Merge master into staging-next

This commit is contained in:
github-actions[bot] 2022-06-25 00:02:10 +00:00 committed by GitHub
commit 192fdf11fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 892 additions and 24 deletions

View file

@ -142,6 +142,13 @@
<link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://schleuder.org/">schleuder</link>, a
mailing list manager with PGP support. Enable using
<link linkend="opt-services.schleuder.enable">services.schleuder</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.expressvpn.com">expressvpn</link>,

View file

@ -60,6 +60,8 @@ In addition to numerous new and upgraded packages, this release has the followin
Available as [services.infnoise](options.html#opt-services.infnoise.enable).
- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
- [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -515,6 +515,7 @@
./services/mail/rspamd.nix
./services/mail/rss2email.nix
./services/mail/roundcube.nix
./services/mail/schleuder.nix
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/matrix/appservice-discord.nix

View file

@ -0,0 +1,162 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.schleuder;
settingsFormat = pkgs.formats.yaml { };
postfixMap = entries: lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${value}") entries);
writePostfixMap = name: entries: pkgs.writeText name (postfixMap entries);
configScript = pkgs.writeScript "schleuder-cfg" ''
#!${pkgs.runtimeShell}
set -exuo pipefail
umask 0077
${pkgs.yq}/bin/yq \
--slurpfile overrides <(${pkgs.yq}/bin/yq . <${lib.escapeShellArg cfg.extraSettingsFile}) \
< ${settingsFormat.generate "schleuder.yml" cfg.settings} \
'. * $overrides[0]' \
> /etc/schleuder/schleuder.yml
chown schleuder: /etc/schleuder/schleuder.yml
'';
in
{
options.services.schleuder = {
enable = lib.mkEnableOption "Schleuder secure remailer";
enablePostfix = lib.mkEnableOption "automatic postfix integration" // { default = true; };
lists = lib.mkOption {
description = ''
List of list addresses that should be handled by Schleuder.
Note that this is only handled by the postfix integration, and
the setup of the lists, their members and their keys has to be
performed separately via schleuder's API, using a tool such as
schleuder-cli.
'';
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "widget-team@example.com" "security@example.com" ];
};
/* maybe one day....
domains = lib.mkOption {
description = "Domains for which all mail should be handled by Schleuder.";
type = lib.types.listOf lib.types.str;
default = [];
example = ["securelists.example.com"];
};
*/
settings = lib.mkOption {
description = ''
Settings for schleuder.yml.
Check the <link xlink:href="https://0xacab.org/schleuder/schleuder/blob/master/etc/schleuder.yml">example configuration</link> for possible values.
'';
type = lib.types.submodule {
freeformType = settingsFormat.type;
options.keyserver = lib.mkOption {
type = lib.types.str;
description = ''
Key server from which to fetch and update keys.
Note that NixOS uses a different default from upstream, since the upstream default sks-keyservers.net is deprecated.
'';
default = "keys.openpgp.org";
};
};
default = { };
};
extraSettingsFile = lib.mkOption {
description = "YAML file to merge into the schleuder config at runtime. This can be used for secrets such as API keys.";
type = lib.types.nullOr lib.types.path;
default = null;
};
listDefaults = lib.mkOption {
description = ''
Default settings for lists (list-defaults.yml).
Check the <link xlink:href="https://0xacab.org/schleuder/schleuder/-/blob/master/etc/list-defaults.yml">example configuration</link> for possible values.
'';
type = settingsFormat.type;
default = { };
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.settings.api ? valid_api_keys);
message = ''
services.schleuder.settings.api.valid_api_keys is set. Defining API keys via NixOS config results in them being copied to the world-readable Nix store. Please use the extraSettingsFile option to store API keys in a non-public location.
'';
}
{
assertion = !(lib.any (db: db ? password) (lib.attrValues cfg.settings.database or {}));
message = ''
A password is defined for at least one database in services.schleuder.settings.database. Defining passwords via NixOS config results in them being copied to the world-readable Nix store. Please use the extraSettingsFile option to store database passwords in a non-public location.
'';
}
];
users.users.schleuder.isSystemUser = true;
users.users.schleuder.group = "schleuder";
users.groups.schleuder = {};
environment.systemPackages = [
pkgs.schleuder-cli
];
services.postfix = lib.mkIf cfg.enablePostfix {
extraMasterConf = ''
schleuder unix - n n - - pipe
flags=DRhu user=schleuder argv=/${pkgs.schleuder}/bin/schleuder work ''${recipient}
'';
transport = lib.mkIf (cfg.lists != [ ]) (postfixMap (lib.genAttrs cfg.lists (_: "schleuder:")));
extraConfig = ''
schleuder_destination_recipient_limit = 1
'';
# review: does this make sense?
localRecipients = lib.mkIf (cfg.lists != [ ]) cfg.lists;
};
systemd.services = let commonServiceConfig = {
# We would have liked to use DynamicUser, but since the default
# database is SQLite and lives in StateDirectory, and that same
# database needs to be readable from the postfix service, this
# isn't trivial to do.
User = "schleuder";
StateDirectory = "schleuder";
StateDirectoryMode = "0700";
}; in
{
schleuder-init = {
serviceConfig = commonServiceConfig // {
ExecStartPre = lib.mkIf (cfg.extraSettingsFile != null) [
"+${configScript}"
];
ExecStart = [ "${pkgs.schleuder}/bin/schleuder install" ];
Type = "oneshot";
};
};
schleuder-api-daemon = {
after = [ "local-fs.target" "network.target" "schleuder-init.service" ];
wantedBy = [ "multi-user.target" ];
requires = [ "schleuder-init.service" ];
serviceConfig = commonServiceConfig // {
ExecStart = [ "${pkgs.schleuder}/bin/schleuder-api-daemon" ];
};
};
schleuder-weekly-key-maintenance = {
after = [ "local-fs.target" "network.target" ];
startAt = "weekly";
serviceConfig = commonServiceConfig // {
ExecStart = [
"${pkgs.schleuder}/bin/schleuder refresh_keys"
"${pkgs.schleuder}/bin/schleuder check_keys"
];
};
};
};
environment.etc."schleuder/schleuder.yml" = lib.mkIf (cfg.extraSettingsFile == null) {
source = settingsFormat.generate "schleuder.yml" cfg.settings;
};
environment.etc."schleuder/list-defaults.yml".source = settingsFormat.generate "list-defaults.yml" cfg.listDefaults;
services.schleuder = {
#lists_dir = "/var/lib/schleuder.lists";
settings.filters_dir = lib.mkDefault "/var/lib/schleuder/filters";
settings.keyword_handlers_dir = lib.mkDefault "/var/lib/schleuder/keyword_handlers";
};
};
}

View file

@ -534,6 +534,7 @@ let
services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
${poolName} = {
inherit (cfg) user;
phpPackage = pkgs.php80;
settings = mapAttrs (name: mkDefault) {
"listen.owner" = "nginx";
"listen.group" = "nginx";

View file

@ -485,6 +485,7 @@ in {
samba = handleTest ./samba.nix {};
samba-wsdd = handleTest ./samba-wsdd.nix {};
sanoid = handleTest ./sanoid.nix {};
schleuder = handleTest ./schleuder.nix {};
sddm = handleTest ./sddm.nix {};
seafile = handleTest ./seafile.nix {};
searx = handleTest ./searx.nix {};

128
nixos/tests/schleuder.nix Normal file
View file

@ -0,0 +1,128 @@
let
certs = import ./common/acme/server/snakeoil-certs.nix;
domain = certs.domain;
in
import ./make-test-python.nix {
name = "schleuder";
nodes.machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ];
services.postfix = {
enable = true;
enableSubmission = true;
tlsTrustedAuthorities = "${certs.ca.cert}";
sslCert = "${certs.${domain}.cert}";
sslKey = "${certs.${domain}.key}";
inherit domain;
destination = [ domain ];
localRecipients = [ "root" "alice" "bob" ];
};
services.schleuder = {
enable = true;
# Don't do it like this in production! The point of this setting
# is to allow loading secrets from _outside_ the world-readable
# Nix store.
extraSettingsFile = pkgs.writeText "schleuder-api-keys.yml" ''
api:
valid_api_keys:
- fnord
'';
lists = [ "security@${domain}" ];
settings.api = {
tls_cert_file = "${certs.${domain}.cert}";
tls_key_file = "${certs.${domain}.key}";
};
};
environment.systemPackages = [
pkgs.gnupg
pkgs.msmtp
(pkgs.writeScriptBin "do-test" ''
#!${pkgs.runtimeShell}
set -exuo pipefail
# Generate a GPG key with no passphrase and export it
sudo -u alice gpg --passphrase-fd 0 --batch --yes --quick-generate-key 'alice@${domain}' rsa4096 sign,encr < <(echo)
sudo -u alice gpg --armor --export alice@${domain} > alice.asc
# Create a new mailing list with alice as the owner, and alice's key
schleuder-cli list new security@${domain} alice@${domain} alice.asc
# Send an email from a non-member of the list. Use --auto-from so we don't have to specify who it's from twice.
msmtp --auto-from security@${domain} --host=${domain} --port=25 --tls --tls-starttls <<EOF
Subject: really big security issue!!
From: root@${domain}
I found a big security problem!
EOF
# Wait for delivery
(set +o pipefail; journalctl -f -n 1000 -u postfix | grep -m 1 'delivered to maildir')
# There should be exactly one email
mail=(/var/spool/mail/alice/new/*)
[[ "''${#mail[@]}" = 1 ]]
# Find the fingerprint of the mailing list key
read list_key_fp address < <(schleuder-cli keys list security@${domain} | grep security@)
schleuder-cli keys export security@${domain} $list_key_fp > list.asc
# Import the key into alice's keyring, so we can verify it as well as decrypting
sudo -u alice gpg --import <list.asc
# And perform the decryption.
sudo -u alice gpg -d $mail >decrypted
# And check that the text matches.
grep "big security problem" decrypted
'')
# For debugging:
# pkgs.vim pkgs.openssl pkgs.sqliteinteractive
];
security.pki.certificateFiles = [ certs.ca.cert ];
# Since we don't have internet here, use dnsmasq to provide MX records from /etc/hosts
services.dnsmasq = {
enable = true;
extraConfig = ''
selfmx
'';
};
networking.extraHosts = ''
127.0.0.1 ${domain}
'';
# schleuder-cli's config is not quite optimal in several ways:
# - A fingerprint _must_ be pinned, it doesn't even have an option
# to trust the PKI
# - It compares certificate fingerprints rather than key
# fingerprints, so renewals break the pin (though that's not
# relevant for this test)
# - It compares them as strings, which means we need to match the
# expected format exactly. This means removing the :s and
# lowercasing it.
# Refs:
# https://0xacab.org/schleuder/schleuder-cli/-/issues/16
# https://0xacab.org/schleuder/schleuder-cli/-/blob/f8895b9f47083d8c7b99a2797c93f170f3c6a3c0/lib/schleuder-cli/helper.rb#L230-238
systemd.tmpfiles.rules = let cliconfig = pkgs.runCommand "schleuder-cli.yml"
{
nativeBuildInputs = [ pkgs.jq pkgs.openssl ];
} ''
fp=$(openssl x509 -in ${certs.${domain}.cert} -noout -fingerprint -sha256 | cut -d = -f 2 | tr -d : | tr 'A-Z' 'a-z')
cat > $out <<EOF
host: localhost
port: 4443
tls_fingerprint: "$fp"
api_key: fnord
EOF
''; in
[
"L+ /root/.schleuder-cli/schleuder-cli.yml - - - - ${cliconfig}"
];
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_until_succeeds("nc -z localhost 4443")
machine.succeed("do-test")
'';
}

View file

@ -23,7 +23,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
# OCR on voxedit's window is very expensive, so we avoid wasting a try
# by letting the window load fully first
machine.sleep(15)
machine.wait_for_text("Palette")
machine.wait_for_text("Solid")
machine.screenshot("screen")
'';
})

View file

@ -29,13 +29,13 @@
stdenv.mkDerivation rec {
pname = "vengi-tools";
version = "0.0.18";
version = "0.0.20";
src = fetchFromGitHub {
owner = "mgerhardy";
repo = "vengi";
rev = "v${version}";
sha256 = "sha256-Ur1X5FhOa87jbjWBXievBfCHW+qP/8bqLiyKAC8+KU4=";
sha256 = "sha256-WsG6mjO90QQNsAarxdupZvXubdy06JjQmVYUzygl8l4=";
};
nativeBuildInputs = [

View file

@ -21,6 +21,10 @@ stdenv.mkDerivation rec {
hash = "sha256-i7c1jSawHshj1kaXl8tdpelIKU24okeg9K5/+ht6t2k=";
};
passthru = {
inherit libtorrent;
};
nativeBuildInputs = [
cmake
];

View file

@ -27,6 +27,10 @@ stdenv.mkDerivation rec {
hash = "sha256-HTwAs8dfZVXfLRNiT6QpjKGnuahHfoMfYWqdKkedUL0=";
};
passthru = {
inherit libtorrent;
};
nativeBuildInputs = [
autoconf-archive
autoreconfHook

View file

@ -32,6 +32,7 @@
"@webassemblyjs/wasm-strip" = "wasm-strip";
"@webassemblyjs/wasm-text-gen" = "wasmgen";
"@webassemblyjs/wast-refmt" = "wast-refmt";
aws-cdk = "cdk";
balanceofsatoshis = "bos";
carbon-now-cli = "carbon-now";
cdk8s-cli = "cdk8s";

View file

@ -2,7 +2,6 @@
, stdenv
, buildPythonPackage
, pythonOlder
, pythonAtLeast
, fetchFromGitHub
, pillow
, libX11
@ -17,7 +16,7 @@ buildPythonPackage rec {
version = "1.2.0";
format = "setuptools";
disabled = pythonOlder "3.8" || pythonAtLeast "3.10";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "ful1e5";

View file

@ -77,7 +77,7 @@ buildPythonPackage rec {
pythonImportsCheck = [ "jnpr.junos" ];
meta = with lib; {
homepage = "http://www.github.com/Juniper/py-junos-eznc";
homepage = "https://github.com/Juniper/py-junos-eznc";
description = "Junos 'EZ' automation for non-programmers";
license = licenses.asl20;
maintainers = with maintainers; [ xnaveira ];

View file

@ -1,7 +1,7 @@
{ lib, buildPythonPackage, fetchFromGitHub, fetchpatch, setuptools, cffi
, paramiko, requests, future, textfsm, jinja2, netaddr, pyyaml, pyeapi, netmiko
, junos-eznc, ciscoconfparse, scp, lxml, ncclient, pytestCheckHook, ddt, mock
, pythonOlder }:
, pythonOlder, invoke }:
buildPythonPackage rec {
pname = "napalm";
@ -35,14 +35,13 @@ buildPythonPackage rec {
--replace "netmiko>=3.3.0,<4.0.0" "netmiko"
'';
buildInputs = [ setuptools ];
propagatedBuildInputs = [
cffi
paramiko
requests
future
textfsm
invoke
jinja2
netaddr
pyyaml
@ -51,6 +50,7 @@ buildPythonPackage rec {
junos-eznc
ciscoconfparse
scp
setuptools
lxml
ncclient
];
@ -62,6 +62,6 @@ buildPythonPackage rec {
"Network Automation and Programmability Abstraction Layer with Multivendor support";
homepage = "https://github.com/napalm-automation/napalm";
license = licenses.asl20;
maintainers = [ maintainers.astro ];
maintainers = with maintainers; [ ] ++ teams.c3d2.members;
};
}

View file

@ -41,6 +41,20 @@ Gem.paths = { 'GEM_HOME' => #{bundle_path.dump} }
$LOAD_PATH.unshift #{File.join(bundler_path, "/lib").dump}
require 'bundler'
# Monkey-patch out the check that Bundler performs to determine
# whether the bundler env is writable. It's not writable, even for
# root! And for this use of Bundler, it shouldn't be necessary since
# we're not trying to perform any package management operations, only
# produce a Gem path. Thus, we replace it with a method that will
# always return false, to squelch a warning from Bundler saying that
# sudo may be required.
module Bundler
class <<self
def requires_sudo?
return false
end
end
end
Bundler.setup(#{groups.map(&:dump).join(', ')})
load Gem.bin_path(#{name.dump}, #{exe.dump})

View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "coredns";
version = "1.9.2";
version = "1.9.3";
src = fetchFromGitHub {
owner = "coredns";
repo = "coredns";
rev = "v${version}";
sha256 = "sha256-6ABcXRuPEkzhjVZcltPoWGAc+fs6FwmgQCMRuLmhXxo=";
sha256 = "sha256-9lRZjY85SD1HXAWVCp8fpzV0d1Y+LbodT3Sp21CNp+k=";
};
vendorSha256 = "sha256-0S77748voNlIuY6yUAa669pB09h35THojCyQKUm5VFc=";
vendorSha256 = "sha256-gNa+dm7n71IiSCztTO5VZ5FnGTGYfNXo/HMichNzek0=";
postPatch = ''
substituteInPlace test/file_cname_proxy_test.go \

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "oh";
version = "0.8.0";
version = "0.8.1";
src = fetchFromGitHub {
owner = "michaelmacinnis";
repo = pname;
rev = "v${version}";
sha256 = "0sdpk77i5mfamkdqldybl9znzz92hqgi4xvby5j28m0a5gw46kj0";
sha256 = "sha256-DMxC5fv5ZLDv7gMajC/eyJd2YpO+OXFdvwAPYotnczw=";
};
vendorSha256 = "12vlvh37hvi8c1i9arppm5wj4v9c98s7myxra10q6qpdqssgc8a0";
vendorSha256 = "sha256-f4rqXOu6yXUzNsseSaV9pb8c2KXItYOalB5pfH3Acnc=";
meta = with lib; {
homepage = "https://github.com/michaelmacinnis/oh";

View file

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "httm";
version = "0.11.6";
version = "0.12.1";
src = fetchFromGitHub {
owner = "kimono-koans";
repo = pname;
rev = version;
sha256 = "5jeCENAas7i/eBySSBjwmdc3MEHVhWWH7/RZGS8g1Y4=";
sha256 = "2pShuWJns8VnxiRgj5GLv5Y7H5Qw/SfQ6lVo6VqyU/A=";
};
cargoSha256 = "x4qfi3Wm5r0HNqDgmJBXNvS1xQDU7MQ/H2+zNpHon+s=";
cargoSha256 = "x5JUwQxrZ5TBG8FAMlomTkZOCxV0c/7i5sx33BCUkKo=";
nativeBuildInputs = [ installShellFiles ];

View file

@ -6,7 +6,7 @@
, libevent
, ncurses
, pkg-config
, systemd
, withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isStatic, systemd
, utf8proc
}:
@ -43,13 +43,13 @@ stdenv.mkDerivation rec {
buildInputs = [
ncurses
libevent
] ++ lib.optionals stdenv.isLinux [ systemd ]
] ++ lib.optionals withSystemd [ systemd ]
++ lib.optionals stdenv.isDarwin [ utf8proc ];
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
] ++ lib.optionals stdenv.isLinux [ "--enable-systemd" ]
] ++ lib.optionals withSystemd [ "--enable-systemd" ]
++ lib.optionals stdenv.isDarwin [ "--enable-utf8proc" ];
enableParallelBuilding = true;

View file

@ -25,8 +25,8 @@ buildPythonPackage rec {
};
patches = [
# Fixes throttling on youtube.com. Without the patch downloads are capped at
# about 80KiB/s. See, e.g.,
# Fixes throttling on youtube.com by decoding a "n-parameter". Without the patch
# downloads are capped at about 80KiB/s. See, e.g.,
#
# https://github.com/ytdl-org/youtube-dl/issues/29326
#
@ -37,6 +37,20 @@ buildPythonPackage rec {
url = "https://github.com/ytdl-org/youtube-dl/compare/57044eacebc6f2f3cd83c345e1b6e659a22e4773...1e677567cd083d43f55daef0cc74e5fa24575ae3.diff";
sha256 = "11s0j3w60r75xx20p0x2j3yc4d3yvz99r0572si8b5qd93lqs4pr";
})
# The above patch may fail to decode the n-parameter (if, say, YouTube is updated). Failure to decode
# it blocks the download instead of falling back to the throttled version. The patch below implements
# better fallback behaviour.
(fetchpatch {
name = "avoid-crashing-if-nsig-decode-fails.patch";
url = "https://github.com/ytdl-org/youtube-dl/commit/41f0043983c831b7c0c3614340d2f66ec153087b.diff";
sha256 = "sha256-a72gWhBXCLjuBBD36PpZ5F/AHBdiBv4W8Wf9g4P/aBY=";
})
# YouTube changed the n-parameter format in April 2022, so decoder updates are required.
(fetchpatch {
name = "fix-n-descrambling.patch";
url = "https://github.com/ytdl-org/youtube-dl/commit/a0068bd6bec16008bda7a39caecccbf84881c603.diff";
sha256 = "sha256-tSuEns4jputa2nOOo6JsFXpK3hvJ/+z1/ymcLsd3A6w=";
})
];
nativeBuildInputs = [ installShellFiles makeWrapper ];

View file

@ -0,0 +1,3 @@
source 'https://rubygems.org' do
gem 'schleuder'
end

View file

@ -0,0 +1,85 @@
GEM
specs:
GEM
remote: https://rubygems.org/
specs:
activemodel (6.1.4.4)
activesupport (= 6.1.4.4)
activerecord (6.1.4.4)
activemodel (= 6.1.4.4)
activesupport (= 6.1.4.4)
activesupport (6.1.4.4)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
bcrypt (3.1.16)
charlock_holmes (0.7.7)
concurrent-ruby (1.1.9)
daemons (1.4.1)
eventmachine (1.2.7)
gpgme (2.0.20)
mini_portile2 (~> 2.3)
i18n (1.8.11)
concurrent-ruby (~> 1.0)
mail (2.7.1)
mini_mime (>= 0.1.1)
mail-gpg (0.4.4)
gpgme (~> 2.0, >= 2.0.2)
mail (~> 2.5, >= 2.5.3)
mini_mime (1.1.2)
mini_portile2 (2.7.1)
minitest (5.15.0)
multi_json (1.15.0)
mustermann (1.1.1)
ruby2_keywords (~> 0.0.1)
rack (2.2.3)
rack-protection (2.1.0)
rack
rake (13.0.6)
ruby2_keywords (0.0.5)
schleuder (4.0.2)
activerecord (~> 6.1.3)
bcrypt (~> 3.1.2)
charlock_holmes (~> 0.7.6)
gpgme (~> 2.0, >= 2.0.19)
mail (~> 2.7.1)
mail-gpg (~> 0.3)
rake (>= 10.5.0)
sinatra (~> 2)
sinatra-contrib (~> 2)
sqlite3 (~> 1.4.2)
thin (~> 1)
thor (~> 0)
sinatra (2.1.0)
mustermann (~> 1.0)
rack (~> 2.2)
rack-protection (= 2.1.0)
tilt (~> 2.0)
sinatra-contrib (2.1.0)
multi_json
mustermann (~> 1.0)
rack-protection (= 2.1.0)
sinatra (= 2.1.0)
tilt (~> 2.0)
sqlite3 (1.4.2)
thin (1.8.1)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
thor (0.20.3)
tilt (2.0.10)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
zeitwerk (2.5.3)
PLATFORMS
x86_64-linux
DEPENDENCIES
schleuder!
BUNDLED WITH
2.2.24

View file

@ -0,0 +1,4 @@
source "https://rubygems.org"
gem "schleuder-cli", git: "https://0xacab.org/schleuder/schleuder-cli", tag: "schleuder-cli-0.1.0"

View file

@ -0,0 +1,21 @@
GIT
remote: https://0xacab.org/schleuder/schleuder-cli
revision: 1de2548695d9a74f47b7868954561b48cbc966f9
tag: schleuder-cli-0.1.0
specs:
schleuder-cli (0.1.0)
thor (~> 0)
GEM
remote: https://rubygems.org/
specs:
thor (0.20.3)
PLATFORMS
x86_64-linux
DEPENDENCIES
schleuder-cli!
BUNDLED WITH
2.3.6

View file

@ -0,0 +1,34 @@
{ lib
, bundlerApp
, ruby
, bundlerUpdateScript
}:
bundlerApp {
inherit ruby;
pname = "schleuder-cli";
gemdir = ./.;
installManpages = false;
exes = [
"schleuder-cli"
];
passthru.updateScript = bundlerUpdateScript "schleuder-cli";
meta = with lib; {
description = "A command line tool to create and manage schleuder-lists";
longDescription = ''
Schleuder-cli enables creating, configuring, and deleting lists,
subscriptions, keys, etc. It uses the Schleuder API, provided by
schleuder-api-daemon (part of Schleuder).
'';
homepage = "https://schleuder.org";
changelog = "https://0xacab.org/schleuder/schleuder-cli/-/blob/main/CHANGELOG.md";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ hexa ];
};
}

View file

@ -0,0 +1,25 @@
{
schleuder-cli = {
dependencies = ["thor"];
groups = ["default"];
platforms = [];
source = {
fetchSubmodules = false;
rev = "1de2548695d9a74f47b7868954561b48cbc966f9";
sha256 = "0k4i33w9a0bscw4wbs301vxca367g7pa89y6cr24i0014pbmhs9z";
type = "git";
url = "https://0xacab.org/schleuder/schleuder-cli";
};
version = "0.1.0";
};
thor = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29";
type = "gem";
};
version = "0.20.3";
};
}

View file

@ -0,0 +1,38 @@
{ lib
, bundlerApp
, ruby
, bundlerUpdateScript
, defaultGemConfig
, nixosTests
}:
bundlerApp {
inherit ruby;
pname = "schleuder";
gemdir = ./.;
exes = [
"schleuder"
"schleuder-api-daemon"
];
passthru.updateScript = bundlerUpdateScript "schleuder";
passthru.tests = {
inherit (nixosTests) schleuder;
};
meta = with lib; {
description = "Schleuder is an encrypting mailing list manager with remailing-capabilities";
longDescription = ''
Schleuder is a group's email-gateway: subscribers can exchange
encrypted emails among themselves, receive emails from
non-subscribers and send emails to non-subscribers via the list.
'';
homepage = "https://schleuder.org";
changelog = "https://0xacab.org/schleuder/schleuder/blob/main/CHANGELOG.md";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ hexa lheckemann ];
};
}

View file

@ -0,0 +1,316 @@
{
activemodel = {
dependencies = ["activesupport"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0g3qdz8dw6zkgz45jd13lwfdnm7rhgczv1pssw63g9k6qj3bkxjm";
type = "gem";
};
version = "6.1.4.4";
};
activerecord = {
dependencies = ["activemodel" "activesupport"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "090d4wl1pq06m9mibpck0m5nm8h45fwhs3fjx27297kjmnv4gzik";
type = "gem";
};
version = "6.1.4.4";
};
activesupport = {
dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0rvnz9lsf9mrkpji748sf51f54m027snkw6rm8flyvf7fq18rm98";
type = "gem";
};
version = "6.1.4.4";
};
bcrypt = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "02r1c3isfchs5fxivbq99gc3aq4vfyn8snhcy707dal1p8qz12qb";
type = "gem";
};
version = "3.1.16";
};
charlock_holmes = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0hybw8jw9ryvz5zrki3gc9r88jqy373m6v46ynxsdzv1ysiyr40p";
type = "gem";
};
version = "0.7.7";
};
concurrent-ruby = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0nwad3211p7yv9sda31jmbyw6sdafzmdi2i2niaz6f0wk5nq9h0f";
type = "gem";
};
version = "1.1.9";
};
daemons = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "07cszb0zl8mqmwhc8a2yfg36vi6lbgrp4pa5bvmryrpcz9v6viwg";
type = "gem";
};
version = "1.4.1";
};
eventmachine = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r";
type = "gem";
};
version = "1.2.7";
};
gpgme = {
dependencies = ["mini_portile2"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0xbgh9d8nbvsvyzqnd0mzhz0nr9hx4qn025kmz6d837lry4lc6gw";
type = "gem";
};
version = "2.0.20";
};
i18n = {
dependencies = ["concurrent-ruby"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0vdd1kii40qhbr9n8qx71k2gskq6rkl8ygy8hw5hfj8bb5a364xf";
type = "gem";
};
version = "1.8.11";
};
mail = {
dependencies = ["mini_mime"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "00wwz6ys0502dpk8xprwcqfwyf3hmnx6lgxaiq6vj43mkx43sapc";
type = "gem";
};
version = "2.7.1";
};
mail-gpg = {
dependencies = ["gpgme" "mail"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1rz936m8nacy7agksvpvkf6b37d1h5qvh5xkrjqvv5wbdqs3cyfj";
type = "gem";
};
version = "0.4.4";
};
mini_mime = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0lbim375gw2dk6383qirz13hgdmxlan0vc5da2l072j3qw6fqjm5";
type = "gem";
};
version = "1.1.2";
};
mini_portile2 = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0d3ga166pahsxavzwj19yjj4lr13rw1vsb36s2qs8blcxigrdp6z";
type = "gem";
};
version = "2.7.1";
};
minitest = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "06xf558gid4w8lwx13jwfdafsch9maz8m0g85wnfymqj63x5nbbd";
type = "gem";
};
version = "5.15.0";
};
multi_json = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0pb1g1y3dsiahavspyzkdy39j4q377009f6ix0bh1ag4nqw43l0z";
type = "gem";
};
version = "1.15.0";
};
mustermann = {
dependencies = ["ruby2_keywords"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a";
type = "gem";
};
version = "1.1.1";
};
rack = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16";
type = "gem";
};
version = "2.2.3";
};
rack-protection = {
dependencies = ["rack"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "159a4j4kragqh0z0z8vrpilpmaisnlz3n7kgiyf16bxkwlb3qlhz";
type = "gem";
};
version = "2.1.0";
};
rake = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w";
type = "gem";
};
version = "13.0.6";
};
ruby2_keywords = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1vz322p8n39hz3b4a9gkmz9y7a5jaz41zrm2ywf31dvkqm03glgz";
type = "gem";
};
version = "0.0.5";
};
schleuder = {
dependencies = ["activerecord" "bcrypt" "charlock_holmes" "gpgme" "mail" "mail-gpg" "rake" "sinatra" "sinatra-contrib" "sqlite3" "thin" "thor"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "15j1rfkfvni82msamikynsg48s50hbsx1pxm3y967caq9s80ll6c";
type = "gem";
};
version = "4.0.2";
};
sinatra = {
dependencies = ["mustermann" "rack" "rack-protection" "tilt"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0dd53rzpkxgs697pycbhhgc9vcnxra4ly4xar8ni6aiydx2f88zk";
type = "gem";
};
version = "2.1.0";
};
sinatra-contrib = {
dependencies = ["multi_json" "mustermann" "rack-protection" "sinatra" "tilt"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1rl1iiafz51yzjd0vchl2lni7lmwppjql6cn1fnfxbma707qlcja";
type = "gem";
};
version = "2.1.0";
};
sqlite3 = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0lja01cp9xd5m6vmx99zwn4r7s97r1w5cb76gqd8xhbm1wxyzf78";
type = "gem";
};
version = "1.4.2";
};
thin = {
dependencies = ["daemons" "eventmachine" "rack"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "123bh7qlv6shk8bg8cjc84ix8bhlfcilwnn3iy6zq3l57yaplm9l";
type = "gem";
};
version = "1.8.1";
};
thor = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29";
type = "gem";
};
version = "0.20.3";
};
tilt = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv";
type = "gem";
};
version = "2.0.10";
};
tzinfo = {
dependencies = ["concurrent-ruby"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z";
type = "gem";
};
version = "2.0.4";
};
zeitwerk = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0lmg9x683gr9mkrbq9df2m0zb0650mdfxqna0bs10js44inv7znx";
type = "gem";
};
version = "2.5.3";
};
}

View file

@ -5575,6 +5575,10 @@ with pkgs;
conf = config.schildichat-web.conf or {};
};
schleuder = callPackage ../tools/security/schleuder { };
schleuder-cli = callPackage ../tools/security/schleuder/cli { };
tealdeer = callPackage ../tools/misc/tealdeer {
inherit (darwin.apple_sdk.frameworks) Security;
};