant-messengers/signal-desktop/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index 7d18a8d2925..53b7f8417ca 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -82,6 +82,7 @@ in stdenv.mkDerivation rec { runtimeDependencies = [ (lib.getLib systemd) + libappindicator-gtk3 libnotify libdbusmenu xdg-utils From 12ae5d953db66bcb18bdbee0b3afee179f88680c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 1 Jul 2022 10:05:36 +0000 Subject: [PATCH 19/19] python310Packages.asana: 0.10.9 -> 1.0.0 --- pkgs/development/python-modules/asana/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/asana/default.nix b/pkgs/development/python-modules/asana/default.nix index d179f3f9490..09ff9588544 100644 --- a/pkgs/development/python-modules/asana/default.nix +++ b/pkgs/development/python-modules/asana/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "asana"; - version = "0.10.9"; + version = "1.0.0"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -19,8 +19,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "asana"; repo = "python-asana"; - rev = "v${version}"; - sha256 = "sha256-9gOkCMY15ChdhiFdzS0TjvWpVTKKEGt7XIcK6EhkSK8="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-SbYTLGBCfKbjhyzM5OnVX6kxEMnofwPIyzwuJvYORhw="; }; propagatedBuildInputs = [