b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
Frederik Rietdijk 2020-11-09 14:49:10 +01:00
parent b5ca1a1731 20f001c01e
commit 8aaf2e60e5
419 changed files with 10814 additions and 9939 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/CODEOWNERS vendored
View file

@ -206,6 +206,12 @@
/nixos/tests/cri-o.nix @NixOS/podman @zowoq
/nixos/tests/podman.nix @NixOS/podman @zowoq
# Docker tools
/pkgs/build-support/docker @roberth @utdemir
/nixos/tests/docker-tools-overlay.nix @roberth
/nixos/tests/docker-tools.nix @roberth
/doc/builders/images/dockertools.xml @roberth
# Blockchains
/pkgs/applications/blockchains @mmahut

2
README.md
View file

@ -8,7 +8,7 @@
</p>
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
40,000 software packages that can be installed with the
60,000 software packages that can be installed with the
[Nix](https://nixos.org/nix/) package manager. It also implements
[NixOS](https://nixos.org/nixos/), a purely-functional Linux distribution.

18
doc/languages-frameworks/java.xml
View file

@ -32,7 +32,7 @@ nativeBuildInputs = [ jdk ];
</para>
<para>
If your Java package provides a program, you need to generate a wrapper script to run it using the OpenJRE. You can use <literal>makeWrapper</literal> for this:
If your Java package provides a program, you need to generate a wrapper script to run it using a JRE. You can use <literal>makeWrapper</literal> for this:
<programlisting>
nativeBuildInputs = [ makeWrapper ];
@ -43,7 +43,21 @@ installPhase =
--add-flags "-cp $out/share/java/foo.jar org.foo.Main"
'';
</programlisting>
Note the use of <literal>jre</literal>, which is the part of the OpenJDK package that contains the Java Runtime Environment. By using <literal>${jre}/bin/java</literal> instead of <literal>${jdk}/bin/java</literal>, you prevent your package from depending on the JDK at runtime.
Since the introduction of the Java Platform Module System in Java 9, Java distributions typically no longer ship with a general-purpose JRE: instead, they allow generating a JRE with only the modules required for your application(s). Because we can't predict what modules will be needed on a general-purpose system, the default <package>jre</package> package is the full JDK. When building a minimal system/image, you can override the <literal>modules</literal> parameter on <literal>jre_minimal</literal> to build a JRE with only the modules relevant for you:
<programlisting>
let
my_jre = pkgs.jre_minimal.override {
modules = [
# The modules used by 'something' and 'other' combined:
"java.base"
"java.logging"
];
};
something = (pkgs.something.override { jre = my_jre; });
other = (pkgs.other.override { jre = my_jre; });
in
...
</programlisting>
</para>
<para>

46
doc/languages-frameworks/rust.section.md
View file

@ -16,9 +16,9 @@ cargo
into the `environment.systemPackages` or bring them into
scope with `nix-shell -p rustc cargo`.
For daily builds (beta and nightly) use either rustup from
nixpkgs or use the [Rust nightlies
overlay](#using-the-rust-nightlies-overlay).
For other versions such as daily builds (beta and nightly),
use either `rustup` from nixpkgs (which will manage the rust installation in your home directory),
or use Mozilla's [Rust nightlies overlay](#using-the-rust-nightlies-overlay).
## Compiling Rust applications with Cargo
@ -478,8 +478,15 @@ Mozilla provides an overlay for nixpkgs to bring a nightly version of Rust into
This overlay can _also_ be used to install recent unstable or stable versions
of Rust, if desired.
To use this overlay, clone
[nixpkgs-mozilla](https://github.com/mozilla/nixpkgs-mozilla),
### Rust overlay installation
You can use this overlay by either changing your local nixpkgs configuration,
or by adding the overlay declaratively in a nix expression, e.g. in `configuration.nix`.
For more information see [#sec-overlays-install](the manual on installing overlays).
#### Imperative rust overlay installation
Clone [nixpkgs-mozilla](https://github.com/mozilla/nixpkgs-mozilla),
and create a symbolic link to the file
[rust-overlay.nix](https://github.com/mozilla/nixpkgs-mozilla/blob/master/rust-overlay.nix)
in the `~/.config/nixpkgs/overlays` directory.
@ -488,7 +495,34 @@ in the `~/.config/nixpkgs/overlays` directory.
$ mkdir -p ~/.config/nixpkgs/overlays
$ ln -s $(pwd)/nixpkgs-mozilla/rust-overlay.nix ~/.config/nixpkgs/overlays/rust-overlay.nix
The latest version can be installed with the following command:
### Declarative rust overlay installation
Add the following to your `configuration.nix`, `home-configuration.nix`, `shell.nix`, or similar:
```
nixpkgs = {
overlays = [
(import (builtins.fetchTarball https://github.com/mozilla/nixpkgs-mozilla/archive/master.tar.gz))
# Further overlays go here
];
};
```
Note that this will fetch the latest overlay version when rebuilding your system.
### Rust overlay usage
The overlay contains attribute sets corresponding to different versions of the rust toolchain, such as:
* `latest.rustChannels.stable`
* `latest.rustChannels.nightly`
* a function `rustChannelOf`, called as `(rustChannelOf { date = "2018-04-11"; channel = "nightly"; })`, or...
* `(nixpkgs.rustChannelOf { rustToolchain = ./rust-toolchain; })` if you have a local `rust-toolchain` file (see https://github.com/mozilla/nixpkgs-mozilla#using-in-nix-expressions for an example)
Each of these contain packages such as `rust`, which contains your usual rust development tools with the respective toolchain chosen.
For example, you might want to add `latest.rustChannels.stable.rust` to the list of packages in your configuration.
Imperatively, the latest stable version can be installed with the following command:
$ nix-env -Ai nixos.latest.rustChannels.stable.rust

54
maintainers/maintainer-list.nix
View file

@ -514,6 +514,12 @@
githubId = 69135;
name = "Andrea Bedini";
};
andreasfelix = {
email = "fandreas@physik.hu-berlin.de";
github = "andreasfelix";
githubId = 24651767;
name = "Felix Andreas";
};
andres = {
email = "ksnixos@andres-loeh.de";
github = "kosmikus";
@ -3487,6 +3493,12 @@
email = "t@larkery.com";
name = "Tom Hinton";
};
hjones2199 = {
email = "hjones2199@gmail.com";
github = "hjones2199";
githubId = 5525217;
name = "Hunter Jones";
};
hkjn = {
email = "me@hkjn.me";
name = "Henrik Jonsson";
@ -4007,6 +4019,12 @@
githubId = 2502736;
name = "James Hillyerd";
};
jiehong = {
email = "nixos@majiehong.com";
github = "Jiehong";
githubId = 1061229;
name = "Jiehong Ma";
};
jirkamarsik = {
email = "jiri.marsik89@gmail.com";
github = "jirkamarsik";
@ -4278,6 +4296,12 @@
githubId = 16374374;
name = "Joshua Campbell";
};
jshholland = {
email = "josh@inv.alid.pw";
github = "jshholland";
githubId = 107689;
name = "Josh Holland";
};
jtcoolen = {
email = "jtcoolen@pm.me";
name = "Julien Coolen";
@ -4816,6 +4840,12 @@
githubId = 20250323;
name = "Lucio Delelis";
};
ldenefle = {
email = "ldenefle@gmail.com";
github = "ldenefle";
githubId = 20558127;
name = "Lucas Denefle";
};
ldesgoui = {
email = "ldesgoui@gmail.com";
github = "ldesgoui";
@ -5268,6 +5298,12 @@
githubId = 1238350;
name = "Matthias Herrmann";
};
majesticmullet = {
email = "hoccthomas@gmail.com.au";
github = "MajesticMullet";
githubId = 31056089;
name = "Tom Ho";
};
makefu = {
email = "makefu@syntax-fehler.de";
github = "makefu";
@ -5520,6 +5556,12 @@
fingerprint = "D709 03C8 0BE9 ACDC 14F0 3BFB 77BF E531 397E DE94";
}];
};
meatcar = {
email = "nixpkgs@denys.me";
github = "meatcar";
githubId = 191622;
name = "Denys Pavlov";
};
meditans = {
email = "meditans@gmail.com";
github = "meditans";
@ -6439,6 +6481,12 @@
githubId = 167209;
name = "Masanori Ogino";
};
omgbebebe = {
email = "omgbebebe@gmail.com";
github = "omgbebebe";
githubId = 588167;
name = "Sergey Bubnov";
};
omnipotententity = {
email = "omnipotententity@gmail.com";
github = "omnipotententity";
@ -7065,6 +7113,12 @@
fingerprint = "7573 56D7 79BB B888 773E 415E 736C CDF9 EF51 BD97";
}];
};
r-burns = {
email = "rtburns@protonmail.com";
github = "r-burns";
githubId = 52847440;
name = "Ryan Burns";
};
raboof = {
email = "arnout@bzzt.net";
github = "raboof";

98
nixos/doc/manual/administration/service-mgmt.xml
View file

@ -6,7 +6,7 @@
<title>Service Management</title>
<para>
In NixOS, all system services are started and monitored using the systemd
program. Systemd is the “init” process of the system (i.e. PID 1), the
program. systemd is the “init” process of the system (i.e. PID 1), the
parent of all other processes. It manages a set of so-called “units”,
which can be things like system services (programs), but also mount points,
swap files, devices, targets (groups of units) and more. Units can have
@ -16,10 +16,17 @@
dependencies of this unit cause all system services to be started, file
systems to be mounted, swap files to be activated, and so on.
</para>
<para>
The command <command>systemctl</command> is the main way to interact with
<command>systemd</command>. Without any arguments, it shows the status of
active units:
<section xml:id="sect-nixos-systemd-general">
<title>Interacting with a running systemd</title>
<para>
The command <command>systemctl</command> is the main way to interact with
<command>systemd</command>. The following paragraphs demonstrate ways to
interact with any OS running systemd as init system. NixOS is of no
exception. The <link xlink:href="#sect-nixos-systemd-nixos">next section
</link> explains NixOS specific things worth knowing.
</para>
<para>
Without any arguments, <literal>systmctl</literal> the status of active units:
<screen>
<prompt>$ </prompt>systemctl
-.mount loaded active mounted /
@ -28,10 +35,10 @@ sshd.service loaded active running SSH Daemon
graphical.target loaded active active Graphical Interface
<replaceable>...</replaceable>
</screen>
</para>
<para>
You can ask for detailed status information about a unit, for instance, the
PostgreSQL database service:
</para>
<para>
You can ask for detailed status information about a unit, for instance, the
PostgreSQL database service:
<screen>
<prompt>$ </prompt>systemctl status postgresql.service
postgresql.service - PostgreSQL Server
@ -62,11 +69,72 @@ Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
<prompt># </prompt>systemctl start postgresql.service
<prompt># </prompt>systemctl restart postgresql.service
</screen>
These operations are synchronous: they wait until the service has finished
starting or stopping (or has failed). Starting a unit will cause the
dependencies of that unit to be started as well (if necessary).
</para>
<!-- - cgroups: each service and user session is a cgroup
These operations are synchronous: they wait until the service has finished
starting or stopping (or has failed). Starting a unit will cause the
dependencies of that unit to be started as well (if necessary).
</para>
<!-- TODO: document cgroups, draft:
each service and user session is a cgroup
- cgroup resource management -->
- cgroup resource management -->
</section>
<section xml:id="sect-nixos-systemd-nixos">
<title>systemd in NixOS</title>
<para>
Packages in Nixpkgs sometimes provide systemd units with them, usually in
e.g <literal>#pkg-out#/lib/systemd/</literal>. Putting such a package in
<literal>environment.systemPackages</literal> doesn't make the service
available to users or the system.
</para>
<para>
In order to enable a systemd <emphasis>system</emphasis> service with
provided upstream package, use (e.g):
<programlisting>
<xref linkend="opt-systemd.packages"/> = [ pkgs.packagekit ];
</programlisting>
</para>
<para>
Usually NixOS modules written by the community do the above, plus take care of
other details. If a module was written for a service you are interested in,
you'd probably need only to use
<literal>services.#name#.enable = true;</literal>. These services are defined
in Nixpkgs'
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules">
<literal>nixos/modules/</literal> directory </link>. In case the service is
simple enough, the above method should work, and start the service on boot.
</para>
<para>
<emphasis>User</emphasis> systemd services on the other hand, should be
treated differently. Given a package that has a systemd unit file at
<literal>#pkg-out#/lib/systemd/user/</literal>, using
<xref linkend="opt-systemd.packages"/> will make you able to start the service via
<literal>systemctl --user start</literal>, but it won't start automatically on login.
<!-- TODO: Document why systemd.packages doesn't work for user services or fix this.
https://github.com/NixOS/nixpkgs/blob/2cd6594a8710a801038af2b72348658f732ce84a/nixos/modules/system/boot/systemd-lib.nix#L177-L198
This has been talked over at https://discourse.nixos.org/t/how-to-enable-upstream-systemd-user-services-declaratively/7649/5
-->
However, You can imperatively enable it by adding the package's attribute to
<link linkend="opt-environment.systemPackages">
<literal>systemd.packages</literal></link> and then do this (e.g):
<screen>
<prompt>$ </prompt>mkdir -p ~/.config/systemd/user/default.target.wants
<prompt>$ </prompt>ln -s /run/current-system/sw/lib/systemd/user/syncthing.service ~/.config/systemd/user/default.target.wants/
<prompt>$ </prompt>systemctl --user daemon-reload
<prompt>$ </prompt>systemctl --user enable syncthing.service
</screen>
If you are interested in a timer file, use <literal>timers.target.wants</literal>
instead of <literal>default.target.wants</literal> in the 1st and 2nd command.
</para>
<para>
Using <literal>systemctl --user enable syncthing.service</literal> instead of
the above, will work, but it'll use the absolute path of
<literal>syncthing.service</literal> for the symlink, and this path is in
<literal>/nix/store/.../lib/systemd/user/</literal>. Hence
<link xlink:href="#sec-nix-gc">garbage collection</link> will remove that file
and you will wind up with a broken symlink in your systemd configuration, which
in turn will not make the service / timer start on login.
</para>
</section>
</chapter>

13
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -879,12 +879,23 @@ php.override {
<listitem>
<para>
Nginx web server now starting with additional sandbox/hardening options. By default, write access
to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders,
to <literal>/var/log/nginx</literal> and <literal>/var/cache/nginx</literal> is allowed. To allow writing to other folders,
use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal>
<programlisting>
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
</programlisting>
</para>
<para>
Nginx is also started with the systemd option <literal>ProtectHome = mkDefault true;</literal>
which forbids it to read anything from <literal>/home</literal>, <literal>/root</literal>
and <literal>/run/user</literal> (see
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=">ProtectHome docs</link>
for details).
If you require serving files from home directories, you may choose to set e.g.
<programlisting>
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
</programlisting>
</para>
</listitem>
<listitem>
<para>

68
nixos/doc/manual/release-notes/rl-2103.xml
View file

@ -139,6 +139,13 @@
<package>stanchion</package> package removed along with <varname>services.stanchion</varname> module.
</para>
</listitem>
<listitem>
<para>
<package>mutt</package> has been updated to a new major version (2.x), which comes with
some backward incompatible changes that are described in the
<link xlink:href="http://www.mutt.org/relnotes/2.0/">release notes for Mutt 2.0</link>.
</para>
</listitem>
</itemizedlist>
</section>
@ -162,6 +169,11 @@
to <package>nextcloud20</package>.
</para>
</listitem>
<listitem>
<para>
The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces.
</para>
</listitem>
<listitem>
<para>
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
@ -170,6 +182,62 @@
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
</para>
</listitem>
<listitem>
<para>
The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues.
</para>
<para>
It is now possible to enable a local UNIX control socket for unbound by setting the <xref linkend="opt-services.unbound.localControlSocketPath" />
option.
</para>
<para>
Previously we just applied a very minimal set of restrictions and
trusted unbound to properly drop root privs and capabilities.
</para>
<para>
As of this we are (for the most part) just using the upstream
example unit file for unbound. The main difference is that we start
unbound as <literal>unbound</literal> user with the required capabilities instead of
letting unbound do the chroot &amp; uid/gid changes.
</para>
<para>
The upstream unit configuration this is based on is a lot stricter with
all kinds of permissions then our previous variant. It also came with
the default of having the <literal>Type</literal> set to <literal>notify</literal>, therefore we are now also
using the <literal>unbound-with-systemd</literal> package here. Unbound will start up,
read the configuration files and start listening on the configured ports
before systemd will declare the unit <literal>active (running)</literal>.
This will likely help with startup order and the occasional race condition during system
activation where the DNS service is started but not yet ready to answer
queries. Services depending on <literal>nss-lookup.target</literal> or <literal>unbound.service</literal>
are now be able to use unbound when those targets have been reached.
</para>
<para>
Aditionally to the much stricter runtime environmet the
<literal>/dev/urandom</literal> mount lines we previously had in the code (that would
randomly failed during the stop-phase) have been removed as systemd will take care of those for us.
</para>
<para>
The <literal>preStart</literal> script is now only required if we enabled the trust
anchor updates (which are still enabled by default).
</para>
<para>
Another benefit of the refactoring is that we can now issue reloads via
either <literal>pkill -HUP unbound</literal> and <literal>systemctl reload unbound</literal> to reload the
running configuration without taking the daemon offline. A prerequisite
of this was that unbound configuration is available on a well known path
on the file system. We are using the path <literal>/etc/unbound/unbound.conf</literal> as that is the
default in the CLI tooling which in turn enables us to use
<literal>unbound-control</literal> without passing a custom configuration location.
</para>
</listitem>
</itemizedlist>
</section>
</section>

1
nixos/modules/module-list.nix
View file

@ -680,6 +680,7 @@
./services/networking/murmur.nix
./services/networking/mxisd.nix
./services/networking/namecoind.nix
./services/networking/nar-serve.nix
./services/networking/nat.nix
./services/networking/ndppd.nix
./services/networking/networkmanager.nix

9
nixos/modules/services/databases/redis.nix
View file

@ -87,9 +87,12 @@ in
bind = mkOption {
type = with types; nullOr str;
default = null; # All interfaces
description = "The IP interface to bind to.";
example = "127.0.0.1";
default = "127.0.0.1";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
'';
example = "192.0.2.1";
};
unixSocket = mkOption {

2
nixos/modules/services/hardware/bluetooth.nix
View file

@ -87,6 +87,8 @@ in {
bluetooth = {
wantedBy = [ "bluetooth.target" ];
aliases = [ "dbus-org.bluez.service" ];
# restarting can leave people without a mouse/keyboard
unitConfig.X-RestartIfChanged = false;
};
};

5
nixos/modules/services/mail/roundcube.nix
View file

@ -204,6 +204,11 @@ in
};
systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ];
# Restart on config changes.
systemd.services.phpfpm-roundcube.restartTriggers = [
config.environment.etc."roundcube/config.inc.php".source
];
systemd.services.roundcube-setup = mkMerge [
(mkIf (cfg.database.host == "localhost") {
requires = [ "postgresql.service" ];

2
nixos/modules/services/misc/octoprint.nix
View file

@ -68,7 +68,7 @@ in
plugins = mkOption {
default = plugins: [];
defaultText = "plugins: []";
example = literalExample "plugins: with plugins; [ m33-fio stlviewer ]";
example = literalExample "plugins: with plugins; [ themeify stlviewer ]";
description = "Additional plugins to be used. Available plugins are passed through the plugins input.";
};

9
nixos/modules/services/monitoring/prometheus/exporters.nix
View file

@ -45,6 +45,7 @@ let
"rspamd"
"rtl_433"
"snmp"
"sql"
"surfboard"
"tor"
"unifi"
@ -218,6 +219,14 @@ in
Please specify either 'services.prometheus.exporters.mail.configuration'
or 'services.prometheus.exporters.mail.configFile'.
'';
} {
assertion = cfg.sql.enable -> (
(cfg.sql.configFile == null) != (cfg.sql.configuration == null)
);
message = ''
Please specify either 'services.prometheus.exporters.sql.configuration' or
'services.prometheus.exporters.sql.configFile'
'';
} ];
}] ++ [(mkIf config.services.minio.enable {
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";

104
nixos/modules/services/monitoring/prometheus/exporters/sql.nix Normal file
View file

@ -0,0 +1,104 @@
{ config, lib, pkgs, options }:
with lib;
let
cfg = config.services.prometheus.exporters.sql;
cfgOptions = {
options = with types; {
jobs = mkOption {
type = attrsOf (submodule jobOptions);
default = { };
description = "An attrset of metrics scraping jobs to run.";
};
};
};
jobOptions = {
options = with types; {
interval = mkOption {
type = str;
description = ''
How often to run this job, specified in
<link xlink:href="https://golang.org/pkg/time/#ParseDuration">Go duration</link> format.
'';
};
connections = mkOption {
type = listOf str;
description = "A list of connection strings of the SQL servers to scrape metrics from";
};
startupSql = mkOption {
type = listOf str;
default = [];
description = "A list of SQL statements to execute once after making a connection.";
};
queries = mkOption {
type = attrsOf (submodule queryOptions);
description = "SQL queries to run.";
};
};
};
queryOptions = {
options = with types; {
help = mkOption {
type = nullOr str;
default = null;
description = "A human-readable description of this metric.";
};
labels = mkOption {
type = listOf str;
default = [ ];
description = "A set of columns that will be used as Prometheus labels.";
};
query = mkOption {
type = str;
description = "The SQL query to run.";
};
values = mkOption {
type = listOf str;
description = "A set of columns that will be used as values of this metric.";
};
};
};
configFile =
if cfg.configFile != null
then cfg.configFile
else
let
nameInline = mapAttrsToList (k: v: v // { name = k; });
renameStartupSql = j: removeAttrs (j // { startup_sql = j.startupSql; }) [ "startupSql" ];
configuration = {
jobs = map renameStartupSql
(nameInline (mapAttrs (k: v: (v // { queries = nameInline v.queries; })) cfg.configuration.jobs));
};
in
builtins.toFile "config.yaml" (builtins.toJSON configuration);
in
{
extraOpts = {
configFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Path to configuration file.
'';
};
configuration = mkOption {
type = with types; nullOr (submodule cfgOptions);
default = null;
description = ''
Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.
'';
};
};
port = 9237;
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-sql-exporter}/bin/sql_exporter \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-config.file ${configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

55
nixos/modules/services/networking/nar-serve.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.nar-serve;
in
{
meta = {
maintainers = [ maintainers.rizary ];
};
options = {
services.nar-serve = {
enable = mkEnableOption "Serve NAR file contents via HTTP";
port = mkOption {
type = types.int;
default = 8383;
description = ''
Port number where nar-serve will listen on.
'';
};
cacheURL = mkOption {
type = types.str;
default = "https://cache.nixos.org/";
description = ''
Binary cache URL to connect to.
The URL format is compatible with the nix remote url style, such as:
- http://, https:// for binary caches via HTTP or HTTPS
- s3:// for binary caches stored in Amazon S3
- gs:// for binary caches stored in Google Cloud Storage
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.nar-serve = {
description = "NAR server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.PORT = toString cfg.port;
environment.NAR_CACHE_URL = cfg.cacheURL;
serviceConfig = {
Restart = "always";
RestartSec = "5s";
ExecStart = "${pkgs.nar-serve}/bin/nar-serve";
DynamicUser = true;
};
};
};
}

26
nixos/modules/services/networking/tailscale.nix
View file

@ -18,30 +18,10 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.tailscale ]; # for the CLI
systemd.services.tailscale = {
description = "Tailscale client daemon";
after = [ "network-pre.target" ];
wants = [ "network-pre.target" ];
systemd.packages = [ pkgs.tailscale ];
systemd.services.tailscaled = {
wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 0;
serviceConfig = {
ExecStart =
"${pkgs.tailscale}/bin/tailscaled --port ${toString cfg.port}";
RuntimeDirectory = "tailscale";
RuntimeDirectoryMode = 755;
StateDirectory = "tailscale";
StateDirectoryMode = 750;
CacheDirectory = "tailscale";
CacheDirectoryMode = 750;
Restart = "on-failure";
};
serviceConfig.Environment = "PORT=${toString cfg.port}";
};
};
}

139
nixos/modules/services/networking/unbound.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.unbound;
stateDir = "/var/lib/unbound";
@ -17,12 +15,12 @@ let
forward =
optionalString (any isLocalAddress cfg.forwardAddresses) ''
do-not-query-localhost: no
'' +
optionalString (cfg.forwardAddresses != []) ''
''
+ optionalString (cfg.forwardAddresses != []) ''
forward-zone:
name: .
'' +
concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
''
+ concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
rootTrustAnchorFile = "${stateDir}/root.key";
@ -31,19 +29,25 @@ let
confFile = pkgs.writeText "unbound.conf" ''
server:
ip-freebind: yes
directory: "${stateDir}"
username: unbound
chroot: "${stateDir}"
chroot: ""
pidfile: ""
# when running under systemd there is no need to daemonize
do-daemonize: no
${interfaces}
${access}
${trustAnchor}
${lib.optionalString (cfg.localControlSocketPath != null) ''
remote-control:
control-enable: yes
control-interface: ${cfg.localControlSocketPath}
''}
${cfg.extraConfig}
${forward}
'';
in
{
###### interface
@ -55,8 +59,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.unbound;
defaultText = "pkgs.unbound";
default = pkgs.unbound-with-systemd;
defaultText = "pkgs.unbound-with-systemd";
description = "The unbound package to use";
};
@ -69,11 +73,14 @@ in
interfaces = mkOption {
default = [ "127.0.0.1" ] ++ optional config.networking.enableIPv6 "::1";
type = types.listOf types.str;
description = "What addresses the server should listen on.";
description = ''
What addresses the server should listen on. This supports the interface syntax documented in
<citerefentry><refentrytitle>unbound.conf</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
'';
};
forwardAddresses = mkOption {
default = [ ];
default = [];
type = types.listOf types.str;
description = "What servers to forward queries to.";
};
@ -84,6 +91,28 @@ in
description = "Use and update root trust anchor for DNSSEC validation.";
};
localControlSocketPath = mkOption {
default = null;
# FIXME: What is the proper type here so users can specify strings,
# paths and null?
# My guess would be `types.nullOr (types.either types.str types.path)`
# but I haven't verified yet.
type = types.nullOr types.str;
example = "/run/unbound/unbound.ctl";
description = ''
When not set to <literal>null</literal> this option defines the path
at which the unbound remote control socket should be created at. The
socket will be owned by the unbound user (<literal>unbound</literal>)
and group will be <literal>nogroup</literal>.
Users that should be permitted to access the socket must be in the
<literal>unbound</literal> group.
If this option is <literal>null</literal> remote control will not be
configured at all. Unbounds default values apply.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
@ -106,43 +135,85 @@ in
users.users.unbound = {
description = "unbound daemon user";
isSystemUser = true;
group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
};
# We need a group so that we can give users access to the configured
# control socket. Unbound allows access to the socket only to the unbound
# user and the primary group.
users.groups = lib.mkIf (cfg.localControlSocketPath != null) {
unbound = {};
};
networking.resolvconf.useLocalResolver = mkDefault true;
environment.etc."unbound/unbound.conf".source = confFile;
systemd.services.unbound = {
description = "Unbound recursive Domain Name Server";
after = [ "network.target" ];
before = [ "nss-lookup.target" ];
wants = [ "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" "nss-lookup.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}/dev/
cp ${confFile} ${stateDir}/unbound.conf
${optionalString cfg.enableRootTrustAnchor ''
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
chown unbound ${stateDir} ${rootTrustAnchorFile}
''}
touch ${stateDir}/dev/random
${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random
preStart = lib.mkIf cfg.enableRootTrustAnchor ''
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/unbound -d -c ${stateDir}/unbound.conf";
ExecStopPost="${pkgs.utillinux}/bin/umount ${stateDir}/dev/random";
restartTriggers = [
confFile
];
ProtectSystem = true;
ProtectHome = true;
serviceConfig = {
ExecStart = "${cfg.package}/bin/unbound -p -d -c /etc/unbound/unbound.conf";
ExecReload = "+/run/current-system/sw/bin/kill -HUP $MAINPID";
NotifyAccess = "main";
Type = "notify";
# FIXME: Which of these do we actualy need, can we drop the chroot flag?
AmbientCapabilities = [
"CAP_NET_BIND_SERVICE"
"CAP_NET_RAW"
"CAP_SETGID"
"CAP_SETUID"
"CAP_SYS_CHROOT"
"CAP_SYS_RESOURCE"
];
User = "unbound";
Group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
Restart = "always";
RestartSec = "5s";
PrivateTmp = true;
ProtectHome = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectSystem = "strict";
RuntimeDirectory = "unbound";
ConfigurationDirectory = "unbound";
StateDirectory = "unbound";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"~@clock"
"@cpu-emulation"
"@debug"
"@keyring"
"@module"
"mount"
"@obsolete"
"@resources"
];
RestrictNamespaces = true;
LockPersonality = true;
RestrictSUIDSGID = true;
};
};
# If networkmanager is enabled, ask it to interface with unbound.
networking.networkmanager.dns = "unbound";
};
}

2
nixos/modules/services/torrent/transmission.nix
View file

@ -236,6 +236,7 @@ in
# an AppArmor profile is provided to get a confinement based upon paths and rights.
builtins.storeDir
"/etc"
"/run"
] ++
optional (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "")
@ -408,6 +409,7 @@ in
#r @{PROC}/@{pid}/environ,
r @{PROC}/@{pid}/mounts,
rwk /tmp/tr_session_id_*,
r /run/systemd/resolve/stub-resolv.conf,
r ${pkgs.openssl.out}/etc/**,
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},

2
nixos/modules/system/boot/kernel.nix
View file

@ -227,7 +227,7 @@ in
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj"
"hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft"
] ++ optionals (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) [
# Misc. x86 keyboard stuff.

2
nixos/modules/system/boot/luksroot.nix
View file

@ -404,7 +404,7 @@ let
echo "Please move your mouse to create needed randomness."
''}
echo "Waiting for your FIDO2 device..."
fido2luks -i open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
fido2luks open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
if [ $? -ne 0 ]; then
echo "No FIDO2 key found, falling back to normal open procedure"
open_normally

2
nixos/modules/system/boot/pbkdf2-sha512.c
View file

@ -35,4 +35,4 @@ int main(int argc, char** argv)
fwrite(key, 1, key_length, stdout);
return 0;
}
}

2
nixos/modules/system/boot/plymouth.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.boot.plymouth;
nixosBreezePlymouth = pkgs.breeze-plymouth.override {
nixosBreezePlymouth = pkgs.plasma5.breeze-plymouth.override {
logoFile = cfg.logo;
logoName = "nixos";
osName = "NixOS";

2
nixos/modules/system/boot/resolved.nix
View file

@ -136,7 +136,7 @@ in
}
];
users.users.resolved.group = "systemd-resolve";
users.users.systemd-resolve.group = "systemd-resolve";
# add resolve to nss hosts database if enabled and nscd enabled
# system.nssModules is configured in nixos/modules/system/boot/systemd.nix

36
nixos/modules/virtualisation/ec2-amis.nix
View file

@ -329,24 +329,24 @@ let self = {
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
# 20.09.1465.9a0b14b097d
"20.09".eu-west-1.hvm-ebs = "ami-0d90f16418e3c364c";
"20.09".eu-west-2.hvm-ebs = "ami-0635ec0780ea57cfe";
"20.09".eu-west-3.hvm-ebs = "ami-0714e94352f2eabb9";
"20.09".eu-central-1.hvm-ebs = "ami-0979d39762a4d2a02";
"20.09".eu-north-1.hvm-ebs = "ami-0b14e273185c66e9b";
"20.09".us-east-1.hvm-ebs = "ami-0f8b063ac3f2d9645";
"20.09".us-east-2.hvm-ebs = "ami-0959202a0393fdd0c";
"20.09".us-west-1.hvm-ebs = "ami-096d50833b785478b";
"20.09".us-west-2.hvm-ebs = "ami-0fc31031df0df6104";
"20.09".ca-central-1.hvm-ebs = "ami-0787786a38cde3905";
"20.09".ap-southeast-1.hvm-ebs = "ami-0b3f693d3a2a0b9ae";
"20.09".ap-southeast-2.hvm-ebs = "ami-02471872bc876b610";
"20.09".ap-northeast-1.hvm-ebs = "ami-06505fd2bf44a59a7";
"20.09".ap-northeast-2.hvm-ebs = "ami-0754b4c014eea1e8a";
"20.09".ap-south-1.hvm-ebs = "ami-05100e32242ae65a6";
"20.09".ap-east-1.hvm-ebs = "ami-045288859a39de009";
"20.09".sa-east-1.hvm-ebs = "ami-0a937748db48fb00d";
# 20.09.1632.a6a3a368dda
"20.09".eu-west-1.hvm-ebs = "ami-01a79d5ce435f4db3";
"20.09".eu-west-2.hvm-ebs = "ami-0cbe14f32904e6331";
"20.09".eu-west-3.hvm-ebs = "ami-07f493412d6213de6";
"20.09".eu-central-1.hvm-ebs = "ami-01d4a0c2248cbfe38";
"20.09".eu-north-1.hvm-ebs = "ami-0003f54dd99d68e0f";
"20.09".us-east-1.hvm-ebs = "ami-068a62d478710462d";
"20.09".us-east-2.hvm-ebs = "ami-01ac677ff61399caa";
"20.09".us-west-1.hvm-ebs = "ami-04befdb203b4b17f6";
"20.09".us-west-2.hvm-ebs = "ami-0fb7bd4a43261c6b2";
"20.09".ca-central-1.hvm-ebs = "ami-06d5ee429f153f856";
"20.09".ap-southeast-1.hvm-ebs = "ami-0db0304e23c535b2a";
"20.09".ap-southeast-2.hvm-ebs = "ami-045983c4db7e36447";
"20.09".ap-northeast-1.hvm-ebs = "ami-0beb18d632cf64e5a";
"20.09".ap-northeast-2.hvm-ebs = "ami-0dd0316af578862db";
"20.09".ap-south-1.hvm-ebs = "ami-008d15ced81c88aed";
"20.09".ap-east-1.hvm-ebs = "ami-071f49713f86ea965";
"20.09".sa-east-1.hvm-ebs = "ami-05ded1ae35209b5a8";
latest = self."20.09";
}; in self

2
nixos/release-combined.nix
View file

@ -71,7 +71,6 @@ in rec {
(onFullSupported "nixos.tests.fontconfig-default-fonts")
(onFullSupported "nixos.tests.gnome3")
(onFullSupported "nixos.tests.gnome3-xorg")
(onFullSupported "nixos.tests.hardened")
(onSystems ["x86_64-linux"] "nixos.tests.hibernate")
(onFullSupported "nixos.tests.i3wm")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
@ -93,7 +92,6 @@ in rec {
(onFullSupported "nixos.tests.keymap.dvp")
(onFullSupported "nixos.tests.keymap.neo")
(onFullSupported "nixos.tests.keymap.qwertz")
(onFullSupported "nixos.tests.latestKernel.hardened")
(onFullSupported "nixos.tests.latestKernel.login")
(onFullSupported "nixos.tests.lightdm")
(onFullSupported "nixos.tests.login")

4
nixos/tests/all-tests.nix
View file

@ -225,6 +225,7 @@ in
mysql-backup = handleTest ./mysql/mysql-backup.nix {};
mysql-replication = handleTest ./mysql/mysql-replication.nix {};
nagios = handleTest ./nagios.nix {};
nar-serve = handleTest ./nar-serve.nix {};
nat.firewall = handleTest ./nat.nix { withFirewall = true; };
nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; };
nat.standalone = handleTest ./nat.nix { withFirewall = false; };
@ -255,6 +256,7 @@ in
novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {};
nsd = handleTest ./nsd.nix {};
nzbget = handleTest ./nzbget.nix {};
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
openarena = handleTest ./openarena.nix {};
openldap = handleTest ./openldap.nix {};
opensmtpd = handleTest ./opensmtpd.nix {};
@ -313,6 +315,7 @@ in
samba = handleTest ./samba.nix {};
sanoid = handleTest ./sanoid.nix {};
sbt = handleTest ./sbt.nix {};
scala = handleTest ./scala.nix {};
sddm = handleTest ./sddm.nix {};
service-runner = handleTest ./service-runner.nix {};
shadowsocks = handleTest ./shadowsocks {};
@ -366,6 +369,7 @@ in
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
tuptime = handleTest ./tuptime.nix {};
unbound = handleTest ./unbound.nix {};
udisks2 = handleTest ./udisks2.nix {};
unit-php = handleTest ./web-servers/unit-php.nix {};
upnp = handleTest ./upnp.nix {};

48
nixos/tests/nar-serve.nix Normal file
View file

@ -0,0 +1,48 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "nar-serve";
meta.maintainers = [ lib.maintainers.rizary ];
nodes =
{
server = { pkgs, ... }: {
services.nginx = {
enable = true;
virtualHosts.default.root = "/var/www";
};
services.nar-serve = {
enable = true;
# Connect to the localhost nginx instead of the default
# https://cache.nixos.org
cacheURL = "http://localhost/";
};
environment.systemPackages = [
pkgs.hello
pkgs.curl
];
networking.firewall.allowedTCPPorts = [ 8383 ];
# virtualisation.diskSize = 2 * 1024;
};
};
testScript = ''
start_all()
# Create a fake cache with Nginx service the static files
server.succeed(
"nix copy --to file:///var/www ${pkgs.hello}"
)
server.wait_for_unit("nginx.service")
server.wait_for_open_port(80)
# Check that nar-serve can return the content of the derivation
drvName = os.path.basename("${pkgs.hello}")
drvHash = drvName.split("-")[0]
server.wait_for_unit("nar-serve.service")
server.succeed(
"curl -o hello -f http://localhost:8383/nix/store/{}/bin/hello".format(drvHash)
)
'';
}
)

18
nixos/tests/oh-my-zsh.nix Normal file
View file

@ -0,0 +1,18 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "oh-my-zsh";
machine = { pkgs, ... }:
{
programs.zsh = {
enable = true;
ohMyZsh.enable = true;
};
};
testScript = ''
start_all()
machine.succeed("touch ~/.zshrc")
machine.succeed("zsh -c 'source /etc/zshrc && echo $ZSH | grep oh-my-zsh-${pkgs.oh-my-zsh.version}'")
'';
})

44
nixos/tests/prometheus-exporters.nix
View file

@ -609,6 +609,50 @@ let
'';
};
sql = {
exporterConfig = {
configuration.jobs.points = {
interval = "1m";
connections = [
"postgres://prometheus-sql-exporter@/data?host=/run/postgresql&sslmode=disable"
];
queries = {
points = {
labels = [ "name" ];
help = "Amount of points accumulated per person";
values = [ "amount" ];
query = "SELECT SUM(amount) as amount, name FROM points GROUP BY name";
};
};
};
enable = true;
user = "prometheus-sql-exporter";
};
metricProvider = {
services.postgresql = {
enable = true;
initialScript = builtins.toFile "init.sql" ''
CREATE DATABASE data;
\c data;
CREATE TABLE points (amount INT, name TEXT);
INSERT INTO points(amount, name) VALUES (1, 'jack');
INSERT INTO points(amount, name) VALUES (2, 'jill');
INSERT INTO points(amount, name) VALUES (3, 'jack');
CREATE USER "prometheus-sql-exporter";
GRANT ALL PRIVILEGES ON DATABASE data TO "prometheus-sql-exporter";
GRANT SELECT ON points TO "prometheus-sql-exporter";
'';
};
systemd.services.prometheus-sql-exporter.after = [ "postgresql.service" ];
};
exporterTest = ''
wait_for_unit("prometheus-sql-exporter.service")
wait_for_open_port(9237)
succeed("curl http://localhost:9237/metrics | grep -c 'sql_points{' | grep -q 2")
'';
};
surfboard = {
exporterConfig = {
enable = true;

33
nixos/tests/scala.nix Normal file
View file

@ -0,0 +1,33 @@
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../.. { inherit system config; }
}:
with pkgs.lib;
let
common = name: package: (import ./make-test-python.nix ({
inherit name;
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ nequissimus ];
};
nodes = {
scala = { ... }: {
environment.systemPackages = [ package ];
};
};
testScript = ''
start_all()
scala.succeed("scalac -version 2>&1 | grep '^Scala compiler version ${package.version}'")
'';
}) { inherit system; });
in with pkgs; {
scala_2_10 = common "scala_2_10" scala_2_10;
scala_2_11 = common "scala_2_11" scala_2_11;
scala_2_12 = common "scala_2_12" scala_2_12;
scala_2_13 = common "scala_2_13" scala_2_13;
}

278
nixos/tests/unbound.nix Normal file
View file

@ -0,0 +1,278 @@
/*
Test that our unbound module indeed works as most users would expect.
There are a few settings that we must consider when modifying the test. The
ususal use-cases for unbound are
* running a recursive DNS resolver on the local machine
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via UDP/53 & TCP/53
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via TCP/853 (DoT)
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/53 & UDP/53
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/853 (DoT)
In the below test setup we are trying to implement all of those use cases.
Another aspect that we cover is access to the local control UNIX socket. It
can optionally be enabled and users can optionally be in a group to gain
access. Users that are not in the group (except for root) should not have
access to that socket. Also, when there is no socket configured, users
shouldn't be able to access the control socket at all. Not even root.
*/
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
# common client configuration that we can just use for the multitude of
# clients we are constructing
common = { lib, pkgs, ... }: {
config = {
environment.systemPackages = [ pkgs.knot-dns ];
# disable the root anchor update as we do not have internet access during
# the test execution
services.unbound.enableRootTrustAnchor = false;
};
};
cert = pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=dns.example.local'
mkdir -p $out
cp key.pem cert.pem $out
'';
in
{
name = "unbound";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ andir ];
};
nodes = {
# The server that actually serves our zones, this tests unbounds authoriative mode
authoritative = { lib, pkgs, config, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.1"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::1"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
interfaces = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ];
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
extraConfig = ''
server:
local-data: "example.local. IN A 1.2.3.4"
local-data: "example.local. IN AAAA abcd::eeff"
'';
};
};
# The resolver that knows that fowards (only) to the authoritative server
# and listens on UDP/53, TCP/53 & TCP/853.
resolver = { lib, nodes, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.2"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::2"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [
53 # regular DNS
853 # DNS over TLS
];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ];
forwardAddresses = [
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address
];
extraConfig = ''
server:
tls-service-pem: ${cert}/cert.pem
tls-service-key: ${cert}/key.pem
'';
};
};
# machine that runs a local unbound that will be reconfigured during test execution
local_resolver = { lib, nodes, config, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.3"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::3"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [
53 # regular DNS
];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
allowedAccess = [ "::1" "127.0.0.0/8" ];
interfaces = [ "::1" "127.0.0.1" ];
localControlSocketPath = "/run/unbound/unbound.ctl";
extraConfig = ''
include: "/etc/unbound/extra*.conf"
'';
};
users.users = {
# user that is permitted to access the unix socket
someuser.extraGroups = [
config.users.users.unbound.group
];
# user that is not permitted to access the unix socket
unauthorizeduser = {};
};
environment.etc = {
"unbound-extra1.conf".text = ''
forward-zone:
name: "example.local."
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}
'';
"unbound-extra2.conf".text = ''
auth-zone:
name: something.local.
zonefile: ${pkgs.writeText "zone" ''
something.local. IN A 3.4.5.6
''}
'';
};
};
# plain node that only has network access and doesn't run any part of the
# resolver software locally
client = { lib, nodes, ... }: {
imports = [ common ];
networking.nameservers = [
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address
];
networking.interfaces.eth1.ipv4.addresses = [
{ address = "192.168.0.10"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = [
{ address = "fd21::10"; prefixLength = 64; }
];
};
};
testScript = { nodes, ... }: ''
import typing
import json
zone = "example.local."
records = [("AAAA", "abcd::eeff"), ("A", "1.2.3.4")]
def query(
machine,
host: str,
query_type: str,
query: str,
expected: typing.Optional[str] = None,
args: typing.Optional[typing.List[str]] = None,
):
"""
Execute a single query and compare the result with expectation
"""
text_args = ""
if args:
text_args = " ".join(args)
out = machine.succeed(
f"kdig {text_args} {query} {query_type} @{host} +short"
).strip()
machine.log(f"{host} replied with {out}")
if expected:
assert expected == out, f"Expected `{expected}` but got `{out}`"
def test(machine, remotes, /, doh=False, zone=zone, records=records, args=[]):
"""
Run queries for the given remotes on the given machine.
"""
for query_type, expected in records:
for remote in remotes:
query(machine, remote, query_type, zone, expected, args)
query(machine, remote, query_type, zone, expected, ["+tcp"] + args)
if doh:
query(
machine,
remote,
query_type,
zone,
expected,
["+tcp", "+tls"] + args,
)
client.start()
authoritative.wait_for_unit("unbound.service")
# verify that we can resolve locally
with subtest("test the authoritative servers local responses"):
test(authoritative, ["::1", "127.0.0.1"])
resolver.wait_for_unit("unbound.service")
with subtest("root is unable to use unbounc-control when the socket is not configured"):
resolver.succeed("which unbound-control") # the binary must exist
resolver.fail("unbound-control list_forwards") # the invocation must fail
# verify that the resolver is able to resolve on all the local protocols
with subtest("test that the resolver resolves on all protocols and transports"):
test(resolver, ["::1", "127.0.0.1"], doh=True)
resolver.wait_for_unit("multi-user.target")
with subtest("client should be able to query the resolver"):
test(client, ["${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}", "${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"], doh=True)
# discard the client we do not need anymore
client.shutdown()
local_resolver.wait_for_unit("multi-user.target")
# link a new config file to /etc/unbound/extra.conf
local_resolver.succeed("ln -s /etc/unbound-extra1.conf /etc/unbound/extra1.conf")
# reload the server & ensure the forwarding works
with subtest("test that the local resolver resolves on all protocols and transports"):
local_resolver.succeed("systemctl reload unbound")
print(local_resolver.succeed("journalctl -u unbound -n 1000"))
test(local_resolver, ["::1", "127.0.0.1"], args=["+timeout=60"])
with subtest("test that we can use the unbound control socket"):
out = local_resolver.succeed(
"sudo -u someuser -- unbound-control list_forwards"
).strip()
# Thank you black! Can't really break this line into a readable version.
expected = "example.local. IN forward ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address} ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"
assert out == expected, f"Expected `{expected}` but got `{out}` instead."
local_resolver.fail("sudo -u unauthorizeduser -- unbound-control list_forwards")
# link a new config file to /etc/unbound/extra.conf
local_resolver.succeed("ln -sf /etc/unbound-extra2.conf /etc/unbound/extra2.conf")
# reload the server & ensure the new local zone works
with subtest("test that we can query the new local zone"):
local_resolver.succeed("unbound-control reload")
r = [("A", "3.4.5.6")]
test(local_resolver, ["::1", "127.0.0.1"], zone="something.local.", records=r)
'';
})

18
pkgs/applications/audio/ardour/default.nix
View file

@ -12,17 +12,14 @@
, fftw
, fftwSinglePrec
, flac
, fluidsynth
, glibc
, glibmm
, graphviz
, gtkmm2
, hidapi
, itstool
, libarchive
, libjack2
, liblo
, libltc
, libogg
, libpulseaudio
, librdf_raptor
@ -42,11 +39,11 @@
, perl
, pkg-config
, python3
, qm-dsp
, readline
, rubberband
, serd
, sord
, soundtouch
, sratom
, suil
, taglib
@ -55,13 +52,13 @@
}:
stdenv.mkDerivation rec {
pname = "ardour";
version = "6.2";
version = "6.3";
# don't fetch releases from the GitHub mirror, they are broken
src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = version;
sha256 = "17jxbqavricy01x4ymq6d302djsqfnv84m7dm4fd8cpka0dqjp1y";
sha256 = "050p1adgyirr790a3xp878pq3axqwzcmrk3drgm9z6v753h0xhcd";
};
patches = [
@ -91,15 +88,12 @@ stdenv.mkDerivation rec {
fftw
fftwSinglePrec
flac
fluidsynth
glibmm
gtkmm2
hidapi
itstool
libarchive
libjack2
liblo
libltc
libogg
libpulseaudio
librdf_raptor
@ -118,11 +112,11 @@ stdenv.mkDerivation rec {
pango
perl
python3
qm-dsp
readline
rubberband
serd
sord
soundtouch
sratom
suil
taglib
@ -136,11 +130,11 @@ stdenv.mkDerivation rec {
"--no-phone-home"
"--optimize"
"--ptformat"
"--qm-dsp-include=${qm-dsp}/include/qm-dsp"
"--run-tests"
"--test"
"--use-external-libs"
];
# removed because it fixes https://tracker.ardour.org/view.php?id=8161 and https://tracker.ardour.org/view.php?id=8437
# "--use-external-libs"
# Ardour's wscript requires git revision and date to be available.
# Since they are not, let's generate the file manually.

6
pkgs/applications/audio/lollypop/default.nix
View file

@ -7,6 +7,7 @@
, python3
, gtk3
, gst_all_1
, libhandy
, libsecret
, libsoup
, appstream-glib
@ -24,7 +25,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.3.2";
version = "1.4.5";
format = "other";
doCheck = false;
@ -33,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "14854j1dhq67s1vzs0lqy345vbl6f5w8nb36n4i33fmpva2flsk3";
sha256 = "1i5qcpp3fpkda08g6nkiiff8lsjmv5xsvpa0512kigq5z0lsagrx";
};
nativeBuildInputs = [
@ -57,6 +58,7 @@ python3.pkgs.buildPythonApplication rec {
gst-plugins-ugly
gstreamer
gtk3
libhandy
libsoup
pango
totem-pl-parser

4
pkgs/applications/audio/plexamp/default.nix
View file

@ -2,13 +2,13 @@
let
pname = "plexamp";
version = "3.2.0";
version = "3.3.1";
name = "${pname}-${version}";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
sha256 = "R1BhobnwoU7oJ7bNes8kH2neXqHlMPbRCNjcHyzUPqo=";
name="${pname}-${version}.AppImage";
sha256 = "6/asP8VR+rJ52lKKds46gSw1or9suUEmyR75pjdWHIQ=";
};
appimageContents = appimageTools.extractType2 {

4
pkgs/applications/audio/pulseaudio-ctl/default.nix
View file

@ -7,13 +7,13 @@ let
in stdenv.mkDerivation rec {
name = "${pname}-${version}";
version = "1.67";
version = "1.68";
src = fetchFromGitHub {
owner = "graysky2";
repo = pname;
rev = "v${version}";
sha256 = "1mf5r7x6aiqmx9mz7gpckrqvvzxnr5gs2q1k4m42rjk6ldkpdb46";
sha256 = "0wrzfanwy18wyawpg8rfvfgjh3lwngqwmfpi4ww3530rfmi84cf0";
};
postPatch = ''

2
pkgs/applications/blockchains/namecoin.nix
View file

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
description = "Decentralized open source information registration and transfer system based on the Bitcoin cryptocurrency";
homepage = "https://namecoin.org";
license = licenses.mit;
maintainers = with maintainers; [ doublec infinisil ];
maintainers = with maintainers; [ infinisil ];
platforms = platforms.linux;
};
}

8
pkgs/applications/blockchains/polkadot/default.nix
View file

@ -7,18 +7,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "polkadot";
version = "0.8.25";
version = "0.8.26";
src = fetchFromGitHub {
owner = "paritytech";
repo = "polkadot";
rev = "v${version}";
sha256 = "1jdklmysr25rlwgx7pz0jw66j1w60h98kqghzjhr90zhynzh39lz";
sha256 = "1bvma6k3gsjqh8w76k4kf52sjg8wxn1b7a409kmnmmvmd9j6z5ia";
};
cargoSha256 = "08yfafrspkd1g1mhlfwngbknkxjkyymbcga8n2rdsk7mz0hm0vgy";
cargoPatches = [ ./substrate-wasm-builder-runner.patch ];
cargoSha256 = "0pacmmvvjgzmaxgg47qbfhqwl02jxj3i6vnmkjbj9npzqfmqf72d";
nativeBuildInputs = [ clang ];

25
pkgs/applications/blockchains/polkadot/substrate-wasm-builder-runner.patch
View file

@ -1,25 +0,0 @@
diff --git a/Cargo.lock b/Cargo.lock
index 5e7c4a14..bb67aada 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -8642,8 +8642,7 @@ dependencies = [
[[package]]
name = "substrate-wasm-builder-runner"
version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2a965994514ab35d3893e9260245f2947fd1981cdd4fffd2c6e6d1a9ce02e6a"
+source = "git+https://github.com/paritytech/substrate#647ad15565d7c35ecf00b73b12cccad9858780b9"
[[package]]
name = "subtle"
diff --git a/Cargo.toml b/Cargo.toml
index 78047a1a..2d571f8e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -112,3 +112,6 @@ polkadot = { path = "/usr/bin/polkadot" }
[package.metadata.rpm.files]
"../scripts/packaging/polkadot.service" = { path = "/usr/lib/systemd/system/polkadot.service", mode = "644" }
+
+[patch.crates-io]
+substrate-wasm-builder-runner = { git = "https://github.com/paritytech/substrate", branch = "master" }

43
pkgs/applications/editors/nano/nanorc/default.nix
View file

@ -1,14 +1,17 @@
{ stdenv, fetchFromGitHub }:
{ stdenv, fetchFromGitHub, writeScript, nixosTests, common-updater-scripts
, coreutils, git, gnused, nix, nixfmt }:
stdenv.mkDerivation {
let
owner = "scopatz";
repo = "nanorc";
in stdenv.mkDerivation rec {
pname = "nanorc";
version = "2020-01-25";
version = "2020-10-10";
src = fetchFromGitHub {
owner = "scopatz";
repo = "nanorc";
rev = "2020.1.25";
sha256 = "1y8jk3jsl4bd6r4hzmxzcf77hv8bwm0318yv7y2npkkd3a060z8d";
inherit owner repo;
rev = builtins.replaceStrings [ "-" ] [ "." ] version;
sha256 = "3B2nNFYkwYHCX6pQz/hMO/rnVqlCiw1BSNmGmJ6KCqE=";
};
dontBuild = true;
@ -19,6 +22,32 @@ stdenv.mkDerivation {
install *.nanorc $out/share/
'';
passthru.updateScript = writeScript "update.sh" ''
#!${stdenv.shell}
set -o errexit
PATH=${
stdenv.lib.makeBinPath [
common-updater-scripts
coreutils
git
gnused
nix
nixfmt
]
}
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion ${pname}" | tr -d '"' | sed 's|\\.|-|g')"
latestTag="$(git -c 'versionsort.suffix=-' ls-remote --exit-code --refs --sort='version:refname' --tags git@github.com:${owner}/${repo} '*.*.*' | tail --lines=1 | cut --delimiter='/' --fields=3)"
if [ "$oldVersion" != "$latestTag" ]; then
nixpkgs="$(git rev-parse --show-toplevel)"
default_nix="$nixpkgs/pkgs/applications/editors/nano/nanorc/default.nix"
newTag=$(echo $latestTag | sed 's|\.|-|g')
update-source-version ${pname} "$newTag" --version-key=version --print-changes
nixfmt "$default_nix"
else
echo "${pname} is already up-to-date"
fi
'';
meta = {
description = "Improved Nano Syntax Highlighting Files";
homepage = "https://github.com/scopatz/nanorc";

4
pkgs/applications/editors/neovim/gnvim/wrapper.nix
View file

@ -23,9 +23,7 @@ stdenv.mkDerivation {
cp -r '${gnvim-unwrapped}/share/applications' "$out/share/applications"
# Sed needs a writable directory to do inplace modifications
chmod u+rw "$out/share/applications"
for file in $out/share/applications/*.desktop; do
sed -e "s|Exec=.\\+gnvim\\>|Exec=$out/bin/gnvim|" -i "$file"
done
sed -e "s|Exec=.\\+gnvim\\>|Exec=gnvim|" -i $out/share/applications/*.desktop
'';
preferLocalBuild = true;

1
pkgs/applications/editors/neovim/wrapper.nix
View file

@ -43,7 +43,6 @@ let
postBuild = lib.optionalString stdenv.isLinux ''
rm $out/share/applications/nvim.desktop
substitute ${neovim}/share/applications/nvim.desktop $out/share/applications/nvim.desktop \
--replace 'TryExec=nvim' "TryExec=$out/bin/nvim" \
--replace 'Name=Neovim' 'Name=WrappedNeovim'
''
+ optionalString withPython2 ''

4
pkgs/applications/editors/quilter/default.nix
View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "quilter";
version = "2.5.0";
version = "2.5.1";
src = fetchFromGitHub {
owner = "lainsce";
repo = pname;
rev = version;
sha256 = "0622mh46z3fi6zvipmgj8k4d4gj1c2781l10frk7wqq1sysjrxps";
sha256 = "0ya1iwzfzvrci083zyrjj6ac4ys25j90slpk8yydw9n99kb750rk";
};
nativeBuildInputs = [

2
pkgs/applications/editors/qxmledit/qxmledit.json
View file

@ -3,4 +3,4 @@
"repo": "qxmledit",
"rev": "6136dca50ceb3b4447c91a7a18dcf84785ea11d1",
"sha256": "1wcnphalwf0a5gz9r44jgk8wcv1w2qipbwjkbzkra2kxanxns834"
}
}

17
pkgs/applications/editors/texmacs/default.nix
View file

@ -16,7 +16,7 @@
let
pname = "TeXmacs";
version = "1.99.13";
version = "1.99.14";
common = callPackage ./common.nix {
inherit tex extraFonts chineseFonts japaneseFonts koreanFonts;
};
@ -26,22 +26,9 @@ mkDerivation {
src = fetchurl {
url = "https://www.texmacs.org/Download/ftp/tmftp/source/TeXmacs-${version}-src.tar.gz";
sha256 = "Aq0cS47QqmFQHelxRjANeJlgXCXagnYRykpAq7wHqbQ=";
sha256 = "1zbl1ddhppgnn3j213jl1b9mn8zmwnknxiqswm25p4llj0mqcgna";
};
patches = [
# Minor patch for Qt 5.15 support, should be included in next release.
(fetchpatch {
url = "https://github.com/texmacs/texmacs/commit/3cf56af92326b74538f5e943928199ba6e963d0b.patch";
sha256 = "+OBQmnKgvQZZkLx6ea773Dwq0o7L92Sex/kcVUhmg6Q=";
})
# Fix returned version, lets hope they remember to bump the version next release.
(fetchpatch {
url = "https://github.com/texmacs/texmacs/commit/da5b67005d2fc31bb32ea1ead882c26af12d8cbb.patch";
sha256 = "czMgdraQErrdvN83jY76P673L52BpQkDwntmKvF0Ykg=";
})
];
enableParallelBuilding = true;
nativeBuildInputs = [ cmake pkgconfig ];

0
pkgs/applications/editors/textadept/default.nix → pkgs/applications/editors/textadept/10/default.nix
View file

0
pkgs/applications/editors/textadept/deps.nix → pkgs/applications/editors/textadept/10/deps.nix generated
View file

53
pkgs/applications/editors/textadept/11/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ lib, stdenv, fetchhg, fetchFromGitHub, fetchurl, gtk2, glib, pkgconfig, unzip, ncurses, zip }:
stdenv.mkDerivation rec {
version = "11.0_beta";
pname = "textadept11";
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
gtk2 ncurses glib unzip zip
];
src = fetchFromGitHub {
name = "textadept11";
owner = "orbitalquark";
repo = "textadept";
rev = "8da5f6b4a13f14b9dd3cb9dc23ad4f7bf41e91c1";
sha256 = "0v11v3x8g6v696m3l1bm52zy2g9xzz7hlmn912sn30nhcag3raxs";
};
preConfigure =
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: params:
"ln -s ${fetchurl params} $PWD/src/${name}"
) (import ./deps.nix)) + ''
cd src
make deps
'';
postBuild = ''
make curses
'';
preInstall = ''
mkdir -p $out/share/applications
mkdir -p $out/share/pixmaps
'';
postInstall = ''
make curses install PREFIX=$out MAKECMDGOALS=curses
'';
makeFlags = [
"PREFIX=$(out) WGET=true PIXMAPS_DIR=$(out)/share/pixmaps"
];
meta = with stdenv.lib; {
description = "An extensible text editor based on Scintilla with Lua scripting. Version 11_beta";
homepage = "http://foicica.com/textadept";
license = licenses.mit;
maintainers = with maintainers; [ raskin mirrexagon ];
platforms = platforms.linux;
};
}

50
pkgs/applications/editors/textadept/11/deps.nix generated Normal file
View file

@ -0,0 +1,50 @@
{
"scintilla445.tgz" = {
url = "https://www.scintilla.org/scintilla445.tgz";
sha256 = "1v1kyxj7rv5rxadbg8gl8wh1jafpy7zj0wr6dcyxq9209dl6h8ag";
};
"9e2ffa159299899c9345aea15c17ba1941953871.zip" = {
url = "https://github.com/orbitalquark/scinterm/archive/9e2ffa159299899c9345aea15c17ba1941953871.zip";
sha256 = "12h7prgp689w45p4scxd8vvsyw8fkv27g6gvgis55xr44daa6122";
};
"scintillua_4.4.5-1.zip" = {
url = "https://github.com/orbitalquark/scintillua/archive/scintillua_4.4.5-1.zip";
sha256 = "095wpbid2kvr5xgkhd5bd4sd7ljgk6gd9palrjkmdcwfgsf1lp04";
};
"lua-5.3.5.tar.gz" = {
url = "http://www.lua.org/ftp/lua-5.3.5.tar.gz";
sha256 = "1b2qn2rv96nmbm6zab4l877bd4zq7wpwm8drwjiy2ih4jqzysbhc";
};
"lpeg-1.0.2.tar.gz" = {
url = "http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-1.0.2.tar.gz";
sha256 = "1zjzl7acvcdavmcg5l7wi12jd4rh95q9pl5aiww7hv0v0mv6bmj8";
};
"v1_7_0_2.zip" = {
url = "https://github.com/keplerproject/luafilesystem/archive/v1_7_0_2.zip";
sha256 = "0y44ymc7higz5dd2w3c6ib7mwmpr6yvszcl7lm12nf8x3y4snx4i";
};
"64587546482a1a6324706d75c80b77d2f87118a4.zip" = {
url = "https://github.com/orbitalquark/gtdialog/archive/64587546482a1a6324706d75c80b77d2f87118a4.zip";
sha256 = "10mglbnn8r1cakqn9h285pwfnh7kfa98v7j8qh83c24n66blyfh9";
};
"cdk-5.0-20150928.tgz" = {
url = "http://invisible-mirror.net/archives/cdk/cdk-5.0-20150928.tgz";
sha256 = "0j74l874y33i26y5kjg3pf1vswyjif8k93pqhi0iqykpbxfsg382";
};
"libtermkey-0.20.tar.gz" = {
url = "http://www.leonerd.org.uk/code/libtermkey/libtermkey-0.20.tar.gz";
sha256 = "1xfj6lchhfljmbcl6dz8dpakppyy13nbl4ykxiv5x4dr9b4qf3bc";
};
"pdcurs39.zip" = {
url = "https://github.com/wmcbrine/PDCurses/archive/3.9.zip";
sha256 = "0ydsa15d6fgk15zcavbxsi4vj3knlr2495dc5v4f5xzvv2qwlb2w";
};
"bombay.zip" = {
url = "http://foicica.com/hg/bombay/archive/b25520cc76bb.zip";
sha256 = "07spq7jmkfyq20gv67yffara3ln3ns2xi0k02m2mxdms3xm1q36h";
};
"cloc-1.60.pl" = {
url = "http://prdownloads.sourceforge.net/cloc/cloc-1.60.pl";
sha256 = "0p504bi19va3dh274v7lb7giqrydwa5yyry60f7jpz84y6z71a2a";
};
}

13
pkgs/applications/editors/vim/macvim.nix
View file

@ -94,6 +94,19 @@ stdenv.mkDerivation {
+ ''
unset LD
''
# When building with nix-daemon, we need to pass -derivedDataPath or else it tries to use
# a folder rooted in /var/empty and fails. Unfortunately we can't just pass -derivedDataPath
# by itself as this flag requires the use of -scheme or -xctestrun (not sure why), but MacVim
# by default just runs `xcodebuild -project src/MacVim/MacVim.xcodeproj`, relying on the default
# behavior to build the first target in the project. Experimentally, there seems to be a scheme
# called MacVim, so we'll explicitly select that. We also need to specify the configuration too
# as the scheme seems to have the wrong default.
+ ''
configureFlagsArray+=(
XCODEFLAGS="-scheme MacVim -derivedDataPath $NIX_BUILD_TOP/derivedData"
--with-xcodecfg="Release"
)
''
;
# Because we're building with system clang, this means we're building against Xcode's SDK and

6
pkgs/applications/editors/vscode/vscode.nix
View file

@ -11,8 +11,8 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "0mpb4641icr3z89y2rlh5anli40p1f48sl5xagr7h3nb5c84k10x";
x86_64-darwin = "1azmc79zf72007qc1xndp9wdkd078mvqgv35hf231q7kdi6wzxcp";
x86_64-linux = "18fx2nsgn09l2gzgr1abi0cp4g8z2v9177sdl2rqr0yvmwk5i3p0";
x86_64-darwin = "14qdfz8q1dz0skkcgpamksgdvgsid2mcm9h09cvkh4z3v458100r";
}.${system};
in
callPackage ./generic.nix rec {
@ -21,7 +21,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.50.1";
version = "1.51.0";
pname = "vscode";
executableName = "code" + lib.optionalString isInsiders "-insiders";

6
pkgs/applications/editors/vscode/vscodium.nix
View file

@ -11,8 +11,8 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "1sarih1yah69ympp12bmgyb0y9ybrxasppb47l58w05iz1wpn6v0";
x86_64-darwin = "1pj041kccj2i77v223i86xxqj9bg88k0sfbshm7qiynwyj9p05ji";
x86_64-linux = "0qims8qypx6aackw1b47pb7hkf0lffh94c69bm5rld2swzczcfnj";
x86_64-darwin = "1i96qhynjl1ihycq25xjakqlyvszindg5g8kgyhd6ab0q0zhmxqy";
}.${system};
sourceRoot = {
@ -27,7 +27,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.50.1";
version = "1.51.0";
pname = "vscodium";
executableName = "codium";

4
pkgs/applications/gis/qgis/unwrapped.nix
View file

@ -10,7 +10,7 @@ let
[ qscintilla-qt5 gdal jinja2 numpy psycopg2
chardet dateutil pyyaml pytz requests urllib3 pygments pyqt5 sip owslib six ];
in mkDerivation rec {
version = "3.10.10";
version = "3.10.11";
pname = "qgis";
name = "${pname}-unwrapped-${version}";
@ -18,7 +18,7 @@ in mkDerivation rec {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings ["."] ["_"] version}";
sha256 = "yZBG+bpJA7iKkUEjVo45d+bmRp9WS7mk8z96FLf0ZQ0=";
sha256 = "157hwi9sgnsf0csbfg4x3c7vh0zgf1hnqgn04lhg9xa1n8jjbv2q";
};
passthru = {

31
pkgs/applications/graphics/photoflare/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ mkDerivation, stdenv, graphicsmagick, fetchFromGitHub, qmake, qtbase, qttools
}:
mkDerivation rec {
pname = "photoflare";
version = "1.6.5";
src = fetchFromGitHub {
owner = "PhotoFlare";
repo = "photoflare";
rev = "v${version}";
sha256 = "0a394324h7ds567z3i3pw6kkii78n4qwdn129kgkkm996yh03q89";
};
nativeBuildInputs = [ qmake qttools ];
buildInputs = [ qtbase graphicsmagick ];
qmakeFlags = [ "PREFIX=${placeholder "out"}" ];
NIX_CFLAGS_COMPILE = "-I${graphicsmagick}/include/GraphicsMagick";
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "A cross-platform image editor with a powerful features and a very friendly graphical user interface";
homepage = "https://photoflare.io";
maintainers = [ maintainers.omgbebebe ];
license = licenses.gpl3;
platforms = platforms.linux;
};
}

15
pkgs/applications/graphics/yed/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchzip, makeWrapper, unzip, jre }:
{ stdenv, fetchzip, makeWrapper, unzip, jre, wrapGAppsHook }:
stdenv.mkDerivation rec {
pname = "yEd";
@ -9,16 +9,25 @@ stdenv.mkDerivation rec {
sha256 = "0sd73s700f3gqq5zq1psrqjg6ff2gv49f8vd37v6bv65vdxqxryq";
};
nativeBuildInputs = [ makeWrapper unzip ];
nativeBuildInputs = [ makeWrapper unzip wrapGAppsHook ];
# For wrapGAppsHook setup hook
buildInputs = [ jre.gtk3 ];
installPhase = ''
dontConfigure = true;
dontBuild = true;
dontInstall = true;
preFixup = ''
mkdir -p $out/yed
cp -r * $out/yed
mkdir -p $out/bin
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
makeWrapper ${jre}/bin/java $out/bin/yed \
''${makeWrapperArgs[@]} \
--add-flags "-jar $out/yed/yed.jar --"
'';
dontWrapGApps = true;
meta = with stdenv.lib; {
license = licenses.unfree;

2
pkgs/applications/kde/elisa.nix
View file

@ -3,6 +3,7 @@
, lib
, extra-cmake-modules
, kdoctools
, qtbase
, qtmultimedia
, qtquickcontrols2
, qtwebsockets
@ -42,5 +43,6 @@ mkDerivation rec {
description = "A simple media player for KDE";
license = licenses.gpl3;
maintainers = with maintainers; [ peterhoeg ];
broken = lib.versionOlder qtbase.version "5.14";
};
}

7
pkgs/applications/kde/kwave.nix
View file

@ -1,14 +1,17 @@
{ mkDerivation, lib, extra-cmake-modules, kdoctools, qtmultimedia, kcompletion, kconfig, kcrash, kiconthemes, kio, audiofile, libsamplerate
, alsaLib, libpulseaudio, flac, id3lib, libogg, libmad, libopus, libvorbis, fftw, librsvg }:
{ mkDerivation, lib, extra-cmake-modules, kdoctools, qtmultimedia, kcompletion, kconfig
, kcrash, kiconthemes, kio, audiofile, libsamplerate, alsaLib, libpulseaudio, flac, id3lib
, libogg, libmad, libopus, libvorbis, fftw, librsvg, qtbase }:
mkDerivation {
name = "kwave";
meta = with lib; {
homepage = "https://kde.org/applications/en/multimedia/org.kde.kwave";
description = "A simple media player";
maintainers = with maintainers; [ freezeboy ];
license = licenses.gpl2Plus;
platforms = platforms.linux;
broken = lib.versionOlder qtbase.version "5.14";
};
nativeBuildInputs = [
extra-cmake-modules

3
pkgs/applications/kde/minuet.nix
View file

@ -1,4 +1,4 @@
{ mkDerivation
{ mkDerivation, qtbase
, lib, extra-cmake-modules, gettext, python
, drumstick, fluidsynth
, kcoreaddons, kcrash, kdoctools
@ -10,6 +10,7 @@ mkDerivation {
meta = with lib; {
license = with licenses; [ lgpl21 gpl3 ];
maintainers = with maintainers; [ peterhoeg HaoZeke ];
broken = lib.versionOlder qtbase.version "5.14";
};
nativeBuildInputs = [ extra-cmake-modules gettext kdoctools python qtdeclarative ];

6
pkgs/applications/misc/archiver/default.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "archiver";
version = "3.4.0";
version = "3.5.0";
src = fetchFromGitHub {
owner = "mholt";
repo = pname;
rev = "v${version}";
sha256 = "16jawybywqfkp68035bnf206a2w4khjw239saa429a21lxrfyk4a";
sha256 = "0fdkqfs87svpijccz8m11gvby8pvmznq6fs9k94vbzak0kxhw1wg";
};
vendorSha256 = "0m89ibj3dm58j49d99dhkn0ryivnianxz7lkpkvhs0cdbzzc02az";
vendorSha256 = "0avnskay23mpl3qkyf1h75rr7szpsxis2bj5pplhwf8q8q0212xf";
buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev} -X main.date=unknown" ];

6
pkgs/applications/misc/charm/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "charm";
version = "0.8.3";
version = "0.8.4";
src = fetchFromGitHub {
owner = "charmbracelet";
repo = "charm";
rev = "v${version}";
sha256 = "1nbix7fi6g9jadak5zyx7fdz7d6367aly6fnrs0v98zsl1kxyvx3";
sha256 = "0wsh83kchqakvx7kgs2s31rzsvnfr47jk6pbmqzjv1kqmnlhc3rh";
};
vendorSha256 = "0lhml6m0j9ksn09j7z4d9pix5aszhndpyqajycwj3apvi3ic90il";
vendorSha256 = "1lg4bbdzgnw50v6m6p7clibwm8m82kdr1jizgbmhfmzy15d5sfll";
doCheck = false;

4
pkgs/applications/misc/dasel/default.nix
View file

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "dasel";
version = "1.1.0";
version = "1.2.0";
src = fetchFromGitHub {
owner = "TomWright";
repo = pname;
rev = "v${version}";
sha256 = "sha256:11xm47p7n79mq2zkv9q9m5v4a1gga01pkzi2j42gq1ma9hwz4idz";
sha256 = "sha256-Un9tqODwiWsaw66t2m8NyaDF0+hq/e0tmRFi3/T4LMI=";
};
vendorSha256 = "sha256:1552k85z4s6gv7sss7dccv3h8x22j2sr12icp6s7s0a3i4iwyksw";

26
pkgs/applications/misc/elf-dissector/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ mkDerivation, fetchgit, lib, cmake, extra-cmake-modules, kitemmodels
, libiberty, libelf, libdwarf, libopcodes }:
mkDerivation rec {
pname = "elf-dissector";
version = "unstable-2020-11-14";
src = fetchgit {
url = "https://invent.kde.org/sdk/elf-dissector.git";
rev = "d1700e76e3f60aff0a2a9fb63bc001251d2be522";
sha256 = "1h1xr3ag1sbf005drcx8g8dc5mk7fb2ybs73swrld7clcawhxnk8";
};
nativeBuildInputs = [ cmake extra-cmake-modules ];
buildInputs = [ kitemmodels libiberty libelf libdwarf libopcodes ];
enableParallelBuilding = true;
meta = with lib; {
homepage = "https://invent.kde.org/sdk/elf-dissector";
description = "Tools for inspecting, analyzing and optimizing ELF files";
license = licenses.gpl2;
maintainers = with maintainers; [ ehmry ];
};
}

10
pkgs/applications/misc/kupfer/default.nix
View file

@ -16,6 +16,8 @@ buildPythonApplication rec {
pname = "kupfer";
version = "319";
format = "other";
src = fetchurl {
url = "https://github.com/kupferlauncher/kupfer/releases/download/v${version}/kupfer-v${version}.tar.xz";
sha256 = "0c9xjx13r8ckfr4az116bhxsd3pk78v04c3lz6lqhraak0rp4d92";
@ -33,13 +35,9 @@ buildPythonApplication rec {
# see https://github.com/NixOS/nixpkgs/issues/56943 for details
strictDeps = false;
postInstall = let
pythonPath = (stdenv.lib.concatMapStringsSep ":"
(m: "${m}/lib/${python.libPrefix}/site-packages")
propagatedBuildInputs);
in ''
postInstall = ''
gappsWrapperArgs+=(
"--prefix" "PYTHONPATH" : "${pythonPath}"
"--prefix" "PYTHONPATH" : "${makePythonPath propagatedBuildInputs}"
"--set" "PYTHONNOUSERSITE" "1"
)
'';

36
pkgs/applications/misc/megasync/default.nix
View file

@ -1,17 +1,40 @@
{ stdenv, autoconf, automake, c-ares, cryptopp, curl, doxygen, fetchFromGitHub
, fetchpatch, ffmpeg_3, libmediainfo, libraw, libsodium, libtool, libuv, libzen
, lsb-release, mkDerivation, pkgconfig, qtbase, qttools, sqlite, swig, unzip
, wget }:
{ stdenv
, autoconf
, automake
, c-ares
, cryptopp
, curl
, doxygen
, fetchFromGitHub
, fetchpatch
, ffmpeg_3
, libmediainfo
, libraw
, libsodium
, libtool
, libuv
, libzen
, lsb-release
, mkDerivation
, pkgconfig
, qtbase
, qttools
, qtx11extras
, sqlite
, swig
, unzip
, wget
}:
mkDerivation rec {
pname = "megasync";
version = "4.3.1.0";
version = "4.3.5.0";
src = fetchFromGitHub {
owner = "meganz";
repo = "MEGAsync";
rev = "v${version}_Linux";
sha256 = "0b68wpif8a0wf1vfn1nr19dmz8f31dprb27jpldxrxhyfslc43yj";
sha256 = "0rr1jjy0n5bj1lh6xi3nbbcikvq69j3r9qnajp4mhywr5izpccvs";
fetchSubmodules = true;
};
@ -29,6 +52,7 @@ mkDerivation rec {
libuv
libzen
qtbase
qtx11extras
sqlite
unzip
wget

4
pkgs/applications/misc/nwg-launchers/default.nix
View file

@ -12,13 +12,13 @@
stdenv.mkDerivation rec {
pname = "nwg-launchers";
version = "0.4.0";
version = "0.4.2";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = pname;
rev = "v${version}";
sha256 = "0r0wj4w3jj3l56z1lx6ypkzz4fsgx4vzqbvs95661l8q362pndzw";
sha256 = "0flp7mwj1pgcwx3k9pzc8pmqlkhbddj0maimdnvlazk87kzxpfd0";
};
nativeBuildInputs = [

175
pkgs/applications/misc/octoprint/m33-fio-one-library.patch
View file

@ -1,175 +0,0 @@
From 314bcebfcd1759981ce12255be29d8ae68cd400b Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Wed, 23 Nov 2016 00:40:48 +0300
Subject: [PATCH] Build and use one version of preprocessor library
---
octoprint_m33fio/__init__.py | 73 ++----------------------------------------
shared library source/Makefile | 62 +++--------------------------------
2 files changed, 6 insertions(+), 129 deletions(-)
diff --git a/octoprint_m33fio/__init__.py b/octoprint_m33fio/__init__.py
index 054870a..4d5ecc1 100755
--- a/octoprint_m33fio/__init__.py
+++ b/octoprint_m33fio/__init__.py
@@ -1189,78 +1189,9 @@ class M33FioPlugin(
# Check if using shared library or checking if it is usable
if self._settings.get_boolean(["UseSharedLibrary"]) or isUsable :
- # Check if running on Linux
- if platform.uname()[0].startswith("Linux") :
-
- # Check if running on a Raspberry Pi 1
- if platform.uname()[4].startswith("armv6l") and self.getCpuHardware() == "BCM2708" :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_arm1176jzf-s.so")
-
- # Otherwise check if running on a Raspberry Pi 2 or Raspberry Pi 3
- elif platform.uname()[4].startswith("armv7l") and self.getCpuHardware() == "BCM2709" :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_arm_cortex-a7.so")
-
- # Otherwise check if running on an ARM7 device
- elif platform.uname()[4].startswith("armv7") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_arm7.so")
-
- # Otherwise check if using an i386 or x86-64 device
- elif platform.uname()[4].endswith("86") or platform.uname()[4].endswith("64") :
-
- # Check if Python is running as 32-bit
- if platform.architecture()[0].startswith("32") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_i386.so")
-
- # Otherwise check if Python is running as 64-bit
- elif platform.architecture()[0].startswith("64") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_x86-64.so")
-
- # Otherwise check if running on Windows and using an i386 or x86-64 device
- elif platform.uname()[0].startswith("Windows") and (platform.uname()[4].endswith("86") or platform.uname()[4].endswith("64")) :
+ # Set shared library
+ self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace('\\', '/') + "/static/libraries/libpreprocessor.so")
- # Check if Python is running as 32-bit
- if platform.architecture()[0].startswith("32") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_i386.dll")
-
- # Otherwise check if Python is running as 64-bit
- elif platform.architecture()[0].startswith("64") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_x86-64.dll")
-
- # Otherwise check if running on macOS and using an i386 or x86-64 device
- elif platform.uname()[0].startswith("Darwin") and (platform.uname()[4].endswith("86") or platform.uname()[4].endswith("64")) :
-
- # Check if Python is running as 32-bit
- if platform.architecture()[0].startswith("32") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_i386.dylib")
-
- # Otherwise check if Python is running as 64-bit
- elif platform.architecture()[0].startswith("64") :
-
- # Set shared library
- self.sharedLibrary = ctypes.cdll.LoadLibrary(self._basefolder.replace("\\", "/") + "/static/libraries/preprocessor_x86-64.dylib")
-
- # Otherwise check if running FreeBSD
- elif platform.uname()[0].startswith("FreeBSD") :
-
- # TODO: Compile FreeBSD shared library pre-processors
- pass
-
# Check if shared library was set
if self.sharedLibrary :
diff --git a/shared library source/Makefile b/shared library source/Makefile
index 792b4f4..4c74f5c 100755
--- a/shared library source/Makefile
+++ b/shared library source/Makefile
@@ -1,68 +1,14 @@
-# Target platform options: LINUX32, LINUX64, WINDOWS32, WINDOWS64, PI, PI2, ARM7, MACOS32, MACOS64
-LIBRARY_NAME = preprocessor
-TARGET_PLATFORM = LINUX64
+LIBRARY_NAME = libpreprocessor
VER = .1
-ifeq ($(TARGET_PLATFORM), LINUX32)
- PROG = $(LIBRARY_NAME)_i386.so
- CC = g++
- CFLAGS = -fPIC -m32 -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), LINUX64)
- PROG = $(LIBRARY_NAME)_x86-64.so
- CC = g++
- CFLAGS = -fPIC -m64 -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), WINDOWS32)
- PROG = $(LIBRARY_NAME)_i386.dll
- CC = i686-w64-mingw32-g++
- CFLAGS = -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), WINDOWS64)
- PROG = $(LIBRARY_NAME)_x86-64.dll
- CC = x86_64-w64-mingw32-g++
- CFLAGS = -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), PI)
- PROG = $(LIBRARY_NAME)_arm1176jzf-s.so
- CC = /opt/arm-toolchain/arm-bcm2708/arm-rpi-4.9.3-linux-gnueabihf/bin/arm-linux-gnueabihf-g++
- CFLAGS = -fPIC -mcpu=arm1176jzf-s -mfpu=vfp -mfloat-abi=hard -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), PI2)
- PROG = $(LIBRARY_NAME)_arm_cortex-a7.so
- CC = /opt/arm-toolchain/arm-bcm2708/arm-rpi-4.9.3-linux-gnueabihf/bin/arm-linux-gnueabihf-g++
- CFLAGS = -fPIC -mcpu=cortex-a7 -mfpu=neon-vfpv4 -mfloat-abi=hard -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), ARM7)
- PROG = $(LIBRARY_NAME)_arm7.so
- CC = /opt/arm-toolchain/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin/arm-linux-gnueabihf-g++
- CFLAGS = -fPIC -mcpu=generic-armv7-a -mfpu=vfp -mfloat-abi=hard -static-libgcc -O3 -Wl,-soname,$(PROG)$(VER) -static-libstdc++
-endif
-
-ifeq ($(TARGET_PLATFORM), MACOS32)
- PROG = $(LIBRARY_NAME)_i386.dylib
- CC = clang++
- CFLAGS = -fPIC -m32 -stdlib=libc++ -O3 -Wl,-install_name,$(PROG)$(VER)
-
-endif
-
-ifeq ($(TARGET_PLATFORM), MACOS64)
- PROG = $(LIBRARY_NAME)_x86-64.dylib
- CC = clang++
- CFLAGS = -fPIC -m64 -stdlib=libc++ -O3 -Wl,-install_name,$(PROG)$(VER)
-endif
+PROG = $(LIBRARY_NAME).so
+CFLAGS = -fPIC -O3 -Wl,-soname,$(PROG)$(VER)
SRCS = preprocessor.cpp gcode.cpp vector.cpp
CFLAGS += -Wall -std=c++11 -fvisibility=hidden -shared
all:
- $(CC) $(CFLAGS) -o ../octoprint_m33fio/static/libraries/$(PROG) $(SRCS)
+ $(CXX) $(CFLAGS) -o ../octoprint_m33fio/static/libraries/$(PROG) $(SRCS)
clean:
rm -f ../octoprint_m33fio/static/libraries/$(PROG)
--
2.14.1

19
pkgs/applications/misc/octoprint/plugins.nix
View file

@ -109,6 +109,25 @@ in {
};
};
marlingcodedocumentation = buildPlugin rec {
pname = "MarlinGcodeDocumentation";
version = "0.11.0";
src = fetchFromGitHub {
owner = "costas-basdekis";
repo = pname;
rev = "v${version}";
sha256 = "0vx06w9hqwy0k4r8g67y8gdckfdx7wl8ghfx6hmxc1s8fgkghfkc";
};
meta = with stdenv.lib; {
description = "Displays GCode documentation for Marlin in the Octoprint terminal command line";
homepage = "https://github.com/costas-basdekis/MarlinGcodeDocumentation";
license = licenses.agpl3;
maintainers = with maintainers; [ lovesegfault ];
};
};
mqtt = buildPlugin rec {
pname = "MQTT";
version = "0.8.7";

61
pkgs/applications/misc/pass-secret-service/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ stdenv, fetchFromGitHub, python3, dbus, gnupg }:
python3.pkgs.buildPythonApplication rec {
pname = "pass-secret-service";
# PyPI has old alpha version. Since then the project has switched from using a
# seemingly abandoned D-Bus package pydbus and started using maintained
# dbus-next. So let's use latest from GitHub.
version = "unstable-2020-04-12";
src = fetchFromGitHub {
owner = "mdellweg";
repo = "pass_secret_service";
rev = "f6fbca6ac3ccd16bfec407d845ed9257adf74dfa";
sha256 = "0rm4pbx1fiwds1v7f99khhh7x3inv9yniclwd95mrbgljk3cc6a4";
};
# Need to specify session.conf file for tests because it won't be found under
# /etc/ in check phase.
postPatch = ''
substituteInPlace Makefile \
--replace \
"dbus-run-session" \
"dbus-run-session --config-file=${dbus}/share/dbus-1/session.conf"
'';
propagatedBuildInputs = with python3.pkgs; [
click
cryptography
dbus-next
decorator
pypass
secretstorage
];
checkInputs =
let
ps = python3.pkgs;
in
[
dbus
gnupg
ps.pytest
ps.pytest-asyncio
ps.pypass
];
checkPhase = ''
runHook preCheck
make test
runHook postCheck
'';
meta = {
description = "Libsecret D-Bus API with pass as the backend";
homepage = "https://github.com/mdellweg/pass_secret_service/";
license = stdenv.lib.licenses.gpl3Only;
platforms = stdenv.lib.platforms.all;
maintainers = with stdenv.lib.maintainers; [ jluttine ];
};
}

30
pkgs/applications/misc/plater/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ mkDerivation
, cmake
, fetchFromGitHub
, lib
, libGLU
, qtbase
}:
mkDerivation rec {
pname = "plater";
version = "2020-07-30";
src = fetchFromGitHub {
owner = "Rhoban";
repo = "Plater";
rev = "f8de6d038f95a9edebfcfe142c8e9783697d5b47";
sha256 = "0r20mbzd16zv1aiadjqdy7z6sp09rr6lgfxhvir4ll3cpakkynr4";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ libGLU qtbase ];
meta = with lib; {
description = "3D-printer parts placer and plate generator";
homepage = "https://github.com/Rhoban/Plater";
maintainers = with maintainers; [ lovesegfault ];
platforms = platforms.linux;
license = licenses.cc-by-nc-30;
};
}

27
pkgs/applications/misc/tiv/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ stdenv, fetchFromGitHub, imagemagick }:
stdenv.mkDerivation rec {
pname = "tiv";
version = "1.1.0";
src = fetchFromGitHub {
owner = "stefanhaustein";
repo = "TerminalImageViewer";
rev = "v${version}";
sha256 = "17zqbwj2imk6ygyc142mw6v4fh7h4rd5vzn5wxr9gs0g8qdc6ixn";
};
buildInputs = [ imagemagick ];
makeFlags = [ "prefix=$(out)" ];
preConfigure = "cd src/main/cpp";
meta = with stdenv.lib; {
homepage = "https://github.com/stefanhaustein/TerminalImageViewer";
description = "Small C++ program to display images in a (modern) terminal using RGB ANSI codes and unicode block graphics characters";
license = licenses.asl20;
maintainers = with maintainers; [ magnetophon ];
platforms = [ "x86_64-linux" ];
};
}

6
pkgs/applications/misc/wtf/default.nix
View file

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "wtf";
version = "0.33.0";
version = "0.34.0";
src = fetchFromGitHub {
owner = "wtfutil";
repo = pname;
rev = "v${version}";
sha256 = "0dszc3igfvlb6dgf5whyhw72id39lqqmgpd42kyqx5yjf5dw2wg7";
sha256 = "01zydr1w8byjhxf4xj6z001q4ynq0452cn332ap1l1w0dmx9mxyr";
};
vendorSha256 = "1wcqk8lfv3jq7dfaj9dj8bzsmq2qislzs1m38gx1hh4jwg1rn2cn";
vendorSha256 = "1xyai417l8q44b562ssp5qqw04klrhg5397ahr4pc3i30csz8a7a";
doCheck = false;

42
pkgs/applications/misc/xautoclick/default.nix
View file

@ -1,32 +1,30 @@
{ stdenv, fetchurl, xorg, pkgconfig
, gtkSupport ? true, gtk2
, qtSupport ? true, qt4
{ stdenv, fetchFromGitHub, xorg, pkg-config
, cmake, libevdev
, gtkSupport ? true, gtk3, pcre, glib, wrapGAppsHook
, fltkSupport ? true, fltk
, qtSupport ? true, qt5
}:
stdenv.mkDerivation {
version = "0.31";
stdenv.mkDerivation rec {
pname = "xautoclick";
src = fetchurl {
url = "mirror://sourceforge/project/xautoclick/xautoclick/xautoclick-0.31/xautoclick-0.31.tar.gz";
sha256 = "0h522f12a7v2b89411xm51iwixmjp2mp90rnizjgiakx9ajnmqnm";
version = "0.34";
src = fetchFromGitHub {
owner = "qarkai";
repo = "xautoclick";
rev = "v${version}";
sha256 = "GN3zI5LQnVmRC0KWffzUTHKrxcqnstiL55hopwTTwpE=";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ xorg.libX11 xorg.libXtst xorg.xinput xorg.libXi xorg.libXext ]
++ stdenv.lib.optionals gtkSupport [ gtk2 ]
++ stdenv.lib.optionals qtSupport [ qt4 ];
patchPhase = ''
substituteInPlace configure --replace /usr/X11R6 ${xorg.libX11.dev}
'';
preConfigure = stdenv.lib.optional qtSupport ''
mkdir .bin
ln -s ${qt4}/bin/moc .bin/moc-qt4
addToSearchPath PATH .bin
sed -i -e "s@LD=\$_cc@LD=\$_cxx@" configure
'';
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ libevdev xorg.libXtst ]
++ stdenv.lib.optionals gtkSupport [ gtk3 pcre glib wrapGAppsHook ]
++ stdenv.lib.optionals fltkSupport [ fltk ]
++ stdenv.lib.optionals qtSupport [ qt5.qtbase qt5.wrapQtAppsHook ];
meta = with stdenv.lib; {
description = "Autoclicker application, which enables you to automatically click the left mousebutton";
homepage = "http://xautoclick.sourceforge.net";
homepage = "https://github.com/qarkai/xautoclick";
license = licenses.gpl2;
platforms = platforms.linux;
};

4
pkgs/applications/networking/Sylk/default.nix
View file

@ -2,7 +2,7 @@
let
pname = "Sylk";
version = "2.9.1";
version = "2.9.2";
in
appimageTools.wrapType2 rec {
@ -10,7 +10,7 @@ appimageTools.wrapType2 rec {
src = fetchurl {
url = "http://download.ag-projects.com/Sylk/Sylk-${version}-x86_64.AppImage";
hash = "sha256-Y1FR1tYZTxhMFn6NL578otitmOsngMJBPK/9cpCqE/Q=";
hash = "sha256-pfzTeKxY2fs98mgvhzaI/uBbYYkxfnQ+6jQ+gTSeEkA=";
};
profile = ''

4
pkgs/applications/networking/browsers/chromium/common.nix
View file

@ -22,7 +22,7 @@
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
, libva ? null # useVaapi
, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone
, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone
# package customization
, useOzone ? false
@ -146,7 +146,7 @@ let
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ];
patches = [
./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed)

6
pkgs/applications/networking/browsers/firefox/common.nix
View file

@ -9,7 +9,7 @@
, hunspell, libXdamage, libevent, libstartup_notification
, libvpx_1_8
, icu67, libpng, jemalloc, glib
, autoconf213, which, gnused, cargo, rustc
, autoconf213, which, gnused, rustPackages, rustPackages_1_45
, rust-cbindgen, nodejs, nasm, fetchpatch
, gnum4
, debugBuild ? false
@ -102,6 +102,10 @@ let
buildStdenv = if ltoSupport
then overrideCC stdenv llvmPackages.lldClang
else stdenv;
# 78 ESR won't build with rustc 1.47
inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45)
rustc cargo;
in
buildStdenv.mkDerivation ({

2
pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
View file

@ -403,7 +403,7 @@ stdenv.mkDerivation rec {
homepage = "https://www.torproject.org/";
changelog = "https://gitweb.torproject.org/builders/tor-browser-build.git/plain/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt?h=maint-${version}";
platforms = attrNames srcs;
maintainers = with maintainers; [ offline matejc doublec thoughtpolice joachifm hax404 cap KarlJoad ];
maintainers = with maintainers; [ offline matejc thoughtpolice joachifm hax404 cap KarlJoad ];
hydraPlatforms = [];
# MPL2.0+, GPL+, &c. While it's not entirely clear whether
# the compound is "libre" in a strict sense (some components place certain

13
pkgs/applications/networking/browsers/ungoogled-chromium/browser.nix
View file

@ -13,7 +13,7 @@ mkChromiumDerivation (base: rec {
installPhase = ''
mkdir -p "$libExecPath"
cp -v "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/"*.so "$buildPath/"*.pak "$buildPath/"*.bin "$libExecPath/"
cp -v "$buildPath/icudtl.dat" "$libExecPath/"
cp -vLR "$buildPath/locales" "$buildPath/resources" "$libExecPath/"
cp -v "$buildPath/chrome" "$libExecPath/$packageName"
@ -78,17 +78,10 @@ mkChromiumDerivation (base: rec {
'';
homepage = "https://github.com/Eloston/ungoogled-chromium";
maintainers = with maintainers; [ squalus ];
# Overview of the maintainer roles:
# nixos-unstable:
# - TODO: Need a new maintainer for x86_64 [0]
# - @thefloweringash: aarch64
# - @primeos: Provisional maintainer (x86_64)
# Stable channel:
# - TODO (need someone to test backports [0])
# [0]: https://github.com/NixOS/nixpkgs/issues/78450
license = if enableWideVine then licenses.unfree else licenses.bsd3;
platforms = platforms.linux;
hydraPlatforms = if channel == "stable" then ["aarch64-linux" "x86_64-linux"] else [];
timeout = 172800; # 48 hours
timeout = 172800; # 48 hours (increased from the Hydra default of 10h)
broken = channel == "dev"; # Blocked on https://bugs.chromium.org/p/chromium/issues/detail?id=1141896
};
})

132
pkgs/applications/networking/browsers/ungoogled-chromium/common.nix
View file

@ -5,7 +5,7 @@
, libevent, expat, libjpeg, snappy
, libpng, libcap
, xdg_utils, yasm, nasm, minizip, libwebp
, libusb1, pciutils, nss, re2, zlib
, libusb1, pciutils, nss, re2
, python2Packages, perl, pkgconfig
, nspr, systemd, kerberos
@ -13,17 +13,16 @@
, bison, gperf
, glib, gtk3, dbus-glib
, glibc
, xorg
, libXScrnSaver, libXcursor, libXtst, libGLU, libGL
, protobuf, speechd, libXdamage, cups
, ffmpeg_3, libxslt, libxml2, at-spi2-core
, ffmpeg, libxslt, libxml2, at-spi2-core
, jre8
, pipewire_0_2
# optional dependencies
, libgcrypt ? null # gnomeSupport || cupsSupport
, libva ? null # useVaapi
, libdrm ? null, wayland ? null, mesa_drivers ? null, libxkbcommon ? null # useOzone
, libdrm ? null, wayland ? null, mesa ? null, libxkbcommon ? null # useOzone
# package customization
, useOzone ? false
@ -49,8 +48,6 @@ buildFun:
with stdenv.lib;
# see http://www.linuxfromscratch.org/blfs/view/cvs/xsoft/chromium.html
let
jre = jre8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
@ -66,7 +63,7 @@ let
mkGnFlags =
let
# Serialize Nix types into GN types according to this document:
# https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/language.md
# https://source.chromium.org/gn/gn/+/master:docs/language.md
mkGnString = value: "\"${escape ["\"" "$" "\\"] value}\"";
sanitize = value:
if value == true then "true"
@ -78,14 +75,17 @@ let
toFlag = key: value: "${key}=${sanitize value}";
in attrs: concatStringsSep " " (attrValues (mapAttrs toFlag attrs));
# https://source.chromium.org/chromium/chromium/src/+/master:build/linux/unbundle/replace_gn_files.py
gnSystemLibraries = [
"flac" "libwebp" "libxslt" "opus" "snappy" "libpng"
# "zlib" # version 77 reports unresolved dependency on //third_party/zlib:zlib_config
# "libjpeg" # fails with multiple undefined references to chromium_jpeg_*
# "re2" # fails with linker errors
# "ffmpeg" # https://crbug.com/731766
# "harfbuzz-ng" # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
"ffmpeg"
"flac"
"libjpeg"
"libpng"
"libwebp"
"libxslt"
"opus"
"snappy"
"zlib"
];
opusWithCustomModes = libopus.override {
@ -97,11 +97,9 @@ let
libevent expat libjpeg snappy
libpng libcap
xdg_utils minizip libwebp
libusb1 re2 zlib
ffmpeg_3 libxslt libxml2
libusb1 re2
ffmpeg libxslt libxml2
nasm
# harfbuzz # in versions over 63 harfbuzz and freetype are being built together
# so we can't build with one from system and other from source
];
# build paths and release info
@ -135,10 +133,10 @@ let
};
nativeBuildInputs = [
llvmPackages.lldClang.bintools
ninja which python2Packages.python perl pkgconfig
python2Packages.ply python2Packages.jinja2 nodejs
gnutar python2Packages.setuptools
(xorg.xcbproto.override { python = python2Packages.python; })
];
buildInputs = defaultDependencies ++ [
@ -155,36 +153,37 @@ let
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional pulseSupport libpulseaudio
++ optionals useOzone [ libdrm wayland mesa_drivers libxkbcommon ];
++ optionals useOzone [ libdrm wayland mesa.drivers libxkbcommon ];
patches = optionals (versionRange "68" "86") [
./patches/nix_plugin_paths_68.patch
] ++ [
./patches/remove-webp-include-69.patch
./patches/no-build-timestamps.patch
./patches/widevine-79.patch
./patches/dont-use-ANGLE-by-default.patch
# Unfortunately, chromium regularly breaks on major updates and
# then needs various patches backported in order to be compiled with GCC.
# Good sources for such patches and other hints:
# - https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
#
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
patches = [
./patches/no-build-timestamps.patch # Optional patch to use SOURCE_DATE_EPOCH in compute_build_timestamp.py (should be upstreamed)
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
] ++ optionals (useVaapi && versionRange "68" "86") [ # Improvements for the VA-API build:
./patches/enable-vdpau-support-for-nvidia.patch # https://aur.archlinux.org/cgit/aur.git/tree/vdpau-support.patch?h=chromium-vaapi
./patches/enable-video-acceleration-on-linux.patch # Can be controlled at runtime (i.e. without rebuilding Chromium)
] ++ optionals (useVaapi && versionRange "86" "87") [
# Check for enable-accelerated-video-decode on Linux:
(githubPatch "54deb9811ca9bd2327def5c05ba6987b8c7a0897" "11jvxjlkzz1hm0pvfyr88j7z3zbwzplyl5idkx92l2lzv4459c8d")
];
postPatch = optionalString (!versionRange "0" "86") ''
postPatch = ''
# remove unused third-party
for lib in ${toString gnSystemLibraries}; do
if [ -d "third_party/$lib" ]; then
find "third_party/$lib" -type f \
\! -path "third_party/$lib/chromium/*" \
\! -path "third_party/$lib/google/*" \
\! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \
\! -regex '.*\.\(gn\|gni\|isolate\)' \
-delete
fi
done
# Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.):
substituteInPlace native_client/SConstruct \
--replace "#! -*- python -*-" ""
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
'' + ''
substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" ""
if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
fi
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
--replace \
@ -202,11 +201,6 @@ let
'/usr/share/locale/' \
'${glibc}/share/locale/'
substituteInPlace ui/gfx/x/BUILD.gn \
--replace \
'/usr/share/xcb' \
'${xorg.xcbproto}/share/xcb/'
sed -i -e 's@"\(#!\)\?.*xdg-@"\1${xdg_utils}/bin/xdg-@' \
chrome/browser/shell_integration_linux.cc
@ -216,42 +210,20 @@ let
sed -i -e '/libpci_loader.*Load/s!"\(libpci\.so\)!"${pciutils}/lib/\1!' \
gpu/config/gpu_info_collector_linux.cc
sed -i -re 's/([^:])\<(isnan *\()/\1std::\2/g' \
chrome/browser/ui/webui/engagement/site_engagement_ui.cc
sed -i -e '/#include/ {
i #include <algorithm>
:l; n; bl
}' gpu/config/gpu_control_list.cc
# Allow to put extensions into the system-path.
sed -i -e 's,/usr,/run/current-system/sw,' chrome/common/chrome_paths.cc
patchShebangs .
# use our own nodejs
mkdir -p third_party/node/linux/node-linux-x64/bin
ln -s $(which node) third_party/node/linux/node-linux-x64/bin/node
ln -s "$(command -v node)" third_party/node/linux/node-linux-x64/bin/node
# Allow building against system libraries in official builds
sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' tools/generate_shim_headers/generate_shim_headers.py
# remove unused third-party
# in third_party/crashpad third_party/zlib contains just a header-adapter
for lib in ${toString gnSystemLibraries}; do
find -type f -path "*third_party/$lib/*" \
\! -path "*third_party/crashpad/crashpad/third_party/zlib/*" \
\! -path "*third_party/$lib/chromium/*" \
\! -path "*third_party/$lib/google/*" \
\! -path "*base/third_party/icu/*" \
\! -path "*base/third_party/libevent/*" \
\! -regex '.*\.\(gn\|gni\|isolate\|py\)' \
-delete
done
'' + optionalString stdenv.isAarch64 ''
substituteInPlace build/toolchain/linux/BUILD.gn \
--replace 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""'
'' + optionalString stdenv.cc.isClang ''
mkdir -p third_party/llvm-build/Release+Asserts/bin
ln -s ${stdenv.cc}/bin/clang third_party/llvm-build/Release+Asserts/bin/clang
ln -s ${stdenv.cc}/bin/clang++ third_party/llvm-build/Release+Asserts/bin/clang++
ln -s ${llvmPackages.llvm}/bin/llvm-ar third_party/llvm-build/Release+Asserts/bin/llvm-ar
'' + optionalString ungoogled ''
${ungoogler}/utils/prune_binaries.py . ${ungoogler}/pruning.list || echo "some errors"
${ungoogler}/utils/patches.py . ${ungoogler}/patches
@ -259,9 +231,9 @@ let
'';
gnFlags = mkGnFlags ({
use_lld = false;
use_gold = true;
gold_path = "${stdenv.cc}/bin";
custom_toolchain = "//build/toolchain/linux/unbundle:default";
host_toolchain = "//build/toolchain/linux/unbundle:default";
is_official_build = true;
is_debug = false;
proprietary_codecs = false;
@ -283,6 +255,7 @@ let
is_clang = stdenv.cc.isClang;
clang_use_chrome_plugins = false;
blink_symbol_level = 0;
symbol_level = 0;
fieldtrial_testing_like_official_build = true;
# Google API keys, see:
@ -336,8 +309,7 @@ let
# This is to ensure expansion of $out.
libExecPath="${libExecPath}"
python build/linux/unbundle/replace_gn_files.py \
--system-libraries ${toString gnSystemLibraries}
python build/linux/unbundle/replace_gn_files.py --system-libraries ${toString gnSystemLibraries}
${gnChromium}/bin/gn gen --args=${escapeShellArg gnFlags} out/Release | tee gn-gen-outputs.txt
# Fail if `gn gen` contains a WARNING.

28
pkgs/applications/networking/browsers/ungoogled-chromium/default.nix
View file

@ -1,5 +1,5 @@
{ newScope, config, stdenv, fetchurl, makeWrapper
, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils
, glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit
, libva ? null
, pipewire_0_2
@ -14,8 +14,7 @@
, proprietaryCodecs ? true
, enablePepperFlash ? false
, enableWideVine ? false
, useVaapi ? false # Deprecated, use enableVaapi instead!
, enableVaapi ? false # Disabled by default due to unofficial support and issues on radeon
, enableVaapi ? false # Disabled by default due to unofficial support
, ungoogled ? true
, useOzone ? false
, cupsSupport ? true
@ -24,7 +23,7 @@
}:
let
llvmPackages = llvmPackages_10;
llvmPackages = llvmPackages_11;
stdenv = llvmPackages.stdenv;
callPackage = newScope chromium;
@ -39,16 +38,6 @@ let
cupsSupport pulseSupport useOzone;
inherit ungoogled;
# TODO: Remove after we can update gn for the stable channel (backward incompatible changes):
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-05-19";
src = fetchgit {
url = "https://gn.googlesource.com/gn";
rev = "d0a6f072070988e7b038496c4e7d6c562b649732";
sha256 = "0197msabskgfbxvhzq73gc3wlr3n9cr4bzrhy5z5irbvy05lxk17";
};
});
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "86") {
llvmPackages = llvmPackages_11;
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-07-20";
src = fetchgit {
@ -58,8 +47,8 @@ let
};
});
} // lib.optionalAttrs (lib.versionAtLeast upstream-info.version "87") {
llvmPackages = llvmPackages_11;
useOzone = true; # YAY: https://chromium-review.googlesource.com/c/chromium/src/+/2382834 \o/
useVaapi = !stdenv.isAarch64; # TODO: Might be best to not set use_vaapi anymore (default is fine)
gnChromium = gn.overrideAttrs (oldAttrs: {
version = "2020-08-17";
src = fetchgit {
@ -162,13 +151,6 @@ let
''
else browser;
optionalVaapiFlags = if useVaapi # TODO: Remove after 20.09:
then throw ''
Chromium's useVaapi was replaced by enableVaapi and you don't need to pass
"--ignore-gpu-blacklist" anymore (also no rebuilds are required anymore).
'' else lib.optionalString
(!enableVaapi)
"--add-flags --disable-accelerated-video-decode --add-flags --disable-accelerated-video-encode";
in stdenv.mkDerivation {
name = "ungoogled-chromium${suffix}-${version}";
inherit version;
@ -195,7 +177,7 @@ in stdenv.mkDerivation {
eval makeWrapper "${browserBinary}" "$out/bin/chromium" \
--add-flags ${escapeShellArg (escapeShellArg commandLineArgs)} \
${optionalVaapiFlags} \
${lib.optionalString enableVaapi "--add-flags --enable-accelerated-video-decode"} \
${concatMapStringsSep " " getWrapperFlags chromium.plugins.enabled}
ed -v -s "$out/bin/chromium" << EOF

26
pkgs/applications/networking/browsers/ungoogled-chromium/patches/dont-use-ANGLE-by-default.patch
View file

@ -1,26 +0,0 @@
A field trial currently enables the passthrough command decoder, which causes
gl_factory.cc to try kGLImplementationEGLANGLE first, which causes Chromium to fail
to load libGLESv2.so on NixOS. It somehow does not try kGLImplementationDesktopGL,
and so there is no GL support at all.
Revert to using the validating command decoder, which prevents gl_factory.cc
from touching allowed_impls, allowing it to successfully use kGLImplementationDesktopGL.
diff --git a/ui/gl/gl_utils.cc b/ui/gl/gl_utils.cc
index 697cbed5fe2d..8419bdb21a2f 100644
--- a/ui/gl/gl_utils.cc
+++ b/ui/gl/gl_utils.cc
@@ -71,9 +71,10 @@ bool UsePassthroughCommandDecoder(const base::CommandLine* command_line) {
} else if (switch_value == kCmdDecoderValidatingName) {
return false;
} else {
- // Unrecognized or missing switch, use the default.
- return base::FeatureList::IsEnabled(
- features::kDefaultPassthroughCommandDecoder);
+ // Ignore the field trial that enables it; disable it until
+ // gl_factory.cc kGLImplementationEGLANGLE issues are sorted
+ // out on NixOS.
+ return false;
}
}
}

65
pkgs/applications/networking/browsers/ungoogled-chromium/patches/enable-vdpau-support-for-nvidia.patch
View file

@ -1,65 +0,0 @@
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.cc
@@ -641,6 +641,7 @@ void VaapiVideoDecodeAccelerator::AssignPictureBuffers(
// |vpp_vaapi_wrapper_| for VaapiPicture to DownloadFromSurface() the VA's
// internal decoded frame.
if (buffer_allocation_mode_ != BufferAllocationMode::kNone &&
+ buffer_allocation_mode_ != BufferAllocationMode::kWrapVdpau &&
!vpp_vaapi_wrapper_) {
vpp_vaapi_wrapper_ = VaapiWrapper::Create(
VaapiWrapper::kVideoProcess, VAProfileNone,
@@ -665,7 +666,8 @@ void VaapiVideoDecodeAccelerator::AssignPictureBuffers(
PictureBuffer buffer = buffers[i];
buffer.set_size(requested_pic_size_);
std::unique_ptr<VaapiPicture> picture = vaapi_picture_factory_->Create(
- (buffer_allocation_mode_ == BufferAllocationMode::kNone)
+ ((buffer_allocation_mode_ == BufferAllocationMode::kNone) ||
+ (buffer_allocation_mode_ == BufferAllocationMode::kWrapVdpau))
? vaapi_wrapper_
: vpp_vaapi_wrapper_,
make_context_current_cb_, bind_image_cb_, buffer);
@@ -1093,6 +1095,12 @@ VaapiVideoDecodeAccelerator::GetSupportedProfiles() {
VaapiVideoDecodeAccelerator::BufferAllocationMode
VaapiVideoDecodeAccelerator::DecideBufferAllocationMode() {
+ // NVIDIA blobs use VDPAU
+ if (VaapiWrapper::GetImplementationType() == VAImplementation::kNVIDIAVDPAU) {
+ LOG(INFO) << "VA-API driver on VDPAU backend";
+ return BufferAllocationMode::kWrapVdpau;
+ }
+
// TODO(crbug.com/912295): Enable a better BufferAllocationMode for IMPORT
// |output_mode_| as well.
if (output_mode_ == VideoDecodeAccelerator::Config::OutputMode::IMPORT)
--- a/media/gpu/vaapi/vaapi_video_decode_accelerator.h
+++ b/media/gpu/vaapi/vaapi_video_decode_accelerator.h
@@ -204,6 +204,7 @@ class MEDIA_GPU_EXPORT VaapiVideoDecodeAccelerator
// Using |client_|s provided PictureBuffers and as many internally
// allocated.
kNormal,
+ kWrapVdpau,
};
// Decides the concrete buffer allocation mode, depending on the hardware
--- a/media/gpu/vaapi/vaapi_wrapper.cc
+++ b/media/gpu/vaapi/vaapi_wrapper.cc
@@ -131,6 +131,9 @@ media::VAImplementation VendorStringToImplementationType(
} else if (base::StartsWith(va_vendor_string, "Intel iHD driver",
base::CompareCase::SENSITIVE)) {
return media::VAImplementation::kIntelIHD;
+ } else if (base::StartsWith(va_vendor_string, "Splitted-Desktop Systems VDPAU",
+ base::CompareCase::SENSITIVE)) {
+ return media::VAImplementation::kNVIDIAVDPAU;
}
return media::VAImplementation::kOther;
}
--- a/media/gpu/vaapi/vaapi_wrapper.h
+++ b/media/gpu/vaapi/vaapi_wrapper.h
@@ -79,6 +79,7 @@ enum class VAImplementation {
kIntelIHD,
kOther,
kInvalid,
+ kNVIDIAVDPAU,
};
// This class handles VA-API calls and ensures proper locking of VA-API calls

48
pkgs/applications/networking/browsers/ungoogled-chromium/patches/enable-video-acceleration-on-linux.patch
View file

@ -1,48 +0,0 @@
From b2144fd28e09cd52e7a88a62a9d9b54cf9922f9f Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Tue, 14 Apr 2020 14:16:10 +0200
Subject: [PATCH] Enable accelerated video decode on Linux
This will enable accelerated video decode on Linux by default (i.e.
without "--ignore-gpu-blacklist"), but on NixOS we'll provide
"--disable-accelerated-video-decode" and
"--disable-accelerated-video-encode" by default to avoid regressions
(e.g. VA-API doesn't work properly for some radeon drivers).
Video acceleration can then be enabled via:
chromium.override { enableVaapi = true; }
without rebuilding Chromium.
---
gpu/config/software_rendering_list.json | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/gpu/config/software_rendering_list.json b/gpu/config/software_rendering_list.json
index 22712bdbf38f..a06dd19a50e4 100644
--- a/gpu/config/software_rendering_list.json
+++ b/gpu/config/software_rendering_list.json
@@ -336,22 +336,6 @@
]
},
{
- "id": 48,
- "description": "Accelerated video decode is unavailable on Linux",
- "cr_bugs": [137247, 1032907],
- "os": {
- "type": "linux"
- },
- "exceptions": [
- {
- "machine_model_name": ["Chromecast"]
- }
- ],
- "features": [
- "accelerated_video_decode"
- ]
- },
- {
"id": 50,
"description": "Disable VMware software renderer on older Mesa",
"cr_bugs": [145531, 332596, 571899, 629434],
--
2.11.0

61
pkgs/applications/networking/browsers/ungoogled-chromium/patches/nix_plugin_paths_68.patch
View file

@ -1,61 +0,0 @@
diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc
index f4e119d..d9775bd 100644
--- a/chrome/common/chrome_paths.cc
+++ b/chrome/common/chrome_paths.cc
@@ -68,21 +68,14 @@ static base::LazyInstance<base::FilePath>
g_invalid_specified_user_data_dir = LAZY_INSTANCE_INITIALIZER;
// Gets the path for internal plugins.
-bool GetInternalPluginsDirectory(base::FilePath* result) {
-#if defined(OS_MACOSX)
- // If called from Chrome, get internal plugins from a subdirectory of the
- // framework.
- if (base::mac::AmIBundled()) {
- *result = chrome::GetFrameworkBundlePath();
- DCHECK(!result->empty());
- *result = result->Append("Internet Plug-Ins");
- return true;
- }
- // In tests, just look in the module directory (below).
-#endif
-
- // The rest of the world expects plugins in the module directory.
- return base::PathService::Get(base::DIR_MODULE, result);
+bool GetInternalPluginsDirectory(base::FilePath* result,
+ const std::string& ident) {
+ std::string full_env = std::string("NIX_CHROMIUM_PLUGIN_PATH_") + ident;
+ const char* value = getenv(full_env.c_str());
+ if (value == NULL)
+ return base::PathService::Get(base::DIR_MODULE, result);
+ else
+ *result = base::FilePath(value);
}
// Gets the path for bundled implementations of components. Note that these
@@ -272,7 +265,7 @@ bool PathProvider(int key, base::FilePath* result) {
create_dir = true;
break;
case chrome::DIR_INTERNAL_PLUGINS:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "ALL"))
return false;
break;
case chrome::DIR_COMPONENTS:
@@ -280,7 +273,7 @@ bool PathProvider(int key, base::FilePath* result) {
return false;
break;
case chrome::DIR_PEPPER_FLASH_PLUGIN:
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PEPPERFLASH"))
return false;
cur = cur.Append(kPepperFlashBaseDirectory);
break;
@@ -358,7 +351,7 @@ bool PathProvider(int key, base::FilePath* result) {
cur = cur.DirName();
}
#else
- if (!GetInternalPluginsDirectory(&cur))
+ if (!GetInternalPluginsDirectory(&cur, "PNACL"))
return false;
#endif
cur = cur.Append(FILE_PATH_LITERAL("pnacl"));

11
pkgs/applications/networking/browsers/ungoogled-chromium/patches/remove-webp-include-69.patch
View file

@ -1,11 +0,0 @@
--- a/third_party/blink/renderer/platform/image-encoders/image_encoder.cc
+++ b/third_party/blink/renderer/platform/image-encoders/image_encoder.cc
@@ -13,7 +13,7 @@
#include "jpeglib.h" // for JPEG_MAX_DIMENSION
-#include "third_party/libwebp/src/webp/encode.h" // for WEBP_MAX_DIMENSION
+#define WEBP_MAX_DIMENSION 16383
namespace blink {

6
pkgs/applications/networking/browsers/ungoogled-chromium/ungoogled-src.nix
View file

@ -1,6 +1,6 @@
{
"85.0.4183.102" = {
rev = "85.0.4183.102-1";
sha256 = "1mdx4a5zcs3an9yx1jxx4amq8p9rcj0hv76r8y7nz6cpsfgd9n3y";
"86.0.4240.111" = {
rev = "86.0.4240.111-1";
sha256 = "0fkk0lxbvik8q8d5njxmwiam64qz5g74hlb56w24nh5mh1jm59a8";
};
}

18
pkgs/applications/networking/browsers/ungoogled-chromium/upstream-info.json
View file

@ -1,17 +1,17 @@
{
"stable": {
"version": "85.0.4183.102",
"sha256": "032yh1mfwins7a62zw8kwwq8xw1n52a0a93lqz7qlyjaf9sd8s4a",
"sha256bin64": "1i8xaxxnmg80vsia8hxnq58qi9k5nnbrl80d6d23g9lb7dbc9cpm"
"version": "86.0.4240.111",
"sha256": "05y7lwr89awkhvgmwkx3br9j4ap2aypg2wsc0nz8mi7kxc1dnyzj",
"sha256bin64": "10aqiiydw4i3jxnw8xxdgkgcqbfqc67n1fbrg40y54kg0v5dz8l6"
},
"beta": {
"version": "86.0.4240.30",
"sha256": "1isj0zngb72k1hhn3h0s8mccg1cdmppz1mjmg19f2h306farzmzl",
"sha256bin64": "10d8im2adqqnkd6265gngv6xlm5qsz6r13z6cbbchsss0ssr8fxa"
"version": "87.0.4280.27",
"sha256": "0w0asxj7jlsw69cssfia8km4q9cx1c2mliks2rmhf4jk0hsghasm",
"sha256bin64": "1lsx4mhy8nachfb8c9f3mrx5nqw2bi046dqirb4lnv7y80jjjs1k"
},
"dev": {
"version": "87.0.4252.0",
"sha256": "1lxlsdni63zh79hxvpwgmnfn67kgfzhz3yg9bkxghqchqykkz92y",
"sha256bin64": "130hf7b35wcxpw05ddbqq89x10c0kays1vb9qg6xhq3zx2mk6ijw"
"version": "88.0.4298.4",
"sha256": "0ka11gmpkyrmifajaxm66c16hrj3xakdvhjqg04slyp2sv0nlhrl",
"sha256bin64": "0768y31jqbl1znp7yp6mvl5j12xl1nwjkh2l8zdga81q0wz52hh6"
}
}

10
pkgs/applications/networking/cluster/argocd/default.nix
View file

@ -2,24 +2,22 @@
buildGoModule rec {
pname = "argocd";
version = "1.4.2";
commit = "48cced9d925b5bc94f6aa9fa4a8a19b2a59e128a";
version = "1.7.8";
commit = "ef5010c3a0b5e027fd642732d03c5b0391b1e574";
src = fetchFromGitHub {
owner = "argoproj";
repo = "argo-cd";
rev = "v${version}";
sha256 = "01vsyrks1k5yfvrarv8ia0isr7snilr21b7lfiy860si82r2r8hj";
sha256 = "1pwk6mzmlsx43c75wl5lglpxgc2jkgzra4443hwp6n0wfgzajfp4";
};
vendorSha256 = "0r2nh7v00m6zbdnhsgjn01q9pkiz41ckkqgfnpqmkxaqmjz31iyj";
vendorSha256 = "0c5gykijwjrq3cx9qg9hm5j7axccngc1kp5qj3429a2ilw80l8pl";
doCheck = false;
nativeBuildInputs = [ packr ];
patches = [ ./use-go-module.patch ];
buildFlagsArray = ''
-ldflags=
-X github.com/argoproj/argo-cd/common.version=${version}

3058
pkgs/applications/networking/cluster/argocd/use-go-module.patch
View file

File diff suppressed because it is too large Load diff

1
pkgs/applications/networking/cluster/k3s/default.nix
View file

@ -222,6 +222,7 @@ let
in
stdenv.mkDerivation rec {
name = "k3s";
version = k3sVersion;
# Important utilities used by the kubelet, see
# https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494

4
pkgs/applications/networking/cluster/minikube/default.nix
View file

@ -11,7 +11,7 @@
buildGoModule rec {
pname = "minikube";
version = "1.14.1";
version = "1.14.2";
vendorSha256 = "057mlmja3mygfdf0cp0bcm0chq7s30bjcs5hqacwl6c79ivrjf89";
@ -21,7 +21,7 @@ buildGoModule rec {
owner = "kubernetes";
repo = "minikube";
rev = "v${version}";
sha256 = "000i30qsjx1h2x6b8vb5piq9lhjrz5hj9wza7gxsrzsf2z9rhryg";
sha256 = "1fidvfm9x3rbqfjn9zm5kx9smk94dmjm4gb98rrdmgsld5fg99xj";
};
nativeBuildInputs = [ go-bindata installShellFiles pkg-config which ];

4
pkgs/applications/networking/cluster/nomad/0.11.nix
View file

@ -2,6 +2,6 @@
callPackage ./generic.nix {
inherit buildGoPackage;
version = "0.11.4";
sha256 = "1sykp9sji6f564s7bz0cvnr9w5x92n0l1r1djf1bl7jvv2mi1mcb";
version = "0.11.6";
sha256 = "09ym9fd4fp2461ddhrb5nlz8l24iq4hsbqikzc21ainagq2g1azf";
}

4
pkgs/applications/networking/cluster/nomad/0.12.nix
View file

@ -2,6 +2,6 @@
callPackage ./generic.nix {
inherit buildGoPackage;
version = "0.12.3";
sha256 = "100ynhc4nm4mmjxx1jhq2kjbqshxvi5x8y482520j8gsyn40g6zc";
version = "0.12.7";
sha256 = "0y1nwmpc4fqgjyb19n1f2w4y5k7fy4p68v2vnnry11nj3im7ia14";
}

8
pkgs/applications/networking/cluster/starboard/default.nix
View file

@ -2,16 +2,18 @@
buildGoModule rec {
pname = "starboard";
version = "0.5.0";
version = "0.6.0";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
sha256 = "12vfxnny3giirdf1xhacy24dvy5zm7iil6h019s0l63876vingnc";
sha256 = "00d3cnd3n6laa6rphw5w9xk8slpp4a603vzhixzg01sghq26gy22";
};
vendorSha256 = "0hj7h58j0v98plrqfldq59d084j76aiy82mfm8zi0vcqg6gxf4pb";
vendorSha256 = "0y816r75rp1a4rp7j0a8wzrfi2mdf4ji1vz2vaj5s7x9ik6rc13r";
subPackages = [ "cmd/starboard" ];
doCheck = false;

4
pkgs/applications/networking/instant-messengers/skypeforlinux/default.nix
View file

@ -7,7 +7,7 @@ let
# Please keep the version x.y.0.z and do not update to x.y.76.z because the
# source of the latter disappears much faster.
version = "8.65.0.78";
version = "8.66.0.74";
rpath = stdenv.lib.makeLibraryPath [
alsaLib
@ -65,7 +65,7 @@ let
"https://mirror.cs.uchicago.edu/skype/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
"https://web.archive.org/web/https://repo.skype.com/deb/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
];
sha256 = "04qcpz3w2clpa23axh0xx68rm792d2l029r3wy1hfzbxd51z09lh";
sha256 = "11bpzr3j6fa5x62xrx2q2sr1wxjrn0a37053j4prxjcvdrc5in8f";
}
else
throw "Skype for linux is not supported on ${stdenv.hostPlatform.system}";

19
pkgs/applications/networking/instant-messengers/slack/default.nix
View file

@ -39,9 +39,16 @@ let
throwSystem = throw "Unsupported system: ${system}";
pname = "slack";
x86_64-darwin-version = "4.10.3";
x86_64-darwin-sha256 = "0r77l57vr603xamich4h4gbdd5vdcj0sjs6yjpymfx9s0f98v8bb";
x86_64-linux-version = "4.10.3";
x86_64-linux-sha256 = "1gnjj2iyk8cwjajg8h9qpmzx10j4qjxjzciq8csg45qfzwkr3drf";
version = {
x86_64-darwin = "4.10.3";
x86_64-linux = "4.10.3";
x86_64-darwin = x86_64-darwin-version;
x86_64-linux = x86_64-linux-version;
}.${system} or throwSystem;
src = let
@ -49,11 +56,11 @@ let
in {
x86_64-darwin = fetchurl {
url = "${base}/releases/macos/${version}/prod/x64/Slack-${version}-macOS.dmg";
sha256 = "0r77l57vr603xamich4h4gbdd5vdcj0sjs6yjpymfx9s0f98v8bb";
sha256 = x86_64-darwin-sha256;
};
x86_64-linux = fetchurl {
url = "${base}/linux_releases/slack-desktop-${version}-amd64.deb";
sha256 = "1gnjj2iyk8cwjajg8h9qpmzx10j4qjxjzciq8csg45qfzwkr3drf";
sha256 = x86_64-linux-sha256;
};
}.${system} or throwSystem;
@ -68,6 +75,8 @@ let
linux = stdenv.mkDerivation rec {
inherit pname version src meta;
passthru.updateScript = ./update.sh;
rpath = stdenv.lib.makeLibraryPath [
alsaLib
at-spi2-atk
@ -152,6 +161,8 @@ let
darwin = stdenv.mkDerivation {
inherit pname version src meta;
passthru.updateScript = ./update.sh;
nativeBuildInputs = [ undmg ];
sourceRoot = "Slack.app";

41
pkgs/applications/networking/instant-messengers/slack/update.sh Executable file
View file

@ -0,0 +1,41 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p curl gnused
set -eou pipefail
latest_linux_version=$(curl --silent https://slack.com/downloads/linux | sed -n 's/.*Version \([0-9\.]\+\).*/\1/p')
latest_mac_version=$(curl --silent https://slack.com/downloads/mac | sed -n 's/.*Version \([0-9\.]\+\).*/\1/p')
# Double check that the latest mac and linux versions are in sync.
if [[ "$latest_linux_version" != "$latest_mac_version" ]]; then
echo "the latest linux ($latest_linux_version) and mac ($latest_mac_version) versions are not the same"
exit 1
fi
nixpkgs="$(git rev-parse --show-toplevel)"
slack_nix="$nixpkgs/pkgs/applications/networking/instant-messengers/slack/default.nix"
nixpkgs_linux_version=$(cat "$slack_nix" | sed -n 's/.*x86_64-linux-version = \"\([0-9\.]\+\)\";.*/\1/p')
nixpkgs_mac_version=$(cat "$slack_nix" | sed -n 's/.*x86_64-darwin-version = \"\([0-9\.]\+\)\";.*/\1/p')
if [[ "$nixpkgs_linux_version" == "$latest_linux_version" && "$nixpkgs_mac_version" == "$latest_mac_version" ]]; then
echo "nixpkgs versions are all up to date!"
exit 0
fi
linux_url="https://downloads.slack-edge.com/linux_releases/slack-desktop-${latest_linux_version}-amd64.deb"
mac_url="https://downloads.slack-edge.com/releases/macos/${latest_mac_version}/prod/x64/Slack-${latest_mac_version}-macOS.dmg"
linux_sha256=$(nix-prefetch-url ${linux_url})
mac_sha256=$(nix-prefetch-url ${mac_url})
sed -i "s/x86_64-linux-version = \".*\"/x86_64-linux-version = \"${latest_linux_version}\"/" "$slack_nix"
sed -i "s/x86_64-darwin-version = \".*\"/x86_64-darwin-version = \"${latest_mac_version}\"/" "$slack_nix"
sed -i "s/x86_64-linux-sha256 = \".*\"/x86_64-linux-sha256 = \"${linux_sha256}\"/" "$slack_nix"
sed -i "s/x86_64-darwin-sha256 = \".*\"/x86_64-darwin-sha256 = \"${mac_sha256}\"/" "$slack_nix"
if ! nix-build -A slack "$nixpkgs"; then
echo "The updated slack failed to build."
exit 1
fi
echo "Successfully updated"
echo "slack: $nixpkgs_linux_version -> $latest_linux_version"

2
pkgs/applications/networking/instant-messengers/teams/default.nix
View file

@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
mv share $out/share
substituteInPlace $out/share/applications/teams.desktop \
--replace /usr/bin/ $out/bin/
--replace /usr/bin/ ""
ln -s $out/opt/teams/teams $out/bin/

4
pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
View file

@ -22,12 +22,12 @@ let
in mkDerivation rec {
pname = "telegram-desktop";
version = "2.4.6";
version = "2.4.7";
# Telegram-Desktop with submodules
src = fetchurl {
url = "https://github.com/telegramdesktop/tdesktop/releases/download/v${version}/tdesktop-${version}-full.tar.gz";
sha256 = "190k9ik678br5k892gj26bx4rbj5rn5ks4qgf2nrlgww0z59fvrc";
sha256 = "1j2v29952l0am357pqvvgzm2zghmwhlr833kgp85hssxpr9xy4vv";
};
postPatch = ''

8
pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
View file

@ -22,13 +22,13 @@ let
pname = "wire-desktop";
version = {
x86_64-darwin = "3.20.3912";
x86_64-linux = "3.20.2934";
x86_64-darwin = "3.21.3959";
x86_64-linux = "3.21.2936";
}.${system} or throwSystem;
sha256 = {
x86_64-darwin = "1crkdqzq3iccxbrqlrar4ai43qzjsgd4hvcajgzmz2y33f30xgqr";
x86_64-linux = "0z6vrhzrhrrnl3swjbxrbl1dhk2fx86s45n2z2in2shdlv08dcx7";
x86_64-darwin = "0fgzzqf1wnkjbcr0j0vjn6sggkz0z1kx6w4gi7gk4c4markdicm1";
x86_64-linux = "033804nkz1fdmq3p8iplrlx708x1fjlr09bmrpy36lqg5h7m3yd6";
}.${system} or throwSystem;
meta = with stdenv.lib; {

76
pkgs/applications/networking/mailreaders/bubblemail/default.nix Normal file
View file

@ -0,0 +1,76 @@
{ lib
, fetchFromGitLab
, gettext
, gtk3
, python3Packages
, gdk-pixbuf
, libnotify
, gst_all_1
, libsecret
, wrapGAppsHook
, gsettings-desktop-schemas
, gnome-online-accounts
, glib
, gobject-introspection
, folks
}:
python3Packages.buildPythonApplication rec {
pname = "bubblemail";
version = "1.3";
src = fetchFromGitLab {
domain = "framagit.org";
owner = "razer";
repo = "bubblemail";
rev = "v${version}";
sha256 = "FEIdEoZBlM28F5kSMoln7KACwetb8hp+qix1P+DIE8k=";
};
buildInputs = [
gtk3
gdk-pixbuf
glib
libnotify
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-bad
libsecret
gnome-online-accounts
folks
];
nativeBuildInputs = [
gettext
wrapGAppsHook
python3Packages.pillow
# For setup-hook
gobject-introspection
];
propagatedBuildInputs = with python3Packages; [
gsettings-desktop-schemas
pygobject3
dbus-python
pyxdg
];
# See https://nixos.org/nixpkgs/manual/#ssec-gnome-common-issues-double-wrapped
dontWrapGApps = true;
# https://github.com/NixOS/nixpkgs/issues/56943
strictDeps = false;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
description = "An extensible mail notification service.";
homepage = "http://bubblemail.free.fr/";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ doronbehar ];
};
}

Some files were not shown because too many files have changed in this diff Show more