dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
github-actions[bot] 2024-05-22 18:01:30 +00:00 committed by GitHub
commit dfe5aa3439
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
47 changed files with 754 additions and 561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -24,7 +24,7 @@ For new packages please briefly describe the package or provide a link to its ho
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [24.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) (or backporting [23.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2305.section.md) and [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) Release notes)
- [24.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) (or backporting [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) and [24.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) Release notes)
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
- [ ] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module

4
.github/workflows/periodic-merge-24h.yml vendored
View File

@ -39,6 +39,10 @@ jobs:
into: staging-next-23.11
- from: staging-next-23.11
into: staging-23.11
- from: release-24.05
into: staging-next-24.05
- from: staging-next-24.05
into: staging-24.05
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

2
CONTRIBUTING.md
View File

@ -359,7 +359,7 @@ See [Nix Channel Status](https://status.nixos.org/) for the current channels and
Here's a brief overview of the main Git branches and what channels they're used for:
- `master`: The main branch, used for the unstable channels such as `nixpkgs-unstable`, `nixos-unstable` and `nixos-unstable-small`.
- `release-YY.MM` (e.g. `release-23.11`): The NixOS release branches, used for the stable channels such as `nixos-23.11`, `nixos-23.11-small` and `nixpkgs-23.11-darwin`.
- `release-YY.MM` (e.g. `release-24.05`): The NixOS release branches, used for the stable channels such as `nixos-24.05`, `nixos-24.05-small` and `nixpkgs-24.05-darwin`.
When a channel is updated, a corresponding Git branch is also updated to point to the corresponding commit.
So e.g. the [`nixpkgs-unstable` branch](https://github.com/nixos/nixpkgs/tree/nixpkgs-unstable) corresponds to the Git commit from the [`nixpkgs-unstable` channel](https://channels.nixos.org/nixpkgs-unstable).

2
lib/.version
View File

@ -1 +1 @@
24.05
24.11

8
lib/meta.nix
View File

@ -26,8 +26,12 @@ rec {
dontDistribute = drv: addMetaAttrs { hydraPlatforms = []; } drv;
/* Change the symbolic name of a package for presentation purposes
(i.e., so that nix-env users can tell them apart).
/*
Change the [symbolic name of a derivation](https://nixos.org/manual/nix/stable/language/derivations.html#attr-name).
:::{.warning}
Dependent derivations will be rebuilt when the symbolic name is changed.
:::
*/
setName = name: drv: drv // {inherit name;};

2
lib/trivial.nix
View File

@ -403,7 +403,7 @@ in {
On each release the first letter is bumped and a new animal is chosen
starting with that new letter.
*/
codeName = "Uakari";
codeName = "Vicuña";
/**
Returns the current nixpkgs version suffix as string.

1
nixos/doc/manual/release-notes/release-notes.md
View File

@ -3,6 +3,7 @@
This section lists the release notes for each stable version of NixOS and current unstable revision.
```{=include=} sections
rl-2411.section.md
rl-2405.section.md
rl-2311.section.md
rl-2305.section.md

71
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -6,11 +6,11 @@ Support is planned until the end of December 2024, handing over to 24.11.
In addition to numerous new and upgraded packages, this release has the following highlights:
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
<!-- Please keep entries alphabetically sorted. -->
- The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available.
- For each supporting version of the Linux kernel firmware blobs
- For each supporting version of the Linux kernel, firmware blobs
are compressed with zstd. For firmware blobs this means an increase of 4.4% in size, however
a significantly higher decompression speed.
@ -53,7 +53,7 @@ In addition to numerous new and upgraded packages, this release has the followin
## New Services {#sec-release-24.05-new-services}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
<!-- Please keep entries alphabetically sorted. -->
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software.
@ -75,7 +75,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
- [CommaFeed](https://github.com/Athou/commafeed), a Google Reader inspired self-hosted RSS reader. Available as [services.commafeed](#opt-services.commafeed.enable).
- [CommaFeed](https://github.com/Athou/commafeed), a Google Reader-inspired self-hosted RSS reader. Available as [services.commafeed](#opt-services.commafeed.enable).
- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](#opt-services.davis.enable).
@ -85,6 +85,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [FCast Receiver](https://fcast.org), an open-source alternative to Chromecast and AirPlay. Available as [programs.fcast-receiver](#opt-programs.fcast-receiver.enable).
- [FileSender](https://filesender.org/), a file sharing software. Available as [services.filesender](#opt-services.filesender.enable).
- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable).
- [Flarum](https://flarum.org/), a delightfully simple discussion platform for your website. Available as [services.flarum](#opt-services.flarum.enable).
@ -187,6 +189,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable).
- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
- [Workout-tracker](https://github.com/jovandeginste/workout-tracker), a workout tracking web application for personal use.
- [wyoming-satellite](https://github.com/rhasspy/wyoming-satellite), a voice assistant satellite for Home Assistant using the Wyoming protocol. Available as [services.wyoming.satellite](#opt-services.wyoming.satellite.enable).
@ -197,8 +201,6 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable)
- [FileSender](https://filesender.org/), a file sharing software. Available as [services.filesender](#opt-services.filesender.enable).
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -223,10 +225,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `buildGoModule` now throws an error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
- `chromium` and `ungoogled-chromium` had a long standing issue regarding Widevine DRM handling in nixpkgs fixed.
- `chromium` and `ungoogled-chromium` had a long-standing issue regarding Widevine DRM handling in nixpkgs fixed.
`chromium` now no longer automatically downloads Widevine when encountering DRM protected content.
To be able to play DRM protected content in `chromium` now, you have to explicitly opt-in as originally intended using `chromium.override { enableWideVine = true; }`.
This override has been added almost 10 years ago.
This override was added almost 10 years ago.
- `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8).
- Files are now handled in binary mode; this could break programs with embedded UTF-8 characters.
@ -248,16 +250,16 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `cudaPackages.cudatoolkit` has been deprecated and replaced with a
symlink-based wrapper for the splayed redistributable CUDA packages. The
wrapper only includes tools and libraries necessary to build common packages
like e.g. tensorflow. The original runfile-based `cudatoolkit` is still
such as tensorflow. The original runfile-based `cudatoolkit` is still
available as `cudatoolkit-legacy-runfile`.
- `cudaPackages.nsight_systems` now has most vendored third party libraries removed, though we now only ship it for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`.
- `cudaPackages.nsight_systems` now has most vendored third party-libraries removed, though we now only ship it for `cudaPackages_11_8` and later, due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`.
- `cudaPackages.autoFixElfFiles` has been deprecated for `pkgs.autoFixElfFiles`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope.
- `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the free-form type option named `services.davfs2.settings` according to RFC42.
- `davfs2`'s `services.davfs2.extraConfig` setting has been deprecated and converted to the free-form type option named `services.davfs2.settings` according to RFC42.
- `dwarf-fortress` has been updated to version 50, and its derivations continue to menace with spikes of Nix and bash. Version 50 is identical to the version on Steam, but without the paid elements like tilepacks.
- `dwarf-fortress` has been updated to version 50, and its derivations continue to menace with spikes of Nix and bash [TODO what does this mean?]. Version 50 is identical to the version on Steam, but without the paid elements like tilepacks.
dfhack and Dwarf Therapist still work, and older versions are still packaged in case you'd like to roll back. Note that DF 50 saves will not be compatible with DF 0.47 and earlier.
See [Bay 12 Games](http://www.bay12games.com/dwarves/) for more details on what's new in Dwarf Fortress.
@ -334,12 +336,12 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `livebook` package is now built as a `mix release` instead of an `escript`.
This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments.
This has the further implication that the `livebook` service configuration has changed:
This has the further implication that the `livebook` service configuration has changed.
- `lua` interpreters default LUA_PATH and LUA_CPATH are not overriden by nixpkgs
anymore, we patch LUA_ROOT instead which is more respectful to upstream.
- `luarocks-packages-updater` has changed the .csv format used to define lua packages updates: `src` (URL towards a git repository) has now become `rockspec` (URL towards a rockspec) to remove ambiguity regarding which rockspec to use and simplify implementation.
- `luarocks-packages-updater`'s .csv format used to define lua packages to be updated, has changed: `src` (URL of a git repository) has now become `rockspec` (URL of a rockspec) to remove ambiguity regarding which rockspec to use and simplify implementation.
- `mkosi` was updated to v22. Parts of the user interface have changed. Consult the
release notes of [v19](https://github.com/systemd/mkosi/releases/tag/v19),
@ -388,7 +390,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nomad_1_4` has been removed, as it is now unsupported upstream.
- `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}`.
- `nvtop` family of packages was reorganized into a nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are renamed to `nvtopPackages.{amd,nvidia,intel,msm}`.
- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading
to another signature algorithm. However, for the time being it is possible to restore DSA key support using `override` to set `dsaKeysSupport = true`.
@ -444,12 +446,12 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
where the file `secret_file` contains the string `mysecret`.
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
- `services.avahi.nssmdns` was split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switches for IPv4 and IPv6 respectively.
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
- `services.frp.settings` now generates the frp configuration file in TOML format as [recommended by upstream](https://github.com/fatedier/frp#configuration-files), instead of the legacy INI format. This has also introduced other changes in the configuration file structure and options.
- The `settings.common` section in the configuration is no longer valid and all the options form inside it now goes directly under `settings`.
- The `_` separating words in the configuration options is removed so the options are now in camel case. For example: `server_addr` becomes `serverAddr`, `server_port` becomes `serverPort` etc.
- `services.frp.settings` now generates the frp configuration file in TOML format as [recommended by upstream](https://github.com/fatedier/frp#configuration-files), instead of the legacy INI format. This has also introduced other changes in the configuration file structure and options:
- The `settings.common` section in the configuration is no longer valid and all the options form inside it now go directly under `settings`.
- Configuration option names have been changed from snake_case to camelCase. For example: `server_addr` becomes `serverAddr`, `server_port` becomes `serverPort` etc.
- Proxies are now defined with a new option `settings.proxies` which takes a list of proxies.
- Consult the [upstream documentation](https://github.com/fatedier/frp#example-usage) for more details on the changes.
@ -505,11 +507,16 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `services.redis.vmOverCommit` now defaults to `true` and no longer enforces Transparent Hugepages (THP) to be disabled. Redis only works with THP configured to `madvise` which is the kernel's default.
- `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.
- `services.resolved.fallbackDns`
- can now be used to disable the upstream fallback servers entirely by setting it to `[]`
- to get previous behaviour of upstream defaults, set it to `null`
- default value has changed from `[]` to `null`, in order to preserve default behaviour
can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead.
- `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed.
- `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service.
- `services.vikunja.setupNginx` setting has been removed. Users now need to set up the webserver configuration on their own with a proxy pass to the vikunja service.
- `services.vmagent` module deprecates `dataDir`, `group` and `user` setting in favor of systemd provided CacheDirectory and DynamicUser.
@ -526,14 +533,14 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `system.forbiddenDependenciesRegex` has been renamed to `system.forbiddenDependenciesRegexes` and now has the type of `listOf string` instead of `string` to accept multiple regexes.
- `systemd.oomd` module behavior is changed as:
- `systemd.oomd` module behavior has changed:
- Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358).
Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6).
- Remove swap policy. This helps prevent killing processes when user's swap is small.
- Expand the memory pressure policy to system.slice, user-.slice, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb).
- Expand the memory pressure policy to `system.slice`, `user-.slice`, and all user owned slices. Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/7665e1796f915dedbf8e014f0a78f4f576d609bb).
- `systemd.oomd.enableUserServices` is renamed to `systemd.oomd.enableUserSlices`.
@ -552,8 +559,6 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `virtialisation.incus` now defaults to the newly-added `incus-lts` release (v6.0.x). Users who wish to continue using the non-LTS release will need to set `virtualisation.incus.package = pkgs.incus`. Stable release users are encouraged to stay on the LTS release as non-LTS releases will by default not be backported.
- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
- `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200).
- `wpaperd` has been updated to 1.0.1, which has a breaking change: previous version 0.3.0 had 2 different configuration files, one for wpaperd and one for the wallpapers. Remove the former and move the latter (`wallpaper.toml`) to `config.toml`.
@ -583,7 +588,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
allows to restart multiple services that are ordered before sysinit.target
and respect the ordering between the services.
- The configuration format for `services.prometheus.exporters.snmp` changed with release 0.23.0.
- `services.prometheus.exporters.snmp`'s configuration format changed with release 0.23.0.
The module now includes an optional config check, that is enabled by default, to make the change obvious before any deployment.
More information about the configuration syntax change is available in the [upstream repository](https://github.com/prometheus/snmp_exporter/blob/b75fc6b839ee3f3ccbee68bee55f1ae99555084a/auth-split-migration.md).
@ -593,7 +598,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration.
- `appimage`, `appimageTools.wrapAppImage` and `buildFHSEnvBubblewrap` now properly accepts `pname` and `version`.
- `appimage`, `appimageTools.wrapAppImage` and `buildFHSEnvBubblewrap` now properly accept `pname` and `version`.
- `bacula` now allows to configure `TLS` for encrypted communication.
@ -608,11 +613,11 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `buildDubPackage` can now be used to build Programs written in [D](https://dlang.org/) using the `dub` build system and package manager.
See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information.
- `castopod` has some migration actions to be taken in case of a S3 setup. Some new features may also need some manual migration actions. See [https://code.castopod.org/adaures/castopod/-/releases](https://code.castopod.org/adaures/castopod/-/releases) for more informations.
- `castopod` has some migration actions to be taken in case of a S3 setup. Some new features may also need some manual migration actions. See [https://code.castopod.org/adaures/castopod/-/releases](https://code.castopod.org/adaures/castopod/-/releases) for more information.
- `cinnamon` has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions.
- `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages.
- `documentation.man.mandoc` now uses `MANPATH` by defaultwas to set the directories where mandoc will search for manual pages.
This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead.
- `drbd` out-of-tree Linux kernel driver has been added in version 9.2.7. With it the DRBD 9.x features can be used instead of the 8.x features provided by the 8.4.11 in-tree driver.
@ -663,7 +668,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `services.github-runner` module has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.
- `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string.
- `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and changed to use the ini type instead of using a multiline string.
- `services.nextcloud.config.dbport` option of the Nextcloud module was removed to match upstream.
The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost).
@ -691,7 +696,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
- `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list.
- `services.postgresql.extraPlugins`' type has expanded. Previously it was a list of packages, now it can also be a function that returns such a list.
For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``;
- `services.slskd` has been refactored to include more configuation options in
@ -741,8 +746,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi
- A new hardening flag, `trivialautovarinit` was made available, corresponding to the gcc/clang option `-ftrivial-auto-var-init=pattern`.
- New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime.
- `dnsdist` has new options to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
The module can generate the DNSCrypt provider key pair and certificates, and also rotates them automatically with no downtime.
- The kernel Yama LSM is now enabled by default, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an

21
nixos/doc/manual/release-notes/rl-2411.section.md Normal file
View File

@ -0,0 +1,21 @@
# Release 24.11 (“Vicuña”, 2024.11/??) {#sec-release-24.11}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Highlights {#sec-release-24.11-highlights}
- Create the first release note entry in this section!
## New Services {#sec-release-24.11-new-services}
- Create the first release note entry in this section!
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
- Create the first release note entry in this section!
## Other Notable Changes {#sec-release-24.11-notable-changes}
- Create the first release note entry in this section!
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

839
nixos/modules/hardware/video/nvidia.nix
View File

@ -3,12 +3,10 @@
lib,
pkgs,
...
}: let
}:
let
nvidiaEnabled = (lib.elem "nvidia" config.services.xserver.videoDrivers);
nvidia_x11 =
if nvidiaEnabled || cfg.datacenter.enable
then cfg.package
else null;
nvidia_x11 = if nvidiaEnabled || cfg.datacenter.enable then cfg.package else null;
cfg = config.hardware.nvidia;
@ -19,8 +17,9 @@
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
busIDType = lib.types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
ibtSupport = cfg.open || (nvidia_x11.ibtSupport or false);
settingsFormat = pkgs.formats.keyValue {};
in {
settingsFormat = pkgs.formats.keyValue { };
in
{
options = {
hardware.nvidia = {
datacenter.enable = lib.mkEnableOption ''
@ -29,50 +28,50 @@ in {
datacenter.settings = lib.mkOption {
type = settingsFormat.type;
default = {
LOG_LEVEL=4;
LOG_FILE_NAME="/var/log/fabricmanager.log";
LOG_APPEND_TO_LOG=1;
LOG_FILE_MAX_SIZE=1024;
LOG_USE_SYSLOG=0;
DAEMONIZE=1;
BIND_INTERFACE_IP="127.0.0.1";
STARTING_TCP_PORT=16000;
FABRIC_MODE=0;
FABRIC_MODE_RESTART=0;
STATE_FILE_NAME="/var/tmp/fabricmanager.state";
FM_CMD_BIND_INTERFACE="127.0.0.1";
FM_CMD_PORT_NUMBER=6666;
FM_STAY_RESIDENT_ON_FAILURES=0;
ACCESS_LINK_FAILURE_MODE=0;
TRUNK_LINK_FAILURE_MODE=0;
NVSWITCH_FAILURE_MODE=0;
ABORT_CUDA_JOBS_ON_FM_EXIT=1;
TOPOLOGY_FILE_PATH="${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH="${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
LOG_LEVEL = 4;
LOG_FILE_NAME = "/var/log/fabricmanager.log";
LOG_APPEND_TO_LOG = 1;
LOG_FILE_MAX_SIZE = 1024;
LOG_USE_SYSLOG = 0;
DAEMONIZE = 1;
BIND_INTERFACE_IP = "127.0.0.1";
STARTING_TCP_PORT = 16000;
FABRIC_MODE = 0;
FABRIC_MODE_RESTART = 0;
STATE_FILE_NAME = "/var/tmp/fabricmanager.state";
FM_CMD_BIND_INTERFACE = "127.0.0.1";
FM_CMD_PORT_NUMBER = 6666;
FM_STAY_RESIDENT_ON_FAILURES = 0;
ACCESS_LINK_FAILURE_MODE = 0;
TRUNK_LINK_FAILURE_MODE = 0;
NVSWITCH_FAILURE_MODE = 0;
ABORT_CUDA_JOBS_ON_FM_EXIT = 1;
TOPOLOGY_FILE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH = "${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
};
defaultText = lib.literalExpression ''
{
LOG_LEVEL=4;
LOG_FILE_NAME="/var/log/fabricmanager.log";
LOG_APPEND_TO_LOG=1;
LOG_FILE_MAX_SIZE=1024;
LOG_USE_SYSLOG=0;
DAEMONIZE=1;
BIND_INTERFACE_IP="127.0.0.1";
STARTING_TCP_PORT=16000;
FABRIC_MODE=0;
FABRIC_MODE_RESTART=0;
STATE_FILE_NAME="/var/tmp/fabricmanager.state";
FM_CMD_BIND_INTERFACE="127.0.0.1";
FM_CMD_PORT_NUMBER=6666;
FM_STAY_RESIDENT_ON_FAILURES=0;
ACCESS_LINK_FAILURE_MODE=0;
TRUNK_LINK_FAILURE_MODE=0;
NVSWITCH_FAILURE_MODE=0;
ABORT_CUDA_JOBS_ON_FM_EXIT=1;
TOPOLOGY_FILE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
}
{
LOG_LEVEL=4;
LOG_FILE_NAME="/var/log/fabricmanager.log";
LOG_APPEND_TO_LOG=1;
LOG_FILE_MAX_SIZE=1024;
LOG_USE_SYSLOG=0;
DAEMONIZE=1;
BIND_INTERFACE_IP="127.0.0.1";
STARTING_TCP_PORT=16000;
FABRIC_MODE=0;
FABRIC_MODE_RESTART=0;
STATE_FILE_NAME="/var/tmp/fabricmanager.state";
FM_CMD_BIND_INTERFACE="127.0.0.1";
FM_CMD_PORT_NUMBER=6666;
FM_STAY_RESIDENT_ON_FAILURES=0;
ACCESS_LINK_FAILURE_MODE=0;
TRUNK_LINK_FAILURE_MODE=0;
NVSWITCH_FAILURE_MODE=0;
ABORT_CUDA_JOBS_ON_FM_EXIT=1;
TOPOLOGY_FILE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
DATABASE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
}
'';
description = ''
Additional configuration options for fabricmanager.
@ -211,7 +210,9 @@ in {
(lib.mkEnableOption ''
nvidia-settings, NVIDIA's GUI configuration tool
'')
// {default = true;};
// {
default = true;
};
nvidiaPersistenced = lib.mkEnableOption ''
nvidia-persistenced a update for NVIDIA GPU headless mode, i.e.
@ -226,7 +227,8 @@ in {
'';
package = lib.mkOption {
default = config.boot.kernelPackages.nvidiaPackages."${if cfg.datacenter.enable then "dc" else "stable"}";
default =
config.boot.kernelPackages.nvidiaPackages."${if cfg.datacenter.enable then "dc" else "stable"}";
defaultText = lib.literalExpression ''
config.boot.kernelPackages.nvidiaPackages."\$\{if cfg.datacenter.enable then "dc" else "stable"}"
'';
@ -242,403 +244,404 @@ in {
};
};
config = let
igpuDriver =
if pCfg.intelBusId != ""
then "modesetting"
else "amdgpu";
igpuBusId =
if pCfg.intelBusId != ""
then pCfg.intelBusId
else pCfg.amdgpuBusId;
in
lib.mkIf (nvidia_x11 != null) (lib.mkMerge [
# Common
({
assertions = [
{
assertion = !(nvidiaEnabled && cfg.datacenter.enable);
message = "You cannot configure both X11 and Data Center drivers at the same time.";
}
];
boot = {
blacklistedKernelModules = ["nouveau" "nvidiafb"];
# Don't add `nvidia-uvm` to `kernelModules`, because we want
# `nvidia-uvm` be loaded only after `udev` rules for `nvidia` kernel
# module are applied.
#
# Instead, we use `softdep` to lazily load `nvidia-uvm` kernel module
# after `nvidia` kernel module is loaded and `udev` rules are applied.
extraModprobeConfig = ''
softdep nvidia post: nvidia-uvm
'';
};
systemd.tmpfiles.rules =
lib.optional config.virtualisation.docker.enableNvidia
"L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin";
services.udev.extraRules =
''
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c 195 255'"
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'for i in $$(cat /proc/driver/nvidia/gpus/*/information | grep Minor | cut -d \ -f 4); do mknod -m 666 /dev/nvidia$${i} c 195 $${i}; done'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c 195 254'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
'';
hardware.opengl = {
extraPackages = [
nvidia_x11.out
config =
let
igpuDriver = if pCfg.intelBusId != "" then "modesetting" else "amdgpu";
igpuBusId = if pCfg.intelBusId != "" then pCfg.intelBusId else pCfg.amdgpuBusId;
in
lib.mkIf (nvidia_x11 != null) (
lib.mkMerge [
# Common
({
assertions = [
{
assertion = !(nvidiaEnabled && cfg.datacenter.enable);
message = "You cannot configure both X11 and Data Center drivers at the same time.";
}
];
extraPackages32 = [
nvidia_x11.lib32
];
};
environment.systemPackages = [
nvidia_x11.bin
];
})
# X11
(lib.mkIf nvidiaEnabled {
assertions = [
{
assertion = primeEnabled -> pCfg.intelBusId == "" || pCfg.amdgpuBusId == "";
message = "You cannot configure both an Intel iGPU and an AMD APU. Pick the one corresponding to your processor.";
}
boot = {
blacklistedKernelModules = [
"nouveau"
"nvidiafb"
];
{
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
message = "Offload command requires offloading or reverse prime sync to be enabled.";
}
{
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
message = "When NVIDIA PRIME is enabled, the GPU bus IDs must be configured.";
}
{
assertion = offloadCfg.enable -> lib.versionAtLeast nvidia_x11.version "435.21";
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
}
{
assertion = (reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> lib.versionAtLeast nvidia_x11.version "470.0";
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
}
{
assertion = !(syncCfg.enable && offloadCfg.enable);
message = "PRIME Sync and Offload cannot be both enabled";
}
{
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
}
{
assertion = !(syncCfg.enable && cfg.powerManagement.finegrained);
message = "Sync precludes powering down the NVIDIA GPU.";
}
{
assertion = cfg.powerManagement.finegrained -> offloadCfg.enable;
message = "Fine-grained power management requires offload to be enabled.";
}
{
assertion = cfg.powerManagement.enable -> lib.versionAtLeast nvidia_x11.version "430.09";
message = "Required files for driver based power management only exist on versions >= 430.09.";
}
{
assertion = cfg.open -> (cfg.package ? open && cfg.package ? firmware);
message = "This version of NVIDIA driver does not provide a corresponding opensource kernel driver";
}
{
assertion = cfg.dynamicBoost.enable -> lib.versionAtLeast nvidia_x11.version "510.39.01";
message = "NVIDIA's Dynamic Boost feature only exists on versions >= 510.39.01";
}];
# If Optimus/PRIME is enabled, we:
# - Specify the configured NVIDIA GPU bus ID in the Device section for the
# "nvidia" driver.
# - Add the AllowEmptyInitialConfiguration option to the Screen section for the
# "nvidia" driver, in order to allow the X server to start without any outputs.
# - Add a separate Device section for the Intel GPU, using the "modesetting"
# driver and with the configured BusID.
# - OR add a separate Device section for the AMD APU, using the "amdgpu"
# driver and with the configures BusID.
# - Reference that Device section from the ServerLayout section as an inactive
# device.
# - Configure the display manager to run specific `xrandr` commands which will
# configure/enable displays connected to the Intel iGPU / AMD APU.
# reverse sync implies offloading
hardware.nvidia.prime.offload.enable = lib.mkDefault reverseSyncCfg.enable;
services.xserver.drivers =
lib.optional primeEnabled {
name = igpuDriver;
display = offloadCfg.enable;
modules = lib.optional (igpuDriver == "amdgpu") pkgs.xorg.xf86videoamdgpu;
deviceSection =
''
BusID "${igpuBusId}"
''
+ lib.optionalString (syncCfg.enable && igpuDriver != "amdgpu") ''
Option "AccelMethod" "none"
'';
}
++ lib.singleton {
name = "nvidia";
modules = [nvidia_x11.bin];
display = !offloadCfg.enable;
deviceSection =
''
Option "SidebandSocketPath" "/run/nvidia-xdriver/"
'' +
lib.optionalString primeEnabled
''
BusID "${pCfg.nvidiaBusId}"
''
+ lib.optionalString pCfg.allowExternalGpu ''
Option "AllowExternalGpus"
'';
screenSection =
''
Option "RandRRotation" "on"
''
+ lib.optionalString syncCfg.enable ''
Option "AllowEmptyInitialConfiguration"
''
+ lib.optionalString cfg.forceFullCompositionPipeline ''
Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
Option "AllowIndirectGLXProtocol" "off"
Option "TripleBuffer" "on"
'';
# Don't add `nvidia-uvm` to `kernelModules`, because we want
# `nvidia-uvm` be loaded only after `udev` rules for `nvidia` kernel
# module are applied.
#
# Instead, we use `softdep` to lazily load `nvidia-uvm` kernel module
# after `nvidia` kernel module is loaded and `udev` rules are applied.
extraModprobeConfig = ''
softdep nvidia post: nvidia-uvm
'';
};
services.xserver.serverLayoutSection =
lib.optionalString syncCfg.enable ''
Inactive "Device-${igpuDriver}[0]"
''
+ lib.optionalString reverseSyncCfg.enable ''
Inactive "Device-nvidia[0]"
''
+ lib.optionalString offloadCfg.enable ''
Option "AllowNVIDIAGPUScreens"
systemd.tmpfiles.rules = lib.optional config.virtualisation.docker.enableNvidia "L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin";
services.udev.extraRules = ''
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c 195 255'"
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'for i in $$(cat /proc/driver/nvidia/gpus/*/information | grep Minor | cut -d \ -f 4); do mknod -m 666 /dev/nvidia$${i} c 195 $${i}; done'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c 195 254'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
'';
hardware.opengl = {
extraPackages = [ nvidia_x11.out ];
extraPackages32 = [ nvidia_x11.lib32 ];
};
environment.systemPackages = [ nvidia_x11.bin ];
})
# X11
(lib.mkIf nvidiaEnabled {
assertions = [
{
assertion = primeEnabled -> pCfg.intelBusId == "" || pCfg.amdgpuBusId == "";
message = "You cannot configure both an Intel iGPU and an AMD APU. Pick the one corresponding to your processor.";
}
services.xserver.displayManager.setupCommands = let
gpuProviderName =
if igpuDriver == "amdgpu"
then
# find the name of the provider if amdgpu
"`${lib.getExe pkgs.xorg.xrandr} --listproviders | ${lib.getExe pkgs.gnugrep} -i AMD | ${lib.getExe pkgs.gnused} -n 's/^.*name://p'`"
else igpuDriver;
providerCmdParams =
if syncCfg.enable
then "\"${gpuProviderName}\" NVIDIA-0"
else "NVIDIA-G0 \"${gpuProviderName}\"";
in
lib.optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
# Added by nvidia configuration module for Optimus/PRIME.
${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
${lib.getExe pkgs.xorg.xrandr} --auto
'';
{
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
message = "Offload command requires offloading or reverse prime sync to be enabled.";
}
environment.etc = {
"nvidia/nvidia-application-profiles-rc" = lib.mkIf nvidia_x11.useProfiles {source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";};
{
assertion =
primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
message = "When NVIDIA PRIME is enabled, the GPU bus IDs must be configured.";
}
# 'nvidia_x11' installs it's files to /run/opengl-driver/...
"egl/egl_external_platform.d".source = "/run/opengl-driver/share/egl/egl_external_platform.d/";
};
{
assertion = offloadCfg.enable -> lib.versionAtLeast nvidia_x11.version "435.21";
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
}
hardware.opengl = {
extraPackages = [
pkgs.nvidia-vaapi-driver
{
assertion =
(reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> lib.versionAtLeast nvidia_x11.version "470.0";
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
}
{
assertion = !(syncCfg.enable && offloadCfg.enable);
message = "PRIME Sync and Offload cannot be both enabled";
}
{
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
}
{
assertion = !(syncCfg.enable && cfg.powerManagement.finegrained);
message = "Sync precludes powering down the NVIDIA GPU.";
}
{
assertion = cfg.powerManagement.finegrained -> offloadCfg.enable;
message = "Fine-grained power management requires offload to be enabled.";
}
{
assertion = cfg.powerManagement.enable -> lib.versionAtLeast nvidia_x11.version "430.09";
message = "Required files for driver based power management only exist on versions >= 430.09.";
}
{
assertion = cfg.open -> (cfg.package ? open && cfg.package ? firmware);
message = "This version of NVIDIA driver does not provide a corresponding opensource kernel driver";
}
{
assertion = cfg.dynamicBoost.enable -> lib.versionAtLeast nvidia_x11.version "510.39.01";
message = "NVIDIA's Dynamic Boost feature only exists on versions >= 510.39.01";
}
];
extraPackages32 = [
pkgs.pkgsi686Linux.nvidia-vaapi-driver
];
};
environment.systemPackages =
lib.optional cfg.nvidiaSettings nvidia_x11.settings
++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced
++ lib.optional offloadCfg.enableOffloadCmd
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'');
systemd.packages = lib.optional cfg.powerManagement.enable nvidia_x11.out;
# If Optimus/PRIME is enabled, we:
# - Specify the configured NVIDIA GPU bus ID in the Device section for the
# "nvidia" driver.
# - Add the AllowEmptyInitialConfiguration option to the Screen section for the
# "nvidia" driver, in order to allow the X server to start without any outputs.
# - Add a separate Device section for the Intel GPU, using the "modesetting"
# driver and with the configured BusID.
# - OR add a separate Device section for the AMD APU, using the "amdgpu"
# driver and with the configures BusID.
# - Reference that Device section from the ServerLayout section as an inactive
# device.
# - Configure the display manager to run specific `xrandr` commands which will
# configure/enable displays connected to the Intel iGPU / AMD APU.
systemd.services = let
nvidiaService = state: {
description = "NVIDIA system ${state} actions";
path = [pkgs.kbd];
serviceConfig = {
Type = "oneshot";
ExecStart = "${nvidia_x11.out}/bin/nvidia-sleep.sh '${state}'";
# reverse sync implies offloading
hardware.nvidia.prime.offload.enable = lib.mkDefault reverseSyncCfg.enable;
services.xserver.drivers =
lib.optional primeEnabled {
name = igpuDriver;
display = offloadCfg.enable;
modules = lib.optional (igpuDriver == "amdgpu") pkgs.xorg.xf86videoamdgpu;
deviceSection =
''
BusID "${igpuBusId}"
''
+ lib.optionalString (syncCfg.enable && igpuDriver != "amdgpu") ''
Option "AccelMethod" "none"
'';
}
++ lib.singleton {
name = "nvidia";
modules = [ nvidia_x11.bin ];
display = !offloadCfg.enable;
deviceSection =
''
Option "SidebandSocketPath" "/run/nvidia-xdriver/"
''
+ lib.optionalString primeEnabled ''
BusID "${pCfg.nvidiaBusId}"
''
+ lib.optionalString pCfg.allowExternalGpu ''
Option "AllowExternalGpus"
'';
screenSection =
''
Option "RandRRotation" "on"
''
+ lib.optionalString syncCfg.enable ''
Option "AllowEmptyInitialConfiguration"
''
+ lib.optionalString cfg.forceFullCompositionPipeline ''
Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
Option "AllowIndirectGLXProtocol" "off"
Option "TripleBuffer" "on"
'';
};
before = ["systemd-${state}.service"];
requiredBy = ["systemd-${state}.service"];
services.xserver.serverLayoutSection =
lib.optionalString syncCfg.enable ''
Inactive "Device-${igpuDriver}[0]"
''
+ lib.optionalString reverseSyncCfg.enable ''
Inactive "Device-nvidia[0]"
''
+ lib.optionalString offloadCfg.enable ''
Option "AllowNVIDIAGPUScreens"
'';
services.xserver.displayManager.setupCommands =
let
gpuProviderName =
if igpuDriver == "amdgpu" then
# find the name of the provider if amdgpu
"`${lib.getExe pkgs.xorg.xrandr} --listproviders | ${lib.getExe pkgs.gnugrep} -i AMD | ${lib.getExe pkgs.gnused} -n 's/^.*name://p'`"
else
igpuDriver;
providerCmdParams =
if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
in
lib.optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
# Added by nvidia configuration module for Optimus/PRIME.
${lib.getExe pkgs.xorg.xrandr} --setprovideroutputsource ${providerCmdParams}
${lib.getExe pkgs.xorg.xrandr} --auto
'';
environment.etc = {
"nvidia/nvidia-application-profiles-rc" = lib.mkIf nvidia_x11.useProfiles {
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
};
# 'nvidia_x11' installs it's files to /run/opengl-driver/...
"egl/egl_external_platform.d".source = "/run/opengl-driver/share/egl/egl_external_platform.d/";
};
in
lib.mkMerge [
(lib.mkIf cfg.powerManagement.enable {
nvidia-suspend = nvidiaService "suspend";
nvidia-hibernate = nvidiaService "hibernate";
nvidia-resume =
(nvidiaService "resume")
// {
before = [];
after = ["systemd-suspend.service" "systemd-hibernate.service"];
requiredBy = ["systemd-suspend.service" "systemd-hibernate.service"];
};
})
(lib.mkIf cfg.nvidiaPersistenced {
"nvidia-persistenced" = {
description = "NVIDIA Persistence Daemon";
wantedBy = ["multi-user.target"];
hardware.opengl = {
extraPackages = [ pkgs.nvidia-vaapi-driver ];
extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
};
environment.systemPackages =
lib.optional cfg.nvidiaSettings nvidia_x11.settings
++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced
++ lib.optional offloadCfg.enableOffloadCmd (
pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
''
);
systemd.packages = lib.optional cfg.powerManagement.enable nvidia_x11.out;
systemd.services =
let
nvidiaService = state: {
description = "NVIDIA system ${state} actions";
path = [ pkgs.kbd ];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid";
ExecStart = "${lib.getExe nvidia_x11.persistenced} --verbose";
ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced";
Type = "oneshot";
ExecStart = "${nvidia_x11.out}/bin/nvidia-sleep.sh '${state}'";
};
before = [ "systemd-${state}.service" ];
requiredBy = [ "systemd-${state}.service" ];
};
})
(lib.mkIf cfg.dynamicBoost.enable {
"nvidia-powerd" = {
description = "nvidia-powerd service";
path = [
pkgs.util-linux # nvidia-powerd wants lscpu
];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "dbus";
BusName = "nvidia.powerd.server";
ExecStart = "${nvidia_x11.bin}/bin/nvidia-powerd";
in
lib.mkMerge [
(lib.mkIf cfg.powerManagement.enable {
nvidia-suspend = nvidiaService "suspend";
nvidia-hibernate = nvidiaService "hibernate";
nvidia-resume = (nvidiaService "resume") // {
before = [ ];
after = [
"systemd-suspend.service"
"systemd-hibernate.service"
];
requiredBy = [
"systemd-suspend.service"
"systemd-hibernate.service"
];
};
};
})
];
services.acpid.enable = true;
})
(lib.mkIf cfg.nvidiaPersistenced {
"nvidia-persistenced" = {
description = "NVIDIA Persistence Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid";
ExecStart = "${lib.getExe nvidia_x11.persistenced} --verbose";
ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced";
};
};
})
(lib.mkIf cfg.dynamicBoost.enable {
"nvidia-powerd" = {
description = "nvidia-powerd service";
path = [
pkgs.util-linux # nvidia-powerd wants lscpu
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "dbus";
BusName = "nvidia.powerd.server";
ExecStart = "${nvidia_x11.bin}/bin/nvidia-powerd";
};
};
})
];
services.acpid.enable = true;
services.dbus.packages = lib.optional cfg.dynamicBoost.enable nvidia_x11.bin;
services.dbus.packages = lib.optional cfg.dynamicBoost.enable nvidia_x11.bin;
hardware.firmware = lib.optional cfg.open nvidia_x11.firmware;
hardware.firmware =
let
isOpen = cfg.open;
isNewUnfree = lib.versionAtLeast nvidia_x11.version "555";
in
lib.optional (isOpen || isNewUnfree) nvidia_x11.firmware;
systemd.tmpfiles.rules = [
# Remove the following log message:
# (WW) NVIDIA: Failed to bind sideband socket to
# (WW) NVIDIA: '/var/run/nvidia-xdriver-b4f69129' Permission denied
#
# https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115
"d /run/nvidia-xdriver 0770 root users"
] ++ lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
systemd.tmpfiles.rules =
[
# Remove the following log message:
# (WW) NVIDIA: Failed to bind sideband socket to
# (WW) NVIDIA: '/var/run/nvidia-xdriver-b4f69129' Permission denied
#
# https://bbs.archlinux.org/viewtopic.php?pid=1909115#p1909115
"d /run/nvidia-xdriver 0770 root users"
]
++ lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
boot = {
extraModulePackages =
if cfg.open
then [nvidia_x11.open]
else [nvidia_x11.bin];
# nvidia-uvm is required by CUDA applications.
kernelModules =
lib.optionals config.services.xserver.enable ["nvidia" "nvidia_modeset" "nvidia_drm"];
boot = {
extraModulePackages = if cfg.open then [ nvidia_x11.open ] else [ nvidia_x11.bin ];
# nvidia-uvm is required by CUDA applications.
kernelModules = lib.optionals config.services.xserver.enable [
"nvidia"
"nvidia_modeset"
"nvidia_drm"
];
# If requested enable modesetting via kernel parameter.
kernelParams =
lib.optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1"
++ lib.optional cfg.powerManagement.enable "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
++ lib.optional cfg.open "nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
++ lib.optional (config.boot.kernelPackages.kernel.kernelAtLeast "6.2" && !ibtSupport) "ibt=off";
# If requested enable modesetting via kernel parameter.
kernelParams =
lib.optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1"
++ lib.optional cfg.powerManagement.enable "nvidia.NVreg_PreserveVideoMemoryAllocations=1"
++ lib.optional cfg.open "nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
++ lib.optional (config.boot.kernelPackages.kernel.kernelAtLeast "6.2" && !ibtSupport) "ibt=off";
# enable finegrained power management
extraModprobeConfig = lib.optionalString cfg.powerManagement.finegrained ''
options nvidia "NVreg_DynamicPowerManagement=0x02"
'';
};
services.udev.extraRules =
lib.optionalString cfg.powerManagement.finegrained (
lib.optionalString (lib.versionOlder config.boot.kernelPackages.kernel.version "5.5") ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# enable finegrained power management
extraModprobeConfig = lib.optionalString cfg.powerManagement.finegrained ''
options nvidia "NVreg_DynamicPowerManagement=0x02"
'';
};
services.udev.extraRules = lib.optionalString cfg.powerManagement.finegrained (
lib.optionalString (lib.versionOlder config.boot.kernelPackages.kernel.version "5.5") ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
''
+ ''
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
''
+ ''
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
''
);
})
# Data Center
(lib.mkIf (cfg.datacenter.enable) {
boot.extraModulePackages = [
nvidia_x11.bin
];
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
''
);
})
# Data Center
(lib.mkIf (cfg.datacenter.enable) {
boot.extraModulePackages = [ nvidia_x11.bin ];
systemd = {
tmpfiles.rules =
lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
systemd = {
tmpfiles.rules =
lib.optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
services = lib.mkMerge [
({
nvidia-fabricmanager = {
enable = true;
description = "Start NVIDIA NVLink Management";
wantedBy = [ "multi-user.target" ];
unitConfig.After = [ "network-online.target" ];
unitConfig.Requires = [ "network-online.target" ];
serviceConfig = {
Type = "forking";
TimeoutStartSec = 240;
ExecStart = let
nv-fab-conf = settingsFormat.generate "fabricmanager.conf" cfg.datacenter.settings;
in
services = lib.mkMerge [
({
nvidia-fabricmanager = {
enable = true;
description = "Start NVIDIA NVLink Management";
wantedBy = [ "multi-user.target" ];
unitConfig.After = [ "network-online.target" ];
unitConfig.Requires = [ "network-online.target" ];
serviceConfig = {
Type = "forking";
TimeoutStartSec = 240;
ExecStart =
let
nv-fab-conf = settingsFormat.generate "fabricmanager.conf" cfg.datacenter.settings;
in
"${lib.getExe nvidia_x11.fabricmanager} -c ${nv-fab-conf}";
LimitCORE="infinity";
LimitCORE = "infinity";
};
};
};
})
(lib.mkIf cfg.nvidiaPersistenced {
"nvidia-persistenced" = {
description = "NVIDIA Persistence Daemon";
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid";
ExecStart = "${lib.getExe nvidia_x11.persistenced} --verbose";
ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced";
})
(lib.mkIf cfg.nvidiaPersistenced {
"nvidia-persistenced" = {
description = "NVIDIA Persistence Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid";
ExecStart = "${lib.getExe nvidia_x11.persistenced} --verbose";
ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced";
};
};
};
})
];
};
})
];
};
environment.systemPackages =
lib.optional cfg.datacenter.enable nvidia_x11.fabricmanager
++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced;
})
]);
environment.systemPackages =
lib.optional cfg.datacenter.enable nvidia_x11.fabricmanager
++ lib.optional cfg.nvidiaPersistenced nvidia_x11.persistenced;
})
]
);
}

1
nixos/tests/systemd-initrd-luks-fido2.nix
View File

@ -9,7 +9,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
# Booting off the encrypted disk requires having a Nix store available for the init script
mountHostNixStore = true;
useEFIBoot = true;
qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
};
boot.loader.systemd-boot.enable = true;

8
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -27,11 +27,11 @@
version = "2024-04-10";
};
ungoogled-patches = {
hash = "sha256-I3RQBa4LLuOdZQFKHIqePj9Ozw61dsuAOctqN1abij0=";
rev = "125.0.6422.60-1";
hash = "sha256-bGc8hQnuiGot0kThSAi4AFAwmvrNPs1bR7oZx2XoAGo=";
rev = "125.0.6422.76-1";
};
};
hash = "sha256-ewX7oRna7IYCXhAe98HS5HbS1psIEAguhZJ1ymK+dPE=";
version = "125.0.6422.60";
hash = "sha256-m7WeRloS6tGH2AwhkNicpqThUQmS+9w2xFS2dbmu1vw=";
version = "125.0.6422.76";
};
}

4
pkgs/applications/networking/cluster/cni/plugins.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "cni-plugins";
version = "1.4.1";
version = "1.5.0";
src = fetchFromGitHub {
owner = "containernetworking";
repo = "plugins";
rev = "v${version}";
hash = "sha256-co4jThsUR070aJh1hgXHT6QKW22d8UCmogtZYc4nzlA=";
hash = "sha256-gJp1w2H+hPSSu1Y4BY9Sa8lLnhpiZJu2Dz9OenYlQFo=";
};
vendorHash = null;

12
pkgs/applications/networking/instant-messengers/qq/sources.nix
View File

@ -1,9 +1,9 @@
# Generated by ./update.sh - do not update manually!
# Last updated: 2024-04-27
# Last updated: 2024-05-21
{
version = "3.2.7";
amd64_url = "https://dldir1.qq.com/qqfile/qq/QQNT/Linux/QQ_3.2.7_240422_amd64_01.deb";
arm64_url = "https://dldir1.qq.com/qqfile/qq/QQNT/Linux/QQ_3.2.7_240422_arm64_01.deb";
arm64_hash = "sha256-MrLkPHri3ifVy3+WNNs/CKK4Myztw8ZjWFEZDr27mpM=";
amd64_hash = "sha256-eZMzMaqCF514Wij8BZ0sLoyzjKNArLSFe92tN9WAiu0=";
version = "3.2.8";
amd64_url = "https://dldir1.qq.com/qqfile/qq/QQNT/Linux/QQ_3.2.8_240520_amd64_01.deb";
arm64_url = "https://dldir1.qq.com/qqfile/qq/QQNT/Linux/QQ_3.2.8_240520_arm64_01.deb";
arm64_hash = "sha256-qSv7GqnXvp8IFh3krcJlKheRn4sF4cr4+ZItd2y8JUg=";
amd64_hash = "sha256-0j4hLSbPgKQOPqtESZqnZYbq3j/CYNG58XEpT7UHOT8=";
}

4
pkgs/applications/radio/cloudlog/default.nix
View File

@ -8,13 +8,13 @@
stdenvNoCC.mkDerivation rec {
pname = "cloudlog";
version = "2.6.11";
version = "2.6.12";
src = fetchFromGitHub {
owner = "magicbug";
repo = "Cloudlog";
rev = version;
hash = "sha256-9JGhMCypoKOh1Gy1DdK7nrma+L4sJsYN/iuNhBPmHPA=";
hash = "sha256-djY+TqkA+YFCmUwZd1x4YeJDOS6ZtxDb4EhBmyftSzI=";
};
postPatch = ''

4
pkgs/applications/virtualization/cri-o/default.nix
View File

@ -15,13 +15,13 @@
buildGoModule rec {
pname = "cri-o";
version = "1.30.0";
version = "1.30.1";
src = fetchFromGitHub {
owner = "cri-o";
repo = "cri-o";
rev = "v${version}";
hash = "sha256-gsC6e0wQowgskUazuqQRtO7ra5Wg9RU8+k3LFqIReJk=";
hash = "sha256-3TO7pPDIYxlWXWNIAqCMWPCFPRxG6k6ilL2wDiAXFVY=";
};
vendorHash = null;

41
pkgs/applications/virtualization/qemu/canokey-qemu-memcpy.patch Normal file
View File

@ -0,0 +1,41 @@
From 9e59480d941c40b868ebafa5138bbc71ca87f08e Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Sat, 18 May 2024 09:55:17 +0200
Subject: [PATCH] Fix build where memcpy is a macro
I got the following compiler error with Clang 16 building for
x86_64-apple-darwin:
/tmp/nix-build-canokey-qemu-0-unstable-2023-06-06.drv-0/source/canokey-core/applets/oath/oath.c:44:50: error: too many arguments provided to function-like macro invocation
memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
^
/nix/store/vw8y07yai2pjv02s1piw3r5cyhmjbddf-Libsystem-1238.60.2/include/secure/_string.h:64:9: note: macro 'memcpy' defined here
#define memcpy(dest, src, len) \
^
/tmp/nix-build-canokey-qemu-0-unstable-2023-06-06.drv-0/source/canokey-core/applets/oath/oath.c:44:3: note: parentheses are required around macro argument containing braced initializer list
memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
^
( )
1 error generated.
Link: https://github.com/canokeys/canokey-core/pull/85
---
canokey-core/applets/oath/oath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/canokey-core/applets/oath/oath.c b/canokey-core/applets/oath/oath.c
index bd8361a..2d2c0ef 100644
--- a/canokey-core/applets/oath/oath.c
+++ b/canokey-core/applets/oath/oath.c
@@ -41,7 +41,7 @@ int oath_install(uint8_t reset) {
static int oath_select(const CAPDU *capdu, RAPDU *rapdu) {
if (P2 != 0x00) EXCEPT(SW_WRONG_P1P2);
- memcpy(RDATA, (uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}, 7);
+ memcpy(RDATA, ((uint8_t[]){OATH_TAG_VERSION, 3, 0x05, 0x05, 0x05, OATH_TAG_NAME, HANDLE_LEN}), 7);
if (read_attr(OATH_FILE, ATTR_HANDLE, RDATA + 7, HANDLE_LEN) < 0) return -1;
LL = 7 + HANDLE_LEN;
--
2.44.0

24
pkgs/applications/virtualization/qemu/canokey-qemu.nix
View File

@ -3,29 +3,47 @@
stdenv,
fetchFromGitHub,
cmake,
unstableGitUpdater,
}:
stdenv.mkDerivation rec {
pname = "canokey-qemu";
version = "unstable-2022-06-23";
rev = "b70af31229f1858089c3366f71b8d771de4a1e84";
version = "0-unstable-2023-06-06";
rev = "151568c34f5e92b086b7a3a62a11c43dd39f628b";
src = fetchFromGitHub {
owner = "canokeys";
repo = "canokey-qemu";
inherit rev;
fetchSubmodules = true;
hash = "sha256-VJb59K/skx+DhoJs5qGUu070hAjQZC2Z6hAMXuX0bMw=";
hash = "sha256-4V/2UOgGWgL+tFJO/k90bCDjWSVyIpxw3nYi9NU/OxA=";
};
patches = [
./canokey-qemu-memcpy.patch
];
postPatch = ''
substituteInPlace canokey-core/CMakeLists.txt \
--replace "COMMAND git describe --always --tags --long --abbrev=8 --dirty >>" "COMMAND echo '$rev' >>"
'';
preConfigure = ''
cmakeFlagsArray+=(
-DCMAKE_C_FLAGS=${lib.escapeShellArg ([
"-Wno-error=unused-but-set-parameter"
"-Wno-error=unused-but-set-variable"
] ++ lib.optionals stdenv.cc.isClang [
"-Wno-error=documentation"
])}
)
'';
outputs = [ "out" "dev" ];
nativeBuildInputs = [ cmake ];
passthru.updateScript = unstableGitUpdater { };
meta = with lib; {
homepage = "https://github.com/canokeys/canokey-qemu";
description = "CanoKey QEMU Virt Card";

2
pkgs/applications/virtualization/qemu/default.nix
View File

@ -29,7 +29,7 @@
, smbdSupport ? false, samba
, tpmSupport ? !toolsOnly
, uringSupport ? stdenv.isLinux, liburing
, canokeySupport ? false, canokey-qemu
, canokeySupport ? !toolsOnly, canokey-qemu
, capstoneSupport ? !toolsOnly, capstone
, enableDocs ? true
, hostCpuOnly ? false

27
pkgs/by-name/im/immich-go/package.nix
View File

@ -1,16 +1,30 @@
{ lib, buildGoModule, fetchFromGitHub, nix-update-script, testers, immich-go }:
buildGoModule rec {
pname = "immich-go";
version = "0.13.2";
version = "0.14.1";
src = fetchFromGitHub {
owner = "simulot";
repo = "immich-go";
rev = "${version}";
hash = "sha256-zYqPPLDfBx4FLvZIo5E6nAeIiFfBCLI00xLieXFkMxs=";
hash = "sha256-5dgEyg55ffJLH8zxp6mFVsUqAzyPnY18XnX+jMethUc=";
# Inspired by: https://github.com/NixOS/nixpkgs/blob/f2d7a289c5a5ece8521dd082b81ac7e4a57c2c5c/pkgs/applications/graphics/pdfcpu/default.nix#L20-L32
# The intention here is to write the information into files in the `src`'s
# `$out`, and use them later in other phases (in this case `preBuild`).
# In order to keep determinism, we also delete the `.git` directory
# afterwards, imitating the default behavior of `leaveDotGit = false`.
# More info about git log format can be found at `git-log(1)` manpage.
leaveDotGit = true;
postFetch = ''
cd "$out"
git log -1 --pretty=%H > "COMMIT"
git log -1 --pretty=%cd --date=format:'%Y-%m-%dT%H:%M:%SZ' > "SOURCE_DATE"
rm -rf ".git"
'';
};
vendorHash = "sha256-Y5BujN2mk662oKxQpenjFlxazST2GqWr9ug0sOsxKbY=";
vendorHash = "sha256-nOJJz5KEXqxl3tP1Q12Cb/fugtxR67RjzH6khKg3ppE=";
# options used by upstream:
# https://github.com/simulot/immich-go/blob/0.13.2/.goreleaser.yaml
@ -19,10 +33,13 @@ buildGoModule rec {
"-w"
"-extldflags=-static"
"-X main.version=${version}"
"-X main.commit=${version}"
"-X main.date=unknown"
];
preBuild = ''
ldflags+=" -X main.commit=$(cat COMMIT)"
ldflags+=" -X main.date=$(cat SOURCE_DATE)"
'';
passthru = {
updateScript = nix-update-script { };
tests.versionTest = testers.testVersion {

6
pkgs/by-name/mi/mihomo/package.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "mihomo";
version = "1.18.4";
version = "1.18.5";
src = fetchFromGitHub {
owner = "MetaCubeX";
repo = "mihomo";
rev = "v${version}";
hash = "sha256-mqNcMB2nb8+e9XEGKqwaBE/nC4+jRaEFxE17e0JTo8Y=";
hash = "sha256-YNnZ/wlOzmTAD76py4CRlClPi2S1b4PaanCfT/Q426A=";
};
vendorHash = "sha256-9Ey4roUm/Y6GfFmLD6ij/A+YIgetStawWmhD+Iq3qc8=";
vendorHash = "sha256-yBQ4Nt03VS2em6vkzMa1WH9jHc6pwdlW0tt9cth55oQ=";
excludedPackages = [ "./test" ];

6
pkgs/by-name/pg/pgroll/package.nix
View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "pgroll";
version = "0.5.0";
version = "0.6.0";
src = fetchFromGitHub {
owner = "xataio";
repo = "pgroll";
rev = "v${version}";
hash = "sha256-VYGwIJsPVilFxvglj+E7H9NpqUV1CV/ggBP3gFleWIA=";
hash = "sha256-XZrgJZR6CWdQWgGMXlEyZ5De6bu/u7+YvYvq6id9YzM=";
};
vendorHash = "sha256-Fz+o1jSoMfqKYo1I7VUFqbhBEgcoQEx7aYsmzCLsbnI=";
vendorHash = "sha256-+6HpxqQxGpIAyfn+38UeW2ksv5WyX67AT5e9JgQBI+k=";
# Tests require a running docker daemon
doCheck = false;

0
pkgs/applications/editors/pulsar/001-patch-wrapper.patch → pkgs/by-name/pu/pulsar/001-patch-wrapper.patch
View File

16
pkgs/applications/editors/pulsar/default.nix → pkgs/by-name/pu/pulsar/package.nix
View File

@ -34,13 +34,13 @@
let
pname = "pulsar";
version = "1.114.0";
version = "1.117.0";
sourcesPath = {
x86_64-linux.tarname = "Linux.${pname}-${version}.tar.gz";
x86_64-linux.hash = "sha256-O//dowoMgQfS3hq088IKr5aJd5St9zpT/ypfuswnyv0=";
x86_64-linux.hash = "sha256-iDQV4wcb+TY5qv8X6UW6PumK9+i5cn705ZzCSx5VgMs=";
aarch64-linux.tarname = "ARM.Linux.${pname}-${version}-arm64.tar.gz";
aarch64-linux.hash = "sha256-EzCTB1Ib9cTbslEdXPsS5gehHr1qd5v4iZgOqpxhUmA=";
aarch64-linux.hash = "sha256-NJc6CQA7ZCX70ui+QcVcLW2qxM05A93yqpiiW+YosGc=";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
newLibpath = lib.makeLibraryPath [
@ -219,17 +219,17 @@ stdenv.mkDerivation rec {
passthru.updateScript = ./update.mjs;
meta = with lib; {
meta = {
description = "A Community-led Hyper-Hackable Text Editor";
longDescription = ''
A Community-led Hyper-Hackable Text Editor, Forked from Atom, built on Electron.
Designed to be deeply customizable, but still approachable using the default configuration.
'';
homepage = "https://github.com/pulsar-edit/pulsar";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.mit;
platforms = platforms.linux;
maintainers = with maintainers; [ bryango ];
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
license = lib.licenses.mit;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ bryango ];
knownVulnerabilities = [
"CVE-2023-5217"
"CVE-2022-21718"

0
pkgs/applications/editors/pulsar/pulsar.nemo_action → pkgs/by-name/pu/pulsar/pulsar.nemo_action
View File

0
pkgs/applications/editors/pulsar/update.mjs → pkgs/by-name/pu/pulsar/update.mjs
View File

19
pkgs/development/compilers/unison/default.nix
View File

@ -4,24 +4,26 @@
, gmp
, less
, makeWrapper
, libb2
, ncurses6
, openssl
, stdenv
, zlib
}:
stdenv.mkDerivation (finalAttrs: {
pname = "unison-code-manager";
version = "0.5.19";
version = "0.5.20";
src = if stdenv.isDarwin then
fetchurl {
url = "https://github.com/unisonweb/unison/releases/download/release/${finalAttrs.version}/ucm-macos.tar.gz";
hash = "sha256-//bjpmW45BqBHmBIj2uMahYQYjhNJ8hvGh+O/7oYQOk=";
hash = "sha256-jhI3qy2ov8bf3l1n0wsslWT70LDeQ6sGNSH62VFJ5cE=";
}
else
fetchurl {
url = "https://github.com/unisonweb/unison/releases/download/release/${finalAttrs.version}/ucm-linux.tar.gz";
hash = "sha256-3WyiV6mIuo5GDpDK/KdWMvj22sZ3uph15u3v3TX5YZA=";
hash = "sha256-MOm0RsMFWGik2OL2MPkgmHqKYNO28fkZHVJ/6P3aIww=";
};
# The tarball is just the prebuilt binary, in the archive root.
@ -31,14 +33,17 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = [ makeWrapper ]
++ lib.optional (!stdenv.isDarwin) autoPatchelfHook;
buildInputs = lib.optionals (!stdenv.isDarwin) [ ncurses6 zlib gmp ];
buildInputs = lib.optionals (!stdenv.isDarwin) [ gmp ncurses6 zlib ];
installPhase = ''
mkdir -p $out/bin
mv ucm $out/bin
mkdir -p $out/{bin,lib}
mv runtime $out/lib/runtime
mv ui $out/ui
wrapProgram $out/bin/ucm \
mv unison $out/unison
makeWrapper $out/unison/unison $out/bin/ucm \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ libb2 openssl ]} \
--prefix PATH ":" "${lib.makeBinPath [ less ]}" \
--add-flags "--runtime-path $out/lib/runtime/bin/unison-runtime" \
--set UCM_WEB_UI "$out/ui"
'';

6
pkgs/development/interpreters/wasmtime/default.nix
View File

@ -2,19 +2,19 @@
rustPlatform.buildRustPackage rec {
pname = "wasmtime";
version = "20.0.2";
version = "21.0.0";
src = fetchFromGitHub {
owner = "bytecodealliance";
repo = pname;
rev = "v${version}";
hash = "sha256-zXBVqSBq/dLY8oEs0dNZxtjs4H1aKTJYeeazysHvh3w=";
hash = "sha256-2iCtAgOhO7ydmaSKFFdiMMImrJHv53EtVeJ6tn3F7/Y=";
fetchSubmodules = true;
};
# Disable cargo-auditable until https://github.com/rust-secure-code/cargo-auditable/issues/124 is solved.
auditable = false;
cargoHash = "sha256-jFqLUWdW/UfOc843aWO7RNDx1E6sBhUWB5Xw2+A2u90=";
cargoHash = "sha256-vYOSX01jYJ4x6QaGazYXA1QJiR501zlaV3QZfeDDUdw=";
cargoBuildFlags = [ "--package" "wasmtime-cli" "--package" "wasmtime-c-api" ];
outputs = [ "out" "dev" ];

4
pkgs/development/python-modules/django-modeltranslation/default.nix
View File

@ -11,7 +11,7 @@
let
# 0.18.12 was yanked from PyPI, it refers to this issue:
# https://github.com/deschler/django-modeltranslation/issues/701
version = "0.18.12";
version = "0.18.13";
in
buildPythonPackage {
pname = "django-modeltranslation";
@ -21,7 +21,7 @@ buildPythonPackage {
owner = "deschler";
repo = "django-modeltranslation";
rev = "refs/tags/v${version}";
hash = "sha256-6rAAu3Fd4D93rX8kvkcqhykzBu/lDByQ6zpjWq7J8mg=";
hash = "sha256-9tfB5/XMLnwn+AgaT9TkHtc3HcHiD4pme/+BW1uztIs=";
};
# Remove all references to pytest-cov

1
pkgs/development/python-modules/mitmproxy-macos/default.nix
View File

@ -33,5 +33,6 @@ buildPythonPackage rec {
license = licenses.mit;
maintainers = with maintainers; [ boltzmannrain ];
platforms = platforms.darwin;
broken = true; # last successful build 2023-12-04
};
}

3
pkgs/development/rocm-modules/6/default.nix
View File

@ -115,8 +115,7 @@ in rec {
};
rocgdb = callPackage ./rocgdb {
inherit rocmUpdateScript;
elfutils = elfutils.override { enableDebuginfod = true; };
inherit rocmUpdateScript rocdbgapi;
stdenv = llvm.rocmClangStdenv;
};

52
pkgs/development/rocm-modules/6/rocgdb/default.nix
View File

@ -6,11 +6,16 @@
, texinfo
, bison
, flex
, glibc
, zlib
, elfutils
, gmp
, mpfr
, ncurses
, expat
, rocdbgapi
, python3
, babeltrace
, sourceHighlight
}:
stdenv.mkDerivation (finalAttrs: {
@ -33,12 +38,53 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [
zlib
elfutils
gmp
mpfr
ncurses
expat
rocdbgapi
python3
babeltrace
sourceHighlight
];
configureFlags = [
# Ensure we build the amdgpu traget
"--enable-targets=${stdenv.targetPlatform.config},amdgcn-amd-amdhsa"
"--with-amd-dbgapi=yes"
"--with-iconv-path=${glibc.bin}"
"--enable-tui"
"--with-babeltrace"
"--with-python=python3"
"--with-system-zlib"
"--enable-64-bit-bfd"
"--with-gmp=${gmp.dev}"
"--with-mpfr=${mpfr.dev}"
"--with-expat"
"--with-libexpat-prefix=${expat.dev}"
# So the installed binary is called "rocgdb" instead on plain "gdb"
"--program-prefix=roc"
# Disable building many components not used or incompatible with the amdgcn target
"--disable-sim"
"--disable-gdbserver"
"--disable-ld"
"--disable-gas"
"--disable-gdbserver"
"--disable-sim"
"--disable-gdbtk"
"--disable-gprofng"
"--disable-shared"
];
# The source directory for ROCgdb (based on upstream GDB) contains multiple project
# of GNUs toolchain (binutils and onther), we only need to install the GDB part.
installPhase = ''
make install-gdb
'';
# `-Wno-format-nonliteral` doesn't work
env.NIX_CFLAGS_COMPILE = "-Wno-error=format-security";
@ -51,7 +97,7 @@ stdenv.mkDerivation (finalAttrs: {
meta = with lib; {
description = "ROCm source-level debugger for Linux, based on GDB";
homepage = "https://github.com/ROCm/ROCgdb";
license = with licenses; [ gpl2 gpl3 bsd3 ];
license = licenses.gpl3Plus;
maintainers = teams.rocm.members;
platforms = platforms.linux;
broken = versionAtLeast finalAttrs.version "7.0.0";

4
pkgs/development/tools/continuous-integration/cirrus-cli/default.nix
View File

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "cirrus-cli";
version = "0.117.0";
version = "0.118.0";
src = fetchFromGitHub {
owner = "cirruslabs";
repo = pname;
rev = "v${version}";
sha256 = "sha256-dJq2/XxhSvqlRQwMHX2RHct6KQu9uik3SPeWD2/rwto=";
sha256 = "sha256-b3riwH3/hsn5PL3QYk/TzVrMpVCVaFxn9gbEn0oTILQ=";
};
vendorHash = "sha256-d3cHXO4SFeNybiVDc3dUmd1XzUJ1SlMqSw7KPC3ZrXQ=";

12
pkgs/development/tools/okteto/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "okteto";
version = "2.26.1";
version = "2.27.1";
src = fetchFromGitHub {
owner = "okteto";
repo = "okteto";
rev = version;
hash = "sha256-bWyerkXmAto0c/LYybUSRctajmL1R0PldfpKsh8crfA=";
hash = "sha256-CpU29+dVC/OHZdVtbQKSUwoBHsUUb2ZmBNtU1YSa/UA=";
};
vendorHash = "sha256-cYiyKNpsMfjqLL+6Q/s3nHRcj2y0DHuOu+S5GndLHxk=";
vendorHash = "sha256-RpkKWz/cJ1StbpVydqpSfA6uwIYgKa1YOCJVXZRer6k=";
postPatch = ''
# Disable some tests that need file system & network access.
@ -21,6 +21,8 @@ buildGoModule rec {
nativeBuildInputs = [ installShellFiles ];
excludedPackages = [ "integration" "samples" ];
ldflags = [
"-s"
"-w"
@ -30,7 +32,7 @@ buildGoModule rec {
tags = [ "osusergo" "netgo" "static_build" ];
preCheck = ''
export HOME=$(mktemp -d)
export HOME="$(mktemp -d)"
'';
checkFlags = [
@ -46,7 +48,7 @@ buildGoModule rec {
passthru.tests.version = testers.testVersion {
package = okteto;
command = "HOME=$(mktemp -d) okteto version";
command = "HOME=\"$(mktemp -d)\" okteto version";
};
meta = with lib; {

6
pkgs/development/tools/ols/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation {
pname = "ols";
version = "0-unstable-2024-05-11";
version = "0-unstable-2024-05-18";
src = fetchFromGitHub {
owner = "DanielGavin";
repo = "ols";
rev = "30625d5568c085c622deece91ed8ac9e81ba28be";
hash = "sha256-iBrXpLrnBL5W47Iz0Uy4nd5h/ADqSnxZt2jWQi9eYiM=";
rev = "b5b6733320bd866b6895cc2f44910f180dda4e0b";
hash = "sha256-Mok77ioHklE3jeSFT2um1XgrnRuQf0ysDcTo3Fjukmk=";
};
passthru.updateScript = unstableGitUpdater {

19
pkgs/development/tools/profiling/heaptrack/default.nix
View File

@ -1,5 +1,5 @@
{
lib, mkDerivation, fetchFromGitHub, cmake, extra-cmake-modules,
lib, stdenv, mkDerivation, fetchFromGitHub, cmake, extra-cmake-modules, makeBinaryWrapper,
zlib, boost179, libunwind, elfutils, sparsehash, zstd,
qtbase, kio, kitemmodels, threadweaver, kconfigwidgets, kcoreaddons, kdiagram
}:
@ -12,20 +12,29 @@ mkDerivation rec {
owner = "KDE";
repo = "heaptrack";
rev = "v${version}";
sha256 = "sha256-pP+s60ERnmOctYTe/vezCg0VYzziApNY0QaF3aTccZU=";
hash = "sha256-pP+s60ERnmOctYTe/vezCg0VYzziApNY0QaF3aTccZU=";
};
nativeBuildInputs = [ cmake extra-cmake-modules ];
nativeBuildInputs = [ cmake extra-cmake-modules makeBinaryWrapper ];
buildInputs = [
zlib boost179 libunwind elfutils sparsehash zstd
zlib boost179 libunwind sparsehash zstd
qtbase kio kitemmodels threadweaver kconfigwidgets kcoreaddons kdiagram
] ++ lib.optionals stdenv.hostPlatform.isLinux [
elfutils
];
postInstall = lib.optionalString stdenv.hostPlatform.isDarwin ''
makeWrapper \
$out/Applications/KDE/heaptrack_gui.app/Contents/MacOS/heaptrack_gui \
$out/bin/heaptrack_gui
'';
meta = with lib; {
description = "Heap memory profiler for Linux";
homepage = "https://github.com/KDE/heaptrack";
license = licenses.lgpl21Plus;
mainProgram = "heaptrack_gui";
maintainers = with maintainers; [ gebner ];
platforms = platforms.linux;
platforms = platforms.unix;
};
}

12
pkgs/games/chiaki4deck/default.nix
View File

@ -17,6 +17,7 @@
, SDL2
, libevdev
, udev
, curlFull
, hidapi
, json_c
, fftw
@ -66,6 +67,7 @@ stdenv.mkDerivation rec {
qtwebengine
protobuf
SDL2
curlFull
hidapi
json_c
fftw
@ -82,8 +84,18 @@ stdenv.mkDerivation rec {
xxHash
];
# handle cmake not being able to identify if curl is built with websocket support, and library name discrepancy when curl not built with cmake
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace-fail ' WS WSS' ""
substituteInPlace lib/CMakeLists.txt \
--replace-fail 'libcurl_shared' 'libcurl'
'';
cmakeFlags = [
"-Wno-dev"
(lib.cmakeFeature "CHIAKI_USE_SYSTEM_CURL" "true")
];
qtWrapperArgs = [

14
pkgs/os-specific/linux/nvidia-x11/default.nix
View File

@ -51,14 +51,12 @@ rec {
});
beta = selectHighestVersion latest (generic {
version = "550.40.07";
sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0=";
sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4=";
openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs=";
persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
patches = [ rcu_patch ];
version = "555.42.02";
sha256_64bit = "sha256-k7cI3ZDlKp4mT46jMkLaIrc2YUx1lh1wj/J4SVSHWyk=";
sha256_aarch64 = "sha256-ekx0s0LRxxTBoqOzpcBhEKIj/JnuRCSSHjtwng9qAc0=";
openSha256 = "sha256-3/eI1VsBzuZ3Y6RZmt3Q5HrzI2saPTqUNs6zPh5zy6w=";
settingsSha256 = "sha256-rtDxQjClJ+gyrCLvdZlT56YyHQ4sbaL+d5tL4L4VfkA=";
persistencedSha256 = "sha256-3ae31/egyMKpqtGEqgtikWcwMwfcqMv2K4MVFa70Bqs=";
});
# Vulkan developer beta driver

16
pkgs/servers/mail/mailman/web.nix
View File

@ -6,30 +6,26 @@
with python3.pkgs;
buildPythonPackage rec {
pname = "mailman-web";
version = "0.0.8";
pname = "mailman_web";
version = "0.0.9";
disabled = pythonOlder "3.8";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-nN/L+X2Rvm6rqkscns4Tn2TAr59O5lCJObvcJp6M0+Q=";
hash = "sha256-3wnduej6xMQzrjGhGXQznfJud/Uoy3BDduukRJeahL8=";
};
postPatch = ''
# Django is depended on transitively by hyperkitty and postorius,
# and mailman_web has overly restrictive version bounds on it, so
# let's remove it.
sed -i '/^[[:space:]]*django/Id' setup.cfg
# Upstream seems to mostly target installing on top of existing
# distributions, and uses a path appropriate for that, but we are
# a distribution, so use a state directory appropriate for a
# distro package.
substituteInPlace mailman_web/settings/base.py \
--replace /opt/mailman/web /var/lib/mailman-web
--replace-fail /opt/mailman/web /var/lib/mailman-web
'';
nativeBuildInputs = [ setuptools-scm ];
nativeBuildInputs = [ pdm-backend ];
propagatedBuildInputs = [ hyperkitty postorius whoosh ];
# Tries to check runtime configuration.

6
pkgs/servers/mattermost/default.nix
View File

@ -12,13 +12,13 @@ buildGoModule rec {
# See https://docs.mattermost.com/upgrade/extended-support-release.html
# When a new ESR version is available (e.g. 8.1.x -> 9.5.x), update
# the version regex in passthru.updateScript as well.
version = "9.5.4";
version = "9.5.5";
src = fetchFromGitHub {
owner = "mattermost";
repo = "mattermost";
rev = "v${version}";
hash = "sha256-iuUTAdgJJDSvUwVmcggJ4ZMVbQ19ymuIaB0PDIgEIdg=";
hash = "sha256-ZaFXuYm9SEE9ARN5PG8vjt9WnNfGiALilGzjfnDP7aA=";
};
# Needed because buildGoModule does not support go workspaces yet.
@ -34,7 +34,7 @@ buildGoModule rec {
webapp = fetchurl {
url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz";
hash = "sha256-OVq+puaXPJGOmW9pcgX24LXBfYLzuczRY7KG2tQBY3Q=";
hash = "sha256-tgds8eTBeisuJcLgtx6zOiFUcVL1oU0LLbPqmh4SQUU=";
};
vendorHash = "sha256-TJCtgNf56A1U0EbV5gXjTro+YudVBRWiSZoBC3nJxnE=";

4
pkgs/servers/snac2/default.nix
View File

@ -10,14 +10,14 @@
stdenv.mkDerivation rec {
pname = "snac2";
version = "2.52";
version = "2.53";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "grunfink";
repo = pname;
rev = version;
hash = "sha256-2dDIbY6IaB53BbtNtzyOrigjzkGk7By2N2zZSuQhDAs=";
hash = "sha256-YSopopSJIcONw4utEBWhrfVglD5rTdf/rGNICFBHTvo=";
};
buildInputs = [ curl openssl ];

4
pkgs/shells/zsh/zsh-abbr/default.nix
View File

@ -5,13 +5,13 @@
}:
stdenv.mkDerivation rec {
pname = "zsh-abbr";
version = "5.6.0";
version = "5.7.1";
src = fetchFromGitHub {
owner = "olets";
repo = "zsh-abbr";
rev = "v${version}";
hash = "sha256-FcT1gk11a3nluP0sFMa5LoF7oT/MO4B1GdqdTdFxsLQ=";
hash = "sha256-2Uwo1gV732ZsSmJ6XU895Uqb5QOAQ2J1z85vufBv7nI=";
};
strictDeps = true;

6
pkgs/tools/admin/copilot-cli/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "copilot-cli";
version = "1.33.3";
version = "1.33.4";
src = fetchFromGitHub {
owner = "aws";
repo = pname;
rev = "v${version}";
hash = "sha256-WPPEox4NKFsVUpLkXawCK2QFwW1BAFaxQ85elvrneHo=";
hash = "sha256-sYsrjp23F/fyvNfLbJdZrptwNrZYespz8xMLYIwGfH0=";
};
vendorHash = "sha256-tVZ8TxJ77Qy+wn+O0otjZ6/VoKkav4OhNKWcrLhudgU=";
vendorHash = "sha256-GOr1l+4xDPm8ArqZpY0PshPeDnqYT+C4hgHGQkezBt8=";
nativeBuildInputs = [ installShellFiles ];

7
pkgs/tools/inputmethods/ibus-engines/ibus-mozc/default.nix
View File

@ -68,6 +68,13 @@ buildBazelPackage rec {
unzip bazel-bin/unix/mozc.zip -x "tmp/*" -d /
# create a desktop file for gnome-control-center
# copied from ubuntu
mkdir -p $out/share/applications
cp ${./ibus-setup-mozc-jp.desktop} $out/share/applications/ibus-setup-mozc-jp.desktop
substituteInPlace $out/share/applications/ibus-setup-mozc-jp.desktop \
--replace-fail "@mozc@" "$out"
runHook postInstall
'';

7
pkgs/tools/inputmethods/ibus-engines/ibus-mozc/ibus-setup-mozc-jp.desktop Normal file
View File

@ -0,0 +1,7 @@
[Desktop Entry]
Name=Mozc Setup
Exec=@mozc@/lib/mozc/mozc_tool --mode=config_dialog
Type=Application
StartupNotify=true
NoDisplay=true
X-Desktop-File-Install-Version=0.27

4
pkgs/tools/networking/openapi-generator-cli/default.nix
View File

@ -1,7 +1,7 @@
{ callPackage, lib, stdenv, fetchurl, jre, makeWrapper }:
let this = stdenv.mkDerivation (finalAttrs: {
version = "7.5.0";
version = "7.6.0";
pname = "openapi-generator-cli";
jarfilename = "${finalAttrs.pname}-${finalAttrs.version}.jar";
@ -12,7 +12,7 @@ let this = stdenv.mkDerivation (finalAttrs: {
src = fetchurl {
url = "mirror://maven/org/openapitools/${finalAttrs.pname}/${finalAttrs.version}/${finalAttrs.jarfilename}";
sha256 = "sha256-R+u9G+3a99++5SPnuHYjxuwbHUKWD74V9srS9kJsab8=";
sha256 = "sha256-NQdL3TzfxGvpqQLhGlSj+qPK4eNOtmy9lZ0cgHC719c=";
};
dontUnpack = true;

2
pkgs/top-level/all-packages.nix
View File

@ -29677,8 +29677,6 @@ with pkgs;
atlassian-cli = callPackage ../applications/office/atlassian-cli { };
pulsar = callPackage ../applications/editors/pulsar { };
asap = callPackage ../tools/audio/asap { };
aseprite = callPackage ../applications/editors/aseprite { };