b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into love-cleanup

Browse source
This commit is contained in:
Jörg Thalheim 2022-01-19 05:53:49 +00:00 committed by GitHub
parent cf1d0dd79d 940d182e40
commit bae5930da8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
539 changed files with 8534 additions and 4361 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/languages-frameworks/dotnet.section.md
View file

@ -84,7 +84,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila
<ProjectReference Include="../foo/bar.fsproj" />
<PackageReference Include="bar" Version="*" Condition=" '$(ContinuousIntegrationBuild)'=='true' "/>
```
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`.
* `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`. This gets done in the `preFixup` phase.
* `runtimeDeps` is used to wrap libraries into `LD_LIBRARY_PATH`. This is how dotnet usually handles runtime dependencies.
* `buildType` is used to change the type of build. Possible values are `Release`, `Debug`, etc. By default, this is set to `Release`.
* `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used.

22
lib/asserts.nix
View file

@ -2,35 +2,33 @@
rec {
/* Print a trace message if pred is false.
/* Throw if pred is false, else return pred.
Intended to be used to augment asserts with helpful error messages.
Example:
assertMsg false "nope"
=> false
stderr> trace: nope
stderr> error: nope
assert (assertMsg ("foo" == "bar") "foo is not bar, silly"); ""
stderr> trace: foo is not bar, silly
stderr> assert failed at
assert assertMsg ("foo" == "bar") "foo is not bar, silly"; ""
stderr> error: foo is not bar, silly
Type:
assertMsg :: Bool -> String -> Bool
*/
# TODO(Profpatsch): add tests that check stderr
assertMsg = pred: msg:
if pred
then true
else builtins.trace msg false;
pred || builtins.throw msg;
/* Specialized `assertMsg` for checking if val is one of the elements
of a list. Useful for checking enums.
Example:
let sslLibrary = "libressl"
let sslLibrary = "libressl";
in assertOneOf "sslLibrary" sslLibrary [ "openssl" "bearssl" ]
=> false
stderr> trace: sslLibrary must be one of "openssl", "bearssl", but is: "libressl"
stderr> error: sslLibrary must be one of [
stderr> "openssl"
stderr> "bearssl"
stderr> ], but is: "libressl"
Type:
assertOneOf :: String -> ComparableVal -> List ComparableVal -> Bool

37
maintainers/maintainer-list.nix
View file

@ -1950,6 +1950,12 @@
githubId = 543423;
name = "Alex Wied";
};
cfhammill = {
email = "cfhammill@gmail.com";
github = "cfhammill";
githubId = 7467038;
name = "Chris Hammill";
};
cfouche = {
email = "chaddai.fouche@gmail.com";
github = "Chaddai";
@ -4250,6 +4256,16 @@
githubId = 1313787;
name = "Gabriel Gonzalez";
};
gador = {
email = "florian.brandes@posteo.de";
github = "gador";
githubId = 1883533;
name = "Florian Brandes";
keys = [{
longkeyid = "rsa4096/0xBBB3E40E53797FD9";
fingerprint = "0200 3EF8 8D2B CF2D 8F00 FFDC BBB3 E40E 5379 7FD9";
}];
};
gal_bolle = {
email = "florent.becker@ens-lyon.org";
github = "FlorentBecker";
@ -4449,6 +4465,16 @@
githubId = 1621335;
name = "Andrew Trachenko";
};
gordias = {
name = "Gordias";
email = "gordias@disroot.org";
github = "NotGordias";
githubId = 94724133;
keys = [{
longkeyid = "ed25519/0x5D47284830FAA4FA";
fingerprint = "C006 B8A0 0618 F3B6 E0E4 2ECD 5D47 2848 30FA A4FA";
}];
};
govanify = {
name = "Gauvain 'GovanifY' Roussel-Tarbouriech";
email = "gauvain@govanify.com";
@ -8498,10 +8524,10 @@
name = "Xinhao Luo";
};
newam = {
email = "alexmgit@protonmail.com";
email = "alex@thinglab.org";
github = "newAM";
githubId = 7845120;
name = "Alex M.";
name = "Alex Martens";
};
nikitavoloboev = {
email = "nikita.voloboev@gmail.com";
@ -9814,6 +9840,13 @@
githubId = 1016742;
name = "Rafael García";
};
raitobezarius = {
email = "ryan@lahfa.xyz";
matrix = "@raitobezarius:matrix.org";
github = "RaitoBezarius";
githubId = 314564;
name = "Ryan Lahfa";
};
raquelgb = {
email = "raquel.garcia.bautista@gmail.com";
github = "raquelgb";

122
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -32,10 +32,14 @@
</listitem>
<listitem>
<para>
Mattermost has been updated to version 6.2. Migrations may
take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release">upgrade
notes</link>.
Mattermost has been updated to extended support release 6.3,
as the previously packaged extended support release 5.37 is
<link xlink:href="https://docs.mattermost.com/upgrade/extended-support-release.html">reaching
its end of life</link>. Migrations may take a while, see the
<link xlink:href="https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release">changelog</link>
and
<link xlink:href="https://docs.mattermost.com/upgrade/important-upgrade-notes.html">important
upgrade notes</link>.
</para>
</listitem>
</itemizedlist>
@ -165,6 +169,14 @@
<link xlink:href="options.html#opt-services.timetagger.enable">services.timetagger</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.rstudio.com/products/rstudio/#rstudio-server">rstudio-server</link>,
a browser-based version of the RStudio IDE for the R
programming language. Available as
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -357,6 +369,57 @@
<literal>~/.local/share/polymc/polymc.cfg</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
favor of <literal>pkgs.noto-fonts-cjk-sans</literal> and
<literal>pkgs.noto-fonts-cjk-serif</literal> because they each
have different release schedules. To maintain compatibility
with prior releases of Nixpkgs,
<literal>pkgs.noto-fonts-cjk</literal> is currently an alias
of <literal>pkgs.noto-fonts-cjk-sans</literal> and doesnt
include serif fonts.
</para>
</listitem>
<listitem>
<para>
The interface that allows activation scripts to restart units
has been reworked. Restarting and reloading is now done by a
single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.cacheDir</literal> option has
been removed, since the cache directory is now handled by
systemd.
</para>
</listitem>
<listitem>
<para>
The <literal>services.bookstack.extraConfig</literal> option
has been replaced by
<literal>services.bookstack.config</literal> which implements
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">settings-style</link>
configuration.
</para>
</listitem>
<listitem>
<para>
<literal>lib.assertMsg</literal> and
<literal>lib.assertOneOf</literal> no longer return
<literal>false</literal> if the passed condition is
<literal>false</literal>, <literal>throw</literal>ing the
given error message instead (which makes the resulting error
message less cluttered). This will not impact the behaviour of
code using these functions as intended, namely as top-level
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
@ -500,6 +563,14 @@
renamed to <literal>linux-firmware</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>services.mbpfan</literal> module was converted to
a
<link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> configuration.
</para>
</listitem>
<listitem>
<para>
A new module was added for the
@ -509,6 +580,49 @@
<literal>programs.starship.settings</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
</para>
</listitem>
<listitem>
<para>
The <literal>zrepl</literal> package has been updated from
0.4.0 to 0.5:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The RPC protocol version was bumped; all zrepl daemons in
a setup must be updated and restarted before replication
can resume.
</para>
</listitem>
<listitem>
<para>
A bug involving encrypt-on-receive has been fixed. Read
the
<link xlink:href="https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder">zrepl
documentation</link> and check the output of
<literal>zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS</literal>
on the receiver.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Renamed option
<literal>services.openssh.challengeResponseAuthentication</literal>
to
<literal>services.openssh.kbdInteractiveAuthentication</literal>.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a
warning.
</para>
</listitem>
</itemizedlist>
</section>
</section>

44
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -13,8 +13,9 @@ In addition to numerous new and upgraded packages, this release has the followin
- PHP 8.1 is now available
- Mattermost has been updated to version 6.2. Migrations may take a while,
see the [upgrade notes](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6.2-feature-release).
- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html).
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
## New Services {#sec-release-22.05-new-services}
@ -50,6 +51,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable).
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
@ -111,6 +116,26 @@ In addition to numerous new and upgraded packages, this release has the followin
- MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`.
- `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans`
and `pkgs.noto-fonts-cjk-serif` because they each have different release
schedules. To maintain compatibility with prior releases of Nixpkgs,
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
doesn't include serif fonts.
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
- The `services.bookstack.cacheDir` option has been removed, since the
cache directory is now handled by systemd.
- The `services.bookstack.extraConfig` option has been replaced by
`services.bookstack.config` which implements a
[settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md)
configuration.
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.05-notable-changes}
- The option [services.redis.servers](#opt-services.redis.servers) was added
@ -173,5 +198,20 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `firmwareLinuxNonfree` package has been renamed to `linux-firmware`.
- The `services.mbpfan` module was converted to a [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
providing the options `programs.starship.enable` and `programs.starship.settings`.
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a warning.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

11
nixos/modules/config/malloc.nix
View file

@ -22,8 +22,15 @@ let
'';
};
scudo = {
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
scudo = let
platformMap = {
aarch64-linux = "aarch64";
x86_64-linux = "x86_64";
};
systemPlatform = platformMap.${pkgs.stdenv.hostPlatform.system} or (throw "scudo not supported on ${pkgs.stdenv.hostPlatform.system}");
in {
libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-${systemPlatform}.so";
description = ''
A user-mode allocator based on LLVM Sanitizers CombinedAllocator,
which aims at providing additional mitigations against heap based

2
nixos/modules/misc/ids.nix
View file

@ -353,6 +353,7 @@ in
distcc = 321;
webdav = 322;
pipewire = 323;
rstudio-server = 324;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -660,6 +661,7 @@ in
distcc = 321;
webdav = 322;
pipewire = 323;
rstudio-server = 324;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

2
nixos/modules/module-list.nix
View file

@ -394,6 +394,7 @@
./services/development/hoogle.nix
./services/development/jupyter/default.nix
./services/development/jupyterhub/default.nix
./services/development/rstudio-server/default.nix
./services/development/lorri.nix
./services/display-managers/greetd.nix
./services/editors/emacs.nix
@ -967,6 +968,7 @@
./services/security/vault.nix
./services/security/vaultwarden/default.nix
./services/security/yubikey-agent.nix
./services/system/cachix-agent/default.nix
./services/system/cloud-init.nix
./services/system/dbus.nix
./services/system/earlyoom.nix

8
nixos/modules/programs/chromium.nix
View file

@ -7,6 +7,7 @@ let
defaultProfile = filterAttrs (k: v: v != null) {
HomepageLocation = cfg.homepageLocation;
DefaultSearchProviderEnabled = cfg.defaultSearchProviderEnabled;
DefaultSearchProviderSearchURL = cfg.defaultSearchProviderSearchURL;
DefaultSearchProviderSuggestURL = cfg.defaultSearchProviderSuggestURL;
ExtensionInstallForcelist = cfg.extensions;
@ -50,6 +51,13 @@ in
example = "https://nixos.org";
};
defaultSearchProviderEnabled = mkOption {
type = types.nullOr types.bool;
description = "Enable the default search provider.";
default = null;
example = true;
};
defaultSearchProviderSearchURL = mkOption {
type = types.nullOr types.str;
description = "Chromium default search provider url.";

8
nixos/modules/programs/tsm-client.nix
View file

@ -7,7 +7,7 @@ let
inherit (lib.modules) mkDefault mkIf;
inherit (lib.options) literalExpression mkEnableOption mkOption;
inherit (lib.strings) concatStringsSep optionalString toLower;
inherit (lib.types) addCheck attrsOf lines nullOr package path port str strMatching submodule;
inherit (lib.types) addCheck attrsOf lines nonEmptyStr nullOr package path port str strMatching submodule;
# Checks if given list of strings contains unique
# elements when compared without considering case.
@ -35,7 +35,7 @@ let
'';
};
options.server = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "tsmserver.company.com";
description = ''
Host/domain name or IP address of the IBM TSM server.
@ -56,7 +56,7 @@ let
'';
};
options.node = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "MY-TSM-NODE";
description = ''
Target node name on the IBM TSM server.
@ -144,7 +144,7 @@ let
};
config.name = mkDefault name;
# Client system-options file directives are explained here:
# https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.8/client/c_opt_usingopts.html
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=commands-processing-options
config.extraConfig =
mapAttrs (lib.trivial.const mkDefault) (
{

41
nixos/modules/services/backup/borgbackup.nix
View file

@ -30,7 +30,7 @@ let
}
trap 'on_exit' INT TERM QUIT EXIT
archiveName="${cfg.archiveBaseName}-$(date ${cfg.dateFormat})"
archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})"
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
${cfg.preHook}
'' + optionalString cfg.doInit ''
@ -60,7 +60,7 @@ let
'' + optionalString (cfg.prune.keep != { }) ''
borg prune $extraArgs \
${mkKeepArgs cfg} \
--prefix ${escapeShellArg cfg.prune.prefix} \
${optionalString (cfg.prune.prefix != null) "--prefix ${escapeShellArg cfg.prune.prefix} \\"}
$extraPruneArgs
${cfg.postPrune}
'';
@ -99,7 +99,18 @@ let
BORG_REPO = cfg.repo;
inherit (cfg) extraArgs extraInitArgs extraCreateArgs extraPruneArgs;
} // (mkPassEnv cfg) // cfg.environment;
inherit (cfg) startAt;
};
mkBackupTimers = name: cfg:
nameValuePair "borgbackup-job-${name}" {
description = "BorgBackup job ${name} timer";
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.startAt;
};
# if remote-backup wait for network
after = optional (cfg.persistentTimer && !isLocalPath cfg.repo) "network-online.target";
};
# utility function around makeWrapper
@ -284,7 +295,7 @@ in {
};
archiveBaseName = mkOption {
type = types.strMatching "[^/{}]+";
type = types.nullOr (types.strMatching "[^/{}]+");
default = "${globalConfig.networking.hostName}-${name}";
defaultText = literalExpression ''"''${config.networking.hostName}-<name>"'';
description = ''
@ -292,6 +303,7 @@ in {
determined by <option>dateFormat</option>, will be appended. The full
name can be modified at runtime (<literal>$archiveName</literal>).
Placeholders like <literal>{hostname}</literal> must not be used.
Use <literal>null</literal> for no base name.
'';
};
@ -320,6 +332,19 @@ in {
'';
};
persistentTimer = mkOption {
default = false;
type = types.bool;
example = true;
description = literalDocBook ''
Set the <literal>persistentTimer</literal> option for the
<citerefentry><refentrytitle>systemd.timer</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
'';
};
user = mkOption {
type = types.str;
description = ''
@ -471,11 +496,11 @@ in {
};
prune.prefix = mkOption {
type = types.str;
type = types.nullOr (types.str);
description = ''
Only consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use <literal>""</literal> to consider all archives.
Use <literal>""</literal> or <literal>null</literal> to consider all archives.
'';
default = config.archiveBaseName;
defaultText = literalExpression "archiveBaseName";
@ -694,6 +719,10 @@ in {
# A repo named "foo" is mapped to systemd.services.borgbackup-repo-foo
// mapAttrs' mkRepoService repos;
# A job named "foo" is mapped to systemd.timers.borgbackup-job-foo
# only generate the timer if interval (startAt) is set
systemd.timers = mapAttrs' mkBackupTimers (filterAttrs (_: cfg: cfg.startAt != []) jobs);
users = mkMerge (mapAttrsToList mkUsersConfig repos);
environment.systemPackages = with pkgs; [ borgbackup ] ++ (mapAttrsToList mkBorgWrapper jobs);

47
nixos/modules/services/backup/tsm.nix
View file

@ -5,7 +5,7 @@ let
inherit (lib.attrsets) hasAttr;
inherit (lib.modules) mkDefault mkIf;
inherit (lib.options) mkEnableOption mkOption;
inherit (lib.types) nullOr strMatching;
inherit (lib.types) nonEmptyStr nullOr;
options.services.tsmBackup = {
enable = mkEnableOption ''
@ -15,7 +15,7 @@ let
<option>programs.tsmClient.enable</option>
'';
command = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
default = "backup";
example = "incr";
description = ''
@ -24,7 +24,7 @@ let
'';
};
servername = mkOption {
type = strMatching ".+";
type = nonEmptyStr;
example = "mainTsmServer";
description = ''
Create a systemd system service
@ -41,7 +41,7 @@ let
'';
};
autoTime = mkOption {
type = nullOr (strMatching ".+");
type = nullOr nonEmptyStr;
default = null;
example = "12:00";
description = ''
@ -87,16 +87,35 @@ in
environment.DSM_LOG = "/var/log/tsm-backup/";
# TSM needs a HOME dir to store certificates.
environment.HOME = "/var/lib/tsm-backup";
# for exit status description see
# https://www.ibm.com/support/knowledgecenter/en/SSEQVQ_8.1.8/client/c_sched_rtncode.html
serviceConfig.SuccessExitStatus = "4 8";
# The `-se` option must come after the command.
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
serviceConfig.ExecStart =
"${cfgPrg.wrappedPackage}/bin/dsmc ${cfg.command} -se='${cfg.servername}' -optfile=/dev/null";
serviceConfig.LogsDirectory = "tsm-backup";
serviceConfig.StateDirectory = "tsm-backup";
serviceConfig.StateDirectoryMode = "0750";
serviceConfig = {
# for exit status description see
# https://www.ibm.com/docs/en/spectrum-protect/8.1.13?topic=clients-client-return-codes
SuccessExitStatus = "4 8";
# The `-se` option must come after the command.
# The `-optfile` option suppresses a `dsm.opt`-not-found warning.
ExecStart =
"${cfgPrg.wrappedPackage}/bin/dsmc ${cfg.command} -se='${cfg.servername}' -optfile=/dev/null";
LogsDirectory = "tsm-backup";
StateDirectory = "tsm-backup";
StateDirectoryMode = "0750";
# systemd sandboxing
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
#PrivateTmp = true; # would break backup of {/var,}/tmp
#PrivateUsers = true; # would block backup of /home/*
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
};
startAt = mkIf (cfg.autoTime!=null) cfg.autoTime;
};
};

107
nixos/modules/services/development/rstudio-server/default.nix Normal file
View file

@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.rstudio-server;
rserver-conf = builtins.toFile "rserver.conf" ''
server-working-dir=${cfg.serverWorkingDir}
www-address=${cfg.listenAddr}
${cfg.rserverExtraConfig}
'';
rsession-conf = builtins.toFile "rsession.conf" ''
${cfg.rsessionExtraConfig}
'';
in
{
meta.maintainers = with maintainers; [ jbedo cfhammill ];
options.services.rstudio-server = {
enable = mkEnableOption "RStudio server";
serverWorkingDir = mkOption {
type = types.str;
default = "/var/lib/rstudio-server";
description = ''
Default working directory for server (server-working-dir in rserver.conf).
'';
};
listenAddr = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Address to listen on (www-address in rserver.conf).
'';
};
package = mkOption {
type = types.package;
default = pkgs.rstudio-server;
defaultText = literalExpression "pkgs.rstudio-server";
example = literalExpression "pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; }";
description = ''
Rstudio server package to use. Can be set to rstudioServerWrapper to provide packages.
'';
};
rserverExtraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra contents for rserver.conf.
'';
};
rsessionExtraConfig = mkOption {
type = types.str;
default = "";
description = ''
Extra contents for resssion.conf.
'';
};
};
config = mkIf cfg.enable
{
systemd.services.rstudio-server = {
description = "Rstudio server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ rserver-conf rsession-conf ];
serviceConfig = {
Restart = "on-failure";
Type = "forking";
ExecStart = "${cfg.package}/bin/rserver";
StateDirectory = "rstudio-server";
RuntimeDirectory = "rstudio-server";
};
};
environment.etc = {
"rstudio/rserver.conf".source = rserver-conf;
"rstudio/rsession.conf".source = rsession-conf;
"pam.d/rstudio".source = "/etc/pam.d/login";
};
environment.systemPackages = [ cfg.package ];
users = {
users.rstudio-server = {
uid = config.ids.uids.rstudio-server;
description = "rstudio-server";
group = "rstudio-server";
};
groups.rstudio-server = {
gid = config.ids.gids.rstudio-server;
};
};
};
}

2
nixos/modules/services/misc/ananicy.nix
View file

@ -84,7 +84,7 @@ in
} // (if ((lib.getName cfg.package) == (lib.getName pkgs.ananicy-cpp)) then {
# https://gitlab.com/ananicy-cpp/ananicy-cpp/-/blob/master/src/config.cpp#L12
loglevel = mkOD "warn"; # default is info but its spammy
cgroup_realtime_workaround = mkOD true;
cgroup_realtime_workaround = mkOD config.systemd.enableUnifiedCgroupHierarchy;
} else {
# https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
check_disks_schedulers = mkOD true;

3
nixos/modules/services/misc/bees.nix
View file

@ -21,6 +21,8 @@ let
<para>
This must be in a format usable by findmnt; that could be a key=value
pair, or a bare path to a mount point.
Using bare paths will allow systemd to start the beesd service only
after mounting the associated path.
'';
example = "LABEL=MyBulkDataDrive";
};
@ -122,6 +124,7 @@ in
StartupIOWeight = 25;
SyslogIdentifier = "beesd"; # would otherwise be "bees-service-wrapper"
};
unitConfig.RequiresMountsFor = lib.mkIf (lib.hasPrefix "/" fs.spec) fs.spec;
wantedBy = [ "multi-user.target" ];
})
cfg.filesystems;

38
nixos/modules/services/misc/heisenbridge.nix
View file

@ -23,7 +23,7 @@ let
in
{
options.services.heisenbridge = {
enable = mkEnableOption "A bouncer-style Matrix IRC bridge";
enable = mkEnableOption "the Matrix to IRC bridge";
package = mkOption {
type = types.package;
@ -172,25 +172,39 @@ in
++ (map (lib.escapeShellArg) cfg.extraArgs)
);
ProtectHome = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
StateDirectory = "heisenbridge";
StateDirectoryMode = "755";
# Hardening options
User = "heisenbridge";
Group = "heisenbridge";
RuntimeDirectory = "heisenbridge";
RuntimeDirectoryMode = "0700";
StateDirectory = "heisenbridge";
StateDirectoryMode = "0755";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || cfg.identd.port < 1024) "CAP_NET_BIND_SERVICE";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
RemoveIPC = true;
UMask = "0077";
CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port < 1024 || (cfg.identd.enable && cfg.identd.port < 1024)) "CAP_NET_BIND_SERVICE";
AmbientCapabilities = CapabilityBoundingSet;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap";
SystemCallFilter = ["@system-service" "~@priviledged" "@chown"];
SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_INET AF_INET6";
};

112
nixos/modules/services/misc/mbpfan.nix
View file

@ -5,6 +5,8 @@ with lib;
let
cfg = config.services.mbpfan;
verbose = if cfg.verbose then "v" else "";
settingsFormat = pkgs.formats.ini {};
settingsFile = settingsFormat.generate "config.conf" cfg.settings;
in {
options.services.mbpfan = {
@ -19,54 +21,6 @@ in {
'';
};
minFanSpeed = mkOption {
type = types.int;
default = 2000;
description = ''
The minimum fan speed.
'';
};
maxFanSpeed = mkOption {
type = types.int;
default = 6200;
description = ''
The maximum fan speed.
'';
};
lowTemp = mkOption {
type = types.int;
default = 63;
description = ''
The low temperature.
'';
};
highTemp = mkOption {
type = types.int;
default = 66;
description = ''
The high temperature.
'';
};
maxTemp = mkOption {
type = types.int;
default = 86;
description = ''
The maximum temperature.
'';
};
pollingInterval = mkOption {
type = types.int;
default = 7;
description = ''
The polling interval.
'';
};
verbose = mkOption {
type = types.bool;
default = false;
@ -74,23 +28,61 @@ in {
If true, sets the log level to verbose.
'';
};
settings = mkOption {
default = {};
description = "The INI configuration for Mbpfan.";
type = types.submodule {
freeformType = settingsFormat.type;
options.general.min_fan1_speed = mkOption {
type = types.int;
default = 2000;
description = "The minimum fan speed.";
};
options.general.max_fan1_speed = mkOption {
type = types.int;
default = 6199;
description = "The maximum fan speed.";
};
options.general.low_temp = mkOption {
type = types.int;
default = 55;
description = "The low temperature.";
};
options.general.high_temp = mkOption {
type = types.int;
default = 58;
description = "The high temperature.";
};
options.general.max_temp = mkOption {
type = types.int;
default = 86;
description = "The maximum temperature.";
};
options.general.polling_interval = mkOption {
type = types.int;
default = 1;
description = "The polling interval.";
};
};
};
};
imports = [
(mkRenamedOptionModule [ "services" "mbpfan" "pollingInterval" ] [ "services" "mbpfan" "settings" "general" "polling_interval" ])
(mkRenamedOptionModule [ "services" "mbpfan" "maxTemp" ] [ "services" "mbpfan" "settings" "general" "max_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "lowTemp" ] [ "services" "mbpfan" "settings" "general" "low_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "highTemp" ] [ "services" "mbpfan" "settings" "general" "high_temp" ])
(mkRenamedOptionModule [ "services" "mbpfan" "minFanSpeed" ] [ "services" "mbpfan" "settings" "general" "min_fan1_speed" ])
(mkRenamedOptionModule [ "services" "mbpfan" "maxFanSpeed" ] [ "services" "mbpfan" "settings" "general" "max_fan1_speed" ])
];
config = mkIf cfg.enable {
boot.kernelModules = [ "coretemp" "applesmc" ];
environment = {
etc."mbpfan.conf".text = ''
[general]
min_fan_speed = ${toString cfg.minFanSpeed}
max_fan_speed = ${toString cfg.maxFanSpeed}
low_temp = ${toString cfg.lowTemp}
high_temp = ${toString cfg.highTemp}
max_temp = ${toString cfg.maxTemp}
polling_interval = ${toString cfg.pollingInterval}
'';
systemPackages = [ cfg.package ];
};
environment.etc."mbpfan.conf".source = settingsFile;
environment.systemPackages = [ cfg.package ];
systemd.services.mbpfan = {
description = "A fan manager daemon for MacBook Pro";

18
nixos/modules/services/networking/adguardhome.nix
View file

@ -87,6 +87,22 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings != { }
-> (hasAttrByPath [ "dns" "bind_host" ] cfg.settings)
|| (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings);
message =
"AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration";
}
{
assertion = cfg.settings != { }
-> hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings;
message =
"AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
}
];
systemd.services.adguardhome = {
description = "AdGuard Home: Network-level blocker";
after = [ "network.target" ];
@ -96,7 +112,7 @@ in {
StartLimitBurst = 10;
};
preStart = ''
preStart = optionalString (cfg.settings != { }) ''
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
# Writing directly to AdGuardHome.yaml results in empty file

4
nixos/modules/services/networking/ddclient.nix
View file

@ -29,9 +29,9 @@ let
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
preStart = ''
install --owner ddclient -m600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
install --owner ddclient -m600 ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
install ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
'' else if (cfg.passwordFile != null) then ''
password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf

2
nixos/modules/services/networking/mosquitto.nix
View file

@ -556,7 +556,7 @@ in
systemd.services.mosquitto = {
description = "Mosquitto MQTT Broker Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "notify";
NotifyAccess = "main";

10
nixos/modules/services/networking/nix-serve.nix
View file

@ -26,6 +26,12 @@ in
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for nix-serve.";
};
secretKeyFile = mkOption {
type = types.nullOr types.str;
default = null;
@ -77,5 +83,9 @@ in
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
};
}

7
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -81,6 +81,7 @@ in
imports = [
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
(mkRenamedOptionModule [ "services" "openssh" "challengeResponseAuthentication" ] [ "services" "openssh" "kbdInteractiveAuthentication" ])
];
###### interface
@ -218,11 +219,11 @@ in
'';
};
challengeResponseAuthentication = mkOption {
kbdInteractiveAuthentication = mkOption {
type = types.bool;
default = true;
description = ''
Specifies whether challenge/response authentication is allowed.
Specifies whether keyboard-interactive authentication is allowed.
'';
};
@ -534,7 +535,7 @@ in
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
KbdInteractiveAuthentication ${if cfg.kbdInteractiveAuthentication then "yes" else "no"}
PrintMotd no # handled by pam_motd

4
nixos/modules/services/networking/syncthing.nix
View file

@ -468,7 +468,7 @@ in {
default = false;
example = true;
description = ''
Whether to open the default ports in the firewall: TCP 22000 for transfers
Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers
and UDP 21027 for discovery.
If multiple users are running Syncthing on this machine, you will need
@ -504,7 +504,7 @@ in {
networking.firewall = mkIf cfg.openDefaultPorts {
allowedTCPPorts = [ 22000 ];
allowedUDPPorts = [ 21027 ];
allowedUDPPorts = [ 21027 22000 ];
};
systemd.packages = [ pkgs.syncthing ];

57
nixos/modules/services/system/cachix-agent/default.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.cachix-agent;
in {
meta.maintainers = [ lib.maintainers.domenkozar ];
options.services.cachix-agent = {
enable = mkEnableOption "Cachix Deploy Agent: https://docs.cachix.org/deploy/";
name = mkOption {
type = types.str;
description = "Agent name, usually same as the hostname";
default = config.networking.hostName;
defaultText = "config.networking.hostName";
};
profile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Profile name, defaults to 'system' (NixOS).";
};
package = mkOption {
type = types.package;
default = pkgs.cachix;
defaultText = literalExpression "pkgs.cachix";
description = "Cachix Client package to use.";
};
credentialsFile = mkOption {
type = types.path;
default = "/etc/cachix-agent.token";
description = ''
Required file that needs to contain CACHIX_AGENT_TOKEN=...
'';
};
};
config = mkIf cfg.enable {
systemd.services.cachix-agent = {
description = "Cachix Deploy Agent";
after = ["network-online.target"];
path = [ config.nix.package ];
wantedBy = [ "multi-user.target" ];
# don't restart while changing
reloadIfChanged = true;
serviceConfig = {
Restart = "on-failure";
EnvironmentFile = cfg.credentialsFile;
ExecStart = "${cfg.package}/bin/cachix deploy agent ${cfg.name} ${if cfg.profile != null then profile else ""}";
};
};
};
}

202
nixos/modules/services/web-apps/bookstack.nix
View file

@ -24,8 +24,14 @@ let
$sudo ${pkgs.php}/bin/php artisan $*
'';
tlsEnabled = cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME;
in {
imports = [
(mkRemovedOptionModule [ "services" "bookstack" "extraConfig" ] "Use services.bookstack.config instead.")
(mkRemovedOptionModule [ "services" "bookstack" "cacheDir" ] "The cache directory is now handled automatically.")
];
options.services.bookstack = {
enable = mkEnableOption "BookStack";
@ -44,28 +50,38 @@ in {
appKeyFile = mkOption {
description = ''
A file containing the AppKey.
Used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom| base64</code> and must be prefixed with <literal>base64:</literal>.
A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed. Can be
generated with <code>head -c 32 /dev/urandom | base64</code>.
'';
example = "/run/keys/bookstack-appkey";
type = types.path;
};
hostname = lib.mkOption {
type = lib.types.str;
default = if config.networking.domain != null then
config.networking.fqdn
else
config.networking.hostName;
defaultText = lib.literalExpression "config.networking.fqdn";
example = "bookstack.example.com";
description = ''
The hostname to serve BookStack on.
'';
};
appURL = mkOption {
description = ''
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
'';
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostname}";
defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostname}'';
example = "https://example.com";
type = types.str;
};
cacheDir = mkOption {
description = "BookStack cache directory";
default = "/var/cache/bookstack";
type = types.path;
};
dataDir = mkOption {
description = "BookStack data directory";
default = "/var/lib/bookstack";
@ -202,16 +218,59 @@ in {
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
ALLOWED_IFRAME_HOSTS="https://example.com"
WKHTMLTOPDF=/home/user/bins/wkhtmltopdf
config = mkOption {
type = with types;
attrsOf
(nullOr
(either
(oneOf [
bool
int
port
path
str
])
(submodule {
options = {
_secret = mkOption {
type = nullOr str;
description = ''
The path to a file containing the value the
option should be set to in the final
configuration file.
'';
};
};
})));
default = {};
example = literalExpression ''
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
WKHTMLTOPDF = "/home/user/bins/wkhtmltopdf";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "bookstack";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
'';
description = ''
Lines to be appended verbatim to the BookStack configuration.
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/> for details on supported values.
BookStack configuration options to set in the
<filename>.env</filename> file.
Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/>
for details on supported values.
Settings containing secret data should be set to an attribute
set containing the attribute <literal>_secret</literal> - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting <filename>.env</filename> file, the
<literal>OIDC_CLIENT_SECRET</literal> key will be set to the
contents of the <filename>/run/keys/oidc_secret</filename>
file.
'';
};
@ -228,6 +287,30 @@ in {
}
];
services.bookstack.config = {
APP_KEY._secret = cfg.appKeyFile;
APP_URL = cfg.appURL;
DB_HOST = db.host;
DB_PORT = db.port;
DB_DATABASE = db.name;
DB_USERNAME = db.user;
MAIL_DRIVER = mail.driver;
MAIL_FROM_NAME = mail.fromName;
MAIL_FROM = mail.from;
MAIL_HOST = mail.host;
MAIL_PORT = mail.port;
MAIL_USERNAME = mail.user;
MAIL_ENCRYPTION = mail.encryption;
DB_PASSWORD._secret = db.passwordFile;
MAIL_PASSWORD._secret = mail.passwordFile;
APP_SERVICES_CACHE = "/run/bookstack/cache/services.php";
APP_PACKAGES_CACHE = "/run/bookstack/cache/packages.php";
APP_CONFIG_CACHE = "/run/bookstack/cache/config.php";
APP_ROUTES_CACHE = "/run/bookstack/cache/routes-v7.php";
APP_EVENTS_CACHE = "/run/bookstack/cache/events.php";
SESSION_SECURE_COOKIE = tlsEnabled;
};
environment.systemPackages = [ artisan ];
services.mysql = mkIf db.createLocally {
@ -258,24 +341,19 @@ in {
services.nginx = {
enable = mkDefault true;
virtualHosts.bookstack = mkMerge [ cfg.nginx {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts.${cfg.hostname} = mkMerge [ cfg.nginx {
root = mkForce "${bookstack}/public";
extraConfig = optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;";
locations = {
"/" = {
index = "index.php";
extraConfig = ''try_files $uri $uri/ /index.php?$query_string;'';
};
"~ \.php$" = {
extraConfig = ''
try_files $uri $uri/ /index.php?$query_string;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:${config.services.phpfpm.pools."bookstack".socket};
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"}
'';
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."bookstack".socket};
'';
"~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
@ -290,50 +368,54 @@ in {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = user;
WorkingDirectory = "${bookstack}";
RuntimeDirectory = "bookstack/cache";
RuntimeDirectoryMode = 0700;
};
script = ''
path = [ pkgs.replace-secret ];
script =
let
isSecret = v: isAttrs v && v ? _secret && isString v._secret;
bookstackEnvVars = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString = v: with builtins;
if isInt v then toString v
else if isString v then v
else if true == v then "true"
else if false == v then "false"
else if isSecret v then v._secret
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
};
};
secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config);
mkSecretReplacement = file: ''
replace-secret ${escapeShellArgs [ file file "${cfg.dataDir}/.env" ]}
'';
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ {} null ])) cfg.config;
bookstackEnv = pkgs.writeText "bookstack.env" (bookstackEnvVars filteredConfig);
in ''
# error handling
set -euo pipefail
# set permissions
umask 077
# create .env file
echo "
APP_KEY=base64:$(head -n1 ${cfg.appKeyFile})
APP_URL=${cfg.appURL}
DB_HOST=${db.host}
DB_PORT=${toString db.port}
DB_DATABASE=${db.name}
DB_USERNAME=${db.user}
MAIL_DRIVER=${mail.driver}
MAIL_FROM_NAME=\"${mail.fromName}\"
MAIL_FROM=${mail.from}
MAIL_HOST=${mail.host}
MAIL_PORT=${toString mail.port}
${optionalString (mail.user != null) "MAIL_USERNAME=${mail.user};"}
${optionalString (mail.encryption != null) "MAIL_ENCRYPTION=${mail.encryption};"}
${optionalString (db.passwordFile != null) "DB_PASSWORD=$(head -n1 ${db.passwordFile})"}
${optionalString (mail.passwordFile != null) "MAIL_PASSWORD=$(head -n1 ${mail.passwordFile})"}
APP_SERVICES_CACHE=${cfg.cacheDir}/services.php
APP_PACKAGES_CACHE=${cfg.cacheDir}/packages.php
APP_CONFIG_CACHE=${cfg.cacheDir}/config.php
APP_ROUTES_CACHE=${cfg.cacheDir}/routes-v7.php
APP_EVENTS_CACHE=${cfg.cacheDir}/events.php
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "SESSION_SECURE_COOKIE=true"}
${toString cfg.extraConfig}
" > "${cfg.dataDir}/.env"
install -T -m 0600 -o ${user} ${bookstackEnv} "${cfg.dataDir}/.env"
${secretReplacements}
if ! grep 'APP_KEY=base64:' "${cfg.dataDir}/.env" >/dev/null; then
sed -i 's/APP_KEY=/APP_KEY=base64:/' "${cfg.dataDir}/.env"
fi
# migrate db
${pkgs.php}/bin/php artisan migrate --force
# clear & create caches (needed in case of update)
${pkgs.php}/bin/php artisan cache:clear
${pkgs.php}/bin/php artisan config:clear
${pkgs.php}/bin/php artisan view:clear
'';
};
systemd.tmpfiles.rules = [
"d ${cfg.cacheDir} 0700 ${user} ${group} - -"
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
"d ${cfg.dataDir}/public 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/public/uploads 0750 ${user} ${group} - -"

907
nixos/modules/services/web-apps/keycloak.nix
View file

File diff suppressed because it is too large Load diff

18
nixos/modules/services/web-apps/keycloak.xml
View file

@ -85,7 +85,12 @@
The frontend URL is used as base for all frontend requests and
must be configured through <xref linkend="opt-services.keycloak.frontendUrl" />.
It should normally include a trailing <literal>/auth</literal>
(the default web context).
(the default web context). If you use a reverse proxy, you need
to set this option to <literal>""</literal>, so that frontend URL
is derived from HTTP headers. <literal>X-Forwarded-*</literal> headers
support also should be enabled, using <link
xlink:href="https://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses">
respective guidelines</link>.
</para>
<para>
@ -131,6 +136,17 @@
</warning>
</section>
<section xml:id="module-services-keycloak-themes">
<title>Themes</title>
<para>
You can package custom themes and make them visible to Keycloak via
<xref linkend="opt-services.keycloak.themes" />
option. See the <link xlink:href="https://www.keycloak.org/docs/latest/server_development/#_themes">
Themes section of the Keycloak Server Development Guide</link>
and respective NixOS option description for more information.
</para>
</section>
<section xml:id="module-services-keycloak-extra-config">
<title>Additional configuration</title>
<para>

2
nixos/modules/services/web-apps/mattermost.nix
View file

@ -181,7 +181,7 @@ in
description = ''
Plugins to add to the configuration. Overrides any installed if non-null.
This is a list of paths to .tar.gz files or derivations evaluating to
.tar.gz files. All entries will be passed to `mattermost plugin add`.
.tar.gz files.
'';
};

10
nixos/modules/services/web-apps/prosody-filer.nix
View file

@ -21,12 +21,10 @@ in {
type = settingsFormat.type;
example = literalExample ''
{
secret = "mysecret";
storeDir = "/srv/http/nginx/prosody-upload";
}
'';
example = {
secret = "mysecret";
storeDir = "/srv/http/nginx/prosody-upload";
};
defaultText = literalExpression ''
{

72
nixos/modules/system/activation/switch-to-configuration.pl
View file

@ -18,11 +18,13 @@ my $startListFile = "/run/nixos/start-list";
my $restartListFile = "/run/nixos/restart-list";
my $reloadListFile = "/run/nixos/reload-list";
# Parse restart/reload requests by the activation script
# Parse restart/reload requests by the activation script.
# Activation scripts may write newline-separated units to this
# file and switch-to-configuration will handle them. While
# `stopIfChanged = true` is ignored, switch-to-configuration will
# handle `restartIfChanged = false` and `reloadIfChanged = true`.
my $restartByActivationFile = "/run/nixos/activation-restart-list";
my $reloadByActivationFile = "/run/nixos/activation-reload-list";
my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list";
my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list";
make_path("/run/nixos", { mode => oct(755) });
@ -382,7 +384,6 @@ sub filterUnits {
}
my @unitsToStopFiltered = filterUnits(\%unitsToStop);
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
# Show dry-run actions.
@ -395,21 +396,39 @@ if ($action eq "dry-activate") {
print STDERR "would activate the configuration...\n";
system("$out/dry-activate", "$out");
$unitsToRestart{$_} = 1 foreach
split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "");
# Handle the activation script requesting the restart or reload of a unit.
foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) {
my $unit = $_;
my $baseUnit = $unit;
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
$unitsToReload{$_} = 1 foreach
split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // "");
# Detect template instances.
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
$baseUnit = "$1\@.$2";
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
}
my $baseName = $baseUnit;
$baseName =~ s/\.[a-z]*$//;
# Start units if they were not active previously
if (not defined $activePrev->{$unit}) {
$unitsToStart{$unit} = 1;
next;
}
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
}
unlink($dryRestartByActivationFile);
print STDERR "would restart systemd\n" if $restartSystemd;
print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n"
if scalar(keys %unitsToReload) > 0;
print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"
if scalar(keys %unitsToRestart) > 0;
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n"
if scalar @unitsToStartFiltered;
unlink($dryRestartByActivationFile);
unlink($dryReloadByActivationFile);
exit 0;
}
@ -433,13 +452,31 @@ print STDERR "activating the configuration...\n";
system("$out/activate", "$out") == 0 or $res = 2;
# Handle the activation script requesting the restart or reload of a unit.
# We can only restart and reload (not stop/start) because the units to be
# stopped are already stopped before the activation script is run.
$unitsToRestart{$_} = 1 foreach
split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "");
foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) {
my $unit = $_;
my $baseUnit = $unit;
my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
$unitsToReload{$_} = 1 foreach
split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // "");
# Detect template instances.
if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) {
$baseUnit = "$1\@.$2";
$newUnitFile = "$out/etc/systemd/system/$baseUnit";
}
my $baseName = $baseUnit;
$baseName =~ s/\.[a-z]*$//;
# Start units if they were not active previously
if (not defined $activePrev->{$unit}) {
$unitsToStart{$unit} = 1;
recordUnit($startListFile, $unit);
next;
}
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToRestart, \%unitsToRestart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
}
# We can remove the file now because it has been propagated to the other restart/reload files
unlink($restartByActivationFile);
# Restart systemd if necessary. Note that this is done using the
# current version of systemd, just in case the new one has trouble
@ -480,7 +517,6 @@ if (scalar(keys %unitsToReload) > 0) {
print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n";
system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4;
unlink($reloadListFile);
unlink($reloadByActivationFile);
}
# Restart changed services (those that have to be restarted rather
@ -489,7 +525,6 @@ if (scalar(keys %unitsToRestart) > 0) {
print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n";
system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4;
unlink($restartListFile);
unlink($restartByActivationFile);
}
# Start all active targets, as well as changed units we stopped above.
@ -498,6 +533,7 @@ if (scalar(keys %unitsToRestart) > 0) {
# that are symlinks to other units. We shouldn't start both at the
# same time because we'll get a "Failed to add path to set" error from
# systemd.
my @unitsToStartFiltered = filterUnits(\%unitsToStart);
print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n"
if scalar @unitsToStartFiltered;
system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4;

57
nixos/tests/adguardhome.nix Normal file
View file

@ -0,0 +1,57 @@
import ./make-test-python.nix {
name = "adguardhome";
nodes = {
minimalConf = { ... }: {
services.adguardhome = { enable = true; };
};
declarativeConf = { ... }: {
services.adguardhome = {
enable = true;
mutableSettings = false;
settings = {
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
};
};
mixedConf = { ... }: {
services.adguardhome = {
enable = true;
mutableSettings = true;
settings = {
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
};
};
};
testScript = ''
with subtest("Minimal config test"):
minimalConf.wait_for_unit("adguardhome.service")
minimalConf.wait_for_open_port(3000)
with subtest("Declarative config test, DNS will be reachable"):
declarativeConf.wait_for_unit("adguardhome.service")
declarativeConf.wait_for_open_port(53)
declarativeConf.wait_for_open_port(3000)
with subtest("Mixed config test, check whether merging works"):
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(53)
mixedConf.wait_for_open_port(3000)
# Test whether merging works properly, even if nothing is changed
mixedConf.systemctl("restart adguardhome.service")
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(3000)
'';
}

3
nixos/tests/all-tests.nix
View file

@ -23,6 +23,7 @@ in
{
_3proxy = handleTest ./3proxy.nix {};
acme = handleTest ./acme.nix {};
adguardhome = handleTest ./adguardhome.nix {};
aesmd = handleTest ./aesmd.nix {};
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
@ -474,6 +475,7 @@ in
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
teleport = handleTest ./teleport.nix {};
thelounge = handleTest ./thelounge.nix {};
tiddlywiki = handleTest ./tiddlywiki.nix {};
tigervnc = handleTest ./tigervnc.nix {};
timezone = handleTest ./timezone.nix {};
@ -488,6 +490,7 @@ in
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
tsm-client-gui = handleTest ./tsm-client-gui.nix {};
txredisapi = handleTest ./txredisapi.nix {};
tuptime = handleTest ./tuptime.nix {};
turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {};

2
nixos/tests/borgbackup.nix
View file

@ -106,7 +106,7 @@ in {
services.openssh = {
enable = true;
passwordAuthentication = false;
challengeResponseAuthentication = false;
kbdInteractiveAuthentication = false;
};
services.borgbackup.repos.repo1 = {

2
nixos/tests/btrbk.nix
View file

@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
services.openssh = {
enable = true;
passwordAuthentication = false;
challengeResponseAuthentication = false;
kbdInteractiveAuthentication = false;
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];

2
nixos/tests/google-oslogin/server.nix
View file

@ -17,7 +17,7 @@ in {
};
services.openssh.enable = true;
services.openssh.challengeResponseAuthentication = false;
services.openssh.kbdInteractiveAuthentication = false;
services.openssh.passwordAuthentication = false;
security.googleOsLogin.enable = true;

30
nixos/tests/rstudio-server.nix Normal file
View file

@ -0,0 +1,30 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "rstudio-server-test";
meta.maintainers = with pkgs.lib.maintainers; [ jbedo cfhammill ];
nodes.machine = { config, lib, pkgs, ... }: {
services.rstudio-server.enable = true;
};
nodes.customPackageMachine = { config, lib, pkgs, ... }: {
services.rstudio-server = {
enable = true;
package = pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; };
};
};
users.testuser = {
uid = 1000;
group = "testgroup";
};
groups.testgroup.gid = 1000;
testScript = ''
machine.wait_for_unit("rstudio-server.service")
machine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
customPackageMachine.wait_for_unit("rstudio-server.service")
customPackageMachine.succeed("curl -f -vvv -s http://127.0.0.1:8787")
'';
})

70
nixos/tests/switch-test.nix
View file

@ -45,6 +45,50 @@ import ./make-test-python.nix ({ pkgs, ...} : {
systemd.services.test.restartIfChanged = false;
};
restart-and-reload-by-activation-script.configuration = {
systemd.services = rec {
simple-service = {
# No wantedBy so we can check if the activation script restart triggers them
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.coreutils}/bin/true";
ExecReload = "${pkgs.coreutils}/bin/true";
};
};
simple-restart-service = simple-service // {
stopIfChanged = false;
};
simple-reload-service = simple-service // {
reloadIfChanged = true;
};
no-restart-service = simple-service // {
restartIfChanged = false;
};
};
system.activationScripts.restart-and-reload-test = {
supportsDryActivation = true;
deps = [];
text = ''
if [ "$NIXOS_ACTION" = dry-activate ]; then
f=/run/nixos/dry-activation-restart-list
else
f=/run/nixos/activation-restart-list
fi
cat <<EOF >> "$f"
simple-service.service
simple-restart-service.service
simple-reload-service.service
no-restart-service.service
EOF
'';
};
};
mount.configuration = {
systemd.mounts = [
{
@ -261,6 +305,32 @@ import ./make-test-python.nix ({ pkgs, ...} : {
assert_lacks(out, "as well:")
assert_contains(out, "would start the following units: test.service\n")
with subtest("restart and reload by activation script"):
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_contains(out, "stopping the following units: test.service\n")
assert_lacks(out, "NOT restarting the following changed units:")
assert_lacks(out, "reloading the following units:")
assert_lacks(out, "restarting the following units:")
assert_contains(out, "\nstarting the following units: no-restart-service.service, simple-reload-service.service, simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "as well:")
# Switch to the same system where the example services get restarted
# by the activation script
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script")
assert_lacks(out, "stopping the following units:")
assert_lacks(out, "NOT restarting the following changed units:")
assert_contains(out, "reloading the following units: simple-reload-service.service\n")
assert_contains(out, "restarting the following units: simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "\nstarting the following units:")
assert_lacks(out, "as well:")
# The same, but in dry mode
out = switch_to_specialisation("${machine}", "restart-and-reload-by-activation-script", action="dry-activate")
assert_lacks(out, "would stop the following units:")
assert_lacks(out, "would NOT stop the following changed units:")
assert_contains(out, "would reload the following units: simple-reload-service.service\n")
assert_contains(out, "would restart the following units: simple-restart-service.service, simple-service.service\n")
assert_lacks(out, "\nwould start the following units:")
assert_lacks(out, "as well:")
with subtest("mounts"):
switch_to_specialisation("${machine}", "mount")
out = machine.succeed("mount | grep 'on /testmount'")

29
nixos/tests/thelounge.nix Normal file
View file

@ -0,0 +1,29 @@
import ./make-test-python.nix {
nodes = {
private = { config, pkgs, ... }: {
services.thelounge = {
enable = true;
plugins = [ pkgs.theLoungePlugins.themes.solarized ];
};
};
public = { config, pkgs, ... }: {
services.thelounge = {
enable = true;
public = true;
};
};
};
testScript = ''
start_all()
for machine in machines:
machine.wait_for_unit("thelounge.service")
machine.wait_for_open_port(9000)
private.wait_until_succeeds("journalctl -u thelounge.service | grep thelounge-theme-solarized")
private.wait_until_succeeds("journalctl -u thelounge.service | grep 'in private mode'")
public.wait_until_succeeds("journalctl -u thelounge.service | grep 'in public mode'")
'';
}

57
nixos/tests/tsm-client-gui.nix Normal file
View file

@ -0,0 +1,57 @@
# The tsm-client GUI first tries to connect to a server.
# We can't simulate a server, so we just check if
# it reports the correct connection failure error.
# After that the test persuades the GUI
# to show its main application window
# and verifies some configuration information.
import ./make-test-python.nix ({ lib, pkgs, ... }: {
name = "tsm-client";
enableOCR = true;
machine = { pkgs, ... }: {
imports = [ ./common/x11.nix ];
programs.tsmClient = {
enable = true;
package = pkgs.tsm-client-withGui;
defaultServername = "testserver";
servers.testserver = {
# 192.0.0.8 is a "dummy address" according to RFC 7600
server = "192.0.0.8";
node = "SOME-NODE";
passwdDir = "/tmp";
};
};
};
testScript = ''
machine.succeed("which dsmj") # fail early if this is missing
machine.wait_for_x()
machine.execute("DSM_LOG=/tmp dsmj -optfile=/dev/null >&2 &")
# does it report the "TCP/IP connection failure" error code?
machine.wait_for_window("IBM Spectrum Protect")
machine.wait_for_text("ANS2610S")
machine.send_key("esc")
# it asks to continue to restore a local backupset now;
# "yes" (return) leads to the main application window
machine.wait_for_text("backupset")
machine.send_key("ret")
# main window: navigate to "Connection Information"
machine.wait_for_text("Welcome")
machine.send_key("alt-f") # "File" menu
machine.send_key("c") # "Connection Information"
# "Connection Information" dialog box
machine.wait_for_window("Connection Information")
machine.wait_for_text("SOME-NODE")
machine.wait_for_text("${pkgs.tsm-client.passthru.unwrapped.version}")
machine.shutdown()
'';
meta.maintainers = [ lib.maintainers.yarny ];
})

11
pkgs/applications/audio/aumix/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchurl
, fetchpatch
, gettext
, ncurses
, gtkGUI ? false
@ -17,6 +18,16 @@ stdenv.mkDerivation rec {
sha256 = "0a8fwyxnc5qdxff8sl2sfsbnvgh6pkij4yafiln0fxgg6bal7knj";
};
patches = [
# Pull Gentoo fix for -fno-common toolchains. Upstream does not
# seem to have the contacts
(fetchpatch {
name = "fno-common.patch";
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-sound/aumix/files/aumix-2.9.1-fno-common.patch?id=496c9ec7355f06f6d1d19be780a6981503e6df1f";
sha256 = "0qwylhx1hawsmx1pc7ykrjq9phksc73dq9rss6ggq15n3ggnc95y";
})
];
buildInputs = [ gettext ncurses ]
++ lib.optionals gtkGUI [ pkg-config gtk2 ];

190
pkgs/applications/audio/bespokesynth/default.nix
View file

@ -1,40 +1,46 @@
{ lib, stdenv, fetchFromGitHub, pkg-config, fetchzip
, libjack2, alsa-lib, freetype, libX11, libXrandr, libXinerama, libXext, libXcursor
, libGL, python3, ncurses, libusb1
, gtk3, webkitgtk, curl, xvfb-run, makeWrapper
# "Debug", or "Release"
, buildType ? "Release"
{ lib
, stdenv
, fetchFromGitHub
, fetchzip
, cmake
, pkg-config
, ninja
, makeWrapper
, libjack2
, alsa-lib
, alsa-tools
, freetype
, libusb1
, libX11
, libXrandr
, libXinerama
, libXext
, libXcursor
, libXScrnSaver
, libGL
, libxcb
, xcbutil
, libxkbcommon
, xcbutilkeysyms
, xcb-util-cursor
, gtk3
, webkitgtk
, python3
, curl
, pcre
, mount
, gnome
, Cocoa
, WebKit
, CoreServices
, CoreAudioKit
# It is not allowed to distribute binaries with the VST2 SDK plugin without a license
# (the author of Bespoke has such a licence but not Nix). VST3 should work out of the box.
# Read more in https://github.com/NixOS/nixpkgs/issues/145607
, enableVST2 ? false
}:
let
projucer = stdenv.mkDerivation rec {
pname = "projucer";
version = "5.4.7";
src = fetchFromGitHub {
owner = "juce-framework";
repo = "JUCE";
rev = version;
sha256= "0qpiqfwwpcghk7ij6w4vy9ywr3ryg7ppg77bmd7783kxg6zbhj8h";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [
freetype libX11 libXrandr libXinerama libXext gtk3 webkitgtk
libjack2 curl
];
preBuild = ''
cd extras/Projucer/Builds/LinuxMakefile
'';
makeFlags = [ "CONFIG=${buildType}" ];
enableParallelBuilding = true;
installPhase = ''
mkdir -p $out/bin
cp -a build/Projucer $out/bin/Projucer
'';
};
# equal to vst-sdk in ../oxefmsynth/default.nix
vst-sdk = stdenv.mkDerivation rec {
name = "vstsdk3610_11_06_2018_build_37";
@ -50,70 +56,92 @@ let
in
stdenv.mkDerivation rec {
pname = "bespokesynth";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "awwbees";
owner = "BespokeSynth";
repo = pname;
rev = "v${version}";
sha256 = "04b2m40jszphslkd4850jcb8qwls392lwy3lc6vlj01h4izvapqk";
sha256 = "sha256-PN0Q6/gI1PeMaF/8EZFGJdLR8JVHQZfWunAhOIQxkHw=";
fetchSubmodules = true;
};
configurePhase = ''
runHook preConfigure
cmakeBuildType = "Release";
export HOME=$(mktemp -d)
xvfb-run sh -e <<EOF
${projucer}/bin/Projucer --set-global-search-path linux defaultJuceModulePath ${projucer.src}/modules
${projucer}/bin/Projucer --resave BespokeSynth.jucer
EOF
cmakeFlags = lib.optionals enableVST2 [ "-DBESPOKE_VST2_SDK_LOCATION=${vst-sdk}/VST2_SDK" ];
runHook postConfigure
'';
CFLAGS = "-I${vst-sdk}/VST2_SDK";
nativeBuildInputs = [ python3 makeWrapper cmake pkg-config ninja ];
nativeBuildInputs = [ xvfb-run pkg-config python3 makeWrapper ];
buildInputs = [
libX11 libXrandr libXinerama libXext libXcursor freetype libGL
ncurses libusb1
alsa-lib libjack2
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
# List obtained in https://github.com/BespokeSynth/BespokeSynth/blob/main/azure-pipelines.yml
libX11
libXrandr
libXinerama
libXext
libXcursor
libXScrnSaver
curl
gtk3
webkitgtk
freetype
libGL
libusb1
alsa-lib
libjack2
gnome.zenity
alsa-tools
libxcb
xcbutil
libxkbcommon
xcbutilkeysyms
xcb-util-cursor
pcre
mount
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
Cocoa
WebKit
CoreServices
CoreAudioKit
];
preBuild = ''
cd Builds/LinuxMakefile
'';
makeFlags = [ "CONFIG=${buildType}" ];
enableParallelBuilding = true;
NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin (toString [
# Fails to find fp.h on its own
"-isystem ${CoreServices}/Library/Frameworks/CoreServices.framework/Versions/Current/Frameworks/CarbonCore.framework/Versions/Current/Headers/"
]);
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share/bespokesynth $out/share/applications $out/share/icons/hicolor/512x512/apps
cp build/BespokeSynth $out/bin/
cp -ar ../MacOSX/build/Release/resource $out/share/bespokesynth/
wrapProgram $out/bin/BespokeSynth \
--run "cd $out/share/bespokesynth"
mkdir -p $out/share/applications/ $out/share/icons/hicolor/512x512/apps/
cp ../../bespoke_icon.png $out/share/icons/hicolor/512x512/apps/
substitute ../../BespokeSynth.desktop $out/share/applications/BespokseSynth.desktop \
--replace "/usr/bin/" ""
runHook postInstall
'';
postInstall =
if stdenv.hostPlatform.isDarwin then ''
mkdir -p $out/{Applications,bin}
mv Source/BespokeSynth_artefacts/${cmakeBuildType}/BespokeSynth.app $out/Applications/
# Symlinking confuses the resource finding about the actual location of the binary
# Resources are looked up relative to the executed file's location
makeWrapper $out/{Applications/BespokeSynth.app/Contents/MacOS,bin}/BespokeSynth
'' else ''
# Ensure zenity is available, or it won't be able to open new files.
# Ensure the python used for compilation is the same as the python used at run-time.
# jedi is also required for auto-completion.
# These X11 libs get dlopen'd, they cause visual bugs when unavailable.
wrapProgram $out/bin/BespokeSynth \
--prefix PATH : '${lib.makeBinPath [
gnome.zenity
(python3.withPackages (ps: with ps; [ jedi ]))
]}' \
--prefix LD_LIBRARY_PATH : '${lib.makeLibraryPath [
libXrandr
libXinerama
libXcursor
libXScrnSaver
]}'
'';
meta = with lib; {
description = "Software modular synth with controllers support, scripting and VST";
description =
"Software modular synth with controllers support, scripting and VST";
homepage = "https://github.com/awwbees/BespokeSynth";
license = with licenses; [
gpl3Plus
# This package is unfree and not distributable due to the license of VST2.
# see #145607
unfree
];
maintainers = with maintainers; [ astro ];
] ++ lib.optional enableVST2 unfree;
maintainers = with maintainers; [ astro tobiasBora OPNA2608 ];
platforms = platforms.all;
};
}

4
pkgs/applications/audio/rhvoice/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, lib, pkg-config, fetchFromGitHub, sconsPackages
, python, glibmm, libpulseaudio, libao }:
, glibmm, libpulseaudio, libao }:
let
version = "unstable-2018-02-10";
@ -19,7 +19,7 @@ in stdenv.mkDerivation {
];
buildInputs = [
python glibmm libpulseaudio libao
glibmm libpulseaudio libao
];
# SConstruct patch

4
pkgs/applications/audio/schismtracker/default.nix
View file

@ -3,7 +3,7 @@
, fetchFromGitHub
, autoreconfHook
, alsa-lib
, python
, python3
, SDL
}:
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--enable-dependency-tracking" ]
++ lib.optional stdenv.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python ];
nativeBuildInputs = [ autoreconfHook python3 ];
buildInputs = [ SDL ] ++ lib.optional stdenv.isLinux alsa-lib;

4
pkgs/applications/audio/sorcer/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config, python }:
{ lib, stdenv, fetchFromGitHub , boost, cairomm, cmake, libsndfile, lv2, ntk, pkg-config }:
stdenv.mkDerivation rec {
pname = "sorcer";
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ boost cairomm libsndfile lv2 ntk python ];
buildInputs = [ boost cairomm libsndfile lv2 ntk ];
postPatch = ''
# Fix build with lv2 1.18: https://github.com/brummer10/guitarix/commit/c0334c72

4
pkgs/applications/audio/split2flac/default.nix
View file

@ -1,7 +1,7 @@
{ lib, stdenv, fetchFromGitHub, makeWrapper
, shntool, cuetools
, flac, faac, mp4v2, wavpack, mac
, imagemagick, libiconv, enca, lame, pythonPackages, vorbis-tools
, imagemagick, libiconv, enca, lame, mutagen, vorbis-tools
, aacgain, mp3gain, vorbisgain
}:
@ -12,7 +12,7 @@ let
--prefix PATH : ${lib.makeBinPath [
shntool cuetools
flac faac mp4v2 wavpack mac
imagemagick libiconv enca lame pythonPackages.mutagen vorbis-tools
imagemagick libiconv enca lame mutagen vorbis-tools
aacgain mp3gain vorbisgain
]}
'';

6
pkgs/applications/audio/spot/default.nix
View file

@ -21,19 +21,19 @@
stdenv.mkDerivation rec {
pname = "spot";
version = "0.2.2";
version = "0.3.0";
src = fetchFromGitHub {
owner = "xou816";
repo = "spot";
rev = version;
hash = "sha256-g0oVhlfez9i+Vv8lt/aNftCVqdgPMDySBBeLyOv7Zl8=";
hash = "sha256-An9PJsuXZkvJhP67cisWxFd2dpky53EY/xcR6StgWFY=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-n10aYzkRqEe1h2WPAfARjH79Npvv+3fdX9jCtxv2a34=";
hash = "sha256-2qMmPIBoZS6WT06VzCmnYWaIfLzWN2HUvk7y9GKuuXg=";
};
nativeBuildInputs = [

2
pkgs/applications/blockchains/btcpayserver/default.nix
View file

@ -26,7 +26,7 @@ buildDotnetModule rec {
makeWrapperArgs+=(--run "cd $out/lib/btcpayserver")
'';
postInstall = ''
postFixup = ''
mv $out/bin/{BTCPayServer,btcpayserver}
'';

4
pkgs/applications/blockchains/chia-plotter/default.nix
View file

@ -4,7 +4,7 @@
, libsodium
, cmake
, substituteAll
, pythonPackages
, python3Packages
}:
stdenv.mkDerivation {
@ -23,7 +23,7 @@ stdenv.mkDerivation {
# prevent CMake from trying to get libraries on the Internet
(substituteAll {
src = ./dont_fetch_dependencies.patch;
pybind11_src = pythonPackages.pybind11.src;
pybind11_src = python3Packages.pybind11.src;
relic_src = fetchFromGitHub {
owner = "relic-toolkit";
repo = "relic";

2
pkgs/applications/blockchains/nbxplorer/default.nix
View file

@ -17,7 +17,7 @@ buildDotnetModule rec {
dotnet-sdk = dotnetCorePackages.sdk_3_1;
dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
postInstall = ''
postFixup = ''
mv $out/bin/{NBXplorer,nbxplorer}
'';

2
pkgs/applications/blockchains/wasabibackend/default.nix
View file

@ -36,7 +36,7 @@ buildDotnetModule rec {
)
'';
postInstall = ''
postFixup = ''
mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
'';

6
pkgs/applications/blockchains/zcash/default.nix
View file

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage.override { stdenv = stdenv; } rec {
pname = "zcash";
version = "4.5.1";
version = "4.6.0-1";
src = fetchFromGitHub {
owner = "zcash";
repo = "zcash";
rev = "v${version}";
sha256 = "0kyk3hv1y13b3vwg9kjcrpvz9v3l8lp0ikj977nykd5ms8b1rifa";
sha256 = "sha256-YJ5ufo+LYbOTr9SyiEzzp1pcSx6+cHSvDLBOIcx9X+4=";
};
cargoSha256 = "1mwprsg74xv6qlxf00w7xapnkisb1aid9hkyr8r90zcwdcy8783r";
cargoSha256 = "sha256-m/SBHv3BNYKkSXxHnCdVng3blbHrTc/HxX/nEIa1DnM=";
nativeBuildInputs = [ autoreconfHook cargo hexdump makeWrapper pkg-config ];
buildInputs = [ boost175 libevent libsodium utf8cpp ]

4
pkgs/applications/editors/cudatext/default.nix
View file

@ -38,13 +38,13 @@ let
in
stdenv.mkDerivation rec {
pname = "cudatext";
version = "1.152.1";
version = "1.153.0";
src = fetchFromGitHub {
owner = "Alexey-T";
repo = "CudaText";
rev = version;
sha256 = "sha256-rFmgf/wg6/jIObBDN+viKX3KrewVWgxs8uVF1gCY72s=";
sha256 = "sha256-3p5wb3buZtd1gnNoEJOclNO8xEYJBZYc86HfrkFrBWU=";
};
postPatch = ''

16
pkgs/applications/editors/cudatext/deps.json
View file

@ -16,23 +16,23 @@
},
"ATSynEdit": {
"owner": "Alexey-T",
"rev": "2021.12.22",
"sha256": "sha256-MmRJ3XDq7b9doPFfW7njSOasHej5ut0nYcJMFj+Y/Dc="
"rev": "2022.01.07",
"sha256": "sha256-KxeaTXv0qig3O2hqjJ5HG1KCN0TTQdnd3g9jBsEc0a4="
},
"ATSynEdit_Cmp": {
"owner": "Alexey-T",
"rev": "2021.09.14",
"sha256": "sha256-6eC75zAtWbM1XEI9OM3iqy/a8Vj1l5WU7HGJBpmoQsA="
"rev": "2021.12.28",
"sha256": "sha256-bXTjPdn0DIVTdoi30Ws5+M+UsC7F99IphMSTpI5ia/Q="
},
"EControl": {
"owner": "Alexey-T",
"rev": "2021.12.07",
"sha256": "sha256-givCklAHao26psWLI2qK246igxcAQEeIYTGH61FX6Xo="
"rev": "2022.01.07",
"sha256": "sha256-dgkyXrFs2hzuFjt9GW+WNyrLIp/i/AbRsM/MyMbatdA="
},
"ATSynEdit_Ex": {
"owner": "Alexey-T",
"rev": "2021.12.07",
"sha256": "sha256-/2Fv/vrpbHSiJro11cjbziUaT4gfwa6y5aQBoYgq3OQ="
"rev": "2022.01.07",
"sha256": "sha256-7QDHf0PYGMc611qrk+a8pNJHF1v1DFMWlt5hbaU/oD8="
},
"Python-for-Lazarus": {
"owner": "Alexey-T",

4
pkgs/applications/editors/netbeans/default.nix
View file

@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, makeWrapper, makeDesktopItem, which, unzip, libicns, imagemagick
, jdk, perl, python
, jdk, perl
}:
let
@ -58,7 +58,7 @@ stdenv.mkDerivation {
'';
nativeBuildInputs = [ makeWrapper unzip ];
buildInputs = [ perl python libicns imagemagick ];
buildInputs = [ perl libicns imagemagick ];
meta = {
description = "An integrated development environment for Java, C, C++ and PHP";

261
pkgs/applications/editors/rstudio/default.nix
View file

@ -1,4 +1,5 @@
{ lib
, stdenv
, mkDerivation
, fetchurl
, fetchpatch
@ -30,6 +31,9 @@
, nodejs
, mkYarnModules
, qmake
, server ? false # build server version
, sqlite
, pam
}:
let
@ -61,149 +65,166 @@ let
panmirrorModules = mkYarnModules {
inherit pname version;
packageJSON = ./package.json;
yarnLock = ./yarn.lock;
yarnLock = ./yarn.lock;
yarnNix = ./yarndeps.nix;
};
description = "Set of integrated tools for the R language";
in
mkDerivation rec {
inherit pname version src RSTUDIO_VERSION_MAJOR RSTUDIO_VERSION_MINOR RSTUDIO_VERSION_PATCH;
(if server then stdenv.mkDerivation else mkDerivation)
(rec {
inherit pname version src RSTUDIO_VERSION_MAJOR RSTUDIO_VERSION_MINOR RSTUDIO_VERSION_PATCH;
nativeBuildInputs = [
cmake
unzip
ant
jdk
makeWrapper
pandoc
nodejs
copyDesktopItems
];
nativeBuildInputs = [
cmake
unzip
ant
jdk
makeWrapper
pandoc
nodejs
] ++ lib.optional (!server) [
copyDesktopItems
];
buildInputs = [
boost
zlib
openssl
R
qtbase
qtxmlpatterns
qtsensors
qtwebengine
qtwebchannel
libuuid
libyamlcpp
soci
postgresql
];
buildInputs = [
boost
zlib
openssl
R
libuuid
libyamlcpp
soci
postgresql
] ++ (if server then [
sqlite.dev
pam
] else [
qtbase
qtxmlpatterns
qtsensors
qtwebengine
qtwebchannel
]);
cmakeFlags = [
"-DRSTUDIO_TARGET=Desktop"
"-DCMAKE_BUILD_TYPE=Release"
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
"-DRSTUDIO_USE_SYSTEM_SOCI=ON"
"-DRSTUDIO_USE_SYSTEM_BOOST=ON"
"-DRSTUDIO_USE_SYSTEM_YAML_CPP=ON"
"-DPANDOC_VERSION=${pandoc.version}"
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib/rstudio"
];
cmakeFlags = [
"-DRSTUDIO_TARGET=${if server then "Server" else "Desktop"}"
"-DCMAKE_BUILD_TYPE=Release"
"-DRSTUDIO_USE_SYSTEM_SOCI=ON"
"-DRSTUDIO_USE_SYSTEM_BOOST=ON"
"-DRSTUDIO_USE_SYSTEM_YAML_CPP=ON"
"-DPANDOC_VERSION=${pandoc.version}"
"-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib/rstudio"
] ++ lib.optional (!server) [
"-DQT_QMAKE_EXECUTABLE=${qmake}/bin/qmake"
];
# Hack RStudio to only use the input R and provided libclang.
patches = [
./r-location.patch
./clang-location.patch
# postFetch doesn't work with this | error: unexpected end-of-file
# replacing /usr/bin/node is done in postPatch
# https://src.fedoraproject.org/rpms/rstudio/tree/rawhide
(fetchpatch {
name = "system-node.patch";
url = "https://src.fedoraproject.org/rpms/rstudio/raw/5bda2e290c9e72305582f2011040938d3e356906/f/0004-use-system-node.patch";
sha256 = "sha256-P1Y07RB/ceFNa749nyBUWSE41eiiZgt43zVcmahvfZM=";
})
];
# Hack RStudio to only use the input R and provided libclang.
patches = [
./r-location.patch
./clang-location.patch
# postFetch doesn't work with this | error: unexpected end-of-file
# replacing /usr/bin/node is done in postPatch
# https://src.fedoraproject.org/rpms/rstudio/tree/rawhide
(fetchpatch {
name = "system-node.patch";
url = "https://src.fedoraproject.org/rpms/rstudio/raw/5bda2e290c9e72305582f2011040938d3e356906/f/0004-use-system-node.patch";
sha256 = "sha256-P1Y07RB/ceFNa749nyBUWSE41eiiZgt43zVcmahvfZM=";
})
];
postPatch = ''
substituteInPlace src/cpp/core/r_util/REnvironmentPosix.cpp --replace '@R@' ${R}
postPatch = ''
substituteInPlace src/cpp/core/r_util/REnvironmentPosix.cpp --replace '@R@' ${R}
substituteInPlace src/cpp/CMakeLists.txt \
--replace 'SOCI_LIBRARY_DIR "/usr/lib"' 'SOCI_LIBRARY_DIR "${soci}/lib"'
substituteInPlace src/cpp/CMakeLists.txt \
--replace 'SOCI_LIBRARY_DIR "/usr/lib"' 'SOCI_LIBRARY_DIR "${soci}/lib"'
substituteInPlace src/gwt/build.xml \
--replace '/usr/bin/node' '${nodejs}/bin/node'
substituteInPlace src/gwt/build.xml \
--replace '/usr/bin/node' '${nodejs}/bin/node'
substituteInPlace src/cpp/core/libclang/LibClang.cpp \
--replace '@libclang@' ${llvmPackages.libclang.lib} \
--replace '@libclang.so@' ${llvmPackages.libclang.lib}/lib/libclang.so
substituteInPlace src/cpp/core/libclang/LibClang.cpp \
--replace '@libclang@' ${llvmPackages.libclang.lib} \
--replace '@libclang.so@' ${llvmPackages.libclang.lib}/lib/libclang.so
substituteInPlace src/cpp/session/include/session/SessionConstants.hpp \
--replace "bin/pandoc" "${pandoc}/bin/pandoc"
'';
substituteInPlace src/cpp/session/include/session/SessionConstants.hpp \
--replace "bin/pandoc" "${pandoc}/bin/pandoc"
'';
hunspellDictionaries = with lib; filter isDerivation (unique (attrValues hunspellDicts));
# These dicts contain identically-named dict files, so we only keep the
# -large versions in case of clashes
largeDicts = with lib; filter (d: hasInfix "-large-wordlist" d) hunspellDictionaries;
otherDicts = with lib; filter
(d: !(hasAttr "dictFileName" d &&
elem d.dictFileName (map (d: d.dictFileName) largeDicts)))
hunspellDictionaries;
dictionaries = largeDicts ++ otherDicts;
hunspellDictionaries = with lib; filter isDerivation (unique (attrValues hunspellDicts));
# These dicts contain identically-named dict files, so we only keep the
# -large versions in case of clashes
largeDicts = with lib; filter (d: hasInfix "-large-wordlist" d) hunspellDictionaries;
otherDicts = with lib; filter
(d: !(hasAttr "dictFileName" d &&
elem d.dictFileName (map (d: d.dictFileName) largeDicts)))
hunspellDictionaries;
dictionaries = largeDicts ++ otherDicts;
preConfigure = ''
mkdir dependencies/dictionaries
for dict in ${builtins.concatStringsSep " " dictionaries}; do
for i in "$dict/share/hunspell/"*; do
ln -s $i dependencies/dictionaries/
preConfigure = ''
mkdir dependencies/dictionaries
for dict in ${builtins.concatStringsSep " " dictionaries}; do
for i in "$dict/share/hunspell/"*; do
ln -s $i dependencies/dictionaries/
done
done
done
unzip -q ${mathJaxSrc} -d dependencies/mathjax-27
unzip -q ${mathJaxSrc} -d dependencies/mathjax-27
mkdir -p dependencies/pandoc/${pandoc.version}
cp ${pandoc}/bin/pandoc dependencies/pandoc/${pandoc.version}/pandoc
mkdir -p dependencies/pandoc/${pandoc.version}
cp ${pandoc}/bin/pandoc dependencies/pandoc/${pandoc.version}/pandoc
cp -r ${rsconnectSrc} dependencies/rsconnect
( cd dependencies && ${R}/bin/R CMD build -d --no-build-vignettes rsconnect )
cp -r ${rsconnectSrc} dependencies/rsconnect
( cd dependencies && ${R}/bin/R CMD build -d --no-build-vignettes rsconnect )
cp -r "${panmirrorModules}" src/gwt/panmirror/src/editor/node_modules
'';
cp -r "${panmirrorModules}" src/gwt/panmirror/src/editor/node_modules
'';
postInstall = ''
mkdir -p $out/share/icons/hicolor/48x48/apps $out/bin
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
postInstall = ''
mkdir -p $out/bin $out/share
for f in {diagnostics,rpostback,rstudio}; do
ln -s $out/lib/rstudio/bin/$f $out/bin
done
${lib.optionalString (!server) ''
mkdir -p $out/share/icons/hicolor/48x48/apps
ln $out/lib/rstudio/rstudio.png $out/share/icons/hicolor/48x48/apps
''}
for f in .gitignore .Rbuildignore LICENSE README; do
find . -name $f -delete
done
rm -r $out/lib/rstudio/{INSTALL,COPYING,NOTICE,README.md,SOURCE,VERSION}
rm -r $out/lib/rstudio/bin/{pandoc/pandoc,pandoc}
'';
for f in {${if server
then "crash-handler-proxy,postback,r-ldpath,rpostback,rserver,rserver-pam,rsession,rstudio-server"
else "diagnostics,rpostback,rstudio"}}; do
ln -s $out/lib/rstudio/bin/$f $out/bin
done
qtWrapperArgs = [
"--suffix PATH : ${lib.makeBinPath [ gnumake ]}"
];
for f in .gitignore .Rbuildignore LICENSE README; do
find . -name $f -delete
done
rm -r $out/lib/rstudio/{INSTALL,COPYING,NOTICE,README.md,SOURCE,VERSION}
rm -r $out/lib/rstudio/bin/{pandoc/pandoc,pandoc}
'';
desktopItems = [
(makeDesktopItem {
name = "${pname}";
exec = "rstudio %F";
icon = "rstudio";
desktopName = "RStudio";
genericName = "IDE";
comment = meta.description;
categories = "Development;";
mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
})
];
meta = with lib; {
inherit description;
homepage = "https://www.rstudio.com/";
license = licenses.agpl3Only;
maintainers = with maintainers; [ ciil cfhammill ];
mainProgram = "rstudio" + optionalString server "-server";
platforms = platforms.linux;
};
meta = with lib; {
description = "Set of integrated tools for the R language";
homepage = "https://www.rstudio.com/";
license = licenses.agpl3Only;
maintainers = with maintainers; [ ciil ];
platforms = platforms.linux;
};
}
passthru = { inherit server; };
} // lib.optionalAttrs (!server) {
qtWrapperArgs = [
"--suffix PATH : ${lib.makeBinPath [ gnumake ]}"
];
desktopItems = [
(makeDesktopItem {
name = pname;
exec = "rstudio %F";
icon = "rstudio";
desktopName = "RStudio";
genericName = "IDE";
comment = description;
categories = "Development;";
mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
})
];
})

4
pkgs/applications/editors/tiled/default.nix
View file

@ -1,5 +1,5 @@
{ lib, mkDerivation, fetchFromGitHub, pkg-config, qmake
, python, qtbase, qttools }:
, python2, qtbase, qttools }:
mkDerivation rec {
pname = "tiled";
@ -13,7 +13,7 @@ mkDerivation rec {
};
nativeBuildInputs = [ pkg-config qmake ];
buildInputs = [ python qtbase qttools ];
buildInputs = [ python2 qtbase qttools ];
meta = with lib; {
description = "Free, easy to use and flexible tile map editor";

4
pkgs/applications/editors/wxhexeditor/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python, gettext }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, wxGTK, autoconf, automake, libtool, python2, gettext }:
stdenv.mkDerivation rec {
pname = "wxHexEditor";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
sha256 = "08xnhaif8syv1fa0k6lc3jm7yg2k50b02lyds8w0jyzh4xi5crqj";
};
buildInputs = [ wxGTK autoconf automake libtool python gettext ];
buildInputs = [ wxGTK autoconf automake libtool python2 gettext ];
preConfigure = "patchShebangs .";

8
pkgs/applications/graphics/inkscape/default.nix
View file

@ -81,6 +81,14 @@ stdenv.mkDerivation rec {
stripLen = 1;
extraPrefix = "share/extensions/";
})
# Remove mandatory break from end of paragraphs, added in Pango 1.49
# https://gitlab.com/inkscape/inkscape/-/merge_requests/3630
# TODO: Remove in Inkscape 1.1.2
(fetchpatch {
url = "https://gitlab.com/inkscape/inkscape/-/commit/b3dabef2245d4e4e977ee9d6776be9a134493515.patch";
sha256 = "YhqUlRBKL1vJ/iCM/DvdwbmPIsAHQpcgf4TPpjlnBng=";
})
];
postPatch = ''

4
pkgs/applications/graphics/krita/default.nix
View file

@ -1,7 +1,7 @@
{ callPackage, ... } @ args:
callPackage ./generic.nix (args // {
version = "5.0.0";
version = "5.0.2";
kde-channel = "stable";
sha256 = "sha256-hNWDPbyrP9OkGPTDdnDYKtkZQw8MbQpXuZOQdHHuzFc=";
sha256 = "sha256-5nUfx+tQSXekiAo3brvTmVyH2tFUSGCE6COX5l1JnL8=";
})

81
pkgs/applications/graphics/pinta/default.nix
View file

@ -2,23 +2,23 @@
, buildDotnetModule
, dotnetCorePackages
, fetchFromGitHub
, glibcLocales
, gtk3
, installShellFiles
, librsvg
, makeDesktopItem
, intltool
, wrapGAppsHook
}:
buildDotnetModule rec {
pname = "Pinta";
version = "2.0.1";
version = "2.0.2";
nativeBuildInputs = [
installShellFiles
intltool
wrapGAppsHook
];
runtimeDeps = [ gtk3 ];
buildInputs = runtimeDeps;
dotnet-sdk = dotnetCorePackages.sdk_6_0;
dotnet-runtime = dotnetCorePackages.runtime_6_0;
@ -26,7 +26,7 @@ buildDotnetModule rec {
# How-to update deps:
# $ nix-build -A pinta.fetch-deps
# $ ./result
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/default.nix
# $ cp /tmp/Pinta-deps.nix ./pkgs/applications/graphics/pinta/deps.nix
# TODO: create update script
nugetDeps = ./deps.nix;
@ -36,52 +36,49 @@ buildDotnetModule rec {
owner = "PintaProject";
repo = "Pinta";
rev = version;
sha256 = "sha256-iOKJPB2bI/GjeDxzG7r6ew7SGIzgrJTcRXhEYzOpC9k=";
sha256 = "sha256-Bvzs1beq7I1+10w9pmMePqGCz2TPDp5UK5Wa9hbKERU=";
};
# FIXME: this should be propagated by wrapGAppsHook already, however for some
# reason it is not working. Maybe a bug in buildDotnetModule?
preInstall = ''
gappsWrapperArgs+=(
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}"
--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
)
# https://github.com/NixOS/nixpkgs/issues/38991
# bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# Do the autoreconf/Makefile job manually
# TODO: use upstream build system
postBuild = ''
# Substitute translation placeholders
intltool-merge -x po/ xdg/pinta.appdata.xml.in xdg/pinta.appdata.xml
intltool-merge -d po/ xdg/pinta.desktop.in xdg/pinta.desktop
# Build translations
dotnet build Pinta \
-p:ContinuousIntegrationBuild=true \
-p:Deterministic=true \
-target:CompileTranslations,PublishTranslations \
-p:BuildTranslations=true \
-p:PublishDir="$NIX_BUILD_TOP/source/publish"
'';
postInstall = ''
postFixup = ''
# Rename the binary
mv $out/bin/Pinta $out/bin/pinta
mv "$out/bin/Pinta" "$out/bin/pinta"
# Copy desktop icons
for size in 16x16 22x22 24x24 32x32 96x96 scalable; do
mkdir -p $out/share/icons/hicolor/$size/apps
cp xdg/$size/* $out/share/icons/hicolor/$size/apps/
done
# Copy runtime icons
cp -r Pinta.Resources/icons/hicolor/16x16/* $out/share/icons/hicolor/16x16/
# Install manpage
installManPage xdg/pinta.1
# Fix and copy desktop file
# TODO: fix this propely by using the autoreconf+pkg-config build system
# from upstream
mkdir -p $out/share/applications
substitute xdg/pinta.desktop.in $out/share/applications/Pinta.desktop \
--replace _Name Name \
--replace _Comment Comment \
--replace _GenericName GenericName \
--replace _X-GNOME-FullName X-GNOME-FullName \
--replace _Keywords Keywords
# Install
dotnet build installer/linux/install.proj \
-target:Install \
-p:ContinuousIntegrationBuild=true \
-p:Deterministic=true \
-p:SourceDir="$NIX_BUILD_TOP/source" \
-p:PublishDir="$NIX_BUILD_TOP/source/publish" \
-p:InstallPrefix="$out"
'';
meta = {
meta = with lib; {
homepage = "https://www.pinta-project.com/";
description = "Drawing/editing program modeled after Paint.NET";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ thiagokokada ];
platforms = with lib.platforms; linux;
license = licenses.mit;
maintainers = with maintainers; [ thiagokokada ];
platforms = with platforms; linux;
mainProgram = "pinta";
};
}

35
pkgs/applications/graphics/renderdoc/default.nix
View file

@ -1,8 +1,25 @@
{ lib, fetchFromGitHub, cmake, pkg-config, mkDerivation
, qtbase, qtx11extras, qtsvg, makeWrapper
, vulkan-loader, libglvnd, xorg, python3, python3Packages
, bison, pcre, automake, autoconf, addOpenGLRunpath
, waylandSupport ? false, wayland
{ lib
, fetchFromGitHub
, nix-update-script
, cmake
, pkg-config
, mkDerivation
, qtbase
, qtx11extras
, qtsvg
, makeWrapper
, vulkan-loader
, libglvnd
, xorg
, python3
, python3Packages
, bison
, pcre
, automake
, autoconf
, addOpenGLRunpath
, waylandSupport ? false
, wayland
}:
let
custom_swig = fetchFromGitHub {
@ -15,13 +32,13 @@ let
in
mkDerivation rec {
pname = "renderdoc";
version = "1.16";
version = "1.17";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${version}";
sha256 = "150d1qzjs420clqr48gickiw5ymjx4md6iyjbxmxsdml0pyxpwwn";
sha256 = "sha256-Zr7Av49mK48B4N+Ca2vPIgKuVNP4YLVEs4EQepukSs8=";
};
buildInputs = [
@ -64,6 +81,10 @@ mkDerivation rec {
addOpenGLRunpath $out/lib/librenderdoc.so
'';
passthru.updateScript = nix-update-script {
attrPath = pname;
};
meta = with lib; {
description = "A single-frame graphics debugger";
homepage = "https://renderdoc.org/";

6
pkgs/applications/graphics/screencloud/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, pythonPackages }:
{ lib, stdenv, fetchFromGitHub, cmake, qt4, quazip, qt-mobility, qxt, python2Packages }:
with lib;
stdenv.mkDerivation rec {
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ cmake ];
buildInputs = [ qt4 quazip qt-mobility qxt pythonPackages.python pythonPackages.pycrypto ];
buildInputs = [ qt4 quazip qt-mobility qxt python2Packages.python python2Packages.pycrypto ];
patchPhase = ''
# Required to make the configure script work. Normally, screencloud's
@ -59,7 +59,7 @@ stdenv.mkDerivation rec {
postInstall = ''
patchShebangs $prefix/opt/screencloud/screencloud.sh
substituteInPlace "$prefix/opt/screencloud/screencloud.sh" --replace "/opt" "$prefix/opt"
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${pythonPackages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
sed -i "2 i\export PYTHONPATH=$(toPythonPath ${python2Packages.pycrypto}):\$PYTHONPATH" "$prefix/opt/screencloud/screencloud.sh"
mkdir $prefix/bin
mkdir $prefix/lib
ln -s $prefix/opt/screencloud/screencloud.sh $prefix/bin/screencloud

2
pkgs/applications/misc/auto-multiple-choice/default.nix
View file

@ -82,7 +82,7 @@ stdenv.mkDerivation rec {
XMLWriter
]}:"$out/share/perl5 \
--prefix XDG_DATA_DIRS : "$out/share" \
--set TEXINPUTS ":.:$out/share/texmf/tex/latex/AMC"
--set TEXINPUTS ":.:$out/tex/latex"
'';
nativeBuildInputs = [

70
pkgs/applications/misc/cubiomes-viewer/default.nix Normal file
View file

@ -0,0 +1,70 @@
{ lib
, stdenv
, fetchFromGitHub
, qtbase
, qmake
, wrapQtAppsHook
, copyDesktopItems
, makeDesktopItem
}:
stdenv.mkDerivation rec {
pname = "cubiomes-viewer";
version = "1.12.1";
src = fetchFromGitHub {
owner = "Cubitect";
repo = pname;
rev = version;
sha256 = "sha256-F0c6gMQKu35iBNRw+wpoxSUOhRUbPRKIXSNDDNZsfPE=";
fetchSubmodules = true;
};
buildInputs = [
qtbase
];
nativeBuildInputs = [
qmake
wrapQtAppsHook
copyDesktopItems
];
desktopItems = [ (makeDesktopItem {
name = pname;
desktopName = "Cubiomes Viewer";
exec = pname;
icon = pname;
categories = "Game";
comment = meta.description;
}) ];
preBuild = ''
# QMAKE_PRE_LINK is not executed (I dont know why)
make -C ./cubiomes libcubiomes CFLAGS="-DSTRUCT_CONFIG_OVERRIDE=1" all
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp cubiomes-viewer $out/bin
mkdir -p $out/share/pixmaps
cp icons/map.png $out/share/pixmaps/cubiomes-viewer.png
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/Cubitect/cubiomes-viewer";
description = "A graphical Minecraft seed finder and map viewer";
longDescription = ''
Cubiomes Viewer provides a graphical interface for the efficient and flexible seed-finding
utilities provided by cubiomes and a map viewer for the Minecraft biomes and structure generation.
'';
platforms = platforms.all;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ hqurve ];
};
}

3
pkgs/applications/misc/haxor-news/default.nix
View file

@ -15,7 +15,8 @@ let
sha256 = "09h1153wgr5x2ny7ds0w2m81n3bb9j8hjb8sjfnrg506r01clkyx";
};
});
click = self.callPackage ../../../development/python-modules/click/7.nix { };
# Use click 7
click = self.callPackage ../../../development/python2-modules/click/default.nix { };
};
};
in

6
pkgs/applications/misc/minder/default.nix
View file

@ -15,6 +15,7 @@
, gtk3
, gtksourceview4
, hicolor-icon-theme # for setup-hook
, json-glib
, libarchive
, libgee
, libhandy
@ -24,13 +25,13 @@
stdenv.mkDerivation rec {
pname = "minder";
version = "1.13.1";
version = "1.14.0";
src = fetchFromGitHub {
owner = "phase1geo";
repo = pname;
rev = version;
sha256 = "07mq595c1vxwsnwkr2zdci0r06yhs75ph2db09mc63k5fjvi8rya";
sha256 = "sha256-0x+MMVa9/jOVp9n9JFM1MGndh9H9MzmmHepcez4aT+Q=";
};
nativeBuildInputs = [
@ -51,6 +52,7 @@ stdenv.mkDerivation rec {
gtk3
gtksourceview4
hicolor-icon-theme
json-glib
libarchive
libgee
libhandy

6
pkgs/applications/misc/ocropus/default.nix
View file

@ -1,4 +1,4 @@
{ lib, fetchFromGitHub, fetchurl, pythonPackages, curl }:
{ lib, fetchFromGitHub, fetchurl, python2Packages, curl }:
let
getmodel = name: sha256: {
@ -17,7 +17,7 @@ let
];
in
pythonPackages.buildPythonApplication rec {
python2Packages.buildPythonApplication rec {
pname = "ocropus";
version = "1.3.3";
@ -28,7 +28,7 @@ pythonPackages.buildPythonApplication rec {
owner = "tmbdev";
};
propagatedBuildInputs = with pythonPackages; [ curl numpy scipy pillow
propagatedBuildInputs = with python2Packages; [ curl numpy scipy pillow
matplotlib beautifulsoup4 pygtk lxml ];
enableParallelBuilding = true;

8
pkgs/applications/misc/pdfdiff/default.nix
View file

@ -1,6 +1,6 @@
{ lib, pythonPackages, fetchurl, xpdf }:
{ lib, python2Packages, fetchurl, xpdf }:
let
py = pythonPackages;
py = python2Packages;
in
py.buildPythonApplication rec {
name = "pdfdiff-${version}";
@ -11,7 +11,7 @@ py.buildPythonApplication rec {
sha256 = "0zxwjjbklz87wkbhkmsvhc7xmv5php7m2a9vm6ydhmhlxsybf836";
};
buildInputs = [ pythonPackages.wrapPython ];
buildInputs = [ python2Packages.wrapPython ];
dontConfigure = true;
dontBuild = true;
@ -29,7 +29,7 @@ py.buildPythonApplication rec {
cp pdfdiff.py $out/bin/pdfdiff
chmod +x $out/bin/pdfdiff
substituteInPlace $out/bin/pdfdiff --replace "#!/usr/bin/python" "#!${pythonPackages.python.interpreter}"
substituteInPlace $out/bin/pdfdiff --replace "#!/usr/bin/python" "#!${python2Packages.python.interpreter}"
'';
meta = with lib; {

8
pkgs/applications/misc/phwmon/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitLab, pythonPackages }:
{ lib, stdenv, fetchFromGitLab, python2Packages }:
stdenv.mkDerivation {
pname = "phwmon";
@ -11,11 +11,11 @@ stdenv.mkDerivation {
sha256 = "1hqmsq66y8bqkpvszw84jyk8haxq3cjnz105hlkmp7786vfmkisq";
};
nativeBuildInputs = [ pythonPackages.wrapPython ];
nativeBuildInputs = [ python2Packages.wrapPython ];
buildInputs = [ pythonPackages.pygtk pythonPackages.psutil ];
buildInputs = [ python2Packages.pygtk python2Packages.psutil ];
pythonPath = [ pythonPackages.pygtk pythonPackages.psutil ];
pythonPath = [ python2Packages.pygtk python2Packages.psutil ];
patchPhase = ''
substituteInPlace install.sh --replace "/usr/local" "$out"

60
pkgs/applications/misc/pomotroid/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ stdenv, lib, fetchurl, makeWrapper, makeDesktopItem, copyDesktopItems, electron }:
let
version = "0.13.0";
appIcon = fetchurl {
url = "https://raw.githubusercontent.com/Splode/pomotroid/v${version}/static/icon.png";
sha256 = "sha256-BEPoOBErw5ZCeK4rtdxdwZZLimbpglu1Cu++4xzuVUs=";
};
in stdenv.mkDerivation rec {
pname = "pomotroid";
inherit version;
src = fetchurl {
url = "https://github.com/Splode/pomotroid/releases/download/v${version}/${pname}-${version}-linux.tar.gz";
sha256 = "sha256-AwpVnvwWQd/cgmZvtr5NprnLyeXz6ym4Fywc808tcSc=";
};
nativeBuildInputs = [
makeWrapper
copyDesktopItems
];
desktopItems = [
(makeDesktopItem {
name = pname;
exec = "pomotroid";
icon = "pomotroid";
comment = meta.description;
desktopName = "Pomotroid";
genericName = "Pomodoro Application";
})
];
dontConfigure = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/opt/pomotroid $out/share/pomotroid $out/share/pixmaps
cp -r ./ $out/opt/pomotroid
mv $out/opt/pomotroid/{locales,resources} $out/share/pomotroid
cp ${appIcon} $out/share/pixmaps/pomotroid.png
makeWrapper ${electron}/bin/electron $out/bin/pomotroid \
--add-flags $out/share/pomotroid/resources/app.asar
runHook postInstall
'';
meta = with lib; {
description = "Simple and visually-pleasing Pomodoro timer";
homepage = "https://splode.github.io/pomotroid";
license = licenses.mit;
maintainers = with maintainers; [ wolfangaukang ];
platforms = [ "x86_64-linux" ];
};
}

4
pkgs/applications/misc/privacyidea/default.nix
View file

@ -20,8 +20,8 @@ let
sha256 = "ae2f05671588762dd83a21d8b18c51fe355e86783e24594995ff8d7380dffe38";
};
});
werkzeug = self.callPackage ../../../development/python-modules/werkzeug/1.nix { };
flask = self.callPackage ../../../development/python-modules/flask/1.nix { };
werkzeug = self.callPackage ../../../development/python2-modules/werkzeug { };
flask = self.callPackage ../../../development/python2-modules/flask { };
sqlsoup = super.sqlsoup.overrideAttrs ({ meta ? {}, ... }: {
meta = meta // { broken = false; };
});

31
pkgs/applications/misc/rofi/wayland.nix Normal file
View file

@ -0,0 +1,31 @@
{ stdenv
, lib
, fetchFromGitHub
, rofi-unwrapped
, wayland-protocols
, wayland
}:
rofi-unwrapped.overrideAttrs (oldAttrs: rec {
pname = "rofi-wayland-unwrapped";
version = "1.7.2+wayland1";
src = fetchFromGitHub {
owner = "lbonn";
repo = "rofi";
rev = version;
fetchSubmodules = true;
sha256 = "sha256-INFYHOVjBNj8ks4UjKnxLW8mL7h1c8ySFPS/rUxOWwo=";
};
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ wayland-protocols ];
buildInputs = oldAttrs.buildInputs ++ [ wayland ];
meta = with lib; {
description = "Window switcher, run dialog and dmenu replacement for Wayland";
homepage = "https://github.com/lbonn/rofi";
license = licenses.mit;
maintainers = with maintainers; [ bew ];
platforms = with platforms; linux;
};
})

4
pkgs/applications/misc/survex/default.nix
View file

@ -9,7 +9,7 @@
, proj_7
, perl532
, unscii
, python
, python2
, libGL
, libGLU
, xlibsWrapper
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
pname = "survex";
version = "1.2.44";
nativeBuildInputs = [ docbook5 docbook2x autoreconfHook pkg-config perlenv python ];
nativeBuildInputs = [ docbook5 docbook2x autoreconfHook pkg-config perlenv python2 ];
buildInputs = [
libGL libGLU ffmpeg proj_7

6
pkgs/applications/misc/weather/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, pythonPackages, installShellFiles }:
{ lib, stdenv, fetchurl, python2Packages, installShellFiles }:
stdenv.mkDerivation rec {
version = "2.4.2";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
installShellFiles
pythonPackages.wrapPython
python2Packages.wrapPython
];
dontConfigure = true;
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
# Upstream doesn't provide a setup.py or alike, so we follow:
# http://fungi.yuggoth.org/weather/doc/install.rst#id3
installPhase = ''
site_packages=$out/${pythonPackages.python.sitePackages}
site_packages=$out/${python2Packages.python.sitePackages}
install -Dt $out/bin -m 755 weather
install -Dt $site_packages weather.py
install -Dt $out/share/weather-util \

12
pkgs/applications/networking/browsers/chromium/common.nix
View file

@ -161,13 +161,23 @@ let
./patches/no-build-timestamps.patch
# For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags:
./patches/widevine-79.patch
] ++ lib.optionals (versionRange "98" "99") [
] ++ lib.optionals (versionRange "97" "98") [
# A critical Ozone/Wayland fix:
# (Note: The patch for surface_augmenter.cc doesn't apply on M97 so we extract that part.)
(fetchpatch {
# [linux/wayland] Fixed terminate caused by binding to wrong version.
url = "https://github.com/chromium/chromium/commit/dd4c3ddadbb9869f59cee201a38e9ca3b9154f4d.patch";
excludes = [ "ui/ozone/platform/wayland/host/surface_augmenter.cc" ];
sha256 = "sha256-lp4kxPNAkafdE9NfD3ittTCpomRpX9Hqhtt9GFf4Ntw=";
})
./patches/m97-ozone-wayland-fix-surface_augmenter.patch
] ++ lib.optionals (versionRange "98" "99") [
(githubPatch {
# [linux/wayland] Fixed terminate caused by binding to wrong version.
commit = "dd4c3ddadbb9869f59cee201a38e9ca3b9154f4d";
sha256 = "sha256-FH7lBQTruMzkBT2XQ+kgADmJA0AxJfaV/gvtoqfQ4a4=";
})
] ++ lib.optionals (versionRange "97" "99") [
(githubPatch {
# [linux/wayland] Fixed terminate caused by binding to wrong version. (fixup)
commit = "a84b79daa8897b822336b8f348ef4daaae07af37";

31
pkgs/applications/networking/browsers/chromium/patches/m97-ozone-wayland-fix-surface_augmenter.patch Normal file
View file

@ -0,0 +1,31 @@
diff --git a/ui/ozone/platform/wayland/host/surface_augmenter.cc b/ui/ozone/platform/wayland/host/surface_augmenter.cc
index d971d15e71426..6e5408398bcea 100644
--- a/ui/ozone/platform/wayland/host/surface_augmenter.cc
+++ b/ui/ozone/platform/wayland/host/surface_augmenter.cc
@@ -13,7 +13,8 @@
namespace ui {
namespace {
-constexpr uint32_t kMaxSurfaceAugmenterVersion = 1;
+constexpr uint32_t kMinVersion = 1;
+constexpr uint32_t kMaxVersion = 1;
}
// static
@@ -27,11 +28,13 @@ void SurfaceAugmenter::Instantiate(WaylandConnection* connection,
uint32_t version) {
DCHECK_EQ(interface, kInterfaceName);
- if (connection->surface_augmenter_)
+ if (connection->surface_augmenter_ ||
+ !wl::CanBind(interface, version, kMinVersion, kMaxVersion)) {
return;
+ }
- auto augmenter = wl::Bind<surface_augmenter>(
- registry, name, std::min(version, kMaxSurfaceAugmenterVersion));
+ auto augmenter = wl::Bind<surface_augmenter>(registry, name,
+ std::min(version, kMaxVersion));
if (!augmenter) {
LOG(ERROR) << "Failed to bind surface_augmenter";
return;

6
pkgs/applications/networking/browsers/lagrange/default.nix
View file

@ -19,13 +19,13 @@
stdenv.mkDerivation rec {
pname = "lagrange";
version = "1.9.5";
version = "1.10.0";
src = fetchFromGitHub {
owner = "skyjake";
repo = "lagrange";
rev = "v${version}";
sha256 = "sha256-jvknhGTvb2Qw2587TmCJxES2DSv+9+BfMk2IOyqqLt8=";
sha256 = "sha256-5K2Fm7CkzVcHM3JC1rgh/vCyXfVTTY47nZFzqgQcoSs";
fetchSubmodules = true;
};
@ -38,8 +38,6 @@ stdenv.mkDerivation rec {
buildInputs = [ fribidi harfbuzz libunistring libwebp mpg123 openssl pcre SDL2 zlib ]
++ lib.optional stdenv.isDarwin AppKit;
hardeningDisable = lib.optional (!stdenv.cc.isClang) "format";
installPhase = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
mv Lagrange.app $out/Applications

6
pkgs/applications/networking/cluster/tanka/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "tanka";
version = "0.17.3";
version = "0.19.0";
src = fetchFromGitHub {
owner = "grafana";
repo = pname;
rev = "v${version}";
sha256 = "sha256-Khu6ovtcXkqqt3W4OoJ09INgv80tw/6uDcJS+jt3y0Y=";
sha256 = "sha256-SMPStxqzoeooBoqUJdFK6Zg3dzbNHrB/tv8iwa8GdbM=";
};
vendorSha256 = "sha256-vpm2y/CxRNWkz6+AOMmmZH5AjRQWAa6WD5Fnx5lqJYw=";
vendorSha256 = "sha256-pqwdxFFcATfxGmz6quIH8OL4U2DZKmuVyOLEct2nBlE=";
doCheck = false;

135
pkgs/applications/networking/cluster/terraform-providers/default.nix
View file

@ -7,82 +7,97 @@
, cdrtools # libvirt
}:
let
list = lib.importJSON ./providers.json;
buildWithGoModule = data:
# Our generic constructor to build new providers.
#
# Is designed to combine with the terraform.withPlugins implementation.
mkProvider =
{ owner
, repo
, rev
, version
, sha256
, vendorSha256 ? throw "vendorSha256 missing: please use `buildGoModule`" /* added 2022/01 */
, deleteVendor ? false
, proxyVendor ? false
, provider-source-address
}@attrs:
buildGoModule {
pname = data.repo;
inherit (data) vendorSha256 version;
pname = repo;
inherit vendorSha256 version deleteVendor proxyVendor;
subPackages = [ "." ];
doCheck = false;
# https://github.com/hashicorp/terraform-provider-scaffolding/blob/a8ac8375a7082befe55b71c8cbb048493dd220c2/.goreleaser.yml
# goreleaser (used for builds distributed via terraform registry) requires that CGO is disabled
CGO_ENABLED = 0;
ldflags = [ "-s" "-w" "-X main.version=${data.version}" "-X main.commit=${data.rev}" ];
ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${rev}" ];
src = fetchFromGitHub {
inherit (data) owner repo rev sha256;
inherit owner repo rev sha256;
};
deleteVendor = data.deleteVendor or false;
proxyVendor = data.proxyVendor or false;
# Terraform allow checking the provider versions, but this breaks
# if the versions are not provided via file paths.
postBuild = "mv $NIX_BUILD_TOP/go/bin/${data.repo}{,_v${data.version}}";
passthru = data;
postBuild = "mv $NIX_BUILD_TOP/go/bin/${repo}{,_v${version}}";
passthru = attrs;
};
# Our generic constructor to build new providers
mkProvider = attrs:
(if (lib.hasAttr "vendorSha256" attrs) then buildWithGoModule else throw /* added 2022/01 */ "vendorSha256 missing: please use `buildGoModule`")
attrs;
list = lib.importJSON ./providers.json;
# These providers are managed with the ./update-all script
automated-providers = lib.mapAttrs (_: attrs: mkProvider attrs) list;
# These are the providers that don't fall in line with the default model
special-providers = let archived = throw "the provider has been archived by upstream"; in {
# Packages that don't fit the default model
gandi = callPackage ./gandi { };
# mkisofs needed to create ISOs holding cloud-init data,
# and wrapped to terraform via deecb4c1aab780047d79978c636eeb879dd68630
libvirt = automated-providers.libvirt.overrideAttrs (_: { propagatedBuildInputs = [ cdrtools ]; });
teleport = callPackage ./teleport { };
vpsadmin = callPackage ./vpsadmin { };
} // (lib.optionalAttrs (config.allowAliases or false) {
arukas = archived; # added 2022/01
bitbucket = archived; # added 2022/01
chef = archived; # added 2022/01
cherryservers = archived; # added 2022/01
clc = archived; # added 2022/01
cloudstack = throw "removed from nixpkgs"; # added 2022/01
cobbler = archived; # added 2022/01
cohesity = archived; # added 2022/01
dyn = archived; # added 2022/01
genymotion = archived; # added 2022/01
hedvig = archived; # added 2022/01
ignition = archived; # added 2022/01
incapsula = archived; # added 2022/01
influxdb = archived; # added 2022/01
jdcloud = archived; # added 2022/01
kubernetes-alpha = throw "This has been merged as beta into the kubernetes provider. See https://www.hashicorp.com/blog/beta-support-for-crds-in-the-terraform-provider-for-kubernetes for details";
librato = archived; # added 2022/01
logentries = archived; # added 2022/01
metalcloud = archived; # added 2022/01
mysql = archived; # added 2022/01
nixos = archived; # added 2022/01
oneandone = archived; # added 2022/01
packet = archived; # added 2022/01
profitbricks = archived; # added 2022/01
pureport = archived; # added 2022/01
rancher = archived; # added 2022/01
rightscale = archived; # added 2022/01
runscope = archived; # added 2022/01
segment = throw "removed from nixpkgs"; # added 2022/01
softlayer = archived; # added 2022/01
telefonicaopencloud = archived; # added 2022/01
terraform = archived; # added 2022/01
ultradns = archived; # added 2022/01
vthunder = throw "provider was renamed to thunder"; # added 2022/01
});
special-providers =
{
# Packages that don't fit the default model
gandi = callPackage ./gandi { };
# mkisofs needed to create ISOs holding cloud-init data,
# and wrapped to terraform via deecb4c1aab780047d79978c636eeb879dd68630
libvirt = automated-providers.libvirt.overrideAttrs (_: { propagatedBuildInputs = [ cdrtools ]; });
teleport = callPackage ./teleport { };
vpsadmin = callPackage ./vpsadmin { };
};
# Put all the providers we not longer support in this list.
removed-providers =
let
archived = date: throw "the provider has been archived by upstream on ${date}";
removed = date: throw "removed from nixpkgs on ${date}";
in
lib.optionalAttrs (config.allowAliases or false) {
arukas = archived "2022/01";
bitbucket = archived "2022/01";
chef = archived "2022/01";
cherryservers = archived "2022/01";
clc = archived "2022/01";
cloudstack = removed "2022/01";
cobbler = archived "2022/01";
cohesity = archived "2022/01";
dyn = archived "2022/01";
genymotion = archived "2022/01";
hedvig = archived "2022/01";
ignition = archived "2022/01";
incapsula = archived "2022/01";
influxdb = archived "2022/01";
jdcloud = archived "2022/01";
kubernetes-alpha = throw "This has been merged as beta into the kubernetes provider. See https://www.hashicorp.com/blog/beta-support-for-crds-in-the-terraform-provider-for-kubernetes for details";
librato = archived "2022/01";
logentries = archived "2022/01";
metalcloud = archived "2022/01";
mysql = archived "2022/01";
nixos = archived "2022/01";
oneandone = archived "2022/01";
packet = archived "2022/01";
profitbricks = archived "2022/01";
pureport = archived "2022/01";
rancher = archived "2022/01";
rightscale = archived "2022/01";
runscope = archived "2022/01";
segment = removed "2022/01";
softlayer = archived "2022/01";
telefonicaopencloud = archived "2022/01";
terraform = archived "2022/01";
ultradns = archived "2022/01";
vthunder = throw "provider was renamed to thunder on 2022/01";
};
in
automated-providers // special-providers // { inherit mkProvider; }
automated-providers // special-providers // removed-providers // { inherit mkProvider; }

144
pkgs/applications/networking/cluster/terraform-providers/providers.json
View file

@ -21,10 +21,10 @@
"owner": "aiven",
"provider-source-address": "registry.terraform.io/aiven/aiven",
"repo": "terraform-provider-aiven",
"rev": "v2.4.0",
"sha256": "0m43d2iaa9kywzvlgcnsya1ma9k570j9q8cq9l6ldpc8565fqq0i",
"vendorSha256": "1lpfnpg4sivy8vilkxamdn1hyn6k61lxsfcq67afxsq8pcy6q44v",
"version": "2.4.0"
"rev": "v2.5.0",
"sha256": "1x37bnykn28hmb80qi530zgk6jfqpk97nswrm0hdw8x5vac4v63a",
"vendorSha256": "0ldk06dj72551b6djsq7vil0hzfsp3ixwh3ikqb40shsdq10iplx",
"version": "2.5.0"
},
"akamai": {
"owner": "akamai",
@ -40,10 +40,10 @@
"owner": "aliyun",
"provider-source-address": "registry.terraform.io/aliyun/alicloud",
"repo": "terraform-provider-alicloud",
"rev": "v1.151.0",
"sha256": "0pdvbq9kfq7vwkfk75fjy6jaiq5bfkjmvr3z07712b76z29m10bz",
"rev": "v1.152.0",
"sha256": "1childp3dkdi6raya1865inkky2qx1jav95yq9c57gz20zs27x8a",
"vendorSha256": "18chs2723i2cxhhm649mz52pp6wrfqzxgk12zxq9idrhicchqnzg",
"version": "1.151.0"
"version": "1.152.0"
},
"ansible": {
"owner": "nbering",
@ -94,28 +94,28 @@
"owner": "hashicorp",
"provider-source-address": "registry.terraform.io/hashicorp/aws",
"repo": "terraform-provider-aws",
"rev": "v3.71.0",
"sha256": "0jr9mk6gvimh8picpcc47pcan323k4rml438743ma53g8jhcvn2a",
"vendorSha256": "02ax2717xci8qia3k7q19yknazn67idb64hf5mwahfnx1fjmdc22",
"version": "3.71.0"
"rev": "v3.72.0",
"sha256": "0xkwqh7akc7rf047w6by4368n2bpn4lijk9j6j3wsgbaffw0xjlb",
"vendorSha256": "0apvp3vb3qx2l6698x4ai3spz40l6mb3z8gn45ms2vlxcwp2wf7y",
"version": "3.72.0"
},
"azuread": {
"owner": "hashicorp",
"provider-source-address": "registry.terraform.io/hashicorp/azuread",
"repo": "terraform-provider-azuread",
"rev": "v2.14.0",
"sha256": "0sjpwhywc165gkxd1ybkwi1aww4xivry82wh0mbh4bgs607mn8lg",
"rev": "v2.15.0",
"sha256": "1gjx91svfg25x0hlx6mfam40615x278b9vxsy5p88s3dl6xs3hdv",
"vendorSha256": null,
"version": "2.14.0"
"version": "2.15.0"
},
"azurerm": {
"owner": "hashicorp",
"provider-source-address": "registry.terraform.io/hashicorp/azurerm",
"repo": "terraform-provider-azurerm",
"rev": "v2.91.0",
"sha256": "0db23ch46wi5mjmwibp7n98y0j3cl06mq2pzmvw1scbzvgh0gcqp",
"rev": "v2.92.0",
"sha256": "0p4vxda4n7895xp7aqg4zqddynjn7hnzsc8am83y8hf9hbfaji8q",
"vendorSha256": null,
"version": "2.91.0"
"version": "2.92.0"
},
"azurestack": {
"owner": "hashicorp",
@ -185,10 +185,10 @@
"owner": "cloudflare",
"provider-source-address": "registry.terraform.io/cloudflare/cloudflare",
"repo": "terraform-provider-cloudflare",
"rev": "v3.6.0",
"sha256": "1adpzk9vjllr18dq8kggxfabm3ax59m55ls98mkqh8lmgq96bh7d",
"vendorSha256": "1rdgjb1gfz5fs6s3c15nj92rm8ifb23n25wpxl16mz4aifkjgqam",
"version": "3.6.0"
"rev": "v3.7.0",
"sha256": "1d1wljk033b9j5sx01xjv5jmclw79f2f21s8zsix036mmzvaiswb",
"vendorSha256": "1g3fyxrdqa4ds6n9pcw2mvi8nfiz4dna57ssvggfwic4jl89q7zm",
"version": "3.7.0"
},
"cloudfoundry": {
"owner": "cloudfoundry-community",
@ -266,10 +266,10 @@
"owner": "digitalocean",
"provider-source-address": "registry.terraform.io/digitalocean/digitalocean",
"repo": "terraform-provider-digitalocean",
"rev": "v2.16.0",
"sha256": "0l67yd7l0s36lwp1hm44d77i7d5019j0ddjzf22aw8cv9xd5fhxw",
"rev": "v2.17.0",
"sha256": "0in6xg4kgqy1izi8zapdi0f6dsni3i27fxh1l4sqp5kwh3vgpn0d",
"vendorSha256": null,
"version": "2.16.0"
"version": "2.17.0"
},
"dme": {
"owner": "DNSMadeEasy",
@ -347,10 +347,10 @@
"owner": "fastly",
"provider-source-address": "registry.terraform.io/fastly/fastly",
"repo": "terraform-provider-fastly",
"rev": "v0.39.0",
"sha256": "0sjjcz2z7qr1dmm6zzyi382cas4k5vdg0q7yxlpcqxqqrql636k8",
"rev": "v0.40.0",
"sha256": "11gf1xmj0qgn3hfw4hviqnfc23rrfd3qxz82idff4f1i7c5kym1i",
"vendorSha256": null,
"version": "0.39.0"
"version": "0.40.0"
},
"flexibleengine": {
"owner": "FlexibleEngineCloud",
@ -393,29 +393,29 @@
"provider-source-address": "registry.terraform.io/hashicorp/google",
"proxyVendor": true,
"repo": "terraform-provider-google",
"rev": "v4.5.0",
"sha256": "173aqwrzqdb3y57wiq1dbgb74ksr063qqq1k178n4wrab4s1h3px",
"rev": "v4.6.0",
"sha256": "0vi0crc4i5myzw17knvb3zz0yjpg7v1qvp9rjrb0q6v89nafr30c",
"vendorSha256": "17rlq86zl83cav8pinr8am3wkmva4slab2izmxddhiw3na60a4la",
"version": "4.5.0"
"version": "4.6.0"
},
"google-beta": {
"owner": "hashicorp",
"provider-source-address": "registry.terraform.io/hashicorp/google-beta",
"proxyVendor": true,
"repo": "terraform-provider-google-beta",
"rev": "v4.5.0",
"sha256": "17z2jy8b9gk0id8q0318a6k60fhcqps0p36s7d7kkqmr44shgzs4",
"rev": "v4.6.0",
"sha256": "0kbdpyln8yy3128g43y134v5li9k5a6mb2fwa0jl8zffmhfc209k",
"vendorSha256": "17rlq86zl83cav8pinr8am3wkmva4slab2izmxddhiw3na60a4la",
"version": "4.5.0"
"version": "4.6.0"
},
"grafana": {
"owner": "grafana",
"provider-source-address": "registry.terraform.io/grafana/grafana",
"repo": "terraform-provider-grafana",
"rev": "v1.17.0",
"sha256": "10mj1dvz7q3w250hvi3k4rj2x0mn592gw2xcy1j98x5ll6kx4ynd",
"vendorSha256": "1bhygkkgd3j971cg6wha57cyh4ggbkaihw6sn6p9jvdi1k1f63lw",
"version": "1.17.0"
"rev": "v1.18.0",
"sha256": "1qvhdshaiy1v7557nkh869k1wmz604pv2gchv98vrm3cp7zj83zn",
"vendorSha256": "1rgvil2kw38kbgbgcjy8mbkahj6zm91s187x41vd4x7ypc5kgbkn",
"version": "1.18.0"
},
"gridscale": {
"owner": "gridscale",
@ -466,10 +466,10 @@
"owner": "huaweicloud",
"provider-source-address": "registry.terraform.io/huaweicloud/huaweicloud",
"repo": "terraform-provider-huaweicloud",
"rev": "v1.32.0",
"sha256": "1k5d4a488mrba6cvpcbhd9hqhhb977yi89p32wlfx266mf11w2yw",
"rev": "v1.32.1",
"sha256": "05rm1cmpbmavza1pyqjzrd316v6r68427cjhqy6bngb749nc1als",
"vendorSha256": null,
"version": "1.32.0"
"version": "1.32.1"
},
"huaweicloudstack": {
"owner": "huaweicloud",
@ -493,10 +493,10 @@
"owner": "IBM-Cloud",
"provider-source-address": "registry.terraform.io/IBM-Cloud/ibm",
"repo": "terraform-provider-ibm",
"rev": "v1.37.1",
"sha256": "1m9038ylv44xhgws0jrqdynj7kd97x9jgk1npqblbfv86fccwqxc",
"vendorSha256": "1a8zy023j3mcy3bswyrmllkgv61wiyxa1f7bfj8mxx3701rsb4ji",
"version": "1.37.1"
"rev": "v1.38.0",
"sha256": "0cbyq74fy3y7ia8lywr8amwcjq53bn3psymyl5cnwqx8y97avx5w",
"vendorSha256": "0cgl87pij4amn77ksbrzl0qlf6a5ga29b64cnasq8lq03lbmqzw4",
"version": "1.38.0"
},
"icinga2": {
"owner": "Icinga",
@ -674,10 +674,10 @@
"owner": "mongodb",
"provider-source-address": "registry.terraform.io/mongodb/mongodbatlas",
"repo": "terraform-provider-mongodbatlas",
"rev": "v1.1.1",
"sha256": "0ifrpamajmrqa3fmsg4qyag1i7ghrswbhl0ixj8hgw7kzbzslsyd",
"vendorSha256": "1xrpgrzk5hr7qc5zm7nq5ljhc4sgzbsaxfszc8dlpc5y49j5q0ip",
"version": "1.1.1"
"rev": "v1.2.0",
"sha256": "08v1byvy7c2wdlbinjxb01vbzvsqfc73nc3cacp40n69z8wl70bi",
"vendorSha256": "19q835m219i85bq7mm5gafpw4q2y4lhbas2ppbfn3hkky15mvwks",
"version": "1.2.0"
},
"ncloud": {
"owner": "NaverCloudPlatform",
@ -701,10 +701,10 @@
"owner": "newrelic",
"provider-source-address": "registry.terraform.io/newrelic/newrelic",
"repo": "terraform-provider-newrelic",
"rev": "v2.34.1",
"sha256": "1j7r6cac1ajp8f6h2492dnz7ihkxbdi8js535dv04kiah79r49d5",
"vendorSha256": "0qbrrh5qdbcnzmf69jilcd9qql526w9mf4ix8y8bi94w7m0nwxap",
"version": "2.34.1"
"rev": "v2.35.0",
"sha256": "0pwy3vsj332v82n3is6xaw4mgvv968ffr8n41s1r7j39r8bpl77f",
"vendorSha256": "13xqrdv0xnza0yxdgk155x4vq8lai9jrjvnfp153jb5p5hfnzwmp",
"version": "2.35.0"
},
"nomad": {
"owner": "hashicorp",
@ -757,19 +757,19 @@
"owner": "terraform-providers",
"provider-source-address": "registry.terraform.io/hashicorp/oci",
"repo": "terraform-provider-oci",
"rev": "v4.58.0",
"sha256": "0cxzy9sj4n7yz7zbqhpkr92h7gqqfx7qxpr0a1jgh9a087j3752c",
"rev": "v4.59.0",
"sha256": "12i4j95g08c887xxplc90hcxwsrpwcn5qjyy5inazr21vqscjx2h",
"vendorSha256": null,
"version": "4.58.0"
"version": "4.59.0"
},
"okta": {
"owner": "okta",
"provider-source-address": "registry.terraform.io/okta/okta",
"repo": "terraform-provider-okta",
"rev": "v3.20.2",
"sha256": "0qlm99m4dljnczsypn4gmw9n4vvxkfazi21hvkbkgy2v3wmhsms9",
"vendorSha256": "0fyxm6wff5pz5g3rjnia23npar9qbwcv01pa3rsskxkl8jc3v13j",
"version": "3.20.2"
"rev": "v3.20.3",
"sha256": "0m9y0dagav1pw8cz6pv9zkhag59f9bbn8b6zi1h3lcgvmzf303wv",
"vendorSha256": "156nyjga5q5mgwiq6aynp199i0hn5mvckj2h7j3pfzc1yz8ri5cc",
"version": "3.20.3"
},
"oktaasa": {
"owner": "oktadeveloper",
@ -857,10 +857,10 @@
"owner": "PaloAltoNetworks",
"provider-source-address": "registry.terraform.io/PaloAltoNetworks/panos",
"repo": "terraform-provider-panos",
"rev": "v1.9.1",
"sha256": "05jsap80dcgmncxa8xbx1hnrbpi9bxjz2k9jnfnws1pmbjxl94hf",
"rev": "v1.9.2",
"sha256": "03585rm434lcp6xk58185i78iv5fjd18z7nrdnbhxxy94yhhf335",
"vendorSha256": null,
"version": "1.9.1"
"version": "1.9.2"
},
"pass": {
"owner": "camptocamp",
@ -1001,10 +1001,10 @@
"owner": "spotinst",
"provider-source-address": "registry.terraform.io/spotinst/spotinst",
"repo": "terraform-provider-spotinst",
"rev": "v1.64.2",
"sha256": "0h47ik93lhb9mjg3ai9n76ya918h1mk3fyp70yr26rwc3rihvjm6",
"vendorSha256": "1lv305kamb3xnw3a2q45ndn7a88ifnh8j8ngv7awc41028j539w4",
"version": "1.64.2"
"rev": "v1.65.0",
"sha256": "1gk4v6lxa4k8za6c1zxrrrc6qw3ymsk46w97qhfri6y7vrc3vxh0",
"vendorSha256": "0xhzj8lmrh0mcpbxa7xkzhhgl3jfk6mz5adia0jgflgrx4wjaf38",
"version": "1.65.0"
},
"stackpath": {
"owner": "stackpath",
@ -1046,10 +1046,10 @@
"owner": "tencentcloudstack",
"provider-source-address": "registry.terraform.io/tencentcloudstack/tencentcloud",
"repo": "terraform-provider-tencentcloud",
"rev": "v1.60.26",
"sha256": "1diwiyfswmgqm1iizj228s2ysrnx4z3lqlq82a7gp0z9p8rzd0vs",
"rev": "v1.61.1",
"sha256": "1v6b8ldg6pkphqy5aphdhig1q3iizzfrj611k39lyk1q3q914yf4",
"vendorSha256": null,
"version": "1.60.26"
"version": "1.61.1"
},
"tfe": {
"owner": "hashicorp",
@ -1128,10 +1128,10 @@
"owner": "vmware",
"provider-source-address": "registry.terraform.io/vmware/vcd",
"repo": "terraform-provider-vcd",
"rev": "v3.5.0",
"sha256": "1sdcjizg0gip55042p0599wvjicibyx9kiymxq45af14yhnwqyv5",
"rev": "v3.5.1",
"sha256": "1fwkbsgnxn0jl84nji57grasdsbw0ydd7vzcllpv7r1z3jpa545q",
"vendorSha256": "0bzp6807l4hspk1c1pmgnzk0axk0nir3v0lqmw9xvkij4c5rnz9s",
"version": "3.5.0"
"version": "3.5.1"
},
"venafi": {
"deleteVendor": true,

14
pkgs/applications/networking/cluster/terraform/default.nix
View file

@ -160,20 +160,6 @@ rec {
# Constructor for other terraform versions
mkTerraform = attrs: pluggable (generic attrs);
terraform_0_12 = mkTerraform {
version = "0.12.31";
sha256 = "03p698xdbk5gj0f9v8v1fpd74zng3948dyy4f2hv7zgks9hid7fg";
patches = [
./provider-path.patch
(fetchpatch {
name = "fix-mac-mojave-crashes.patch";
url = "https://github.com/hashicorp/terraform/commit/cd65b28da051174a13ac76e54b7bb95d3051255c.patch";
sha256 = "1k70kk4hli72x8gza6fy3vpckdm3sf881w61fmssrah3hgmfmbrs";
})
];
passthru = { inherit plugins; };
};
terraform_0_13 = mkTerraform {
version = "0.13.7";
sha256 = "1cahnmp66dk21g7ga6454yfhaqrxff7hpwpdgc87cswyq823fgjn";

6
pkgs/applications/networking/cluster/terranix/default.nix
View file

@ -2,20 +2,20 @@
stdenv.mkDerivation rec {
pname = "terranix";
version = "2.5.0";
version = "2.5.3";
src = fetchFromGitHub {
owner = "mrVanDalo";
repo = "terranix";
rev = version;
sha256 = "sha256-HDiyJGgyDUoLnpL8N+wDm3cM/vEfYYc/p4N1kKH/kLk=";
sha256 = "sha256-Jhq0pkyF1KWJ6HgeWLoRfIxo7QHvOwwXzsIxZQgQtK4=";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/{bin,core,modules,lib}
mv bin core modules lib $out/
mv bin core modules lib share $out/
wrapProgram $out/bin/terranix-doc-json \
--prefix PATH : ${lib.makeBinPath [ jq nix ]}

5
pkgs/applications/networking/instant-messengers/element/element-desktop.nix
View file

@ -7,6 +7,7 @@
, fetchYarnDeps
, electron
, element-web
, sqlcipher
, callPackage
, Security
, AppKit
@ -78,7 +79,9 @@ mkYarnPackage rec {
ln -s "${desktopItem}/share/applications" "$out/share/applications"
# executable wrapper
# LD_PRELOAD workaround for sqlcipher not found: https://github.com/matrix-org/seshat/issues/102
makeWrapper '${electron_exec}' "$out/bin/${executableName}" \
--set LD_PRELOAD ${sqlcipher}/lib/libsqlcipher.so \
--add-flags "$out/share/element/electron${lib.optionalString useWayland " --enable-features=UseOzonePlatform --ozone-platform=wayland"}"
'';
@ -94,7 +97,7 @@ mkYarnPackage rec {
name = "element-desktop";
exec = "${executableName} %u";
icon = "element";
desktopName = "Element (Riot)";
desktopName = "Element";
genericName = "Matrix Client";
comment = meta.description;
categories = "Network;InstantMessaging;Chat;";

3
pkgs/applications/networking/instant-messengers/franz/generic.nix
View file

@ -24,6 +24,7 @@
, libnotify
, xdg-utils
, mesa
, libappindicator-gtk3
}:
# Helper function for building a derivation for Franz and forks.
@ -68,7 +69,7 @@ stdenv.mkDerivation rec {
expat
stdenv.cc.cc
];
runtimeDependencies = [ stdenv.cc.cc.lib (lib.getLib udev) libnotify ];
runtimeDependencies = [ stdenv.cc.cc.lib (lib.getLib udev) libnotify libappindicator-gtk3 ];
unpackPhase = "dpkg-deb -x $src .";

4
pkgs/applications/networking/instant-messengers/pidgin-plugins/purple-plugin-pack/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, pidgin, intltool, python } :
{ lib, stdenv, fetchurl, pidgin, intltool, python2 } :
stdenv.mkDerivation rec {
pname = "purple-plugin-pack";
@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
sha256 = "0g5hmy7fwgjq59j52h9yps28jsjjrfkd4r18gyx6hfd3g3kzbg1b";
};
buildInputs = [ pidgin intltool python ];
buildInputs = [ pidgin intltool python2 ];
meta = with lib; {
homepage = "https://bitbucket.org/rekkanoryo/purple-plugin-pack";

8
pkgs/applications/networking/instant-messengers/torchat/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, python, unzip, wxPython, wrapPython, tor }:
{ lib, stdenv, fetchFromGitHub, python2, unzip, tor }:
stdenv.mkDerivation rec {
pname = "torchat";
@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ unzip ];
buildInputs = [ python wxPython wrapPython ];
pythonPath = [ wxPython ];
buildInputs = with python2.pkgs; [ python wxPython wrapPython ];
pythonPath = with python2.pkgs; [ wxPython ];
preConfigure = "cd torchat/src; rm portable.txt";
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
mkdir -p $out/lib/torchat
cp -rf * $out/lib/torchat
makeWrapper ${python}/bin/python $out/bin/torchat \
makeWrapper ${python2}/bin/python $out/bin/torchat \
--set PYTHONPATH $out/lib/torchat:$program_PYTHONPATH \
--run "cd $out/lib/torchat" \
--add-flags "-O $out/lib/torchat/torchat.py"

6
pkgs/applications/networking/ipfs-cluster/default.nix
View file

@ -2,15 +2,15 @@
buildGoModule rec {
pname = "ipfs-cluster";
version = "0.14.1";
version = "0.14.4";
vendorSha256 = "sha256-vDNWYgWlM3kJqlHW/6Bj6P+t6M61TvOVRJwDN2p0mi4=";
vendorSha256 = "sha256-4j6aPs17YNXyPIRr5NshAPYIfNM08GlYV13jnGtJzQc=";
src = fetchFromGitHub {
owner = "ipfs";
repo = "ipfs-cluster";
rev = "v${version}";
sha256 = "sha256-GELCd12LhA4CBe9DRRBu4r+AwCksaRVIWcSAJScvnbk=";
sha256 = "sha256-82t3sHMKZiV6sYnW72N94qfRZ/aMkavj+hiAyg5viHQ=";
};
meta = with lib; {

6
pkgs/applications/networking/ipget/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "ipget";
version = "0.7.0";
version = "0.8.0";
src = fetchFromGitHub {
owner = "ipfs";
repo = "ipget";
rev = "v${version}";
sha256 = "sha256-YD05HIVr99b8VmEJgzY2ClNv31I98d0NbfCk3XcB+xk=";
sha256 = "sha256-qRPke8/CUmGX6v+8qv9JQCUC8T9pjwRRyGmBWvatsJ0=";
};
vendorSha256 = "sha256-bymHVWskCt7bf02CveMXl1VhZYhRSEH7xIoESh31iGg=";
vendorSha256 = "sha256-La9V5B+UDaOswh/R8ad4xsnCF5ewtF7G+uiqnarM4Mg=";
postPatch = ''
# main module (github.com/ipfs/ipget) does not contain package github.com/ipfs/ipget/sharness/dependencies

12
pkgs/development/python-modules/alot/default.nix → pkgs/applications/networking/mailreaders/alot/default.nix
View file

@ -1,9 +1,13 @@
{ lib, buildPythonPackage, python, fetchFromGitHub, isPy3k, pytestCheckHook
, notmuch2, urwid, urwidtrees, twisted, python_magic, configobj, mock, file, gpgme
, service-identity, gnupg, sphinx, gawk, procps, future , withManpage ? false
{ lib, python3, fetchFromGitHub, file, gnupg, gawk, notmuch, procps, withManpage ? false
}:
buildPythonPackage rec {
with python3.pkgs;
let
notmuch2 = callPackage ./notmuch.nix {
inherit notmuch;
};
in buildPythonApplication rec {
pname = "alot";
version = "0.10";
outputs = [ "out" ] ++ lib.optional withManpage "man";

0
pkgs/development/python-modules/notmuch/2.nix → pkgs/applications/networking/mailreaders/alot/notmuch.nix
View file

4
pkgs/development/python-modules/aiohttp-apispec/unstable.nix → pkgs/applications/networking/p2p/tribler/aiohttp-apispec.nix
View file

@ -3,8 +3,8 @@
}:
let
apispec3 = callPackage ../apispec/3.nix {};
jinja2 = callPackage ../jinja2/2.nix {};
apispec3 = callPackage ./apispec.nix {};
jinja2 = callPackage ../../../../development/python2-modules/jinja2 {};
in
buildPythonPackage rec {
pname = "aiohttp-apispec";

0
pkgs/development/python-modules/apispec/3.nix → pkgs/applications/networking/p2p/tribler/apispec.nix
View file

3
pkgs/applications/networking/p2p/tribler/default.nix
View file

@ -6,8 +6,7 @@ let
libtorrent = (python3.pkgs.toPythonModule (
libtorrent-rasterbar-1_2_x.override { python = python3; })).python;
aiohttp-apispec = python3.pkgs.callPackage
../../../../development/python-modules/aiohttp-apispec/unstable.nix { };
aiohttp-apispec = python3.pkgs.callPackage ./aiohttp-apispec.nix { };
in
stdenv.mkDerivation rec {
pname = "tribler";

5
pkgs/applications/networking/p2p/twister/default.nix
View file

@ -13,7 +13,10 @@ let
};
};
boostPython = boost.override { enablePython = true; };
boostPython = boost.override {
enablePython = true;
python = python2;
};
in stdenv.mkDerivation rec {
pname = "twister";

13
pkgs/applications/networking/ping/default.nix
View file

@ -1,4 +1,5 @@
{ lib, stdenv
{ lib
, stdenv
, fetchFromGitHub
, nix-update-script
, meson
@ -14,7 +15,6 @@
, libsoup
, libgee
, wrapGAppsHook
, vala_0_40
}:
stdenv.mkDerivation rec {
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
meson
ninja
vala_0_40
vala
pkg-config
python3
wrapGAppsHook
@ -65,5 +65,12 @@ stdenv.mkDerivation rec {
platforms = platforms.linux;
license = licenses.gpl3;
mainProgram = "com.github.jeremyvaartjes.ping";
# Does not build with vala 0.48 or later
# ../src/Application.vala:696.46-696.57: error: Assignment: Cannot convert from
# `GLib.HashTable<weak string,weak string>' to `GLib.HashTable<string,string>?'
# HashTable<string,string> tempDataList = Soup.Form.decode(testObjs[id].data);
# ^^^^^^^^^^^^
# Upstream has no activity since 28 Dec 2020
broken = true;
};
}

25
pkgs/applications/office/PageEdit/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, mkDerivation, fetchFromGitHub, cmake, qtsvg, qtwebengine, qttranslations }:
mkDerivation rec {
pname = "PageEdit";
version = "1.7.0";
src = fetchFromGitHub {
owner = "Sigil-Ebook";
repo = pname;
rev = version;
hash = "sha256-/t08ZS2iYWIDkco0nhACBQs1X+X77SJ/g+ow7KemfRY=";
};
nativeBuildInputs = [ cmake qttranslations ];
propagatedBuildInputs = [ qtsvg qtwebengine ];
cmakeFlags = "-DINSTALL_BUNDLED_DICTS=0";
meta = with lib; {
description = "ePub XHTML Visual Editor";
homepage = "https://sigil-ebook.com/pageedit/";
license = licenses.gpl3Plus;
maintainers = [ maintainers.pasqui23 ];
platforms = platforms.all;
};
}

4
pkgs/applications/office/notion-app-enhanced/default.nix
View file

@ -1,12 +1,12 @@
{ appimageTools, lib, fetchurl }:
let
pname = "notion-app-enhanced";
version = "2.0.16-5";
version = "2.0.18-1";
name = "${pname}-v${version}";
src = fetchurl {
url = "https://github.com/notion-enhancer/notion-repackaged/releases/download/v${version}/Notion-Enhanced-${version}.AppImage";
sha256 = "1v733b4clc9sjgb72fasmbqiyz26d09f3kmvd1nqshwp5d14dajz";
sha256 = "sha256-SqeMnoMzxxaViJ3NPccj3kyMc1xvXWULM6hQIDZySWY=";
};
appimageContents = appimageTools.extract { inherit name src; };

4
pkgs/applications/office/qownnotes/default.nix
View file

@ -5,13 +5,13 @@
mkDerivation rec {
pname = "qownnotes";
version = "21.12.8";
version = "22.1.7";
src = fetchurl {
url = "https://download.tuxfamily.org/${pname}/src/${pname}-${version}.tar.xz";
# Fetch the checksum of current version with curl:
# curl https://download.tuxfamily.org/qownnotes/src/qownnotes-<version>.tar.xz.sha256
sha256 = "sha256-iVcGJz4lxyn303ACYBUVm9cOYjVrETpyUapjAieMpqE=";
sha256 = "7ac13816e47e23e8469f47b6d48a29f7e98416de0fa9ef77eb3da63b191829f3";
};
nativeBuildInputs = [ qmake qttools ];

2
pkgs/applications/office/timeline/default.nix
View file

@ -18,7 +18,7 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = [ python3.pkgs.wrapPython copyDesktopItems ];
pythonPath = with python3.pkgs; [
wxPython_4_0 # not compatible with wxPython_4_1. reported upstream https://github.com/wxWidgets/Phoenix/issues/1956
wxPython_4_1
humblewx
icalendar
markdown

6
pkgs/applications/office/trilium/default.nix
View file

@ -19,16 +19,16 @@ let
maintainers = with maintainers; [ fliegendewurst ];
};
version = "0.49.4";
version = "0.49.5";
desktopSource = {
url = "https://github.com/zadam/trilium/releases/download/v${version}/trilium-linux-x64-${version}.tar.xz";
sha256 = "078w7jjkn8af3i0y0s236ky54h08b2wgzcaiakqiqx4gxdpf6jrq";
sha256 = "0bis0xkpcr8rvhm9364v0np5cnvkscv2fgl90f455lcwy7kk9m12";
};
serverSource = {
url = "https://github.com/zadam/trilium/releases/download/v${version}/trilium-linux-x64-server-${version}.tar.xz";
sha256 = "0hygdxb97373z5cn3s4wr66wc41w7a55kxjyb8alck1fl9l6agn1";
sha256 = "1wv9xz1asjadz1jzgpaxf6lzbj5azgsq0qpawp3y257h488r1z9k";
};
in {

Some files were not shown because too many files have changed in this diff Show more