b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2022-07-22 12:01:35 +00:00 committed by GitHub
parent 206abeaeaa 75feaefc59
commit a3ba713cd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 143 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/types.nix
View file

@ -55,6 +55,7 @@ let
concatMapStringsSep
concatStringsSep
escapeNixString
hasInfix
isCoercibleToString
;
inherit (lib.trivial)
@ -360,6 +361,11 @@ rec {
deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types.";
};
passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
name = "passwdEntry ${entryType.name}";
description = "${entryType.description}, not containing newlines or colons";
};
attrs = mkOptionType {
name = "attrs";
description = "attribute set";

16
nixos/modules/config/users-groups.nix
View file

@ -6,12 +6,6 @@ let
ids = config.ids;
cfg = config.users;
isPasswdCompatible = str: !(hasInfix ":" str || hasInfix "\n" str);
passwdEntry = type: lib.types.addCheck type isPasswdCompatible // {
name = "passwdEntry ${type.name}";
description = "${type.description}, not containing newlines or colons";
};
# Check whether a password hash will allow login.
allowsLogin = hash:
hash == "" # login without password
@ -60,7 +54,7 @@ let
options = {
name = mkOption {
type = passwdEntry types.str;
type = types.passwdEntry types.str;
apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
description = ''
The name of the user account. If undefined, the name of the
@ -69,7 +63,7 @@ let
};
description = mkOption {
type = passwdEntry types.str;
type = types.passwdEntry types.str;
default = "";
example = "Alice Q. User";
description = ''
@ -134,7 +128,7 @@ let
};
home = mkOption {
type = passwdEntry types.path;
type = types.passwdEntry types.path;
default = "/var/empty";
description = "The user's home directory.";
};
@ -169,7 +163,7 @@ let
};
shell = mkOption {
type = types.nullOr (types.either types.shellPackage (passwdEntry types.path));
type = types.nullOr (types.either types.shellPackage (types.passwdEntry types.path));
default = pkgs.shadow;
defaultText = literalExpression "pkgs.shadow";
example = literalExpression "pkgs.bashInteractive";
@ -349,7 +343,7 @@ let
options = {
name = mkOption {
type = passwdEntry types.str;
type = types.passwdEntry types.str;
description = ''
The name of the group. If undefined, the name of the attribute set
will be used.

35
nixos/modules/services/mail/mailman.nix
View file

@ -44,7 +44,13 @@ let
transport_file_type: hash
'';
mailmanCfg = lib.generators.toINI {} cfg.settings;
mailmanCfg = lib.generators.toINI {}
(recursiveUpdate cfg.settings
((optionalAttrs (cfg.restApiPassFile != null) {
webservice.admin_pass = "#NIXOS_MAILMAN_REST_API_PASS_SECRET#";
})));
mailmanCfgFile = pkgs.writeText "mailman-raw.cfg" mailmanCfg;
mailmanHyperkittyCfg = pkgs.writeText "mailman-hyperkitty.cfg" ''
[general]
@ -247,6 +253,14 @@ in {
'';
};
restApiPassFile = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
Path to the file containing the value for <literal>MAILMAN_REST_API_PASS</literal>.
'';
};
serve = {
enable = mkEnableOption "Automatic nginx and uwsgi setup for mailman-web";
};
@ -363,8 +377,6 @@ in {
};
users.groups.mailman = {};
environment.etc."mailman.cfg".text = mailmanCfg;
environment.etc."mailman3/settings.py".text = ''
import os
@ -383,6 +395,11 @@ in {
with open('/var/lib/mailman-web/settings_local.json') as f:
globals().update(json.load(f))
${optionalString (cfg.restApiPassFile != null) ''
with open('${cfg.restApiPassFile}') as f:
MAILMAN_REST_API_PASS = f.read().rstrip('\n')
''}
${optionalString (cfg.ldap.enable) ''
import ldap
from django_auth_ldap.config import LDAPSearch, ${cfg.ldap.groupSearch.type}
@ -456,7 +473,7 @@ in {
after = [ "network.target" ]
++ lib.optional cfg.enablePostfix "postfix-setup.service"
++ lib.optional withPostgresql "postgresql.service";
restartTriggers = [ config.environment.etc."mailman.cfg".source ];
restartTriggers = [ mailmanCfgFile ];
requires = optional withPostgresql "postgresql.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
@ -480,6 +497,14 @@ in {
requires = optional withPostgresql "postgresql.service";
serviceConfig.Type = "oneshot";
script = ''
install -m0750 -o mailman -g mailman ${mailmanCfgFile} /etc/mailman.cfg
${optionalString (cfg.restApiPassFile != null) ''
${pkgs.replace-secret}/bin/replace-secret \
'#NIXOS_MAILMAN_REST_API_PASS_SECRET#' \
${cfg.restApiPassFile} \
/etc/mailman.cfg
''}
mailmanDir=/var/lib/mailman
mailmanWebDir=/var/lib/mailman-web
@ -560,7 +585,7 @@ in {
mailman-daily = {
description = "Trigger daily Mailman events";
startAt = "daily";
restartTriggers = [ config.environment.etc."mailman.cfg".source ];
restartTriggers = [ mailmanCfgFile ];
serviceConfig = {
ExecStart = "${mailmanEnv}/bin/mailman digests --send";
User = "mailman";

57
nixos/modules/services/web-apps/atlassian/confluence.nix
View file

@ -8,21 +8,22 @@ let
pkg = cfg.package.override (optionalAttrs cfg.sso.enable {
enableSSO = cfg.sso.enable;
crowdProperties = ''
application.name ${cfg.sso.applicationName}
application.password ${cfg.sso.applicationPassword}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
});
crowdProperties = pkgs.writeText "crowd.properties" ''
application.name ${cfg.sso.applicationName}
application.password ${if cfg.sso.applicationPassword != null then cfg.sso.applicationPassword else "@NIXOS_CONFLUENCE_CROWD_SSO_PWD@"}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
in
{
@ -107,10 +108,17 @@ in
};
applicationPassword = mkOption {
type = types.str;
type = types.nullOr types.str;
default = null;
description = "Application password of this Confluence instance in Crowd";
};
applicationPasswordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to the application password for Crowd of Confluence.";
};
validationInterval = mkOption {
type = types.int;
default = 2;
@ -147,6 +155,16 @@ in
group = cfg.group;
};
assertions = [
{ assertion = cfg.sso.enable -> ((cfg.sso.applicationPassword == null) != (cfg.sso.applicationPasswordFile));
message = "Please set either applicationPassword or applicationPasswordFile";
}
];
warnings = mkIf (cfg.sso.enable && cfg.sso.applicationPassword != null) [
"Using `services.confluence.sso.applicationPassword` is deprecated! Use `applicationPasswordFile` instead!"
];
users.groups.${cfg.group} = {};
systemd.tmpfiles.rules = [
@ -173,6 +191,7 @@ in
CONF_USER = cfg.user;
JAVA_HOME = "${cfg.jrePackage}";
CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
JAVA_OPTS = mkIf cfg.sso.enable "-Dcrowd.properties=${cfg.home}/crowd.properties";
};
preStart = ''
@ -183,6 +202,16 @@ in
-e 's,protocol="org.apache.coyote.http11.Http11NioProtocol",protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}",' \
'') + ''
${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml
${optionalString cfg.sso.enable ''
install -m660 ${crowdProperties} ${cfg.home}/crowd.properties
${optionalString (cfg.sso.applicationPasswordFile != null) ''
${pkgs.replace-secret}/bin/replace-secret \
'@NIXOS_CONFLUENCE_CROWD_SSO_PWD@' \
${cfg.sso.applicationPasswordFile} \
${cfg.home}/crowd.properties
''}
''}
'';
serviceConfig = {

2
nixos/modules/system/boot/systemd/initrd.nix
View file

@ -192,7 +192,7 @@ in {
};
emergencyAccess = mkOption {
type = with types; oneOf [ bool singleLineStr ];
type = with types; oneOf [ bool (nullOr (passwdEntry str)) ];
visible = false;
description = ''
Set to true for unauthenticated emergency access, and false for

6
pkgs/applications/blockchains/lightning-loop/default.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "lightning-loop";
version = "0.19.1-beta";
version = "0.20.0-beta";
src = fetchFromGitHub {
owner = "lightninglabs";
repo = "loop";
rev = "v${version}";
sha256 = "08jn1ybh9l9qy4j9b3psvgk7b869aaabpxh73v81980qflb9snnc";
sha256 = "1nx7i4i96982z756r79655hjf0yyz5l9lqjkvyvb62pbzqgm6my8";
};
vendorSha256 = "0wirlf43jl888bh2qxis1ihsr1g2lp2rx7p100dsb3imqbm25q3b";
vendorSha256 = "0gp89fw6g8mz2ifn9wcbj84dgm736cspfxj2x34b524l2d8wz3lb";
subPackages = [ "cmd/loop" "cmd/loopd" ];

2
pkgs/applications/networking/irc/weechat/scripts/default.nix
View file

@ -11,6 +11,8 @@
url_hint = callPackage ./url_hint { };
weechat-grep = callPackage ./weechat-grep { };
weechat-matrix-bridge = callPackage ./weechat-matrix-bridge {
inherit (luaPackages) cjson luaffi;
};

10
pkgs/applications/networking/irc/weechat/scripts/weechat-autosort/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "weechat-autosort";
version = "3.8";
version = "3.9";
src = fetchFromGitHub {
owner = "de-vri-es";
repo = pname;
rev = version;
sha256 = "0a2gc8nhklvlivradhqy2pkymsqyy01pvzrmwg60cln8snmcqpd5";
rev = "d62fa8633015ebc2676060fcdae88c402977be46";
sha256 = "sha256-doYDRIWiuHam2i3r3J3BZuWEhopoN4jms/xPXGyypok=";
};
passthru.scripts = [ "autosort.py" ];
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Autosort is a weechat script to automatically or manually keep your buffers sorted";
homepage = "https://github.com/de-vri-es/weechat-autosort";
license = licenses.gpl3;
maintainers = with maintainers; [ emily ];
license = licenses.gpl3Plus;
maintainers = with maintainers; [ emily flokli ];
};
}

29
pkgs/applications/networking/irc/weechat/scripts/weechat-grep/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, stdenv, fetchurl }:
stdenv.mkDerivation rec {
pname = "weechat-grep";
version = "0.8.5";
src = fetchurl {
url = "https://github.com/weechat/scripts/raw/5ee93d56f371c829d2798a5446a14292c180f70b/python/grep.py";
sha256 = "sha256-EVcoxjTTjXOYD8DppD+IULxpKerEdolmlgphrulFGC0=";
};
dontUnpack = true;
installPhase = ''
mkdir -p $out/share
cp $src $out/share/grep.py
'';
passthru = {
scripts = [ "grep.py" ];
};
meta = with lib; {
description = "Search in Weechat buffers and logs (for Weechat 0.3.*)";
homepage = "https://github.com/weechat/scripts/blob/master/python/grep.py";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ flokli ];
};
}

16
pkgs/development/libraries/libdigidocpp/default.nix
View file

@ -2,26 +2,14 @@
, xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
stdenv.mkDerivation rec {
version = "3.14.8";
version = "3.14.10";
pname = "libdigidocpp";
src = fetchurl {
url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=";
hash = "sha256-n/+R4ho1Qcft3YSKE12oxZjbFHAsUDwoLFNuk5GXf5c=";
};
patches = [
(fetchpatch {
# fix runtime crashes when signing with OpenSSL>1.1.1l
# https://github.com/open-eid/libdigidocpp/issues/474 asks for a new release
url = "https://github.com/open-eid/libdigidocpp/commit/42a8cfd834c10bdd206fe784a13217df222b1c8e.patch";
sha256 = "sha256-o3ZT0dXhIu79C5ZR+2HPdLMZ3YwPG1v3vly5bseuxtU=";
excludes = [
".github/workflows/build.yml" # failed hunk
];
})
];
nativeBuildInputs = [ cmake pkg-config xxd ];
buildInputs = [

4
pkgs/development/python-modules/jupyterlab/default.nix
View file

@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "jupyterlab";
version = "3.4.3";
version = "3.4.4";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-4tzEDpQ2bd5d5LGejEPuEzzwQbhS0Bo2JafPKVMtpJ0=";
sha256 = "sha256-WioP3SK9hiitRbYY41IDh8MqSBjjrxEtutH2STBN/CA=";
};
nativeBuildInputs = [

6
pkgs/development/python-modules/python-manilaclient/default.nix
View file

@ -23,14 +23,12 @@
buildPythonApplication rec {
pname = "python-manilaclient";
version = "3.4.0";
version = "4.0.0";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
hash = "sha256-F41/k7NJigwFNw2946sj3dZDKDH+PkgOjkml9t3Mgtw=";
hash = "sha256-TEGzUNgYTkb2VrvW2E3lurD6N1XcIhH2tjmPlsJ/5MI=";
};
nativeBuildInputs = [

13
pkgs/servers/atlassian/confluence.nix
View file

@ -6,7 +6,14 @@
assert withMysql -> (mysql_jdbc != null);
stdenvNoCC.mkDerivation rec {
let
optionalWarning = cond: msg:
if cond then lib.warn msg
else lib.id;
in
optionalWarning (crowdProperties != null) "Using `crowdProperties` is deprecated!"
(stdenvNoCC.mkDerivation rec {
pname = "atlassian-confluence";
version = "7.18.1";
@ -45,6 +52,6 @@ stdenvNoCC.mkDerivation rec {
homepage = "https://www.atlassian.com/software/confluence";
sourceProvenance = with sourceTypes; [ binaryBytecode ];
license = licenses.unfree;
maintainers = with maintainers; [ fpletz globin willibutz ciil techknowlogick ];
maintainers = with maintainers; [ fpletz globin willibutz ciil techknowlogick ma27 ];
};
}
})

6
pkgs/tools/misc/vimv-rs/default.nix
View file

@ -2,15 +2,15 @@
rustPlatform.buildRustPackage rec {
pname = "vimv-rs";
version = "1.7.5";
version = "1.7.7";
src = fetchCrate {
inherit version;
crateName = "vimv";
sha256 = "sha256-VOHQLdwJ6c8KB/IjMDZe9/pNHmLuouNggIK8uJPu+NQ=";
sha256 = "sha256-Y8xFoI/1zpaeT9jMuOME/g2vTLenhNSwGepncc1Ji+0=";
};
cargoHash = "sha256-qXT44h4f4Zw1bi/gblczxehA6hqLLjQBpSwVpYd0PE4=";
cargoHash = "sha256-yJHOeIjbWQTxLkkVv+YALrAhP5HBZpmbPDiLd+/bWZA=";
buildInputs = lib.optionals stdenv.isDarwin [ Foundation ];