dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
github-actions[bot] 2024-10-04 00:14:46 +00:00 committed by GitHub
commit 19ddd24728
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
70 changed files with 1659 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
maintainers/maintainer-list.nix
View File

@ -10753,6 +10753,13 @@
githubId = 46386452;
name = "Jeroen Wijenbergh";
};
jwillikers = {
email = "jordan@jwillikers.com";
github = "jwillikers";
githubId = 19399197;
name = "Jordan Williams";
keys = [ { fingerprint = "A6AB 406A F5F1 DE02 CEA3 B6F0 9FB4 2B0E 7F65 7D8C"; } ];
};
jwygoda = {
email = "jaroslaw@wygoda.me";
github = "jwygoda";

6
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -132,6 +132,8 @@
- [Gotenberg](https://gotenberg.dev), an API server for converting files to PDFs that can be used alongside Paperless-ngx. Available as [services.gotenberg](options.html#opt-services.gotenberg).
- [Suricata](https://suricata.io/), a free and open source, mature, fast and robust network threat detection engine. Available as [services.suricata](options.html#opt-services.suricata).
- [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
- [MenhirLib](https://gitlab.inria.fr/fpottier/menhir/-/tree/master/coq-menhirlib) A support library for verified Coq parsers produced by Menhir.
@ -167,6 +169,8 @@
- [Veilid](https://veilid.com), a headless server that enables privacy-focused data sharing and messaging on a peer-to-peer network. Available as [services.veilid](#opt-services.veilid.enable).
- [Fedimint](https://github.com/fedimint/fedimint), a module based system for building federated applications (Federated E-Cash Mint). Available as [services.fedimintd](#opt-services.fedimintd).
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
- The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details.
@ -638,6 +642,8 @@
- `nix.channel.enable = false` no longer implies `nix.settings.nix-path = []`.
Since Nix 2.13, a `nix-path` set in `nix.conf` cannot be overridden by the `NIX_PATH` configuration variable.
- ZFS now imports its pools in `postResumeCommands` rather than `postDeviceCommands`. If you had `postDeviceCommands` scripts that depended on ZFS pools being imported, those now need to be in `postResumeCommands`.
## Detailed migration information {#sec-release-24.11-migration}
### `sound` options removal {#sec-release-24.11-migration-sound}

1
nixos/modules/module-list.nix
View File

@ -1031,6 +1031,7 @@
./services/networking/expressvpn.nix
./services/networking/fakeroute.nix
./services/networking/fastnetmon-advanced.nix
./services/networking/fedimintd.nix
./services/networking/ferm.nix
./services/networking/firefox-syncserver.nix
./services/networking/fireqos.nix

4
nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix
View File

@ -21,8 +21,8 @@ in
};
leasesPath = mkOption {
type = types.path;
default = "/var/lib/misc/dnsmasq.leases";
example = "/var/lib/dnsmasq/dnsmasq.leases";
default = "/var/lib/dnsmasq/dnsmasq.leases";
example = "/var/lib/misc/dnsmasq.leases";
description = ''
Path to the `dnsmasq.leases` file.
'';

304
nixos/modules/services/networking/fedimintd.nix Normal file
View File

@ -0,0 +1,304 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
concatLists
filterAttrs
mapAttrs'
mapAttrsToList
mkEnableOption
mkIf
mkOption
mkOverride
mkPackageOption
nameValuePair
recursiveUpdate
types
;
fedimintdOpts =
{
config,
lib,
name,
...
}:
{
options = {
enable = mkEnableOption "fedimintd";
package = mkPackageOption pkgs "fedimint" { };
environment = mkOption {
type = types.attrsOf types.str;
description = "Extra Environment variables to pass to the fedimintd.";
default = {
RUST_BACKTRACE = "1";
};
example = {
RUST_LOG = "info,fm=debug";
RUST_BACKTRACE = "1";
};
};
p2p = {
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Opens port in firewall for fedimintd's p2p port";
};
port = mkOption {
type = types.port;
default = 8173;
description = "Port to bind on for p2p connections from peers";
};
bind = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Address to bind on for p2p connections from peers";
};
url = mkOption {
type = types.str;
example = "fedimint://p2p.myfedimint.com";
description = ''
Public address for p2p connections from peers
'';
};
};
api = {
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Opens port in firewall for fedimintd's api port";
};
port = mkOption {
type = types.port;
default = 8174;
description = "Port to bind on for API connections relied by the reverse proxy/tls terminator.";
};
bind = mkOption {
type = types.str;
default = "127.0.0.1";
description = "Address to bind on for API connections relied by the reverse proxy/tls terminator.";
};
url = mkOption {
type = types.str;
description = ''
Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`.
'';
};
};
bitcoin = {
network = mkOption {
type = types.str;
default = "signet";
example = "bitcoin";
description = "Bitcoin network to participate in.";
};
rpc = {
url = mkOption {
type = types.str;
default = "http://127.0.0.1:38332";
example = "signet";
description = "Bitcoin node (bitcoind/electrum/esplora) address to connect to";
};
kind = mkOption {
type = types.str;
default = "bitcoind";
example = "electrum";
description = "Kind of a bitcoin node.";
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
If set the URL specified in `bitcoin.rpc.url` will get the content of this file added
as an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`.
Example:
`/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default)
'';
};
};
};
consensus.finalityDelay = mkOption {
type = types.ints.unsigned;
default = 10;
description = "Consensus peg-in finality delay.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/fedimintd-${name}/";
readOnly = true;
description = ''
Path to the data dir fedimintd will use to store its data.
Note that due to using the DynamicUser feature of systemd, this value should not be changed
and is set to be read only.
'';
};
nginx = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to configure nginx for fedimintd
'';
};
fqdn = mkOption {
type = types.str;
example = "api.myfedimint.com";
description = "Public domain of the API address of the reverse proxy/tls terminator.";
};
config = mkOption {
type = types.submodule (
recursiveUpdate (import ../web-servers/nginx/vhost-options.nix {
inherit config lib;
}) { }
);
default = { };
description = "Overrides to the nginx vhost section for api";
};
};
};
};
in
{
options = {
services.fedimintd = mkOption {
type = types.attrsOf (types.submodule fedimintdOpts);
default = { };
description = "Specification of one or more fedimintd instances.";
};
};
config =
let
eachFedimintd = filterAttrs (fedimintdName: cfg: cfg.enable) config.services.fedimintd;
eachFedimintdNginx = filterAttrs (fedimintdName: cfg: cfg.nginx.enable) eachFedimintd;
in
mkIf (eachFedimintd != { }) {
networking.firewall.allowedTCPPorts = concatLists (
mapAttrsToList (
fedimintdName: cfg:
(lib.optional cfg.api.openFirewall cfg.api.port ++ lib.optional cfg.p2p.openFirewall cfg.p2p.port)
) eachFedimintd
);
systemd.services = mapAttrs' (
fedimintdName: cfg:
(nameValuePair "fedimintd-${fedimintdName}" (
let
startScript = pkgs.writeShellScript "fedimintd-start" (
(
if cfg.bitcoin.rpc.secretFile != null then
''
secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}")
prefix="''${FM_BITCOIN_RPC_URL%*@*}" # Everything before the last '@'
suffix="''${FM_BITCOIN_RPC_URL##*@}" # Everything after the last '@'
FM_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}"
''
else
""
)
+ ''
exec ${cfg.package}/bin/fedimintd
''
);
in
{
description = "Fedimint Server";
documentation = [ "https://github.com/fedimint/fedimint/" ];
wantedBy = [ "multi-user.target" ];
environment = lib.mkMerge [
{
FM_BIND_P2P = "${cfg.p2p.bind}:${toString cfg.p2p.port}";
FM_BIND_API = "${cfg.api.bind}:${toString cfg.api.port}";
FM_P2P_URL = cfg.p2p.url;
FM_API_URL = cfg.api.url;
FM_DATA_DIR = cfg.dataDir;
FM_BITCOIN_NETWORK = cfg.bitcoin.network;
FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.url;
FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind;
}
cfg.environment
];
serviceConfig = {
DynamicUser = true;
StateDirectory = "fedimintd-${fedimintdName}";
StateDirectoryMode = "0700";
ExecStart = startScript;
Restart = "always";
RestartSec = 10;
StartLimitBurst = 5;
UMask = "007";
LimitNOFILE = "100000";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "full";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
};
}
))
) eachFedimintd;
services.nginx.virtualHosts = mapAttrs' (
fedimintdName: cfg:
(nameValuePair cfg.nginx.fqdn (
lib.mkMerge [
cfg.nginx.config
{
# Note: we want by default to enable OpenSSL, but it seems anything 100 and above is
# overriden by default value from vhost-options.nix
enableACME = mkOverride 99 true;
forceSSL = mkOverride 99 true;
# Currently Fedimint API only support JsonRPC on `/ws/` endpoint, so no need to handle `/`
locations."/ws/" = {
proxyPass = "http://127.0.0.1:${toString cfg.api.port}/";
proxyWebsockets = true;
extraConfig = ''
proxy_pass_header Authorization;
'';
};
}
]
))
) eachFedimintdNginx;
};
meta.maintainers = with lib.maintainers; [ dpc ];
}

282
nixos/modules/services/networking/suricata/default.nix Normal file
View File

@ -0,0 +1,282 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.suricata;
pkg = cfg.package;
yaml = pkgs.formats.yaml { };
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
types
literalExpression
filterAttrsRecursive
concatStringsSep
strings
lists
mkIf
;
in
{
meta.maintainers = with lib.maintainers; [ felbinger ];
options.services.suricata = {
enable = mkEnableOption "Suricata";
package = mkPackageOption pkgs "suricata" { };
configFile = mkOption {
type = types.path;
visible = false;
default = pkgs.writeTextFile {
name = "suricata.yaml";
text = ''
%YAML 1.1
---
${builtins.readFile (
yaml.generate "suricata-settings-raw.yaml" (
filterAttrsRecursive (name: value: value != null) cfg.settings
)
)}
'';
};
description = ''
Configuration file for suricata.
It is not usual to override the default values; it is recommended to use `settings`.
If you want to include extra configuration to the file, use the `settings.includes`.
'';
};
settings = mkOption {
type = types.submodule (import ./settings.nix { inherit config lib yaml; });
example = literalExpression ''
vars.address-groups.HOME_NET = "192.168.178.0/24";
outputs = [
{
fast = {
enabled = true;
filename = "fast.log";
append = "yes";
};
}
{
eve-log = {
enabled = true;
filetype = "regular";
filename = "eve.json";
community-id = true;
types = [
{
alert.tagged-packets = "yes";
}
];
};
}
];
af-packet = [
{
interface = "eth0";
cluster-id = "99";
cluster-type = "cluster_flow";
defrag = "yes";
}
{
interface = "default";
}
];
af-xdp = [
{
interface = "eth1";
}
];
dpdk.interfaces = [
{
interface = "eth2";
}
];
pcap = [
{
interface = "eth3";
}
];
app-layer.protocols = {
telnet.enabled = "yes";
dnp3.enabled = "yes";
modbus.enabled = "yes";
};
'';
description = "Suricata settings";
};
enabledSources = mkOption {
type = types.listOf types.str;
# see: nix-shell -p suricata python3Packages.pyyaml --command 'suricata-update list-sources'
default = [
"et/open"
"etnetera/aggressive"
"stamus/lateral"
"oisf/trafficid"
"tgreen/hunting"
"sslbl/ja3-fingerprints"
"sslbl/ssl-fp-blacklist"
"malsilo/win-malware"
"pawpatrules"
];
description = ''
List of sources that should be enabled.
Currently sources which require a secret-code are not supported.
'';
};
disabledRules = mkOption {
type = types.listOf types.str;
# protocol dnp3 seams to be disabled, which causes the signature evaluation to fail, so we disable the
# dnp3 rules, see https://github.com/OISF/suricata/blob/master/rules/dnp3-events.rules for more details
default = [
"2270000"
"2270001"
"2270002"
"2270003"
"2270004"
];
description = ''
List of rules that should be disabled.
'';
};
};
config =
let
captureInterfaces =
let
inherit (lists) unique optionals;
in
unique (
map (e: e.interface) (
(optionals (cfg.settings.af-packet != null) cfg.settings.af-packet)
++ (optionals (cfg.settings.af-xdp != null) cfg.settings.af-xdp)
++ (optionals (
cfg.settings.dpdk != null && cfg.settings.dpdk.interfaces != null
) cfg.settings.dpdk.interfaces)
++ (optionals (cfg.settings.pcap != null) cfg.settings.pcap)
)
);
in
mkIf cfg.enable {
assertions = [
{
assertion = (builtins.length captureInterfaces) > 0;
message = ''
At least one capture interface must be configured:
- `services.suricata.settings.af-packet`
- `services.suricata.settings.af-xdp`
- `services.suricata.settings.dpdk.interfaces`
- `services.suricata.settings.pcap`
'';
}
];
boot.kernelModules = mkIf (cfg.settings.af-packet != null) [ "af_packet" ];
users = {
groups.${cfg.settings.run-as.group} = { };
users.${cfg.settings.run-as.user} = {
group = cfg.settings.run-as.group;
isSystemUser = true;
};
};
systemd.tmpfiles.rules = [
"d ${cfg.settings."default-log-dir"} 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}"
"d /var/lib/suricata 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}"
"d ${cfg.settings."default-rule-path"} 755 ${cfg.settings.run-as.user} ${cfg.settings.run-as.group}"
];
systemd.services = {
suricata-update = {
description = "Update Suricata Rules";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
script =
let
python = pkgs.python3.withPackages (ps: with ps; [ pyyaml ]);
enabledSourcesCmds = map (
src: "${python.interpreter} ${pkg}/bin/suricata-update enable-source ${src}"
) cfg.enabledSources;
in
''
${concatStringsSep "\n" enabledSourcesCmds}
${python.interpreter} ${pkg}/bin/suricata-update update-sources
${python.interpreter} ${pkg}/bin/suricata-update update --suricata-conf ${cfg.configFile} --no-test \
--disable-conf ${pkgs.writeText "suricata-disable-conf" "${concatStringsSep "\n" cfg.disabledRules}"}
'';
serviceConfig = {
Type = "oneshot";
PrivateTmp = true;
PrivateDevices = true;
PrivateIPC = true;
DynamicUser = true;
User = cfg.settings.run-as.user;
Group = cfg.settings.run-as.group;
ReadOnlyPaths = cfg.configFile;
ReadWritePaths = [
"/var/lib/suricata"
cfg.settings."default-rule-path"
];
};
};
suricata = {
description = "Suricata";
wantedBy = [ "multi-user.target" ];
after = [ "suricata-update.service" ];
serviceConfig =
let
interfaceOptions = strings.concatMapStrings (interface: " -i ${interface}") captureInterfaces;
in
{
ExecStartPre = "!${pkg}/bin/suricata -c ${cfg.configFile} -T";
ExecStart = "!${pkg}/bin/suricata -c ${cfg.configFile}${interfaceOptions}";
Restart = "on-failure";
User = cfg.settings.run-as.user;
Group = cfg.settings.run-as.group;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateIPC = true;
ProtectSystem = "strict";
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
ProtectHostname = true;
ProtectProc = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProcSubset = "pid";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
RemoveIPC = true;
ReadOnlyPaths = cfg.configFile;
ReadWritePaths = cfg.settings."default-log-dir";
RuntimeDirectory = "suricata";
};
};
};
};
}

625
nixos/modules/services/networking/suricata/settings.nix Normal file
View File

@ -0,0 +1,625 @@
{
lib,
config,
yaml,
...
}:
let
cfg = config.services.suricata;
inherit (lib)
mkEnableOption
mkOption
types
literalExpression
;
mkDisableOption =
name:
mkEnableOption name
// {
default = true;
example = false;
};
in
{
freeformType = yaml.type;
options = {
vars = mkOption {
type = types.nullOr (
types.submodule {
options = {
address-groups = mkOption {
type = (
types.submodule {
options = {
HOME_NET = mkOption { default = "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"; };
EXTERNAL_NET = mkOption { default = "!$HOME_NET"; };
HTTP_SERVERS = mkOption { default = "$HOME_NET"; };
SMTP_SERVERS = mkOption { default = "$HOME_NET"; };
SQL_SERVERS = mkOption { default = "$HOME_NET"; };
DNS_SERVERS = mkOption { default = "$HOME_NET"; };
TELNET_SERVERS = mkOption { default = "$HOME_NET"; };
AIM_SERVERS = mkOption { default = "$EXTERNAL_NET"; };
DC_SERVERS = mkOption { default = "$HOME_NET"; };
DNP3_SERVER = mkOption { default = "$HOME_NET"; };
DNP3_CLIENT = mkOption { default = "$HOME_NET"; };
MODBUS_CLIENT = mkOption { default = "$HOME_NET"; };
MODBUS_SERVER = mkOption { default = "$HOME_NET"; };
ENIP_CLIENT = mkOption { default = "$HOME_NET"; };
ENIP_SERVER = mkOption { default = "$HOME_NET"; };
};
}
);
default = { };
example = {
HOME_NET = "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]";
EXTERNAL_NET = "!$HOME_NET";
HTTP_SERVERS = "$HOME_NET";
SMTP_SERVERS = "$HOME_NET";
SQL_SERVERS = "$HOME_NET";
DNS_SERVERS = "$HOME_NET";
TELNET_SERVERS = "$HOME_NET";
AIM_SERVERS = "$EXTERNAL_NET";
DC_SERVERS = "$HOME_NET";
DNP3_SERVER = "$HOME_NET";
DNP3_CLIENT = "$HOME_NET";
MODBUS_CLIENT = "$HOME_NET";
MODBUS_SERVER = "$HOME_NET";
ENIP_CLIENT = "$HOME_NET";
ENIP_SERVER = "$HOME_NET";
};
description = ''
The address group variables for suricata, if not defined the
default value of suricata (see example) will be used.
Your settings will extend the predefined values in example.
'';
};
port-groups = mkOption {
type = with types; nullOr (attrsOf str);
default = {
HTTP_PORTS = "80";
SHELLCODE_PORTS = "!80";
ORACLE_PORTS = "1521";
SSH_PORTS = "22";
DNP3_PORTS = "20000";
MODBUS_PORTS = "502";
FILE_DATA_PORTS = "[$HTTP_PORTS,110,143]";
FTP_PORTS = "21";
GENEVE_PORTS = "6081";
VXLAN_PORTS = "4789";
TEREDO_PORTS = "3544";
};
description = ''
The port group variables for suricata.
'';
};
};
}
);
default = { }; # add default values to config
};
stats = mkOption {
type =
with types;
nullOr (submodule {
options = {
enable = mkEnableOption "suricata global stats";
interval = mkOption {
type = types.str;
default = "8";
description = ''
The interval field (in seconds) controls the interval at
which stats are updated in the log.
'';
};
decoder-events = mkOption {
type = types.bool;
default = true;
description = ''
Add decode events to stats
'';
};
decoder-events-prefix = mkOption {
type = types.str;
default = "decoder.event";
description = ''
Decoder event prefix in stats. Has been 'decoder' before, but that leads
to missing events in the eve.stats records.
'';
};
stream-events = mkOption {
type = types.bool;
default = false;
description = ''
Add stream events as stats.
'';
};
};
});
default = null; # do not add to config unless specified
};
plugins = mkOption {
type = with types; nullOr (listOf path);
default = null;
description = ''
Plugins -- Experimental -- specify the filename for each plugin shared object
'';
};
outputs = mkOption {
type =
with types;
nullOr (
listOf (
attrsOf (submodule {
freeformType = yaml.type;
options = {
enabled = mkEnableOption "<NAME>";
};
})
)
);
default = null;
example = literalExpression ''
[
{
fast = {
enabled = "yes";
filename = "fast.log";
append = "yes";
};
}
{
eve-log = {
enabled = "yes";
filetype = "regular";
filename = "eve.json";
community-id = true;
types = [
{
alert.tagged-packets = "yes";
}
];
};
}
];
'';
description = ''
Configure the type of alert (and other) logging you would like.
Valid values for <NAME> are e. g. `fast`, `eve-log`, `syslog`, `file-store`, ...
- `fast`: a line based alerts log similar to Snort's fast.log
- `eve-log`: Extensible Event Format (nicknamed EVE) event log in JSON format
For more details regarding the configuration, checkout the shipped suricata.yaml
```shell
nix-shell -p suricata yq coreutils-full --command 'yq < $(dirname $(which suricata))/../etc/suricata/suricata.yaml'
```
and the [suricata documentation](https://docs.suricata.io/en/latest/output/index.html).
'';
};
"default-log-dir" = mkOption {
type = types.str;
default = "/var/log/suricata";
description = ''
The default logging directory. Any log or output file will be placed here if it's
not specified with a full path name. This can be overridden with the -l command
line parameter.
'';
};
logging = {
"default-log-level" = mkOption {
type = types.enum [
"error"
"warning"
"notice"
"info"
"perf"
"config"
"debug"
];
default = "notice";
description = ''
The default log level: can be overridden in an output section.
Note that debug level logging will only be emitted if Suricata was
compiled with the --enable-debug configure option.
'';
};
"default-log-format" = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The default output format. Optional parameter, should default to
something reasonable if not provided. Can be overridden in an
output section. You can leave this out to get the default.
'';
};
"default-output-filter" = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
A regex to filter output. Can be overridden in an output section.
Defaults to empty (no filter).
'';
};
"stacktrace-on-signal" = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Requires libunwind to be available when Suricata is configured and built.
If a signal unexpectedly terminates Suricata, displays a brief diagnostic
message with the offending stacktrace if enabled.
'';
};
outputs = {
console = {
enable = mkDisableOption "logging to console";
};
file = {
enable = mkDisableOption "logging to file";
level = mkOption {
type = types.enum [
"error"
"warning"
"notice"
"info"
"perf"
"config"
"debug"
];
default = "info";
description = ''
Loglevel for logs written to the logfile
'';
};
filename = mkOption {
type = types.str;
default = "suricata.log";
description = ''
Filename of the logfile
'';
};
format = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Logformat for logs written to the logfile
'';
};
type = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Type of logfile
'';
};
};
syslog = {
enable = mkEnableOption "logging to syslog";
facility = mkOption {
type = types.str;
default = "local5";
description = ''
Facility to log to
'';
};
format = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Logformat for logs send to syslog
'';
};
type = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Type of logs send to syslog
'';
};
};
};
};
"af-packet" = mkOption {
type =
with types;
nullOr (
listOf (submodule {
freeformType = yaml.type;
options = {
interface = mkOption {
type = types.str;
default = null;
};
};
})
);
default = null;
description = ''
Linux high speed capture support
'';
};
"af-xdp" = mkOption {
type =
with types;
nullOr (
listOf (submodule {
freeformType = yaml.type;
options = {
interface = mkOption {
type = types.str;
default = null;
};
};
})
);
default = null;
description = ''
Linux high speed af-xdp capture support, see
[docs/capture-hardware/af-xdp](https://docs.suricata.io/en/suricata-7.0.3/capture-hardware/af-xdp.html)
'';
};
"dpdk" = mkOption {
type =
with types;
nullOr (submodule {
options = {
eal-params.proc-type = mkOption {
type = with types; nullOr str;
default = null;
};
interfaces = mkOption {
type =
with types;
nullOr (
listOf (submodule {
freeformType = yaml.type;
options = {
interface = mkOption {
type = types.str;
default = null;
};
};
})
);
default = null;
};
};
});
default = null;
description = ''
DPDK capture support, see
[docs/capture-hardware/dpdk](https://docs.suricata.io/en/suricata-7.0.3/capture-hardware/dpdk.html)
'';
};
"pcap" = mkOption {
type =
with types;
nullOr (
listOf (submodule {
freeformType = yaml.type;
options = {
interface = mkOption {
type = types.str;
default = null;
};
};
})
);
default = null;
description = ''
Cross platform libpcap capture support
'';
};
"pcap-file".checksum-checks = mkOption {
type = types.enum [
"yes"
"no"
"auto"
];
default = "auto";
description = ''
Possible values are:
- yes: checksum validation is forced
- no: checksum validation is disabled
- auto: Suricata uses a statistical approach to detect when
checksum off-loading is used. (default)
Warning: 'checksum-validation' must be set to yes to have checksum tested
'';
};
"app-layer" = mkOption {
type =
with types;
nullOr (submodule {
options = {
"error-policy" = mkOption {
type = types.enum [
"drop-flow"
"pass-flow"
"bypass"
"drop-packet"
"pass-packet"
"reject"
"ignore"
];
default = "ignore";
description = ''
The error-policy setting applies to all app-layer parsers. Values can be
"drop-flow", "pass-flow", "bypass", "drop-packet", "pass-packet", "reject" or
"ignore" (the default).
'';
};
protocols = mkOption {
type =
with types;
nullOr (
attrsOf (submodule {
freeformType = yaml.type;
options = {
enabled = mkOption {
type = types.enum [
"yes"
"no"
"detection-only"
];
default = "no";
description = ''
The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
'';
};
};
})
);
default = null;
};
};
});
default = null; # do not add to config unless specified
};
"run-as" = {
user = mkOption {
type = types.str;
default = "suricata";
description = "Run Suricata with a specific user-id";
};
group = mkOption {
type = types.str;
default = "suricata";
description = "Run Suricata with a specific group-id";
};
};
"host-mode" = mkOption {
type = types.enum [
"router"
"sniffer-only"
"auto"
];
default = "auto";
description = ''
If the Suricata box is a router for the sniffed networks, set it to 'router'. If
it is a pure sniffing setup, set it to 'sniffer-only'. If set to auto, the variable
is internally switched to 'router' in IPS mode and 'sniffer-only' in IDS mode.
This feature is currently only used by the reject* keywords.
'';
};
"unix-command" = mkOption {
type =
with types;
nullOr (submodule {
options = {
enabled = mkOption {
type = types.either types.bool (types.enum [ "auto" ]);
default = "auto";
};
filename = mkOption {
type = types.path;
default = "/run/suricata/suricata-command.socket";
};
};
});
default = { };
description = ''
Unix command socket that can be used to pass commands to Suricata.
An external tool can then connect to get information from Suricata
or trigger some modifications of the engine. Set enabled to yes
to activate the feature. In auto mode, the feature will only be
activated in live capture mode. You can use the filename variable to set
the file name of the socket.
'';
};
"exception-policy" = mkOption {
type = types.enum [
"auto"
"drop-packet"
"drop-flow"
"reject"
"bypass"
"pass-packet"
"pass-flow"
"ignore"
];
default = "auto";
description = ''
Define a common behavior for all exception policies.
In IPS mode, the default is drop-flow. For cases when that's not possible, the
engine will fall to drop-packet. To fallback to old behavior (setting each of
them individually, or ignoring all), set this to ignore.
All values available for exception policies can be used, and there is one
extra option: auto - which means drop-flow or drop-packet (as explained above)
in IPS mode, and ignore in IDS mode. Exception policy values are: drop-packet,
drop-flow, reject, bypass, pass-packet, pass-flow, ignore (disable).
'';
};
"default-rule-path" = mkOption {
type = types.path;
default = "/var/lib/suricata/rules";
description = "Path in which suricata-update managed rules are stored by default";
};
"rule-files" = mkOption {
type = types.listOf types.str;
default = [ "suricata.rules" ];
description = "Files to load suricata-update managed rules, relative to 'default-rule-path'";
};
"classification-file" = mkOption {
type = types.str;
default = "/var/lib/suricata/rules/classification.config";
description = "Suricata classification configuration file";
};
"reference-config-file" = mkOption {
type = types.str;
default = "${cfg.package}/etc/suricata/reference.config";
description = "Suricata reference configuration file";
};
"threshold-file" = mkOption {
type = types.str;
default = "${cfg.package}/etc/suricata/threshold.config";
description = "Suricata threshold configuration file";
};
includes = mkOption {
type = with types; nullOr (listOf path);
default = null;
description = ''
Files to include in the suricata configuration. See
[docs/configuration/suricata-yaml](https://docs.suricata.io/en/suricata-7.0.3/configuration/suricata-yaml.html)
for available options.
'';
};
};
}

2
nixos/tests/all-tests.nix
View File

@ -322,6 +322,7 @@ in {
fancontrol = handleTest ./fancontrol.nix {};
fanout = handleTest ./fanout.nix {};
fcitx5 = handleTest ./fcitx5 {};
fedimintd = runTest ./fedimintd.nix;
fenics = handleTest ./fenics.nix {};
ferm = handleTest ./ferm.nix {};
ferretdb = handleTest ./ferretdb.nix {};
@ -942,6 +943,7 @@ in {
sudo = handleTest ./sudo.nix {};
sudo-rs = handleTest ./sudo-rs.nix {};
sunshine = handleTest ./sunshine.nix {};
suricata = handleTest ./suricata.nix {};
suwayomi-server = handleTest ./suwayomi-server.nix {};
swap-file-btrfs = handleTest ./swap-file-btrfs.nix {};
swap-partition = handleTest ./swap-partition.nix {};

37
nixos/tests/fedimintd.nix Normal file
View File

@ -0,0 +1,37 @@
# This test runs the fedimintd and verifies that it starts
{ pkgs, ... }:
{
name = "fedimintd";
meta = with pkgs.lib.maintainers; {
maintainers = [ dpc ];
};
nodes.machine =
{ ... }:
{
services.fedimintd."mainnet" = {
enable = true;
p2p = {
url = "fedimint://example.com";
};
api = {
url = "wss://example.com";
};
environment = {
"FM_REL_NOTES_ACK" = "0_4_xyz";
};
};
};
testScript =
{ nodes, ... }:
''
start_all()
machine.wait_for_unit("fedimintd-mainnet.service")
machine.wait_for_open_port(${toString nodes.machine.services.fedimintd.mainnet.api.port})
'';
}

86
nixos/tests/suricata.nix Normal file
View File

@ -0,0 +1,86 @@
import ./make-test-python.nix (
{ lib, pkgs, ... }:
{
name = "suricata";
meta.maintainers = with lib.maintainers; [ felbinger ];
nodes = {
ids = {
imports = [
../modules/profiles/minimal.nix
../modules/services/networking/suricata/default.nix
];
networking.interfaces.eth1 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
};
# disable suricata-update because this requires an Internet connection
systemd.services.suricata-update.enable = false;
# install suricata package to make suricatasc program available
environment.systemPackages = with pkgs; [ suricata ];
services.suricata = {
enable = true;
settings = {
vars.address-groups.HOME_NET = "192.168.1.0/24";
unix-command.enabled = true;
outputs = [ { fast.enabled = true; } ];
af-packet = [ { interface = "eth1"; } ];
classification-file = "${pkgs.suricata}/etc/suricata/classification.config";
};
};
# create suricata.rules with the rule to detect the output of the id command
systemd.tmpfiles.rules = [
''f /var/lib/suricata/rules/suricata.rules 644 suricata suricata 0 alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:2100498; rev:7; metadata:created_at 2010_09_23, updated_at 2019_07_26;)''
];
};
helper = {
imports = [ ../modules/profiles/minimal.nix ];
networking.interfaces.eth1 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.1.1";
prefixLength = 24;
}
];
};
services.nginx = {
enable = true;
virtualHosts."localhost".locations = {
"/id/".return = "200 'uid=0(root) gid=0(root) groups=0(root)'";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
testScript = ''
start_all()
# check that configuration has been applied correctly with suricatasc
with subtest("suricata configuration test"):
ids.wait_for_unit("suricata.service")
assert '1' in ids.succeed("suricatasc -c 'iface-list' | ${pkgs.jq}/bin/jq .message.count")
# test detection of events based on a static ruleset (output of id command)
with subtest("suricata rule test"):
helper.wait_for_unit("nginx.service")
ids.wait_for_unit("suricata.service")
ids.succeed("curl http://192.168.1.1/id/")
assert "id check returned root [**] [Classification: Potentially Bad Traffic]" in ids.succeed("tail -n 1 /var/log/suricata/fast.log"), "Suricata didn't detect the output of id comment"
'';
}
)

6
pkgs/applications/audio/songrec/default.nix
View File

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "songrec";
version = "0.4.2";
version = "0.4.3";
src = fetchFromGitHub {
owner = "marin-m";
repo = pname;
rev = version;
hash = "sha256-S44gtyz6L6uaLm3q75y8S4NJb77Vfy+Sd+J06IroHIM=";
hash = "sha256-pTonrxlYvfuLRKMXW0Lao4KCoNFlMzE9rH+hwpa60JY=";
};
cargoHash = "sha256-f2xAWh+y0Jw7QVLZBkajMLN3ocCyRsR480ai7+07LM4=";
cargoHash = "sha256-2BXUZD63xzHpUi8lk2fV5qBmeq6Gzpq0uEcKfbReANI=";
nativeBuildInputs = [ pkg-config ];

8
pkgs/applications/editors/vim/plugins/overrides.nix
View File

@ -587,19 +587,19 @@ in
cord-nvim =
let
version = "2024-07-19";
version = "0-unstable-2024-09-26";
src = fetchFromGitHub {
owner = "vyfor";
repo = "cord.nvim";
rev = "cd97c25320fb0a672b11bcd95d8332bb3088ecce";
hash = "sha256-66NtKteM1mvHP5wAU4e9JbsF+bq91lmCDcTh/6RPhoo=";
rev = "a26b00d58c42174aadf975917b49cec67650545f";
hash = "sha256-jUxBvWnj0+axuw2SZ2zLzlhZS0tu+Bk8+wHtXENofkw=";
};
extension = if stdenv.hostPlatform.isDarwin then "dylib" else "so";
rustPackage = rustPlatform.buildRustPackage {
pname = "cord.nvim-rust";
inherit version src;
cargoHash = "sha256-6FYf4pHEPxvhKHHPmkjQ40zPxaiypnpDxF8kNH+h+tg=";
cargoHash = "sha256-M5mTdBACTaUVZhPpMOf1KQ3BcQpEoD2isAKRn+iAWjc=";
installPhase = let
cargoTarget = stdenv.hostPlatform.rust.cargoShortTarget;

14
pkgs/applications/editors/vscode/extensions/equinusocio.vsc-material-theme/default.nix
View File

@ -4,22 +4,16 @@ vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vsc-material-theme";
publisher = "Equinusocio";
version = "34.3.1";
hash = "sha256-3yxFTMtjJR1b4EzBDfm55HF9chrya5OUF5wN+KHEduE=";
version = "34.7.5";
hash = "sha256-6YMr64MTtJrmMMMPW/s6hMh/IilDqLMrspKRPT4uSpM=";
};
# extensions wants to write at the /nix/store path, so we patch it to use the globalStorageUri instead.
prePatch = ''
substituteInPlace ./build/core/extension-manager.js \
--replace-fail "path_1.posix.join(extensionFolderUri.path, env_1.USER_CONFIG_FILE_NAME)" "path_1.posix.join(ExtensionContext.globalStorageUri.fsPath, env_1.USER_CONFIG_FILE_NAME)"
'';
meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/Equinusocio.vsc-material-theme/changelog";
description = "Most epic theme now for Visual Studio Code";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=Equinusocio.vsc-material-theme";
homepage = "https://github.com/material-theme/vsc-material-theme";
license = licenses.asl20;
homepage = "https://www.material-theme.dev/";
license = licenses.unfree;
maintainers = with maintainers; [ stunkymonkey ];
};
}

42
pkgs/applications/misc/slweb/default.nix
View File

@ -1,42 +0,0 @@
{ lib
, stdenv
, fetchFromSourcehut
, redo-apenwarr
, testers
}:
stdenv.mkDerivation (finalAttrs: {
pname = "slweb";
version = "0.9.0";
src = fetchFromSourcehut {
owner = "~strahinja";
repo = "slweb";
rev = "v${finalAttrs.version}";
hash = "sha256-QDHcp5pCmapgOlJpDDyyC12JOfh/biDyF6O+iKGbOGg=";
};
nativeBuildInputs = [ redo-apenwarr ];
installPhase = ''
runHook preInstall
export FALLBACKVER=${finalAttrs.version}
PREFIX=$out redo install
runHook postInstall
'';
enableParallelBuilding = true;
passthru.tests.version = testers.testVersion {
package = finalAttrs.finalPackage;
};
meta = with lib; {
description = "Static website generator which aims at being simplistic";
homepage = "https://strahinja.srht.site/slweb/";
license = licenses.gpl3Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ GaetanLepage ];
mainProgram = "slweb";
};
})

12
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -1,11 +1,11 @@
{
stable = {
chromedriver = {
hash_darwin = "sha256-m5kuSeaK4v8GtjlqJOP3isN/o+9uOxPuSEegi0nYaOM=";
hash_darwin = "sha256-cWY8P3D+PrIlbEdMYPp+4cFQZfOLbGeebC1Glg53Sx4=";
hash_darwin_aarch64 =
"sha256-9WQH8Z7v3PtFKHA6bsrXgCJDWevh1YPjPyDp7M/xhlI=";
hash_linux = "sha256-dp060EKhFI4aRTBGLB8PyqeOj25Ov5Bd29KyESUDcwQ=";
version = "129.0.6668.70";
"sha256-Tu11SCTlB+8/ao0uS7AbknB5WuvN+cw/gHiyL6xKH1o=";
hash_linux = "sha256-Da+xaXNNP8eRccq87LBxMb+2oXJ4WRGLdWoCAhG2yAQ=";
version = "129.0.6668.89";
};
deps = {
gn = {
@ -15,8 +15,8 @@
version = "2024-08-19";
};
};
hash = "sha256-L9h9jbwEMcUi/cu7FP2O/6wD0Br/3SzWCazu7m9ua+o=";
version = "129.0.6668.70";
hash = "sha256-+n9LjRLFvVB/pYkSrRCxln/Xn2paFyoY+mJGD73NtII=";
version = "129.0.6668.89";
};
ungoogled-chromium = {
deps = {

4
pkgs/applications/networking/cluster/arkade/default.nix
View File

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "arkade";
version = "0.11.26";
version = "0.11.27";
src = fetchFromGitHub {
owner = "alexellis";
repo = "arkade";
rev = version;
hash = "sha256-p3rLQQwuJ/5AUzsQfGA9JSoifYaG4vAE2NaNfTf6/uk=";
hash = "sha256-5/QAtaAAiIzpvOl43A4OqnIcKlfdxehGjmCREFRKXTs=";
};
CGO_ENABLED = 0;

4
pkgs/applications/networking/cluster/opentofu/default.nix
View File

@ -14,13 +14,13 @@
let
package = buildGoModule rec {
pname = "opentofu";
version = "1.8.2";
version = "1.8.3";
src = fetchFromGitHub {
owner = "opentofu";
repo = "opentofu";
rev = "v${version}";
hash = "sha256-kBI3Jgi4fDOx5bknTMlcI2K3LxKj6Q4dunbG9N33Ps0=";
hash = "sha256-+1ctvUz1Prhon+w5fGO+IQCYl7uEMZwAYMfQut7fmO4=";
};
vendorHash = "sha256-cM2DSP2ss3vleUhPBIdyxKeWJxtHpdjL5b5HVS/iC6o=";

4
pkgs/applications/networking/cluster/tf-summarize/default.nix
View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "tf-summarize";
version = "0.3.10";
version = "0.3.11";
src = fetchFromGitHub {
owner = "dineshba";
repo = "tf-summarize";
rev = "v${version}";
hash = "sha256-OmGJgy36Jv7/kyGg2y1cNS1r6n1C/plfC0s6q08Wox4=";
hash = "sha256-HXmFxbYfzEp6hxdmvNcSI+8zM3wh7pVpFjquwP/t4PU=";
};
vendorHash = "sha256-nfontEgMj2qPbrM35iR7b65qrkWHCMY1v944iYdNLG8=";

4
pkgs/applications/networking/cluster/zarf/default.nix
View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "zarf";
version = "0.39.0";
version = "0.40.1";
src = fetchFromGitHub {
owner = "defenseunicorns";
repo = "zarf";
rev = "v${version}";
hash = "sha256-ATC+eoM3B21iG/ih31vlxBjnJ6zwmuxOLiw4nHKTp4o=";
hash = "sha256-tSMaDb8lflkedDa5ICXthqMpWBkHg+UQ20aTrF4+hUQ=";
};
vendorHash = "sha256-7G+gROPw8Ab6iGMr7vnmC7jAm7jLPd5pbLOkKqDKIDc=";

13
pkgs/applications/science/logic/btor2tools/default.nix
View File

@ -21,11 +21,24 @@ stdenv.mkDerivation rec {
cp -v lib/libbtor2parser.* $lib/lib
'';
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
# make sure shared libraries are present and program can be executed
$out/bin/btorsim -h > /dev/null
runHook postInstallCheck
'';
outputs = [ "out" "dev" "lib" ];
cmakeFlags = [
# RPATH of binary /nix/store/.../bin/btorsim contains a forbidden reference to /build/
"-DCMAKE_SKIP_BUILD_RPATH=ON"
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
"-DCMAKE_BUILD_WITH_INSTALL_NAME_DIR=ON"
];
meta = with lib; {

4
pkgs/applications/version-management/git-town/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "git-town";
version = "16.2.1";
version = "16.3.0";
src = fetchFromGitHub {
owner = "git-town";
repo = "git-town";
rev = "v${version}";
hash = "sha256-/60n/JvT7XRfEVic6Jmi05WpsAy4mRsE/GAnetTMC1I=";
hash = "sha256-q4bRUz6ZI6y0AYEDMUBMN1YJxmHkIDDkUiMd4rQbDHk=";
};
vendorHash = null;

6
pkgs/applications/version-management/gql/default.nix
View File

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "gql";
version = "0.27.0";
version = "0.28.0";
src = fetchFromGitHub {
owner = "AmrDeveloper";
repo = "GQL";
rev = version;
hash = "sha256-/cL/Ts5RbClGqs5D93RTC7A5fr6Ca1c1sNbVZE4zK+E=";
hash = "sha256-BA94Q8nRf4NptVBHSMYLMEklB9vHaXRU1+o7shXhkZQ=";
};
cargoHash = "sha256-o9eTOauQF5sf8UPyG0os2NQLsNkAIUOGhmMsZo6Kncw=";
cargoHash = "sha256-L+o0ZhTI7x01DpGuhWrvzvSZDYHc++31svWTJ41qx90=";
nativeBuildInputs = [
pkg-config

3
pkgs/applications/video/kodi/addons/iagl/default.nix
View File

@ -1,4 +1,4 @@
{ lib, buildKodiAddon, fetchFromGitHub, dateutil, requests, routing, vfs-libarchive, archive_tool, youtube }:
{ lib, buildKodiAddon, fetchFromGitHub, dateutil, requests, routing, vfs-libarchive, archive_tool, youtube, infotagger }:
buildKodiAddon rec {
pname = "iagl";
@ -19,6 +19,7 @@ buildKodiAddon rec {
vfs-libarchive
archive_tool
youtube
infotagger
];
meta = with lib; {

4
pkgs/applications/video/kodi/addons/radioparadise/default.nix
View File

@ -3,11 +3,11 @@
buildKodiAddon rec {
pname = "radioparadise";
namespace = "script.radioparadise";
version = "2.0.0";
version = "2.0.1";
src = fetchzip {
url = "https://mirrors.kodi.tv/addons/${lib.toLower rel}/script.radioparadise/script.radioparadise-${version}.zip";
sha256 = "sha256-eRCP0XMQHmyDrZ8Y6RGFfxQ1r26/bWbE/PJz4PET7D8=";
sha256 = "sha256-osQoOFr1vyTgZdlq1gNmhhDY37e+4SFqN3uX3yT8NQE=";
};
propagatedBuildInputs = [

4
pkgs/applications/video/kodi/addons/youtube/default.nix
View File

@ -3,13 +3,13 @@
buildKodiAddon rec {
pname = "youtube";
namespace = "plugin.video.youtube";
version = "7.0.9.2";
version = "7.1.0";
src = fetchFromGitHub {
owner = "anxdpanic";
repo = "plugin.video.youtube";
rev = "v${version}";
hash = "sha256-42BBvXIrPAAhNgrGyPTK5dgg2DACPTT6/jRUoYcihFA=";
hash = "sha256-I3dSGcPQVVhn4RO8CHtn3FG2dheSv4XiDO7w+MtTjRU=";
};
propagatedBuildInputs = [

6
pkgs/by-name/ai/aiken/package.nix
View File

@ -10,16 +10,16 @@
rustPlatform.buildRustPackage rec {
pname = "aiken";
version = "1.1.3";
version = "1.1.4";
src = fetchFromGitHub {
owner = "aiken-lang";
repo = "aiken";
rev = "v${version}";
hash = "sha256-n373MgPjJzP+yRSQLA07RijFBjbRItK/nX8k7SJ6ITE=";
hash = "sha256-PTC7qn8Z1PGcBTNK5MtMvThIEhmAqTj23B/cHHhiDFE=";
};
cargoHash = "sha256-gQ7DfYyVF6Gk8N+spBd97BWxTwydq+lDbnCsVPPzWLU=";
cargoHash = "sha256-p//1TZJ6sJUUDPPpxRBKL7w7MBTUQppbQedj2x4T17w=";
buildInputs =
[ openssl ]

9
pkgs/by-name/ar/arcan/package.nix
View File

@ -2,6 +2,7 @@
lib,
SDL2,
callPackage,
fetchpatch2,
cmake,
espeak-ng,
ffmpeg,
@ -60,6 +61,14 @@
stdenv.mkDerivation (finalAttrs: {
inherit (sources.letoram-arcan) pname version src;
patches = [
# (encode) remove deprecated use of pts/channel-layout
(fetchpatch2 {
url = "https://github.com/letoram/arcan/commit/e717c1b5833bdc2dea7dc6f64eeaf39c683ebd26.patch?full_index=1";
hash = "sha256-nUmOWfphGtGiLehUa78EJWqTlD7SvqJgl8lnn90vTFU=";
})
];
nativeBuildInputs = [
cmake
makeWrapper

4
pkgs/by-name/ar/arcan/sources.nix
View File

@ -6,13 +6,13 @@
letoram-arcan = let
self = {
pname = "arcan";
version = "0.6.3";
version = "0.6.3.3";
src = fetchFromGitHub {
owner = "letoram";
repo = "arcan";
rev = self.version;
hash = "sha256-ZSKOkNrFa2QgmXmmXnLkB1pehmVJbEFVeNs43Z2DSKo=";
hash = "sha256-YH3VGU3gSR5gqHnAlA2vrzU8vasKd0hOpc+2ludnV+Y=";
};
};
in

6
pkgs/by-name/cp/cpuinfo/package.nix
View File

@ -10,13 +10,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "cpuinfo";
version = "0-unstable-2024-09-11";
version = "0-unstable-2024-09-26";
src = fetchFromGitHub {
owner = "pytorch";
repo = "cpuinfo";
rev = "a5ff6df40ce528721cfc310c7ed43946d77404d5";
hash = "sha256-JbIEQ6jFprbMpeH8IBhuRo3VXxo8a32lmT4yfxSIEj0=";
rev = "1e83a2fdd3102f65c6f1fb602c1b320486218a99";
hash = "sha256-28cFACca+NYE8oKlP5aWXNCLeEjhWqJ6gRnFI+VxDvg=";
};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch" ]; };

22
pkgs/by-name/go/google-chrome/package.nix
View File

@ -44,6 +44,7 @@
nss,
pango,
pipewire,
vulkan-loader,
wayland, # ozone/wayland
# Command line programs
@ -152,6 +153,7 @@ let
speechd-minimal
systemd
util-linux
vulkan-loader
wayland
wget
]
@ -164,11 +166,11 @@ let
linux = stdenv.mkDerivation (finalAttrs: {
inherit pname meta passthru;
version = "129.0.6668.58";
version = "129.0.6668.89";
src = fetchurl {
url = "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${finalAttrs.version}-1_amd64.deb";
hash = "sha256-lFYGwpdicvp+E4S+sw4+3uFQSwGKvhyFenBZMVgVnMo=";
hash = "sha256-7siTsIW29x4XZ+Zut9b5BFSTtc5tuhxusxnkJPouG1w=";
};
# With strictDeps on, some shebangs were not being patched correctly
@ -209,9 +211,12 @@ let
exe=$out/bin/google-chrome-$dist
mkdir -p $out/bin $out/share
cp -v -a opt/* $out/share
cp -v -a usr/share/* $out/share
cp -a opt/* $out/share
cp -a usr/share/* $out/share
# replace bundled vulkan-loader
rm -v $out/share/google/$appname/libvulkan.so.1
ln -v -s -t "$out/share/google/$appname" "${lib.getLib vulkan-loader}/lib/libvulkan.so.1"
substituteInPlace $out/share/google/$appname/google-$appname \
--replace-fail 'CHROME_WRAPPER' 'WRAPPER'
@ -247,6 +252,9 @@ let
--add-flags "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" \
--add-flags ${lib.escapeShellArg commandLineArgs}
# Make sure that libGL and libvulkan are found by ANGLE libGLESv2.so
patchelf --set-rpath $rpath $out/share/google/$appname/lib*GL*
for elf in $out/share/google/$appname/{chrome,chrome-sandbox,chrome_crashpad_handler}; do
patchelf --set-rpath $rpath $elf
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $elf
@ -258,11 +266,11 @@ let
darwin = stdenvNoCC.mkDerivation (finalAttrs: {
inherit pname meta passthru;
version = "129.0.6668.59";
version = "129.0.6668.90";
src = fetchurl {
url = "http://dl.google.com/release2/chrome/acinjqjzbtmzhvrebvzymzvzfaoq_129.0.6668.59/GoogleChrome-129.0.6668.59.dmg";
hash = "sha256-02J3TpcAsCvsB71C8/bfgIxiqcGIxjKiTWR32On66+g=";
url = "http://dl.google.com/release2/chrome/n4gcpoygckhm4y53qwq7lkpnqu_129.0.6668.90/GoogleChrome-129.0.6668.90.dmg";
hash = "sha256-viQSX8ogY5ywPqgVmMToHdZysxLuC8U78UJ9fIUrGCs=";
};
dontPatch = true;

6
pkgs/by-name/hu/hugo/package.nix
View File

@ -10,16 +10,16 @@
buildGoModule rec {
pname = "hugo";
version = "0.134.3";
version = "0.135.0";
src = fetchFromGitHub {
owner = "gohugoio";
repo = "hugo";
rev = "refs/tags/v${version}";
hash = "sha256-rdXiuFWMB+cTK5mhtpabWq8Uf9ihDnkHNG1JnD3rLKE=";
hash = "sha256-WCWaEVD2HON6feOev9HBfpqBWYIFmfevu6LH0OMtv2Q=";
};
vendorHash = "sha256-oDa5uWQ/vFSmTNwZ3zsYtsuLCzddV9DeaEGx5krwWRE=";
vendorHash = "sha256-XIFgmT0VyhRrUNfwy85Ac7YIO9fij0KqVmqb/s3IDVg=";
doCheck = false;

4
pkgs/by-name/lo/logiops/package.nix
View File

@ -12,13 +12,13 @@
stdenv.mkDerivation (oldAttrs: {
pname = "logiops";
version = "0.3.4";
version = "0.3.5";
src = fetchFromGitHub {
owner = "PixlOne";
repo = "logiops";
rev = "v${oldAttrs.version}";
hash = "sha256-IL7jQA3lGhxVLYCFRgeXdadaBlQr+Op9cedHBlLUCWY=";
hash = "sha256-GAnlPqjIFGyOWwYFs7gth2m9ITc1jyiaW0sWwQ2zFOs=";
# In v0.3.0, the `ipcgull` submodule was added as a dependency
# https://github.com/PixlOne/logiops/releases/tag/v0.3.0
fetchSubmodules = true;

4
pkgs/by-name/lx/lxgw-wenkai-tc/package.nix
View File

@ -5,10 +5,10 @@
stdenvNoCC.mkDerivation rec {
pname = "lxgw-wenkai-tc";
version = "1.330";
version = "1.500";
src = fetchurl {
url = "https://github.com/lxgw/LxgwWenKaiTC/releases/download/v${version}/lxgw-wenkai-tc-v${version}.tar.gz";
hash = "sha256-qpX5shH1HbGMa287u/R1rMFgQeAUC0wwKFVD+QSTyho=";
hash = "sha256-GuGIRgBQTmlKmarEVFmZ2RgYtlw6mz3nfFdWbjlm934=";
};
installPhase = ''

4
pkgs/by-name/nz/nzbhydra2/package.nix
View File

@ -10,11 +10,11 @@
}:
stdenv.mkDerivation rec {
pname = "nzbhydra2";
version = "7.6.0";
version = "7.7.0";
src = fetchzip {
url = "https://github.com/theotherp/nzbhydra2/releases/download/v${version}/nzbhydra2-${version}-generic.zip";
hash = "sha256-EMp7bR3VCFWgg32ddUzAIEVINIeGXq8qBiIp3G/YI0I=";
hash = "sha256-8Q/aTMwHFy7OG+VyoSRYlXp4l247nUSPP0YCMkv9Cec=";
stripRoot = false;
};

6
pkgs/by-name/pi/pietrasanta-traceroute/package.nix
View File

@ -7,13 +7,13 @@
stdenv.mkDerivation rec {
pname = "pietrasanta-traceroute";
version = "0.0.5-unstable-2024-06-11";
version = "0.0.5-unstable-2024-09-06";
src = fetchFromGitHub {
owner = "catchpoint";
repo = "Networking.traceroute";
rev = "5b9f9cd2cbd5b8d90442d4ddb71ab788297e2153";
hash = "sha256-/WsBh42brVCRP31LnCPS34kRaQKMvP+XEENyD5MjCfw=";
rev = "e4a5cf94dccd646e03b9b75a762e9b014e3a3128";
hash = "sha256-5FbuITewgSh6UFUU1vttkokk8uZ2IrzkDwsCuWJPKlM=";
};
passthru.updateScript = unstableGitUpdater { };

6
pkgs/by-name/pr/proto/package.nix
View File

@ -10,16 +10,16 @@
rustPlatform.buildRustPackage rec {
pname = "proto";
version = "0.41.1";
version = "0.41.3";
src = fetchFromGitHub {
owner = "moonrepo";
repo = "proto";
rev = "v${version}";
hash = "sha256-IQKFQvWEPB5yssvdHl6gGmgxkbXzpRhU6hqaTLsQizE=";
hash = "sha256-FkuHKfrMH+l/k9lfFhbG619KoDIxmEYwoaniHSPF8hQ=";
};
cargoHash = "sha256-SvdfTiyJhJ4w9aBiElh9zgug8hNwiX7xUjtYFjykJqc=";
cargoHash = "sha256-vll9ckegcECmzoOkTCe2q2M1r4s5JlUnv2DtzJEQ7bY=";
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
darwin.apple_sdk.frameworks.SystemConfiguration

4
pkgs/by-name/pr/proton-ge-bin/package.nix
View File

@ -6,11 +6,11 @@
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "proton-ge-bin";
version = "GE-Proton9-13";
version = "GE-Proton9-15";
src = fetchzip {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${finalAttrs.version}/${finalAttrs.version}.tar.gz";
hash = "sha256-/KaFYCLvojxH3coiJaArXMPIIwW5qzK+I0bGyt7oBNY=";
hash = "sha256-WeqntQxez6XPRZxpPNUAQ8/7sw6TzOKU1yrtPHmQNh0=";
};
outputs = [

6
pkgs/by-name/se/sendme/package.nix
View File

@ -7,16 +7,16 @@
rustPlatform.buildRustPackage rec {
pname = "sendme";
version = "0.16.0";
version = "0.17.0";
src = fetchFromGitHub {
owner = "n0-computer";
repo = pname;
rev = "v${version}";
hash = "sha256-nDYsNaR3NQ6ut6gtHwEoiwhj4B4Bac5+NOOq3H2NCYY=";
hash = "sha256-YnabQ8YHDsFYu5RX3E2NvPARsl+qn4688q9KxZ5Fegc=";
};
cargoHash = "sha256-U2/GUpWtpTX+RCBojh3N6DsWB0gjFkH1mGA+AS+fH+o=";
cargoHash = "sha256-yD40QKceLjtq80K6I98bT27sCAkCnkRkfE3m4eGjueU=";
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin (
with darwin.apple_sdk.frameworks; [

41
pkgs/by-name/sl/slweb/package.nix Normal file
View File

@ -0,0 +1,41 @@
{
lib,
stdenv,
fetchFromSourcehut,
versionCheckHook,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "slweb";
version = "0.10.1";
src = fetchFromSourcehut {
owner = "~strahinja";
repo = "slweb";
rev = "v${finalAttrs.version}";
hash = "sha256-AJg8qgbNUKizU0uyTnq9EviIXOUuaGvQowLAyTWhGTY=";
};
postPatch = ''
substituteInPlace config.mk \
--replace-fail "/usr/local" "$out"
'';
env = {
FALLBACKVER = finalAttrs.version;
};
nativeInstallCheckInputs = [
versionCheckHook
];
doInstallCheck = true;
meta = {
description = "Static website generator which aims at being simplistic";
homepage = "https://strahinja.srht.site/slweb/";
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ GaetanLepage ];
mainProgram = "slweb";
};
})

6
pkgs/by-name/te/tex-fmt/package.nix
View File

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "tex-fmt";
version = "0.4.3";
version = "0.4.4";
src = fetchFromGitHub {
owner = "WGUNDERWOOD";
repo = "tex-fmt";
rev = "refs/tags/v${version}";
hash = "sha256-Atq/eyvdAuaUEeYDIC5D9icD44mcvuhsyuctYAPrBSU=";
hash = "sha256-o8TlD0qxz/0sS45tnBNXYNDzp+VAhH3Ym1odSleD/uw=";
};
cargoHash = "sha256-ShF2Z5Od/pgsNRM6WmxxFeE67pYZin1q4RR6nVmbrsA=";
cargoHash = "sha256-N3kCeBisjeOAG45QPQhplGRAvj5kebEX4U9pisM/GUQ=";
meta = {
description = "LaTeX formatter written in Rust";

4
pkgs/by-name/wa/waagent/package.nix
View File

@ -13,12 +13,12 @@ let
in
python.pkgs.buildPythonApplication rec {
pname = "waagent";
version = "2.11.1.4";
version = "2.11.1.12";
src = fetchFromGitHub {
owner = "Azure";
repo = "WALinuxAgent";
rev = "refs/tags/v${version}";
hash = "sha256-5V9js9gGkIsdGYrQQK/V6tPfL9lh2Cht4llOKBVTyOM=";
hash = "sha256-1MaPjz9hWb/kJxuyJAUWPk065vpSyx2jq1ZSlDB4yFo=";
};
patches = [
# Suppress the following error when waagent tries to configure sshd:

52
pkgs/by-name/wl/wlink/package.nix Normal file
View File

@ -0,0 +1,52 @@
{
stdenv,
lib,
rustPlatform,
fetchCrate,
pkg-config,
libusb1,
udev,
nix-update-script,
testers,
wlink,
}:
rustPlatform.buildRustPackage rec {
pname = "wlink";
version = "0.0.9";
src = fetchCrate {
inherit pname version;
hash = "sha256-Jr494jsw9nStU88j1rHc3gyQR1jcMfDIyQ2u0SwkXt0=";
};
cargoHash = "sha256-rPiSEfRFESYxFOat92oMUABvmz0idZu/I1S7I3g5BgY=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
libusb1
udev
];
passthru = {
updateScript = nix-update-script { };
tests.version = testers.testVersion {
package = wlink;
};
};
meta = with lib; {
description = "WCH-Link flash tool for WCH's RISC-V MCUs(CH32V, CH56X, CH57X, CH58X, CH59X, CH32L103, CH32X035, CH641, CH643)";
homepage = "https://github.com/ch32-rs/wlink";
changelog = "https://github.com/ch32-rs/wlink/releases/tag/v${version}";
license = with licenses; [
mit # or
asl20
];
platforms = with platforms; linux ++ darwin ++ windows;
broken = !stdenv.hostPlatform.isLinux;
maintainers = with maintainers; [ jwillikers ];
mainProgram = "wlink";
};
}

4
pkgs/development/libraries/mesa/common.nix
View File

@ -5,14 +5,14 @@
# nix build .#legacyPackages.x86_64-darwin.mesa .#legacyPackages.aarch64-darwin.mesa
rec {
pname = "mesa";
version = "24.2.3";
version = "24.2.4";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "mesa";
repo = "mesa";
rev = "mesa-${version}";
hash = "sha256-DcDeqOd5U/jgTRWpCsNNsPT9UJ9wAJJEGjFVz1gKAUY=";
hash = "sha256-pgyvgMHImWO+b4vpCCe4+zOI98XCqcG8NRWpIcImGUk=";
};
meta = {

6
pkgs/development/python-modules/aiohttp-basicauth/default.nix
View File

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "aiohttp-basicauth";
version = "1.0.0";
version = "1.1.0";
format = "setuptools";
disabled = pythonOlder "3.6";
@ -18,8 +18,8 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "romis2012";
repo = "aiohttp-basicauth";
rev = "v${version}";
hash = "sha256-UaRzauHmBHYwXFqRwDn1py79BScqq5j5SWALM4dQBP4=";
rev = "refs/tags/v${version}";
hash = "sha256-DjwrMlkVVceA5kDzm0c/on0VMOxyMMA3Hu4Y2Tiu0lI=";
};
propagatedBuildInputs = [ aiohttp ];

4
pkgs/development/python-modules/aiomealie/default.nix
View File

@ -17,7 +17,7 @@
buildPythonPackage rec {
pname = "aiomealie";
version = "0.9.2";
version = "0.9.3";
pyproject = true;
disabled = pythonOlder "3.11";
@ -26,7 +26,7 @@ buildPythonPackage rec {
owner = "joostlek";
repo = "python-mealie";
rev = "refs/tags/v${version}";
hash = "sha256-rvizMeV1+tsBQiZl2Am4SjLrFkyhR/SvvLFwOTVP6wI=";
hash = "sha256-FJhmipWE3DE4PRWkEq8/j9iz9HQ7G7J5I9hwjU6e3FA=";
};
build-system = [ poetry-core ];

4
pkgs/development/python-modules/array-api-compat/default.nix
View File

@ -18,14 +18,14 @@
buildPythonPackage rec {
pname = "array-api-compat";
version = "1.8";
version = "1.9";
pyproject = true;
src = fetchFromGitHub {
owner = "data-apis";
repo = "array-api-compat";
rev = "refs/tags/${version}";
hash = "sha256-DZs51yWgeMX7lmzR6jily0S3MRD4AVlk7BP8aU99Zp8=";
hash = "sha256-azd98kJtW8QKizfOr670pyr44BHNkWCO7BMFg3zr23g=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/pathos/default.nix
View File

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "pathos";
version = "0.3.2";
version = "0.3.3";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "uqfoundation";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-b4HCiAvBGkFMxWh2PHC2kZ9G4PsQqVhKeIxLBKj09jU=";
hash = "sha256-J3rwnsn/3DXmChydwNC5yvsdSk1mzvPSnSo21BwkhSE=";
};
propagatedBuildInputs = [

1
pkgs/development/python-modules/pdm-backend/default.nix
View File

@ -46,6 +46,7 @@ buildPythonPackage rec {
# tests require a configured git identity
export HOME=$TMPDIR
git config --global user.name nixbld
git config --global user.email nixbld@localhost
'';

4
pkgs/development/python-modules/pychromecast/default.nix
View File

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "pychromecast";
version = "14.0.1";
version = "14.0.2";
pyproject = true;
disabled = pythonOlder "3.11";
@ -20,7 +20,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "PyChromecast";
inherit version;
hash = "sha256-4W4Kf5SIMZGRuLT6IcoL60vxLu2lyb9kAkEYjyvqCj4=";
hash = "sha256-CSxl9CGZG8pWUzi8YaDBSGHEfg9cCmWRml6T8C39Bxo=";
};
postPatch = ''

4
pkgs/development/python-modules/pysigma-backend-insightidr/default.nix
View File

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "pysigma-backend-insightidr";
version = "0.2.3";
version = "0.2.4";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "SigmaHQ";
repo = "pySigma-backend-insightidr";
rev = "refs/tags/v${version}";
hash = "sha256-wQMnnJ0KU+53MS3PIBkwIhUiyUdCrDbdUT6upk2Pp/8=";
hash = "sha256-dc25zDYQeU9W9qwrRz7zsM2wOl8kMapDvwFhB6VOwhY=";
};
nativeBuildInputs = [

5
pkgs/development/python-modules/tinygrad/default.nix
View File

@ -67,6 +67,11 @@ buildPythonPackage rec {
substituteInPlace tinygrad/runtime/autogen/opencl.py \
--replace-fail "ctypes.util.find_library('OpenCL')" "'${ocl-icd}/lib/libOpenCL.so'"
''
# Patch `clang` directly in the source file
+ ''
substituteInPlace tinygrad/runtime/ops_clang.py \
--replace-fail "'clang'" "'${lib.getExe clang}'"
''
+ lib.optionalString rocmSupport ''
substituteInPlace tinygrad/runtime/autogen/hip.py \
--replace-fail "/opt/rocm/lib/libamdhip64.so" "${rocmPackages.clr}/lib/libamdhip64.so" \

4
pkgs/development/tools/analysis/ikos/default.nix
View File

@ -20,13 +20,13 @@
stdenv.mkDerivation rec {
pname = "ikos";
version = "3.3";
version = "3.4";
src = fetchFromGitHub {
owner = "NASA-SW-VnV";
repo = "ikos";
rev = "v${version}";
hash = "sha256-4/M0fyqvzdr0aBPCUuLiBgqMOrHEmikkIjQMB9KSrdo=";
hash = "sha256-xJuSpQHShggDqLVQaj0a0fEPOWUFIrbGmxazu4FKISs=";
};
nativeBuildInputs = [

6
pkgs/development/tools/bazelisk/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "bazelisk";
version = "1.21.0";
version = "1.22.0";
src = fetchFromGitHub {
owner = "bazelbuild";
repo = pname;
rev = "v${version}";
sha256 = "sha256-p5K0VYPAjorlwJx7GB2r7M/KGUzD3jyOp4dLkw11/tc=";
sha256 = "sha256-KD8lh3N9GFlht+HtcuE3i20noVha0lT21a5pSS3zbTw=";
};
vendorHash = "sha256-wMCJnbu9pKBujTvZ4rvxgJdB7l7Z6vB6eyem35Ghz0Q=";
vendorHash = "sha256-zoiQ69y0EicH9Jq2XYn+fttKHZY64GD4m/Edk+kle9M=";
doCheck = false;

6
pkgs/development/tools/heroku/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation {
pname = "heroku";
version = "9.2.1";
version = "9.3.0";
src = fetchzip {
url = "https://cli-assets.heroku.com/versions/9.2.1/6e4f307/heroku-v9.2.1-6e4f307-linux-x64.tar.xz";
hash = "sha256-9MeZx4LmKyh3DSIz+ZZVY/qpFDqk5oE4P/MIUQPmRb8=";
url = "https://cli-assets.heroku.com/versions/9.3.0/65eb66a/heroku-v9.3.0-65eb66a-linux-x64.tar.xz";
hash = "sha256-4k/HLSB4o1BnzG7dPW20ejSFYmJ8o9eVrJWCdXrqC/Q=";
};
nativeBuildInputs = [ makeWrapper ];

4
pkgs/development/tools/language-servers/ccls/default.nix
View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
pname = "ccls";
version = "0.20240202";
version = "0.20240505";
src = fetchFromGitHub {
owner = "MaskRay";
repo = "ccls";
rev = version;
sha256 = "sha256-xVx3+cnmIdoA7R1S31EaiPj+DOTqkINoQeMgauW61Ys=";
sha256 = "sha256-YZeP6sHYLNvlf49mvtymxHuH1lmIkqcanpqVMzeLeFQ=";
};
nativeBuildInputs = [ cmake llvmPackages.llvm.dev ];

6
pkgs/development/tools/misc/planus/default.nix
View File

@ -7,15 +7,15 @@
rustPlatform.buildRustPackage rec {
pname = "planus";
version = "0.4.0";
version = "1.0.0";
src = fetchCrate {
pname = "planus-cli";
inherit version;
hash = "sha256-KpX4KSA2MjfRS8M0WVYpY4hoSvOOB7MUz7YKZwEGqj8=";
hash = "sha256-HbnuLu1yCpwouDVBH/vcFVLDMZWeqHH6qHFJoTbaS9Y=";
};
cargoHash = "sha256-yT/ZK5GG0rXpiaCQlQclK2iY8BXhhmiW/UDX9aL8wBQ=";
cargoHash = "sha256-AJtQrImQlxnp1RbbOZHAJsvlhm39OlC5WyvD5jybMAY=";
nativeBuildInputs = [
installShellFiles

6
pkgs/development/tools/opcr-policy/default.nix
View File

@ -5,15 +5,15 @@
buildGoModule rec {
pname = "opcr-policy";
version = "0.2.18";
version = "0.2.19";
src = fetchFromGitHub {
owner = "opcr-io";
repo = "policy";
rev = "v${version}";
sha256 = "sha256-Q/2r8mqz820mEQD7o9qzC1TPMrRH0f6nr1jgRQAEj/Y=";
sha256 = "sha256-A5dqKbQhdJlSOU7qxC8xrCCSXK5yGmDsoVWfgWKl2TE=";
};
vendorHash = "sha256-C6Y+R2q1ZRbeFN1qY109fikkzvcUsBfDn4CYCrKrLKI=";
vendorHash = "sha256-ASR8Y/L8ub0w36fO+UpJ5ZpijP+YCLVbRtnhzvMNj9U=";
ldflags = [ "-s" "-w" "-X github.com/opcr-io/policy/pkg/version.ver=${version}" ];

6
pkgs/development/tools/rust/cargo-mutants/default.nix
View File

@ -7,16 +7,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-mutants";
version = "24.7.1";
version = "24.9.0";
src = fetchFromGitHub {
owner = "sourcefrog";
repo = "cargo-mutants";
rev = "v${version}";
hash = "sha256-56IIMifv5epThXeWtQbNLwee1IQ52SPKik4hsHlnv6w=";
hash = "sha256-fMw3Whyl+zTPpDTdYpwvzMQtSdr42ueEvkdmRI0N2aA=";
};
cargoHash = "sha256-VRkhDgKunSUOz2/U4oC2t0YrDh5l48z4luevMazfj6o=";
cargoHash = "sha256-+vI/HPw0oe9K0kWpJXGBM0r7oVBh3+RJzSwklaywa54=";
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
darwin.apple_sdk.frameworks.SystemConfiguration

6
pkgs/development/tools/rust/cargo-zigbuild/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-zigbuild";
version = "0.19.2";
version = "0.19.3";
src = fetchFromGitHub {
owner = "messense";
repo = pname;
rev = "v${version}";
hash = "sha256-O3Sg7wVNqTH8uhBSlVpmPNmFv+JC9/tw3G0LcOYUzKc=";
hash = "sha256-fVsYQjv+DjGCWv/dAk8S8GcEtDIdaxb1yXAqCpTm0sQ=";
};
cargoHash = "sha256-C0TpZZ/CJgNx0sB920/0yJW3iY4tPF6M70bveS1Ux24=";
cargoHash = "sha256-R5jv8hFHdhS6MoU5oHleN5B7k2RPX7GhJMwym8kYAYY=";
nativeBuildInputs = [ makeWrapper ];

6
pkgs/servers/misc/gobgpd/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "gobgpd";
version = "3.29.0";
version = "3.30.0";
src = fetchFromGitHub {
owner = "osrg";
repo = "gobgp";
rev = "refs/tags/v${version}";
hash = "sha256-mTg3eN5ZmzQxItPq8ghPpFafr6zF+nliofGEKShnH88=";
hash = "sha256-UB3LYXRr6GnqVCRwAxnwqBCkOtor3mC4k73kPesZs0g=";
};
vendorHash = "sha256-wrgRQwisOHAhvRbvGXMW5VWkQuEifCwCo3usuxLie4A=";
vendorHash = "sha256-FYLH1Ej8Bm0+tS5Ikj1CPF+1t5opmzee8iHRZSW94Yk=";
postConfigure = ''
export CGO_ENABLED=0

11
pkgs/tools/X11/xpra/default.nix
View File

@ -1,6 +1,5 @@
{ lib
, fetchFromGitHub
, substituteAll
, pkg-config
, runCommand
, writeText
@ -38,6 +37,7 @@
, xdg-utils
, xorg
, xorgserver
, xxHash
}:
let
@ -70,20 +70,16 @@ let
'';
in buildPythonApplication rec {
pname = "xpra";
version = "5.0.9";
version = "6.1.2";
src = fetchFromGitHub {
owner = "Xpra-org";
repo = "xpra";
rev = "v${version}";
hash = "sha256-gwo5plCAryGC8/BKVEqyMkgB+3FM8HXG6sESomDOtNM=";
hash = "sha256-SmX0zwScyosiidBdW18vP3tV7BJfYfOmXwuRUbb+gX8=";
};
patches = [
(substituteAll { # correct hardcoded paths
src = ./fix-paths.patch;
inherit libfakeXinerama;
})
./fix-41106.patch # https://github.com/NixOS/nixpkgs/issues/41106
./fix-122159.patch # https://github.com/NixOS/nixpkgs/issues/122159
];
@ -137,6 +133,7 @@ in buildPythonApplication rec {
pango
x264
x265
xxHash
] ++ lib.optional withNvenc nvencHeaders;
propagatedBuildInputs = with python3.pkgs; ([

18
pkgs/tools/X11/xpra/fix-122159.patch
View File

@ -1,16 +1,18 @@
diff --git a/xpra/scripts/main.py b/xpra/scripts/main.py
index 58c8bf6464..36f4b3cd3d 100755
index 7806612e05..4c7a0ec2dd 100755
--- a/xpra/scripts/main.py
+++ b/xpra/scripts/main.py
@@ -389,11 +389,7 @@ def run_mode(script_file:str, cmdline, error_cb, options, args, mode:str, defaul
@@ -444,13 +444,7 @@ def run_mode(script_file: str, cmdline, error_cb, options, args, full_mode: str,
"seamless", "desktop", "shadow", "shadow-screen", "expand",
"upgrade", "upgrade-seamless", "upgrade-desktop",
) and not display_is_remote and use_systemd_run(options.systemd_run):
- #make sure we run via the same interpreter,
- #inject it into the command line if we have to:
) and not display_is_remote and options.daemon and use_systemd_run(options.systemd_run):
- # make sure we run via the same interpreter,
- # inject it into the command line if we have to:
argv = list(cmdline)
- if argv[0].find("python")<0:
- argv.insert(0, "python%i.%i" % (sys.version_info.major, sys.version_info.minor))
return systemd_run_wrap(mode, argv, options.systemd_run_args, user=getuid()!=0)
- if argv[0].find("python") < 0:
- major, minor = sys.version_info.major, sys.version_info.minor
- python = which("python%i.%i" % (major, minor)) or which("python%i" % major) or which("python") or "python"
- argv.insert(0, python)
return systemd_run_wrap(mode, argv, options.systemd_run_args, user=getuid() != 0)
configure_env(options.env)
configure_logging(options, mode)

14
pkgs/tools/X11/xpra/fix-41106.patch
View File

@ -1,11 +1,11 @@
diff --git a/xpra/server/server_util.py b/xpra/server/server_util.py
index 2e83712bb8..2dd0bf73d2 100644
--- a/xpra/server/server_util.py
+++ b/xpra/server/server_util.py
@@ -166,6 +166,10 @@ def xpra_env_shell_script(socket_dir, env : Dict[str,str]) -> str:
return "\n".join(script)
diff --git a/xpra/server/util.py b/xpra/server/util.py
index 401a9fb959..678e2ce745 100644
--- a/xpra/server/util.py
+++ b/xpra/server/util.py
@@ -175,6 +175,10 @@ def xpra_env_shell_script(socket_dir: str, env: dict[str, str]) -> str:
def xpra_runner_shell_script(xpra_file:str, starting_dir:str) -> str:
def xpra_runner_shell_script(xpra_file: str, starting_dir: str) -> str:
+ # Nixpkgs contortion:
+ # xpra_file points to a shell wrapper, not to the python script.
+ dirname, basename = os.path.split(xpra_file)

37
pkgs/tools/X11/xpra/fix-paths.patch
View File

@ -1,37 +0,0 @@
diff --git a/xpra/x11/fakeXinerama.py b/xpra/x11/fakeXinerama.py
index a5289e0e43..527cdf90c9 100755
--- a/xpra/x11/fakeXinerama.py
+++ b/xpra/x11/fakeXinerama.py
@@ -23,31 +23,7 @@ fakeXinerama_config_files = [
]
def find_libfakeXinerama():
- libname = "fakeXinerama"
- try:
- from ctypes.util import find_library
- flibname = find_library("fakeXinerama")
- if flibname:
- libname = flibname
- except Exception:
- pass
- if POSIX:
- for lib_dir in os.environ.get("LD_LIBRARY_PATH", "/usr/lib").split(os.pathsep):
- lib_path = os.path.join(lib_dir, libname)
- if not os.path.exists(lib_dir):
- continue
- if os.path.exists(lib_path) and os.path.isfile(lib_path):
- return lib_path
- if LINUX:
- try:
- libpath = find_lib_ldconfig("fakeXinerama")
- if libpath:
- return libpath
- except Exception as e:
- log("find_libfakeXinerama()", exc_info=True)
- log.error("Error: cannot launch ldconfig -p to locate libfakeXinerama:")
- log.estr(e)
- return find_lib("libfakeXinerama.so.1")
+ return "@libfakeXinerama@/lib/libfakeXinerama.so.1.0"
current_xinerama_config = None

4
pkgs/tools/admin/scalr-cli/default.nix
View File

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "scalr-cli";
version = "0.15.5";
version = "0.16.0";
src = fetchFromGitHub {
owner = "Scalr";
repo = "scalr-cli";
rev = "v${version}";
hash = "sha256-RXfUlpwlDNAZRJTbbE+n8mReVyrWxUsWkOGaaALz0Q4=";
hash = "sha256-9osB3bsc8IvH1ishG9uiIUnAwC1yZd0rFhiZdzYucI8=";
};
vendorHash = "sha256-0p4f+KKD04IFAUQG8F3b+2sx9suYemt3wbgSNNOOIlk=";

45
pkgs/tools/filesystems/moosefs/default.nix
View File

@ -1,11 +1,13 @@
{ lib, stdenv
, fetchFromGitHub
, python3
, fuse
, pkg-config
, libpcap
, zlib
, nixosTests
{
lib,
stdenv,
fetchFromGitHub,
python3,
fuse,
pkg-config,
libpcap,
zlib,
nixosTests,
}:
stdenv.mkDerivation rec {
@ -23,12 +25,18 @@ stdenv.mkDerivation rec {
pkg-config
];
buildInputs =
[ fuse libpcap zlib python3 ];
buildInputs = [
fuse
libpcap
zlib
python3
];
strictDeps = true;
buildFlags = lib.optionals stdenv.hostPlatform.isDarwin [ "CPPFLAGS=-UHAVE_STRUCT_STAT_ST_BIRTHTIME" ];
buildFlags = lib.optionals stdenv.hostPlatform.isDarwin [
"CPPFLAGS=-UHAVE_STRUCT_STAT_ST_BIRTHTIME"
];
# Fix the build on macOS with macFUSE installed
postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''
@ -48,13 +56,18 @@ stdenv.mkDerivation rec {
doCheck = true;
passthru.tests = { inherit (nixosTests) moosefs; };
passthru.tests = {
inherit (nixosTests) moosefs;
};
meta = with lib; {
meta = {
homepage = "https://moosefs.com";
description = "Open Source, Petabyte, Fault-Tolerant, Highly Performing, Scalable Network Distributed File System";
platforms = platforms.unix;
license = licenses.gpl2Only;
maintainers = [ maintainers.mfossen ];
platforms = lib.platforms.unix;
license = lib.licenses.gpl2Only;
maintainers = with lib.maintainers; [
mfossen
markuskowa
];
};
}

6
pkgs/tools/networking/gobgp/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "gobgp";
version = "3.29.0";
version = "3.30.0";
src = fetchFromGitHub {
owner = "osrg";
repo = "gobgp";
rev = "v${version}";
sha256 = "sha256-mTg3eN5ZmzQxItPq8ghPpFafr6zF+nliofGEKShnH88=";
sha256 = "sha256-UB3LYXRr6GnqVCRwAxnwqBCkOtor3mC4k73kPesZs0g=";
};
vendorHash = "sha256-wrgRQwisOHAhvRbvGXMW5VWkQuEifCwCo3usuxLie4A=";
vendorHash = "sha256-FYLH1Ej8Bm0+tS5Ikj1CPF+1t5opmzee8iHRZSW94Yk=";
postConfigure = ''
export CGO_ENABLED=0

4
pkgs/tools/networking/pritunl-ssh/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "pritunl-ssh";
version = "1.0.3219.78";
version = "1.0.3231.6";
src = fetchFromGitHub {
owner = "pritunl";
repo = "pritunl-zero-client";
rev = version;
sha256 = "sha256-ksTfgt1AWs8hgUR9w6aWv5MDXeORgYNWYZgAFUqj++s=";
sha256 = "sha256-kccc8ZDh3S/Ko/MaBd5u0UxMNIbg5dhvRuecJuE3D6c=";
};
buildInputs = [ python3 ];

6
pkgs/tools/security/gowitness/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "gowitness";
version = "3.0.3";
version = "3.0.4";
src = fetchFromGitHub {
owner = "sensepost";
repo = "gowitness";
rev = "refs/tags/${version}";
hash = "sha256-yKG4qLjeZThFEMqMnUv4ryvM2e3uH5GLuVP3oa6XHtE=";
hash = "sha256-ygnYqX8il0nDvF5+jd52CypmHH8iiLMlOZWdoTsR0ig=";
};
vendorHash = "sha256-PjbC10Dh3tDF0mP2k4ei6ZSS3ND2wAaB1+Llmj37TR8=";
vendorHash = "sha256-2hG+93LzJ+kUVCOXFGk83Asvn7zLWq2BSqrq+eOJhQ0=";
ldflags = [
"-s"

2
pkgs/top-level/all-packages.nix
View File

@ -30180,8 +30180,6 @@ with pkgs;
sleep-on-lan = callPackage ../tools/networking/sleep-on-lan { };
slweb = callPackage ../applications/misc/slweb { };
sonixd = callPackage ../applications/audio/sonixd { };
sonobus = callPackage ../applications/audio/sonobus { };