dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2024-06-22 00:13:41 +00:00 committed by GitHub
commit 690b82a743
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
505 changed files with 4686 additions and 2642 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -67,6 +67,9 @@
/nixos/lib/make-disk-image.nix @raitobezarius
# Nix, the package manager
# @raitobezarius is not "code owner", but is listed here to be notified of changes
# pertaining to the Nix package manager.
# i.e. no authority over those files.
pkgs/tools/package-management/nix/ @raitobezarius
nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius

38
doc/build-helpers/special/makesetuphook.section.md
View File

@ -9,22 +9,40 @@ pkgs.makeSetupHook {
name = "something-hook";
propagatedBuildInputs = [ pkgs.commandsomething ];
depsTargetTargetPropagated = [ pkgs.libsomething ];
} ./script.sh
} ./script.sh;
```
### setup hook that depends on the hello package and runs hello and @shell@ is substituted with path to bash {#sec-pkgs.makeSetupHook-usage-example}
```nix
pkgs.makeSetupHook {
pkgs.makeSetupHook
{
name = "run-hello-hook";
propagatedBuildInputs = [ pkgs.hello ];
substitutions = { shell = "${pkgs.bash}/bin/bash"; };
passthru.tests.greeting = callPackage ./test { };
meta.platforms = lib.platforms.linux;
} (writeScript "run-hello-hook.sh" ''
#!@shell@
hello
'')
# Put dependencies here if they have hooks or necessary dependencies propagated
# otherwise prefer direct paths to executables.
propagatedBuildInputs = [
pkgs.hello
pkgs.cowsay
];
substitutions = {
shell = "${pkgs.bash}/bin/bash";
cowsay = "${pkgs.cowsay}/bin/cowsay";
};
}
(
writeScript "run-hello-hook.sh" ''
#!@shell@
# the direct path to the executable has to be here because
# this will be run when the file is sourced
# at which point '$PATH' has not yet been populated with inputs
@cowsay@ cow
_printHelloHook() {
hello
}
preConfigureHooks+=(_printHelloHook)
''
);
```
## Attributes {#sec-pkgs.makeSetupHook-attributes}

2
doc/languages-frameworks/dart.section.md
View File

@ -101,7 +101,7 @@ See the [Dart documentation](#ssec-dart-applications) for more details on requir
`flutter` in Nixpkgs always points to `flutterPackages.stable`, which is the latest packaged version. To avoid unforeseen breakage during upgrade, packages in Nixpkgs should use a specific flutter version, such as `flutter319` and `flutter322`, instead of using `flutter` directly.
```nix
{ flutter, fetchFromGitHub }:
{ flutter322, fetchFromGitHub }:
flutter322.buildFlutterApplication {
pname = "firmware-updater";

8
doc/languages-frameworks/ocaml.section.md
View File

@ -120,14 +120,6 @@ buildDunePackage rec {
}
```
Note about `minimalOCamlVersion`. A deprecated version of this argument was
spelled `minimumOCamlVersion`; setting the old attribute wrongly modifies the
derivation hash and is therefore inappropriate. As a technical dept, currently
packaged libraries may still use the old spelling: maintainers are invited to
fix this when updating packages. Massive renaming is strongly discouraged as it
would be challenging to review, difficult to test, and will cause unnecessary
rebuild.
The build will automatically fail if two distinct versions of the same library
are added to `buildInputs` (which usually happens transitively because of
`propagatedBuildInputs`). Set `dontDetectOcamlConflicts` to true to disable this

66
maintainers/maintainer-list.nix
View File

@ -1551,12 +1551,6 @@
githubId = 56009;
name = "Arcadio Rubio García";
};
arcayr = {
email = "nix@arcayr.online";
github = "arcayr";
githubId = 11192354;
name = "Elliot Speck";
};
archer-65 = {
email = "mario.liguori.056@gmail.com";
github = "archer-65";
@ -7393,12 +7387,6 @@
github = "gmacon";
githubId = 238853;
};
gmemstr = {
email = "git@gmem.ca";
github = "gmemstr";
githubId = 1878840;
name = "Gabriel Simmer";
};
gnxlxnxx = {
email = "gnxlxnxx@web.de";
github = "gnxlxnxx";
@ -8419,6 +8407,12 @@
githubId = 7403236;
name = "Markus J. Ankenbrand";
};
iivusly = {
email = "iivusly@icloud.com";
github = "iivusly";
githubId = 52052910;
name = "iivusly";
};
ikervagyok = {
email = "ikervagyok@gmail.com";
github = "ikervagyok";
@ -10594,13 +10588,6 @@
name = "Kat Inskip";
keys = [ { fingerprint = "9CC6 44B5 69CD A59B C874 C4C9 E8DD E3ED 1C90 F3A0"; } ];
};
kiwi = {
email = "envy1988@gmail.com";
github = "Kiwi";
githubId = 35715;
name = "Robert Djubek";
keys = [ { fingerprint = "8992 44FC D291 5CA2 0A97 802C 156C 88A5 B0A0 4B2A"; } ];
};
kjeremy = {
email = "kjeremy@gmail.com";
name = "Jeremy Kolb";
@ -11317,12 +11304,6 @@
github = "LogicalOverflow";
githubId = 5919957;
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
githubId = 341954;
name = "Linus Heckemann";
};
lhvwb = {
email = "nathaniel.baxter@gmail.com";
github = "nathanielbaxter";
@ -13157,6 +13138,12 @@
githubId = 3269878;
name = "Miguel Madrid Mencía";
};
mimvoid = {
github = "mimvoid";
githubId = 153698678;
email = "mimvoid@proton.me";
name = "mimvoid";
};
mindavi = {
email = "rol3517@gmail.com";
github = "Mindavi";
@ -13433,14 +13420,6 @@
githubId = 754512;
name = "Mogria";
};
mohe2015 = {
name = "Moritz Hedtke";
email = "Moritz.Hedtke@t-online.de";
matrix = "@moritz.hedtke:matrix.org";
github = "mohe2015";
githubId = 13287984;
keys = [ { fingerprint = "1248 D3E1 1D11 4A85 75C9 8934 6794 D45A 488C 2EDE"; } ];
};
momeemt = {
name = "Mutsuha Asada";
email = "me@momee.mt";
@ -17708,13 +17687,6 @@
githubId = 226872;
name = "Samuel Ainsworth";
};
samueldr = {
email = "samuel@dionne-riel.com";
matrix = "@samueldr:matrix.org";
github = "samueldr";
githubId = 132835;
name = "Samuel Dionne-Riel";
};
samuelefacenda = {
name = "Samuele Facenda";
email = "samuele.facenda@gmail.com";
@ -18818,14 +18790,6 @@
githubId = 53029739;
name = "Joshua Ortiz";
};
Sorixelle = {
email = "ruby+nixpkgs@srxl.me";
matrix = "@ruby:isincredibly.gay";
name = "Ruby Iris Juric";
github = "Sorixelle";
githubId = 38685302;
keys = [ { fingerprint = "2D76 76C7 A28E 16FC 75C7 268D 1B55 6ED8 4B0E 303A"; } ];
};
sorki = {
email = "srk@48.io";
github = "sorki";
@ -20045,12 +20009,6 @@
githubId = 1391883;
name = "Tom Hall";
};
thubrecht = {
email = "tom@hubrecht.ovh";
github = "Tom-Hubrecht";
githubId = 26650391;
name = "Tom Hubrecht";
};
Thunderbottom = {
email = "chinmaydpai@gmail.com";
github = "Thunderbottom";

6
maintainers/team-list.nix
View File

@ -677,12 +677,6 @@ with lib.maintainers;
shortName = "Mercury Employees";
};
mobile = {
members = [ samueldr ];
scope = "Maintain Mobile NixOS.";
shortName = "Mobile";
};
nix = {
members = [
eelco

2
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -62,7 +62,7 @@ In addition to numerous new and upgraded packages, this release has the followin
<!-- Please keep entries alphabetically sorted. -->
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software.
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the ankisyncd software.
- [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable).

10
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -25,6 +25,16 @@
- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
- `wstunnel` has had a major version upgrade that entailed rewriting the program in Rust.
The module was updated to accommodate for breaking changes.
Breaking changes to the module API were minimised as much as possible,
but some were nonetheless inevitable due to changes in the upstream CLI.
Certain options were moved from separate CLI arguments into the forward specifications,
and those options were also removed from the module's API,
please consult the wstunnel man page for more detail.
Also be aware that if you have set additional options in `services.wstunnel.{clients,servers}.<name>.extraArgs`,
that those might have been removed or modified upstream.
- `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
- `openssh` and `openssh_hpn` are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can

13
nixos/modules/programs/xonsh.nix
View File

@ -23,7 +23,7 @@ in
};
package = lib.mkPackageOption pkgs "xonsh" {
example = "xonsh.override { extraPackages = ps: [ ps.requests ]; }";
example = "xonsh.wrapper.override { extraPackages = ps: [ ps.requests ]; }";
};
config = lib.mkOption {
@ -61,17 +61,14 @@ in
aliases['ls'] = _ls_alias
del _ls_alias
${cfg.config}
'';
environment.systemPackages = [ cfg.package ];
environment.shells =
[ "/run/current-system/sw/bin/xonsh"
"${cfg.package}/bin/xonsh"
];
environment.shells = [
"/run/current-system/sw/bin/xonsh"
"${lib.getExe cfg.package}"
];
};
}

2
nixos/modules/services/admin/meshcentral.nix
View File

@ -42,5 +42,5 @@ in with lib; {
};
};
};
meta.maintainers = [ maintainers.lheckemann ];
meta.maintainers = [ ];
}

57
nixos/modules/services/desktops/gnome/gnome-keyring.nix
View File

@ -1,45 +1,52 @@
# GNOME Keyring daemon.
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.gnome.gnome-keyring;
in
{
meta = {
maintainers = lib.teams.gnome.members;
};
###### interface
options = {
services.gnome.gnome-keyring = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords.
'';
};
enable = lib.mkEnableOption ''
GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
'';
};
};
###### implementation
config = lib.mkIf config.services.gnome.gnome-keyring.enable {
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.gnome.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome.gnome-keyring pkgs.gcr ];
services.dbus.packages = [
pkgs.gnome.gnome-keyring
pkgs.gcr
];
xdg.portal.extraPortals = [ pkgs.gnome.gnome-keyring ];
security.pam.services.login.enableGnomeKeyring = true;
security.pam.services = lib.mkMerge [
{
login.enableGnomeKeyring = true;
}
(lib.mkIf config.services.xserver.displayManager.gdm.enable {
gdm-password.enableGnomeKeyring = true;
gdm-autologin.enableGnomeKeyring = true;
})
(lib.mkIf (config.services.xserver.displayManager.gdm.enable && config.services.fprintd.enable) {
gdm-fingerprint.enableGnomeKeyring = true;
})
];
security.wrappers.gnome-keyring-daemon = {
owner = "root";
@ -47,7 +54,5 @@
capabilities = "cap_ipc_lock=ep";
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
};
};
}

2
nixos/modules/services/hardware/amdgpu.nix
View File

@ -28,7 +28,7 @@ in {
boot.initrd.kernelModules = lib.optionals cfg.initrd.enable [ "amdgpu" ];
hardware.opengl = lib.mkIf cfg.opencl.enable {
hardware.graphics = lib.mkIf cfg.opencl.enable {
enable = lib.mkDefault true;
extraPackages = [
pkgs.rocmPackages.clr

2
nixos/modules/services/mail/mailman.nix
View File

@ -646,7 +646,7 @@ in {
};
meta = {
maintainers = with lib.maintainers; [ lheckemann qyliss ];
maintainers = with lib.maintainers; [ qyliss ];
doc = ./mailman.md;
};

292
nixos/modules/services/misc/snapper.nix
View File

@ -1,16 +1,32 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.services.snapper;
mkValue = v:
if isList v then "\"${concatMapStringsSep " " (escape [ "\\" " " ]) v}\""
else if v == true then "yes"
else if v == false then "no"
else if isString v then "\"${v}\""
else builtins.toJSON v;
mkValue =
v:
if isList v then
"\"${
concatMapStringsSep " " (escape [
"\\"
" "
]) v
}\""
else if v == true then
"yes"
else if v == false then
"no"
else if isString v then
"\"${v}\""
else
builtins.toJSON v;
mkKeyValue = k: v: "${k}=${mkValue v}";
@ -43,7 +59,7 @@ let
ALLOW_GROUPS = mkOption {
type = types.listOf safeStr;
default = [];
default = [ ];
description = ''
List of groups allowed to operate with the config.
@ -53,7 +69,7 @@ let
ALLOW_USERS = mkOption {
type = types.listOf safeStr;
default = [];
default = [ ];
example = [ "alice" ];
description = ''
List of users allowed to operate with the config. "root" is always
@ -78,6 +94,54 @@ let
Defines whether hourly snapshots should be created.
'';
};
TIMELINE_LIMIT_HOURLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_DAILY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_WEEKLY = mkOption {
type = types.str;
default = "0";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_MONTHLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_QUARTERLY = mkOption {
type = types.str;
default = "0";
description = ''
Limits for timeline cleanup.
'';
};
TIMELINE_LIMIT_YEARLY = mkOption {
type = types.str;
default = "10";
description = ''
Limits for timeline cleanup.
'';
};
};
in
@ -152,112 +216,129 @@ in
is valid here, even if NixOS doesn't document it.
'';
type = types.attrsOf (types.submodule {
freeformType = types.attrsOf (types.oneOf [ (types.listOf safeStr) types.bool safeStr types.number ]);
type = types.attrsOf (
types.submodule {
freeformType = types.attrsOf (
types.oneOf [
(types.listOf safeStr)
types.bool
safeStr
types.number
]
);
options = configOptions;
});
options = configOptions;
}
);
};
};
config = mkIf (cfg.configs != {}) (let
documentation = [ "man:snapper(8)" "man:snapper-configs(5)" ];
in {
config = mkIf (cfg.configs != { }) (
let
documentation = [
"man:snapper(8)"
"man:snapper-configs(5)"
];
in
{
environment = {
environment = {
systemPackages = [ pkgs.snapper ];
systemPackages = [ pkgs.snapper ];
# Note: snapper/config-templates/default is only needed for create-config
# which is not the NixOS way to configure.
etc =
{
# Note: snapper/config-templates/default is only needed for create-config
# which is not the NixOS way to configure.
etc = {
"sysconfig/snapper".text = ''
SNAPPER_CONFIGS="${lib.concatStringsSep " " (builtins.attrNames cfg.configs)}"
'';
}
// (mapAttrs' (name: subvolume: nameValuePair "snapper/configs/${name}" ({
text = lib.generators.toKeyValue { inherit mkKeyValue; } (filterAttrs (k: v: v != defaultOf k) subvolume);
})) cfg.configs)
// (lib.optionalAttrs (cfg.filters != null) {
"snapper/filters/default.txt".text = cfg.filters;
});
};
services.dbus.packages = [ pkgs.snapper ];
systemd.services.snapperd = {
description = "DBus interface for snapper";
inherit documentation;
serviceConfig = {
Type = "dbus";
BusName = "org.opensuse.Snapper";
ExecStart = "${pkgs.snapper}/bin/snapperd";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE";
LockPersonality = true;
NoNewPrivileges = false;
PrivateNetwork = true;
ProtectHostname = true;
RestrictAddressFamilies = "AF_UNIX";
RestrictRealtime = true;
"sysconfig/snapper".text = ''
SNAPPER_CONFIGS="${lib.concatStringsSep " " (builtins.attrNames cfg.configs)}"
'';
}
// (mapAttrs' (
name: subvolume:
nameValuePair "snapper/configs/${name}" ({
text = lib.generators.toKeyValue { inherit mkKeyValue; } (
filterAttrs (k: v: v != defaultOf k) subvolume
);
})
) cfg.configs)
// (lib.optionalAttrs (cfg.filters != null) { "snapper/filters/default.txt".text = cfg.filters; });
};
};
systemd.services.snapper-timeline = {
description = "Timeline of Snapper Snapshots";
inherit documentation;
requires = [ "local-fs.target" ];
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline";
};
services.dbus.packages = [ pkgs.snapper ];
systemd.timers.snapper-timeline = {
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.snapshotInterval;
systemd.services.snapperd = {
description = "DBus interface for snapper";
inherit documentation;
serviceConfig = {
Type = "dbus";
BusName = "org.opensuse.Snapper";
ExecStart = "${pkgs.snapper}/bin/snapperd";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE";
LockPersonality = true;
NoNewPrivileges = false;
PrivateNetwork = true;
ProtectHostname = true;
RestrictAddressFamilies = "AF_UNIX";
RestrictRealtime = true;
};
};
};
systemd.services.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --cleanup";
};
systemd.services.snapper-timeline = {
description = "Timeline of Snapper Snapshots";
inherit documentation;
requires = [ "local-fs.target" ];
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --timeline";
};
systemd.timers.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
wantedBy = [ "timers.target" ];
requires = [ "local-fs.target" ];
timerConfig.OnBootSec = "10m";
timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
};
systemd.timers.snapper-timeline = {
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = cfg.persistentTimer;
OnCalendar = cfg.snapshotInterval;
};
};
systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
description = "Take snapper snapshot of root on boot";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
serviceConfig.Type = "oneshot";
requires = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionPathExists = "/etc/snapper/configs/root";
};
systemd.services.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/lib/snapper/systemd-helper --cleanup";
};
assertions =
concatMap
(name:
let
sub = cfg.configs.${name};
in
[ { assertion = !(sub ? extraConfig);
message = ''
The option definition `services.snapper.configs.${name}.extraConfig' no longer has any effect; please remove it.
The contents of this option should be migrated to attributes on `services.snapper.configs.${name}'.
'';
}
] ++
systemd.timers.snapper-cleanup = {
description = "Cleanup of Snapper Snapshots";
inherit documentation;
wantedBy = [ "timers.target" ];
requires = [ "local-fs.target" ];
timerConfig.OnBootSec = "10m";
timerConfig.OnUnitActiveSec = cfg.cleanupInterval;
};
systemd.services.snapper-boot = lib.mkIf cfg.snapshotRootOnBoot {
description = "Take snapper snapshot of root on boot";
inherit documentation;
serviceConfig.ExecStart = "${pkgs.snapper}/bin/snapper --config root create --cleanup-algorithm number --description boot";
serviceConfig.Type = "oneshot";
requires = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionPathExists = "/etc/snapper/configs/root";
};
assertions = concatMap (
name:
let
sub = cfg.configs.${name};
in
[
{
assertion = !(sub ? extraConfig);
message = ''
The option definition `services.snapper.configs.${name}.extraConfig' no longer has any effect; please remove it.
The contents of this option should be migrated to attributes on `services.snapper.configs.${name}'.
'';
}
]
++
map
(attr: {
assertion = !(hasAttr attr sub);
@ -265,8 +346,11 @@ in
The option definition `services.snapper.configs.${name}.${attr}' has been renamed to `services.snapper.configs.${name}.${toUpper attr}'.
'';
})
[ "fstype" "subvolume" ]
)
(attrNames cfg.configs);
});
[
"fstype"
"subvolume"
]
) (attrNames cfg.configs);
}
);
}

2
nixos/modules/services/monitoring/grafana-reporter.nix
View File

@ -60,7 +60,7 @@ in {
"-templates ${cfg.templateDir}"
];
in {
ExecStart = "${pkgs.grafana_reporter}/bin/grafana-reporter ${args}";
ExecStart = "${pkgs.grafana-reporter}/bin/grafana-reporter ${args}";
};
};
};

65
nixos/modules/services/monitoring/netdata.nix
View File

@ -13,6 +13,9 @@ let
ln -s /run/wrappers/bin/slabinfo.plugin $out/libexec/netdata/plugins.d/slabinfo.plugin
ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin
ln -s /run/wrappers/bin/systemd-journal.plugin $out/libexec/netdata/plugins.d/systemd-journal.plugin
ln -s /run/wrappers/bin/logs-management.plugin $out/libexec/netdata/plugins.d/logs-management.plugin
ln -s /run/wrappers/bin/network-viewer.plugin $out/libexec/netdata/plugins.d/network-viewer.plugin
ln -s /run/wrappers/bin/debugfs.plugin $out/libexec/netdata/plugins.d/debugfs.plugin
'';
plugins = [
@ -47,6 +50,7 @@ let
defaultUser = "netdata";
isThereAnyWireGuardTunnels = config.networking.wireguard.enable || lib.any (c: lib.hasAttrByPath [ "netdevConfig" "Kind" ] c && c.netdevConfig.Kind == "wireguard") (builtins.attrValues config.systemd.network.netdevs);
in {
options = {
services.netdata = {
@ -86,6 +90,14 @@ in {
Whether to enable python-based plugins
'';
};
recommendedPythonPackages = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable a set of recommended Python plugins
by installing extra Python packages.
'';
};
extraPackages = mkOption {
type = types.functionTo (types.listOf types.package);
default = ps: [];
@ -198,13 +210,26 @@ in {
}
];
# Includes a set of recommended Python plugins in exchange of imperfect disk consumption.
services.netdata.python.extraPackages = lib.mkIf cfg.python.recommendedPythonPackages (ps: [
ps.requests
ps.pandas
ps.numpy
ps.psycopg2
ps.python-ldap
ps.netdata-pandas
ps.changefinder
]);
services.netdata.configDir.".opt-out-from-anonymous-statistics" = mkIf (!cfg.enableAnalyticsReporting) (pkgs.writeText ".opt-out-from-anonymous-statistics" "");
environment.etc."netdata/netdata.conf".source = configFile;
environment.etc."netdata/conf.d".source = configDirectory;
systemd.services.netdata = {
description = "Real time performance monitoring";
after = [ "network.target" ];
after = [ "network.target" "suid-sgid-wrappers.service" ];
# No wrapper means no "useful" netdata.
requires = [ "suid-sgid-wrappers.service" ];
wantedBy = [ "multi-user.target" ];
path = (with pkgs; [
curl
@ -213,10 +238,16 @@ in {
which
procps
bash
nvme-cli # for go.d
iw # for charts.d
apcupsd # for charts.d
# TODO: firehol # for FireQoS -- this requires more NixOS module support.
util-linux # provides logger command; required for syslog health alarms
])
++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages)
++ lib.optional config.virtualisation.libvirtd.enable (config.virtualisation.libvirtd.package);
++ lib.optional config.virtualisation.libvirtd.enable config.virtualisation.libvirtd.package
++ lib.optional config.virtualisation.docker.enable config.virtualisation.docker.package
++ lib.optionals config.virtualisation.podman.enable [ pkgs.jq config.virtualisation.podman.package ];
environment = {
PYTHONPATH = "${cfg.package}/libexec/netdata/python.d/python_modules";
NETDATA_PIPENAME = "/run/netdata/ipc";
@ -256,6 +287,8 @@ in {
# Configuration directory and mode
ConfigurationDirectory = "netdata";
ConfigurationDirectoryMode = "0755";
# AmbientCapabilities
AmbientCapabilities = lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";
# Capabilities
CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins
@ -269,7 +302,7 @@ in {
"CAP_SYS_CHROOT" # is required for cgroups plugin
"CAP_SETUID" # is required for cgroups and cgroups-network plugins
"CAP_SYSLOG" # is required for systemd-journal plugin
];
] ++ lib.optional isThereAnyWireGuardTunnels "CAP_NET_ADMIN";
# Sandboxing
ProtectSystem = "full";
ProtectHome = "read-only";
@ -308,6 +341,14 @@ in {
permissions = "u+rx,g+x,o-rwx";
};
"debugfs.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/debugfs.plugin.org";
capabilities = "cap_dac_read_search+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
"cgroup-network" = {
source = "${cfg.package}/libexec/netdata/plugins.d/cgroup-network.org";
capabilities = "cap_setuid+ep";
@ -332,6 +373,14 @@ in {
permissions = "u+rx,g+x,o-rwx";
};
"logs-management.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/logs-management.plugin.org";
capabilities = "cap_dac_read_search,cap_syslog+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
"slabinfo.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";
capabilities = "cap_dac_override+ep";
@ -348,6 +397,14 @@ in {
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
} // optionalAttrs (cfg.package.withNetworkViewer) {
"network-viewer.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/network-viewer.plugin.org";
capabilities = "cap_sys_admin,cap_dac_read_search,cap_sys_ptrace+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+x,o-rwx";
};
};
security.pam.loginLimits = [
@ -359,6 +416,8 @@ in {
${defaultUser} = {
group = defaultUser;
isSystemUser = true;
extraGroups = lib.optional config.virtualisation.docker.enable "docker"
++ lib.optional config.virtualisation.podman.enable "podman";
};
};

1
nixos/modules/services/networking/netbird.nix
View File

@ -37,7 +37,6 @@ in
{
meta.maintainers = with maintainers; [
misuzu
thubrecht
];
meta.doc = ./netbird.md;

2
nixos/modules/services/networking/netbird/server.nix
View File

@ -16,7 +16,7 @@ in
{
meta = {
maintainers = with lib.maintainers; [thubrecht patrickdag];
maintainers = with lib.maintainers; [patrickdag];
doc = ./server.md;
};

427
nixos/modules/services/networking/wstunnel.nix
View File

@ -1,83 +1,94 @@
{ config, lib, options, pkgs, utils, ... }:
with lib;
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.wstunnel;
attrsToArgs = attrs: utils.escapeSystemdExecArgs (
mapAttrsToList
(name: value: if value == true then "--${name}" else "--${name}=${value}")
attrs
);
hostPortToString = { host, port }: "${host}:${builtins.toString port}";
hostPortToString = { host, port }: "${host}:${toString port}";
hostPortSubmodule = {
options = {
host = mkOption {
host = lib.mkOption {
description = "The hostname.";
type = types.str;
type = lib.types.str;
};
port = mkOption {
port = lib.mkOption {
description = "The port.";
type = types.port;
type = lib.types.port;
};
};
};
commonOptions = {
enable = mkOption {
description = "Whether to enable this `wstunnel` instance.";
type = types.bool;
enable = lib.mkEnableOption "this `wstunnel` instance." // {
default = true;
};
package = mkPackageOption pkgs "wstunnel" {};
package = lib.mkPackageOption pkgs "wstunnel" { };
autoStart = mkOption {
description = "Whether this tunnel server should be started automatically.";
type = types.bool;
default = true;
};
autoStart =
lib.mkEnableOption "starting this wstunnel instance automatically." // {
default = true;
};
extraArgs = mkOption {
description = "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`.";
type = with types; attrsOf (either str bool);
default = {};
extraArgs = lib.mkOption {
description = ''
Extra command line arguments to pass to `wstunnel`.
Attributes of the form `argName = true;` will be translated to `--argName`,
and `argName = \"value\"` to `--argName value`.
'';
type = with lib.types; attrsOf (either str bool);
default = { };
example = {
"someNewOption" = true;
"someNewOptionWithValue" = "someValue";
};
};
loggingLevel = mkOption {
loggingLevel = lib.mkOption {
description = ''
Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#example-syntax)
'';
type = types.nullOr types.str;
type = lib.types.nullOr lib.types.str;
example = "INFO";
default = null;
};
environmentFile = mkOption {
description = "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime.";
type = types.nullOr types.path;
environmentFile = lib.mkOption {
description = ''
Environment file to be passed to the systemd service.
Useful for passing secrets to the service to prevent them from being
world-readable in the Nix store.
Note however that the secrets are passed to `wstunnel` through
the command line, which makes them locally readable for all users of
the system at runtime.
'';
type = lib.types.nullOr lib.types.path;
default = null;
example = "/var/lib/secrets/wstunnelSecrets";
};
};
serverSubmodule = { config, ...}: {
serverSubmodule = { config, ... }: {
options = commonOptions // {
listen = mkOption {
description = "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability.";
type = types.submodule hostPortSubmodule;
listen = lib.mkOption {
description = ''
Address and port to listen on.
Setting the port to a value below 1024 will also give the process
the required `CAP_NET_BIND_SERVICE` capability.
'';
type = lib.types.submodule hostPortSubmodule;
default = {
host = "0.0.0.0";
port = if config.enableHTTPS then 443 else 80;
};
defaultText = literalExpression ''
defaultText = lib.literalExpression ''
{
host = "0.0.0.0";
port = if enableHTTPS then 443 else 80;
@ -85,39 +96,50 @@ let
'';
};
restrictTo = mkOption {
description = "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses.";
type = types.listOf (types.submodule hostPortSubmodule);
default = [];
restrictTo = lib.mkOption {
description = ''
Accepted traffic will be forwarded only to this service.
'';
type = lib.types.listOf (lib.types.submodule hostPortSubmodule);
default = [ ];
example = [{
host = "127.0.0.1";
port = 51820;
}];
};
enableHTTPS = mkOption {
enableHTTPS = lib.mkOption {
description = "Use HTTPS for the tunnel server.";
type = types.bool;
type = lib.types.bool;
default = true;
};
tlsCertificate = mkOption {
description = "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`.";
type = types.nullOr types.path;
tlsCertificate = lib.mkOption {
description = ''
TLS certificate to use instead of the hardcoded one in case of HTTPS connections.
Use together with `tlsKey`.
'';
type = lib.types.nullOr lib.types.path;
default = null;
example = "/var/lib/secrets/cert.pem";
};
tlsKey = mkOption {
description = "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`.";
type = types.nullOr types.path;
tlsKey = lib.mkOption {
description = ''
TLS key to use instead of the hardcoded on in case of HTTPS connections.
Use together with `tlsCertificate`.
'';
type = lib.types.nullOr lib.types.path;
default = null;
example = "/var/lib/secrets/key.pem";
};
useACMEHost = mkOption {
description = "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`.";
type = types.nullOr types.str;
useACMEHost = lib.mkOption {
description = ''
Use a certificate generated by the NixOS ACME module for the given host.
Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`.
'';
type = lib.types.nullOr lib.types.str;
default = null;
example = "example.com";
};
@ -126,95 +148,113 @@ let
clientSubmodule = { config, ... }: {
options = commonOptions // {
connectTo = mkOption {
connectTo = lib.mkOption {
description = "Server address and port to connect to.";
type = types.str;
type = lib.types.str;
example = "https://wstunnel.server.com:8443";
};
localToRemote = mkOption {
localToRemote = lib.mkOption {
description = ''Listen on local and forwards traffic from remote.'';
type = types.listOf (types.str);
default = [];
type = lib.types.listOf (lib.types.str);
default = [ ];
example = [
"tcp://1212:google.com:443"
"unix:///tmp/wstunnel.sock:g.com:443"
];
};
remoteToLocal = mkOption {
remoteToLocal = lib.mkOption {
description = "Listen on remote and forwards traffic from local. Only tcp is supported";
type = types.listOf (types.str);
default = [];
type = lib.types.listOf lib.types.str;
default = [ ];
example = [
"tcp://1212:google.com:443"
"unix://wstunnel.sock:g.com:443"
];
};
addNetBind = mkEnableOption "Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024";
addNetBind = lib.mkEnableOption "Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024";
httpProxy = mkOption {
httpProxy = lib.mkOption {
description = ''
Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`).
::: {.warning}
Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `PROXY_PASSWORD=<your-password-here>` and set this option to `<user>:$PROXY_PASSWORD@<host>:<port>`. Note however that this will also locally leak the passwords at runtime via e.g. /proc/<pid>/cmdline.
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the `environmentFile` option
to a file containing `PROXY_PASSWORD=<your-password-here>` and set
this option to `<user>:$PROXY_PASSWORD@<host>:<port>`.
Note however that this will also locally leak the passwords at
runtime via e.g. /proc/<pid>/cmdline.
:::
'';
type = types.nullOr types.str;
type = lib.types.nullOr lib.types.str;
default = null;
};
soMark = mkOption {
description = "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service.";
type = types.nullOr types.int;
soMark = lib.mkOption {
description = ''
Mark network packets with the SO_MARK sockoption with the specified value.
Setting this option will also enable the required `CAP_NET_ADMIN` capability
for the systemd service.
'';
type = lib.types.nullOr lib.types.ints.unsigned;
default = null;
};
upgradePathPrefix = mkOption {
description = "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy.";
type = types.nullOr types.str;
upgradePathPrefix = lib.mkOption {
description = ''
Use a specific HTTP path prefix that will show up in the upgrade
request to the `wstunnel` server.
Useful when running `wstunnel` behind a reverse proxy.
'';
type = lib.types.nullOr lib.types.str;
default = null;
example = "wstunnel";
};
tlsSNI = mkOption {
tlsSNI = lib.mkOption {
description = "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls.";
type = types.nullOr types.str;
type = lib.types.nullOr lib.types.str;
default = null;
};
tlsVerifyCertificate = mkOption {
tlsVerifyCertificate = lib.mkOption {
description = "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option.";
type = types.bool;
type = lib.types.bool;
default = true;
};
# The original argument name `websocketPingFrequency` is a misnomer, as the frequency is the inverse of the interval.
websocketPingInterval = mkOption {
websocketPingInterval = lib.mkOption {
description = "Frequency at which the client will send websocket ping to the server.";
type = types.nullOr types.ints.unsigned;
type = lib.types.nullOr lib.types.ints.unsigned;
default = null;
};
upgradeCredentials = mkOption {
upgradeCredentials = lib.mkOption {
description = ''
Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`).
Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, `USER:[PASS]`).
::: {.warning}
Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `HTTP_PASSWORD=<your-password-here>` and set this option to `<user>:$HTTP_PASSWORD`. Note however that this will also locally leak the passwords at runtime via e.g. /proc/<pid>/cmdline.
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the `environmentFile` option
to a file containing `HTTP_PASSWORD=<your-password-here>` and set this
option to `<user>:$HTTP_PASSWORD`.
Note however that this will also locally leak the passwords at runtime
via e.g. /proc/<pid>/cmdline.
:::
'';
type = types.nullOr types.str;
type = lib.types.nullOr lib.types.str;
default = null;
};
customHeaders = mkOption {
customHeaders = lib.mkOption {
description = "Custom HTTP headers to send during the upgrade request.";
type = types.attrsOf types.str;
default = {};
type = lib.types.attrsOf lib.types.str;
default = { };
example = {
"X-Some-Header" = "some-value";
};
@ -224,49 +264,63 @@ let
generateServerUnit = name: serverCfg: {
name = "wstunnel-server-${name}";
value = {
description = "wstunnel server - ${name}";
requires = [ "network.target" "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = optional serverCfg.autoStart "multi-user.target";
value =
let
certConfig = config.security.acme.certs.${serverCfg.useACMEHost};
in
{
description = "wstunnel server - ${name}";
requires = [ "network.target" "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = lib.optional serverCfg.autoStart "multi-user.target";
serviceConfig = let
certConfig = config.security.acme.certs."${serverCfg.useACMEHost}";
in {
Type = "simple";
ExecStart = with serverCfg; let
resolvedTlsCertificate = if useACMEHost != null
then "${certConfig.directory}/fullchain.pem"
else tlsCertificate;
resolvedTlsKey = if useACMEHost != null
then "${certConfig.directory}/key.pem"
else tlsKey;
in ''
${package}/bin/wstunnel \
environment.RUST_LOG = serverCfg.loggingLevel;
serviceConfig = {
Type = "exec";
EnvironmentFile =
lib.optional (serverCfg.environmentFile != null) serverCfg.environmentFile;
DynamicUser = true;
SupplementaryGroups =
lib.optional (serverCfg.useACMEHost != null) certConfig.group;
PrivateTmp = true;
AmbientCapabilities =
lib.optionals (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
RestrictNamespaces = "uts ipc pid user cgroup";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateDevices = true;
RestrictSUIDSGID = true;
Restart = "on-failure";
RestartSec = 2;
RestartSteps = 20;
RestartMaxDelaySec = "5min";
};
script = with serverCfg; ''
${lib.getExe package} \
server \
${concatStringsSep " " (builtins.map (hostPair: "--restrict-to ${utils.escapeSystemdExecArg (hostPortToString hostPair)}") restrictTo)} \
${optionalString (resolvedTlsCertificate != null) "--tls-certificate ${utils.escapeSystemdExecArg resolvedTlsCertificate}"} \
${optionalString (resolvedTlsKey != null) "--tls-private-key ${utils.escapeSystemdExecArg resolvedTlsKey}"} \
${optionalString (loggingLevel != null) "--log-lvl ${loggingLevel}"} \
${attrsToArgs extraArgs} \
${utils.escapeSystemdExecArg "${if enableHTTPS then "wss" else "ws"}://${hostPortToString listen}"}
${lib.cli.toGNUCommandLineShell { } (
lib.recursiveUpdate
{
restrict-to = map hostPortToString restrictTo;
tls-certificate = if useACMEHost != null
then "${certConfig.directory}/fullchain.pem"
else "${tlsCertificate}";
tls-private-key = if useACMEHost != null
then "${certConfig.directory}/key.pem"
else "${tlsKey}";
}
extraArgs
)} \
${lib.escapeShellArg "${if enableHTTPS then "wss" else "ws"}://${hostPortToString listen}"}
'';
EnvironmentFile = optional (serverCfg.environmentFile != null) serverCfg.environmentFile;
DynamicUser = true;
SupplementaryGroups = optional (serverCfg.useACMEHost != null) certConfig.group;
PrivateTmp = true;
AmbientCapabilities = optionals (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
RestrictNamespaces = "uts ipc pid user cgroup";
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
PrivateDevices = true;
RestrictSUIDSGID = true;
};
};
};
generateClientUnit = name: clientCfg: {
@ -275,30 +329,19 @@ let
description = "wstunnel client - ${name}";
requires = [ "network.target" "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = optional clientCfg.autoStart "multi-user.target";
wantedBy = lib.optional clientCfg.autoStart "multi-user.target";
environment.RUST_LOG = clientCfg.loggingLevel;
serviceConfig = {
Type = "simple";
ExecStart = with clientCfg; ''
${package}/bin/wstunnel client \
${concatStringsSep " " (builtins.map (x: "--local-to-remote ${x}") localToRemote)} \
${concatStringsSep " " (builtins.map (x: "--remote-to-local ${x}") remoteToLocal)} \
${concatStringsSep " " (mapAttrsToList (n: v: "--http-headers \"${n}: ${v}\"") customHeaders)} \
${optionalString (httpProxy != null) "--http-proxy ${httpProxy}"} \
${optionalString (soMark != null) "--socket-so-mark=${toString soMark}"} \
${optionalString (upgradePathPrefix != null) "--http-upgrade-path-prefix ${upgradePathPrefix}"} \
${optionalString (tlsSNI != null) "--tls-sni-override ${tlsSNI}"} \
${optionalString tlsVerifyCertificate "--tls-verify-certificate"} \
${optionalString (websocketPingInterval != null) "--websocket-ping-frequency-sec ${toString websocketPingInterval}"} \
${optionalString (upgradeCredentials != null) "--http-upgrade-credentials ${upgradeCredentials}"} \
${optionalString (loggingLevel != null) "--log-lvl ${loggingLevel}"} \
${attrsToArgs extraArgs} \
${utils.escapeSystemdExecArg connectTo}
'';
EnvironmentFile = optional (clientCfg.environmentFile != null) clientCfg.environmentFile;
Type = "exec";
EnvironmentFile =
lib.optional (clientCfg.environmentFile != null) clientCfg.environmentFile;
DynamicUser = true;
PrivateTmp = true;
AmbientCapabilities = (optionals (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optionals (clientCfg.addNetBind) [ "CAP_NET_BIND_SERVICE" ]);
AmbientCapabilities =
(lib.optionals clientCfg.addNetBind [ "CAP_NET_BIND_SERVICE" ]) ++
(lib.optionals (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]);
NoNewPrivileges = true;
RestrictNamespaces = "uts ipc pid user cgroup";
ProtectSystem = "strict";
@ -308,17 +351,45 @@ let
ProtectControlGroups = true;
PrivateDevices = true;
RestrictSUIDSGID = true;
Restart = "on-failure";
RestartSec = 2;
RestartSteps = 20;
RestartMaxDelaySec = "5min";
};
script = with clientCfg; ''
${lib.getExe package} \
client \
${lib.cli.toGNUCommandLineShell { } (
lib.recursiveUpdate
{
local-to-remote = localToRemote;
remote-to-local = remoteToLocal;
http-headers = lib.mapAttrsToList (n: v: "${n}:${v}") customHeaders;
http-proxy = httpProxy;
socket-so-mark = soMark;
http-upgrade-path-prefix = upgradePathPrefix;
tls-sni-override = tlsSNI;
tls-verify-certificate = tlsVerifyCertificate;
websocket-ping-frequency-sec = websocketPingInterval;
http-upgrade-credentials = upgradeCredentials;
}
extraArgs
)} \
${lib.escapeShellArg connectTo}
'';
};
};
in {
in
{
options.services.wstunnel = {
enable = mkEnableOption "wstunnel";
enable = lib.mkEnableOption "wstunnel";
servers = mkOption {
servers = lib.mkOption {
description = "`wstunnel` servers to set up.";
type = types.attrsOf (types.submodule serverSubmodule);
default = {};
type = lib.types.attrsOf (lib.types.submodule serverSubmodule);
default = { };
example = {
"wg-tunnel" = {
listen = {
@ -336,13 +407,13 @@ in {
};
};
clients = mkOption {
clients = lib.mkOption {
description = "`wstunnel` clients to set up.";
type = types.attrsOf (types.submodule clientSubmodule);
default = {};
type = lib.types.attrsOf (lib.types.submodule clientSubmodule);
default = { };
example = {
"wg-tunnel" = {
connectTo = "https://wstunnel.server.com:8443";
connectTo = "wss://wstunnel.server.com:8443";
localToRemote = [
"tcp://1212:google.com:443"
"tcp://2:n.lan:4?proxy_protocol"
@ -356,28 +427,42 @@ in {
};
};
config = mkIf cfg.enable {
systemd.services = (mapAttrs' generateServerUnit (filterAttrs (n: v: v.enable) cfg.servers)) // (mapAttrs' generateClientUnit (filterAttrs (n: v: v.enable) cfg.clients));
config = lib.mkIf cfg.enable {
systemd.services =
(lib.mapAttrs' generateServerUnit (lib.filterAttrs (n: v: v.enable) cfg.servers)) //
(lib.mapAttrs' generateClientUnit (lib.filterAttrs (n: v: v.enable) cfg.clients));
assertions = (mapAttrsToList (name: serverCfg: {
assertion = !(serverCfg.useACMEHost != null && (serverCfg.tlsCertificate != null || serverCfg.tlsKey != null));
message = ''
Options services.wstunnel.servers."${name}".useACMEHost and services.wstunnel.servers."${name}".{tlsCertificate, tlsKey} are mutually exclusive.
'';
}) cfg.servers) ++
(mapAttrsToList (name: serverCfg: {
assertion = !((serverCfg.tlsCertificate != null || serverCfg.tlsKey != null) && !(serverCfg.tlsCertificate != null && serverCfg.tlsKey != null));
message = ''
services.wstunnel.servers."${name}".tlsCertificate and services.wstunnel.servers."${name}".tlsKey need to be set together.
'';
}) cfg.servers) ++
(mapAttrsToList (name: clientCfg: {
assertion = !(clientCfg.localToRemote == [] && clientCfg.remoteToLocal == []);
message = ''
Either one of services.wstunnel.clients."${name}".localToRemote or services.wstunnel.clients."${name}".remoteToLocal must be set.
'';
}) cfg.clients);
assertions =
(lib.mapAttrsToList
(name: serverCfg: {
assertion =
!(serverCfg.useACMEHost != null && serverCfg.tlsCertificate != null);
message = ''
Options services.wstunnel.servers."${name}".useACMEHost and services.wstunnel.servers."${name}".{tlsCertificate, tlsKey} are mutually exclusive.
'';
})
cfg.servers) ++
(lib.mapAttrsToList
(name: serverCfg: {
assertion =
(serverCfg.tlsCertificate == null && serverCfg.tlsKey == null) ||
(serverCfg.tlsCertificate != null && serverCfg.tlsKey != null);
message = ''
services.wstunnel.servers."${name}".tlsCertificate and services.wstunnel.servers."${name}".tlsKey need to be set together.
'';
})
cfg.servers) ++
(lib.mapAttrsToList
(name: clientCfg: {
assertion = !(clientCfg.localToRemote == [ ] && clientCfg.remoteToLocal == [ ]);
message = ''
Either one of services.wstunnel.clients."${name}".localToRemote or services.wstunnel.clients."${name}".remoteToLocal must be set.
'';
})
cfg.clients);
};
meta.maintainers = with maintainers; [ alyaeanyx neverbehave ];
meta.maintainers = with lib.maintainers; [ alyaeanyx rvdp neverbehave ];
}

8
nixos/modules/services/networking/zerotierone.nix
View File

@ -4,7 +4,9 @@ with lib;
let
cfg = config.services.zerotierone;
localConfFile = pkgs.writeText "zt-local.conf" (builtins.toJSON cfg.localConf);
settingsFormat = pkgs.formats.json {};
localConfFile = settingsFormat.generate "zt-local.conf" cfg.localConf;
localConfFilePath = "/var/lib/zerotier-one/local.conf";
in
{
@ -41,7 +43,7 @@ in
example = {
settings.allowTcpFallbackRelay = false;
};
type = types.nullOr types.attrs;
type = settingsFormat.type;
};
config = mkIf cfg.enable {
@ -60,7 +62,7 @@ in
chown -R root:root /var/lib/zerotier-one
'' + (concatMapStrings (netId: ''
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
'') cfg.joinNetworks) + optionalString (cfg.localConf != null) ''
'') cfg.joinNetworks) + optionalString (cfg.localConf != {}) ''
if [ -L "${localConfFilePath}" ]
then
rm ${localConfFilePath}

2
nixos/modules/services/security/step-ca.nix
View File

@ -4,7 +4,7 @@ let
settingsFormat = (pkgs.formats.json { });
in
{
meta.maintainers = with lib.maintainers; [ mohe2015 ];
meta.maintainers = with lib.maintainers; [ ];
options = {
services.step-ca = {

2
nixos/modules/services/web-apps/zitadel.nix
View File

@ -219,5 +219,5 @@ in
users.groups.zitadel = lib.mkIf (cfg.group == "zitadel") { };
};
meta.maintainers = with lib.maintainers; [ Sorixelle ];
meta.maintainers = [ ];
}

4
nixos/modules/services/web-servers/bluemap.nix
View File

@ -71,9 +71,7 @@ in {
host = mkOption {
type = lib.types.str;
default = "bluemap.${config.networking.domain}";
defaultText = lib.literalExpression "bluemap.\${config.networking.domain}";
description = "Domain to configure nginx for";
description = "Domain on which nginx will serve the bluemap webapp";
};
onCalendar = mkOption {

2
nixos/modules/virtualisation/oci-image.nix
View File

@ -9,10 +9,10 @@ in
config = {
system.build.OCIImage = import ../../lib/make-disk-image.nix {
inherit config lib pkgs;
inherit (cfg) diskSize;
name = "oci-image";
configFile = ./oci-config-user.nix;
format = "qcow2";
diskSize = 8192;
partitionTableType = if cfg.efi then "efi" else "legacy";
};

6
nixos/modules/virtualisation/oci-options.nix
View File

@ -9,6 +9,12 @@
Whether the OCI instance is using EFI.
'';
};
diskSize = lib.mkOption {
type = lib.types.int;
default = 8192;
description = "Size of the disk image created in MB.";
example = "diskSize = 12 * 1024; # 12GiB";
};
};
};
}

2
nixos/modules/virtualisation/spice-usb-redirection.nix
View File

@ -22,5 +22,5 @@
};
};
meta.maintainers = [ lib.maintainers.lheckemann ];
meta.maintainers = [ ];
}

4
nixos/tests/all-tests.nix
View File

@ -500,7 +500,8 @@ in {
libreddit = handleTest ./libreddit.nix {};
librenms = handleTest ./librenms.nix {};
libresprite = handleTest ./libresprite.nix {};
libreswan = handleTest ./libreswan.nix {};
libreswan = runTest ./libreswan.nix;
libreswan-nat = runTest ./libreswan-nat.nix;
librewolf = handleTest ./firefox.nix { firefoxPackage = pkgs.librewolf; };
libuiohook = handleTest ./libuiohook.nix {};
libvirtd = handleTest ./libvirtd.nix {};
@ -1045,6 +1046,7 @@ in {
wordpress = handleTest ./wordpress.nix {};
wrappers = handleTest ./wrappers.nix {};
writefreely = handleTest ./web-apps/writefreely.nix {};
wstunnel = runTest ./wstunnel.nix;
xandikos = handleTest ./xandikos.nix {};
xautolock = handleTest ./xautolock.nix {};
xfce = handleTest ./xfce.nix {};

2
nixos/tests/crabfit.nix
View File

@ -4,7 +4,7 @@ import ./make-test-python.nix (
{
name = "crabfit";
meta.maintainers = with lib.maintainers; [ thubrecht ];
meta.maintainers = with lib.maintainers; [ ];
nodes = {
machine =

2
nixos/tests/initrd-secrets.nix
View File

@ -9,7 +9,7 @@ let
testWithCompressor = compressor: testing.makeTest {
name = "initrd-secrets-${compressor}";
meta.maintainers = [ lib.maintainers.lheckemann ];
meta.maintainers = [ ];
nodes.machine = { ... }: {
virtualisation.useBootLoader = true;

238
nixos/tests/libreswan-nat.nix Normal file
View File

@ -0,0 +1,238 @@
# This test sets up an IPsec VPN server that allows a client behind an IPv4 NAT
# router to access the IPv6 internet. We check that the client initially can't
# ping an IPv6 hosts and its connection to the server can be eavesdropped by
# the router, but once the IPsec tunnel is enstablished it can talk to an
# IPv6-only host and the connection is secure.
#
# Notes:
# - the VPN is implemented using policy-based routing.
# - the client is assigned an IPv6 address from the same /64 subnet
# of the server, without DHCPv6 or SLAAC.
# - the server acts as NDP proxy for the client, so that the latter
# becomes reachable at its assigned IPv6 via the server.
# - the client falls back to TCP if UDP is blocked
{ lib, pkgs, ... }:
let
# Common network setup
baseNetwork = {
# shared hosts file
networking.extraHosts = lib.mkVMOverride ''
203.0.113.1 router
203.0.113.2 server
2001:db8::2 inner
192.168.1.1 client
'';
# open a port for testing
networking.firewall.allowedUDPPorts = [ 1234 ];
};
# Common IPsec configuration
baseTunnel = {
services.libreswan.enable = true;
environment.etc."ipsec.d/tunnel.secrets" =
{ text = ''@server %any : PSK "j1JbIi9WY07rxwcNQ6nbyThKCf9DGxWOyokXIQcAQUnafsNTUJxfsxwk9WYK8fHj"'';
mode = "600";
};
};
# Helpers to add a static IP address on an interface
setAddress4 = iface: addr: {
networking.interfaces.${iface}.ipv4.addresses =
lib.mkVMOverride [ { address = addr; prefixLength = 24; } ];
};
setAddress6 = iface: addr: {
networking.interfaces.${iface}.ipv6.addresses =
lib.mkVMOverride [ { address = addr; prefixLength = 64; } ];
};
in
{
name = "libreswan-nat";
meta = with lib.maintainers; {
maintainers = [ rnhmjoj ];
};
nodes.router = { pkgs, ... }: lib.mkMerge [
baseNetwork
(setAddress4 "eth1" "203.0.113.1")
(setAddress4 "eth2" "192.168.1.1")
{
virtualisation.vlans = [ 1 2 ];
environment.systemPackages = [ pkgs.tcpdump ];
networking.nat = {
enable = true;
externalInterface = "eth1";
internalInterfaces = [ "eth2" ];
};
networking.firewall.trustedInterfaces = [ "eth2" ];
}
];
nodes.inner = lib.mkMerge [
baseNetwork
(setAddress6 "eth1" "2001:db8::2")
{ virtualisation.vlans = [ 3 ]; }
];
nodes.server = lib.mkMerge [
baseNetwork
baseTunnel
(setAddress4 "eth1" "203.0.113.2")
(setAddress6 "eth2" "2001:db8::1")
{
virtualisation.vlans = [ 1 3 ];
networking.firewall.allowedUDPPorts = [ 500 4500 ];
networking.firewall.allowedTCPPorts = [ 993 ];
# see https://github.com/NixOS/nixpkgs/pull/310857
networking.firewall.checkReversePath = false;
boot.kernel.sysctl = {
# enable forwarding packets
"net.ipv6.conf.all.forwarding" = 1;
"net.ipv4.conf.all.forwarding" = 1;
# enable NDP proxy for VPN clients
"net.ipv6.conf.all.proxy_ndp" = 1;
};
services.libreswan.configSetup = "listen-tcp=yes";
services.libreswan.connections.tunnel = ''
# server
left=203.0.113.2
leftid=@server
leftsubnet=::/0
leftupdown=${pkgs.writeScript "updown" ''
# act as NDP proxy for VPN clients
if test "$PLUTO_VERB" = up-client-v6; then
ip neigh add proxy "$PLUTO_PEER_CLIENT_NET" dev eth2
fi
if test "$PLUTO_VERB" = down-client-v6; then
ip neigh del proxy "$PLUTO_PEER_CLIENT_NET" dev eth2
fi
''}
# clients
right=%any
rightaddresspool=2001:db8:0:0:c::/97
modecfgdns=2001:db8::1
# clean up vanished clients
dpddelay=30
auto=add
keyexchange=ikev2
rekey=no
narrowing=yes
fragmentation=yes
authby=secret
leftikeport=993
retransmit-timeout=10s
'';
}
];
nodes.client = lib.mkMerge [
baseNetwork
baseTunnel
(setAddress4 "eth1" "192.168.1.2")
{
virtualisation.vlans = [ 2 ];
networking.defaultGateway = {
address = "192.168.1.1";
interface = "eth1";
};
services.libreswan.connections.tunnel = ''
# client
left=%defaultroute
leftid=@client
leftmodecfgclient=yes
leftsubnet=::/0
# server
right=203.0.113.2
rightid=@server
rightsubnet=::/0
auto=add
narrowing=yes
rekey=yes
fragmentation=yes
authby=secret
# fallback when UDP is blocked
enable-tcp=fallback
tcp-remoteport=993
retransmit-timeout=5s
'';
}
];
testScript =
''
def client_to_host(machine, msg: str):
"""
Sends a message from client to server
"""
machine.execute("nc -lu :: 1234 >/tmp/msg &")
client.sleep(1)
client.succeed(f"echo '{msg}' | nc -uw 0 {machine.name} 1234")
client.sleep(1)
machine.succeed(f"grep '{msg}' /tmp/msg")
def eavesdrop():
"""
Starts eavesdropping on the router
"""
match = "udp port 1234"
router.execute(f"tcpdump -i eth1 -c 1 -Avv {match} >/tmp/log &")
start_all()
with subtest("Network is up"):
client.wait_until_succeeds("ping -c1 server")
client.succeed("systemctl restart ipsec")
server.succeed("systemctl restart ipsec")
with subtest("Router can eavesdrop cleartext traffic"):
eavesdrop()
client_to_host(server, "I secretly love turnip")
router.sleep(1)
router.succeed("grep turnip /tmp/log")
with subtest("Libreswan is ready"):
client.wait_for_unit("ipsec")
server.wait_for_unit("ipsec")
client.succeed("ipsec checkconfig")
server.succeed("ipsec checkconfig")
with subtest("Client can't ping VPN host"):
client.fail("ping -c1 inner")
with subtest("Client can start the tunnel"):
client.succeed("ipsec start tunnel")
client.succeed("ip -6 addr show lo | grep -q 2001:db8:0:0:c")
with subtest("Client can ping VPN host"):
client.wait_until_succeeds("ping -c1 2001:db8::1")
client.succeed("ping -c1 inner")
with subtest("Eve no longer can eavesdrop"):
eavesdrop()
client_to_host(inner, "Just kidding, I actually like rhubarb")
router.sleep(1)
router.fail("grep rhubarb /tmp/log")
with subtest("TCP fallback is available"):
server.succeed("iptables -I nixos-fw -p udp -j DROP")
client.succeed("ipsec restart")
client.execute("ipsec start tunnel")
client.wait_until_succeeds("ping -c1 inner")
'';
}

4
nixos/tests/libreswan.nix
View File

@ -3,7 +3,7 @@
# Eve can eavesdrop the plaintext traffic between Alice and Bob, but once they
# enable the secure tunnel Eve's spying becomes ineffective.
import ./make-test-python.nix ({ lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
@ -133,4 +133,4 @@ in
eve.sleep(1)
eve.fail("grep rhubarb /tmp/log")
'';
})
}

6
nixos/tests/matomo.nix
View File

@ -41,14 +41,14 @@ let
in {
matomo = matomoTest pkgs.matomo // {
name = "matomo";
meta.maintainers = with maintainers; [ florianjacob kiwi mmilata twey boozedog ];
meta.maintainers = with maintainers; [ florianjacob mmilata twey boozedog ];
};
matomo-beta = matomoTest pkgs.matomo-beta // {
name = "matomo-beta";
meta.maintainers = with maintainers; [ florianjacob kiwi mmilata twey boozedog ];
meta.maintainers = with maintainers; [ florianjacob mmilata twey boozedog ];
};
matomo_5 = matomoTest pkgs.matomo_5 // {
name = "matomo-5";
meta.maintainers = with maintainers; [ florianjacob kiwi mmilata twey boozedog ] ++ lib.teams.flyingcircus.members;
meta.maintainers = with maintainers; [ florianjacob mmilata twey boozedog ] ++ lib.teams.flyingcircus.members;
};
}

5
nixos/tests/netdata.nix
View File

@ -11,7 +11,10 @@ import ./make-test-python.nix ({ pkgs, ...} : {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ curl jq netdata ];
services.netdata.enable = true;
services.netdata = {
enable = true;
python.recommendedPythonPackages = true;
};
};
};

2
nixos/tests/tigervnc.nix
View File

@ -7,7 +7,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; };
makeTest {
name = "tigervnc";
meta = with pkgs.lib.maintainers; {
maintainers = [ lheckemann ];
maintainers = [ ];
};
nodes = {

2
nixos/tests/timezone.nix
View File

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "timezone";
meta.maintainers = with pkgs.lib.maintainers; [ lheckemann ];
meta.maintainers = with pkgs.lib.maintainers; [ ];
nodes = {
node_eutz = { pkgs, ... }: {

96
nixos/tests/wstunnel.nix Normal file
View File

@ -0,0 +1,96 @@
let
certs = import ./common/acme/server/snakeoil-certs.nix;
domain = certs.domain;
in
{
name = "wstunnel";
nodes = {
server = {
virtualisation.vlans = [ 1 ];
security.pki.certificateFiles = [ certs.ca.cert ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.1/24";
};
services.wstunnel = {
enable = true;
servers.my-server = {
listen = {
host = "10.0.0.1";
port = 443;
};
tlsCertificate = certs.${domain}.cert;
tlsKey = certs.${domain}.key;
};
};
};
client = {
virtualisation.vlans = [ 1 ];
security.pki.certificateFiles = [ certs.ca.cert ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
extraHosts = ''
10.0.0.1 ${domain}
'';
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.2/24";
};
services.wstunnel = {
enable = true;
clients.my-client = {
autoStart = false;
connectTo = "wss://${domain}:443";
localToRemote = [
"tcp://8080:localhost:2080"
];
remoteToLocal = [
"tcp://2081:localhost:8081"
];
};
};
};
};
testScript = /* python */ ''
start_all()
server.wait_for_unit("wstunnel-server-my-server.service")
client.wait_for_open_port(443, "10.0.0.1")
client.systemctl("start wstunnel-client-my-client.service")
client.wait_for_unit("wstunnel-client-my-client.service")
with subtest("connection from client to server"):
server.succeed("nc -l 2080 >/tmp/msg &")
client.sleep(1)
client.succeed('nc -w1 localhost 8080 <<<"Hello from client"')
server.succeed('grep "Hello from client" /tmp/msg')
with subtest("connection from server to client"):
client.succeed("nc -l 8081 >/tmp/msg &")
server.sleep(1)
server.succeed('nc -w1 localhost 2081 <<<"Hello from server"')
client.succeed('grep "Hello from server" /tmp/msg')
client.systemctl("stop wstunnel-client-my-client.service")
'';
}

2
pkgs/applications/audio/audacity/default.nix
View File

@ -202,7 +202,7 @@ stdenv.mkDerivation rec {
# Documentation.
cc-by-30
];
maintainers = with maintainers; [ lheckemann veprbl wegank ];
maintainers = with maintainers; [ veprbl wegank ];
platforms = platforms.unix;
};
}

10
pkgs/applications/audio/cmus/default.nix
View File

@ -8,12 +8,12 @@
, samplerateSupport ? jackSupport, libsamplerate ? null
, ossSupport ? false, alsa-oss ? null
, pulseaudioSupport ? config.pulseaudio or false, libpulseaudio ? null
, sndioSupport ? false, sndio ? null
, mprisSupport ? stdenv.isLinux, systemd ? null
# TODO: add these
#, artsSupport
#, roarSupport
#, sndioSupport
#, sunSupport
#, waveoutSupport
@ -59,11 +59,11 @@ let
(mkFlag samplerateSupport "CONFIG_SAMPLERATE=y" libsamplerate)
(mkFlag ossSupport "CONFIG_OSS=y" alsa-oss)
(mkFlag pulseaudioSupport "CONFIG_PULSE=y" libpulseaudio)
(mkFlag sndioSupport "CONFIG_SNDIO=y" sndio)
(mkFlag mprisSupport "CONFIG_MPRIS=y" systemd)
#(mkFlag artsSupport "CONFIG_ARTS=y")
#(mkFlag roarSupport "CONFIG_ROAR=y")
#(mkFlag sndioSupport "CONFIG_SNDIO=y")
#(mkFlag sunSupport "CONFIG_SUN=y")
#(mkFlag waveoutSupport "CONFIG_WAVEOUT=y")
@ -92,13 +92,13 @@ in
stdenv.mkDerivation rec {
pname = "cmus";
version = "2.10.0-unstable-2023-11-05";
version = "2.11.0";
src = fetchFromGitHub {
owner = "cmus";
repo = "cmus";
rev = "23afab39902d3d97c47697196b07581305337529";
sha256 = "sha256-pxDIYbeJMoaAuErCghWJpDSh1WbYbhgJ7+ca5WLCrOs=";
rev = "v${version}";
hash = "sha256-kUJC+ORLkYD57mPL/1p5VCm9yiNzVdOZhxp7sVP6oMw=";
};
nativeBuildInputs = [ pkg-config ];

2
pkgs/applications/audio/pmidi/default.nix
View File

@ -16,7 +16,7 @@ stdenv.mkDerivation {
meta = with lib; {
homepage = "https://www.parabola.me.uk/alsa/pmidi.html";
description = "Straightforward command line program to play midi files through the ALSA sequencer";
maintainers = with maintainers; [ lheckemann ];
maintainers = with maintainers; [ ];
license = licenses.gpl2;
mainProgram = "pmidi";
};

11
pkgs/applications/audio/spotify-qt/default.nix
View File

@ -1,4 +1,5 @@
{ fetchFromGitHub
{ stdenvNoCC
, fetchFromGitHub
, lib
, cmake
, mkDerivation
@ -26,12 +27,18 @@ mkDerivation rec {
installFlags = [ "DESTDIR=$(out)" ];
postInstall = lib.optionalString stdenvNoCC.isDarwin ''
mkdir -p $out/Applications
mv $out/bin/spotify-qt.app $out/Applications
ln $out/Applications/spotify-qt.app/Contents/MacOS/spotify-qt $out/bin/spotify-qt
'';
meta = with lib; {
description = "Lightweight unofficial Spotify client using Qt";
mainProgram = "spotify-qt";
homepage = "https://github.com/kraxarn/spotify-qt";
license = licenses.gpl3Only;
maintainers = with maintainers; [ ];
maintainers = with maintainers; [ iivusly ];
platforms = platforms.unix;
};
}

2
pkgs/applications/audio/tenacity/default.nix
View File

@ -152,7 +152,7 @@ stdenv.mkDerivation rec {
mainProgram = "tenacity";
homepage = "https://tenacityaudio.org/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ irenes lheckemann ];
maintainers = with maintainers; [ irenes ];
platforms = platforms.linux;
};
}

4
pkgs/applications/blockchains/bisq-desktop/default.nix
View File

@ -38,11 +38,11 @@ let
in
stdenv.mkDerivation rec {
pname = "bisq-desktop";
version = "1.9.15";
version = "1.9.16";
src = fetchurl {
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
sha256 = "0bz4yzfrzn9rwsmwwnsqdgxsqd42dyiz3vxi53qxj36h49nh8lzg";
sha256 = "sha256-DxYgZgDa3vOHj7svJqu/pdyXKZ+uBTy35Fchw49xxoA=";
};
nativeBuildInputs = [

56
pkgs/applications/editors/vim/plugins/overrides.nix
View File

@ -60,6 +60,9 @@
, zsh
, # codeium-nvim dependencies
codeium
, # codesnap-nvim dependencies
clang
, libuv
, # command-t dependencies
getconf
, ruby
@ -400,6 +403,54 @@
'';
};
codesnap-nvim =
let
version = "1.3.1";
src = fetchFromGitHub {
owner = "mistricky";
repo = "codesnap.nvim";
rev = "refs/tags/v${version}";
hash = "sha256-nS/bAWsBQ1L4M9437Yp6FdmHoogzalKlLIAXnRZyMp0=";
};
codesnap-lib = rustPlatform.buildRustPackage {
pname = "codesnap-lib";
inherit version src;
sourceRoot = "${src.name}/generator";
cargoHash = "sha256-FTQl5WIGEf+RQKYJ4BbIE3cCeN+NYUp7VXIrpxB05tU=";
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
];
buildInputs = [
libuv.dev
] ++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.AppKit
];
};
in
buildVimPlugin {
pname = "codesnap.nvim";
inherit version src;
# - Remove the shipped pre-built binaries
# - Copy the resulting binary from the codesnap-lib derivation
# Note: the destination should be generator.so, even on darwin
# https://github.com/mistricky/codesnap.nvim/blob/main/scripts/build_generator.sh
postInstall = let
extension = if stdenv.isDarwin then "dylib" else "so";
in ''
rm -r $out/lua/*.so
cp ${codesnap-lib}/lib/libgenerator.${extension} $out/lua/generator.so
'';
doInstallCheck = true;
nvimRequireCheck = "codesnap";
};
command-t = super.command-t.overrideAttrs {
nativeBuildInputs = [ getconf ruby ];
buildPhase = ''
@ -1485,6 +1536,11 @@
'';
};
todo-comments-nvim = super.todo-comments-nvim.overrideAttrs {
dependencies = [ self.plenary-nvim ];
nvimRequireCheck = "todo-comments";
};
tup =
let
# Based on the comment at the top of https://github.com/gittup/tup/blob/master/contrib/syntax/tup.vim

1
pkgs/applications/editors/vim/plugins/vim-plugin-names
View File

@ -191,6 +191,7 @@ https://github.com/neoclide/coc.nvim/,release,
https://github.com/manicmaniac/coconut.vim/,HEAD,
https://github.com/Exafunction/codeium.nvim/,HEAD,
https://github.com/Exafunction/codeium.vim/,HEAD,
https://github.com/mistricky/codesnap.nvim/,HEAD,
https://github.com/gorbit99/codewindow.nvim/,HEAD,
https://github.com/metakirby5/codi.vim/,,
https://github.com/tjdevries/colorbuddy.nvim/,,

16
pkgs/applications/editors/vscode/vscode.nix
View File

@ -30,21 +30,21 @@ let
archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "039yb1v4vcgsyp3gfvsfm7pxivf20ycyvidhrk26jfm54ghbbnlz";
x86_64-darwin = "1nkwww12yalkxja8vdln45kzrbybhrca8q0zxj8kk9s8bdzsvr5d";
aarch64-linux = "0pz8qji6n7j0vrm4l84vxw2sad6q3swz7jda4zyw1n13y7p9kpcj";
aarch64-darwin = "1a1b233f28x0v7rb7295jdivzxqvp812x585vacxx1qfmpn6mabl";
armv7l-linux = "12569045nzz5zsmaqd4xvq5lmajcl7w3qdv0n9m5rh2g6s32585c";
x86_64-linux = "0d0cgsiafmr1wmxqji7mi4hmms7zqql868bcfbq9lmkw96zw85dw";
x86_64-darwin = "1zga9zm25h33m42cdnbkpzx5vbcwm9n7036qapq8pgrb23mals7f";
aarch64-linux = "0wsdcny0y8xfvdf62qh792ifcq1am8i8xkchh5rscjc3xli6r86s";
aarch64-darwin = "13jd39lm667206ga8fqbdb7mdqbkmbgq1l7wid3h4yanz87zbm99";
armv7l-linux = "1xpvcypm0xnwjmbj2c1a245yav3nwi0g2k564x91vazfw4nmi7mv";
}.${system} or throwSystem;
in
callPackage ./generic.nix rec {
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.90.1";
version = "1.90.2";
pname = "vscode" + lib.optionalString isInsiders "-insiders";
# This is used for VS Code - Remote SSH test
rev = "611f9bfce64f25108829dd295f54a6894e87339d";
rev = "5437499feb04f7a586f677b155b039bc2b3669eb";
executableName = "code" + lib.optionalString isInsiders "-insiders";
longName = "Visual Studio Code" + lib.optionalString isInsiders " - Insiders";
@ -68,7 +68,7 @@ in
src = fetchurl {
name = "vscode-server-${rev}.tar.gz";
url = "https://update.code.visualstudio.com/commit:${rev}/server-linux-x64/stable";
sha256 = "1j4fd3281jsm10ngq9lzwph3nil0xwbypc180sh5wifb66bmprf6";
sha256 = "18npvj29g9xwjyxv3a0fxipk30hgm487cfr3d91dvp5hxhl4dwwr";
};
};

4
pkgs/applications/editors/xed-editor/default.nix
View File

@ -19,13 +19,13 @@
stdenv.mkDerivation rec {
pname = "xed-editor";
version = "3.6.2";
version = "3.6.3";
src = fetchFromGitHub {
owner = "linuxmint";
repo = "xed";
rev = version;
sha256 = "sha256-+yY+vzDMeS4AMMAklzADD4/LAQgav3clM2CCK6xh47Q=";
sha256 = "sha256-xsNqzicI11dM/DjY00pXaPpQdHA0ltP23g34fMWUoUA=";
};
patches = [

2
pkgs/applications/kde/alligator.nix
View File

@ -38,6 +38,6 @@ mkDerivation rec {
# https://invent.kde.org/plasma-mobile/alligator/-/commit/db30f159c4700244532b17a260deb95551045b7a
# * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
license = with licenses; [ gpl2Only gpl3Only ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/audiotube.nix
View File

@ -66,6 +66,6 @@ mkDerivation rec {
homepage = "https://invent.kde.org/plasma-mobile/audiotube";
# https://invent.kde.org/plasma-mobile/audiotube/-/tree/c503d0607a3386112beaa9cf990ab85fe33ef115/LICENSES
license = with licenses; [ bsd2 cc0 gpl2Only gpl3Only ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/calindori.nix
View File

@ -41,6 +41,6 @@ mkDerivation rec {
description = "Calendar for Plasma Mobile";
homepage = "https://invent.kde.org/plasma-mobile/calindori";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/kalk.nix
View File

@ -46,6 +46,6 @@ mkDerivation rec {
mainProgram = "kalk";
homepage = "https://invent.kde.org/plasma-mobile/kalk";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/kasts.nix
View File

@ -63,6 +63,6 @@ mkDerivation rec {
homepage = "https://apps.kde.org/kasts/";
# https://invent.kde.org/plasma-mobile/kasts/-/tree/master/LICENSES
license = with licenses; [ bsd2 cc-by-sa-40 cc0 gpl2Only gpl2Plus gpl3Only gpl3Plus lgpl3Plus ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/kclock.nix
View File

@ -41,6 +41,6 @@ mkDerivation rec {
description = "Clock app for plasma mobile";
homepage = "https://invent.kde.org/plasma-mobile/kclock";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/keysmith.nix
View File

@ -34,7 +34,7 @@ mkDerivation rec {
mainProgram = "keysmith";
license = licenses.gpl3;
homepage = "https://github.com/KDE/keysmith";
maintainers = with maintainers; [ samueldr shamilton ];
maintainers = with maintainers; [ shamilton ];
platforms = platforms.linux;
};
}

2
pkgs/applications/kde/koko.nix
View File

@ -77,6 +77,6 @@ mkDerivation rec {
homepage = "https://apps.kde.org/koko/";
# LGPL-2.1-only OR LGPL-3.0-only OR LicenseRef-KDE-Accepted-LGPL
license = [ licenses.lgpl3Only licenses.lgpl21Only ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/konquest.nix
View File

@ -26,6 +26,6 @@ mkDerivation {
description = "Galactic strategy game";
mainProgram = "konquest";
license = with lib.licenses; [ gpl2 ];
maintainers = with lib.maintainers; [ lheckemann ];
maintainers = with lib.maintainers; [ ];
};
}

2
pkgs/applications/kde/kpublictransport.nix
View File

@ -10,7 +10,7 @@ mkDerivation {
pname = "kpublictransport";
meta = with lib; {
license = [ licenses.cc0 ];
maintainers = [ maintainers.samueldr ];
maintainers = [ ];
};
nativeBuildInputs = [ extra-cmake-modules ];

2
pkgs/applications/kde/krecorder.nix
View File

@ -38,6 +38,6 @@ mkDerivation rec {
mainProgram = "krecorder";
homepage = "https://invent.kde.org/plasma-mobile/krecorder";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/ktrip.nix
View File

@ -43,6 +43,6 @@ mkDerivation rec {
homepage = "https://apps.kde.org/ktrip/";
# GPL-2.0-or-later
license = licenses.gpl2Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/kweather.nix
View File

@ -44,6 +44,6 @@ mkDerivation rec {
mainProgram = "kweather";
homepage = "https://invent.kde.org/plasma-mobile/kweather";
license = with licenses; [ gpl2Plus cc-by-40 ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/kde/libkdegames.nix
View File

@ -20,6 +20,6 @@ mkDerivation {
];
meta = {
license = with lib.licenses; [ gpl2 ];
maintainers = with lib.maintainers; [ lheckemann ];
maintainers = with lib.maintainers; [ ];
};
}

48
pkgs/applications/misc/auto-multiple-choice/default.nix
View File

@ -37,31 +37,28 @@ stdenv.mkDerivation (finalAttrs: rec {
makeFlags = [
"PERLPATH=${perl}/bin/perl"
# We *need* to pass DESTDIR, as the Makefile ignores PREFIX.
"DESTDIR=$(out)"
# Relative paths.
"BINDIR=/bin"
"PERLDIR=/share/perl5"
"MODSDIR=/lib" # At runtime, AMC will test for that dir before
# defaulting to the "portable" strategy we use, so this test
# *must* fail. *But* this variable cannot be set to anything but
# "/lib" , because that name is hardcoded in the main executable
# and this variable controls both both the path AMC will check at
# runtime, AND the path where the actual modules will be stored at
# build-time. This has been reported upstream as
# https://project.auto-multiple-choice.net/issues/872
"TEXDIR=/tex/latex/" # what texlive.combine expects
"TEXDOCDIR=/share/doc/texmf/" # TODO where to put this?
"MAN1DIR=/share/man/man1"
"DESKTOPDIR=/share/applications"
"METAINFODIR=/share/metainfo"
"ICONSDIR=/share/auto-multiple-choice/icons"
"APPICONDIR=/share/icons/hicolor"
"LOCALEDIR=/share/locale"
"MODELSDIR=/share/auto-multiple-choice/models"
"DOCDIR=/share/doc/auto-multiple-choice"
"SHARED_MIMEINFO_DIR=/share/mime/packages"
"LANG_GTKSOURCEVIEW_DIR=/share/gtksourceview-4/language-specs"
# We *need* to set DESTDIR as empty and use absolute paths below,
# because the Makefile ignores PREFIX and MODSDIR is required to
# be an absolute path to not trigger "portable distribution" check
# in auto-multiple-choice.in.
"DESTDIR="
# Set variables from Makefile.conf to absolute paths
"BINDIR=${placeholder "out"}/bin"
"PERLDIR=${placeholder "out"}/share/perl5"
"MODSDIR=${placeholder "out"}/lib"
"TEXDIR=${placeholder "out"}/tex/latex/" # what texlive.combine expects
"TEXDOCDIR=${placeholder "out"}/share/doc/texmf/" # TODO where to put this?
"MAN1DIR=${placeholder "out"}/share/man/man1"
"DESKTOPDIR=${placeholder "out"}/share/applications"
"METAINFODIR=${placeholder "out"}/share/metainfo"
"ICONSDIR=${placeholder "out"}/share/auto-multiple-choice/icons"
"CSSDIR=${placeholder "out"}/share/auto-multiple-choice/gtk"
"APPICONDIR=${placeholder "out"}/share/icons/hicolor"
"LOCALEDIR=${placeholder "out"}/share/locale"
"MODELSDIR=${placeholder "out"}/share/auto-multiple-choice/models"
"DOCDIR=${placeholder "out"}/share/doc/auto-multiple-choice"
"SHARED_MIMEINFO_DIR=${placeholder "out"}/share/mime/packages"
"LANG_GTKSOURCEVIEW_DIR=${placeholder "out"}/share/gtksourceview-4/language-specs"
# Pretend to be redhat so `install` doesn't try to chown/chgrp.
"SYSTEM_TYPE=rpm"
"GCC=${stdenv.cc.targetPrefix}cc"
@ -93,6 +90,7 @@ stdenv.mkDerivation (finalAttrs: rec {
XMLWriter
]}:"$out/share/perl5 \
--prefix XDG_DATA_DIRS : "$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--prefix PATH : "$out/bin" \
--set TEXINPUTS ":.:$out/tex/latex"
'';

2
pkgs/applications/misc/bemenu/default.nix
View File

@ -44,7 +44,7 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ lheckemann ];
maintainers = with maintainers; [ ];
mainProgram = "bemenu";
platforms = with platforms; linux;
};

2
pkgs/applications/misc/librecad/default.nix
View File

@ -72,7 +72,7 @@ mkDerivation rec {
description = "2D CAD package based on Qt";
homepage = "https://librecad.org";
license = licenses.gpl2Only;
maintainers = with maintainers; [ kiwi viric ];
maintainers = with maintainers; [ viric ];
platforms = platforms.linux;
};
}

2
pkgs/applications/misc/maliit-framework/default.nix
View File

@ -73,6 +73,6 @@ mkDerivation rec {
mainProgram = "maliit-server";
homepage = "http://maliit.github.io/";
license = licenses.lgpl21Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/misc/maliit-keyboard/default.nix
View File

@ -69,6 +69,6 @@ mkDerivation rec {
mainProgram = "maliit-keyboard";
homepage = "http://maliit.github.io/";
license = with licenses; [ lgpl3Only bsd3 cc-by-30 ];
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

4
pkgs/applications/misc/obsidian/default.nix
View File

@ -8,6 +8,7 @@
, writeScript
, undmg
, unzip
, commandLineArgs ? ""
}:
let
inherit (stdenv.hostPlatform) system;
@ -52,7 +53,8 @@ let
mkdir -p $out/bin
makeWrapper ${electron}/bin/electron $out/bin/obsidian \
--add-flags $out/share/obsidian/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}"
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}" \
--add-flags ${lib.escapeShellArg commandLineArgs}
install -m 444 -D resources/app.asar $out/share/obsidian/app.asar
install -m 444 -D resources/obsidian.asar $out/share/obsidian/obsidian.asar
install -m 444 -D "${desktopItem}/share/applications/"* \

4
pkgs/applications/misc/transifex-cli/default.nix
View File

@ -5,13 +5,13 @@
buildGoModule rec {
pname = "transifex-cli";
version = "1.6.13";
version = "1.6.14";
src = fetchFromGitHub {
owner = "transifex";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-SVXrrpkz2veA1L5p88iGQxHAUtySiYge0ffY2HyVCr0=";
sha256 = "sha256-yKkRoeq0hPYMjZcoL9h3l8FimnCjjVSlk9whliEnkzE=";
};
vendorHash = "sha256-rcimaHr3fFeHSjZXw1w23cKISCT+9t8SgtPnY/uYGAU=";

2
pkgs/applications/networking/calls/default.nix
View File

@ -110,7 +110,7 @@ stdenv.mkDerivation rec {
longDescription = "GNOME Calls is a phone dialer and call handler. Setting NixOS option `programs.calls.enable = true` is recommended.";
homepage = "https://gitlab.gnome.org/GNOME/calls";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ craigem lheckemann ];
maintainers = with maintainers; [ craigem ];
platforms = platforms.linux;
mainProgram = "gnome-calls";
};

4
pkgs/applications/networking/cluster/arkade/default.nix
View File

@ -7,13 +7,13 @@
buildGoModule rec {
pname = "arkade";
version = "0.11.15";
version = "0.11.16";
src = fetchFromGitHub {
owner = "alexellis";
repo = "arkade";
rev = version;
hash = "sha256-tfJ9LTPu8B6xlIkAKmbl2d2GLY9p4VcOQGOC5TTx9Cs=";
hash = "sha256-i/wEgUK4NxFonZXJKuhLHBgCXQ25A/UDyavhJdjuJ+M=";
};
CGO_ENABLED = 0;

2
pkgs/applications/networking/cluster/nixops/plugins/nixops-digitalocean.nix
View File

@ -48,6 +48,6 @@ buildPythonPackage {
description = "NixOps Digitalocean plugin";
homepage = "https://github.com/nix-community/nixops-digitalocean";
license = licenses.lgpl3Only;
maintainers = with maintainers; [ kiwi ];
maintainers = with maintainers; [ ];
};
}

1
pkgs/applications/networking/cluster/opentofu/default.nix
View File

@ -58,7 +58,6 @@ let
changelog = "https://github.com/opentofu/opentofu/blob/v${version}/CHANGELOG.md";
license = licenses.mpl20;
maintainers = with maintainers; [
gmemstr
nickcao
zowoq
];

1529
pkgs/applications/networking/instant-messengers/cinny-desktop/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

4
pkgs/applications/networking/instant-messengers/cinny-desktop/default.nix
View File

@ -21,13 +21,13 @@
rustPlatform.buildRustPackage rec {
pname = "cinny-desktop";
# We have to be using the same version as cinny-web or this isn't going to work.
version = "3.1.0";
version = "3.2.0";
src = fetchFromGitHub {
owner = "cinnyapp";
repo = "cinny-desktop";
rev = "v${version}";
hash = "sha256-v5D0/EHVQ2xo7TGo+jZoRDBVFczkaZu2ka6QpwV4dpw=";
hash = "sha256-uHGqvulH7/9JpUjkpcbCh1pPvX4/ndVIKcBXzWmDo+s=";
};
sourceRoot = "${src.name}/src-tauri";

6
pkgs/applications/networking/instant-messengers/cinny/default.nix
View File

@ -18,16 +18,16 @@ let
in
buildNpmPackage rec {
pname = "cinny";
version = "3.1.0";
version = "3.2.0";
src = fetchFromGitHub {
owner = "cinnyapp";
repo = "cinny";
rev = "v${version}";
hash = "sha256-GcygxK9NcGlv4rwxQCJqi0BhNlOTFxjGB8mbfTaBMOk=";
hash = "sha256-wAa7y2mXPkXAfirRSFqwZYIJK0CKDzZG8ULzXzr4zZ4=";
};
npmDepsHash = "sha256-4R+To2LhcnEM9x1noo6MhCckyBKgPWiAi7zgDqAmaN0=";
npmDepsHash = "sha256-dVdylvclUIHvF5syVumdxkXR4bG1FA4LOYg3GmnNzXE=";
# Fix error: no member named 'aligned_alloc' in the global namespace
env.NIX_CFLAGS_COMPILE = lib.optionalString (

4
pkgs/applications/networking/instant-messengers/signal-desktop/signal-desktop-beta.nix
View File

@ -2,7 +2,7 @@
callPackage ./generic.nix { } rec {
pname = "signal-desktop-beta";
dir = "Signal Beta";
version = "7.13.0-beta.1";
version = "7.14.0-beta.1";
url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop-beta/signal-desktop-beta_${version}_amd64.deb";
hash = "sha256-DvYRvIA+rg4RKXbqWjWj7oFnfLboEiMeP7HgGYkRBDM=";
hash = "sha256-SC7CCqylPkc/qmlSYlXJcVWGi1+hvRQ9qBGR6wqo6sk=";
}

4
pkgs/applications/networking/instant-messengers/signal-desktop/signal-desktop.nix
View File

@ -2,7 +2,7 @@
callPackage ./generic.nix { } rec {
pname = "signal-desktop";
dir = "Signal";
version = "7.12.0";
version = "7.13.0";
url = "https://updates.signal.org/desktop/apt/pool/s/signal-desktop/signal-desktop_${version}_amd64.deb";
hash = "sha256-k8Dp3MiWRNpWEGqYtt5o8FtL3fJ9AkIm+hjvW8r6qG0=";
hash = "sha256-lwo5O8UAjjMuaeM8J804oN+y72uYZBL+eP/NwpnD4H0=";
}

6
pkgs/applications/networking/instant-messengers/twitch-tui/default.nix
View File

@ -11,16 +11,16 @@
rustPlatform.buildRustPackage rec {
pname = "twitch-tui";
version = "2.6.11";
version = "2.6.12";
src = fetchFromGitHub {
owner = "Xithrius";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-3Ibf9UULQ0NQ6+oVvLVxUsSSaQ4ilxLehBPZhkrzILQ=";
hash = "sha256-mEpeuopMzZhWOAikEP7Er8xcgNkGbCTkJJYrQr7GrBQ=";
};
cargoHash = "sha256-GK9P+IytkfhfogvPLuYF9+ngs2vr6Quv+v+Rai2cgx8=";
cargoHash = "sha256-U9L4SrYTAUcQ9/2f8tD7jxByVQS9P6OXpra6QvbhNNg=";
nativeBuildInputs = [
pkg-config

1
pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
View File

@ -60,7 +60,6 @@ let
license = licenses.gpl3Plus;
maintainers = with maintainers; [
arianvp
kiwi
toonn
];
platforms = platforms.darwin ++ [

2
pkgs/applications/networking/remote/freerdp/3.nix
View File

@ -202,7 +202,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
homepage = "https://www.freerdp.com/";
license = licenses.asl20;
maintainers = with maintainers; [ peterhoeg lheckemann ];
maintainers = with maintainers; [ peterhoeg ];
platforms = platforms.unix;
};
})

2
pkgs/applications/networking/remote/freerdp/default.nix
View File

@ -207,7 +207,7 @@ stdenv.mkDerivation rec {
homepage = "https://www.freerdp.com/";
changelog = "https://github.com/FreeRDP/FreeRDP/releases/tag/${src.rev}";
license = licenses.asl20;
maintainers = with maintainers; [ peterhoeg lheckemann ];
maintainers = with maintainers; [ peterhoeg ];
platforms = platforms.unix;
};
}

6
pkgs/applications/networking/znc/modules.nix
View File

@ -77,7 +77,7 @@ in
description = "ZNC clientaway module";
homepage = "https://github.com/kylef/znc-contrib";
license = licenses.gpl2;
maintainers = with maintainers; [ kiwi ];
maintainers = with maintainers; [ ];
};
};
@ -117,7 +117,7 @@ in
description = "ZNC ignore module";
homepage = "https://github.com/kylef/znc-contrib";
license = licenses.gpl2;
maintainers = with maintainers; [ kiwi ];
maintainers = with maintainers; [ ];
};
};
@ -137,7 +137,7 @@ in
description = "Palaver ZNC module";
homepage = "https://github.com/cocodelabs/znc-palaver";
license = licenses.mit;
maintainers = with maintainers; [ kiwi szlend ];
maintainers = with maintainers; [ szlend ];
};
};

1
pkgs/applications/office/scribus/default.nix
View File

@ -70,7 +70,6 @@ stdenv.mkDerivation (finalAttrs: {
meta = with lib; {
maintainers = with maintainers; [
kiwi
arthsmn
];
description = "Desktop Publishing (DTP) and Layout program";

2
pkgs/applications/plasma-mobile/plasma-dialer.nix
View File

@ -82,6 +82,6 @@ mkDerivation rec {
mainProgram = "plasmaphonedialer";
homepage = "https://invent.kde.org/plasma-mobile/plasma-dialer";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/plasma-mobile/plasma-phonebook.nix
View File

@ -37,6 +37,6 @@ mkDerivation rec {
homepage = "https://invent.kde.org/plasma-mobile/plasma-phonebook";
# https://invent.kde.org/plasma-mobile/plasma-phonebook/-/commit/3ac27760417e51c051c5dd44155c3f42dd000e4f
license = licenses.gpl3Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/plasma-mobile/plasma-settings.nix
View File

@ -53,6 +53,6 @@ mkDerivation rec {
homepage = "https://invent.kde.org/plasma-mobile/plasma-settings";
# https://invent.kde.org/plasma-mobile/plasma-settings/-/commit/a59007f383308503e59498b3036e1483bca26e35
license = licenses.gpl2Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

2
pkgs/applications/plasma-mobile/spacebar.nix
View File

@ -52,6 +52,6 @@ mkDerivation {
mainProgram = "spacebar";
homepage = "https://invent.kde.org/plasma-mobile/spacebar";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ samueldr ];
maintainers = with maintainers; [ ];
};
}

4
pkgs/applications/science/logic/cbmc/default.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation rec {
pname = "cbmc";
version = "5.95.1";
version = "6.0.0";
src = fetchFromGitHub {
owner = "diffblue";
repo = pname;
rev = "${pname}-${version}";
sha256 = "sha256-fDLSo5EeHyPTliAqFp+5mfaB0iZXIMXeMyF21fjl5k4=";
sha256 = "sha256-mPRkkKN7Hz9Qi6a3fEwVFh7a9OaBFcksNw9qwNOarao=";
};
nativeBuildInputs = [

6
pkgs/applications/science/math/eigenmath/default.nix
View File

@ -7,13 +7,13 @@
stdenv.mkDerivation rec {
pname = "eigenmath";
version = "3.26-unstable-2024-06-09";
version = "3.27-unstable-2024-06-20";
src = fetchFromGitHub {
owner = "georgeweigt";
repo = pname;
rev = "285fc0133f0e7bb5e1e220b75246ce542ae50269";
hash = "sha256-ddED3PaHSSupe/QqMYj88GCmh9IrRvpAd4/WEpRTN00=";
rev = "c3e3da104dbef888c3e52659134d5e9bdc12764d";
hash = "sha256-fqCphnRQw79v7ZTCZU9ucm/R7BKY7yCZYDSnxD7uRS8=";
};
checkPhase = let emulator = stdenv.hostPlatform.emulator buildPackages; in ''

7
pkgs/applications/system/glances/default.nix
View File

@ -26,14 +26,15 @@
buildPythonApplication rec {
pname = "glances";
version = "4.0.7";
# use unstable to fix a build error for aarch64.
version = "4.0.8-unstable-2024-06-09";
disabled = isPyPy;
src = fetchFromGitHub {
owner = "nicolargo";
repo = "glances";
rev = "refs/tags/v${version}";
hash = "sha256-Vfsco8Wno57aPM7PtwCc/gI+6FnAG3H/t5OAUngDU5o=";
rev = "051006e12f7c90281dda4af60871b535b0dcdcb9";
hash = "sha256-iCK5soTACQwtCVMmMsFaqXvZtTKX9WbTul0mUeSWC2M=";
};
# On Darwin this package segfaults due to mismatch of pure and impure

2
pkgs/applications/version-management/git-publish/default.nix
View File

@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
meta = {
description = "Prepare and store patch revisions as git tags";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.lheckemann ];
maintainers = [ ];
homepage = "https://github.com/stefanha/git-publish";
mainProgram = "git-publish";
};

4
pkgs/applications/video/flowblade/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "flowblade";
version = "2.16.2";
version = "2.16.3";
src = fetchFromGitHub {
owner = "jliljebl";
repo = pname;
rev = "v${version}";
sha256 = "sha256-dLrrV+ZMXqcJMf69PkgLCDCCPBrUadLtT7vm06Y+1rA=";
sha256 = "sha256-WXB071lndw4/APTgwxNVjmYBvzMXZdLn1OaWqBXjW2Q=";
};
buildInputs = [

31
pkgs/applications/video/kodi/addons/skyvideoitalia/default.nix Normal file
View File

@ -0,0 +1,31 @@
{ lib, rel, buildKodiAddon, fetchzip, addonUpdateScript, requests, inputstreamhelper, simplecache }:
buildKodiAddon rec {
pname = "skyvideoitalia";
namespace = "plugin.video.skyvideoitalia";
version = "1.0.4";
src = fetchzip {
url = "https://mirrors.kodi.tv/addons/${lib.toLower rel}/${namespace}/${namespace}-${version}.zip";
sha256 = "sha256-ciLtqT++6bn7la4xRVvlRwzbbUUUPN5WU35rJpR4l+w=";
};
propagatedBuildInputs = [
requests
inputstreamhelper
simplecache
];
passthru = {
updateScript = addonUpdateScript {
attrPath = "kodi.packages.skyvideoitalia";
};
};
meta = with lib; {
homepage = "https://www.github.com/nixxo/plugin.video.skyvideoitalia";
description = "Show video content from the website of Sky Italia (video.sky.it). News, sport, entertainment and much more";
license = licenses.gpl3Plus;
maintainers = teams.kodi.members;
};
}

4
pkgs/applications/video/mlv-app/default.nix
View File

@ -54,9 +54,7 @@ mkDerivation rec {
description = "All in one MLV processing app that is pretty great";
homepage = "https://mlv.app";
license = licenses.gpl3;
maintainers = with maintainers; [
kiwi
];
maintainers = with maintainers; [ ];
platforms = platforms.linux;
mainProgram = "mlvapp";
};

6
pkgs/applications/virtualization/docker/compose.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "docker-compose";
version = "2.27.1";
version = "2.27.2";
src = fetchFromGitHub {
owner = "docker";
repo = "compose";
rev = "v${version}";
hash = "sha256-miAfEllN7/qDBD8UQZIfUeXSezEhmSwMo6oTDfiw2Bk=";
hash = "sha256-QwTn/oAfB1bJkPcI0oDGC4vp0xUQxjhF8+jZ+hqpr5Q=";
};
postPatch = ''
@ -16,7 +16,7 @@ buildGoModule rec {
rm -rf e2e/
'';
vendorHash = "sha256-5HJ4qaPD1pbBFKgAArW0CKNBuP7pjxswZe3rHgjsgLg=";
vendorHash = "sha256-KczMkSwYP9Ng1dYUU7+ig2VRUEOPkaWTV77c9xGqbw0=";
ldflags = [ "-X github.com/docker/compose/v2/internal.Version=${version}" "-s" "-w" ];

8
pkgs/build-support/bintools-wrapper/default.nix
View File

@ -10,15 +10,15 @@
, stdenvNoCC
, runtimeShell
, bintools ? null, libc ? null, coreutils ? null, gnugrep ? null
, netbsd ? null
, netbsd ? null, netbsdCross ? null
, sharedLibraryLoader ?
if libc == null then
null
else if stdenvNoCC.targetPlatform.isNetBSD then
if !(targetPackages ? netbsd) then
if !(targetPackages ? netbsdCross) then
netbsd.ld_elf_so
else if libc != targetPackages.netbsd.headers then
targetPackages.netbsd.ld_elf_so
else if libc != targetPackages.netbsdCross.headers then
targetPackages.netbsdCross.ld_elf_so
else
null
else

2
pkgs/build-support/kernel/make-initrd-ng-tool.nix
View File

@ -12,7 +12,7 @@ rustPlatform.buildRustPackage {
meta = {
description = "Tool for copying binaries and their dependencies";
mainProgram = "make-initrd-ng";
maintainers = with lib.maintainers; [ das_j elvishjerricco k900 lheckemann ];
maintainers = with lib.maintainers; [ das_j elvishjerricco k900 ];
license = lib.licenses.mit;
};
}

3
pkgs/build-support/ocaml/dune.nix
View File

@ -7,8 +7,7 @@ let Dune =
{ "1" = dune_1; "2" = dune_2; "3" = dune_3; }."${dune-version}"
; in
if (args ? minimumOCamlVersion && lib.versionOlder ocaml.version args.minimumOCamlVersion) ||
(args ? minimalOCamlVersion && lib.versionOlder ocaml.version args.minimalOCamlVersion)
if args ? minimalOCamlVersion && lib.versionOlder ocaml.version args.minimalOCamlVersion
then throw "${pname}-${version} is not available for OCaml ${ocaml.version}"
else

24
pkgs/build-support/rust/build-rust-crate/configure-crate.nix
View File

@ -198,13 +198,16 @@ in ''
)
set +e
EXTRA_BUILD=$(sed -n "s/^cargo:rustc-flags=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ' | sort -u)
EXTRA_FEATURES=$(sed -n "s/^cargo:rustc-cfg=\(.*\)/--cfg \1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS=$(sed -n "s/^cargo:rustc-link-arg=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS_BINS=$(sed -n "s/^cargo:rustc-link-arg-bins=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS_LIB=$(sed -n "s/^cargo:rustc-link-arg-lib=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_LIBS=$(sed -n "s/^cargo:rustc-link-lib=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_SEARCH=$(sed -n "s/^cargo:rustc-link-search=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ' | sort -u)
# We want to support the new prefix invocation syntax which uses two colons
# See https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script
EXTRA_BUILD=$(sed -n "s/^cargo::\{0,1\}rustc-flags=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ' | sort -u)
EXTRA_FEATURES=$(sed -n "s/^cargo::\{0,1\}rustc-cfg=\(.*\)/--cfg \1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS=$(sed -n "s/^cargo::\{0,1\}rustc-link-arg=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS_BINS=$(sed -n "s/^cargo::\{0,1\}rustc-link-arg-bins=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_ARGS_LIB=$(sed -n "s/^cargo::\{0,1\}rustc-link-arg-lib=\(.*\)/-C link-arg=\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_LIBS=$(sed -n "s/^cargo::\{0,1\}rustc-link-lib=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ')
EXTRA_LINK_SEARCH=$(sed -n "s/^cargo::\{0,1\}rustc-link-search=\(.*\)/\1/p" target/build/${crateName}.opt | tr '\n' ' ' | sort -u)
# We want to read part of every line that has cargo:rustc-env= prefix and
# export it as environment variables. This turns out tricky if the lines
@ -217,14 +220,15 @@ in ''
#
_OLDIFS="$IFS"
IFS=$'\n'
for env in $(sed -n "s/^cargo:rustc-env=\(.*\)/\1/p" target/build/${crateName}.opt); do
for env in $(sed -n "s/^cargo::\{0,1\}rustc-env=\(.*\)/\1/p" target/build/${crateName}.opt); do
export "$env"
done
IFS="$_OLDIFS"
CRATENAME=$(echo ${crateName} | sed -e "s/\(.*\)-sys$/\U\1/" -e "s/-/_/g")
grep -P "^cargo:(?!(rustc-|warning=|rerun-if-changed=|rerun-if-env-changed))" target/build/${crateName}.opt \
| awk -F= "/^cargo:/ { sub(/^cargo:/, \"\", \$1); gsub(/-/, \"_\", \$1); print \"export \" toupper(\"DEP_$(echo $CRATENAME)_\" \$1) \"=\" \"\\\"\"\$2\"\\\"\" }" > target/env
grep -P "^cargo:(?!:?(rustc-|warning=|rerun-if-changed=|rerun-if-env-changed))" target/build/${crateName}.opt \
| awk -F= "/^cargo::metadata=/ { gsub(/-/, \"_\", \$2); print \"export \" toupper(\"DEP_$(echo $CRATENAME)_\" \$2) \"=\" \"\\\"\"\$3\"\\\"\"; next }
/^cargo:/ { sub(/^cargo::?/, \"\", \$1); gsub(/-/, \"_\", \$1); print \"export \" toupper(\"DEP_$(echo $CRATENAME)_\" \$1) \"=\" \"\\\"\"\$2\"\\\"\"; next }" > target/env
set -e
fi
runHook postConfigure

47
pkgs/build-support/rust/build-rust-crate/test/default.nix
View File

@ -421,6 +421,53 @@ let
buildDependencies = [ depCrate ];
dependencies = [ depCrate ];
};
# Support new invocation prefix for build scripts `cargo::`
# https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script
buildScriptInvocationPrefix = let
depCrate = buildRustCrate: mkCrate buildRustCrate {
crateName = "bar";
src = mkFile "build.rs" ''
fn main() {
// Old invocation prefix
// We likely won't see be mixing these syntaxes in the same build script in the wild.
println!("cargo:key_old=value_old");
// New invocation prefix
println!("cargo::metadata=key=value");
println!("cargo::metadata=key_complex=complex(value)");
}
'';
};
in {
crateName = "foo";
src = symlinkJoin {
name = "build-script-and-main-invocation-prefix";
paths = [
(mkFile "src/main.rs" ''
const BUILDFOO: &'static str = env!("BUILDFOO");
#[test]
fn build_foo_check() { assert!(BUILDFOO == "yes(check)"); }
fn main() { }
'')
(mkFile "build.rs" ''
use std::env;
fn main() {
assert!(env::var_os("DEP_BAR_KEY_OLD").expect("metadata key 'key_old' not set in dependency") == "value_old");
assert!(env::var_os("DEP_BAR_KEY").expect("metadata key 'key' not set in dependency") == "value");
assert!(env::var_os("DEP_BAR_KEY_COMPLEX").expect("metadata key 'key_complex' not set in dependency") == "complex(value)");
println!("cargo::rustc-env=BUILDFOO=yes(check)");
}
'')
];
};
buildDependencies = [ (depCrate buildPackages.buildRustCrate) ];
dependencies = [ (depCrate buildRustCrate) ];
buildTests = true;
expectedTestOutputs = [ "test build_foo_check ... ok" ];
};
# Regression test for https://github.com/NixOS/nixpkgs/issues/74071
# Whenevever a build.rs file is generating files those should not be overlayed onto the actual source dir
buildRsOutDirOverlay = {

12
pkgs/build-support/rust/default-crate-overrides.nix
View File

@ -218,6 +218,10 @@ in
buildInputs = [ openssl ];
};
opentelemetry-proto = attrs: {
nativeBuildInputs = [ protobuf ];
};
pam-sys = attr: {
buildInputs = [ linux-pam ];
};
@ -236,6 +240,10 @@ in
nativeBuildInputs = [ protobuf ];
};
prost-wkt-types = attr: {
nativeBuildInputs = [ protobuf ];
};
rdkafka-sys = attr: {
nativeBuildInputs = [ pkg-config ];
buildInputs = [ rdkafka ];
@ -299,6 +307,10 @@ in
buildInputs = [ libsodium ];
};
tonic-reflection = attrs: {
nativeBuildInputs = [ protobuf ];
};
xcb = attrs: {
buildInputs = [ python3 ];
};

Some files were not shown because too many files have changed in this diff Show More