b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2022-01-04 00:02:40 +00:00 committed by GitHub
parent 1bcd2863e3 bfc5fca342
commit 25662d01ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
805 changed files with 8861 additions and 17868 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/CODEOWNERS vendored
View file

@ -233,6 +233,7 @@
/pkgs/applications/blockchains @mmahut @RaghavSood
# Go
/doc/languages-frameworks/go.section.md @kalbasit @Mic92 @zowoq
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
/pkgs/development/go-modules @kalbasit @Mic92 @zowoq
/pkgs/development/go-packages @kalbasit @Mic92 @zowoq

3
doc/build-aux/pandoc-filters/link-unix-man-references.lua
View file

@ -1,6 +1,5 @@
--[[
Turns a manpage reference into a link, when a mapping is defined
in the unix-man-urls.lua file.
Turns a manpage reference into a link, when a mapping is defined below.
]]
local man_urls = {

2
doc/contributing/contributing-to-documentation.chapter.md
View file

@ -55,7 +55,7 @@ Additionally, the following syntax extensions are currently used:
- []{#ssec-contributing-markup-inline-roles}
If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``, which will turn into {manpage}`nix.conf(5)`.
The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/unix-man-urls.lua`.
The references will turn into links when a mapping exists in {file}`doc/build-aux/pandoc-filters/link-unix-man-references.lua`.
This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/syntax/syntax.html#roles-an-in-line-extension-point). Though, the feature originates from [reStructuredText](https://www.sphinx-doc.org/en/master/usage/restructuredtext/roles.html#role-manpage) with slightly different syntax.

24
doc/languages-frameworks/beam.section.md
View file

@ -280,6 +280,30 @@ mkShell {
}
```
### Using an overlay
If you need to use an overlay to change some attributes of a derivation, e.g. if you need a bugfix from a version that is not yet available in nixpkgs, you can override attributes such as `version` (and the corresponding `sha256`) and then use this overlay in your development environment:
#### `shell.nix`
```nix
let
elixir_1_13_1_overlay = (self: super: {
elixir_1_13 = super.elixir_1_13.override {
version = "1.13.1";
sha256 = "0z0b1w2vvw4vsnb99779c2jgn9bgslg7b1pmd9vlbv02nza9qj5p";
};
});
pkgs = import <nixpkgs> { overlays = [ elixir_1_13_1_overlay ]; };
in
with pkgs;
mkShell {
buildInputs = [
elixir_1_13
];
}
```
#### Elixir - Phoenix project {#elixir---phoenix-project}
Here is an example `shell.nix`.

2
doc/languages-frameworks/go.section.md
View file

@ -29,8 +29,6 @@ pet = buildGoModule rec {
vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
runVend = true;
meta = with lib; {
description = "Simple command-line snippet manager, written in Go";
homepage = "https://github.com/knqyf263/pet";

74
maintainers/maintainer-list.nix
View file

@ -95,6 +95,12 @@
githubId = 7414843;
name = "Nicholas von Klitzing";
};
_13r0ck = {
name = "Brock Szuszczewicz";
email = "bnr@tuta.io";
github = "13r0ck";
githubId = 58987761;
};
_3noch = {
email = "eacameron@gmail.com";
github = "3noch";
@ -1170,6 +1176,17 @@
githubId = 56650223;
name = "Artturi N";
};
azahi = {
email = "azahi@teknik.io";
matrix = "@azahi:matrix.org";
github = "azahi";
githubId = 22211000;
name = "Azat Bahawi";
keys = [{
longkeyid = "rsa2048/0xB40FCB6608BBE3B6";
fingerprint = "E9F3 483F 31C7 29B4 4CA2 7C38 B40F CB66 08BB E3B6";
}];
};
ayazhafiz = {
email = "ayaz.hafiz.1@gmail.com";
github = "ayazhafiz";
@ -1877,6 +1894,13 @@
githubId = 495429;
name = "Claas Augner";
};
cawilliamson = {
email = "home@chrisaw.com";
github = "cawilliamson";
githubId = 1141769;
matrix = "@cawilliamson:nixos.dev";
name = "Christopher A. Williamson";
};
cbley = {
email = "claudio.bley@gmail.com";
github = "avdv";
@ -2070,12 +2094,6 @@
githubId = 399718;
name = "Chris Martin";
};
chrisaw = {
email = "home@chrisaw.com";
github = "cawilliamson";
githubId = 1141769;
name = "Christopher A. Williamson";
};
chrisjefferson = {
email = "chris@bubblescope.net";
github = "chrisjefferson";
@ -3125,6 +3143,16 @@
githubId = 10198051;
name = "Drew Risinger";
};
drperceptron = {
email = "92106371+drperceptron@users.noreply.github.com";
github = "drperceptron";
githubId = 92106371;
name = "Dr Perceptron";
keys = [{
longkeyid = "rsa4096/0x95EB6DFF26D1CEB0";
fingerprint = "7E38 89D9 B1A8 B381 C8DE A15F 95EB 6DFF 26D1 CEB0";
}];
};
drupol = {
name = "Pol Dellaiera";
email = "pol.dellaiera@protonmail.com";
@ -4738,6 +4766,12 @@
github = "higebu";
githubId = 733288;
};
hiljusti = {
name = "J.R. Hill";
email = "hiljusti@so.dang.cool";
github = "hiljusti";
githubId = 17605298;
};
hinton = {
email = "t@larkery.com";
name = "Tom Hinton";
@ -8636,7 +8670,7 @@
};
noreferences = {
email = "norkus@norkus.net";
github = "noreferences";
github = "jozuas";
githubId = 13085275;
name = "Juozas Norkus";
};
@ -11037,6 +11071,13 @@
githubId = 26806;
name = "Scott Olson";
};
SomeoneSerge = {
email = "sergei.kozlukov@aalto.fi";
matrix = "@ss:someonex.net";
github = "SomeoneSerge";
githubId = 9720532;
name = "Sergei K";
};
sondr3 = {
email = "nilsen.sondre@gmail.com";
github = "sondr3";
@ -11163,6 +11204,12 @@
githubId = 7512804;
name = "Martin Langlotz";
};
steamwalker = {
email = "steamwalker@xs4all.nl";
github = "steamwalker";
githubId = 94006354;
name = "steamwalker";
};
steell = {
email = "steve@steellworks.com";
github = "Steell";
@ -11600,6 +11647,12 @@
githubId = 280235;
name = "Terje Larsen";
};
terrorjack = {
email = "astrohavoc@gmail.com";
github = "TerrorJack";
githubId = 3889585;
name = "Cheng Shao";
};
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
@ -11795,6 +11848,13 @@
githubId = 1618946;
name = "Tiago Castro";
};
tilcreator = {
name = "Tilman Jackel";
email = "contact.nixos@tc-j.de";
matrix = "@tilcreator:matrix.org";
github = "TilCreator";
githubId = 18621411;
};
tilpner = {
email = "till@hoeppner.ws";
github = "tilpner";

7
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View file

@ -273,13 +273,6 @@
<link xlink:href="options.html#opt-services.peertube.enable">services.peertube</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://sr.ht">sourcehut</link>, a

47
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -30,6 +30,14 @@
PHP 8.1 is now available
</para>
</listitem>
<listitem>
<para>
Mattermost has been updated to version 6.2. Migrations may
take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade
notes</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-new-services">
@ -51,6 +59,14 @@
<link xlink:href="options.html#opt-virtualisation.docker.rootless.enable">virtualisation.docker.rootless.enable</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://conduit.rs/">matrix-conduit</link>,
a simple, fast and reliable chat server powered by matrix.
Available as
<link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
@ -59,6 +75,13 @@
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/hifi/heisenbridge">heisenbridge</link>,
a bouncer-style Matrix IRC bridge. Available as
<link xlink:href="options.html#opt-services.heisenbridge.enable">services.heisenbridge</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
@ -66,6 +89,21 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://maddy.email">maddy</link>, a
composable all-in-one mail server. Available as
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -109,6 +147,13 @@
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
The MoinMoin wiki engine
(<literal>services.moinmoin</literal>) has been removed,
because Python 2 is being retired from nixpkgs.
</para>
</listitem>
<listitem>
<para>
The <literal>wafHook</literal> hook now honors
@ -271,7 +316,7 @@
<listitem>
<para>
The option
<link linkend="opt-services.ssh.enableAskPassword">services.ssh.enableAskPassword</link>
<link linkend="opt-programs.ssh.enableAskPassword">programs.ssh.enableAskPassword</link>
was added, decoupling the setting of
<literal>SSH_ASKPASS</literal> from
<literal>services.xserver.enable</literal>. This allows easy

2
nixos/doc/manual/release-notes/rl-2111.section.md
View file

@ -74,8 +74,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PeerTube](https://joinpeertube.org/), developed by Framasoft, is the free and decentralized alternative to video platforms. Available at [services.peertube](options.html#opt-services.peertube.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [sourcehut](https://sr.ht), a collection of tools useful for software development. Available as [services.sourcehut](options.html#opt-services.sourcehut.enable).
- [ucarp](https://download.pureftpd.org/pub/ucarp/README), an userspace implementation of the Common Address Redundancy Protocol (CARP). Available as [networking.ucarp](options.html#opt-networking.ucarp.enable).

15
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -13,15 +13,26 @@ In addition to numerous new and upgraded packages, this release has the followin
- PHP 8.1 is now available
- Mattermost has been updated to version 6.2. Migrations may take a while,
see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release).
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable).
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -43,6 +54,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
- The `wafHook` hook now honors `NIX_BUILD_CORES` when `enableParallelBuilding` is not set explicitly. Packages can restore the old behaviour by setting `enableParallelBuilding=false`.
- `pkgs.claws-mail-gtk2`, representing Claws Mail's older release version three, was removed in order to get rid of Python 2.
@ -105,7 +118,7 @@ In addition to numerous new and upgraded packages, this release has the followin
will now correctly remove those domains during rebuild/renew.
- The option
[services.ssh.enableAskPassword](#opt-services.ssh.enableAskPassword) was
[programs.ssh.enableAskPassword](#opt-programs.ssh.enableAskPassword) was
added, decoupling the setting of `SSH_ASKPASS` from
`services.xserver.enable`. This allows easy usage in non-X11 environments,
e.g. Wayland.

4
nixos/modules/misc/ids.nix
View file

@ -296,7 +296,7 @@ in
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
# couchpotato = 267; # unused, removed 2022-01-01
gogs = 268;
#pdns-recursor = 269; # dynamically allocated as of 2020-20-18
#kresd = 270; # switched to "knot-resolver" with dynamic ID
@ -603,7 +603,7 @@ in
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
# couchpotato = 267; # unused, removed 2022-01-01
gogs = 268;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
#rpc = 271; # unused

6
nixos/modules/module-list.nix
View file

@ -511,7 +511,6 @@
./services/misc/cpuminer-cryptonight.nix
./services/misc/cgminer.nix
./services/misc/confd.nix
./services/misc/couchpotato.nix
./services/misc/dendrite.nix
./services/misc/devmon.nix
./services/misc/dictd.nix
@ -556,6 +555,7 @@
./services/misc/mame.nix
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-conduit.nix
./services/misc/matrix-synapse.nix
./services/misc/mautrix-facebook.nix
./services/misc/mautrix-telegram.nix
@ -563,7 +563,6 @@
./services/misc/mediatomb.nix
./services/misc/metabase.nix
./services/misc/moonraker.nix
./services/misc/mwlib.nix
./services/misc/mx-puppet-discord.nix
./services/misc/n8n.nix
./services/misc/nitter.nix
@ -739,7 +738,6 @@
./services/networking/eternal-terminal.nix
./services/networking/fakeroute.nix
./services/networking/ferm.nix
./services/networking/firefox/sync-server.nix
./services/networking/fireqos.nix
./services/networking/firewall.nix
./services/networking/flannel.nix
@ -1029,13 +1027,11 @@
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
./services/web-apps/openwebrx.nix
./services/web-apps/restya-board.nix
./services/web-apps/sogo.nix
./services/web-apps/rss-bridge.nix
./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix
./services/web-apps/trilium.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix

6
nixos/modules/programs/firejail.nix
View file

@ -74,8 +74,10 @@ in {
</para>
<para>
You will get file collisions if you put the actual application binary in
the global environment and applications started via .desktop files are
not wrapped if they specify the absolute path to the binary.
the global environment (such as by adding the application package to
<code>environment.systemPackages</code>), and applications started via
.desktop files are not wrapped if they specify the absolute path to the
binary.
'';
};
};

6
nixos/modules/rename.nix
View file

@ -20,10 +20,11 @@ with lib;
(mkRemovedOptionModule [ "fonts" "fontconfig" "penultimate" ] "The corresponding package has removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "quagga" ] "the corresponding package has been removed from nixpkgs")
(mkRemovedOptionModule [ "services" "chronos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "couchpotato" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "deepin" ] "The corresponding packages were removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
@ -37,6 +38,7 @@ with lib;
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''

4
nixos/modules/services/backup/restic-rest-server.nix
View file

@ -95,6 +95,10 @@ in
};
};
systemd.tmpfiles.rules = mkIf cfg.privateRepos [
"f ${cfg.dataDir}/.htpasswd 0700 restic restic -"
];
users.users.restic = {
group = "restic";
home = cfg.dataDir;

21
nixos/modules/services/games/minecraft-server.nix
View file

@ -182,6 +182,27 @@ in {
Restart = "always";
User = "minecraft";
WorkingDirectory = cfg.dataDir;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
preStart = ''

42
nixos/modules/services/logging/logrotate.nix
View file

@ -4,8 +4,9 @@ with lib;
let
cfg = config.services.logrotate;
inherit (config.users) groups;
pathOpts = {
pathOpts = { name, ... }: {
options = {
enable = mkOption {
type = types.bool;
@ -16,10 +17,19 @@ let
'';
};
path = mkOption {
name = mkOption {
type = types.str;
internal = true;
};
path = mkOption {
type = with types; either str (listOf str);
default = name;
defaultText = "attribute name";
description = ''
The path to log files to be rotated.
Spaces are allowed and normal shell quoting rules apply,
with ', ", and \ characters supported.
'';
};
@ -74,6 +84,7 @@ let
};
};
config.name = name;
config.extraConfig = ''
missingok
notifempty
@ -82,7 +93,7 @@ let
mkConf = pathOpts: ''
# generated by NixOS using the `services.logrotate.paths.${pathOpts.name}` attribute set
"${pathOpts.path}" {
${concatMapStringsSep " " (path: ''"${path}"'') (toList pathOpts.path)} {
${optionalString (pathOpts.user != null || pathOpts.group != null) "su ${pathOpts.user} ${pathOpts.group}"}
${pathOpts.frequency}
rotate ${toString pathOpts.keep}
@ -90,7 +101,7 @@ let
}
'';
paths = sortProperties (mapAttrsToList (name: pathOpts: pathOpts // { name = name; }) (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
paths = sortProperties (attrValues (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
configFile = pkgs.writeText "logrotate.conf" (concatStringsSep "\n" ((map mkConf paths) ++ [ cfg.extraConfig ]));
in
@ -152,17 +163,34 @@ in
}
) cfg.paths;
services.logrotate = {
paths = {
"/var/log/btmp" = {
frequency = mkDefault "monthly";
keep = mkDefault 1;
extraConfig = ''
create 0660 root ${groups.utmp.name}
'';
};
"/var/log/wtmp" = {
frequency = mkDefault "monthly";
keep = mkDefault 1;
extraConfig = ''
create 0664 root ${groups.utmp.name}
'';
};
};
};
systemd.services.logrotate = {
description = "Logrotate Service";
wantedBy = [ "multi-user.target" ];
startAt = "hourly";
script = ''
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
serviceConfig = {
Restart = "no";
User = "root";
ExecStart = "${pkgs.logrotate}/sbin/logrotate ${configFile}";
};
};
};

60
nixos/modules/services/mail/maddy.nix
View file

@ -3,9 +3,16 @@
with lib;
let
name = "maddy";
cfg = config.services.maddy;
defaultConfig = ''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in production!
tls off
auth.pass_table local_authdb {
@ -131,22 +138,34 @@ let
in {
options = {
services.maddy = {
enable = mkEnableOption "Maddy, a free an open source mail server";
user = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the user under which maddy will run. If not specified, a
default user will be created.
User account under which maddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists before the maddy service starts.
</para></note>
'';
};
group = mkOption {
default = "maddy";
type = with types; uniq string;
description = ''
Name of the group under which maddy will run. If not specified, a
default group will be created.
Group account under which maddy runs.
<note><para>
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the group exists before the maddy service starts.
</para></note>
'';
};
@ -158,6 +177,7 @@ in {
Hostname to use. It should be FQDN.
'';
};
primaryDomain = mkOption {
default = "localhost";
type = with types; uniq string;
@ -166,6 +186,7 @@ in {
Primary MX domain to use. It should be FQDN.
'';
};
localDomains = mkOption {
type = with types; listOf str;
default = ["$(primary_domain)"];
@ -178,11 +199,18 @@ in {
Define list of allowed domains.
'';
};
config = mkOption {
type = with types; nullOr lines;
default = defaultConfig;
description = ''
Server configuration.
Server configuration, see
<link xlink:href="https://maddy.email">https://maddy.email</link> for
more information. The default configuration of this module will setup
minimal maddy instance for mail transfer without TLS encryption.
<note><para>
This should not be used in a production environment.
</para></note>
'';
};
@ -203,9 +231,11 @@ in {
packages = [ pkgs.maddy ];
services.maddy = {
serviceConfig = {
User = "${cfg.user}";
Group = "${cfg.group}";
User = cfg.user;
Group = cfg.group;
StateDirectory = [ "maddy" ];
};
restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ];
wantedBy = [ "multi-user.target" ];
};
};
@ -220,20 +250,16 @@ in {
'';
};
users.users = optionalAttrs (cfg.user == "maddy") {
maddy = {
description = "Maddy service user";
group = cfg.group;
home = "/var/lib/maddy";
createHome = true;
users.users = optionalAttrs (cfg.user == name) {
${name} = {
isSystemUser = true;
group = cfg.group;
description = "Maddy mail transfer agent user";
};
};
users.groups = mkIf (cfg.group == "maddy") {
maddy = pkgs.lib.mkForce {
name = cfg.group;
};
users.groups = optionalAttrs (cfg.group == name) {
${cfg.group} = { };
};
networking.firewall = mkIf cfg.openFirewall {

42
nixos/modules/services/misc/couchpotato.nix
View file

@ -1,42 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.couchpotato;
in
{
options = {
services.couchpotato = {
enable = mkEnableOption "CouchPotato Server";
};
};
config = mkIf cfg.enable {
systemd.services.couchpotato = {
description = "CouchPotato Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "couchpotato";
Group = "couchpotato";
StateDirectory = "couchpotato";
ExecStart = "${pkgs.couchpotato}/bin/couchpotato";
Restart = "on-failure";
};
};
users.users.couchpotato =
{ group = "couchpotato";
home = "/var/lib/couchpotato/";
description = "CouchPotato daemon user";
uid = config.ids.uids.couchpotato;
};
users.groups.couchpotato =
{ gid = config.ids.gids.couchpotato; };
};
}

208
nixos/modules/services/misc/heisenbridge.nix Normal file
View file

@ -0,0 +1,208 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.heisenbridge;
pkg = config.services.heisenbridge.package;
bin = "${pkg}/bin/heisenbridge";
jsonType = (pkgs.formats.json { }).type;
registrationFile = "/var/lib/heisenbridge/registration.yml";
# JSON is a proper subset of YAML
bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON {
id = "heisenbridge";
url = cfg.registrationUrl;
# Don't specify as_token and hs_token
rate_limited = false;
sender_localpart = "heisenbridge";
namespaces = cfg.namespaces;
});
in
{
options.services.heisenbridge = {
enable = mkEnableOption "the Matrix<->IRC bridge";
package = mkOption {
type = types.package;
default = pkgs.heisenbridge;
defaultText = "pkgs.heisenbridge";
example = "pkgs.heisenbridge.override { = ; }";
description = ''
Package of the application to run, exposed for overriding purposes.
'';
};
homeserver = mkOption {
type = types.str;
description = "The URL to the home server for client-server API calls";
example = "http://localhost:8008";
};
registrationUrl = mkOption {
type = types.str;
description = ''
The URL where the application service is listening for HS requests, from the Matrix HS perspective.#
The default value assumes the bridge runs on the same host as the home server, in the same network.
'';
example = "https://matrix.example.org";
default = "http://${cfg.address}:${toString cfg.port}";
defaultText = "http://$${cfg.address}:$${toString cfg.port}";
};
address = mkOption {
type = types.str;
description = "Address to listen on. IPv6 does not seem to be supported.";
default = "127.0.0.1";
example = "0.0.0.0";
};
port = mkOption {
type = types.port;
description = "The port to listen on";
default = 9898;
};
debug = mkOption {
type = types.bool;
description = "More verbose logging. Recommended during initial setup.";
default = false;
};
owner = mkOption {
type = types.nullOr types.str;
description = ''
Set owner MXID otherwise first talking local user will claim the bridge
'';
default = null;
example = "@admin:example.org";
};
namespaces = mkOption {
description = "Configure the 'namespaces' section of the registration.yml for the bridge and the server";
# TODO link to Matrix documentation of the format
type = types.submodule {
freeformType = jsonType;
};
default = {
users = [
{
regex = "@irc_.*";
exclusive = true;
}
];
aliases = [ ];
rooms = [ ];
};
};
identd.enable = mkEnableOption "identd service support";
identd.port = mkOption {
type = types.port;
description = "identd listen port";
default = 113;
};
extraArgs = mkOption {
type = types.listOf types.str;
description = "Heisenbridge is configured over the command line. Append extra arguments here";
default = [ ];
};
};
config = mkIf cfg.enable {
systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge";
before = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ];
preStart = ''
umask 077
set -e -u -o pipefail
if ! [ -f "${registrationFile}" ]; then
# Generate registration file if not present (actually, we only care about the tokens in it)
${bin} --generate --config ${registrationFile}
fi
# Overwrite the registration file with our generated one (the config may have changed since then),
# but keep the tokens. Two step procedure to be failure safe
${pkgs.yq}/bin/yq --slurp \
'.[0] + (.[1] | {as_token, hs_token})' \
${bridgeConfig} \
${registrationFile} \
> ${registrationFile}.new
mv -f ${registrationFile}.new ${registrationFile}
# Grant Synapse access to the registration
if ${getBin pkgs.glibc}/bin/getent group matrix-synapse > /dev/null; then
chgrp -v matrix-synapse ${registrationFile}
chmod -v g+r ${registrationFile}
fi
'';
serviceConfig = rec {
Type = "simple";
ExecStart = lib.concatStringsSep " " (
[
bin
(if cfg.debug then "-vvv" else "-v")
"--config"
registrationFile
"--listen-address"
(lib.escapeShellArg cfg.address)
"--listen-port"
(toString cfg.port)
]
++ (lib.optionals (cfg.owner != null) [
"--owner"
(lib.escapeShellArg cfg.owner)
])
++ (lib.optionals cfg.identd.enable [
"--identd"
"--identd-port"
(toString cfg.identd.port)
])
++ [
(lib.escapeShellArg cfg.homeserver)
]
++ (map (lib.escapeShellArg) cfg.extraArgs)
);
ProtectHome = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "heisenbridge";
StateDirectoryMode = "755";
User = "heisenbridge";
Group = "heisenbridge";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};
};
users.groups.heisenbridge = {};
users.users.heisenbridge = {
description = "Service user for the Heisenbridge";
group = "heisenbridge";
isSystemUser = true;
};
};
meta.maintainers = [ lib.maintainers.piegames ];
}

140
nixos/modules/services/misc/matrix-conduit.nix Normal file
View file

@ -0,0 +1,140 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.matrix-conduit;
format = pkgs.formats.toml {};
configFile = format.generate "conduit.toml" cfg.settings;
in
{
meta.maintainers = with maintainers; [ pstn piegames ];
options.services.matrix-conduit = {
enable = mkEnableOption "matrix-conduit";
extraEnvironment = mkOption {
type = types.attrsOf types.str;
description = "Extra Environment variables to pass to the conduit server.";
default = {};
example = { RUST_BACKTRACE="yes"; };
};
package = mkOption {
type = types.package;
default = pkgs.matrix-conduit;
defaultText = "pkgs.matrix-conduit";
example = "pkgs.matrix-conduit";
description = ''
Package of the conduit matrix server to use.
'';
};
settings = mkOption {
type = types.submodule {
freeformType = format.type;
options = {
global.server_name = mkOption {
type = types.str;
example = "example.com";
description = "The server_name is the name of this server. It is used as a suffix for user # and room ids.";
};
global.port = mkOption {
type = types.port;
default = 6167;
description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port";
};
global.max_request_size = mkOption {
type = types.ints.positive;
default = 20000000;
description = "Max request size in bytes. Don't forget to also change it in the proxy.";
};
global.allow_registration = mkOption {
type = types.bool;
default = false;
description = "Whether new users can register on this server.";
};
global.allow_encryption = mkOption {
type = types.bool;
default = true;
description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work.";
};
global.allow_federation = mkOption {
type = types.bool;
default = true;
description = ''
Whether this server federates with other servers.
'';
};
global.trusted_servers = mkOption {
type = types.listOf types.str;
default = [ "matrix.org" ];
description = "Servers trusted with signing server keys.";
};
global.address = mkOption {
type = types.str;
default = "::1";
description = "Address to listen on for connections by the reverse proxy/tls terminator.";
};
global.database_path = mkOption {
type = types.str;
default = "/var/lib/matrix-conduit/";
readOnly = true;
description = ''
Path to the conduit database, the directory where conduit will save its data.
Note that due to using the DynamicUser feature of systemd, this value should not be changed
and is set to be read only.
'';
};
};
};
default = {};
description = ''
Generates the conduit.toml configuration file. Refer to
<link xlink:href="https://gitlab.com/famedly/conduit/-/blob/master/conduit-example.toml"/>
for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir.
'';
};
};
config = mkIf cfg.enable {
systemd.services.conduit = {
description = "Conduit Matrix Server";
documentation = [ "https://gitlab.com/famedly/conduit/" ];
wantedBy = [ "multi-user.target" ];
environment = lib.mkMerge ([
{ CONDUIT_CONFIG = configFile; }
cfg.extraEnvironment
]);
serviceConfig = {
DynamicUser = true;
User = "conduit";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateUsers = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
StateDirectory = "matrix-conduit";
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
};
};
};
}

264
nixos/modules/services/misc/mwlib.nix
View file

@ -1,264 +0,0 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.mwlib;
opt = options.services.mwlib;
pypkgs = pkgs.python27Packages;
inherit (pypkgs) python mwlib;
user = mkOption {
default = "nobody";
type = types.str;
description = "User to run as.";
};
in
{
options.services.mwlib = {
nserve = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable nserve. Nserve is a HTTP
server. The Collection extension is talking to
that program directly. Nserve uses at least
one qserve instance in order to distribute
and manage jobs.
'';
}; # nserve.enable
port = mkOption {
default = 8899;
type = types.port;
description = "Specify port to listen on.";
}; # nserve.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # nserve.address
qserve = mkOption {
default = [ "${cfg.qserve.address}:${toString cfg.qserve.port}" ];
defaultText = literalExpression ''
[ "''${config.${opt.qserve.address}}:''${toString config.${opt.qserve.port}}"
]'';
type = types.listOf types.str;
description = "Register qserve instance.";
}; # nserve.qserve
inherit user;
}; # nserve
qserve = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
A job queue server used to distribute and manage
jobs. You should start one qserve instance
for each machine that is supposed to render pdf
files. Unless youre operating the Wikipedia
installation, one machine should suffice.
'';
}; # qserve.enable
port = mkOption {
default = 14311;
type = types.port;
description = "Specify port to listen on.";
}; # qserve.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # qserve.address
datadir = mkOption {
default = "/var/lib/mwlib-qserve";
type = types.path;
description = "qserve data directory (FIXME: unused?)";
}; # qserve.datadir
allow = mkOption {
default = [ "127.0.0.1" ];
type = types.listOf types.str;
description = "List of allowed client IPs. Empty means any.";
}; # qserve.allow
inherit user;
}; # qserve
nslave = {
enable = mkOption {
default = cfg.qserve.enable;
defaultText = literalExpression "config.${opt.qserve.enable}";
type = types.bool;
description = ''
Pulls new jobs from exactly one qserve instance
and calls the zip and render programs
in order to download article collections and
convert them to different output formats. Nslave
uses a cache directory to store the generated
documents. Nslave also starts an internal http
server serving the content of the cache directory.
'';
}; # nslave.enable
cachedir = mkOption {
default = "/var/cache/mwlib-nslave";
type = types.path;
description = "Directory to store generated documents.";
}; # nslave.cachedir
numprocs = mkOption {
default = 10;
type = types.int;
description = "Number of parallel jobs to be executed.";
}; # nslave.numprocs
http = mkOption {
default = {};
description = ''
Internal http server serving the content of the cache directory.
You have to enable it, or use your own way for serving files
and set the http.url option accordingly.
'';
type = types.submodule ({ config, options, ... }: {
options = {
enable = mkOption {
default = true;
type = types.bool;
description = "Enable internal http server.";
}; # nslave.http.enable
port = mkOption {
default = 8898;
type = types.port;
description = "Port to listen to when serving files from cache.";
}; # nslave.http.port
address = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Specify network interface to listen on.";
}; # nslave.http.address
url = mkOption {
default = "http://localhost:${toString config.port}/cache";
defaultText = literalExpression ''"http://localhost:''${toString config.${options.port}}/cache"'';
type = types.str;
description = ''
Specify URL for accessing generated files from cache.
The Collection extension of Mediawiki won't be able to
download files without it.
'';
}; # nslave.http.url
};
}); # types.submodule
}; # nslave.http
inherit user;
}; # nslave
}; # options.services
config = {
systemd.services.mwlib-nserve = mkIf cfg.nserve.enable
{
description = "mwlib network interface";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "mwlib-qserve.service" ];
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/nserve"
"--port ${toString cfg.nserve.port}"
"--interface ${cfg.nserve.address}"
] ++ cfg.nserve.qserve
);
User = cfg.nserve.user;
};
}; # systemd.services.mwlib-nserve
systemd.services.mwlib-qserve = mkIf cfg.qserve.enable
{
description = "mwlib job queue server";
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -pv '${cfg.qserve.datadir}'
chown -Rc ${cfg.qserve.user}:`id -ng ${cfg.qserve.user}` '${cfg.qserve.datadir}'
chmod -Rc u=rwX,go= '${cfg.qserve.datadir}'
'';
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/mw-qserve"
"-p ${toString cfg.qserve.port}"
"-i ${cfg.qserve.address}"
"-d ${cfg.qserve.datadir}"
] ++ map (a: "-a ${a}") cfg.qserve.allow
);
User = cfg.qserve.user;
PermissionsStartOnly = true;
};
}; # systemd.services.mwlib-qserve
systemd.services.mwlib-nslave = mkIf cfg.nslave.enable
{
description = "mwlib worker";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -pv '${cfg.nslave.cachedir}'
chown -Rc ${cfg.nslave.user}:`id -ng ${cfg.nslave.user}` '${cfg.nslave.cachedir}'
chmod -Rc u=rwX,go= '${cfg.nslave.cachedir}'
'';
path = with pkgs; [ imagemagick pdftk ];
environment = {
PYTHONPATH = concatMapStringsSep ":"
(m: "${pypkgs.${m}}/lib/${python.libPrefix}/site-packages")
[ "mwlib-rl" "mwlib-ext" "pygments" "pyfribidi" ];
};
serviceConfig = {
ExecStart = concatStringsSep " " (
[
"${mwlib}/bin/nslave"
"--cachedir ${cfg.nslave.cachedir}"
"--numprocs ${toString cfg.nslave.numprocs}"
"--url ${cfg.nslave.http.url}"
] ++ (
if cfg.nslave.http.enable then
[
"--serve-files-port ${toString cfg.nslave.http.port}"
"--serve-files-address ${cfg.nslave.http.address}"
] else
[
"--no-serve-files"
]
));
User = cfg.nslave.user;
PermissionsStartOnly = true;
};
}; # systemd.services.mwlib-nslave
}; # config
}

2
nixos/modules/services/networking/croc.nix
View file

@ -51,7 +51,7 @@ in
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];

183
nixos/modules/services/networking/firefox/sync-server.nix
View file

@ -1,183 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.firefox.syncserver;
defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db";
defaultSqlUri = "sqlite:///${defaultDbLocation}";
syncServerIni = pkgs.writeText "syncserver.ini" ''
[DEFAULT]
overrides = ${cfg.privateConfig}
[server:main]
use = egg:gunicorn
host = ${cfg.listen.address}
port = ${toString cfg.listen.port}
[app:main]
use = egg:syncserver
[syncserver]
public_url = ${cfg.publicUrl}
${optionalString (cfg.sqlUri != "") "sqluri = ${cfg.sqlUri}"}
allow_new_users = ${boolToString cfg.allowNewUsers}
[browserid]
backend = tokenserver.verifiers.LocalVerifier
audiences = ${removeSuffix "/" cfg.publicUrl}
'';
user = "syncserver";
group = "syncserver";
in
{
meta.maintainers = with lib.maintainers; [ nadrieril ];
options = {
services.firefox.syncserver = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable a Firefox Sync Server, this give the opportunity to
Firefox users to store all synchronized data on their own server. To use this
server, Firefox users should visit the <option>about:config</option>, and
replicate the following change
<screen>
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
</screen>
where <option>http://localhost:5000/</option> corresponds to the
public url of the server.
'';
};
listen.address = mkOption {
type = types.str;
default = "127.0.0.1";
example = "0.0.0.0";
description = ''
Address on which the sync server listen to.
'';
};
listen.port = mkOption {
type = types.port;
default = 5000;
description = ''
Port on which the sync server listen to.
'';
};
publicUrl = mkOption {
type = types.str;
default = "http://localhost:5000/";
example = "http://sync.example.com/";
description = ''
Public URL with which firefox users can use to access the sync server.
'';
};
allowNewUsers = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow new-user signups on the server. Only request by
existing accounts will be honored.
'';
};
sqlUri = mkOption {
type = types.str;
default = defaultSqlUri;
example = "postgresql://scott:tiger@localhost/test";
description = ''
The location of the database. This URL is composed of
<option>dialect[+driver]://user:password@host/dbname[?key=value..]</option>,
where <option>dialect</option> is a database name such as
<option>mysql</option>, <option>oracle</option>, <option>postgresql</option>,
etc., and <option>driver</option> the name of a DBAPI, such as
<option>psycopg2</option>, <option>pyodbc</option>, <option>cx_oracle</option>,
etc. The <link
xlink:href="http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html#database-urls">
SQLAlchemy documentation</link> provides more examples and describe the syntax of
the expected URL.
'';
};
privateConfig = mkOption {
type = types.str;
default = "/etc/firefox/syncserver-secret.ini";
description = ''
The private config file is used to extend the generated config with confidential
information, such as the <option>syncserver.sqlUri</option> setting if it contains a
password, and the <option>syncserver.secret</option> setting is used by the server to
generate cryptographically-signed authentication tokens.
If this file does not exist, then it is created with a generated
<option>syncserver.secret</option> settings.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.syncserver = {
after = [ "network.target" ];
description = "Firefox Sync Server";
wantedBy = [ "multi-user.target" ];
path = [
pkgs.coreutils
(pkgs.python.withPackages (ps: [ pkgs.syncserver ps.gunicorn ]))
];
serviceConfig = {
User = user;
Group = group;
PermissionsStartOnly = true;
};
preStart = ''
if ! test -e ${cfg.privateConfig}; then
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
chmod 600 ${cfg.privateConfig}
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
chmod 600 ${cfg.privateConfig}
chmod 755 $(dirname ${cfg.privateConfig})
chown ${user}:${group} ${cfg.privateConfig}
'' + optionalString (cfg.sqlUri == defaultSqlUri) ''
if ! test -e $(dirname ${defaultDbLocation}); then
mkdir -m 700 -p $(dirname ${defaultDbLocation})
chown ${user}:${group} $(dirname ${defaultDbLocation})
fi
# Move previous database file if it exists
oldDb="/var/db/firefox-sync-server.db"
if test -f $oldDb; then
mv $oldDb ${defaultDbLocation}
chown ${user}:${group} ${defaultDbLocation}
fi
'';
script = ''
gunicorn --paste ${syncServerIni}
'';
};
users.users.${user} = {
inherit group;
isSystemUser = true;
};
users.groups.${group} = {};
};
}

11
nixos/modules/services/networking/i2pd.nix
View file

@ -224,7 +224,7 @@ let
i2pdSh = pkgs.writeScriptBin "i2pd" ''
#!/bin/sh
exec ${pkgs.i2pd}/bin/i2pd \
exec ${cfg.package}/bin/i2pd \
${if cfg.address == null then "" else "--host="+cfg.address} \
--service \
--conf=${i2pdConf} \
@ -253,6 +253,15 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.i2pd;
defaultText = literalExpression "pkgs.i2pd";
description = ''
i2pd package to use.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error"];
default = "error";

96
nixos/modules/services/networking/tetrd.nix Normal file
View file

@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
{
options.services.tetrd.enable = lib.mkEnableOption pkgs.tetrd.meta.description;
config = lib.mkIf config.services.tetrd.enable {
environment = {
systemPackages = [ pkgs.tetrd ];
etc."resolv.conf".source = "/etc/tetrd/resolv.conf";
};
systemd = {
tmpfiles.rules = [ "f /etc/tetrd/resolv.conf - - -" ];
services.tetrd = {
description = pkgs.tetrd.meta.description;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.tetrd}/opt/Tetrd/bin/tetrd";
Restart = "always";
RuntimeDirectory = "tetrd";
RootDirectory = "/run/tetrd";
DynamicUser = true;
UMask = "006";
DeviceAllow = "usb_device";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateMounts = true;
PrivateNetwork = lib.mkDefault false;
PrivateTmp = true;
PrivateUsers = lib.mkDefault false;
ProtectClock = lib.mkDefault false;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@obsolete"
"~@pkey"
"~@raw-io"
"~@reboot"
"~@swap"
"~@sync"
];
BindReadOnlyPaths = [
builtins.storeDir
"/etc/ssl"
"/etc/static/ssl"
"${pkgs.nettools}/bin/route:/usr/bin/route"
"${pkgs.nettools}/bin/ifconfig:/usr/bin/ifconfig"
];
BindPaths = [
"/etc/tetrd/resolv.conf:/etc/resolv.conf"
"/run"
"/var/log"
];
CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
AmbientCapabilities = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
};
};
};
};
}

184
nixos/modules/services/web-apps/mattermost.nix
View file

@ -6,23 +6,95 @@ let
cfg = config.services.mattermost;
defaultConfig = builtins.fromJSON (builtins.replaceStrings [ "\\u0026" ] [ "&" ]
(readFile "${pkgs.mattermost}/config/config.json")
);
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
mattermostConf = foldl recursiveUpdate defaultConfig
[ { ServiceSettings.SiteURL = cfg.siteUrl;
ServiceSettings.ListenAddress = cfg.listenAddress;
TeamSettings.SiteName = cfg.siteName;
SqlSettings.DriverName = "postgres";
SqlSettings.DataSource = database;
}
cfg.extraConfig
];
postgresPackage = config.services.postgresql.package;
mattermostConfJSON = pkgs.writeText "mattermost-config-raw.json" (builtins.toJSON mattermostConf);
createDb = {
statePath ? cfg.statePath,
localDatabaseUser ? cfg.localDatabaseUser,
localDatabasePassword ? cfg.localDatabasePassword,
localDatabaseName ? cfg.localDatabaseName,
useSudo ? true
}: ''
if ! test -e ${escapeShellArg "${statePath}/.db-created"}; then
${lib.optionalString useSudo "${pkgs.sudo}/bin/sudo -u ${escapeShellArg config.services.postgresql.superUser} \\"}
${postgresPackage}/bin/psql postgres -c \
"CREATE ROLE ${localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${localDatabasePassword}'"
${lib.optionalString useSudo "${pkgs.sudo}/bin/sudo -u ${escapeShellArg config.services.postgresql.superUser} \\"}
${postgresPackage}/bin/createdb \
--owner ${escapeShellArg localDatabaseUser} ${escapeShellArg localDatabaseName}
touch ${escapeShellArg "${statePath}/.db-created"}
fi
'';
mattermostPluginDerivations = with pkgs;
map (plugin: stdenv.mkDerivation {
name = "mattermost-plugin";
installPhase = ''
mkdir -p $out/share
cp ${plugin} $out/share/plugin.tar.gz
'';
dontUnpack = true;
dontPatch = true;
dontConfigure = true;
dontBuild = true;
preferLocalBuild = true;
}) cfg.plugins;
mattermostPlugins = with pkgs;
if mattermostPluginDerivations == [] then null
else stdenv.mkDerivation {
name = "${cfg.package.name}-plugins";
nativeBuildInputs = [
autoPatchelfHook
] ++ mattermostPluginDerivations;
buildInputs = [
cfg.package
];
installPhase = ''
mkdir -p $out/data/plugins
plugins=(${escapeShellArgs (map (plugin: "${plugin}/share/plugin.tar.gz") mattermostPluginDerivations)})
for plugin in "''${plugins[@]}"; do
hash="$(sha256sum "$plugin" | cut -d' ' -f1)"
mkdir -p "$hash"
tar -C "$hash" -xzf "$plugin"
autoPatchelf "$hash"
GZIP_OPT=-9 tar -C "$hash" -cvzf "$out/data/plugins/$hash.tar.gz" .
rm -rf "$hash"
done
'';
dontUnpack = true;
dontPatch = true;
dontConfigure = true;
dontBuild = true;
preferLocalBuild = true;
};
mattermostConfWithoutPlugins = recursiveUpdate
{ ServiceSettings.SiteURL = cfg.siteUrl;
ServiceSettings.ListenAddress = cfg.listenAddress;
TeamSettings.SiteName = cfg.siteName;
SqlSettings.DriverName = "postgres";
SqlSettings.DataSource = database;
PluginSettings.Directory = "${cfg.statePath}/plugins/server";
PluginSettings.ClientDirectory = "${cfg.statePath}/plugins/client";
}
cfg.extraConfig;
mattermostConf = recursiveUpdate
mattermostConfWithoutPlugins
(
if mattermostPlugins == null then {}
else {
PluginSettings = {
Enable = true;
};
}
);
mattermostConfJSON = pkgs.writeText "mattermost-config.json" (builtins.toJSON mattermostConf);
in
@ -31,6 +103,13 @@ in
services.mattermost = {
enable = mkEnableOption "Mattermost chat server";
package = mkOption {
type = types.package;
default = pkgs.mattermost;
defaultText = "pkgs.mattermost";
description = "Mattermost derivation to use.";
};
statePath = mkOption {
type = types.str;
default = "/var/lib/mattermost";
@ -77,6 +156,16 @@ in
'';
};
preferNixConfig = mkOption {
type = types.bool;
default = false;
description = ''
If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
'';
};
extraConfig = mkOption {
type = types.attrs;
default = { };
@ -85,6 +174,17 @@ in
'';
};
plugins = mkOption {
type = types.listOf (types.oneOf [types.path types.package]);
default = [];
example = "[ ./com.github.moussetc.mattermost.plugin.giphy-2.0.0.tar.gz ]";
description = ''
Plugins to add to the configuration. Overrides any installed if non-null.
This is a list of paths to .tar.gz files or derivations evaluating to
.tar.gz files. All entries will be passed to `mattermost plugin add`.
'';
};
localDatabaseCreate = mkOption {
type = types.bool;
default = true;
@ -135,6 +235,12 @@ in
matterircd = {
enable = mkEnableOption "Mattermost IRC bridge";
package = mkOption {
type = types.package;
default = pkgs.matterircd;
defaultText = "pkgs.matterircd";
description = "matterircd derivation to use.";
};
parameters = mkOption {
type = types.listOf types.str;
default = [ ];
@ -167,7 +273,7 @@ in
# The systemd service will fail to execute the preStart hook
# if the WorkingDirectory does not exist
system.activationScripts.mattermost = ''
mkdir -p ${cfg.statePath}
mkdir -p "${cfg.statePath}"
'';
systemd.services.mattermost = {
@ -176,39 +282,41 @@ in
after = [ "network.target" "postgresql.service" ];
preStart = ''
mkdir -p ${cfg.statePath}/{data,config,logs}
ln -sf ${pkgs.mattermost}/{bin,fonts,i18n,templates,client} ${cfg.statePath}
mkdir -p "${cfg.statePath}"/{data,config,logs,plugins}
mkdir -p "${cfg.statePath}/plugins"/{client,server}
ln -sf ${cfg.package}/{bin,fonts,i18n,templates,client} "${cfg.statePath}"
'' + lib.optionalString (mattermostPlugins != null) ''
rm -rf "${cfg.statePath}/data/plugins"
ln -sf ${mattermostPlugins}/data/plugins "${cfg.statePath}/data"
'' + lib.optionalString (!cfg.mutableConfig) ''
rm -f ${cfg.statePath}/config/config.json
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
${pkgs.mattermost}/bin/mattermost config migrate ${cfg.statePath}/config/config.json ${database}
rm -f "${cfg.statePath}/config/config.json"
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${cfg.package}/config/config.json ${mattermostConfJSON} > "${cfg.statePath}/config/config.json"
'' + lib.optionalString cfg.mutableConfig ''
if ! test -e "${cfg.statePath}/config/.initial-created"; then
rm -f ${cfg.statePath}/config/config.json
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
touch ${cfg.statePath}/config/.initial-created
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${cfg.package}/config/config.json ${mattermostConfJSON} > "${cfg.statePath}/config/config.json"
touch "${cfg.statePath}/config/.initial-created"
fi
'' + lib.optionalString cfg.localDatabaseCreate ''
if ! test -e "${cfg.statePath}/.db-created"; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/psql postgres -c \
"CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'"
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/createdb \
--owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName}
touch ${cfg.statePath}/.db-created
fi
'' + ''
chown ${cfg.user}:${cfg.group} -R ${cfg.statePath}
chmod u+rw,g+r,o-rwx -R ${cfg.statePath}
'' + lib.optionalString (cfg.mutableConfig && cfg.preferNixConfig) ''
new_config="$(${pkgs.jq}/bin/jq -s '.[0] * .[1]' "${cfg.statePath}/config/config.json" ${mattermostConfJSON})"
rm -f "${cfg.statePath}/config/config.json"
echo "$new_config" > "${cfg.statePath}/config/config.json"
'' + lib.optionalString cfg.localDatabaseCreate (createDb {}) + ''
# Don't change permissions recursively on the data, current, and symlinked directories (see ln -sf command above).
# This dramatically decreases startup times for installations with a lot of files.
find . -maxdepth 1 -not -name data -not -name client -not -name templates -not -name i18n -not -name fonts -not -name bin -not -name . \
-exec chown "${cfg.user}:${cfg.group}" -R {} \; -exec chmod u+rw,g+r,o-rwx -R {} \;
chown "${cfg.user}:${cfg.group}" "${cfg.statePath}/data" .
chmod u+rw,g+r,o-rwx "${cfg.statePath}/data" .
'';
serviceConfig = {
PermissionsStartOnly = true;
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
(lib.optionalString (!cfg.mutableConfig) " -c ${database}");
ExecStart = "${cfg.package}/bin/mattermost";
WorkingDirectory = "${cfg.statePath}";
Restart = "always";
RestartSec = "10";
@ -224,7 +332,7 @@ in
serviceConfig = {
User = "nobody";
Group = "nogroup";
ExecStart = "${pkgs.matterircd}/bin/matterircd ${concatStringsSep " " cfg.matterircd.parameters}";
ExecStart = "${cfg.matterircd.package}/bin/matterircd ${escapeShellArgs cfg.matterircd.parameters}";
WorkingDirectory = "/tmp";
PrivateTmp = true;
Restart = "always";

304
nixos/modules/services/web-apps/moinmoin.nix
View file

@ -1,304 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.moinmoin;
python = pkgs.python27;
pkg = python.pkgs.moinmoin;
dataDir = "/var/lib/moin";
usingGunicorn = cfg.webServer == "nginx-gunicorn" || cfg.webServer == "gunicorn";
usingNginx = cfg.webServer == "nginx-gunicorn";
user = "moin";
group = "moin";
uLit = s: ''u"${s}"'';
indentLines = n: str: concatMapStrings (line: "${fixedWidthString n " " " "}${line}\n") (splitString "\n" str);
moinCliWrapper = wikiIdent: pkgs.writeShellScriptBin "moin-${wikiIdent}" ''
${pkgs.su}/bin/su -s ${pkgs.runtimeShell} -c "${pkg}/bin/moin --config-dir=/var/lib/moin/${wikiIdent}/config $*" ${user}
'';
wikiConfig = wikiIdent: w: ''
# -*- coding: utf-8 -*-
from MoinMoin.config import multiconfig, url_prefix_static
class Config(multiconfig.DefaultConfig):
${optionalString (w.webLocation != "/") ''
url_prefix_static = '${w.webLocation}' + url_prefix_static
''}
sitename = u'${w.siteName}'
page_front_page = u'${w.frontPage}'
data_dir = '${dataDir}/${wikiIdent}/data'
data_underlay_dir = '${dataDir}/${wikiIdent}/underlay'
language_default = u'${w.languageDefault}'
${optionalString (w.superUsers != []) ''
superuser = [${concatMapStringsSep ", " uLit w.superUsers}]
''}
${indentLines 4 w.extraConfig}
'';
wikiConfigFile = name: wiki: pkgs.writeText "${name}.py" (wikiConfig name wiki);
in
{
options.services.moinmoin = with types; {
enable = mkEnableOption "MoinMoin Wiki Engine";
webServer = mkOption {
type = enum [ "nginx-gunicorn" "gunicorn" "none" ];
default = "nginx-gunicorn";
example = "none";
description = ''
Which web server to use to serve the wiki.
Use <literal>none</literal> if you want to configure this yourself.
'';
};
gunicorn.workers = mkOption {
type = ints.positive;
default = 3;
example = 10;
description = ''
The number of worker processes for handling requests.
'';
};
wikis = mkOption {
type = attrsOf (submodule ({ name, ... }: {
options = {
siteName = mkOption {
type = str;
default = "Untitled Wiki";
example = "ExampleWiki";
description = ''
Short description of your wiki site, displayed below the logo on each page, and
used in RSS documents as the channel title.
'';
};
webHost = mkOption {
type = str;
description = "Host part of the wiki URL. If undefined, the name of the attribute set will be used.";
example = "wiki.example.org";
};
webLocation = mkOption {
type = str;
default = "/";
example = "/moin";
description = "Location part of the wiki URL.";
};
frontPage = mkOption {
type = str;
default = "LanguageSetup";
example = "FrontPage";
description = ''
Front page name. Set this to something like <literal>FrontPage</literal> once languages are
configured.
'';
};
superUsers = mkOption {
type = listOf str;
default = [];
example = [ "elvis" ];
description = ''
List of trusted user names with wiki system administration super powers.
Please note that accounts for these users need to be created using the <command>moin</command> command-line utility, e.g.:
<command>moin-<replaceable>WIKINAME</replaceable> account create --name=<replaceable>NAME</replaceable> --email=<replaceable>EMAIL</replaceable> --password=<replaceable>PASSWORD</replaceable></command>.
'';
};
languageDefault = mkOption {
type = str;
default = "en";
example = "de";
description = "The ISO-639-1 name of the main wiki language. Languages that MoinMoin does not support are ignored.";
};
extraConfig = mkOption {
type = lines;
default = "";
example = ''
show_hosts = True
search_results_per_page = 100
acl_rights_default = u"Known:read,write,delete,revert All:read"
logo_string = u"<h2>\U0001f639</h2>"
theme_default = u"modernized"
user_checkbox_defaults = {'show_page_trail': 0, 'edit_on_doubleclick': 0}
navi_bar = [u'SomePage'] + multiconfig.DefaultConfig.navi_bar
actions_excluded = multiconfig.DefaultConfig.actions_excluded + ['newaccount']
mail_smarthost = "mail.example.org"
mail_from = u"Example.Org Wiki <wiki@example.org>"
'';
description = ''
Additional configuration to be appended verbatim to this wiki's config.
See <link xlink:href='http://moinmo.in/HelpOnConfiguration' /> for documentation.
'';
};
};
config = {
webHost = mkDefault name;
};
}));
example = literalExpression ''
{
"mywiki" = {
siteName = "Example Wiki";
webHost = "wiki.example.org";
superUsers = [ "admin" ];
frontPage = "Index";
extraConfig = "page_category_regex = ur'(?P<all>(Category|Kategorie)(?P<key>(?!Template)\S+))'"
};
}
'';
description = ''
Configurations of the individual wikis. Attribute names must be valid Python
identifiers of the form <literal>[A-Za-z_][A-Za-z0-9_]*</literal>.
For every attribute <replaceable>WIKINAME</replaceable>, a helper script
moin-<replaceable>WIKINAME</replaceable> is created which runs the
<command>moin</command> command under the <literal>moin</literal> user (to avoid
file ownership issues) and with the right configuration directory passed to it.
'';
};
};
config = mkIf cfg.enable {
assertions = forEach (attrNames cfg.wikis) (wname:
{ assertion = builtins.match "[A-Za-z_][A-Za-z0-9_]*" wname != null;
message = "${wname} is not valid Python identifier";
}
);
users.users = {
moin = {
description = "MoinMoin wiki";
home = dataDir;
group = group;
isSystemUser = true;
};
};
users.groups = {
moin = {
members = mkIf usingNginx [ config.services.nginx.user ];
};
};
environment.systemPackages = [ pkg ] ++ map moinCliWrapper (attrNames cfg.wikis);
systemd.services = mkIf usingGunicorn
(flip mapAttrs' cfg.wikis (wikiIdent: wiki:
nameValuePair "moin-${wikiIdent}"
{
description = "MoinMoin wiki ${wikiIdent} - gunicorn process";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
restartTriggers = [ (wikiConfigFile wikiIdent wiki) ];
environment = let
penv = python.buildEnv.override {
# setuptools: https://github.com/benoitc/gunicorn/issues/1716
extraLibs = [ python.pkgs.eventlet python.pkgs.setuptools pkg ];
};
in {
PYTHONPATH = "${dataDir}/${wikiIdent}/config:${penv}/${python.sitePackages}";
};
preStart = ''
umask 0007
rm -rf ${dataDir}/${wikiIdent}/underlay
cp -r ${pkg}/share/moin/underlay ${dataDir}/${wikiIdent}/
chmod -R u+w ${dataDir}/${wikiIdent}/underlay
'';
startLimitIntervalSec = 30;
serviceConfig = {
User = user;
Group = group;
WorkingDirectory = "${dataDir}/${wikiIdent}";
ExecStart = ''${python.pkgs.gunicorn}/bin/gunicorn moin_wsgi \
--name gunicorn-${wikiIdent} \
--workers ${toString cfg.gunicorn.workers} \
--worker-class eventlet \
--bind unix:/run/moin/${wikiIdent}/gunicorn.sock
'';
Restart = "on-failure";
RestartSec = "2s";
StateDirectory = "moin/${wikiIdent}";
StateDirectoryMode = "0750";
RuntimeDirectory = "moin/${wikiIdent}";
RuntimeDirectoryMode = "0750";
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateNetwork = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
};
}
));
services.nginx = mkIf usingNginx {
enable = true;
virtualHosts = flip mapAttrs' cfg.wikis (name: w: nameValuePair w.webHost {
forceSSL = mkDefault true;
enableACME = mkDefault true;
locations."${w.webLocation}" = {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://unix:/run/moin/${name}/gunicorn.sock;
'';
};
});
};
systemd.tmpfiles.rules = [
"d /run/moin 0750 ${user} ${group} - -"
"d ${dataDir} 0550 ${user} ${group} - -"
]
++ (concatLists (flip mapAttrsToList cfg.wikis (wikiIdent: wiki: [
"d ${dataDir}/${wikiIdent} 0750 ${user} ${group} - -"
"d ${dataDir}/${wikiIdent}/config 0550 ${user} ${group} - -"
"L+ ${dataDir}/${wikiIdent}/config/wikiconfig.py - - - - ${wikiConfigFile wikiIdent wiki}"
# needed in order to pass module name to gunicorn
"L+ ${dataDir}/${wikiIdent}/config/moin_wsgi.py - - - - ${pkg}/share/moin/server/moin.wsgi"
# seed data files
"C ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - ${pkg}/share/moin/data"
# fix nix store permissions
"Z ${dataDir}/${wikiIdent}/data 0770 ${user} ${group} - -"
])));
};
meta.maintainers = with lib.maintainers; [ mmilata ];
}

79
nixos/modules/services/web-apps/trac.nix
View file

@ -1,79 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.trac;
inherit (lib) mkEnableOption mkIf mkOption types;
in {
options = {
services.trac = {
enable = mkEnableOption "Trac service";
listen = {
ip = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
IP address that Trac should listen on.
'';
};
port = mkOption {
type = types.port;
default = 8000;
description = ''
Listen port for Trac.
'';
};
};
dataDir = mkOption {
default = "/var/lib/trac";
type = types.path;
description = ''
The directory for storing the Trac data.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for Trac.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.trac = {
description = "Trac server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
StateDirectory = baseNameOf cfg.dataDir;
ExecStart = ''
${pkgs.trac}/bin/tracd -s \
-b ${toString cfg.listen.ip} \
-p ${toString cfg.listen.port} \
${cfg.dataDir}
'';
};
preStart = ''
if [ ! -e ${cfg.dataDir}/VERSION ]; then
${pkgs.trac}/bin/trac-admin ${cfg.dataDir} initenv Trac "sqlite:db/trac.db"
fi
'';
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.listen.port ];
};
};
}

2
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -317,7 +317,7 @@ let
${optionalString (hasSSL && vhost.sslTrustedCertificate != null) ''
ssl_trusted_certificate ${vhost.sslTrustedCertificate};
''}
${optionalString (hasSSL && vhost.rejectSSL) ''
${optionalString vhost.rejectSSL ''
ssl_reject_handshake on;
''}
${optionalString (hasSSL && vhost.kTLS) ''

6
nixos/modules/services/x11/desktop-managers/lumina.nix
View file

@ -38,11 +38,5 @@ in
"/share"
];
security.wrappers.lumina-checkpass-wrapped = {
source = "${pkgs.lumina.lumina}/bin/lumina-checkpass";
owner = "root";
group = "root";
};
};
}

28
nixos/modules/tasks/network-interfaces-scripted.nix
View file

@ -532,6 +532,33 @@ let
'';
});
createGreDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = deviceDependency v.dev;
in
{ description = "GRE Tunnel Interface ${n}";
wantedBy = [ "network-setup.service" (subsystemDevice n) ];
bindsTo = deps;
partOf = [ "network-setup.service" ];
after = [ "network-pre.target" ] ++ deps;
before = [ "network-setup.service" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute2 ];
script = ''
# Remove Dead Interfaces
ip link show "${n}" >/dev/null 2>&1 && ip link delete "${n}"
ip link add name "${n}" type ${v.type} \
${optionalString (v.remote != null) "remote \"${v.remote}\""} \
${optionalString (v.local != null) "local \"${v.local}\""} \
${optionalString (v.dev != null) "dev \"${v.dev}\""}
ip link set "${n}" up
'';
postStop = ''
ip link delete "${n}" || true
'';
});
createVlanDevice = n: v: nameValuePair "${n}-netdev"
(let
deps = deviceDependency v.interface;
@ -570,6 +597,7 @@ let
// mapAttrs' createMacvlanDevice cfg.macvlans
// mapAttrs' createFouEncapsulation cfg.fooOverUDP
// mapAttrs' createSitDevice cfg.sits
// mapAttrs' createGreDevice cfg.greTunnels
// mapAttrs' createVlanDevice cfg.vlans
// {
network-setup = networkSetup;

20
nixos/modules/tasks/network-interfaces-systemd.nix
View file

@ -18,6 +18,7 @@ let
concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))
++ concatLists (map (bridge: bridge.interfaces) (attrValues cfg.bridges))
++ map (sit: sit.dev) (attrValues cfg.sits)
++ map (gre: gre.dev) (attrValues cfg.greTunnels)
++ map (vlan: vlan.interface) (attrValues cfg.vlans)
# add dependency to physical or independently created vswitch member interface
# TODO: warn the user that any address configured on those interfaces will be useless
@ -245,6 +246,25 @@ in
} ]);
};
})))
(mkMerge (flip mapAttrsToList cfg.greTunnels (name: gre: {
netdevs."40-${name}" = {
netdevConfig = {
Name = name;
Kind = gre.type;
};
tunnelConfig =
(optionalAttrs (gre.remote != null) {
Remote = gre.remote;
}) // (optionalAttrs (gre.local != null) {
Local = gre.local;
});
};
networks = mkIf (gre.dev != null) {
"40-${gre.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {
tunnel = [ name ];
} ]);
};
})))
(mkMerge (flip mapAttrsToList cfg.vlans (name: vlan: {
netdevs."40-${name}" = {
netdevConfig = {

61
nixos/modules/tasks/network-interfaces.nix
View file

@ -10,6 +10,7 @@ let
interfaces = attrValues cfg.interfaces;
hasVirtuals = any (i: i.virtual) interfaces;
hasSits = cfg.sits != { };
hasGres = cfg.greTunnels != { };
hasBonds = cfg.bonds != { };
hasFous = cfg.fooOverUDP != { }
|| filterAttrs (_: s: s.encapsulation != null) cfg.sits != { };
@ -997,6 +998,65 @@ in
});
};
networking.greTunnels = mkOption {
default = { };
example = literalExpression ''
{
greBridge = {
remote = "10.0.0.1";
local = "10.0.0.22";
dev = "enp4s0f0";
type = "tap";
};
}
'';
description = ''
This option allows you to define Generic Routing Encapsulation (GRE) tunnels.
'';
type = with types; attrsOf (submodule {
options = {
remote = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.0.0.1";
description = ''
The address of the remote endpoint to forward traffic over.
'';
};
local = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.0.0.22";
description = ''
The address of the local endpoint which the remote
side should send packets to.
'';
};
dev = mkOption {
type = types.nullOr types.str;
default = null;
example = "enp4s0f0";
description = ''
The underlying network device on which the tunnel resides.
'';
};
type = mkOption {
type = with types; enum [ "tun" "tap" ];
default = "tap";
example = "tap";
apply = v: if v == "tun" then "gre" else "gretap";
description = ''
Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
'';
};
};
});
};
networking.vlans = mkOption {
default = { };
example = literalExpression ''
@ -1229,6 +1289,7 @@ in
boot.kernelModules = [ ]
++ optional hasVirtuals "tun"
++ optional hasSits "sit"
++ optional hasGres "gre"
++ optional hasBonds "bonding"
++ optional hasFous "fou";

11
nixos/tests/all-tests.nix
View file

@ -260,7 +260,9 @@ in
mariadb-galera-rsync = handleTest ./mysql/mariadb-galera-rsync.nix {};
matomo = handleTest ./matomo.nix {};
matrix-appservice-irc = handleTest ./matrix-appservice-irc.nix {};
matrix-conduit = handleTest ./matrix-conduit.nix {};
matrix-synapse = handleTest ./matrix-synapse.nix {};
mattermost = handleTest ./mattermost.nix {};
mediawiki = handleTest ./mediawiki.nix {};
meilisearch = handleTest ./meilisearch.nix {};
memcached = handleTest ./memcached.nix {};
@ -273,13 +275,19 @@ in
misc = handleTest ./misc.nix {};
mjolnir = handleTest ./matrix/mjolnir.nix {};
mod_perl = handleTest ./mod_perl.nix {};
moinmoin = handleTest ./moinmoin.nix {};
mongodb = handleTest ./mongodb.nix {};
moodle = handleTest ./moodle.nix {};
morty = handleTest ./morty.nix {};
mosquitto = handleTest ./mosquitto.nix {};
mpd = handleTest ./mpd.nix {};
mpv = handleTest ./mpv.nix {};
mtp = let
olderQemu = (import (fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/e1fc1a80a071c90ab65fb6eafae5520579163783.tar.gz";
sha256 = "19a0qrx31lp2r8cgk9hv4p6j6six6l82qisxr68y7wb7drw7dhkz";
}) { inherit system; }).qemu_test;
myPkgs = import ../.. { inherit system; overlays = [ (self: super: { qemu_test = olderQemu; }) ]; };
in handleTest ./mtp.nix { pkgs = myPkgs; };
mumble = handleTest ./mumble.nix {};
musescore = handleTest ./musescore.nix {};
munin = handleTest ./munin.nix {};
@ -476,7 +484,6 @@ in
tinc = handleTest ./tinc {};
tinydns = handleTest ./tinydns.nix {};
tor = handleTest ./tor.nix {};
trac = handleTest ./trac.nix {};
# traefik test relies on docker-containers
traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {};
trafficserver = handleTest ./trafficserver.nix {};

95
nixos/tests/matrix-conduit.nix Normal file
View file

@ -0,0 +1,95 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
name = "conduit";
in
{
nodes = {
conduit = args: {
services.matrix-conduit = {
enable = true;
settings.global.server_name = name;
settings.global.allow_registration = true;
extraEnvironment.RUST_BACKTRACE = "yes";
};
services.nginx = {
enable = true;
virtualHosts.${name} = {
enableACME = false;
forceSSL = false;
enableSSL = false;
locations."/_matrix" = {
proxyPass = "http://[::1]:6167";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
client = { pkgs, ... }: {
environment.systemPackages = [
(
pkgs.writers.writePython3Bin "do_test"
{ libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
import asyncio
from nio import AsyncClient
async def main() -> None:
# Connect to conduit
client = AsyncClient("http://conduit:80", "alice")
# Register as user alice
response = await client.register("alice", "my-secret-password")
# Log in as user alice
response = await client.login("my-secret-password")
# Create a new room
response = await client.room_create(federate=False)
room_id = response.room_id
# Join the room
response = await client.join(room_id)
# Send a message to the room
response = await client.room_send(
room_id=room_id,
message_type="m.room.message",
content={
"msgtype": "m.text",
"body": "Hello conduit!"
}
)
# Sync responses
response = await client.sync(timeout=30000)
# Check the message was received by conduit
last_message = response.rooms.join[room_id].timeline.events[-1].body
assert last_message == "Hello conduit!"
# Leave the room
response = await client.room_leave(room_id)
# Close the client
await client.close()
asyncio.get_event_loop().run_until_complete(main())
''
)
];
};
};
testScript = ''
start_all()
with subtest("start conduit"):
conduit.wait_for_unit("conduit.service")
conduit.wait_for_open_port(80)
with subtest("ensure messages can be exchanged"):
client.succeed("do_test")
'';
})

124
nixos/tests/mattermost.nix Normal file
View file

@ -0,0 +1,124 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
host = "smoke.test";
port = "8065";
url = "http://${host}:${port}";
siteName = "NixOS Smoke Tests, Inc.";
makeMattermost = mattermostConfig:
{ config, ... }: {
environment.systemPackages = [
pkgs.mattermost
pkgs.curl
pkgs.jq
];
networking.hosts = {
"127.0.0.1" = [ host ];
};
services.mattermost = lib.recursiveUpdate {
enable = true;
inherit siteName;
listenAddress = "0.0.0.0:${port}";
siteUrl = url;
extraConfig = {
SupportSettings.AboutLink = "https://nixos.org";
};
} mattermostConfig;
};
in
{
name = "mattermost";
nodes = {
mutable = makeMattermost {
mutableConfig = true;
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
};
mostlyMutable = makeMattermost {
mutableConfig = true;
preferNixConfig = true;
plugins = let
mattermostDemoPlugin = pkgs.fetchurl {
url = "https://github.com/mattermost/mattermost-plugin-demo/releases/download/v0.9.0/com.mattermost.demo-plugin-0.9.0.tar.gz";
sha256 = "1h4qi34gcxcx63z8wiqcf2aaywmvv8lys5g8gvsk13kkqhlmag25";
};
in [
mattermostDemoPlugin
];
};
immutable = makeMattermost {
mutableConfig = false;
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
};
};
testScript = let
expectConfig = jqExpression: pkgs.writeShellScript "expect-config" ''
set -euo pipefail
echo "Expecting config to match: "${lib.escapeShellArg jqExpression} >&2
curl ${lib.escapeShellArg url} >/dev/null
config="$(curl ${lib.escapeShellArg "${url}/api/v4/config/client?format=old"})"
echo "Config: $(echo "$config" | ${pkgs.jq}/bin/jq)" >&2
[[ "$(echo "$config" | ${pkgs.jq}/bin/jq -r ${lib.escapeShellArg ".SiteName == $siteName and .Version == ($mattermostName / $sep)[-1] and (${jqExpression})"} --arg siteName ${lib.escapeShellArg siteName} --arg mattermostName ${lib.escapeShellArg pkgs.mattermost.name} --arg sep '-')" = "true" ]]
'';
setConfig = jqExpression: pkgs.writeShellScript "set-config" ''
set -euo pipefail
mattermostConfig=/var/lib/mattermost/config/config.json
newConfig="$(${pkgs.jq}/bin/jq -r ${lib.escapeShellArg jqExpression} $mattermostConfig)"
rm -f $mattermostConfig
echo "$newConfig" > "$mattermostConfig"
'';
in
''
start_all()
## Mutable node tests ##
mutable.wait_for_unit("mattermost.service")
mutable.wait_for_open_port(8065)
# Get the initial config
mutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
# Edit the config
mutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
mutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
mutable.systemctl("restart mattermost.service")
mutable.wait_for_open_port(8065)
# AboutLink and HelpLink should be changed
mutable.succeed("${expectConfig ''.AboutLink == "https://mattermost.com" and .HelpLink == "https://nixos.org/nixos/manual"''}")
## Mostly mutable node tests ##
mostlyMutable.wait_for_unit("mattermost.service")
mostlyMutable.wait_for_open_port(8065)
# Get the initial config
mostlyMutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")
# Edit the config
mostlyMutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
mostlyMutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
mostlyMutable.systemctl("restart mattermost.service")
mostlyMutable.wait_for_open_port(8065)
# AboutLink should be overridden by NixOS configuration; HelpLink should be what we set above
mostlyMutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://nixos.org/nixos/manual"''}")
## Immutable node tests ##
immutable.wait_for_unit("mattermost.service")
immutable.wait_for_open_port(8065)
# Get the initial config
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
# Edit the config
immutable.succeed("${setConfig ''.SupportSettings.AboutLink = "https://mattermost.com"''}")
immutable.succeed("${setConfig ''.SupportSettings.HelpLink = "https://nixos.org/nixos/manual"''}")
immutable.systemctl("restart mattermost.service")
immutable.wait_for_open_port(8065)
# Our edits should be ignored on restart
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
'';
})

28
nixos/tests/moinmoin.nix
View file

@ -1,28 +0,0 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "moinmoin";
meta.maintainers = with lib.maintainers; [ mmilata ];
machine =
{ ... }:
{ services.moinmoin.enable = true;
services.moinmoin.wikis.ExampleWiki.superUsers = [ "admin" ];
services.moinmoin.wikis.ExampleWiki.webHost = "localhost";
services.nginx.virtualHosts.localhost.enableACME = false;
services.nginx.virtualHosts.localhost.forceSSL = false;
};
testScript = ''
start_all()
machine.wait_for_unit("moin-ExampleWiki.service")
machine.wait_for_unit("nginx.service")
machine.wait_for_file("/run/moin/ExampleWiki/gunicorn.sock")
assert "If you have just installed" in machine.succeed("curl -L http://localhost/")
assert "status success" in machine.succeed(
"moin-ExampleWiki account create --name=admin --email=admin@example.com --password=foo 2>&1"
)
'';
})

108
nixos/tests/mtp.nix Normal file
View file

@ -0,0 +1,108 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "mtp";
meta = with pkgs.lib.maintainers; {
maintainers = [ matthewcroughan nixinator ];
};
nodes =
{
client = { config, pkgs, ... }: {
# DBUS runs only once a user session is created, which means a user has to
# login. Here, we log in as root. Once logged in, the gvfs-daemon service runs
# as UID 0 in User-0.service
services.getty.autologinUser = "root";
# XDG_RUNTIME_DIR is needed for running systemd-user services such as
# gvfs-daemon as root.
environment.variables.XDG_RUNTIME_DIR = "/run/user/0";
environment.systemPackages = with pkgs; [ usbutils glib jmtpfs tree ];
services.gvfs.enable = true;
# Creates a usb-mtp device inside the VM, which is mapped to the host's
# /tmp folder, it is able to write files to this location, but only has
# permissions to read its own creations.
virtualisation.qemu.options = [
"-usb"
"-device usb-mtp,rootdir=/tmp,readonly=false"
];
};
};
testScript = { nodes, ... }:
let
# Creates a list of QEMU MTP devices matching USB ID (46f4:0004). This
# value can be sourced in a shell script. This is so we can loop over the
# devices we find, as this test may want to use more than one MTP device
# in future.
mtpDevices = pkgs.writeScript "mtpDevices.sh" ''
export mtpDevices=$(lsusb -d 46f4:0004 | awk {'print $2","$4'} | sed 's/[:-]/ /g')
'';
# Qemu is only capable of creating an MTP device with Picture Transfer
# Protocol. This means that gvfs must use gphoto2:// rather than mtp://
# when mounting.
# https://github.com/qemu/qemu/blob/970bc16f60937bcfd334f14c614bd4407c247961/hw/usb/dev-mtp.c#L278
gvfs = rec {
mountAllMtpDevices = pkgs.writeScript "mountAllMtpDevices.sh" ''
set -e
source ${mtpDevices}
for i in $mtpDevices
do
gio mount "gphoto2://[usb:$i]/"
done
'';
unmountAllMtpDevices = pkgs.writeScript "unmountAllMtpDevices.sh" ''
set -e
source ${mtpDevices}
for i in $mtpDevices
do
gio mount -u "gphoto2://[usb:$i]/"
done
'';
# gvfsTest:
# 1. Creates a 10M test file
# 2. Copies it to the device using GIO tools
# 3. Checks for corruption with `diff`
# 4. Removes the file, then unmounts the disks.
gvfsTest = pkgs.writeScript "gvfsTest.sh" ''
set -e
source ${mtpDevices}
${mountAllMtpDevices}
dd if=/dev/urandom of=testFile10M bs=1M count=10
for i in $mtpDevices
do
gio copy ./testFile10M gphoto2://[usb:$i]/
ls -lah /run/user/0/gvfs/*/testFile10M
gio remove gphoto2://[usb:$i]/testFile10M
done
${unmountAllMtpDevices}
'';
};
jmtpfs = {
# jmtpfsTest:
# 1. Mounts the device on a dir named `phone` using jmtpfs
# 2. Puts the current Nixpkgs libmtp version into a file
# 3. Checks for corruption with `diff`
# 4. Prints the directory tree
jmtpfsTest = pkgs.writeScript "jmtpfsTest.sh" ''
mkdir phone
jmtpfs phone
echo "${pkgs.libmtp.version}" > phone/tmp/testFile
echo "${pkgs.libmtp.version}" > testFile
diff phone/tmp/testFile testFile
tree phone
'';
};
in
# Using >&2 allows the results of the scripts to be printed to the terminal
# when building this test with Nix. Scripts would otherwise complete
# silently.
''
start_all()
client.wait_for_unit("multi-user.target")
client.wait_for_unit("dbus.service")
client.succeed("${gvfs.gvfsTest} >&2")
client.succeed("${jmtpfs.jmtpfsTest} >&2")
'';
})

71
nixos/tests/networking.nix
View file

@ -489,6 +489,77 @@ let
client2.wait_until_succeeds("ping -c 1 fc00::2")
'';
};
gre = let
node = { pkgs, ... }: with pkgs.lib; {
networking = {
useNetworkd = networkd;
useDHCP = false;
};
};
in {
name = "GRE";
nodes.client1 = args@{ pkgs, ... }:
mkMerge [
(node args)
{
virtualisation.vlans = [ 1 2 ];
networking = {
greTunnels = {
greTunnel = {
local = "192.168.2.1";
remote = "192.168.2.2";
dev = "eth2";
type = "tap";
};
};
bridges.bridge.interfaces = [ "greTunnel" "eth1" ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [];
interfaces.bridge.ipv4.addresses = mkOverride 0 [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
}
];
nodes.client2 = args@{ pkgs, ... }:
mkMerge [
(node args)
{
virtualisation.vlans = [ 2 3 ];
networking = {
greTunnels = {
greTunnel = {
local = "192.168.2.2";
remote = "192.168.2.1";
dev = "eth1";
type = "tap";
};
};
bridges.bridge.interfaces = [ "greTunnel" "eth2" ];
interfaces.eth2.ipv4.addresses = mkOverride 0 [];
interfaces.bridge.ipv4.addresses = mkOverride 0 [
{ address = "192.168.1.2"; prefixLength = 24; }
];
};
}
];
testScript = { ... }:
''
start_all()
with subtest("Wait for networking to be configured"):
client1.wait_for_unit("network.target")
client2.wait_for_unit("network.target")
# Print diagnostic information
client1.succeed("ip addr >&2")
client2.succeed("ip addr >&2")
with subtest("Test GRE tunnel bridge over VLAN"):
client1.wait_until_succeeds("ping -c 1 192.168.1.2")
client2.wait_until_succeeds("ping -c 1 192.168.1.1")
'';
};
vlan = let
node = address: { pkgs, ... }: with pkgs.lib; {
#virtualisation.vlans = [ 1 ];

19
nixos/tests/trac.nix
View file

@ -1,19 +0,0 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "trac";
meta = with pkgs.lib.maintainers; {
maintainers = [ mmahut ];
};
nodes = {
machine = { ... }: {
services.trac.enable = true;
};
};
testScript = ''
start_all()
machine.wait_for_unit("trac.service")
machine.wait_for_open_port(8000)
machine.wait_until_succeeds("curl -fL http://localhost:8000/ | grep 'Trac Powered'")
'';
})

6
pkgs/applications/audio/carla/default.nix
View file

@ -15,13 +15,13 @@ assert withGtk3 -> gtk3 != null;
stdenv.mkDerivation rec {
pname = "carla";
version = "2.4.0";
version = "2.4.1";
src = fetchFromGitHub {
owner = "falkTX";
repo = pname;
rev = "v${version}";
sha256 = "sha256-WxhG9X6jVcu10bl5p0f61+SYZmJw4W7DYvezbpAlNjg=";
sha256 = "sha256-faVLPHPQ4voR/RHiPpUwnZK+5Jx0u4rJWuH5zlydzwY=";
};
nativeBuildInputs = [
@ -78,7 +78,7 @@ stdenv.mkDerivation rec {
'';
meta = with lib; {
homepage = "http://kxstudio.sf.net/carla";
homepage = "https://kx.studio/Applications:Carla";
description = "An audio plugin host";
longDescription = ''
It currently supports LADSPA (including LRDF), DSSI, LV2, VST2/3

4
pkgs/applications/audio/ft2-clone/default.nix
View file

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.48";
version = "1.49";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "sha256-ZE9uid/srHHuTRqzgbtHcfmM0VkVsdrK1CJ3Qwbvtao=";
sha256 = "sha256-DpEzilMERfbop7YYqNCcxSe1qfcz4n7Uqj/i5t5a6nQ=";
};
# Adapt the linux-only CMakeLists to darwin (more reliable than make-macos.sh)

34
pkgs/applications/audio/gtklick/default.nix
View file

@ -1,34 +0,0 @@
{ lib, fetchurl, python2Packages, gettext, klick}:
python2Packages.buildPythonApplication rec {
pname = "gtklick";
version = "0.6.4";
src = fetchurl {
url = "http://das.nasophon.de/download/${pname}-${version}.tar.gz";
sha256 = "7799d884126ccc818678aed79d58057f8cf3528e9f1be771c3fa5b694d9d0137";
};
pythonPath = with python2Packages; [
pyliblo
pyGtkGlade
];
nativeBuildInputs = [ gettext ];
propagatedBuildInputs = [ klick ];
# wrapPythonPrograms breaks gtklick in the postFixup phase.
# To fix it, apply wrapPythonPrograms and then clean up the wrapped file.
postFixup = ''
wrapPythonPrograms
sed -i "/import sys; sys.argv\[0\] = 'gtklick'/d" $out/bin/.gtklick-wrapped
'';
meta = {
homepage = "http://das.nasophon.de/gtklick/";
description = "Simple metronome with an easy-to-use GTK interface";
license = lib.licenses.gpl2Plus;
};
}

21
pkgs/applications/audio/lastfmsubmitd/default.nix
View file

@ -1,21 +0,0 @@
{ lib, fetchurl, python2Packages }:
python2Packages.buildPythonApplication rec {
pname = "lastfmsubmitd";
version = "1.0.6";
src = fetchurl {
url = "https://www.red-bean.com/decklin/lastfmsubmitd/lastfmsubmitd-${version}.tar.gz";
sha256 = "c2636d5095a95167366bacd458624d67b046e060244fa54ba2c2e3efb79f9b0e";
};
doCheck = false;
installCommand = "python setup.py install --prefix=$out";
meta = {
homepage = "https://www.red-bean.com/decklin/lastfmsubmitd/";
license = lib.licenses.mit;
description = "An last.fm audio scrobbler and daemon";
};
}

4
pkgs/applications/audio/lollypop/default.nix
View file

@ -25,7 +25,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.4.23";
version = "1.4.26";
format = "other";
doCheck = false;
@ -34,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "sha256-wwdH3gMpYt40VGqrL1XfB1dOfg45zLKtTEI23AwjCis=";
sha256 = "sha256-Q/z9oET06DimMRZl03TgjEeheoVHtIkH+Z69qWZetcI=";
};
nativeBuildInputs = [

31
pkgs/applications/audio/mimms/default.nix
View file

@ -1,31 +0,0 @@
{ fetchurl, lib, python2Packages, libmms }:
python2Packages.buildPythonApplication rec {
pname = "mimms";
version = "3.2";
src = fetchurl {
url = "https://download.savannah.gnu.org/releases/mimms/mimms-${version}.tar.bz2";
sha256 = "0zmcd670mpq85cs3nvdq3i805ba0d1alqahfy1m9cpf7kxrivfml";
};
postInstall = ''
wrapProgram $out/bin/mimms \
--prefix LD_LIBRARY_PATH : ${libmms}/lib
'';
meta = {
homepage = "https://savannah.nongnu.org/projects/mimms/";
license = lib.licenses.gpl3;
description = "An mms (e.g. mms://) stream downloader";
longDescription = ''
mimms is a program designed to allow you to download streams
using the MMS protocol and save them to your computer, as
opposed to watching them live. Similar functionality is
available in full media player suites such as Xine, MPlayer,
and VLC, but mimms is quick and easy to use and, for the time
being, remains a useful program.
'';
};
}

6
pkgs/applications/audio/plexamp/default.nix
View file

@ -2,12 +2,12 @@
let
pname = "plexamp";
version = "3.8.2";
version = "3.9.0";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
name="${pname}-${version}.AppImage";
sha512 = "JVzfWlrX21KHw4tSrGpCYqqoWFudnyFG4YnHKsnIUtxLDkjyQA8N2/OrDIR+SlK/b0RRs9KZ4lbqQMX8PXUHsg==";
sha512 = "2OaV8dONv7yBcQsfecgfedP2ypBN6svD9rgZLgUwSydyH2+rODNPne4O7z2Hahm7Y0Ae+NFxbpQ9lbNbX0vhsg==";
};
appimageContents = appimageTools.extractType2 {
@ -33,7 +33,7 @@ in appimageTools.wrapType2 {
meta = with lib; {
description = "A beautiful Plex music player for audiophiles, curators, and hipsters";
homepage = "https://plexamp.com/";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/35";
changelog = "https://forums.plex.tv/t/plexamp-release-notes/221280/36";
license = licenses.unfree;
maintainers = with maintainers; [ killercup synthetica ];
platforms = [ "x86_64-linux" ];

4
pkgs/applications/audio/qtractor/default.nix
View file

@ -30,11 +30,11 @@
mkDerivation rec {
pname = "qtractor";
version = "0.9.23";
version = "0.9.24";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "sha256-GgDc7WM4nVGlq+8EcwxJ7MnSPYwAej51IMrN0glCTbQ=";
sha256 = "sha256-YTT7ko5HjKrZ8DKU3L06EI7bZeBtvPl21pqUf6EaeS4=";
};
nativeBuildInputs = [

2
pkgs/applications/audio/setbfree/default.nix
View file

@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "A DSP tonewheel organ emulator";
homepage = "http://setbfree.org";
homepage = "https://setbfree.org";
license = licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" ]; # fails on ARM and Darwin
maintainers = [ maintainers.goibhniu ];

44
pkgs/applications/audio/sony-headphones-client/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, stdenv, fetchFromGitHub, cmake, pkg-config, bluez, dbus, glew, glfw, imgui, makeDesktopItem, copyDesktopItems }:
stdenv.mkDerivation rec {
pname = "SonyHeadphonesClient";
version = "1.2";
src = fetchFromGitHub {
owner = "Plutoberth";
repo = "SonyHeadphonesClient";
rev = "v${version}";
sha256 = "sha256-oejXrs9X+R6Jydro0XIw2XifzFA7asDhpobtaE3//Hc=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake pkg-config copyDesktopItems ];
buildInputs = [ bluez dbus glew glfw imgui ];
sourceRoot = "./source/Client";
cmakeFlags = [ "-Wno-dev" ];
installPhase = ''
runHook preInstall
install -Dm755 -t $out/bin SonyHeadphonesClient
runHook postInstall
'';
desktopItems = [ (makeDesktopItem {
name = "SonyHeadphonesClient";
exec = "SonyHeadphonesClient";
icon = "SonyHeadphonesClient";
desktopName = "Sony Headphones Client";
comment = "A client recreating the functionality of the Sony Headphones app";
categories = "Audio;Mixer;";
}) ];
meta = with lib; {
description = "A client recreating the functionality of the Sony Headphones app";
homepage = "https://github.com/Plutoberth/SonyHeadphonesClient";
license = licenses.mit;
maintainers = with maintainers; [ stunkymonkey ];
platforms = platforms.linux;
};
}

2
pkgs/applications/audio/spectmorph/default.nix
View file

@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Allows to analyze samples of musical instruments, and to combine them (morphing) to construct hybrid sounds";
homepage = "http://spectmorph.org";
homepage = "https://spectmorph.org";
license = licenses.gpl3;
platforms = [ "x86_64-linux" "i686-linux" ];
maintainers = [ maintainers.magnetophon ];

13
pkgs/applications/audio/wavegain/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub }:
{ lib, stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation {
pname = "wavegain";
@ -11,6 +11,17 @@ stdenv.mkDerivation {
sha256 = "0wghqnsbypmr4xcrhb568bfjdnxzzp8qgnws3jslzmzf34dpk5ls";
};
patches = [
# Upstream fix for -fno-common toolchains.
(fetchpatch {
name = "fno-common.patch";
url = "https://github.com/MestreLion/wavegain/commit/ee5e0f9a0ce34c0cf2769ea6566685a54b938304.patch";
sha256 = "11yi0czdn5h5bsqp23cww6yn9lm60cij8i1pzfwcfhgyf6f8ym1n";
})
];
makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ];
installPhase = ''
strip -s wavegain
install -vD wavegain "$out/bin/wavegain"

1
pkgs/applications/audio/zrythm/default.nix
View file

@ -137,6 +137,7 @@ stdenv.mkDerivation rec {
"-Denable_rtmidi=true"
"-Denable_rtaudio=true"
"-Denable_sdl=true"
"-Dcarla=enabled"
"-Dmanpage=true"
# "-Duser_manual=true" # needs sphinx-intl
"-Dlsp_dsp=disabled"

3
pkgs/applications/blockchains/go-ethereum/default.nix
View file

@ -18,8 +18,7 @@ in buildGoModule rec {
sha256 = "sha256-0DQrcei3FM+X4BYokou7dPNVCcJTbY05YsTvzdtsas8=";
};
runVend = true;
vendorSha256 = "sha256-i2FOAN1ng3WNOWaFowiSSuYR4LA1Bo3tjkvgcClBXSU=";
vendorSha256 = "sha256-zQOpWtQrdn+E1tRWmtEScQ7DDMzNCSr5H+5YL+Z1vug=";
doCheck = false;

98
pkgs/applications/blockchains/wasabibackend/create_deps.sh
View file

@ -1,98 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p dotnet-sdk_3 jq xmlstarlet curl nixpkgs-fmt
set -euo pipefail
# Run this script to generate deps.nix
# TODO: consolidate with other dotnet deps generation scripts by which
# this script is inspired:
# - pkgs/servers/nosql/eventstore/create-deps.sh
# - pkgs/development/dotnet-modules/python-language-server/create_deps.sh
# - pkgs/misc/emulators/ryujinx/updater.sh
cd "$(dirname "${BASH_SOURCE[0]}")"
deps_file="$(realpath "./deps.nix")"
exec 2>&1 6> "$deps_file"
store_src="$( nix-build ../../../.. -A wasabibackend.src --no-out-link )"
src="$(mktemp -d)"
cp -rT "$store_src" "$src"
chmod -R +w "$src"
pushd "$src"
URLBASE="https://www.nuget.org/api/v2/package"
DEPS_HEADER="
{ fetchurl }:
let
nugetUrlBase = \"$URLBASE\";
fetchNuGet = { name, version, sha256 }: fetchurl {
inherit sha256;
url = \"\${nugetUrlBase}/\${name}/\${version}\";
};
in ["
DEPS_FOOTER="]"
DEPS_TEMPLATE="
(fetchNuGet {
name = \"%s\";
version = \"%s\";
sha256 = \"%s\";
})"
tmpdir="$(mktemp -d -p "$(pwd)")" # must be under source root
trap 'rm -rf "$tmpdir"' EXIT
HOME="$tmpdir" dotnet restore --packages "$tmpdir"/.nuget/packages \
--no-cache --force --runtime linux-x64 \
WalletWasabi.Backend/WalletWasabi.Backend.csproj >&2
mapfile -t repos < <(
xmlstarlet sel -t -v 'configuration/packageSources/add/@value' -n NuGet.config "$tmpdir"/.nuget/NuGet/NuGet.Config |
while IFS= read index
do
curl --compressed -fsL "$index" | \
jq -r '.resources[] | select(."@type" == "PackageBaseAddress/3.0.0")."@id"'
done
)
echo $DEPS_HEADER >&6
cd "$tmpdir/.nuget/packages"
for package in *
do
cd "$package"
for version in *
do
found=false
for repo in "${repos[@]}"
do
url="$repo$package/$version/$package.$version.nupkg"
if curl -fsL "$url" -o /dev/null
then
found=true
break
fi
done
if ! $found
then
echo "couldn't find $package $version" >&2
exit 1
fi
sha256=$(nix-prefetch-url "$url" 2>/dev/null)
printf "$DEPS_TEMPLATE" $package $version $sha256 >&6
done
cd ..
done
echo $DEPS_FOOTER >&6
exec 6>&-
nixpkgs-fmt "$deps_file"

94
pkgs/applications/blockchains/wasabibackend/default.nix
View file

@ -1,95 +1,45 @@
{ lib, stdenv
{ lib
, stdenv
, fetchFromGitHub
, fetchurl
, makeWrapper
, Nuget
, buildDotnetModule
, dotnetCorePackages
, openssl
, autoPatchelfHook
, zlib
, openssl
}:
let
deps = import ./deps.nix { inherit fetchurl; };
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-aspnetcore = dotnetCorePackages.aspnetcore_3_1;
nugetSource = stdenv.mkDerivation {
pname = "${pname}-nuget-deps";
inherit version;
dontUnpack = true;
dontInstall = true;
nativeBuildInputs = [ Nuget ];
buildPhase = ''
export HOME=$(mktemp -d)
mkdir -p $out/lib
nuget sources Disable -Name "nuget.org"
for package in ${toString deps}; do
nuget add $package -Source $out/lib
done
'';
};
pname = "WasabiBackend";
version = "1.1.12";
projectName = "WalletWasabi.Backend";
projectConfiguration = "Release";
projectRuntime = "linux-x64";
in
stdenv.mkDerivation rec {
inherit pname version;
buildDotnetModule rec {
pname = "wasabibackend";
version = "1.1.13.0";
src = fetchFromGitHub {
owner = "zkSNACKs";
repo = "WalletWasabi";
rev = "v${version}";
sha256 = "001k43z2jxvs03csyzndlzlk034aclzc4n8ddrqxykgrq508xk1d";
sha256 = "sha256-zDOk8MurT5NXOr4kvm5mnsphY+eDFWuVBcpeTZpcHOo=";
};
buildInputs = [
Nuget
dotnet-sdk
makeWrapper
];
projectFile = "WalletWasabi.Backend/WalletWasabi.Backend.csproj";
nugetDeps = ./deps.nix;
buildPhase = ''
export HOME=$(mktemp -d)
export DOTNET_CLI_TELEMETRY_OPTOUT=1
export DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1
export DOTNET_ROOT="${dotnet-sdk}/bin"
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
nuget sources Disable -Name "nuget.org"
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = [ stdenv.cc.cc.lib zlib ];
dotnet restore \
--source ${nugetSource}/lib \
--runtime ${projectRuntime} \
${projectName}
runtimeDeps = [ openssl zlib ];
dotnet publish \
--no-restore \
--runtime ${projectRuntime} \
--configuration ${projectConfiguration} \
${projectName}
preConfigure = ''
makeWrapperArgs+=(
--run "cd $out/lib/${pname}"
)
'';
installPhase = ''
mkdir -p $out
cp -r ${projectName}/bin/${projectConfiguration}/netcoreapp3.1/${projectRuntime}/publish $out/lib
mkdir -p $out/bin
makeWrapper $out/lib/WalletWasabi.Backend $out/bin/${pname} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ openssl zlib ]} \
--run "cd $out/lib"
postInstall = ''
mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
'';
# If we don't disable stripping the executable fails to start with segfault
dontStrip = true;
meta = with lib; {
description = "Backend for the Wasabi Wallet";
homepage = "https://wasabiwallet.io/";

1154
pkgs/applications/blockchains/wasabibackend/deps.nix generated
View file

File diff suppressed because it is too large Load diff

40
pkgs/applications/editors/jetbrains/default.nix
View file

@ -251,12 +251,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2021.3.1"; /* updated by script */
version = "2021.3.2"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0nf1r02i51pplrazlyavc6xs6mi91spa92srfqpsgb78ar9vn027"; /* updated by script */
sha256 = "029xim3a6ijqdbzwxan189ydcy5b0ry2qqc70fipp8ic5z5iai3b"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -264,12 +264,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2021.3.2"; /* updated by script */
version = "2021.3.3"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0m0nc988w2a2p0l3a9cirnk2vbrsas4wb3fc4pwiml5bz5vwh255"; /* updated by script */
sha256 = "0wbr7hjbj9zvxn4j7nrp7sdzjk78hcg7ssz430y35x9isfiqv5py"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -277,12 +277,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2021.3.1"; /* updated by script */
version = "2021.3.2"; /* updated by script */
description = "Up and Coming Go IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "1kl1sg2fjh8wpx47984vw6zrqf7nakbji606cl52brkxik7py0d3"; /* updated by script */
sha256 = "0csc52wwqggdxc61qkmbs84hdvyj3x60rcv5jrxcwp3bjq94kskw"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE";
@ -290,12 +290,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "0xrhgqbsyd2plzkkmy00bwsa8dk4ijszmhmbyn6c9ygl01zhji6y"; /* updated by script */
sha256 = "19xxbjcn17n3fk1vdb31nihn9cv5q65wfxdan6dx7z0wq5c4x9zd"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -303,12 +303,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "0riwww75aizprb01c1sccprbr00ky5wgy5cxxjxqgm8v72rfnihb"; /* updated by script */
sha256 = "0ys8f2h0qaj8s9ga94hg73vah552a6al4r1ypdp05f7j1m7lzajf"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -330,12 +330,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "1h3ld3swvvx8hicm5lpf65mr7asiqy59hvqnigz71hbjgqnsb8g0"; /* updated by script */
sha256 = "011i3jgfnb2h64ikbm3wi1vfhzm50mwwy9nksl71nzllj3kz111x"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE";
@ -343,12 +343,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "PyCharm Community Edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0iypqilil6x9k1gi6bfjzccw7wp601grd9639yk50crg45wnzga4"; /* updated by script */
sha256 = "1xd88rd1w3ghkm6jq8ilhhjy972qfm57si581rnsjpz65rj6xpgm"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -356,12 +356,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "PyCharm Professional Edition";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0z6dnigx616939azyngjy5r4gayazplkgq480k80ppmkw636yhl1"; /* updated by script */
sha256 = "0639mzjh1hw158gmf4qqld03371z60k3xyca21l1pnv3551svd6d"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -382,12 +382,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "1vmybxnwyv7wiv3clm857yvzlws0bcza01wx8jm0dbnrzq38dz4d"; /* updated by script */
sha256 = "1xax3738myxjzm0p8zm8aaa2nw0336h80nrm9dqby2j7dass2jnm"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -395,12 +395,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2021.3"; /* updated by script */
version = "2021.3.1"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1llz97r95xrf7yixgbfipg153qikkxziwwhv9dvvi29v7pi1k4ys"; /* updated by script */
sha256 = "1f918cj76b79x0d2hhv78mvmki5d1dps8nsx7i50wn2qzdml4kc6"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

6
pkgs/applications/editors/manuskript/default.nix
View file

@ -2,7 +2,7 @@
python3Packages.buildPythonApplication rec {
pname = "manuskript";
version = "0.11.0";
version = "0.13.1";
format = "other";
@ -10,7 +10,7 @@ python3Packages.buildPythonApplication rec {
repo = pname;
owner = "olivierkes";
rev = version;
sha256 = "1l6l9k6k69yv8xqpll0zv9cwdqqg4zvxy90l6sx5nv2yywh5crla";
hash = "sha256-TEmAamNdqBK7bu62tLtJl05wBI6hga84PQSrWiMPROY=";
};
nativeBuildInputs = [ wrapQtAppsHook ];
@ -42,7 +42,7 @@ python3Packages.buildPythonApplication rec {
meta = {
description = "A open-source tool for writers";
homepage = "http://www.theologeek.ch/manuskript";
homepage = "https://www.theologeek.ch/manuskript";
longDescription = ''
Manuskript is a tool for those writer who like to organize and
plan everything before writing. The snowflake method can help you

4
pkgs/applications/editors/mg/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "mg";
version = "6.9";
version = "7.0";
src = fetchFromGitHub {
owner = "ibara";
repo = "mg";
rev = "mg-${version}";
sha256 = "1w49yb9v1657rv1w5w7rc9ih1d2vzv6ym3mzhf2wgmh04pdm6hid";
sha256 = "sha256-qnb0yB/NNJV257dsLmP84brajoRG03U+Ja1ACYbBvbE=";
};
enableParallelBuilding = true;

45
pkgs/applications/editors/xedit/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib
, stdenv
, fetchFromGitLab
, autoreconfHook
, pkg-config
, utilmacros
, libX11
, libXaw
, libXmu
, libXt
}:
stdenv.mkDerivation rec {
pname = "xedit";
version = "1.2.2";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "xorg/app";
repo = "xedit";
rev = "${pname}-${version}";
sha256 = "0b5ic13aasv6zh20v2k7zyxsqbnsxfq5rs3w8nwzl1gklmgrjxa3";
};
nativeBuildInputs = [ autoreconfHook pkg-config utilmacros ];
buildInputs = [
libX11
libXaw
libXmu
libXt
];
configureFlags = [
"--with-lispdir=$out/share/X11/xedit/lisp"
"--with-appdefaultdir=$out/share/X11/app-defaults"
];
meta = with lib; {
description = "Simple graphical text editor using Athena Widgets (Xaw)";
homepage = "https://gitlab.freedesktop.org/xorg/app/xedit";
license = with licenses; [ mit ];
maintainers = with maintainers; [ shamilton ];
platforms = platforms.linux;
};
}

3
pkgs/applications/graphics/ascii-image-converter/default.nix
View file

@ -11,8 +11,7 @@ buildGoModule rec {
sha256 = "DitJnWIz1Dt9yXtyQp/z738IAmG4neYmfc49Wdjos7Q=";
};
runVend = true;
vendorSha256 = "JKrBMhzBL1+jlMPudynjOc/ekFiUVaxltyLr4V8QZbg=";
vendorSha256 = "sha256-pKgukWKF4f/kLASjh8aKU7x9UBW/H+4C/02vxmh+qOU=";
meta = with lib; {
description = "Convert images into ASCII art on the console";

150
pkgs/applications/graphics/darktable/default.nix
View file

@ -1,31 +1,117 @@
{ lib, stdenv, fetchurl, libsoup, graphicsmagick, json-glib, wrapGAppsHook
, cairo, cmake, ninja, curl, perl, llvm, desktop-file-utils, exiv2, glib
, ilmbase, gtk3, intltool, lcms2, lensfun, libX11, libexif, libgphoto2, libjpeg
, libpng, librsvg, libtiff, openexr, osm-gps-map, pkg-config, sqlite, libxslt
, openjpeg, lua, pugixml, colord, colord-gtk, libwebp, libsecret, gnome
, ocl-icd, pcre, gtk-mac-integration, isocodes, llvmPackages, gmic, libavif, icu
{ lib
, stdenv
, fetchurl
, libsoup
, graphicsmagick
, json-glib
, wrapGAppsHook
, cairo
, cmake
, ninja
, curl
, perl
, llvm_13
, desktop-file-utils
, exiv2
, glib
, ilmbase
, gtk3
, intltool
, lcms2
, lensfun
, libX11
, libexif
, libgphoto2
, libjpeg
, libpng
, librsvg
, libtiff
, openexr_3
, osm-gps-map
, pkg-config
, sqlite
, libxslt
, openjpeg
, pugixml
, colord
, colord-gtk
, libwebp
, libsecret
, gnome
, SDL2
, ocl-icd
, pcre
, gtk-mac-integration
, isocodes
, llvmPackages
, gmic
, libavif
, icu
, jasper
, libheif
, libaom
, portmidi
, fetchpatch
, lua5_4
, ...
}:
stdenv.mkDerivation rec {
version = "3.6.1";
version = "3.8.0";
pname = "darktable";
src = fetchurl {
url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
sha256 = "sha256-or/HwQO4JJRUV6m/7Z5S8Af6HQMPnbyz/wMnhRvkLRQ=";
sha256 = "01gp9dg5wr2rg1k8cqs0l3s7ism8a4q8qypgwccd4jh7ip3wfr9f";
};
nativeBuildInputs = [ cmake ninja llvm pkg-config intltool perl desktop-file-utils wrapGAppsHook ];
nativeBuildInputs = [ cmake ninja llvm_13 pkg-config intltool perl desktop-file-utils wrapGAppsHook ];
buildInputs = [
cairo curl exiv2 glib gtk3 ilmbase lcms2 lensfun libexif
libgphoto2 libjpeg libpng librsvg libtiff openexr sqlite libxslt
libsoup graphicsmagick json-glib openjpeg lua pugixml
libwebp libsecret gnome.adwaita-icon-theme osm-gps-map pcre isocodes gmic libavif icu
cairo
curl
exiv2
glib
gtk3
ilmbase
lcms2
lensfun
libexif
libgphoto2
libjpeg
libpng
librsvg
libtiff
openexr_3
sqlite
libxslt
libsoup
graphicsmagick
json-glib
openjpeg
pugixml
libwebp
libsecret
SDL2
gnome.adwaita-icon-theme
osm-gps-map
pcre
isocodes
gmic
libavif
icu
jasper
libheif
libaom
portmidi
lua5_4
] ++ lib.optionals stdenv.isLinux [
colord colord-gtk libX11 ocl-icd
colord
colord-gtk
libX11
ocl-icd
] ++ lib.optional stdenv.isDarwin gtk-mac-integration
++ lib.optional stdenv.cc.isClang llvmPackages.openmp;
++ lib.optional stdenv.cc.isClang llvmPackages.openmp;
cmakeFlags = [
"-DBUILD_USERMANUAL=False"
@ -34,29 +120,39 @@ stdenv.mkDerivation rec {
"-DUSE_KWALLET=OFF"
];
patches = [
(fetchpatch {
# This is merged in darktable master and will hopefully be in 3.8.1
name = "cmake-fix.patch";
url = "https://github.com/darktable-org/darktable/commit/58d247f7ebea76c55fa2525beb9f5ce092c6670d.patch";
sha256 = "11fn6d2mwlapbf1zbyv6bhgv29kxcwrs7cnbway0rnl9nj8wimf2";
})
];
# darktable changed its rpath handling in commit
# 83c70b876af6484506901e6b381304ae0d073d3c and as a result the
# binaries can't find libdarktable.so, so change LD_LIBRARY_PATH in
# the wrappers:
preFixup = let
libPathEnvVar = if stdenv.isDarwin then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH";
libPathPrefix = "$out/lib/darktable" + lib.optionalString stdenv.isLinux ":${ocl-icd}/lib";
in ''
for f in $out/share/darktable/kernels/*.cl; do
sed -r "s|#include \"(.*)\"|#include \"$out/share/darktable/kernels/\1\"|g" -i "$f"
done
preFixup =
let
libPathEnvVar = if stdenv.isDarwin then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH";
libPathPrefix = "$out/lib/darktable" + lib.optionalString stdenv.isLinux ":${ocl-icd}/lib";
in
''
for f in $out/share/darktable/kernels/*.cl; do
sed -r "s|#include \"(.*)\"|#include \"$out/share/darktable/kernels/\1\"|g" -i "$f"
done
gappsWrapperArgs+=(
--prefix ${libPathEnvVar} ":" "${libPathPrefix}"
)
'';
gappsWrapperArgs+=(
--prefix ${libPathEnvVar} ":" "${libPathPrefix}"
)
'';
meta = with lib; {
description = "Virtual lighttable and darkroom for photographers";
homepage = "https://www.darktable.org";
license = licenses.gpl3Plus;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ goibhniu flosse mrVanDalo ];
maintainers = with maintainers; [ goibhniu flosse mrVanDalo paperdigits ];
};
}

13
pkgs/applications/graphics/meshlab/default.nix
View file

@ -14,17 +14,21 @@
, levmar
, qhull
, cmake
, cgal_5
, boost17x
, mpfr
, xercesc
}:
mkDerivation rec {
pname = "meshlab";
version = "2020.12";
version = "2021.10";
src = fetchFromGitHub {
owner = "cnr-isti-vclab";
repo = "meshlab";
rev = "Meshlab-${version}";
sha256 = "QrnqXEVqI1ADUYWalZ0h/0+xS+gDZTinm0weT39onw0=";
sha256 = "14rrd8qrf91k89y6w2mn1r9zcfnwd0mir6g4dlgvr04i77hj4lk4";
fetchSubmodules = true; # for vcglib
};
@ -41,6 +45,10 @@ mkDerivation rec {
gmp
levmar
qhull
cgal_5
boost17x
mpfr
xercesc
];
nativeBuildInputs = [ cmake ];
@ -61,6 +69,7 @@ mkDerivation rec {
# disable when available in nixpkgs
"-DALLOW_BUNDLED_OPENCTM=ON"
"-DALLOW_BUNDLED_SSYNTH=ON"
"-DALLOW_BUNDLED_BOOST=OFF"
# some plugins are disabled unless these are on
"-DALLOW_BUNDLED_NEWUOA=ON"
"-DALLOW_BUNDLED_LEVMAR=ON"

37
pkgs/applications/misc/HentaiAtHome/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ buildGraalvmNativeImage, fetchzip, graalvm17-ce, lib }:
buildGraalvmNativeImage rec {
pname = "HentaiAtHome";
version = "1.6.1";
src = fetchzip {
url = "https://repo.e-hentai.org/hath/HentaiAtHome_${version}.zip";
hash =
"sha512-nGGCuVovj4NJGrihKKYXnh0Ic9YD36o7r6wv9zSivZn22zm8lBYVXP85LnOw2z9DiJARivOctQGl48YFD7vxOQ==";
stripRoot = false;
};
jar = "${src}/HentaiAtHome.jar";
dontUnpack = true;
graalvm = graalvm17-ce;
extraNativeImageBuildArgs = [
"--enable-url-protocols=http,https"
"--install-exit-handlers"
"--no-fallback"
];
doInstallCheck = true;
installCheckPhase = ''
pushd $(mktemp -d)
$out/bin/HentaiAtHome
popd
'';
meta = with lib; {
homepage = "https://ehwiki.org/wiki/Hentai@Home";
description =
"Hentai@Home is an open-source P2P gallery distribution system which reduces the load on the E-Hentai Galleries";
license = licenses.gpl3;
maintainers = with maintainers; [ terrorjack ];
};
}

4
pkgs/applications/misc/batsignal/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "batsignal";
version = "1.3.1";
version = "1.3.2";
src = fetchFromGitHub {
owner = "electrickite";
repo = "batsignal";
rev = version;
sha256 = "sha256-ClwI3ZbkLul+l0zzzGxNjSOUTuVzIxtwUPNLOeFT2X0=";
sha256 = "sha256-+5yAwBUyhqmoV8l8VwIQMxnSgjNZNbGfGajPhA+IFwA=";
};
buildInputs = [ libnotify glib ];

13
pkgs/applications/misc/calibre/default.nix
View file

@ -27,20 +27,25 @@
mkDerivation rec {
pname = "calibre";
version = "5.33.2";
version = "5.34.0";
src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-wtt3ucCaFq9wLk79CeCz20tMM6AbLtZ4Ln6TxOx0dvI=";
hash = "sha256-1NQB7vrcU0hR308/8keUn/rHhdvJk5Ab0pOMPyiU1+M=";
};
# https://sources.debian.org/patches/calibre/5.33.2+dfsg-1
# https://sources.debian.org/patches/calibre/${version}+dfsg-1
patches = [
# allow for plugin update check, but no calibre version check
(fetchpatch {
name = "0001-only-plugin-update.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}%2Bdfsg-1/debian/patches/0001-only-plugin-update.patch";
sha256 = "sha256-dLzO1TWP7Q4nw2a3oN7qlhGCmcA0NKJrZidUnD6hUMA=";
sha256 = "sha256:1h2hl4z9qm17crms4d1lq2cq44cnxbga1dv6qckhxvcg6pawxg3l";
})
(fetchpatch {
name = "0007-Hardening-Qt-code.patch";
url = "https://raw.githubusercontent.com/debian-calibre/calibre/debian/${version}%2Bdfsg-1/debian/patches/0007-Hardening-Qt-code.patch";
sha256 = "sha256:18wps7fn0cpzb7gf78f15pmbaff4vlygc9g00hq7zynfa4pcgfdg";
})
]
++ lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch;

4
pkgs/applications/misc/ddcui/default.nix
View file

@ -10,13 +10,13 @@
mkDerivation rec {
pname = "ddcui";
version = "0.1.2";
version = "0.2.0";
src = fetchFromGitHub {
owner = "rockowitz";
repo = "ddcui";
rev = "v${version}";
sha256 = "0myma1zw6dlygv3xbin662d91zcnwss10syf12q2fppkrd8qdgqf";
sha256 = "sha256-dp6D5GHpo0PJILnzZDKLnEPgQQ7980dI/6RV5ws3RTU=";
};
nativeBuildInputs = [

47
pkgs/applications/misc/electrum/dash.nix
View file

@ -1,47 +0,0 @@
{ lib, fetchurl, python2Packages }:
python2Packages.buildPythonApplication rec {
version = "2.9.3.1";
pname = "electrum-dash";
src = fetchurl {
url = "https://github.com/akhavr/electrum-dash/releases/download/${version}/Electrum-DASH-${version}.tar.gz";
#"https://github.com/dashpay/electrum-dash/releases/download/v${version}/Electrum-DASH-${version}.tar.gz";
sha256 = "9b7ac205f63fd4bfb15d77a34a4451ef82caecf096f31048a7603bd276dfc33e";
};
propagatedBuildInputs = with python2Packages; [
dnspython
ecdsa
pbkdf2
protobuf
pyasn1
pyasn1-modules
pycrypto
pyqt4
qrcode
requests
pyaes
tlslite-ng
x11_hash
mnemonic
jsonrpclib
# plugins
trezor
];
preInstall = ''
mkdir -p $out/share
sed -i 's@usr_share = .*@usr_share = os.getenv("out")+"/share"@' setup.py
pyrcc4 icons.qrc -o gui/qt/icons_rc.py
'';
meta = with lib; {
description = "Electrum DASH";
homepage = "https://github.com/dashpay/electrum-dash";
license = licenses.gpl3;
maintainers = with maintainers; [ np ];
knownVulnerabilities = [ "CVE-2018-1000022" ];
};
}

4
pkgs/applications/misc/fetchmail/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "fetchmail";
version = "6.4.24";
version = "6.4.25";
src = fetchurl {
url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz";
sha256 = "sha256-nJYd8lzZIvU5IYsLVqd+ekd3jkntkH7apbSUGtOyU88=";
sha256 = "sha256-fr776JFy/Vnw/YMX2HQ6hDbzdczcqzkA5MPsBqj78n8=";
};
buildInputs = [ openssl ];

4
pkgs/applications/misc/free42/default.nix
View file

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "free42";
version = "3.0.7";
version = "3.0.8";
src = fetchFromGitHub {
owner = "thomasokken";
repo = pname;
rev = "v${version}";
sha256 = "sha256-wGzZRp+7KBV/sxm08XCkCDx+A8nR9To5MCmcdWdlttM=";
sha256 = "sha256-nZCuFumAyeUxRmmtd6/qvXk3LVZgbDhlsDygXMWDfp0=";
};
nativeBuildInputs = [ copyDesktopItems pkg-config ];

4
pkgs/applications/misc/iptsd/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "iptsd";
version = "0.4";
version = "0.5";
src = fetchFromGitHub {
owner = "linux-surface";
repo = pname;
rev = "v${version}";
sha256 = "sha256-CoPgkt7n2kk7WlQHe0RjNlxfp2Nd8BbIE2gyf0bOBy4=";
sha256 = "sha256-A/0hA4gJwzrRPn57IKYvfcAnx1KXbQl0ZX2TE8mcQhc=";
};
nativeBuildInputs = [ meson ninja pkg-config ];

2
pkgs/applications/misc/jquake/default.nix
View file

@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Real-time earthquake map of Japan";
homepage = "http://jquake.net";
homepage = "https://jquake.net";
downloadPage = "https://jquake.net/?down";
changelog = "https://jquake.net/?docu";
maintainers = with maintainers; [ nessdoor ];

4
pkgs/applications/misc/kanboard/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "kanboard";
version = "1.2.20";
version = "1.2.21";
src = fetchFromGitHub {
owner = "kanboard";
repo = "kanboard";
rev = "v${version}";
sha256 = "sha256-IB+GhUZvjngjf1UHKc7B/PkZHVXKYUTk6CVA5XSiF5Y=";
sha256 = "sha256-0CIemSdgNnYfpwZqfTerd/RZ+mYeFUWTE+v2hwu+9gI=";
};
dontBuild = true;

5
pkgs/applications/misc/librecad/default.nix
View file

@ -2,7 +2,7 @@
, boost
, fetchFromGitHub
, installShellFiles
, mkDerivationWith
, mkDerivation
, muparser
, pkg-config
, qmake
@ -10,10 +10,9 @@
, qtsvg
, qttools
, runtimeShell
, stdenv
}:
mkDerivationWith stdenv.mkDerivation rec {
mkDerivation rec {
pname = "librecad";
version = "2.2.0-rc2";

4
pkgs/applications/misc/makeself/default.nix
View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, which, zstd, pbzip2 }:
stdenv.mkDerivation rec {
version = "2.4.2";
version = "2.4.5";
pname = "makeself";
src = fetchFromGitHub {
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
repo = "makeself";
rev = "release-${version}";
fetchSubmodules = true;
sha256 = "07cq7q71bv3fwddkp2863ylry2ivds00f8sjy8npjpdbkailxm21";
sha256 = "sha256-15lUtErGsbXF2Gn0f0rvA18mMuVMmkKrGO2poeYZU9g=";
};
postPatch = "patchShebangs test";

4
pkgs/applications/misc/megacmd/default.nix
View file

@ -1,7 +1,7 @@
{ lib
, stdenv
, autoconf
, automake
, automake115x
, c-ares
, cryptopp
, curl
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
autoconf
automake
automake115x
libtool
pkg-config
];

4
pkgs/applications/misc/nwg-menu/default.nix
View file

@ -14,9 +14,7 @@ buildGoModule rec {
sha256 = "sha256-M948RGU9/PwUtFRmf1Po7KlrGxqRPiOZKfS1Vv3vqW8=";
};
vendorSha256 = "sha256-AnYtqSe8mq10FQ071GEVh65MaWek5gYlR+9d8yL0RAc=";
runVend = true;
vendorSha256 = "sha256-HyrjquJ91ddkyS8JijHd9HjtfwSQykXCufa2wzl8RNk";
doCheck = false;

4
pkgs/applications/misc/pdfsam-basic/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "pdfsam-basic";
version = "4.2.8";
version = "4.2.10";
src = fetchurl {
url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam_${version}-1_amd64.deb";
sha256 = "sha256-bbGFSy2ZuUtFWyAgje6s+RSQ6S7NZGAhjvZMbIWfYhE=";
sha256 = "sha256-YxUozMrsR65A7+xeerMaYxkGALobG1wLguWGZnoQYcU=";
};
unpackPhase = ''

94
pkgs/applications/misc/qcad/default.nix
View file

@ -1,29 +1,30 @@
{ boost
{ lib
, stdenv
, mkDerivation
, fetchFromGitHub
, libGLU
, mkDerivationWith
, muparser
, installShellFiles
, pkg-config
, qtbase
, qmake
, qttools
, boost
, libGLU
, muparser
, qtbase
, qtscript
, qtsvg
, qtxmlpatterns
, qttools
, lib
, stdenv
, installShellFiles
, qtmacextras
}:
mkDerivationWith stdenv.mkDerivation rec {
mkDerivation rec {
pname = "qcad";
version = "3.26.4.10";
version = "3.27.1.0";
src = fetchFromGitHub {
owner = "qcad";
repo = "qcad";
rev = "v${version}";
sha256 = "sha256-dWpItV18lYjdwUsn2wwA//AUHU5ICGfmih2cJWihvn0=";
sha256 = "sha256-tydgSfS1MF322sgWULMEZ8P6YIaN1QoeJiia0wbsgjo=";
};
patches = [
@ -40,26 +41,56 @@ mkDerivationWith stdenv.mkDerivation rec {
fi
'';
nativeBuildInputs = [
installShellFiles
pkg-config
qmake
qttools
];
buildInputs = [
boost
libGLU
muparser
qtbase
qtscript
qtsvg
qtxmlpatterns
] ++ lib.optionals stdenv.isDarwin [
qtmacextras
];
qmakeFlags = [
"MUPARSER_DIR=${muparser}"
"INSTALLROOT=$(out)"
"BOOST_DIR=${boost.dev}"
];
qtWrapperArgs =
lib.optionals stdenv.isLinux [ "--prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib" ]
++
lib.optionals stdenv.isDarwin [ "--prefix DYLD_LIBRARY_PATH : ${placeholder "out"}/lib" ];
installPhase = ''
runHook preInstall
install -Dm555 -t $out/bin release/qcad-bin
install -Dm555 -t $out/lib release/libspatialindexnavel.so
install -Dm555 -t $out/lib release/libqcadcore.so
install -Dm555 -t $out/lib release/libqcadentity.so
install -Dm555 -t $out/lib release/libqcadgrid.so
install -Dm555 -t $out/lib release/libqcadsnap.so
install -Dm555 -t $out/lib release/libqcadoperations.so
install -Dm555 -t $out/lib release/libqcadstemmer.so
install -Dm555 -t $out/lib release/libqcadspatialindex.so
install -Dm555 -t $out/lib release/libqcadgui.so
install -Dm555 -t $out/lib release/libqcadecmaapi.so
'' + lib.optionalString stdenv.isLinux ''
install -Dm555 release/qcad-bin $out/bin/qcad
'' + lib.optionalString stdenv.isDarwin ''
install -Dm555 release/QCAD.app/Contents/MacOS/QCAD $out/bin/qcad
mkdir -p $out/lib
'' +
''
install -Dm555 -t $out/lib release/libspatialindexnavel${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadcore${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadentity${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadgrid${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadsnap${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadoperations${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadstemmer${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadspatialindex${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadgui${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadecmaapi${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm444 -t $out/share/applications qcad.desktop
install -Dm644 -t $out/share/pixmaps scripts/qcad_icon.png
@ -89,23 +120,6 @@ mkDerivationWith stdenv.mkDerivation rec {
runHook postInstall
'';
buildInputs = [
boost
muparser
libGLU
qtbase
qtscript
qtsvg
qtxmlpatterns
];
nativeBuildInputs = [
pkg-config
qmake
qttools
installShellFiles
];
meta = with lib; {
description = "2D CAD package based on Qt";
homepage = "https://qcad.org";

29
pkgs/applications/misc/redshift/default.nix
View file

@ -64,7 +64,16 @@ let
preConfigure = "./bootstrap";
postFixup = "wrapPythonPrograms";
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
postFixup = ''
wrapPythonPrograms
wrapGApp $out/bin/${pname}
'';
# the geoclue agent may inspect these paths and expect them to be
# valid without having the correct $PATH set
@ -112,24 +121,6 @@ rec {
};
};
redshift-wlr = mkRedshift {
pname = "redshift-wlr";
# upstream rebases so this is the push date
version = "2019-08-24";
src = fetchFromGitHub {
owner = "minus7";
repo = "redshift";
rev = "7da875d34854a6a34612d5ce4bd8718c32bec804";
sha256 = "0rs9bxxrw4wscf4a8yl776a8g880m5gcm75q06yx2cn3lw2b7v22";
};
meta = redshift.meta // {
description = redshift.meta.description + "(with wlroots patches)";
homepage = "https://github.com/minus7/redshift";
};
};
gammastep = mkRedshift rec {
pname = "gammastep";
version = "2.0.7";

24
pkgs/applications/misc/sigi/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, rustPlatform, fetchFromGitHub, testVersion, sigi }:
rustPlatform.buildRustPackage rec {
pname = "sigi";
version = "2.1.1";
src = fetchFromGitHub {
owner = "hiljusti";
repo = pname;
rev = "v${version}";
sha256 = "sha256-y0m1AQE5qoUfPZjJfo7w5h+zZ1pbz8FkLFDM13MTWvQ=";
};
cargoSha256 = "sha256-NTjL57Y1Uzk5F34BW3lB3xUpD60Opt0fGWuXHQU5L3g=";
passthru.tests.version = testVersion { package = sigi; };
meta = with lib; {
description = "CLI tool for organization and planning";
homepage = "https://github.com/hiljusti/sigi";
license = licenses.gpl3;
maintainers = with maintainers; [ hiljusti ];
};
}

4
pkgs/applications/misc/tsukae/default.nix
View file

@ -11,9 +11,7 @@ buildGoModule rec {
sha256 = "sha256-1y/WYLW6/HMGmuaX2wOlQbwYn0LcgQCMb4qw8BtCgxQ=";
};
vendorSha256 = "sha256-mVhc9roT7rm9WMwck7jobjn9ykKQRgWJAqM75AmhMN0=";
runVend = true;
vendorSha256 = "sha256-Q0WOzyJGnTXTmj7ZPKyVSnWuWb4bbDjDpgftQ1Opf/I=";
meta = with lib; {
description = "Show off your most used shell commands.";

4
pkgs/applications/misc/urlscan/default.nix
View file

@ -5,13 +5,13 @@
python3Packages.buildPythonApplication rec {
pname = "urlscan";
version = "0.9.7";
version = "0.9.8";
src = fetchFromGitHub {
owner = "firecat53";
repo = pname;
rev = version;
sha256 = "sha256-Wg1QecSMyifID9uIvVWrmkHax4FbbwEcoXIZ8V8P3FU=";
sha256 = "sha256-KQXEiDg5KRCMFFyDlR8D6CQTxRdIZx4/U1csTFCr0sU=";
};
propagatedBuildInputs = [

3
pkgs/applications/networking/browsers/chromium/update.py
View file

@ -68,7 +68,8 @@ def get_matching_chromedriver(version):
return {
'version': chromedriver_version,
'sha256_linux': nix_prefetch_url(get_chromedriver_url('linux64')),
'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64'))
'sha256_darwin': nix_prefetch_url(get_chromedriver_url('mac64')),
'sha256_darwin_aarch64': nix_prefetch_url(get_chromedriver_url('mac64_m1'))
}

3
pkgs/applications/networking/browsers/chromium/upstream-info.json
View file

@ -14,7 +14,8 @@
"chromedriver": {
"version": "96.0.4664.45",
"sha256_linux": "15wybxlh38sw7f2bzalf9ivfp8262cpcvhq08nw9d2cj3j39f13m",
"sha256_darwin": "0r3b8wgbd8xjb09f4vc402gp77y2aqjk9hpqvvr6xgdr7nqym20f"
"sha256_darwin": "0r3b8wgbd8xjb09f4vc402gp77y2aqjk9hpqvvr6xgdr7nqym20f",
"sha256_darwin_aarch64": "1yynw8ngs2655blnf1s6r9flbxlwgaybdvgl6r6h7ppl974dl7rm"
}
},
"beta": {

6
pkgs/applications/networking/browsers/firefox/wrapper.nix
View file

@ -189,7 +189,7 @@ let
];
};
nativeBuildInputs = [ makeWrapper lndir ];
nativeBuildInputs = [ makeWrapper lndir replace ];
buildInputs = [ browser.gtk3 ];
@ -226,14 +226,14 @@ let
cd "${browser}"
find . -type l -print0 | while read -d $'\0' l; do
target="$(readlink "$l" | ${replace}/bin/replace-literal -es -- "${browser}" "$out")"
target="$(readlink "$l" | replace-literal -es -- "${browser}" "$out")"
ln -sfT "$target" "$out/$l"
done
# This will not patch binaries, only "text" files.
# Its there for the wrapper mostly.
cd "$out"
${replace}/bin/replace-literal -esfR -- "${browser}" "$out"
replace-literal -esfR -- "${browser}" "$out"
# create the wrapper

2
pkgs/applications/networking/browsers/vivaldi/default.nix
View file

@ -11,6 +11,7 @@
, isSnapshot ? false
, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null
, enableWidevine ? false, vivaldi-widevine ? null
, commandLineArgs ? ""
}:
let
@ -85,6 +86,7 @@ in stdenv.mkDerivation rec {
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
done
wrapProgram "$out/bin/vivaldi" \
--add-flags ${lib.escapeShellArg commandLineArgs} \
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
'' + lib.optionalString enableWidevine ''

6
pkgs/applications/networking/cluster/kube-capacity/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kube-capacity";
version = "0.6.1";
version = "0.6.2";
src = fetchFromGitHub {
rev = "v${version}";
owner = "robscott";
repo = pname;
sha256 = "sha256-4UdNmuxJsPekA0y4mP302AYIFkG3ee3n99Redb/rPHw=";
sha256 = "sha256-rpCocokLj1iJonOt3rP+n1BpijjWlTie/a7vT2dMYnA=";
};
vendorSha256 = "sha256-PQlOuBqn+b7fO9eHgtTAKxo3YdWmgbxx2JomklttCrM=";
vendorSha256 = "sha256-1D+nQ6WrHwJwcszCvoZ08SHX0anksdI69Jra5b9jPCY=";
meta = with lib; {
description =

4
pkgs/applications/networking/cluster/kubergrunt/default.nix
View file

@ -11,14 +11,12 @@ buildGoModule rec {
sha256 = "1224ssqdz9ak0vylyfbr9c2w0yfdp4hw9jh99qmfi2j5nhw9kzcc";
};
vendorSha256 = "1hbb3hn8mzz9h9p1rl35izz3l6c2rqsg8aq6dgpbpsf5krp3zs3v";
vendorSha256 = "sha256-95rteSEMOBQnAw0QKuj5Yyi8n3xXGl0Tm97WiyTGxVw=";
# Disable tests since it requires network access and relies on the
# presence of certain AWS infrastructure
doCheck = false;
runVend = true;
postInstall = ''
# The binary is named kubergrunt
mv $out/bin/cmd $out/bin/kubergrunt

4
pkgs/applications/networking/cluster/levant/default.nix
View file

@ -11,9 +11,7 @@ buildGoModule rec {
sha256 = "9M7a4i+DPKb1H9jOEVAvhvYxGwtj3dK/40n4GSy4Rqo=";
};
vendorSha256 = "5JlrgmIfhX0rPR72sUkFcofw/iIbIaca359GN9C9dhU=";
runVend = true;
vendorSha256 = "sha256-m3WSk5RvCmeIgX6SwHpWHvokgs71cY6XCKtHJ4jnonc=";
# The tests try to connect to a Nomad cluster.
doCheck = false;

2
pkgs/applications/networking/cluster/linkerd/default.nix
View file

@ -4,5 +4,5 @@
channel = "stable";
version = "2.11.1";
sha256 = "09zwxcaqn537ls737js7rcsqarapw5k25gv41d844k73yvxm882c";
vendorSha256 = "sha256-c3EyVrblqtFuoP7+YdbyPN0DdN6TcQ5DTtFQ/frKM0Q=";
vendorSha256 = "sha256-RayboJdjkmCiUsUBab9ntIH+koOCgp3gmVqXZEUWK88=";
}

2
pkgs/applications/networking/cluster/linkerd/edge.nix
View file

@ -4,5 +4,5 @@
channel = "edge";
version = "21.10.3";
sha256 = "09k4c0dgn9vvgp6xb20x0vylk6bbd03srk3sra8vnpywwi591mcv";
vendorSha256 = "sha256-uGj1sMEa791ZKA7hpJ1A9vtwsmrZDGAYp6HQo6QNAYY=";
vendorSha256 = "sha256-J/+YFXHC6UTyhln2ZDEq/EyqMEP9XcNC4GRuJjGEY3g=";
}

1
pkgs/applications/networking/cluster/linkerd/generic.nix
View file

@ -14,7 +14,6 @@ buildGoModule rec {
};
subPackages = [ "cli" ];
runVend = true;
preBuild = ''
env GOFLAGS="" go generate ./pkg/charts/static

57
pkgs/applications/networking/cluster/terraform-providers/default.nix
View file

@ -1,6 +1,5 @@
{ lib
, buildGoModule
, buildGoPackage
, fetchFromGitHub
, callPackage
, config
@ -11,13 +10,12 @@ let
buildWithGoModule = data:
buildGoModule {
pname = data.repo;
version = data.version;
inherit (data) vendorSha256 version;
subPackages = [ "." ];
doCheck = false;
src = fetchFromGitHub {
inherit (data) owner repo rev sha256;
};
vendorSha256 = data.vendorSha256 or null;
deleteVendor = data.deleteVendor or false;
proxyVendor = data.proxyVendor or false;
@ -27,39 +25,56 @@ let
passthru = data;
};
buildWithGoPackage = data:
buildGoPackage {
pname = data.repo;
version = data.version;
goPackagePath = "github.com/${data.owner}/${data.repo}";
subPackages = [ "." ];
doCheck = false;
src = fetchFromGitHub {
inherit (data) owner repo rev sha256;
};
# Terraform allow checking the provider versions, but this breaks
# if the versions are not provided via file paths.
postBuild = "mv $NIX_BUILD_TOP/go/bin/${data.repo}{,_v${data.version}}";
passthru = data;
};
# Our generic constructor to build new providers
mkProvider = attrs:
(if (lib.hasAttr "vendorSha256" attrs) then buildWithGoModule else buildWithGoPackage)
(if (lib.hasAttr "vendorSha256" attrs) then buildWithGoModule else throw /* added 2022/01 */ "vendorSha256 missing: please use `buildGoModule`")
attrs;
# These providers are managed with the ./update-all script
automated-providers = lib.mapAttrs (_: attrs: mkProvider attrs) list;
# These are the providers that don't fall in line with the default model
special-providers = {
special-providers = let archived = throw "the provider has been archived by upstream"; in {
# Packages that don't fit the default model
gandi = callPackage ./gandi { };
libvirt = callPackage ./libvirt { };
teleport = callPackage ./teleport { };
vpsadmin = callPackage ./vpsadmin { };
} // (lib.optionalAttrs (config.allowAliases or false) {
arukas = archived; # added 2022/01
bitbucket = archived; # added 2022/01
chef = archived; # added 2022/01
cherryservers = archived; # added 2022/01
clc = archived; # added 2022/01
cloudstack = throw "removed from nixpkgs"; # added 2022/01
cobbler = archived; # added 2022/01
cohesity = archived; # added 2022/01
dyn = archived; # added 2022/01
genymotion = archived; # added 2022/01
hedvig = archived; # added 2022/01
ignition = archived; # added 2022/01
incapsula = archived; # added 2022/01
influxdb = archived; # added 2022/01
jdcloud = archived; # added 2022/01
kubernetes-alpha = throw "This has been merged as beta into the kubernetes provider. See https://www.hashicorp.com/blog/beta-support-for-crds-in-the-terraform-provider-for-kubernetes for details";
librato = archived; # added 2022/01
logentries = archived; # added 2022/01
metalcloud = archived; # added 2022/01
mysql = archived; # added 2022/01
nixos = archived; # added 2022/01
oneandone = archived; # added 2022/01
packet = archived; # added 2022/01
profitbricks = archived; # added 2022/01
pureport = archived; # added 2022/01
rancher = archived; # added 2022/01
rightscale = archived; # added 2022/01
runscope = archived; # added 2022/01
segment = throw "removed from nixpkgs"; # added 2022/01
softlayer = archived; # added 2022/01
telefonicaopencloud = archived; # added 2022/01
terraform = archived; # added 2022/01
ultradns = archived; # added 2022/01
vthunder = throw "provider was renamed to thunder"; # added 2022/01
});
in
automated-providers // special-providers // { inherit mkProvider; }

914
pkgs/applications/networking/cluster/terraform-providers/providers.json
View file

File diff suppressed because it is too large Load diff

10
pkgs/applications/networking/cluster/terraform-providers/teleport/default.nix
View file

@ -1,17 +1,19 @@
{ lib, fetchFromGitHub, buildGoModule }:
{ lib, fetchFromGitHub, buildGoModule, teleport }:
buildGoModule rec {
pname = "terraform-provider-teleport";
version = "7.3.0";
version = "8.0.6";
src = fetchFromGitHub {
owner = "gravitational";
repo = "teleport-plugins";
rev = "v${version}";
sha256 = "19zn78nn64gc0nm7ycblzi4549a0asql07pfxvrphi6s9fjr5m3y";
sha256 = "1rhvpbw4dga256dp2cr5f912d2j7rh8pd1v88dlgq3mmw8n5c7vy";
};
vendorSha256 = null;
checkInputs = [ teleport ];
sourceRoot = "source/terraform";
# Terraform allow checking the provider versions, but this breaks
@ -23,7 +25,7 @@ buildGoModule rec {
passthru.provider-source-address = "gravitational.com/teleport/teleport";
meta = with lib; {
description = "Provider for managing resources in Teleport, a SSH CA management suite";
description = "Provider for managing resources in Teleport access plane";
homepage = "https://github.com/gravitational/teleport-plugins";
license = licenses.asl20;
maintainers = with maintainers; [ justinas ];

10
pkgs/applications/networking/cluster/terraform-providers/update-all-providers
View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p jq
#! nix-shell -I nixpkgs=../../../../.. -i bash -p jq
# shellcheck shell=bash
# Update all providers which have specified provider source address
@ -14,9 +14,9 @@ providers=$(
)
echo "Will update providers:"
echo "$providers"
echo "${providers}"
for provider in $providers; do
echo "Updating $provider"
./update-provider "$provider"
for provider in ${providers}; do
echo "Updating ${provider}"
./update-provider "${provider}"
done

95
pkgs/applications/networking/cluster/terraform-providers/update-provider
View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#! nix-shell -I nixpkgs=../../../../.. -i bash -p coreutils curl jq moreutils nix
#! nix-shell -I nixpkgs=../../../../.. -i bash -p coreutils curl jq moreutils nix nix-prefetch
# shellcheck shell=bash
# vim: ft=sh
#
@ -7,6 +7,7 @@
# provider source address.
#
set -euo pipefail
shopt -s inherit_errexit
show_usage() {
cat <<DOC
@ -57,36 +58,37 @@ while [[ $# -gt 0 ]]; do
shift 2
;;
*)
if [[ -n "$provider" ]]; then
echo "ERROR: provider name was passed two times: '$provider' and '$1'"
if [[ -n ${provider} ]]; then
echo "ERROR: provider name was passed two times: '${provider}' and '$1'"
echo "Use --help for more info"
exit 1
fi
provider=$1
shift
;;
esac
done
if [[ -z "$provider" ]]; then
if [[ -z ${provider} ]]; then
echo "ERROR: No providers specified!"
echo
show_usage
exit 1
fi
provider_name=$(basename "$provider")
provider_name=$(basename "${provider}")
# Usage: read_attr <key>
read_attr() {
jq -r ".\"$provider_name\".\"$1\"" providers.json
jq -r ".\"${provider_name}\".\"$1\"" providers.json
}
# Usage: update_attr <key> <value>
update_attr() {
if [[ "$2" == "null" ]]; then
jq -S ".\"$provider_name\".\"$1\" = null" providers.json | sponge providers.json
if [[ $2 == "null" ]]; then
jq -S ".\"${provider_name}\".\"$1\" = null" providers.json | sponge providers.json
else
jq -S ".\"$provider_name\".\"$1\" = \"$2\"" providers.json | sponge providers.json
jq -S ".\"${provider_name}\".\"$1\" = \"$2\"" providers.json | sponge providers.json
fi
}
@ -96,23 +98,23 @@ prefetch_github() {
local owner=$1
local repo=$2
local rev=$3
nix-prefetch-url --unpack "https://github.com/$owner/$repo/archive/$rev.tar.gz"
nix-prefetch-url --unpack "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"
}
old_source_address="$(read_attr provider-source-address)"
old_vendor_sha256=$(read_attr vendorSha256)
old_version=$(read_attr version)
if [[ $provider =~ ^[^/]+/[^/]+$ ]]; then
source_address=registry.terraform.io/$provider
if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
source_address=registry.terraform.io/${provider}
else
source_address=$old_source_address
source_address=${old_source_address}
fi
if [[ "$source_address" == "null" ]]; then
echo "Could not find the source address for provider: $provider"
if [[ ${source_address} == "null" ]]; then
echo "Could not find the source address for provider: ${provider}"
exit 1
fi
update_attr "provider-source-address" "$source_address"
update_attr "provider-source-address" "${source_address}"
# The provider source address (used inside Terraform `required_providers` block) is
# used to compute the registry API endpoint
@ -122,58 +124,43 @@ update_attr "provider-source-address" "$source_address"
# registry.terraform.io/v1/providers/hashicorp/aws (provider URL for the JSON API)
registry_response=$(curl -s https://"${source_address/\///v1/providers/}")
version="$(jq -r '.version' <<< "$registry_response")"
if [[ "$old_version" = "$version" && "$force" != 1 && -z "$vendorSha256" && "$old_vendor_sha256" != "$vendorSha256" ]]; then
echo "$provider_name is already at version $version"
version="$(jq -r '.version' <<<"${registry_response}")"
if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then
echo "${provider_name} is already at version ${version}"
exit
fi
update_attr version "$version"
update_attr version "${version}"
provider_source_url="$(jq -r '.source' <<< "$registry_response")"
provider_source_url="$(jq -r '.source' <<<"${registry_response}")"
org="$(echo "$provider_source_url" | cut -d '/' -f 4)"
update_attr owner "$org"
repo="$(echo "$provider_source_url" | cut -d '/' -f 5)"
update_attr repo "$repo"
rev="$(jq -r '.tag' <<< "$registry_response")"
update_attr rev "$rev"
sha256=$(prefetch_github "$org" "$repo" "$rev")
update_attr sha256 "$sha256"
org="$(echo "${provider_source_url}" | cut -d '/' -f 4)"
update_attr owner "${org}"
repo="$(echo "${provider_source_url}" | cut -d '/' -f 5)"
update_attr repo "${repo}"
rev="$(jq -r '.tag' <<<"${registry_response}")"
update_attr rev "${rev}"
sha256=$(prefetch_github "${org}" "${repo}" "${rev}")
update_attr sha256 "${sha256}"
repo_root=$(git rev-parse --show-toplevel)
if [[ -z "$vendorSha256" ]]; then
if [[ "$old_vendor_sha256" == null ]]; then
if [[ -z ${vendorSha256} ]]; then
if [[ ${old_vendor_sha256} == null ]]; then
vendorSha256=null
elif [[ -n "$old_vendor_sha256" || "$vendor" = 1 ]]; then
elif [[ -n ${old_vendor_sha256} || ${vendor} == 1 ]]; then
echo "=== Calculating vendorSha256 ==="
update_attr vendorSha256 "0000000000000000000000000000000000000000000000000000000000000000"
# Hackish way to find out the desired sha256. First build, then extract the
# error message from the logs.
set +e
nix-build --no-out-link "$repo_root" -A "terraform-providers.$provider_name.go-modules" 2>vendor_log.txt
set -e
logs=$(< vendor_log.txt)
if ! [[ $logs =~ got:\ +([^\ ]+) ]]; then
echo "ERROR: could not find new hash in output:"
cat vendor_log.txt
rm -f vendor_log.txt
exit 1
fi
rm -f vendor_log.txt
# trim the results in case it they have a sha256: prefix or contain more than one line
vendorSha256=$(echo "${BASH_REMATCH[1]#sha256:}" | head -n 1)
vendorSha256=$(nix-prefetch "{ sha256 }: (import ../../../../.. {}).terraform-providers.${provider_name}.go-modules.overrideAttrs (_: { vendorSha256 = sha256; })")
# Deal with nix unstable
if [[ $vendorSha256 = sha256-* ]]; then
vendorSha256=$(nix --extra-experimental-features nix-command hash to-base32 "$vendorSha256")
if [[ ${vendorSha256} == sha256-* ]]; then
vendorSha256=$(nix --extra-experimental-features nix-command hash to-base32 "${vendorSha256}")
fi
fi
fi
if [[ -n "$vendorSha256" ]]; then
update_attr vendorSha256 "$vendorSha256"
if [[ -n ${vendorSha256} ]]; then
update_attr vendorSha256 "${vendorSha256}"
fi
# Check that the provider builds
echo "=== Building terraform-providers.$provider_name ==="
nix-build "$repo_root" -A "terraform-providers.$provider_name"
echo "=== Building terraform-providers.${provider_name} ==="
nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider_name}"

Some files were not shown because too many files have changed in this diff Show more