Merge staging-next into staging
This commit is contained in:
commit
df41014acf
@ -48,6 +48,8 @@
|
||||
|
||||
- [Localsend](https://localsend.org/), an open source cross-platform alternative to AirDrop. Available as [programs.localsend](#opt-programs.localsend.enable).
|
||||
|
||||
- [cryptpad](https://cryptpad.org/), a privacy-oriented collaborative platform (docs/drive/etc), has been added back. Available as [services.cryptpad](#opt-services.cryptpad.enable).
|
||||
|
||||
- [realm](https://github.com/zhboner/realm), a simple, high performance relay server written in rust. Available as [services.realm.enable](#opt-services.realm.enable).
|
||||
|
||||
- [Gotenberg](https://gotenberg.dev), an API server for converting files to PDFs that can be used alongside Paperless-ngx. Available as [services.gotenberg](options.html#opt-services.gotenberg).
|
||||
|
@ -1378,6 +1378,7 @@
|
||||
./services/web-apps/convos.nix
|
||||
./services/web-apps/crabfit.nix
|
||||
./services/web-apps/davis.nix
|
||||
./services/web-apps/cryptpad.nix
|
||||
./services/web-apps/dex.nix
|
||||
./services/web-apps/discourse.nix
|
||||
./services/web-apps/documize.nix
|
||||
|
@ -150,6 +150,10 @@ in
|
||||
cfg.finalPackage
|
||||
];
|
||||
environment.variables.EDITOR = lib.mkIf cfg.defaultEditor (lib.mkOverride 900 "nvim");
|
||||
# On most NixOS configurations /share is already included, so it includes
|
||||
# this directory as well. But This makes sure that /share/nvim/site paths
|
||||
# from other packages will be used by neovim.
|
||||
environment.pathsToLink = [ "/share/nvim" ];
|
||||
|
||||
environment.etc = builtins.listToAttrs (builtins.attrValues (builtins.mapAttrs
|
||||
(name: value: {
|
||||
|
@ -117,7 +117,6 @@ in
|
||||
(mkRemovedOptionModule [ "services" "virtuoso" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "openfire" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "riak" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "cryptpad" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "rtsp-simple-server" ] "Package has been completely rebranded by upstream as mediamtx, and thus the service and the package were renamed in NixOS as well.")
|
||||
(mkRemovedOptionModule [ "services" "prayer" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "restya-board" ] "The corresponding package was removed from nixpkgs.")
|
||||
|
293
nixos/modules/services/web-apps/cryptpad.nix
Normal file
293
nixos/modules/services/web-apps/cryptpad.nix
Normal file
@ -0,0 +1,293 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.services.cryptpad;
|
||||
|
||||
inherit (lib)
|
||||
mkIf
|
||||
mkMerge
|
||||
mkOption
|
||||
strings
|
||||
types
|
||||
;
|
||||
|
||||
# The Cryptpad configuration file isn't JSON, but a JavaScript source file that assigns a JSON value
|
||||
# to a variable.
|
||||
cryptpadConfigFile = builtins.toFile "cryptpad_config.js" ''
|
||||
module.exports = ${builtins.toJSON cfg.settings}
|
||||
'';
|
||||
|
||||
# Derive domain names for Nginx configuration from Cryptpad configuration
|
||||
mainDomain = strings.removePrefix "https://" cfg.settings.httpUnsafeOrigin;
|
||||
sandboxDomain =
|
||||
if cfg.settings.httpSafeOrigin == null then
|
||||
mainDomain
|
||||
else
|
||||
strings.removePrefix "https://" cfg.settings.httpSafeOrigin;
|
||||
|
||||
in
|
||||
{
|
||||
options.services.cryptpad = {
|
||||
enable = lib.mkEnableOption "cryptpad";
|
||||
|
||||
package = lib.mkPackageOption pkgs "cryptpad" { };
|
||||
|
||||
configureNginx = mkOption {
|
||||
description = ''
|
||||
Configure Nginx as a reverse proxy for Cryptpad.
|
||||
Note that this makes some assumptions on your setup, and sets settings that will
|
||||
affect other virtualHosts running on your Nginx instance, if any.
|
||||
Alternatively you can configure a reverse-proxy of your choice.
|
||||
'';
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Cryptpad configuration settings.
|
||||
See https://github.com/cryptpad/cryptpad/blob/main/config/config.example.js for a more extensive
|
||||
reference documentation.
|
||||
Test your deployed instance through `https://<domain>/checkup/`.
|
||||
'';
|
||||
type = types.submodule {
|
||||
freeformType = (pkgs.formats.json { }).type;
|
||||
options = {
|
||||
httpUnsafeOrigin = mkOption {
|
||||
type = types.str;
|
||||
example = "https://cryptpad.example.com";
|
||||
default = "";
|
||||
description = "This is the URL that users will enter to load your instance";
|
||||
};
|
||||
httpSafeOrigin = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
example = "https://cryptpad-ui.example.com. Apparently optional but recommended.";
|
||||
description = "Cryptpad sandbox URL";
|
||||
};
|
||||
httpAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = "Address on which the Node.js server should listen";
|
||||
};
|
||||
httpPort = mkOption {
|
||||
type = types.int;
|
||||
default = 3000;
|
||||
description = "Port on which the Node.js server should listen";
|
||||
};
|
||||
websocketPort = mkOption {
|
||||
type = types.int;
|
||||
default = 3003;
|
||||
description = "Port for the websocket that needs to be separate";
|
||||
};
|
||||
maxWorkers = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
default = null;
|
||||
description = "Number of child processes, defaults to number of cores available";
|
||||
};
|
||||
adminKeys = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "List of public signing keys of users that can access the admin panel";
|
||||
example = [ "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]" ];
|
||||
};
|
||||
logToStdout = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Controls whether log output should go to stdout of the systemd service";
|
||||
};
|
||||
logLevel = mkOption {
|
||||
type = types.str;
|
||||
default = "info";
|
||||
description = "Controls log level";
|
||||
};
|
||||
blockDailyCheck = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Disable telemetry. This setting is only effective if the 'Disable server telemetry'
|
||||
setting in the admin menu has been untouched, and will be ignored by cryptpad once
|
||||
that option is set either way.
|
||||
Note that due to the service confinement, just enabling the option in the admin
|
||||
menu will not be able to resolve DNS and fail; this setting must be set as well.
|
||||
'';
|
||||
};
|
||||
installMethod = mkOption {
|
||||
type = types.str;
|
||||
default = "nixos";
|
||||
description = ''
|
||||
Install method is listed in telemetry if you agree to it through the consentToContact
|
||||
setting in the admin panel.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{
|
||||
systemd.services.cryptpad = {
|
||||
description = "Cryptpad service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "networking.target" ];
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [
|
||||
cryptpadConfigFile
|
||||
# apparently needs proc for workers management
|
||||
"/proc"
|
||||
"/dev/urandom"
|
||||
];
|
||||
DynamicUser = true;
|
||||
Environment = [
|
||||
"CRYPTPAD_CONFIG=${cryptpadConfigFile}"
|
||||
"HOME=%S/cryptpad"
|
||||
];
|
||||
ExecStart = lib.getExe cfg.package;
|
||||
Restart = "always";
|
||||
StateDirectory = "cryptpad";
|
||||
WorkingDirectory = "%S/cryptpad";
|
||||
# security way too many numerous options, from the systemd-analyze security output
|
||||
# at end of test: block everything except
|
||||
# - SystemCallFiters=@resources is required for node
|
||||
# - MemoryDenyWriteExecute for node JIT
|
||||
# - RestrictAddressFamilies=~AF_(INET|INET6) / PrivateNetwork to bind to sockets
|
||||
# - IPAddressDeny likewise allow localhost if binding to localhost or any otherwise
|
||||
# - PrivateUsers somehow service doesn't start with that
|
||||
# - DeviceAllow (char-rtc r added by ProtectClock)
|
||||
AmbientCapabilities = "";
|
||||
CapabilityBoundingSet = "";
|
||||
DeviceAllow = "";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RuntimeDirectoryMode = "700";
|
||||
SocketBindAllow = [
|
||||
"tcp:${builtins.toString cfg.settings.httpPort}"
|
||||
"tcp:${builtins.toString cfg.settings.websocketPort}"
|
||||
];
|
||||
SocketBindDeny = [ "any" ];
|
||||
StateDirectoryMode = "0700";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@pkey"
|
||||
"@system-service"
|
||||
"~@chown"
|
||||
"~@keyring"
|
||||
"~@memlock"
|
||||
"~@privileged"
|
||||
"~@resources"
|
||||
"~@setuid"
|
||||
"~@timer"
|
||||
];
|
||||
UMask = "0077";
|
||||
};
|
||||
confinement = {
|
||||
enable = true;
|
||||
binSh = null;
|
||||
mode = "chroot-only";
|
||||
};
|
||||
};
|
||||
}
|
||||
# block external network access if not phoning home and
|
||||
# binding to localhost (default)
|
||||
(mkIf
|
||||
(
|
||||
cfg.settings.blockDailyCheck
|
||||
&& (builtins.elem cfg.settings.httpAddress [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
])
|
||||
)
|
||||
{
|
||||
systemd.services.cryptpad = {
|
||||
serviceConfig = {
|
||||
IPAddressAllow = [ "localhost" ];
|
||||
IPAddressDeny = [ "any" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
# .. conversely allow DNS & TLS if telemetry is explicitly enabled
|
||||
(mkIf (!cfg.settings.blockDailyCheck) {
|
||||
systemd.services.cryptpad = {
|
||||
serviceConfig = {
|
||||
BindReadOnlyPaths = [
|
||||
"-/etc/resolv.conf"
|
||||
"-/run/systemd"
|
||||
"/etc/hosts"
|
||||
"/etc/ssl/certs/ca-certificates.crt"
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf cfg.configureNginx {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.settings.httpUnsafeOrigin != "";
|
||||
message = "services.cryptpad.settings.httpUnsafeOrigin is required";
|
||||
}
|
||||
{
|
||||
assertion = strings.hasPrefix "https://" cfg.settings.httpUnsafeOrigin;
|
||||
message = "services.cryptpad.settings.httpUnsafeOrigin must start with https://";
|
||||
}
|
||||
{
|
||||
assertion =
|
||||
cfg.settings.httpSafeOrigin == null || strings.hasPrefix "https://" cfg.settings.httpSafeOrigin;
|
||||
message = "services.cryptpad.settings.httpSafeOrigin must start with https:// (or be unset)";
|
||||
}
|
||||
];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
virtualHosts = mkMerge [
|
||||
{
|
||||
"${mainDomain}" = {
|
||||
serverAliases = lib.optionals (cfg.settings.httpSafeOrigin != null) [ sandboxDomain ];
|
||||
enableACME = lib.mkDefault true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${cfg.settings.httpAddress}:${builtins.toString cfg.settings.httpPort}";
|
||||
extraConfig = ''
|
||||
client_max_body_size 150m;
|
||||
'';
|
||||
};
|
||||
locations."/cryptpad_websocket" = {
|
||||
proxyPass = "http://${cfg.settings.httpAddress}:${builtins.toString cfg.settings.websocketPort}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
})
|
||||
]);
|
||||
}
|
@ -235,6 +235,7 @@ in {
|
||||
couchdb = handleTest ./couchdb.nix {};
|
||||
crabfit = handleTest ./crabfit.nix {};
|
||||
cri-o = handleTestOn ["aarch64-linux" "x86_64-linux"] ./cri-o.nix {};
|
||||
cryptpad = runTest ./cryptpad.nix;
|
||||
cups-pdf = handleTest ./cups-pdf.nix {};
|
||||
curl-impersonate = handleTest ./curl-impersonate.nix {};
|
||||
custom-ca = handleTest ./custom-ca.nix {};
|
||||
|
71
nixos/tests/cryptpad.nix
Normal file
71
nixos/tests/cryptpad.nix
Normal file
@ -0,0 +1,71 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
certs = pkgs.runCommand "cryptpadSelfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
|
||||
mkdir -p $out
|
||||
cd $out
|
||||
openssl req -x509 -newkey rsa:4096 \
|
||||
-keyout key.pem -out cert.pem -nodes -days 3650 \
|
||||
-subj '/CN=cryptpad.localhost' \
|
||||
-addext 'subjectAltName = DNS.1:cryptpad.localhost, DNS.2:cryptpad-sandbox.localhost'
|
||||
'';
|
||||
# data sniffed from cryptpad's /checkup network trace, seems to be re-usable
|
||||
test_write_data = pkgs.writeText "cryptpadTestData" ''
|
||||
{"command":"WRITE_BLOCK","content":{"publicKey":"O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik=","signature":"aXcM9SMO59lwA7q7HbYB+AnzymmxSyy/KhkG/cXIBVzl8v+kkPWXmFuWhcuKfRF8yt3Zc3ktIsHoFyuyDSAwAA==","ciphertext":"AFwCIfBHKdFzDKjMg4cu66qlJLpP+6Yxogbl3o9neiQou5P8h8yJB8qgnQ=="},"publicKey":"O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik=","nonce":"bitSbJMNSzOsg98nEzN80a231PCkBQeH"}
|
||||
'';
|
||||
in
|
||||
{
|
||||
name = "cryptpad";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ martinetd ];
|
||||
};
|
||||
|
||||
nodes.machine = {
|
||||
services.cryptpad = {
|
||||
enable = true;
|
||||
configureNginx = true;
|
||||
settings = {
|
||||
httpUnsafeOrigin = "https://cryptpad.localhost";
|
||||
httpSafeOrigin = "https://cryptpad-sandbox.localhost";
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts."cryptpad.localhost" = {
|
||||
enableACME = false;
|
||||
sslCertificate = "${certs}/cert.pem";
|
||||
sslCertificateKey = "${certs}/key.pem";
|
||||
};
|
||||
};
|
||||
security = {
|
||||
pki.certificateFiles = [ "${certs}/cert.pem" ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("cryptpad.service")
|
||||
machine.wait_for_unit("nginx.service")
|
||||
machine.wait_for_open_port(3000)
|
||||
|
||||
# test home page
|
||||
machine.succeed("curl --fail https://cryptpad.localhost -o /tmp/cryptpad_home.html")
|
||||
machine.succeed("grep -F 'CryptPad: Collaboration suite' /tmp/cryptpad_home.html")
|
||||
|
||||
# test scripts/build.js actually generated customize content from config
|
||||
machine.succeed("grep -F 'meta property=\"og:url\" content=\"https://cryptpad.localhost/index.html' /tmp/cryptpad_home.html")
|
||||
|
||||
# make sure child pages are accessible (e.g. check nginx try_files paths)
|
||||
machine.succeed(
|
||||
"grep -oE '/(customize|components)[^\"]*' /tmp/cryptpad_home.html"
|
||||
" | while read -r page; do"
|
||||
" curl -O --fail https://cryptpad.localhost$page || exit;"
|
||||
" done")
|
||||
|
||||
# test some API (e.g. check cryptpad main process)
|
||||
machine.succeed("curl --fail -d @${test_write_data} -H 'Content-Type: application/json' https://cryptpad.localhost/api/auth")
|
||||
|
||||
# test telemetry has been disabled
|
||||
machine.fail("journalctl -u cryptpad | grep TELEMETRY");
|
||||
|
||||
# for future improvements
|
||||
machine.log(machine.execute("systemd-analyze security cryptpad.service")[1])
|
||||
'';
|
||||
}
|
@ -1,16 +1,25 @@
|
||||
{ stdenv
|
||||
, pname
|
||||
, version
|
||||
, src
|
||||
, meta
|
||||
, unzip
|
||||
, undmg
|
||||
{
|
||||
stdenv,
|
||||
pname,
|
||||
version,
|
||||
src,
|
||||
meta,
|
||||
unzip,
|
||||
undmg,
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
inherit pname version src meta;
|
||||
inherit
|
||||
pname
|
||||
version
|
||||
src
|
||||
meta
|
||||
;
|
||||
|
||||
nativeBuildInputs = [ unzip undmg ];
|
||||
nativeBuildInputs = [
|
||||
unzip
|
||||
undmg
|
||||
];
|
||||
|
||||
sourceRoot = ".";
|
||||
|
||||
|
@ -1,13 +1,14 @@
|
||||
{ stdenv
|
||||
, callPackage
|
||||
, channel ? "stable"
|
||||
, fetchurl
|
||||
, lib
|
||||
# This is only relevant for Linux, so we need to pass it through
|
||||
, polkitPolicyOwners ? [ ] }:
|
||||
{
|
||||
stdenv,
|
||||
callPackage,
|
||||
channel ? "stable",
|
||||
fetchurl,
|
||||
lib,
|
||||
# This is only relevant for Linux, so we need to pass it through
|
||||
polkitPolicyOwners ? [ ],
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
pname = "1password";
|
||||
version = if channel == "stable" then "8.10.36" else "8.10.38-13.BETA";
|
||||
|
||||
@ -51,19 +52,46 @@ let
|
||||
};
|
||||
|
||||
src = fetchurl {
|
||||
inherit (sources.${channel}.${stdenv.system} or (throw "unsupported system ${stdenv.hostPlatform.system}")) url hash;
|
||||
inherit
|
||||
(sources.${channel}.${stdenv.system} or (throw "unsupported system ${stdenv.hostPlatform.system}"))
|
||||
url
|
||||
hash
|
||||
;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
meta = {
|
||||
# Requires to be installed in "/Application" which is not possible for now (https://github.com/NixOS/nixpkgs/issues/254944)
|
||||
broken = stdenv.isDarwin;
|
||||
description = "Multi-platform password manager";
|
||||
homepage = "https://1password.com/";
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ timstott savannidgerinel sebtm ];
|
||||
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
|
||||
license = lib.licenses.unfree;
|
||||
maintainers = with lib.maintainers; [
|
||||
timstott
|
||||
savannidgerinel
|
||||
sebtm
|
||||
];
|
||||
platforms = builtins.attrNames sources.${channel};
|
||||
mainProgram = "1password";
|
||||
};
|
||||
|
||||
in if stdenv.isDarwin
|
||||
then callPackage ./darwin.nix { inherit pname version src meta; }
|
||||
else callPackage ./linux.nix { inherit pname version src meta polkitPolicyOwners; }
|
||||
in
|
||||
if stdenv.isDarwin then
|
||||
callPackage ./darwin.nix {
|
||||
inherit
|
||||
pname
|
||||
version
|
||||
src
|
||||
meta
|
||||
;
|
||||
}
|
||||
else
|
||||
callPackage ./linux.nix {
|
||||
inherit
|
||||
pname
|
||||
version
|
||||
src
|
||||
meta
|
||||
polkitPolicyOwners
|
||||
;
|
||||
}
|
||||
|
@ -1,55 +1,65 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, pname
|
||||
, version
|
||||
, src
|
||||
, meta
|
||||
, makeShellWrapper
|
||||
, wrapGAppsHook3
|
||||
, alsa-lib
|
||||
, at-spi2-atk
|
||||
, at-spi2-core
|
||||
, atk
|
||||
, cairo
|
||||
, cups
|
||||
, dbus
|
||||
, expat
|
||||
, gdk-pixbuf
|
||||
, glib
|
||||
, gtk3
|
||||
, libX11
|
||||
, libXcomposite
|
||||
, libXdamage
|
||||
, libXext
|
||||
, libXfixes
|
||||
, libXrandr
|
||||
, libdrm
|
||||
, libxcb
|
||||
, libxkbcommon
|
||||
, libxshmfence
|
||||
, libGL
|
||||
, libappindicator-gtk3
|
||||
, mesa
|
||||
, nspr
|
||||
, nss
|
||||
, pango
|
||||
, systemd
|
||||
, udev
|
||||
, xdg-utils
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
pname,
|
||||
version,
|
||||
src,
|
||||
meta,
|
||||
makeShellWrapper,
|
||||
wrapGAppsHook3,
|
||||
alsa-lib,
|
||||
at-spi2-atk,
|
||||
at-spi2-core,
|
||||
atk,
|
||||
cairo,
|
||||
cups,
|
||||
dbus,
|
||||
expat,
|
||||
gdk-pixbuf,
|
||||
glib,
|
||||
gtk3,
|
||||
libX11,
|
||||
libXcomposite,
|
||||
libXdamage,
|
||||
libXext,
|
||||
libXfixes,
|
||||
libXrandr,
|
||||
libdrm,
|
||||
libxcb,
|
||||
libxkbcommon,
|
||||
libxshmfence,
|
||||
libGL,
|
||||
libappindicator-gtk3,
|
||||
mesa,
|
||||
nspr,
|
||||
nss,
|
||||
pango,
|
||||
systemd,
|
||||
udev,
|
||||
xdg-utils,
|
||||
|
||||
# The 1Password polkit file requires a list of users for whom polkit
|
||||
# integrations should be enabled. This should be a list of strings that
|
||||
# correspond to usernames.
|
||||
, polkitPolicyOwners ? []
|
||||
polkitPolicyOwners ? [ ],
|
||||
}:
|
||||
let
|
||||
# Convert the polkitPolicyOwners variable to a polkit-compatible string for the polkit file.
|
||||
policyOwners = lib.concatStringsSep " " (map (user: "unix-user:${user}") polkitPolicyOwners);
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
inherit pname version src meta;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit
|
||||
pname
|
||||
version
|
||||
src
|
||||
meta
|
||||
;
|
||||
|
||||
nativeBuildInputs = [ makeShellWrapper wrapGAppsHook3 ];
|
||||
nativeBuildInputs = [
|
||||
makeShellWrapper
|
||||
wrapGAppsHook3
|
||||
];
|
||||
buildInputs = [ glib ];
|
||||
|
||||
dontConfigure = true;
|
||||
@ -58,37 +68,41 @@ in stdenv.mkDerivation {
|
||||
dontWrapGApps = true;
|
||||
|
||||
installPhase =
|
||||
let rpath = lib.makeLibraryPath [
|
||||
alsa-lib
|
||||
at-spi2-atk
|
||||
at-spi2-core
|
||||
atk
|
||||
cairo
|
||||
cups
|
||||
dbus
|
||||
expat
|
||||
gdk-pixbuf
|
||||
glib
|
||||
gtk3
|
||||
libX11
|
||||
libXcomposite
|
||||
libXdamage
|
||||
libXext
|
||||
libXfixes
|
||||
libXrandr
|
||||
libdrm
|
||||
libxcb
|
||||
libxkbcommon
|
||||
libxshmfence
|
||||
libGL
|
||||
libappindicator-gtk3
|
||||
mesa
|
||||
nspr
|
||||
nss
|
||||
pango
|
||||
systemd
|
||||
] + ":${stdenv.cc.cc.lib}/lib64";
|
||||
in ''
|
||||
let
|
||||
rpath =
|
||||
lib.makeLibraryPath [
|
||||
alsa-lib
|
||||
at-spi2-atk
|
||||
at-spi2-core
|
||||
atk
|
||||
cairo
|
||||
cups
|
||||
dbus
|
||||
expat
|
||||
gdk-pixbuf
|
||||
glib
|
||||
gtk3
|
||||
libX11
|
||||
libXcomposite
|
||||
libXdamage
|
||||
libXext
|
||||
libXfixes
|
||||
libXrandr
|
||||
libdrm
|
||||
libxcb
|
||||
libxkbcommon
|
||||
libxshmfence
|
||||
libGL
|
||||
libappindicator-gtk3
|
||||
mesa
|
||||
nspr
|
||||
nss
|
||||
pango
|
||||
systemd
|
||||
]
|
||||
+ ":${stdenv.cc.cc.lib}/lib64";
|
||||
in
|
||||
''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/1password
|
||||
@ -99,12 +113,13 @@ in stdenv.mkDerivation {
|
||||
substituteInPlace $out/share/applications/${pname}.desktop \
|
||||
--replace 'Exec=/opt/1Password/${pname}' 'Exec=${pname}'
|
||||
|
||||
'' + (lib.optionalString (polkitPolicyOwners != [ ])
|
||||
''
|
||||
''
|
||||
+ (lib.optionalString (polkitPolicyOwners != [ ]) ''
|
||||
# Polkit file
|
||||
mkdir -p $out/share/polkit-1/actions
|
||||
substitute com.1password.1Password.policy.tpl $out/share/polkit-1/actions/com.1password.1Password.policy --replace "\''${POLICY_OWNERS}" "${policyOwners}"
|
||||
'') + ''
|
||||
'')
|
||||
+ ''
|
||||
|
||||
# Icons
|
||||
cp -a resources/icons $out/share
|
||||
|
@ -267,6 +267,31 @@ let
|
||||
commit = "a976cb05b4024b7a6452d1541378d718cdfe33e6";
|
||||
hash = "sha256-K2PSeJAvhGH2/Yp63/4mJ85NyqXqDDkMWY+ptrpgmOI=";
|
||||
})
|
||||
] ++ lib.optionals (versionRange "127" "128") [
|
||||
# Fix missing chrome/browser/ui/webui_name_variants.h dependency
|
||||
# and ninja 1.12 compat in M127.
|
||||
# https://issues.chromium.org/issues/345645751
|
||||
# https://issues.chromium.org/issues/40253918
|
||||
# https://chromium-review.googlesource.com/c/chromium/src/+/5641516
|
||||
(githubPatch {
|
||||
commit = "2c101186b60ed50f2ba4feaa2e963bd841bcca47";
|
||||
hash = "sha256-luu3ggo6XoeeECld1cKZ6Eh8x/qQYmmKI/ThEhuutuY=";
|
||||
})
|
||||
# https://chromium-review.googlesource.com/c/chromium/src/+/5644627
|
||||
(githubPatch {
|
||||
commit = "f2b43c18b8ecfc3ddc49c42c062d796c8b563984";
|
||||
hash = "sha256-uxXxSsiS8R0827Oi3xsG2gtT0X+jJXziwZ1y8+7K+Qg=";
|
||||
})
|
||||
# https://chromium-review.googlesource.com/c/chromium/src/+/5646245
|
||||
(githubPatch {
|
||||
commit = "4ca70656fde83d2db6ed5a8ac9ec9e7443846924";
|
||||
hash = "sha256-iQuRRZjDDtJfr+B7MV+TvUDDX3bvpCnv8OpSLJ1WqCE=";
|
||||
})
|
||||
# https://chromium-review.googlesource.com/c/chromium/src/+/5647662
|
||||
(githubPatch {
|
||||
commit = "50d63ffee3f7f1b1b9303363742ad8ebbfec31fa";
|
||||
hash = "sha256-H+dv+lgXSdry3NkygpbCdTAWWdTVdKdVD3Aa62w091E=";
|
||||
})
|
||||
] ++ [
|
||||
# Required to fix the build with a more recent wayland-protocols version
|
||||
# (we currently package 1.26 in Nixpkgs while Chromium bundles 1.21):
|
||||
@ -365,7 +390,7 @@ let
|
||||
patchShebangs .
|
||||
# Link to our own Node.js and Java (required during the build):
|
||||
mkdir -p third_party/node/linux/node-linux-x64/bin
|
||||
ln -s "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
|
||||
ln -s${lib.optionalString (chromiumVersionAtLeast "127") "f"} "${pkgsBuildHost.nodejs}/bin/node" third_party/node/linux/node-linux-x64/bin/node
|
||||
ln -s "${pkgsBuildHost.jdk17_headless}/bin/java" third_party/jdk/current/bin/
|
||||
|
||||
# Allow building against system libraries in official builds
|
||||
@ -462,6 +487,9 @@ let
|
||||
use_system_libffi = true;
|
||||
# Use nixpkgs Rust compiler instead of the one shipped by Chromium.
|
||||
rust_sysroot_absolute = "${buildPackages.rustc}";
|
||||
} // lib.optionalAttrs (chromiumVersionAtLeast "127") {
|
||||
rust_bindgen_root = "${buildPackages.rust-bindgen}";
|
||||
} // {
|
||||
enable_rust = true;
|
||||
# While we technically don't need the cache-invalidation rustc_version provides, rustc_version
|
||||
# is still used in some scripts (e.g. build/rust/std/find_std_rlibs.py).
|
||||
|
@ -54,8 +54,12 @@ let
|
||||
src = fetchgit {
|
||||
inherit (upstream-info.deps.gn) url rev hash;
|
||||
};
|
||||
} // lib.optionalAttrs (chromiumVersionAtLeast "127") {
|
||||
# Relax hardening as otherwise gn unstable 2024-06-06 and later fail with:
|
||||
# cc1plus: error: '-Wformat-security' ignored without '-Wformat' [-Werror=format-security]
|
||||
hardeningDisable = [ "format" ];
|
||||
});
|
||||
recompressTarball = callPackage ./recompress-tarball.nix { };
|
||||
recompressTarball = callPackage ./recompress-tarball.nix { inherit chromiumVersionAtLeast; };
|
||||
});
|
||||
|
||||
browser = callPackage ./browser.nix {
|
||||
|
@ -1,10 +1,11 @@
|
||||
{ zstd
|
||||
, fetchurl
|
||||
, lib
|
||||
, chromiumVersionAtLeast
|
||||
}:
|
||||
|
||||
{ version
|
||||
, hash ? ""
|
||||
, ...
|
||||
} @ args:
|
||||
|
||||
fetchurl ({
|
||||
@ -35,6 +36,13 @@ fetchurl ({
|
||||
--exclude=third_party/llvm \
|
||||
--exclude=third_party/rust-src \
|
||||
--exclude='build/linux/debian_*-sysroot' \
|
||||
'' + lib.optionalString (chromiumVersionAtLeast "127") ''
|
||||
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9]' \
|
||||
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]' \
|
||||
--exclude=third_party/llvm-build \
|
||||
--exclude=third_party/rust-toolchain \
|
||||
--exclude=third_party/instrumented_libs \
|
||||
'' + ''
|
||||
--strip-components=1
|
||||
|
||||
tar \
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env nix-shell
|
||||
#! nix-shell -i python -p python3 nix nixfmt-classic nix-prefetch-git
|
||||
#! nix-shell -i python -p python3Packages.looseversion nix nixfmt-classic nix-prefetch-git
|
||||
|
||||
"""This script automatically updates chromium, google-chrome, chromedriver, and ungoogled-chromium
|
||||
via upstream-info.nix."""
|
||||
@ -15,7 +15,7 @@ import sys
|
||||
from codecs import iterdecode
|
||||
from collections import OrderedDict
|
||||
from datetime import datetime
|
||||
from distutils.version import LooseVersion
|
||||
from looseversion import LooseVersion
|
||||
from os.path import abspath, dirname
|
||||
from urllib.request import urlopen
|
||||
|
||||
@ -214,7 +214,7 @@ with urlopen(RELEASES_URL) as resp:
|
||||
releases.append(get_latest_ungoogled_chromium_build(linux_stable_versions))
|
||||
|
||||
for release in releases:
|
||||
channel_name = re.findall("chrome\/platforms\/linux\/channels\/(.*)\/versions\/", release['name'])[0]
|
||||
channel_name = re.findall("chrome/platforms/linux/channels/(.*)/versions/", release['name'])[0]
|
||||
|
||||
# If we've already found a newer release for this channel, we're
|
||||
# no longer interested in it.
|
||||
|
@ -1,22 +1,22 @@
|
||||
{
|
||||
stable = {
|
||||
chromedriver = {
|
||||
hash_darwin = "sha256-YdQgrcTgyGtSfT6wBedSfBt40DaK3fG+uvB0yanvROU=";
|
||||
hash_darwin = "sha256-c/lMkOdoW/tX57opl/weJGh/iyUeTTF5Xejs7IpA+Qg=";
|
||||
hash_darwin_aarch64 =
|
||||
"sha256-ht7LoA4ibEcWuXOk+JimCN0sjjPomHBcO8IZFNnMauk=";
|
||||
hash_linux = "sha256-VeCNeBKsKZ2bEM6Z9lJJaBVRjS1pW2gK2DMvmghfNEA=";
|
||||
version = "126.0.6478.182";
|
||||
"sha256-sst73OxUsrs2yWA72qdonARGi/W0FYObNfolidCiXio=";
|
||||
hash_linux = "sha256-p5cQmMdte7TfTPohg+rpIsyyYk1OKSNb0BwaMWmHuCo=";
|
||||
version = "127.0.6533.72";
|
||||
};
|
||||
deps = {
|
||||
gn = {
|
||||
hash = "sha256-mNoQeHSSM+rhR0UHrpbyzLJC9vFqfxK1SD0X8GiRsqw=";
|
||||
rev = "df98b86690c83b81aedc909ded18857296406159";
|
||||
hash = "sha256-vzZu/Mo4/xATSD9KgKcRuBKVg9CoRZC9i0PEajYr4UM=";
|
||||
rev = "b3a0bff47dd81073bfe67a402971bad92e4f2423";
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
version = "2024-05-13";
|
||||
version = "2024-06-06";
|
||||
};
|
||||
};
|
||||
hash = "sha256-vZ7P8+vHTMCo6lXkV84ENqRZVG3/fDEwl+BTNJTGMn4=";
|
||||
version = "126.0.6478.182";
|
||||
hash = "sha256-m99HaGCuIihDdbVnmu6xatnC/QDxgLVby2TWY/L+RHk=";
|
||||
version = "127.0.6533.72";
|
||||
};
|
||||
ungoogled-chromium = {
|
||||
deps = {
|
||||
|
@ -1,55 +1,37 @@
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, nixosTests
|
||||
, stdenv
|
||||
, fetchFromGitea
|
||||
, buildGoModule
|
||||
, nixosTests
|
||||
, sqlite
|
||||
}:
|
||||
|
||||
buildGoModule {
|
||||
buildGoModule rec {
|
||||
pname = "magnetico";
|
||||
version = "unstable-2022-08-10";
|
||||
version = "0.12.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ireun";
|
||||
src = fetchFromGitea {
|
||||
domain = "maxwell.ydns.eu/git";
|
||||
owner = "rnhmjoj";
|
||||
repo = "magnetico";
|
||||
rev = "828e230d3b3c0759d3274e27f5a7b70400f4d6ea";
|
||||
hash = "sha256-V1pBzillWTk9iuHAhFztxYaq4uLL3U3HYvedGk6ffbk=";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-cO5TVtQ1jdW1YkFtj35kmRfJG46/lXjXyz870NCPT0g=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# https://github.com/ireun/magnetico/pull/15
|
||||
(fetchpatch {
|
||||
url = "https://github.com/ireun/magnetico/commit/90db34991aa44af9b79ab4710c638607c6211c1c.patch";
|
||||
hash = "sha256-wC9lVQqfngQ5AaRgb4TtoWSgbQ2iSHeQ2UBDUyWjMK8=";
|
||||
})
|
||||
];
|
||||
|
||||
vendorHash = "sha256-JDrBXjnQAcWp8gKvnm+q1F5oV+FozKUvhHK/Me/Cyj8=";
|
||||
vendorHash = "sha256-jIVMQtPCq9RYaYsH4LSZJFspH6TpCbgzHN0GX8cM/CI=";
|
||||
|
||||
buildInputs = [ sqlite ];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
tags = [ "fts5" "libsqlite3" ];
|
||||
ldflags = [ "-s" "-w" ];
|
||||
|
||||
make magneticow magneticod
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
checkPhase = ''
|
||||
runHook preCheck
|
||||
|
||||
make test
|
||||
|
||||
runHook postCheck
|
||||
'';
|
||||
doCheck = !stdenv.hostPlatform.isStatic;
|
||||
|
||||
passthru.tests = { inherit (nixosTests) magnetico; };
|
||||
|
||||
meta = with lib; {
|
||||
description = "Autonomous (self-hosted) BitTorrent DHT search engine suite";
|
||||
homepage = "https://github.com/ireun/magnetico";
|
||||
homepage = "https://maxwell.ydns.eu/git/rnhmjoj/magnetico";
|
||||
license = licenses.agpl3Only;
|
||||
badPlatforms = platforms.darwin;
|
||||
maintainers = with maintainers; [ rnhmjoj ];
|
||||
|
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
|
||||
baseVersion = "${lib.versions.major version}.${lib.versions.minor version}";
|
||||
in fetchurl {
|
||||
url = "mirror://sourceforge/jmol/Jmol/Version%20${baseVersion}/Jmol%20${version}/Jmol-${version}-binary.tar.gz";
|
||||
hash = "sha256-Lpy5A7TWxSrBeGSsp+HlEXDrbkB840QZlvIeop6YUTw=";
|
||||
hash = "sha256-uOPRdTmEbU376G7a7om5UpBjemkN170PwGCskJY41HE=";
|
||||
};
|
||||
|
||||
patchPhase = ''
|
||||
|
@ -63,13 +63,13 @@ in
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "obs-studio";
|
||||
version = "30.2.0";
|
||||
version = "30.2.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "obsproject";
|
||||
repo = "obs-studio";
|
||||
rev = finalAttrs.version;
|
||||
hash = "sha256-mwh2KLSz+I/8f3i/wST/2vKL/hWTCTaq53sinIEX75M=";
|
||||
hash = "sha256-yMtLN/86+3wuNR+gGhsaxN4oGIC21bAcjbQfyTuXIYc=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -14,13 +14,13 @@
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "budgie-analogue-clock-applet";
|
||||
version = "2.0";
|
||||
version = "2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "samlane-ma";
|
||||
repo = "analogue-clock-applet";
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-yId5bbdmELinBmZ5eISa5hQSYkeZCkix2FJ287GdcCs=";
|
||||
hash = "sha256-NvXX5paRrjeJFqnOeJS9yNp+7cRohsN3+eocLqvcVj8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -0,0 +1,56 @@
|
||||
From 4bf0be64fe51a9c9fd9e410ada15251378b743bf Mon Sep 17 00:00:00 2001
|
||||
From: Dominique Martinet <asmadeus@codewreck.org>
|
||||
Date: Sat, 26 Aug 2023 09:28:59 +0900
|
||||
Subject: [PATCH] env.js: fix httpSafePort handling
|
||||
|
||||
It has been clarified that this is only a dev option that should not be
|
||||
used in production, but setting the value in config was still ignored,
|
||||
so fix the init code to consider the config value and make it clear that
|
||||
this port is not bound if safeOrigin is set.
|
||||
---
|
||||
config/config.example.js | 3 ++-
|
||||
lib/env.js | 5 +++--
|
||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/config/config.example.js b/config/config.example.js
|
||||
index 7c8184c6c2f6..77263643c354 100644
|
||||
--- a/config/config.example.js
|
||||
+++ b/config/config.example.js
|
||||
@@ -89,8 +89,9 @@ module.exports = {
|
||||
|
||||
/* httpSafePort purpose is to emulate another origin for the sandbox when
|
||||
* you don't have two domains at hand (i.e. when httpSafeOrigin not defined).
|
||||
- * It is meant to be used only in case where you are working on a local
|
||||
+ * It is meant to be used only in case where you are working on a local
|
||||
* development instance. The default value is your httpPort + 1.
|
||||
+ * Setting this to 0 or setting httpSafeOrigin disables this listener.
|
||||
*
|
||||
*/
|
||||
//httpSafePort: 3001,
|
||||
diff --git a/lib/env.js b/lib/env.js
|
||||
index d3748750f21e..f0660cba3e11 100644
|
||||
--- a/lib/env.js
|
||||
+++ b/lib/env.js
|
||||
@@ -74,8 +74,9 @@ module.exports.create = function (config) {
|
||||
|
||||
if (typeof(config.httpSafeOrigin) !== 'string') {
|
||||
NO_SANDBOX = true;
|
||||
- if (typeof(config.httpSafePort) !== 'number') { httpSafePort = httpPort + 1; }
|
||||
httpSafeOrigin = deriveSandboxOrigin(httpUnsafeOrigin, httpSafePort);
|
||||
+ // only set if httpSafeOrigin isn't set.
|
||||
+ httpSafePort = isValidPort(config.httpSafePort) ? config.httpSafePort : (httpPort + 1);
|
||||
} else {
|
||||
httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin);
|
||||
}
|
||||
@@ -115,7 +116,7 @@ module.exports.create = function (config) {
|
||||
permittedEmbedders: typeof(permittedEmbedders) === 'string' && permittedEmbedders? permittedEmbedders: httpSafeOrigin,
|
||||
|
||||
removeDonateButton: config.removeDonateButton,
|
||||
- httpPort: isValidPort(config.httpPort)? config.httpPort: 3000,
|
||||
+ httpPort: httpPort,
|
||||
httpAddress: typeof(config.httpAddress) === 'string'? config.httpAddress: 'localhost',
|
||||
websocketPath: config.externalWebsocketURL,
|
||||
logIP: config.logIP,
|
||||
--
|
||||
2.45.2
|
||||
|
135
pkgs/by-name/cr/cryptpad/package.nix
Normal file
135
pkgs/by-name/cr/cryptpad/package.nix
Normal file
@ -0,0 +1,135 @@
|
||||
{
|
||||
buildNpmPackage,
|
||||
fetchFromGitHub,
|
||||
lib,
|
||||
makeBinaryWrapper,
|
||||
nixosTests,
|
||||
nodejs,
|
||||
rdfind,
|
||||
}:
|
||||
|
||||
let
|
||||
version = "2024.6.0";
|
||||
# nix version of install-onlyoffice.sh
|
||||
# a later version could rebuild from sdkjs/web-apps as per
|
||||
# https://github.com/cryptpad/onlyoffice-builds/blob/main/build.sh
|
||||
onlyoffice_build =
|
||||
rev: hash:
|
||||
fetchFromGitHub {
|
||||
inherit rev hash;
|
||||
owner = "cryptpad";
|
||||
repo = "onlyoffice-builds";
|
||||
};
|
||||
onlyoffice_install = oo: ''
|
||||
oo_dir="$out_cryptpad/www/common/onlyoffice/dist/${oo.subdir}"
|
||||
cp -a "${onlyoffice_build oo.rev oo.hash}/." "$oo_dir"
|
||||
chmod -R +w "$oo_dir"
|
||||
echo "${oo.rev}" > "$oo_dir/.commit"
|
||||
'';
|
||||
onlyoffice_versions = [
|
||||
{
|
||||
subdir = "v1";
|
||||
rev = "4f370beb";
|
||||
hash = "sha256-TE/99qOx4wT2s0op9wi+SHwqTPYq/H+a9Uus9Zj4iSY=";
|
||||
}
|
||||
{
|
||||
subdir = "v2b";
|
||||
rev = "d9da72fd";
|
||||
hash = "sha256-SiRDRc2vnLwCVnvtk+C8PKw7IeuSzHBaJmZHogRe3hQ=";
|
||||
}
|
||||
{
|
||||
subdir = "v4";
|
||||
rev = "6ebc6938";
|
||||
hash = "sha256-eto1+8Tk/s3kbUCpbUh8qCS8EOq700FYG1/KiHyynaA=";
|
||||
}
|
||||
{
|
||||
subdir = "v5";
|
||||
rev = "88a356f0";
|
||||
hash = "sha256-8j1rlAyHlKx6oAs2pIhjPKcGhJFj6ZzahOcgenyeOCc=";
|
||||
}
|
||||
{
|
||||
subdir = "v6";
|
||||
rev = "abd8a309";
|
||||
hash = "sha256-BZdExj2q/bqUD3k9uluOot2dlrWKA+vpad49EdgXKww=";
|
||||
}
|
||||
{
|
||||
subdir = "v7";
|
||||
rev = "9d8b914a";
|
||||
hash = "sha256-M+rPJ/Xo2olhqB5ViynGRaesMLLfG/1ltUoLnepMPnM=";
|
||||
}
|
||||
];
|
||||
|
||||
in
|
||||
buildNpmPackage {
|
||||
inherit version;
|
||||
pname = "cryptpad";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cryptpad";
|
||||
repo = "cryptpad";
|
||||
rev = version;
|
||||
hash = "sha256-huIhhnjatkaVfm1zDeqi88EX/nAUBQ0onPNOwn7hrX4=";
|
||||
};
|
||||
|
||||
npmDepsHash = "sha256-Oh1fBvP7OXC+VDiH3D+prHmi8pRrxld06n30sqw5apY=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeBinaryWrapper
|
||||
rdfind
|
||||
];
|
||||
|
||||
patches = [
|
||||
# fix httpSafePort setting
|
||||
# https://github.com/cryptpad/cryptpad/pull/1571
|
||||
./0001-env.js-fix-httpSafePort-handling.patch
|
||||
];
|
||||
|
||||
# cryptpad build tries to write in cache dir
|
||||
makeCacheWritable = true;
|
||||
|
||||
# 'npm build run' (scripts/build.js) generates a customize directory, but:
|
||||
# - that is not installed by npm install
|
||||
# - it embeds values from config into the directory, so needs to be
|
||||
# run before starting the server (it's just a few quick replaces)
|
||||
# Skip it here.
|
||||
dontNpmBuild = true;
|
||||
|
||||
postInstall = ''
|
||||
out_cryptpad="$out/lib/node_modules/cryptpad"
|
||||
|
||||
# 'npm run install:components' (scripts/copy-component.js) copies
|
||||
# required node modules to www/component in the build tree...
|
||||
# Move to install directory manually.
|
||||
npm run install:components
|
||||
mv www/components "$out_cryptpad/www/"
|
||||
|
||||
# install OnlyOffice (install-onlyoffice.sh without network)
|
||||
mkdir -p "$out_cryptpad/www/common/onlyoffice/dist"
|
||||
${lib.concatMapStringsSep "\n" onlyoffice_install onlyoffice_versions}
|
||||
rdfind -makehardlinks true -makeresultsfile false "$out_cryptpad/www/common/onlyoffice/dist"
|
||||
|
||||
# cryptpad assumes it runs in the source directory and also outputs
|
||||
# its state files there, which is not exactly great for us.
|
||||
# There are relative paths everywhere so just substituing source paths
|
||||
# is difficult and will likely break on a future update, instead we
|
||||
# make links to the required source directories before running.
|
||||
# The build.js step populates 'customize' from customize.dist and config;
|
||||
# one would normally want to re-run it after modifying config but since it
|
||||
# would overwrite user modifications only run it if there is no customize
|
||||
# directory.
|
||||
makeWrapper "${lib.getExe nodejs}" "$out/bin/cryptpad" \
|
||||
--add-flags "$out_cryptpad/server.js" \
|
||||
--run "for d in customize.dist lib www; do ln -sf \"$out_cryptpad/\$d\" .; done" \
|
||||
--run "if ! [ -d customize ]; then \"${lib.getExe nodejs}\" \"$out_cryptpad/scripts/build.js\"; fi"
|
||||
'';
|
||||
|
||||
passthru.tests.cryptpad = nixosTests.cryptpad;
|
||||
|
||||
meta = {
|
||||
description = "Collaborative office suite, end-to-end encrypted and open-source.";
|
||||
homepage = "https://cryptpad.org/";
|
||||
license = lib.licenses.agpl3Plus;
|
||||
mainProgram = "cryptpad";
|
||||
maintainers = with lib.maintainers; [ martinetd ];
|
||||
};
|
||||
}
|
@ -71,6 +71,9 @@ rustPlatform.buildRustPackage rec {
|
||||
cp -r server/web_ui/pkg $out/ui
|
||||
'';
|
||||
|
||||
# Otherwise build breaks on some unused code
|
||||
env.RUSTFLAGS = "-A dead_code";
|
||||
|
||||
# Not sure what pathological case it hits when compiling tests with LTO,
|
||||
# but disabling it takes the total `cargo check` time from 40 minutes to
|
||||
# around 5 on a 16-core machine.
|
||||
|
@ -30,9 +30,7 @@ buildGoModule rec {
|
||||
"-X=kcl-lang.io/cli/pkg/version.version=v${version}"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper installShellFiles ] ++ (
|
||||
lib.optionals stdenv.isDarwin [ darwin.cctools ]
|
||||
);
|
||||
nativeBuildInputs = [ makeWrapper installShellFiles ];
|
||||
|
||||
buildInputs = [ kclvm kclvm_cli ] ++ (
|
||||
lib.optional stdenv.isDarwin [
|
||||
|
@ -29,7 +29,6 @@ rustPlatform.buildRustPackage rec {
|
||||
};
|
||||
|
||||
buildInputs = [ rustc ] ++ lib.optionals stdenv.isDarwin [
|
||||
darwin.cctools
|
||||
darwin.apple_sdk.frameworks.Security
|
||||
darwin.apple_sdk.frameworks.CoreServices
|
||||
darwin.apple_sdk.frameworks.SystemConfiguration
|
||||
|
@ -24,7 +24,6 @@ rustPlatform.buildRustPackage rec {
|
||||
|
||||
buildInputs = [ kclvm rustc ] ++ (
|
||||
lib.optionals stdenv.isDarwin [
|
||||
darwin.cctools
|
||||
darwin.apple_sdk.frameworks.Security
|
||||
darwin.apple_sdk.frameworks.CoreServices
|
||||
darwin.apple_sdk.frameworks.SystemConfiguration
|
||||
|
@ -12,6 +12,7 @@
|
||||
, librevenge
|
||||
, libxml2
|
||||
, mdds
|
||||
, zlib
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -39,6 +40,7 @@ stdenv.mkDerivation rec {
|
||||
librevenge
|
||||
libxml2
|
||||
mdds
|
||||
zlib
|
||||
];
|
||||
|
||||
configureFlags = ["--with-mdds=2.1"];
|
||||
|
@ -40,13 +40,13 @@ assert builtins.elem acceleration [
|
||||
let
|
||||
pname = "ollama";
|
||||
# don't forget to invalidate all hashes each update
|
||||
version = "0.2.8";
|
||||
version = "0.3.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ollama";
|
||||
repo = "ollama";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-uir/GoFs0nhhHpznyYkwVjAUWxwjWmGZ7liU2htyQ04=";
|
||||
hash = "sha256-69CpRAggx6a1NJq+CA9QliXuUbDgC1ERRuA3y17KVAM=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
78
pkgs/by-name/sc/screego/package.nix
Normal file
78
pkgs/by-name/sc/screego/package.nix
Normal file
@ -0,0 +1,78 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
fetchYarnDeps,
|
||||
yarnConfigHook,
|
||||
yarnBuildHook,
|
||||
nodejs,
|
||||
stdenv,
|
||||
}:
|
||||
let
|
||||
|
||||
version = "1.10.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "screego";
|
||||
repo = "server";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-X8KZAUh1cO8qNYH6nc9zZ+mnfItgef8N948ErJLlZII=";
|
||||
};
|
||||
|
||||
ui = stdenv.mkDerivation {
|
||||
pname = "screego-ui";
|
||||
inherit version;
|
||||
|
||||
src = src + "/ui";
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = "${src}/ui/yarn.lock";
|
||||
hash = "sha256-ye8UDkal10k/5uCd0VrZsG2FJGB727q+luExFTUmB/M=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
yarnConfigHook
|
||||
yarnBuildHook
|
||||
nodejs
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
cp -r build $out
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
buildGoModule rec {
|
||||
inherit src version;
|
||||
|
||||
pname = "screego-server";
|
||||
|
||||
vendorHash = "sha256-ry8LO+KmNU9MKL8/buk9qriDe/zq+2uIsws6wVZmoo4=";
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X=main.version=${version}"
|
||||
"-X=main.commitHash=${src.rev}"
|
||||
"-X=main.mode=prod"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
mkdir -p ./ui/build
|
||||
cp -r "${ui}" ./ui/build
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
mv $out/bin/server $out/bin/screego
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Screen sharing for developers";
|
||||
homepage = "https://screego.net";
|
||||
license = licenses.gpl3Only;
|
||||
maintainers = with maintainers; [ pinpox ];
|
||||
mainProgram = "screego";
|
||||
};
|
||||
}
|
@ -8,16 +8,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "stackql";
|
||||
version = "0.5.665";
|
||||
version = "0.5.699";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "stackql";
|
||||
repo = "stackql";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-oX1WB6XkjEPzbj3qqXoD8urp827LAU7Cc7lLcpTTZJE=";
|
||||
hash = "sha256-nObrqCStZI80pgzZOvumgK5Osycf5Uj5ESETpWkqBx0=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-JCWXs3tfTG+aj4hG0eFhl52FmNFvPiBuWpQG2RC6FTM=";
|
||||
vendorHash = "sha256-dFrJS7qd5N2Vmm6GOhRcCltbvUh0aTJTfqnxRHMmMJo=";
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
|
@ -173,6 +173,14 @@ let
|
||||
export HOME=$TMPDIR
|
||||
'';
|
||||
|
||||
# Work around useSystemCoreFoundationFramework hook causing issues with the ld64 upgrade.
|
||||
# This will be fixed on staging in https://github.com/NixOS/nixpkgs/pull/329529
|
||||
preBuild =
|
||||
if lib.versionAtLeast ver.majMin "3.3" && stdenv.isDarwin && stdenv.isx86_64 then
|
||||
"unset NIX_COREFOUNDATION_RPATH"
|
||||
else
|
||||
null;
|
||||
|
||||
# fails with "16993 tests, 2229489 assertions, 105 failures, 14 errors, 89 skips"
|
||||
# mostly TZ- and patch-related tests
|
||||
# TZ- failures are caused by nix sandboxing, I didn't investigate others
|
||||
|
@ -24,9 +24,13 @@ stdenv.mkDerivation {
|
||||
|
||||
dontWrapQtApps = true;
|
||||
|
||||
# AppStreamQt tries to be relocatable, in hacky cmake ways that generally fail
|
||||
# horribly on NixOS. Just hardcode the paths.
|
||||
postFixup = ''
|
||||
sed -i "$dev/lib/cmake/AppStreamQt${qtSuffix}/AppStreamQt${qtSuffix}Config.cmake" \
|
||||
-e "/INTERFACE_INCLUDE_DIRECTORIES/ s@\''${PACKAGE_PREFIX_DIR}@$dev@"
|
||||
sed -i "$dev/lib/cmake/AppStreamQt${qtSuffix}/AppStreamQt${qtSuffix}Config.cmake" \
|
||||
-e "/IMPORTED_LOCATION/ s@\''${PACKAGE_PREFIX_DIR}@$out@"
|
||||
'';
|
||||
|
||||
passthru = appstream.passthru // {
|
||||
|
@ -7,13 +7,13 @@
|
||||
(php.withExtensions ({ enabled, all }: enabled ++ (with all; [ ast ]))).buildComposerProject
|
||||
(finalAttrs: {
|
||||
pname = "phan";
|
||||
version = "5.4.3";
|
||||
version = "5.4.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "phan";
|
||||
repo = "phan";
|
||||
rev = finalAttrs.version;
|
||||
hash = "sha256-O0dtnDsz6X99B99VbRQf3Wr/xJfsJqd+2l5Z5iWxHyU=";
|
||||
hash = "sha256-9kHTDuCvh0qV6Av6uLD0t4vJO5XLL9dgRAgaREsV7zM=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-yE85MBseJa0VGV5EbjT0te4QT3697YvtumGkMMfZtxI=";
|
||||
|
@ -14,7 +14,7 @@
|
||||
}:
|
||||
buildPythonPackage rec {
|
||||
pname = "mkdocs-awesome-pages-plugin";
|
||||
version = "2.9.2";
|
||||
version = "2.9.3";
|
||||
pyproject = true;
|
||||
|
||||
disabled = pythonOlder "3.9";
|
||||
@ -23,7 +23,7 @@ buildPythonPackage rec {
|
||||
owner = "lukasgeiter";
|
||||
repo = "mkdocs-awesome-pages-plugin";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-pYyZ84eNrslxgLSBr3teQqmV7hA+LHwJ+Z99QgPdh6U=";
|
||||
hash = "sha256-jDPoMAJ20n9bQu11CRNvKLQthRUh3+jR6t+fM3+vGzY=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
@ -41,11 +41,6 @@ buildPythonPackage rec {
|
||||
importlib-metadata
|
||||
];
|
||||
|
||||
disabledTestPaths = [
|
||||
# requires "generatedfiles" mkdocs plugin
|
||||
"mkdocs_awesome_pages_plugin/tests/e2e/test_gen_files.py"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "An MkDocs plugin that simplifies configuring page titles and their order";
|
||||
homepage = "https://github.com/lukasgeiter/mkdocs-awesome-pages-plugin";
|
||||
|
@ -30,11 +30,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "qtcreator";
|
||||
version = "13.0.2";
|
||||
version = "14.0.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.qt.io/official_releases/${pname}/${lib.versions.majorMinor version}/${version}/qt-creator-opensource-src-${version}.tar.xz";
|
||||
hash = "sha256-wSXMVSJhnH+PwoBadQq5bLu1al/fw4i2yxWrda9+wM4=";
|
||||
hash = "sha256-8v3P+cuO1/1csfx3k1LHp6lCkieIygAN6F2229eo1FQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -4,6 +4,9 @@
|
||||
libheif,
|
||||
libjxl,
|
||||
libavif,
|
||||
dav1d,
|
||||
libaom,
|
||||
libyuv,
|
||||
libraw,
|
||||
openexr_3,
|
||||
}:
|
||||
@ -12,5 +15,5 @@ mkKdeDerivation {
|
||||
|
||||
extraCmakeFlags = ["-DKIMAGEFORMATS_HEIF=1"];
|
||||
extraNativeBuildInputs = [pkg-config];
|
||||
extraBuildInputs = [libheif libjxl libavif libraw openexr_3];
|
||||
extraBuildInputs = [libheif libjxl libavif dav1d libaom libyuv libraw openexr_3];
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
{ stdenv, lib, fetchurl, makeWrapper, unzip, python3, unar, ffmpeg, nixosTests }:
|
||||
{ stdenv, lib, fetchurl, makeWrapper, unzip, python3, libarchive, ffmpeg, nixosTests }:
|
||||
|
||||
let
|
||||
runtimeProgDeps = [
|
||||
ffmpeg
|
||||
unar
|
||||
libarchive
|
||||
];
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
|
Loading…
Reference in New Issue
Block a user