dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
Emily 2024-10-10 01:23:20 +01:00
commit e694240f77
189 changed files with 17101 additions and 3254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.git-blame-ignore-revs
View File

@ -160,6 +160,9 @@ ad815aebfbfe1415ff6436521d545029c803c3fb
# nixos/nvidia: apply nixfmt-rfc-style (#313440)
fbdcdde04a7caa007e825a8b822c75fab9adb2d6
# treewide: reformat files which need reformatting after (#341407)
e0464e47880a69896f0fb1810f00e0de469f770a
# step-cli: format package.nix with nixfmt (#331629)
fc7a83f8b62e90de5679e993d4d49ca014ea013d

2
.gitattributes vendored
View File

@ -16,3 +16,5 @@ nixos/doc/default.nix linguist-documentation=false
nixos/modules/module-list.nix merge=union
# pkgs/top-level/all-packages.nix merge=union
ci/OWNERS linguist-language=CODEOWNERS

19
.github/OWNERS vendored
View File

@ -1,19 +0,0 @@
#
# Currently unused! Use CODEOWNERS for now, see workflows/codeowners.yml
#
####################
#
# This file is used to describe who owns what in this repository.
# Users/teams will get review requests for PRs that change their files.
#
# This file does not replace `meta.maintainers`
# but is instead used for other things than derivations and modules,
# like documentation, package sets, and other assets.
#
# This file uses the same syntax as the natively supported CODEOWNERS file,
# see https://help.github.com/articles/about-codeowners/ for documentation.
# However it comes with some notable differences:
# - There is no need for user/team listed here to have write access.
# - No reviews will be requested for PRs that target the wrong base branch.
#
# Processing of this file is implemented in workflows/codeowners.yml

12
.github/workflows/codeowners.yml vendored
View File

@ -13,13 +13,9 @@ on:
types: [opened, ready_for_review, synchronize, reopened, edited]
env:
# TODO: Once confirmed that this works by seeing that the action would request
# reviews from the same people (or refuse for wrong base branches),
# move all entries from CODEOWNERS to OWNERS and change this value here
# OWNERS_FILE: .github/OWNERS
OWNERS_FILE: .github/CODEOWNERS
# Also remove this
DRY_MODE: 1
OWNERS_FILE: ci/OWNERS
# Don't do anything on draft PRs
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
jobs:
# Check that code owners is valid
@ -84,5 +80,3 @@ jobs:
run: result/bin/request-reviews.sh ${{ github.repository }} ${{ github.event.number }} "$OWNERS_FILE"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
# Don't do anything on draft PRs
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}

47
CONTRIBUTING.md
View File

@ -193,19 +193,12 @@ The last checkbox is about whether it fits the guidelines in this `CONTRIBUTING.
[rebase]: #rebasing-between-branches-ie-from-master-to-staging
From time to time, changes between branches must be rebased, for example, if the
number of new rebuilds they would cause is too large for the target branch. When
rebasing, care must be taken to include only the intended changes, otherwise
many CODEOWNERS will be inadvertently requested for review. To achieve this,
rebasing should not be performed directly on the target branch, but on the merge
base between the current and target branch. As an additional precautionary measure,
you should temporarily mark the PR as draft for the duration of the operation.
This reduces the probability of mass-pinging people. (OfBorg might still
request a couple of persons for reviews though.)
number of new rebuilds they would cause is too large for the target branch.
In the following example, we assume that the current branch, called `feature`,
is based on `master`, and we rebase it onto the merge base between
`master` and `staging` so that the PR can eventually be retargeted to
`staging` without causing a mess. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
`master` and `staging` so that the PR can be retargeted to
`staging`. The example uses `upstream` as the remote for `NixOS/nixpkgs.git`
while `origin` is the remote you are pushing to.
@ -234,36 +227,6 @@ git status
git push origin feature --force-with-lease
```
#### Something went wrong and a lot of people were pinged
It happens. Remember to be kind, especially to new contributors.
There is no way back, so the pull request should be closed and locked
(if possible). The changes should be re-submitted in a new PR, in which the people
originally involved in the conversation need to manually be pinged again.
No further discussion should happen on the original PR, as a lot of people
are now subscribed to it.
The following message (or a version thereof) might be left when closing to
describe the situation, since closing and locking without any explanation
is kind of rude:
```markdown
It looks like you accidentally mass-pinged a bunch of people, which are now subscribed
and getting notifications for everything in this pull request. Unfortunately, they
cannot be automatically unsubscribed from the issue (removing review request does not
unsubscribe), therefore development cannot continue in this pull request anymore.
Please open a new pull request with your changes, link back to this one and ping the
people actually involved in here over there.
In order to avoid this in the future, there are instructions for how to properly
rebase between branches in our [contribution guidelines](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#rebasing-between-branches-ie-from-master-to-staging).
Setting your pull request to draft prior to rebasing is strongly recommended.
In draft status, you can preview the list of people that are about to be requested
for review, which allows you to sidestep this issue.
This is not a bulletproof method though, as OfBorg still does review requests even on draft PRs.
```
## How to backport pull requests
[pr-backport]: #how-to-backport-pull-requests
@ -637,7 +600,7 @@ Names of files and directories should be in lowercase, with dashes between words
```nix
{
buildInputs = lib.optional stdenv.isDarwin iconv;
buildInputs = lib.optional stdenv.hostPlatform.isDarwin iconv;
}
```
@ -645,7 +608,7 @@ Names of files and directories should be in lowercase, with dashes between words
```nix
{
buildInputs = if stdenv.isDarwin then [ iconv ] else null;
buildInputs = if stdenv.hostPlatform.isDarwin then [ iconv ] else null;
}
```

22
.github/CODEOWNERS → ci/OWNERS
View File

@ -1,22 +1,24 @@
# CODEOWNERS file
# This file is used to describe who owns what in this repository.
# Users/teams will get review requests for PRs that change their files.
#
# This file is used to describe who owns what in this repository. This file does not
# replace `meta.maintainers` but is instead used for other things than derivations
# and modules, like documentation, package sets, and other assets.
# This file does not replace `meta.maintainers`
# but is instead used for other things than derivations and modules,
# like documentation, package sets, and other assets.
#
# For documentation on this file, see https://help.github.com/articles/about-codeowners/
# Mentioned users will get code review requests.
# This file uses the same syntax as the natively supported CODEOWNERS file,
# see https://help.github.com/articles/about-codeowners/ for documentation.
# However it comes with some notable differences:
# - There is no need for user/team listed here to have write access.
# - No reviews will be requested for PRs that target the wrong base branch.
#
# IMPORTANT NOTE: in order to actually get pinged, commit access is required.
# This also holds true for GitHub teams. Since almost none of our teams have write
# permissions, you need to list all members of the team with commit access individually.
# Processing of this file is implemented in workflows/codeowners.yml
# CI
/.github/workflows @NixOS/Security @Mic92 @zowoq
/.github/workflows/check-nix-format.yml @infinisil
/.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron
/.github/workflows/codeowners.yml @infinisil
/.github/OWNERS @infinisil
/ci/OWNERS @infinisil
/ci @infinisil @philiptaron @NixOS/Security
# Development support

66
ci/request-reviews/get-reviewers.sh
View File

@ -10,16 +10,18 @@ log() {
echo "$@" >&2
}
if (( "$#" < 5 )); then
log "Usage: $0 GIT_REPO BASE_REF HEAD_REF OWNERS_FILE PR_AUTHOR"
if (( "$#" < 7 )); then
log "Usage: $0 GIT_REPO OWNERS_FILE BASE_REPO BASE_REF HEAD_REF PR_NUMBER PR_AUTHOR"
exit 1
fi
gitRepo=$1
baseRef=$2
headRef=$3
ownersFile=$4
prAuthor=$5
ownersFile=$2
baseRepo=$3
baseRef=$4
headRef=$5
prNumber=$6
prAuthor=$7
tmp=$(mktemp -d)
trap 'rm -rf "$tmp"' exit
@ -32,8 +34,8 @@ log "This PR touches ${#touchedFiles[@]} files"
# remove code owners to avoid pinging them
git -C "$gitRepo" show "$baseRef":"$ownersFile" > "$tmp"/codeowners
# Associative arrays with the team/user as the key for easy deduplication
declare -A teams users
# Associative array with the user as the key for easy de-duplication
declare -A users=()
for file in "${touchedFiles[@]}"; do
result=$(codeowners --file "$tmp"/codeowners "$file")
@ -59,10 +61,34 @@ for file in "${touchedFiles[@]}"; do
fi
# The first regex match is everything after the @
entry=${BASH_REMATCH[1]}
if [[ "$entry" =~ .*/(.*) ]]; then
# Teams look like $org/$team, where we only need $team for the API
# call to request reviews from teams
teams[${BASH_REMATCH[1]}]=
if [[ "$entry" =~ (.*)/(.*) ]]; then
# Teams look like $org/$team
org=${BASH_REMATCH[1]}
team=${BASH_REMATCH[2]}
# Instead of requesting a review from the team itself,
# we request reviews from the individual users.
# This is because once somebody from a team reviewed the PR,
# the API doesn't expose that the team was already requested for a review,
# so we wouldn't be able to avoid rerequesting reviews
# without saving some some extra state somewhere
# We could also consider implementing a more advanced heuristic
# in the future that e.g. only pings one team member,
# but escalates to somebody else if that member doesn't respond in time.
gh api \
--cache=1h \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/orgs/$org/teams/$team/members" \
--jq '.[].login' > "$tmp/team-members"
readarray -t members < "$tmp/team-members"
log "Team $entry has these members: ${members[*]}"
for user in "${members[@]}"; do
users[$user]=
done
else
# Everything else is a user
users[$entry]=
@ -77,11 +103,23 @@ if [[ -v users[$prAuthor] ]]; then
unset 'users[$prAuthor]'
fi
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/$baseRepo/pulls/$prNumber/reviews" \
--jq '.[].user.login' > "$tmp/already-reviewed-by"
# And we don't want to rerequest reviews from people who already reviewed
while read -r user; do
if [[ -v users[$user] ]]; then
log "User $user is a code owner but has already left a review, ignoring"
unset 'users[$user]'
fi
done < "$tmp/already-reviewed-by"
# Turn it into a JSON for the GitHub API call to request PR reviewers
jq -n \
--arg users "${!users[*]}" \
--arg teams "${!teams[*]}" \
'{
reviewers: $users | split(" "),
team_reviewers: $teams | split(" ")
}'

2
ci/request-reviews/request-reviews.sh
View File

@ -80,7 +80,7 @@ if ! "$SCRIPT_DIR"/verify-base-branch.sh "$tmp/nixpkgs.git" "$headRef" "$baseRep
fi
log "Getting code owners to request reviews from"
"$SCRIPT_DIR"/get-reviewers.sh "$tmp/nixpkgs.git" "$baseBranch" "$headRef" "$ownersFile" "$prAuthor" > "$tmp/reviewers.json"
"$SCRIPT_DIR"/get-reviewers.sh "$tmp/nixpkgs.git" "$ownersFile" "$baseRepo" "$baseBranch" "$headRef" "$prNumber" "$prAuthor" > "$tmp/reviewers.json"
log "Requesting reviews from: $(<"$tmp/reviewers.json")"

5
ci/request-reviews/verify-base-branch.sh
View File

@ -90,8 +90,9 @@ for testBranch in "${devBranches[@]}"; do
log -e "\e[33m"
echo "The PR's base branch is set to $baseBranch, but $extraCommits commits from the $testBranch branch are included. Make sure you know the [right base branch for your changes](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#branch-conventions), then:"
echo "- If the changes should go to the $testBranch branch, [change the base branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request) to $testBranch"
echo "- If the changes should go to the $baseBranch branch, rebase your PR onto the merge base with the $testBranch branch:"
echo " \`\`\`"
echo "- If the changes should go to the $baseBranch branch, rebase your PR onto the merge base with the $baseBranch branch:"
echo " \`\`\`bash"
echo " # git rebase --onto \$(git merge-base upstream/$baseBranch HEAD) \$(git merge-base upstream/$testBranch HEAD)"
echo " git rebase --onto $prMergeBase $testMergeBase"
echo " git push --force-with-lease"
echo " \`\`\`"

4
doc/languages-frameworks/beam.section.md
View File

@ -349,8 +349,8 @@ let
nodePackages.prettier
];
inputs = basePackages ++ lib.optionals stdenv.isLinux [ inotify-tools ]
++ lib.optionals stdenv.isDarwin
inputs = basePackages ++ lib.optionals stdenv.hostPlatform.isLinux [ inotify-tools ]
++ lib.optionals stdenv.hostPlatform.isDarwin
(with darwin.apple_sdk.frameworks; [ CoreFoundation CoreServices ]);
# define shell startup command

2
doc/languages-frameworks/emscripten.section.md
View File

@ -84,7 +84,7 @@ One advantage is that when `pkgs.zlib` is updated, it will automatically update
echo "================= /testing zlib using node ================="
'';
postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
postPatch = pkgs.lib.optionalString pkgs.stdenv.hostPlatform.isDarwin ''
substituteInPlace configure \
--replace-fail '/usr/bin/libtool' 'ar' \
--replace-fail 'AR="libtool"' 'AR="ar"' \

4
doc/languages-frameworks/perl.section.md
View File

@ -125,8 +125,8 @@ On Darwin, if a script has too many `-Idir` flags in its first line (its “sheb
hash = "sha256-vOhB/FwQMC8PPvdnjDvxRpU6jAZcC6GMQfc0AH4uwKg=";
};
nativeBuildInputs = lib.optional stdenv.isDarwin shortenPerlShebang;
postInstall = lib.optionalString stdenv.isDarwin ''
nativeBuildInputs = lib.optional stdenv.hostPlatform.isDarwin shortenPerlShebang;
postInstall = lib.optionalString stdenv.hostPlatform.isDarwin ''
shortenPerlShebang $out/bin/exiftool
'';
};

2
doc/languages-frameworks/python.section.md
View File

@ -1306,7 +1306,7 @@ for example:
] ++ lib.optionals (pythonAtLeast "3.8") [
# broken due to python3.8 async changes
"async"
] ++ lib.optionals stdenv.isDarwin [
] ++ lib.optionals stdenv.buildPlatform.isDarwin [
# can fail when building with other packages
"socket"
];

2
doc/stdenv/platform-notes.chapter.md
View File

@ -22,7 +22,7 @@ Some common issues when packaging software for Darwin:
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = lib.optional stdenv.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
makeFlags = lib.optional stdenv.hostPlatform.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
```

20
maintainers/maintainer-list.nix
View File

@ -668,6 +668,12 @@
githubId = 19290901;
name = "Andrew Brooks";
};
agilesteel = {
email = "agilesteel@gmail.com";
github = "agilesteel";
githubId = 1141462;
name = "Vladyslav Pekker";
};
aherrmann = {
email = "andreash87@gmx.ch";
github = "aherrmann";
@ -8239,6 +8245,13 @@
github = "hacker1024";
githubId = 20849728;
};
hadilq = {
name = "Hadi Lashkari Ghouchani";
email = "hadilq.dev@gmail.com";
github = "hadilq";
githubId = 5190539;
keys = [ { fingerprint = "AD3D 53CB A68A FEC0 8065 BCBB 416A D9E8 E372 C075"; } ];
};
hagl = {
email = "harald@glie.be";
github = "hagl";
@ -13923,6 +13936,13 @@
name = "Mark Vainomaa";
keys = [ { fingerprint = "DB43 2895 CF68 F0CE D4B7 EF60 DA01 5B05 B5A1 1B22"; } ];
};
mikut = {
email = "mikut@mikut.dev";
github = "Mikutut";
githubId = 65046942;
name = "Marcin Mikuła";
keys = [ { fingerprint = "5547 2A56 AC30 69C9 15C8 B98D 997F 71FA 1D74 6E37"; } ];
};
milahu = {
email = "milahu@gmail.com";
github = "milahu";

2
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -229,6 +229,8 @@
- `buildbot` was updated to 4.0, the AngularJS frontend has been replaced by a React frontend, see the [upstream release notes](https://docs.buildbot.net/current/manual/upgrading/4.0-upgrade.html).
- `headscale` has been updated to version 0.23.0 which reworked large parts of the configuration including DNS, Magic DNS prefixes and ACL policy files. See the [upstream changelog](https://github.com/juanfont/headscale/releases/tag/v0.23.0) for details.
- `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
- `systemd.enableUnifiedCgroupHierarchy` option has been removed.

1
nixos/modules/module-list.nix
View File

@ -1231,6 +1231,7 @@
./services/networking/syncthing.nix
./services/networking/tailscale.nix
./services/networking/tailscale-auth.nix
./services/networking/tailscale-derper.nix
./services/networking/tayga.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix

24
nixos/modules/services/misc/redmine.nix
View File

@ -436,6 +436,30 @@ in
TimeoutSec = "300";
WorkingDirectory = "${cfg.package}/share/redmine";
ExecStart="${bundle} exec rails server -u webrick -e production -b ${toString cfg.address} -p ${toString cfg.port} -P '${cfg.stateDir}/redmine.pid'";
AmbientCapabilities = "";
CapabilityBoundingSet = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = 027;
};
};

485
nixos/modules/services/networking/headscale.nix
View File

@ -3,25 +3,33 @@
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.services.headscale;
dataDir = "/var/lib/headscale";
runDir = "/run/headscale";
cliConfig = {
# Turn off update checks since the origin of our package
# is nixpkgs and not Github.
disable_check_updates = true;
unix_socket = "${runDir}/headscale.sock";
};
settingsFormat = pkgs.formats.yaml {};
configFile = settingsFormat.generate "headscale.yaml" cfg.settings;
cliConfigFile = settingsFormat.generate "headscale.yaml" cliConfig;
in {
options = {
services.headscale = {
enable = mkEnableOption "headscale, Open Source coordination server for Tailscale";
enable = lib.mkEnableOption "headscale, Open Source coordination server for Tailscale";
package = mkPackageOption pkgs "headscale" { };
package = lib.mkPackageOption pkgs "headscale" {};
user = mkOption {
user = lib.mkOption {
default = "headscale";
type = types.str;
type = lib.types.str;
description = ''
User account under which headscale runs.
@ -33,9 +41,9 @@ in {
'';
};
group = mkOption {
group = lib.mkOption {
default = "headscale";
type = types.str;
type = lib.types.str;
description = ''
Group under which headscale runs.
@ -47,8 +55,8 @@ in {
'';
};
address = mkOption {
type = types.str;
address = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = ''
Listening address of headscale.
@ -56,8 +64,8 @@ in {
example = "0.0.0.0";
};
port = mkOption {
type = types.port;
port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = ''
Listening port of headscale.
@ -65,18 +73,33 @@ in {
example = 443;
};
settings = mkOption {
settings = lib.mkOption {
description = ''
Overrides to {file}`config.yaml` as a Nix attribute set.
Check the [example config](https://github.com/juanfont/headscale/blob/main/config-example.yaml)
for possible options.
'';
type = types.submodule {
type = lib.types.submodule {
freeformType = settingsFormat.type;
imports = with lib; [
(mkAliasOptionModule ["acl_policy_path"] ["policy" "path"])
(mkAliasOptionModule ["db_host"] ["database" "postgres" "host"])
(mkAliasOptionModule ["db_name"] ["database" "postgres" "name"])
(mkAliasOptionModule ["db_password_file"] ["database" "postgres" "password_file"])
(mkAliasOptionModule ["db_path"] ["database" "sqlite" "path"])
(mkAliasOptionModule ["db_port"] ["database" "postgres" "port"])
(mkAliasOptionModule ["db_type"] ["database" "type"])
(mkAliasOptionModule ["db_user"] ["database" "postgres" "user"])
(mkAliasOptionModule ["dns_config" "base_domain"] ["dns" "base_domain"])
(mkAliasOptionModule ["dns_config" "domains"] ["dns" "search_domains"])
(mkAliasOptionModule ["dns_config" "magic_dns"] ["dns" "magic_dns"])
(mkAliasOptionModule ["dns_config" "nameservers"] ["dns" "nameservers" "global"])
];
options = {
server_url = mkOption {
type = types.str;
server_url = lib.mkOption {
type = lib.types.str;
default = "http://127.0.0.1:8080";
description = ''
The url clients will connect to.
@ -84,25 +107,49 @@ in {
example = "https://myheadscale.example.com:443";
};
private_key_path = mkOption {
type = types.path;
default = "${dataDir}/private.key";
description = ''
Path to private key file, generated automatically if it does not exist.
'';
};
noise.private_key_path = mkOption {
type = types.path;
noise.private_key_path = lib.mkOption {
type = lib.types.path;
default = "${dataDir}/noise_private.key";
description = ''
Path to noise private key file, generated automatically if it does not exist.
'';
};
prefixes = let
prefDesc = ''
Each prefix consists of either an IPv4 or IPv6 address,
and the associated prefix length, delimited by a slash.
It must be within IP ranges supported by the Tailscale
client - i.e., subnets of 100.64.0.0/10 and fd7a:115c:a1e0::/48.
'';
in {
v4 = lib.mkOption {
type = lib.types.str;
default = "100.64.0.0/10";
description = prefDesc;
};
v6 = lib.mkOption {
type = lib.types.str;
default = "fd7a:115c:a1e0::/48";
description = prefDesc;
};
allocation = lib.mkOption {
type = lib.types.enum ["sequential" "random"];
example = "random";
default = "sequential";
description = ''
Strategy used for allocation of IPs to nodes, available options:
- sequential (default): assigns the next free IP from the previous given IP.
- random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
'';
};
};
derp = {
urls = mkOption {
type = types.listOf types.str;
urls = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["https://controlplane.tailscale.com/derpmap/default"];
description = ''
List of urls containing DERP maps.
@ -110,8 +157,8 @@ in {
'';
};
paths = mkOption {
type = types.listOf types.path;
paths = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
List of file paths containing DERP maps.
@ -119,8 +166,8 @@ in {
'';
};
auto_update_enable = mkOption {
type = types.bool;
auto_update_enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to automatically update DERP maps on a set frequency.
@ -128,18 +175,26 @@ in {
example = false;
};
update_frequency = mkOption {
type = types.str;
update_frequency = lib.mkOption {
type = lib.types.str;
default = "24h";
description = ''
Frequency to update DERP maps.
'';
example = "5m";
};
server.private_key_path = lib.mkOption {
type = lib.types.path;
default = "${dataDir}/derp_server_private.key";
description = ''
Path to derp private key file, generated automatically if it does not exist.
'';
};
};
ephemeral_node_inactivity_timeout = mkOption {
type = types.str;
ephemeral_node_inactivity_timeout = lib.mkOption {
type = lib.types.str;
default = "30m";
description = ''
Time before an inactive ephemeral node is deleted.
@ -147,104 +202,100 @@ in {
example = "5m";
};
db_type = mkOption {
type = types.enum ["sqlite3" "postgres"];
example = "postgres";
default = "sqlite3";
description = "Database engine to use.";
};
db_host = mkOption {
type = types.nullOr types.str;
default = null;
example = "127.0.0.1";
description = "Database host address.";
};
db_port = mkOption {
type = types.nullOr types.port;
default = null;
example = 3306;
description = "Database host port.";
};
db_name = mkOption {
type = types.nullOr types.str;
default = null;
example = "headscale";
description = "Database name.";
};
db_user = mkOption {
type = types.nullOr types.str;
default = null;
example = "headscale";
description = "Database user.";
};
db_password_file = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/headscale-dbpassword";
description = ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
db_path = mkOption {
type = types.nullOr types.str;
default = "${dataDir}/db.sqlite";
description = "Path to the sqlite3 database file.";
};
log.level = mkOption {
type = types.str;
default = "info";
description = ''
headscale log level.
'';
example = "debug";
};
log.format = mkOption {
type = types.str;
default = "text";
description = ''
headscale log format.
'';
example = "json";
};
dns_config = {
nameservers = mkOption {
type = types.listOf types.str;
default = ["1.1.1.1"];
database = {
type = lib.mkOption {
type = lib.types.enum ["sqlite" "sqlite3" "postgres"];
example = "postgres";
default = "sqlite";
description = ''
List of nameservers to pass to Tailscale clients.
Database engine to use.
Please note that using Postgres is highly discouraged as it is only supported for legacy reasons.
All new development, testing and optimisations are done with SQLite in mind.
'';
};
override_local_dns = mkOption {
type = types.bool;
default = false;
description = ''
Whether to use [Override local DNS](https://tailscale.com/kb/1054/dns/).
'';
example = true;
sqlite = {
path = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = "${dataDir}/db.sqlite";
description = "Path to the sqlite3 database file.";
};
write_ahead_log = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable WAL mode for SQLite. This is recommended for production environments.
https://www.sqlite.org/wal.html
'';
example = true;
};
};
domains = mkOption {
type = types.listOf types.str;
default = [];
postgres = {
host = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "127.0.0.1";
description = "Database host address.";
};
port = lib.mkOption {
type = lib.types.nullOr lib.types.port;
default = null;
example = 3306;
description = "Database host port.";
};
name = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "headscale";
description = "Database name.";
};
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "headscale";
description = "Database user.";
};
password_file = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/headscale-dbpassword";
description = ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
};
};
log = {
level = lib.mkOption {
type = lib.types.str;
default = "info";
description = ''
Search domains to inject to Tailscale clients.
headscale log level.
'';
example = ["mydomain.internal"];
example = "debug";
};
magic_dns = mkOption {
type = types.bool;
format = lib.mkOption {
type = lib.types.str;
default = "text";
description = ''
headscale log format.
'';
example = "json";
};
};
dns = {
magic_dns = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
@ -253,8 +304,8 @@ in {
example = false;
};
base_domain = mkOption {
type = types.str;
base_domain = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
Defines the base domain to create the hostnames for MagicDNS.
@ -264,11 +315,30 @@ in {
`myhost.mynamespace.example.com`).
'';
};
nameservers = {
global = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
List of nameservers to pass to Tailscale clients.
'';
};
};
search_domains = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
Search domains to inject to Tailscale clients.
'';
example = ["mydomain.internal"];
};
};
oidc = {
issuer = mkOption {
type = types.str;
issuer = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
URL to OpenID issuer.
@ -276,33 +346,33 @@ in {
example = "https://openid.example.com";
};
client_id = mkOption {
type = types.str;
client_id = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
OpenID Connect client ID.
'';
};
client_secret_path = mkOption {
type = types.nullOr types.str;
client_secret_path = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
Path to OpenID Connect client secret file. Expands environment variables in format ''${VAR}.
'';
};
scope = mkOption {
type = types.listOf types.str;
scope = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["openid" "profile" "email"];
description = ''
Scopes used in the OIDC flow.
'';
};
extra_params = mkOption {
type = types.attrsOf types.str;
default = { };
extra_params = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {};
description = ''
Custom query parameters to send with the Authorize Endpoint request.
'';
@ -311,27 +381,27 @@ in {
};
};
allowed_domains = mkOption {
type = types.listOf types.str;
default = [ ];
allowed_domains = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
'';
example = [ "example.com" ];
example = ["example.com"];
};
allowed_users = mkOption {
type = types.listOf types.str;
default = [ ];
allowed_users = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = ''
Users allowed to authenticate even if not in allowedDomains.
'';
example = [ "alice@example.com" ];
example = ["alice@example.com"];
};
strip_email_domain = mkOption {
type = types.bool;
strip_email_domain = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether the domain part of the email address should be removed when generating namespaces.
@ -339,16 +409,16 @@ in {
};
};
tls_letsencrypt_hostname = mkOption {
type = types.nullOr types.str;
tls_letsencrypt_hostname = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = "";
description = ''
Domain name to request a TLS certificate for.
'';
};
tls_letsencrypt_challenge_type = mkOption {
type = types.enum ["TLS-ALPN-01" "HTTP-01"];
tls_letsencrypt_challenge_type = lib.mkOption {
type = lib.types.enum ["TLS-ALPN-01" "HTTP-01"];
default = "HTTP-01";
description = ''
Type of ACME challenge to use, currently supported types:
@ -356,8 +426,8 @@ in {
'';
};
tls_letsencrypt_listen = mkOption {
type = types.nullOr types.str;
tls_letsencrypt_listen = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = ":http";
description = ''
When HTTP-01 challenge is chosen, letsencrypt must set up a
@ -366,28 +436,40 @@ in {
'';
};
tls_cert_path = mkOption {
type = types.nullOr types.path;
tls_cert_path = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Path to already created certificate.
'';
};
tls_key_path = mkOption {
type = types.nullOr types.path;
tls_key_path = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Path to key for already created certificate.
'';
};
acl_policy_path = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a file containing ACL policies.
'';
policy = {
mode = lib.mkOption {
type = lib.types.enum ["file" "database"];
default = "file";
description = ''
The mode can be "file" or "database" that defines
where the ACL policies are stored and read from.
'';
};
path = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
If the mode is set to "file", the path to a
HuJSON file containing ACL policies.
'';
};
};
};
};
@ -395,67 +477,49 @@ in {
};
};
imports = [
# TODO address + port = listen_addr
(mkRenamedOptionModule ["services" "headscale" "serverUrl"] ["services" "headscale" "settings" "server_url"])
(mkRenamedOptionModule ["services" "headscale" "privateKeyFile"] ["services" "headscale" "settings" "private_key_path"])
(mkRenamedOptionModule ["services" "headscale" "derp" "urls"] ["services" "headscale" "settings" "derp" "urls"])
(mkRenamedOptionModule ["services" "headscale" "derp" "paths"] ["services" "headscale" "settings" "derp" "paths"])
imports = with lib; [
(mkRenamedOptionModule ["services" "headscale" "derp" "autoUpdate"] ["services" "headscale" "settings" "derp" "auto_update_enable"])
(mkRenamedOptionModule ["services" "headscale" "derp" "paths"] ["services" "headscale" "settings" "derp" "paths"])
(mkRenamedOptionModule ["services" "headscale" "derp" "updateFrequency"] ["services" "headscale" "settings" "derp" "update_frequency"])
(mkRenamedOptionModule ["services" "headscale" "derp" "urls"] ["services" "headscale" "settings" "derp" "urls"])
(mkRenamedOptionModule ["services" "headscale" "ephemeralNodeInactivityTimeout"] ["services" "headscale" "settings" "ephemeral_node_inactivity_timeout"])
(mkRenamedOptionModule ["services" "headscale" "database" "type"] ["services" "headscale" "settings" "db_type"])
(mkRenamedOptionModule ["services" "headscale" "database" "path"] ["services" "headscale" "settings" "db_path"])
(mkRenamedOptionModule ["services" "headscale" "database" "host"] ["services" "headscale" "settings" "db_host"])
(mkRenamedOptionModule ["services" "headscale" "database" "port"] ["services" "headscale" "settings" "db_port"])
(mkRenamedOptionModule ["services" "headscale" "database" "name"] ["services" "headscale" "settings" "db_name"])
(mkRenamedOptionModule ["services" "headscale" "database" "user"] ["services" "headscale" "settings" "db_user"])
(mkRenamedOptionModule ["services" "headscale" "database" "passwordFile"] ["services" "headscale" "settings" "db_password_file"])
(mkRenamedOptionModule ["services" "headscale" "logLevel"] ["services" "headscale" "settings" "log" "level"])
(mkRenamedOptionModule ["services" "headscale" "dns" "nameservers"] ["services" "headscale" "settings" "dns_config" "nameservers"])
(mkRenamedOptionModule ["services" "headscale" "dns" "domains"] ["services" "headscale" "settings" "dns_config" "domains"])
(mkRenamedOptionModule ["services" "headscale" "dns" "magicDns"] ["services" "headscale" "settings" "dns_config" "magic_dns"])
(mkRenamedOptionModule ["services" "headscale" "dns" "baseDomain"] ["services" "headscale" "settings" "dns_config" "base_domain"])
(mkRenamedOptionModule ["services" "headscale" "openIdConnect" "issuer"] ["services" "headscale" "settings" "oidc" "issuer"])
(mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientId"] ["services" "headscale" "settings" "oidc" "client_id"])
(mkRenamedOptionModule ["services" "headscale" "openIdConnect" "clientSecretFile"] ["services" "headscale" "settings" "oidc" "client_secret_path"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "hostname"] ["services" "headscale" "settings" "tls_letsencrypt_hostname"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "challengeType"] ["services" "headscale" "settings" "tls_letsencrypt_challenge_type"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "httpListen"] ["services" "headscale" "settings" "tls_letsencrypt_listen"])
(mkRenamedOptionModule ["services" "headscale" "openIdConnect" "issuer"] ["services" "headscale" "settings" "oidc" "issuer"])
(mkRenamedOptionModule ["services" "headscale" "serverUrl"] ["services" "headscale" "settings" "server_url"])
(mkRenamedOptionModule ["services" "headscale" "tls" "certFile"] ["services" "headscale" "settings" "tls_cert_path"])
(mkRenamedOptionModule ["services" "headscale" "tls" "keyFile"] ["services" "headscale" "settings" "tls_key_path"])
(mkRenamedOptionModule ["services" "headscale" "aclPolicyFile"] ["services" "headscale" "settings" "acl_policy_path"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "challengeType"] ["services" "headscale" "settings" "tls_letsencrypt_challenge_type"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "hostname"] ["services" "headscale" "settings" "tls_letsencrypt_hostname"])
(mkRenamedOptionModule ["services" "headscale" "tls" "letsencrypt" "httpListen"] ["services" "headscale" "settings" "tls_letsencrypt_listen"])
(mkRemovedOptionModule ["services" "headscale" "openIdConnect" "domainMap"] ''
Headscale no longer uses domain_map. If you're using an old version of headscale you can still set this option via services.headscale.settings.oidc.domain_map.
'')
];
config = mkIf cfg.enable {
services.headscale.settings = {
listen_addr = mkDefault "${cfg.address}:${toString cfg.port}";
config = lib.mkIf cfg.enable {
services.headscale.settings = lib.mkMerge [
cliConfig
{
listen_addr = lib.mkDefault "${cfg.address}:${toString cfg.port}";
# Turn off update checks since the origin of our package
# is nixpkgs and not Github.
disable_check_updates = true;
unix_socket = "${runDir}/headscale.sock";
tls_letsencrypt_cache_dir = "${dataDir}/.cache";
};
tls_letsencrypt_cache_dir = "${dataDir}/.cache";
}
];
environment = {
# Setup the headscale configuration in a known path in /etc to
# allow both the Server and the Client use it to find the socket
# for communication.
etc."headscale/config.yaml".source = configFile;
# Headscale CLI needs a minimal config to be able to locate the unix socket
# to talk to the server instance.
etc."headscale/config.yaml".source = cliConfigFile;
systemPackages = [ cfg.package ];
systemPackages = [cfg.package];
};
users.groups.headscale = mkIf (cfg.group == "headscale") {};
users.groups.headscale = lib.mkIf (cfg.group == "headscale") {};
users.users.headscale = mkIf (cfg.user == "headscale") {
users.users.headscale = lib.mkIf (cfg.user == "headscale") {
description = "headscale user";
home = dataDir;
group = cfg.group;
@ -464,23 +528,20 @@ in {
systemd.services.headscale = {
description = "headscale coordination server for Tailscale";
wants = [ "network-online.target" ];
wants = ["network-online.target"];
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
restartTriggers = [configFile];
environment.GIN_MODE = "release";
script = ''
${optionalString (cfg.settings.db_password_file != null) ''
export HEADSCALE_DB_PASS="$(head -n1 ${escapeShellArg cfg.settings.db_password_file})"
${lib.optionalString (cfg.settings.database.postgres.password_file != null) ''
export HEADSCALE_DATABASE_POSTGRES_PASS="$(head -n1 ${lib.escapeShellArg cfg.settings.database.postgres.password_file})"
''}
exec ${cfg.package}/bin/headscale serve
exec ${lib.getExe cfg.package} serve --config ${configFile}
'';
serviceConfig = let
capabilityBoundingSet = ["CAP_CHOWN"] ++ optional (cfg.port < 1024) "CAP_NET_BIND_SERVICE";
capabilityBoundingSet = ["CAP_CHOWN"] ++ lib.optional (cfg.port < 1024) "CAP_NET_BIND_SERVICE";
in {
Restart = "always";
Type = "simple";
@ -525,5 +586,5 @@ in {
};
};
meta.maintainers = with maintainers; [kradalby misterio77];
meta.maintainers = with lib.maintainers; [kradalby misterio77];
}

132
nixos/modules/services/networking/tailscale-derper.nix Normal file
View File

@ -0,0 +1,132 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.tailscale.derper;
in
{
meta.maintainers = with lib.maintainers; [ SuperSandro2000 ];
options = {
services.tailscale.derper = {
enable = lib.mkEnableOption "Tailscale Derper. See upstream doc <https://tailscale.com/kb/1118/custom-derp-servers> how to configure it on clients";
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name under which the derper server is reachable.";
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to open the firewall for the specified port.
Derper requires the used ports to be opened, otherwise it doesn't work as expected.
'';
};
package = lib.mkPackageOption pkgs [
"tailscale"
"derper"
] { };
stunPort = lib.mkOption {
type = lib.types.port;
default = 3478;
description = ''
STUN port to listen on.
See online docs <https://tailscale.com/kb/1118/custom-derp-servers#prerequisites> on how to configure a different external port.
'';
};
port = lib.mkOption {
type = lib.types.port;
default = 8010;
description = "The port the derper process will listen on. This is not the port tailscale will connect to.";
};
verifyClients = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to verify clients against a locally running tailscale daemon if they are allowed to connect to this node or not.
'';
};
};
};
config = lib.mkIf cfg.enable {
networking.firewall = lib.mkIf cfg.openFirewall {
# port 80 and 443 are opened by nginx already
allowedUDPPorts = [ cfg.stunPort ];
};
services = {
nginx = {
enable = true;
upstreams.tailscale-derper = {
servers."127.0.0.1:${toString cfg.port}" = { };
extraConfig = ''
keepalive 64;
'';
};
virtualHosts."${cfg.domain}" = {
addSSL = true; # this cannot be forceSSL as derper sends some information over port 80, too.
locations."/" = {
proxyPass = "http://tailscale-derper";
proxyWebsockets = true;
extraConfig = ''
keepalive_timeout 0;
proxy_buffering off;
'';
};
};
};
tailscale.enable = lib.mkIf cfg.verifyClients true;
};
systemd.services.tailscale-derper = {
serviceConfig = {
ExecStart =
"${lib.getExe' cfg.package "derper"} -a :${toString cfg.port} -c /var/lib/derper/derper.key -hostname=${cfg.domain} -stun-port ${toString cfg.stunPort}"
+ lib.optionalString cfg.verifyClients " -verify-clients";
DynamicUser = true;
Restart = "always";
RestartSec = "5sec"; # don't crash loop immediately
StateDirectory = "derper";
Type = "simple";
CapabilityBoundingSet = [ "" ];
DeviceAllow = null;
LockPersonality = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
};
wantedBy = [ "multi-user.target" ];
};
};
}

8
nixos/modules/services/web-apps/node-red.nix
View File

@ -10,7 +10,7 @@ in
options.services.node-red = {
enable = mkEnableOption "the Node-RED service";
package = mkPackageOption pkgs [ "nodePackages" "node-red" ] { };
package = mkPackageOption pkgs [ "node-red" ] { };
openFirewall = mkOption {
type = types.bool;
@ -31,8 +31,8 @@ in
configFile = mkOption {
type = types.path;
default = "${cfg.package}/lib/node_modules/node-red/settings.js";
defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"'';
default = "${cfg.package}/lib/node_modules/node-red/packages/node_modules/node-red/settings.js";
defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/packages/node_modules/node-red/settings.js"'';
description = ''
Path to the JavaScript configuration file.
See <https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js>
@ -118,7 +118,7 @@ in
environment = {
HOME = cfg.userDir;
};
path = lib.optionals cfg.withNpmAndGcc [ pkgs.nodePackages.npm pkgs.gcc ];
path = lib.optionals cfg.withNpmAndGcc [ pkgs.nodejs pkgs.gcc ];
serviceConfig = mkMerge [
{
User = cfg.user;

23
nixos/modules/virtualisation/libvirtd.nix
View File

@ -301,6 +301,27 @@ in
'';
};
shutdownTimeout = mkOption {
type = types.ints.unsigned;
default = 300;
description = ''
Number of seconds we're willing to wait for a guest to shut down.
If parallel shutdown is enabled, this timeout applies as a timeout
for shutting down all guests on a single URI defined in the variable URIS.
If this is 0, then there is no time out (use with caution, as guests might not
respond to a shutdown request).
'';
};
startDelay = mkOption {
type = types.ints.unsigned;
default = 0;
description = ''
Number of seconds to wait between each guest start.
If set to 0, all guests will start up in parallel.
'';
};
allowedBridges = mkOption {
type = types.listOf types.str;
default = [ "virbr0" ];
@ -495,6 +516,8 @@ in
environment.ON_BOOT = "${cfg.onBoot}";
environment.ON_SHUTDOWN = "${cfg.onShutdown}";
environment.PARALLEL_SHUTDOWN = "${toString cfg.parallelShutdown}";
environment.SHUTDOWN_TIMEOUT = "${toString cfg.shutdownTimeout}";
environment.START_DELAY = "${toString cfg.startDelay}";
};
systemd.sockets.virtlogd = {

4
pkgs/applications/audio/ardour/default.nix
View File

@ -64,14 +64,14 @@
}:
stdenv.mkDerivation rec {
pname = "ardour";
version = "8.6";
version = "8.8";
# We can't use `fetchFromGitea` here, as attempting to fetch release archives from git.ardour.org
# result in an empty archive. See https://tracker.ardour.org/view.php?id=7328 for more info.
src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = version;
hash = "sha256-sMp24tjtX8fZJWc7dvb+9e6pEflT4ugoOZjDis6/3nM=";
hash = "sha256-S96hlk4M+38OjjF3T6lhDm3cBjN5t4y6EeYRmvAmVfE=";
};
bundledContent = fetchzip {

4
pkgs/applications/audio/sidplayfp/default.nix
View File

@ -16,13 +16,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "sidplayfp";
version = "2.9.0";
version = "2.10.0";
src = fetchFromGitHub {
owner = "libsidplayfp";
repo = "sidplayfp";
rev = "v${finalAttrs.version}";
hash = "sha256-07Pwh7qbw6Emr5+F89v9i2ARdSosukjjuarJ+uZR7xY=";
hash = "sha256-PT0WijNvcF7opTVxpj6oRb514Alz12gZCSMYa4bqyrY=";
};
strictDeps = true;

27
pkgs/applications/blockchains/monero-cli/default.nix
View File

@ -27,7 +27,7 @@
}:
let
# submodules
# submodules; revs are taken from monero repo's `/external` at the given monero version tag.
supercop = fetchFromGitHub {
owner = "monero-project";
repo = "supercop";
@ -37,12 +37,11 @@ let
trezor-common = fetchFromGitHub {
owner = "trezor";
repo = "trezor-common";
rev = "bc28c316d05bf1e9ebfe3d7df1ab25831d98d168";
hash = "sha256-F1Hf1WwHqXMd/5OWrdkpomszACTozDuC7DQXW3p6248=";
rev = "bff7fdfe436c727982cc553bdfb29a9021b423b0";
hash = "sha256-VNypeEz9AV0ts8X3vINwYMOgO8VpNmyUPC4iY3OOuZI=";
};
in
stdenv.mkDerivation rec {
pname = "monero-cli";
version = "0.18.3.4";
@ -111,14 +110,28 @@ stdenv.mkDerivation rec {
"-DCMAKE_CXX_FLAGS=-fpermissive"
];
outputs = [ "out" "source" ];
outputs = [
"out"
"source"
];
meta = {
description = "Private, secure, untraceable currency";
homepage = "https://getmonero.org/";
license = lib.licenses.bsd3;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [ rnhmjoj ];
platforms = with lib.platforms; linux;
# macOS/ARM has a working `monerod` (at least), but `monero-wallet-cli`
# segfaults on start after entering the wallet password, when built in release mode.
# Building the same revision in debug mode to root-cause the above problem doesn't work
# because of https://github.com/monero-project/monero/issues/9486
badPlatforms = [ "aarch64-darwin" ];
maintainers = with lib.maintainers; [
pmw
rnhmjoj
];
mainProgram = "monero-wallet-cli";
};
}

8
pkgs/applications/editors/qemacs/default.nix
View File

@ -10,13 +10,13 @@
stdenv.mkDerivation rec {
pname = "qemacs";
version = "6.1.1b";
version = "6.3.2";
src = fetchFromGitHub {
owner = "qemacs";
repo = "qemacs";
rev = "06b3d373bbcc52b51ccb438bf3cab38a49492ff0";
hash = "sha256-Z4BbA8W3bYdw+cHgI24r55OP1Olr3GwKLlfRxjy45i8=";
rev = "0e90c181078f3d85d0d44d985d541184223668e1";
hash = "sha256-3kq89CoUi9ocR0q2SqYF8S/xNgBpInC4f2d/dJg/nEM=";
};
postPatch = ''
@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
homepage = "https://bellard.org/qemacs/";
description = "Very small but powerful UNIX editor";
license = licenses.lgpl2Only;
license = licenses.mit;
maintainers = with maintainers; [ iblech ];
};
}

1
pkgs/applications/editors/vim/plugins/nvim-treesitter/overrides.nix
View File

@ -90,4 +90,5 @@ in
license = licenses.asl20;
maintainers = with maintainers; [ figsoda ];
};
nvimRequireCheck = "nvim-treesitter";
}

1096
pkgs/applications/editors/vim/plugins/overrides.nix
View File

File diff suppressed because it is too large Load Diff

2
pkgs/applications/editors/vscode/extensions/myriad-dreamin.tinymist/default.nix
View File

@ -11,7 +11,7 @@ vscode-utils.buildVscodeMarketplaceExtension {
name = "tinymist";
publisher = "myriad-dreamin";
inherit (tinymist) version;
hash = "sha256-PcCZkY1+ks9J5JaDJLVgiJuXgRxIvUZHI00gatjeVbA=";
hash = "sha256-CQVujtl1SFcUmEG7O1cvN2gr6v3kcWMMZz+oYEkclKI=";
};
nativeBuildInputs = [

12
pkgs/applications/editors/vscode/vscodium.nix
View File

@ -15,11 +15,11 @@ let
archive_fmt = if stdenv.hostPlatform.isDarwin then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "14pqi5l7zbkhpsl8hd7mqss4xkqnxf0f0h5bs710iadpcscgpndf";
x86_64-darwin = "10k4qgck48xh12xq80y8x3jf9qp5fn15n995mn8gbid39907ars0";
aarch64-linux = "0jk33jw5rj98qr6fhi4r3vz5f1673m5v1g28jdyn3prs20hp0msg";
aarch64-darwin = "1sw39iyz5m0hdy875b3ygzvpl7vz9j3d1w6fpmf30a3iyl3ndh66";
armv7l-linux = "1rjv5c85ffy5szxhf71kjmvxiahyyvx2dl6183v5q7apv9pa64hj";
x86_64-linux = "0wx0jjckyz2hxas3108m9l2nm8vlgxh8rc9g673g9a43zzg98prf";
x86_64-darwin = "1s56qd9ycqnm4fxg4c75cfjxy0hpn762f84l4gg2054yic7c3s2v";
aarch64-linux = "070wj6h5riv9vp73np9k9qk85y26wj22626jafvss0zjkdjrrhgh";
aarch64-darwin = "09pl31zplrixi828yxqyl1khyxp3mw4d3gsfrj1dz62rxbnahmq6";
armv7l-linux = "1sqidmzdyrxgskylhyi1xav7apq0f8ca9qz0g7svcy5jn1wk855f";
}.${system} or throwSystem;
sourceRoot = lib.optionalString (!stdenv.hostPlatform.isDarwin) ".";
@ -29,7 +29,7 @@ in
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.93.1.24256";
version = "1.94.0.24282";
pname = "vscodium";
executableName = "codium";

4
pkgs/applications/graphics/curtail/default.nix
View File

@ -20,14 +20,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "curtail";
version = "1.10.0";
version = "1.11.0";
format = "other";
src = fetchFromGitHub {
owner = "Huluti";
repo = "Curtail";
rev = "refs/tags/${version}";
sha256 = "sha256-xwpjyMMdjYMrd79/EzoNae4rQuq2VjwJRNoudNGD78E=";
sha256 = "sha256-bN901v2M644EN7tBKN9/kv12AE2XuIPjDSCoohfevFI=";
};
nativeBuildInputs = [

3
pkgs/applications/graphics/f3d/default.nix
View File

@ -80,5 +80,8 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ bcdarwin pbsds ];
platforms = with platforms; unix;
mainProgram = "f3d";
# error: use of undeclared identifier 'NSMenuItem'
# adding AppKit does not solve it
broken = with stdenv.hostPlatform; isDarwin && isx86_64;
};
}

14
pkgs/applications/misc/survex/default.nix
View File

@ -13,6 +13,7 @@
, perl
, pkg-config
, proj
, gdal
, python3
, wrapGAppsHook3
, wxGTK32
@ -20,21 +21,13 @@
stdenv.mkDerivation rec {
pname = "survex";
version = "1.4.3";
version = "1.4.11";
src = fetchurl {
url = "https://survex.com/software/${version}/${pname}-${version}.tar.gz";
hash = "sha256-7NtGTe9xNRPEvG9fQ2fC6htQLEMHfqGmBM2ezhi6oNM=";
hash = "sha256-Q+86sDfU3zYhRhnnO2rfzwmF3CmWPYcIf2VeQctIZ7Y=";
};
patches = [
# Fix cavern.tst to work with SOURCE_DATE_EPOCH set
(fetchpatch {
url = "https://github.com/ojwb/survex/commit/b1200a60be7bdea20ffebbd8bb15386041727fa6.patch";
hash = "sha256-OtFjqpU+u8XGy+PAHg2iea++b681p/Kl8YslisBs4sA=";
})
];
nativeBuildInputs = [
perl
pkg-config
@ -46,6 +39,7 @@ stdenv.mkDerivation rec {
ffmpeg
glib
proj
gdal
wxGTK32
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
Carbon

12
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -1,11 +1,11 @@
{
stable = {
chromedriver = {
hash_darwin = "sha256-cWY8P3D+PrIlbEdMYPp+4cFQZfOLbGeebC1Glg53Sx4=";
hash_darwin = "sha256-/0mBZCSNULvZSQ/irsQSgNPsuOSWiRRnJA/6ogHYeGk=";
hash_darwin_aarch64 =
"sha256-Tu11SCTlB+8/ao0uS7AbknB5WuvN+cw/gHiyL6xKH1o=";
hash_linux = "sha256-Da+xaXNNP8eRccq87LBxMb+2oXJ4WRGLdWoCAhG2yAQ=";
version = "129.0.6668.89";
"sha256-JWcYFYaaXM2KN6oSu7wwxztYPbhql2XYZlvL2ymKgwI=";
hash_linux = "sha256-odFoTWjDa9ilyOrQ0T+0xxedRD7YOe/s7xdAyyku74w=";
version = "129.0.6668.91";
};
deps = {
gn = {
@ -15,8 +15,8 @@
version = "2024-08-19";
};
};
hash = "sha256-+n9LjRLFvVB/pYkSrRCxln/Xn2paFyoY+mJGD73NtII=";
version = "129.0.6668.89";
hash = "sha256-LOZ9EPw7VgBNEV7Wxb8H5WfSYTTWOL8EDP91uCrZAsA=";
version = "129.0.6668.100";
};
ungoogled-chromium = {
deps = {

826
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
View File

File diff suppressed because it is too large Load Diff

20
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -5,10 +5,10 @@
{
firefox = buildMozillaMach rec {
pname = "firefox";
version = "131.0";
version = "131.0.2";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "324cbaadff4d19a18d56ca01ae7212ac8362e3f5933f3017a19b64c35d58606ace8bba3672790ecb48d4a849619cdc95701440701725e8eb2859d55f1e8d8e3c";
sha512 = "fb1a1179a8c62de975c93e1ac6f058cb5492e955bbb7ac2d4b83cdd14ba17bdb2450078bd6f626124b14542f3fda9514bea476aaa34ff4f5a2bee6b1625ec963";
};
extraPatches = [
@ -35,11 +35,11 @@
firefox-beta = buildMozillaMach rec {
pname = "firefox-beta";
version = "131.0b9";
version = "132.0b5";
applicationName = "Mozilla Firefox Beta";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "043f983a295fa27d3641f6db231da2e3a88d43609f9c1f4fbd0d98356ab902e802b20a81ae8bbf3812d8ae6776fd6ea557f19cc083f09aae42b8cd98424430dc";
sha512 = "7b9b3120ce3f5918bb0a6d385b23503ff2dbd0b6171d63ce6310eca43d252537b43cc79ace326d2e29611ae4fb06d815bcaefb63c6942d00e53277deeb0eba70";
};
meta = {
@ -64,13 +64,13 @@
firefox-devedition = buildMozillaMach rec {
pname = "firefox-devedition";
version = "131.0b9";
version = "132.0b5";
applicationName = "Mozilla Firefox Developer Edition";
requireSigning = false;
branding = "browser/branding/aurora";
src = fetchurl {
url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "f1f56bd121ecdf1f659ce85ea77a9b1abe983583081f6cadaaf4c57695148b481eed1ecfa7ac2d3449fbc1a0c8560a8a5665e309722a5fc5455df740cf639989";
sha512 = "3c2f028ae1d2ebf01a4fc341ee7f706bfdacb0c4dd2db2e3f24b42fe1e4e89f67a3827ad794c557c084a723272928264ae9e0bf67a4268078ebd8e4af1f97688";
};
meta = {
@ -96,10 +96,10 @@
firefox-esr-128 = buildMozillaMach rec {
pname = "firefox";
version = "128.3.0esr";
version = "128.3.1esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "3c6ef272c0fb653d030fe3f7f72aa0e1097b1c6759556166815cde15465330f988b3bc23df4b4eb753daee930edbb1ef72145273cb29d0952bd9d7c547050f9b";
sha512 = "c5c1a2e951e0dbb1259a0f77a26b8678bfa4a4c7e909f8fcd5c6d0f807625926824ed235e114d9bab5e289232efaaf4c6691764db64860161ebc9bece9200f0c";
};
meta = {
@ -125,11 +125,11 @@
firefox-esr-115 = (buildMozillaMach rec {
pname = "firefox-esr-115";
version = "115.16.0esr";
version = "115.16.1esr";
applicationName = "Mozilla Firefox ESR";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "b6f93ec3d6acac5df177253c65b833c017e65ed6e78e96ff029098443928d291f6f67164aedb83d80aa28ee9dee305086597798238d3330e35183030e53e3550";
sha512 = "eca42b3494fdab73e67d5c8e8b76520729adb75b5cad85172953dba56b225b0f05dcfea70fe8cc3e1bf1cd3d7103159cc20095d5480bb1b0e6d3ec90588988a8";
};
meta = {

3
pkgs/applications/networking/browsers/floorp/default.nix
View File

@ -57,6 +57,9 @@
maxSilent = 14400; # 4h, double the default of 7200s (c.f. #129212, #129115)
license = lib.licenses.mpl20;
mainProgram = "floorp";
knownVulnerabilities = [
"CVE-2024-9680"
];
};
tests = [ nixosTests.floorp ];
}).override

32
pkgs/applications/networking/browsers/ladybird/default.nix
View File

@ -4,7 +4,6 @@
, fetchzip
, fetchurl
, cacert
, tzdata
, unicode-emoji
, unicode-character-database
, cmake
@ -13,6 +12,7 @@
, curl
, libavif
, libjxl
, libpulseaudio
, libwebp
, libxcrypt
, python3
@ -29,16 +29,6 @@
}:
let
inherit (builtins) elemAt;
cldr_version = "45.0.0";
cldr-json = fetchzip {
url = "https://github.com/unicode-org/cldr-json/releases/download/${cldr_version}/cldr-${cldr_version}-json-modern.zip";
stripRoot = false;
hash = "sha256-BPDvYjlvJMudX/YlS7HrwKEABYx+1KzjiFlLYA5+Oew=";
postFetch = ''
echo -n ${cldr_version} > $out/version.txt
'';
};
unicode-idna = fetchurl {
url = "https://www.unicode.org/Public/idna/${unicode-character-database.version}/IdnaMappingTable.txt";
hash = "sha256-QCy9KF8flS/NCDS2NUHVT2nT2PG4+Fmb9xoaFJNfgsQ=";
@ -58,13 +48,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "ladybird";
version = "0-unstable-2024-09-21";
version = "0-unstable-2024-10-05";
src = fetchFromGitHub {
owner = "LadybirdWebBrowser";
repo = "ladybird";
rev = "44f672bacf6779f6bbe5972d84e210f953f14598";
hash = "sha256-Qku6W1kETOXQh8Kxn0wabe0Xc4gkpxrGbDFwIik34eY=";
rev = "077bc68a4cbf2d8c97abc818515a22471da42c99";
hash = "sha256-zlQEOk9rex9Evpc2+4q2e2QPwGd9kLOQ393DJPuwh7c=";
};
postPatch = ''
@ -77,19 +67,15 @@ stdenv.mkDerivation (finalAttrs: {
'';
preConfigure = ''
# Setup caches for LibLocale, LibUnicode, LibTimezone, LibTLS and LibGfx
# Setup caches for LibUnicode, LibTLS and LibGfx
# Note that the versions of the input data packages must match the
# expected version in the package's CMake.
# Check that the versions match
grep -F 'locale_version = "${cldr_version}"' Meta/gn/secondary/Userland/Libraries/LibLocale/BUILD.gn || (echo cldr_version mismatch && exit 1)
grep -F 'tzdb_version = "${tzdata.version}"' Meta/gn/secondary/Userland/Libraries/LibTimeZone/BUILD.gn || (echo tzdata.version mismatch && exit 1)
grep -F 'set(CACERT_VERSION "${cacert_version}")' Meta/CMake/ca_certificates_data.cmake || (echo cacert_version mismatch && exit 1)
mkdir -p build/Caches
ln -s ${cldr-json} build/Caches/CLDR
cp -r ${unicode-character-database}/share/unicode build/Caches/UCD
chmod +w build/Caches/UCD
cp ${unicode-emoji}/share/unicode/emoji/emoji-test.txt build/Caches/UCD
@ -97,10 +83,6 @@ stdenv.mkDerivation (finalAttrs: {
echo -n ${unicode-character-database.version} > build/Caches/UCD/version.txt
chmod -w build/Caches/UCD
mkdir build/Caches/TZDB
tar -xzf ${elemAt tzdata.srcs 0} -C build/Caches/TZDB
echo -n ${tzdata.version} > build/Caches/TZDB/version.txt
mkdir build/Caches/CACERT
cp ${cacert}/etc/ssl/certs/ca-bundle.crt build/Caches/CACERT/cacert-${cacert_version}.pem
echo -n ${cacert_version} > build/Caches/CACERT/version.txt
@ -134,6 +116,7 @@ stdenv.mkDerivation (finalAttrs: {
skia
woff2
] ++ lib.optional stdenv.hostPlatform.isLinux [
libpulseaudio.dev
qtwayland
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
AppKit
@ -151,9 +134,6 @@ stdenv.mkDerivation (finalAttrs: {
];
# FIXME: Add an option to -DENABLE_QT=ON on macOS to use Qt rather than Cocoa for the GUI
# FIXME: Add an option to enable PulseAudio rather than using Qt multimedia on non-macOS
env.NIX_CFLAGS_COMPILE = "-Wno-error";
postInstall = lib.optionalString stdenv.hostPlatform.isDarwin ''
mkdir -p $out/Applications $out/bin

10
pkgs/applications/networking/browsers/librewolf/src.json
View File

@ -1,11 +1,11 @@
{
"packageVersion": "130.0-3",
"packageVersion": "131.0.2-1",
"source": {
"rev": "130.0-3",
"sha256": "0ah6k4637fg3v3l13rk6bw6wxsx0mc41hvi9sld5psbl8l2kyk29"
"rev": "131.0.2-1",
"sha256": "1knx485kdjv8d0rn5ai1x1jp0403dvxz9m7lpim1y2d2ilyi26x7"
},
"firefox": {
"version": "130.0",
"sha512": "d0d11b38d9e02fa15298ec13336bb086668b4f36b3ce9ced218a265327fd4822b9fea4303402631947ea3c20490c414de87f8df3e7c23d2e02b70f0456b9af40"
"version": "131.0.2",
"sha512": "fb1a1179a8c62de975c93e1ac6f058cb5492e955bbb7ac2d4b83cdd14ba17bdb2450078bd6f626124b14542f3fda9514bea476aaa34ff4f5a2bee6b1625ec963"
}
}

4
pkgs/applications/networking/cluster/clusterctl/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "clusterctl";
version = "1.8.3";
version = "1.8.4";
src = fetchFromGitHub {
owner = "kubernetes-sigs";
repo = "cluster-api";
rev = "v${version}";
hash = "sha256-zvMjfaEq6EOWVqjVOoS2nb1fuGyEljcNVfTpAWUsiL8=";
hash = "sha256-a6IgPrGI6jA3rVWqGaVPuLxnCJ82SyxWdZZ6xd5DoNs=";
};
vendorHash = "sha256-0VVaD1vGIGezgkVCvIhNHmZqVFxFu4UcUUh0wuX2viw=";

4
pkgs/applications/networking/cluster/jx/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "jx";
version = "3.10.155";
version = "3.10.156";
src = fetchFromGitHub {
owner = "jenkins-x";
repo = "jx";
rev = "v${version}";
sha256 = "sha256-9dRYPeVWwJCbxkjPVI0B4FLaFNHRyGIdKd/ubJbP9tI=";
sha256 = "sha256-bN/sdKuf+JV4fD3g9Wgow94nLMa8qgWEO1UBZAKLBWk=";
};
vendorHash = "sha256-AIaZVkWdNj1Vsrv2k4B5lLE0lOFuiTD7lwS/DikmC14=";

4
pkgs/applications/networking/cluster/pachyderm/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "pachyderm";
version = "2.11.3";
version = "2.11.4";
src = fetchFromGitHub {
owner = "pachyderm";
repo = "pachyderm";
rev = "v${version}";
hash = "sha256-tn+wOd01zClMcANYTolXHTEMGohXGNnKbsZ5NA4kELc=";
hash = "sha256-8bNPUqJrhcTslclhCwNE9SIfTdBXoF14/GI5x+d3s64=";
};
vendorHash = "sha256-d2MSMucGMGGPLE0wh8Y27AUVPkeyOCkCa0JSPawYQmc=";

6
pkgs/applications/networking/protonmail-bridge/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "protonmail-bridge";
version = "3.13.0";
version = "3.14.0";
src = fetchFromGitHub {
owner = "ProtonMail";
repo = "proton-bridge";
rev = "v${version}";
hash = "sha256-rwESt2s/TCAFNkf+JwMa7sfYpRvMT8FoIii4EzR/Z6U=";
hash = "sha256-Pup+A637FvsX4dV0G7K/LMB4HCruh5BT1iu4tIXRI7I=";
};
vendorHash = "sha256-jmXh53KwzPvmu7RP1F1Ein9/EfJ5m/GGVAqjJVcEVsE=";
vendorHash = "sha256-I/OFpEa3aB+qDBS/sbX5WOgrlSyR7aZaQYrsaSVNAAk=";
nativeBuildInputs = [ pkg-config ];

4
pkgs/applications/radio/cloudlog/default.nix
View File

@ -8,13 +8,13 @@
stdenvNoCC.mkDerivation rec {
pname = "cloudlog";
version = "2.6.15";
version = "2.6.16";
src = fetchFromGitHub {
owner = "magicbug";
repo = "Cloudlog";
rev = version;
hash = "sha256-G+PnzyOG/HZ8I66BHdtK0GOUF7ATrTYpzM9sVaSjMDQ=";
hash = "sha256-1GdIC1vC/SG9duQkrOXIe24OyIwdLgeEiG7i+KYP8Cs=";
};
postPatch = ''

4
pkgs/applications/science/biology/delly/default.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "delly";
version = "1.2.9";
version = "1.3.1";
src = fetchFromGitHub {
owner = "dellytools";
repo = "delly";
rev = "v${finalAttrs.version}";
hash = "sha256-HeLqf/bUkZQJrW1LHl3XmecW3wS3QmjifoH34VNr3A4=";
hash = "sha256-RqiZzbFsj8g6kptpztW7EsYYzIyHgM9kOCIsq1PiPD8=";
};
postPatch = lib.optionalString stdenv.cc.isClang ''

6
pkgs/applications/terminal-emulators/rio/default.nix
View File

@ -55,16 +55,16 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "rio";
version = "0.1.16";
version = "0.1.17";
src = fetchFromGitHub {
owner = "raphamorim";
repo = "rio";
rev = "v${version}";
hash = "sha256-3OtPlaYkTPIF98CyaXWGZ/1msWHFdscqZXVviu0/O/o=";
hash = "sha256-10E7tIuix0BGKFbADLhcReRC01FXV/dBivJjfSe/X/c=";
};
cargoHash = "sha256-VpS3prTmAbWTd+gwAOA0BXso4gkcAFuhMZh8Go3Dlao=";
cargoHash = "sha256-yGOvY5+ThSey/k8ilTTC0CzaOIJtc4hDYmdrHJC3HyE=";
nativeBuildInputs = [
ncurses

1
pkgs/applications/version-management/git-credential-manager/default.nix
View File

@ -34,6 +34,7 @@ buildDotnetModule rec {
lib.optional withLibsecretSupport libsecret;
makeWrapperArgs = [
"--prefix PATH : ${lib.makeBinPath ([ git ] ++ lib.optionals withGpgSupport [ gnupg pass ])}"
"--inherit-argv0"
];
passthru = {

4
pkgs/applications/video/anilibria-winmaclinux/default.nix
View File

@ -18,13 +18,13 @@
mkDerivation rec {
pname = "anilibria-winmaclinux";
version = "2.2.19";
version = "2.2.20";
src = fetchFromGitHub {
owner = "anilibria";
repo = "anilibria-winmaclinux";
rev = version;
hash = "sha256-f4AlTfLTn0GvBj3ztpkNPc6BDlLsEtz/yE5F2WfjU8U=";
hash = "sha256-Tdrs8WFv3ZoDL3U34l+NQp+oVJ6qxlVFg4YfwBSYlVg=";
};
sourceRoot = "${src.name}/src";

8
pkgs/applications/virtualization/crosvm/default.nix
View File

@ -6,18 +6,18 @@
rustPlatform.buildRustPackage rec {
pname = "crosvm";
version = "127.0";
version = "128.1";
src = fetchgit {
url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";
rev = "8fdfed12c960850e9d5e809cfd2a40ce3bdd98d6";
hash = "sha256-W0zLYM91xoq9vURgYs2noc9F9RtvoXztIIHMx0HVK5g=";
rev = "57702acf01cbd0e560e058dc97d22378d0c49ecc";
hash = "sha256-lQStmmTxMC9Iq6vJxJMFIUUtaixJNGuBfAvBo9KKrjU=";
fetchSubmodules = true;
};
separateDebugInfo = true;
cargoHash = "sha256-nEJBRlwMqTahaIC9WdtoxGLVfc+U9sJ0ilzLhavcbD0=";
cargoHash = "sha256-qKCO9Rkk04HznExgYKJgpssZDjWfhsY2XOBifvtHFos=";
nativeBuildInputs = [
pkg-config protobuf python3 rustPlatform.bindgenHook wayland-scanner

16
pkgs/applications/window-managers/cage/default.nix
View File

@ -1,5 +1,4 @@
{ lib, stdenv, fetchFromGitHub
, substituteAll
, meson, ninja, pkg-config, wayland-scanner, scdoc, makeWrapper
, wlroots, wayland, wayland-protocols, pixman, libxkbcommon, xcbutilwm
, systemd, libGL, libX11, mesa
@ -9,24 +8,15 @@
stdenv.mkDerivation rec {
pname = "cage";
version = "0.1.5-unstable-2024-07-29";
version = "0.2.0";
src = fetchFromGitHub {
owner = "cage-kiosk";
repo = "cage";
rev = "d3fb99d6654325ec46277cfdb589f89316bed701";
hash = "sha256-WP0rWO9Wbs/09wTY8IlIUybnVUnwiNdXD9JgsoVG4rM=";
rev = "refs/tags/v${version}";
hash = "sha256-2SFtz62z0EF8cpFTC6wGi125MD4a5mkXqP/C+7fH+3g=";
};
patches = [
# TODO: Remove on next stable release.
(substituteAll {
src = ./inject-git-commit.patch;
gitCommit = lib.substring 0 7 src.rev;
gitBranch = "master";
})
];
depsBuildBuild = [
pkg-config
];

23
pkgs/applications/window-managers/cage/inject-git-commit.patch
View File

@ -1,23 +0,0 @@
diff --git a/meson.build b/meson.build
index 4c0cbe280f..d4479741c8 100644
--- a/meson.build
+++ b/meson.build
@@ -68,14 +68,12 @@
version = '@0@'.format(meson.project_version())
git = find_program('git', native: true, required: false)
-if git.found()
- git_commit = run_command([git, 'rev-parse', '--short', 'HEAD'], check: false)
- git_branch = run_command([git, 'rev-parse', '--abbrev-ref', 'HEAD'], check: false)
- if git_commit.returncode() == 0 and git_branch.returncode() == 0
+if true
+ if true
version = '@0@-@1@ (branch \'@2@\')'.format(
meson.project_version(),
- git_commit.stdout().strip(),
- git_branch.stdout().strip(),
+ '@gitCommit@'.strip(),
+ '@gitBranch@'.strip(),
)
endif
endif

64
pkgs/applications/window-managers/hyprwm/hyprpicker/default.nix
View File

@ -1,63 +1,53 @@
{ lib
, stdenv
, fetchFromGitHub
, pkg-config
, cmake
, ninja
, cairo
, fribidi
, libGL
, libdatrie
, libjpeg
, libselinux
, libsepol
, libthai
, libxkbcommon
, pango
, pcre
, util-linux
, wayland
, wayland-protocols
, wayland-scanner
, libXdmcp
, debug ? false
{
lib,
stdenv,
fetchFromGitHub,
nix-update-script,
pkg-config,
cmake,
cairo,
hyprutils,
hyprwayland-scanner,
libGL,
libjpeg,
libxkbcommon,
pango,
wayland,
wayland-protocols,
wayland-scanner,
libXdmcp,
debug ? false,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "hyprpicker" + lib.optionalString debug "-debug";
version = "0.3.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "hyprwm";
repo = "hyprpicker";
rev = "v${finalAttrs.version}";
hash = "sha256-BYQF1zM6bJ44ag9FJ0aTSkhOTY9U7uRdp3SmRCs5fJM=";
hash = "sha256-gu26MSYbTlRLMUpZ9PeYXtqqhzPDQXxEDkjiJgwzIIc=";
};
cmakeBuildType = if debug then "Debug" else "Release";
nativeBuildInputs = [
cmake
ninja
hyprwayland-scanner
pkg-config
];
buildInputs = [
cairo
fribidi
hyprutils
libGL
libdatrie
libjpeg
libselinux
libsepol
libthai
libxkbcommon
pango
pcre
wayland
wayland-protocols
wayland-scanner
libXdmcp
util-linux
];
postInstall = ''
@ -65,11 +55,13 @@ stdenv.mkDerivation (finalAttrs: {
install -Dm644 $src/LICENSE -t $out/share/licenses/hyprpicker
'';
meta = with lib; {
passthru.updateScript = nix-update-script { };
meta = {
description = "Wlroots-compatible Wayland color picker that does not suck";
homepage = "https://github.com/hyprwm/hyprpicker";
license = licenses.bsd3;
maintainers = with maintainers; [ fufexan ];
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ fufexan ];
platforms = wayland.meta.platforms;
mainProgram = "hyprpicker";
};

4
pkgs/by-name/al/alacarte/package.nix
View File

@ -17,14 +17,14 @@
}:
python3.pkgs.buildPythonApplication rec {
pname = "alacarte";
version = "3.52.0";
version = "3.54.0";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "GNOME";
repo = "alacarte";
rev = version;
hash = "sha256-SkolSk6RireH3aKkRTUCib/nflqD02PR9uVtXePRHQY=";
hash = "sha256-btqSlO0vM4fmoBcxh3mshv0t2oZSxm8Vr26UvH5fVvE=";
};
format = "other";

12
pkgs/by-name/as/astro-language-server/package.nix
View File

@ -2,22 +2,22 @@
lib,
stdenv,
fetchFromGitHub,
pnpm_8,
pnpm,
nodejs_22,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "astro-language-server";
version = "2.14.2";
version = "2.15.0";
src = fetchFromGitHub {
owner = "withastro";
repo = "language-tools";
rev = "@astrojs/language-server@${finalAttrs.version}";
hash = "sha256-4GaLyaRUN9qS2U7eSzASB6fSQY2+fWtgfb54uuHjuh4=";
hash = "sha256-2MaoW04mX016VIrtfnBX/jzMNCOXE10lSInSyhqot5E=";
};
pnpmDeps = pnpm_8.fetchDeps {
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs)
pname
version
@ -25,12 +25,12 @@ stdenv.mkDerivation (finalAttrs: {
pnpmWorkspace
prePnpmInstall
;
hash = "sha256-q9a4nFPRhR6W/PT1l/Q1799iDmI+WTsudUP8rb8e97g=";
hash = "sha256-zCCDlwsKPZQVEYrv85WcMY2JlWgz0tD6iHLSJg1RkRU=";
};
nativeBuildInputs = [
nodejs_22
pnpm_8.configHook
pnpm.configHook
];
buildInputs = [ nodejs_22 ];

2
pkgs/by-name/au/authentik/package.nix
View File

@ -70,7 +70,7 @@ let
openapi-generator-cli generate -i ./schema.yml \
-g typescript-fetch -o $out \
-c ./scripts/api-ts-config.yaml \
--additional-properties=npmVersion=${nodejs.pkgs.npm.version} \
--additional-properties=npmVersion="$(${lib.getExe' nodejs "npm"} --version)" \
--git-repo-id authentik --git-user-id goauthentik
runHook postBuild
'';

28
pkgs/by-name/az/azure-cli/extensions-manual.nix
View File

@ -31,6 +31,33 @@
meta.maintainers = with lib.maintainers; [ katexochen ];
};
azure-iot = mkAzExtension rec {
pname = "azure-iot";
description = "The Azure IoT extension for Azure CLI.";
version = "0.25.0";
url = "https://github.com/Azure/azure-iot-cli-extension/releases/download/v${version}/azure_iot-${version}-py3-none-any.whl";
sha256 = "7db4bc07667efa8472513d9e121fb2551fcaeae68255c7bc0768ad4177c1b1c6";
propagatedBuildInputs = (
with python3Packages;
[
azure-core
azure-identity
azure-iot-device
azure-mgmt-core
azure-storage-blob
jsonschema
msrest
msrestazure
packaging
tomli
tomli-w
tqdm
treelib
]
);
meta.maintainers = with lib.maintainers; [ mikut ];
};
containerapp = mkAzExtension rec {
pname = "containerapp";
version = "1.0.0b1";
@ -83,7 +110,6 @@
propagatedBuildInputs = with python3Packages; [ azure-core ];
meta.maintainers = with lib.maintainers; [ katexochen ];
};
}
// lib.optionalAttrs config.allowAliases {
# Removed extensions

46
pkgs/by-name/ba/bacon/package.nix Normal file
View File

@ -0,0 +1,46 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
darwin,
versionCheckHook,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "bacon";
version = "3.0.0";
src = fetchFromGitHub {
owner = "Canop";
repo = "bacon";
rev = "refs/tags/v${version}";
hash = "sha256-fSlakjZbY8jrFkCqVxPr3UKwf1Oq4yPhLmVbzsksSeg=";
};
cargoHash = "sha256-WT0uXmchhapss3AU4+e2wA3nBVjzikfRNRyAvQnpJfY=";
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
darwin.apple_sdk.frameworks.CoreServices
];
nativeInstallCheckInputs = [
versionCheckHook
];
versionCheckProgramArg = [ "--version" ];
doInstallCheck = true;
passthru = {
updateScript = nix-update-script { };
};
meta = {
description = "Background rust code checker";
mainProgram = "bacon";
homepage = "https://github.com/Canop/bacon";
changelog = "https://github.com/Canop/bacon/blob/v${version}/CHANGELOG.md";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [ FlorianFranzen ];
};
}

26
pkgs/tools/networking/boundary/default.nix → pkgs/by-name/bo/boundary/package.nix
View File

@ -1,8 +1,12 @@
{ stdenv, lib, fetchzip }:
{
stdenv,
lib,
fetchzip,
}:
stdenv.mkDerivation rec {
pname = "boundary";
version = "0.15.4";
version = "0.17.1";
src =
let
@ -14,16 +18,17 @@ stdenv.mkDerivation rec {
x86_64-darwin = "darwin_amd64";
aarch64-darwin = "darwin_arm64";
};
sha256 = selectSystem {
x86_64-linux = "sha256-43Q69Pp5NLB4fITy2X8d0XHp5EX+gFLnwtHOontISoU=";
aarch64-linux = "sha256-z87peCBv50eJr/kiFWPZUOeb0WCN4X+0JnxCvn3lCXo=";
x86_64-darwin = "sha256-SAhlZNGq5rkNitKVd+EjLOeeTErhWg14tHFG4Bsexv8=";
aarch64-darwin = "sha256-2DJgOdgJY6eUR2sqWS47vNjdkQGXOEEsSXhZeUBZxxs=";
hash = selectSystem {
x86_64-linux = "sha256-U7ZCmpmcZpgLkf2jwc35Q9jezxUzaKp85WX2Tqs5IFI=";
aarch64-linux = "sha256-gYbeC+f/EXfhzUtwojjvyEATri1XpHpu+JPQtj4oRb4=";
x86_64-darwin = "sha256-N6Uy5JiU9mW1/muHYF6Rf1KLX1iXYt/5ct1IHeFUgds=";
aarch64-darwin = "sha256-Oxfzy/9ggcJXS+tXiYmJXSiqbMKw4vv9RMquUuOlJ08=";
};
in
fetchzip {
url = "https://releases.hashicorp.com/boundary/${version}/boundary_${version}_${suffix}.zip";
inherit sha256;
inherit hash;
stripRoot = false;
};
dontConfigure = true;
@ -64,7 +69,10 @@ stdenv.mkDerivation rec {
'';
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.bsl11;
maintainers = with maintainers; [ jk techknowlogick ];
maintainers = with maintainers; [
jk
techknowlogick
];
platforms = platforms.unix;
mainProgram = "boundary";
};

27
pkgs/tools/networking/boundary/update.sh → pkgs/by-name/bo/boundary/update.sh Executable file → Normal file
View File

@ -4,21 +4,18 @@
set -euo pipefail
ROOT="$(dirname "$(readlink -f "$0")")"
NIX_DRV="$ROOT/default.nix"
NIX_DRV="$ROOT/package.nix"
if [ ! -f "$NIX_DRV" ]; then
echo "ERROR: cannot find default.nix in $ROOT"
echo "ERROR: cannot find package.nix in $ROOT"
exit 1
fi
fetch_arch() {
VER="$1"; ARCH="$2"
URL="https://releases.hashicorp.com/boundary/${VER}/boundary_${VER}_${ARCH}.zip"
nix-prefetch "{ stdenv, fetchzip }:
stdenv.mkDerivation rec {
pname = \"boundary\"; version = \"${VER}\";
src = fetchzip { url = \"$URL\"; };
}
"
function calc_hash () {
local version=$1
local arch=$2
url="https://releases.hashicorp.com/boundary/${version}/boundary_${version}_${arch}.zip"
zip_hash=$(nix-prefetch-url --unpack $url)
nix hash to-sri --type sha256 "$zip_hash"
}
replace_sha() {
@ -28,10 +25,10 @@ replace_sha() {
# https://releases.hashicorp.com/boundary/0.1.4/boundary_0.1.4_linux_amd64.zip
BOUNDARY_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/boundary/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
BOUNDARY_LINUX_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_amd64")
BOUNDARY_DARWIN_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "darwin_amd64")
BOUNDARY_LINUX_AARCH64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_arm64")
BOUNDARY_DARWIN_AARCH64_SHA256=$(fetch_arch "$BOUNDARY_VER" "darwin_arm64")
BOUNDARY_LINUX_X64_SHA256=$(calc_hash "$BOUNDARY_VER" "linux_amd64")
BOUNDARY_DARWIN_X64_SHA256=$(calc_hash "$BOUNDARY_VER" "darwin_amd64")
BOUNDARY_LINUX_AARCH64_SHA256=$(calc_hash "$BOUNDARY_VER" "linux_arm64")
BOUNDARY_DARWIN_AARCH64_SHA256=$(calc_hash "$BOUNDARY_VER" "darwin_arm64")
sed -i "s/version = \".*\"/version = \"$BOUNDARY_VER\"/" "$NIX_DRV"

6
pkgs/by-name/ci/circom/package.nix
View File

@ -5,16 +5,16 @@
rustPlatform.buildRustPackage rec {
pname = "circom";
version = "2.1.9";
version = "2.2.0";
src = fetchFromGitHub {
owner = "iden3";
repo = "circom";
rev = "v${version}";
hash = "sha256-l8204koaKTluYEvk6j9+MokdOqFCq2oExT5P2aW3kzc=";
hash = "sha256-OxfqbsxSIy0tLDMfDmdCZeMb2LCSG7I+Vm9RHb7tXFc=";
};
cargoHash = "sha256-M4FR/dPLIq1Ps0j1B69khmSl4uRE5wxN4dh3iuO/9A4=";
cargoHash = "sha256-KmUTlzRRmtD9vKJmh0MSUQxN8gz4qnp9fLs5Z0Lmypw=";
doCheck = false;
meta = with lib; {

4
pkgs/by-name/cp/cpu-x/package.nix
View File

@ -39,13 +39,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "cpu-x";
version = "5.0.4";
version = "5.1.0";
src = fetchFromGitHub {
owner = "X0rg";
repo = "CPU-X";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-8jJP0gxH3B6qLrhKNa4P9ZfSjxaXTeBB1+UuadflLQo=";
hash = "sha256-4wW8elGsU3EhDDMPxa5di01NlB0dJ8MN8TiaIBo2qxo=";
};
nativeBuildInputs = [

6
pkgs/by-name/de/delfin/package.nix
View File

@ -21,20 +21,20 @@
stdenv.mkDerivation rec {
pname = "delfin";
version = "0.4.6";
version = "0.4.7";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "avery42";
repo = "delfin";
rev = "v${version}";
hash = "sha256-kCPLfGeMsWAjNrtrxUeXaLv1ZkDCfhDl0HLwYDaoMTY=";
hash = "sha256-F4ipIOqMS42nXHRSRpzIlTh61g2xjpog7Zmxn6D29nE=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-LOW4Gm69e0Cyif3UuzYITy0GMGEgZOHURNxrsZRLdWo=";
hash = "sha256-ciw178jBwz4I6I1x6iI45RJ2ITw0JfukLWNyBmE3FZg=";
};
nativeBuildInputs = [

4
pkgs/by-name/ei/eiwd/package.nix
View File

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "eiwd";
version = "2.16-1";
version = "2.22-1";
src = fetchFromGitHub {
owner = "illiliti";
repo = "eiwd";
rev = finalAttrs.version;
hash = "sha256-TQA9aVdXGX2hje7lRQ8T9QDpSTYGpB5cIDlNYsUg/dM=";
hash = "sha256-rmkXR4RZbtD6lh8cGrHLWVGTw4fQqP9+Z9qaftG1ld0=";
fetchSubmodules = true;
};

52
pkgs/by-name/gi/git-identity/package.nix Normal file
View File

@ -0,0 +1,52 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
installShellFiles,
ronn,
nix-update-script,
}:
stdenvNoCC.mkDerivation rec {
pname = "git-identity";
version = "1.1.1";
src = fetchFromGitHub {
owner = "madx";
repo = "git-identity";
rev = "refs/tags/v${version}";
hash = "sha256-u4lIW0bntaKrVUwodXZ8ZwWxSZtLuhVSUAbIj8jjcLw=";
};
nativeBuildInputs = [
installShellFiles
ronn
];
buildPhase = ''
runHook preBuild
ronn --roff git-identity.1.ronn
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp git-identity $out/bin/git-identity
installManPage git-identity.1
installShellCompletion --cmd git-identity \
--bash git-identity.bash-completion \
--zsh git-identity.zsh-completion
runHook postInstall
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "Manage your identity in Git";
mainProgram = "git-identity";
homepage = "https://github.com/madx/git-identity";
license = lib.licenses.wtfpl;
maintainers = with lib.maintainers; [ mynacol ];
platforms = lib.platforms.all;
};
}

6
pkgs/by-name/gi/gitea/package.nix
View File

@ -33,18 +33,18 @@ let
};
in buildGoModule rec {
pname = "gitea";
version = "1.22.2";
version = "1.22.3";
src = fetchFromGitHub {
owner = "go-gitea";
repo = "gitea";
rev = "v${gitea.version}";
hash = "sha256-PwA23cbRgw5crzZmngDjAAIODMtguwBCqc9NqWMjF3o=";
hash = "sha256-F1vvyf/FE/OIfDjM0CCOef/cXy+GPA+8n1AypE0r6p8=";
};
proxyVendor = true;
vendorHash = "sha256-rMTKmztQNse/9CK1qFGWmSwqunwh918EvcuIHk6BSTY=";
vendorHash = "sha256-iKf4ozCBcTJQ6bm6dX4dd4buVMGNDVF+rLuYkb7Zxw8=";
outputs = [ "out" "data" ];

26
pkgs/by-name/go/go-licence-detector/package.nix Normal file
View File

@ -0,0 +1,26 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "go-licence-detector";
version = "0.7.0";
src = fetchFromGitHub {
owner = "elastic";
repo = "go-licence-detector";
rev = "v${version}";
hash = "sha256-43MyzEF7BZ7pcgzDvXx9SjXGHaLozmWkGWUO/yf6K98=";
};
vendorHash = "sha256-7vIP5pGFH6CbW/cJp+DiRg2jFcLFEBl8dQzUw1ogTTA=";
meta = with lib; {
description = "Detect licences in Go projects and generate documentation";
homepage = "https://github.com/elastic/go-licence-detector";
license = licenses.asl20;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

4
pkgs/by-name/hy/hypre/package.nix
View File

@ -7,13 +7,13 @@
stdenv.mkDerivation (finalAttrs: {
name = "hypre";
version = "2.31.0";
version = "2.32.0";
src = fetchFromGitHub {
owner = "hypre-space";
repo = "hypre";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-eFOyM3IzQUNm7cSnORA3NrKYotEBmLKC8mi+fcwPMQA=";
hash = "sha256-h16+nZ6+GfddfBJDF6sphuZ9Sff++PxW2R58XgJsnsI=";
};
sourceRoot = "${finalAttrs.src.name}/src";

99
pkgs/by-name/hy/hyprland/package.nix
View File

@ -1,10 +1,12 @@
{
lib,
stdenv,
stdenvAdapters,
fetchFromGitHub,
pkg-config,
makeWrapper,
cmake,
meson,
ninja,
aquamarine,
binutils,
@ -15,7 +17,6 @@
hyprlang,
hyprutils,
hyprwayland-scanner,
jq,
libGL,
libdrm,
libexecinfo,
@ -45,30 +46,52 @@
enableNvidiaPatches ? false,
}:
let
info = builtins.fromJSON (builtins.readFile ./info.json);
inherit (builtins)
foldl'
;
inherit (lib.asserts) assertMsg;
inherit (lib.attrsets) mapAttrsToList;
inherit (lib.lists)
concatLists
optionals
;
inherit (lib.strings)
makeBinPath
optionalString
mesonBool
mesonEnable
;
inherit (lib.trivial)
importJSON
;
info = importJSON ./info.json;
# possibility to add more adapters in the future, such as keepDebugInfo,
# which would be controlled by the `debug` flag
adapters = [
stdenvAdapters.useMoldLinker
];
customStdenv = foldl' (acc: adapter: adapter acc) stdenv adapters;
in
assert lib.assertMsg (!nvidiaPatches) "The option `nvidiaPatches` has been removed.";
assert lib.assertMsg (!enableNvidiaPatches) "The option `enableNvidiaPatches` has been removed.";
assert lib.assertMsg (!hidpiXWayland)
assert assertMsg (!nvidiaPatches) "The option `nvidiaPatches` has been removed.";
assert assertMsg (!enableNvidiaPatches) "The option `enableNvidiaPatches` has been removed.";
assert assertMsg (!hidpiXWayland)
"The option `hidpiXWayland` has been removed. Please refer https://wiki.hyprland.org/Configuring/XWayland";
stdenv.mkDerivation (finalAttrs: {
pname = "hyprland" + lib.optionalString debug "-debug";
version = "0.43.0";
customStdenv.mkDerivation (finalAttrs: {
pname = "hyprland" + optionalString debug "-debug";
version = "0.44.0";
src = fetchFromGitHub {
owner = "hyprwm";
repo = "hyprland";
fetchSubmodules = true;
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-+wE97utoDfhQP6AMdZHUmBeL8grbce/Jv2i5M+6AbaE=";
hash = "sha256-XgDhPx+tKs+2lyWM/ZqIHnMArd/c0LGmwAwu0EG1uJM=";
};
patches = [
# forces GCC to use -std=c++26 on CMake < 3.30
"${finalAttrs.src}/nix/stdcxx.patch"
];
postPatch = ''
# Fix hardcoded paths to /usr installation
sed -i "s#/usr#$out#" src/render/OpenGL.cpp
@ -93,13 +116,14 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = [
hyprwayland-scanner
jq
makeWrapper
cmake
meson
ninja
pkg-config
python3 # for udis86
wayland-scanner
# for udis86
cmake
python3
];
outputs = [
@ -108,7 +132,7 @@ stdenv.mkDerivation (finalAttrs: {
"dev"
];
buildInputs =
buildInputs = concatLists [
[
aquamarine
cairo
@ -129,32 +153,40 @@ stdenv.mkDerivation (finalAttrs: {
wayland-protocols
xorg.libXcursor
]
++ lib.optionals stdenv.hostPlatform.isBSD [ epoll-shim ]
++ lib.optionals stdenv.hostPlatform.isMusl [ libexecinfo ]
++ lib.optionals enableXWayland [
(optionals customStdenv.hostPlatform.isBSD [ epoll-shim ])
(optionals customStdenv.hostPlatform.isMusl [ libexecinfo ])
(optionals enableXWayland [
xorg.libxcb
xorg.libXdmcp
xorg.xcbutilerrors
xorg.xcbutilwm
xwayland
]
++ lib.optionals withSystemd [ systemd ];
])
(optionals withSystemd [ systemd ])
];
cmakeBuildType = if debug then "Debug" else "RelWithDebInfo";
mesonBuildType = if debug then "debugoptimized" else "release";
dontStrip = debug;
cmakeFlags = [
(lib.cmakeBool "NO_XWAYLAND" (!enableXWayland))
(lib.cmakeBool "LEGACY_RENDERER" legacyRenderer)
(lib.cmakeBool "NO_SYSTEMD" (!withSystemd))
mesonFlags = concatLists [
(mapAttrsToList mesonEnable {
"xwayland" = enableXWayland;
"legacy_renderer" = legacyRenderer;
"systemd" = withSystemd;
})
(mapAttrsToList mesonBool {
# PCH provides no benefits when building with Nix
"b_pch" = false;
"tracy_enable" = false;
})
];
postInstall = ''
${lib.optionalString wrapRuntimeDeps ''
${optionalString wrapRuntimeDeps ''
wrapProgram $out/bin/Hyprland \
--suffix PATH : ${
lib.makeBinPath [
makeBinPath [
binutils
pciutils
pkgconf
@ -163,9 +195,10 @@ stdenv.mkDerivation (finalAttrs: {
''}
'';
passthru.providedSessions = [ "hyprland" ];
passthru.updateScript = ./update.sh;
passthru = {
providedSessions = [ "hyprland" ];
updateScript = ./update.sh;
};
meta = {
homepage = "https://github.com/hyprwm/Hyprland";

38
pkgs/by-name/ki/kine/package.nix Normal file
View File

@ -0,0 +1,38 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "kine";
version = "0.13.2";
src = fetchFromGitHub {
owner = "k3s-io";
repo = "kine";
rev = "v${version}";
hash = "sha256-KMyO9zZvQFyRaMtQ/d2Zgg6pG1SFIYWkzZgSZIqhiOQ=";
};
vendorHash = "sha256-kbMwLNBPJwFbUSZdYiWWdIZM8fclHDnRnxTTIXTIuHU=";
ldflags = [
"-s"
"-w"
"-X github.com/k3s-io/kine/pkg/version.Version=v${version}"
"-X github.com/k3s-io/kine/pkg/version.GitCommit=unknown"
];
env = {
"CGO_CFLAGS" = "-DSQLITE_ENABLE_DBSTAT_VTAB=1 -DSQLITE_USE_ALLOCA=1";
};
meta = {
description = "Kine is an etcdshim that translates etcd API to RDMS";
homepage = "https://github.com/k3s-io/kine";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ techknowlogick ];
mainProgram = "kine";
};
}

4
pkgs/by-name/kn/knossosnet/package.nix
View File

@ -7,13 +7,13 @@
buildDotnetModule rec {
pname = "knossosnet";
version = "1.2.3";
version = "1.2.4";
src = fetchFromGitHub {
owner = "KnossosNET";
repo = "Knossos.NET";
rev = "v${version}";
hash = "sha256-5FNb+L+ABkR/ubSZXuV4hlzy6pIWEXaTXl4piNsmkmw=";
hash = "sha256-vlSiM6kskV4wfBZF7Rv5ICyqKG0Zhz/iU8kflYOaf0U=";
};
patches = [ ./targetframework.patch ];

45
pkgs/by-name/li/libblake3/package.nix Normal file
View File

@ -0,0 +1,45 @@
{
lib,
stdenv,
cmake,
fetchFromGitHub,
fetchpatch,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "libblake3";
version = "1.5.4";
src = fetchFromGitHub {
owner = "BLAKE3-team";
repo = "BLAKE3";
rev = "refs/tags/${finalAttrs.version}";
hash = "sha256-WatbhExS0j2neYsrfbNhYxrckLiXHwQBjctuowtQW+U=";
};
sourceRoot = finalAttrs.src.name + "/c";
patches = [
# Fix pkg-config for absolute CMAKE_INSTALL_*DIR
(fetchpatch {
url = "https://github.com/BLAKE3-team/BLAKE3/commit/aa3e8ec32a389461babde3789d6ac50ee3c38662.patch";
hash = "sha256-V8o85EnRoqYvatqYwdr7h2TBwSOSlKrqfJWPPkQhU+c=";
stripLen = 1;
})
];
nativeBuildInputs = [
cmake
];
meta = {
description = "Official C implementation of BLAKE3";
homepage = "https://github.com/BLAKE3-team/BLAKE3/tree/master/c";
license = with lib.licenses; [
asl20
cc0
];
maintainers = with lib.maintainers; [ fgaz ];
platforms = lib.platforms.all;
};
})

3
pkgs/by-name/li/librewolf-bin/package.nix
View File

@ -31,5 +31,8 @@ appimageTools.wrapType2 {
platforms = [ "x86_64-linux" ];
mainProgram = "librewolf";
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
knownVulnerabilities = [
"CVE-2024-9680"
];
};
}

22
pkgs/by-name/li/lilipod/package.nix
View File

@ -1,8 +1,11 @@
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
, stdenv
{
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
stdenv,
shadow,
util-linux,
}:
buildGoModule rec {
@ -18,8 +21,6 @@ buildGoModule rec {
vendorHash = null;
nativeBuildInputs = [ installShellFiles ];
buildPhase = ''
runHook preBuild
@ -44,13 +45,6 @@ buildGoModule rec {
runHook postInstall
'';
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd lilipod \
--bash <($out/bin/lilipod completion bash) \
--fish <($out/bin/lilipod completion fish) \
--zsh <($out/bin/lilipod completion zsh)
'';
meta = {
description = "Very simple (as in few features) container and image manager";
longDescription = ''

11
pkgs/servers/mediamtx/default.nix → pkgs/by-name/me/mediamtx/package.nix
View File

@ -15,26 +15,27 @@ in
buildGoModule rec {
pname = "mediamtx";
# check for hls.js version updates in internal/servers/hls/hlsjsdownloader/VERSION
version = "1.9.1";
version = "1.9.2";
src = fetchFromGitHub {
owner = "bluenviron";
repo = pname;
rev = "v${version}";
hash = "sha256-DCt0P0DHlWFAQ5i4+7U5+Q2XcCPlSZrlj+Ljcyg/Wj0=";
hash = "sha256-aHVSGyrLuLX/RYf1I1dDackmOeU3m24QcwBus4Uly0I=";
};
vendorHash = "sha256-YKNNQPEdO8K7Lpm/S86GKD3QcNcyvwZSrBspZJMJ78Y=";
vendorHash = "sha256-YpwbFCfI2kfmX3nI1G9OGUv5qpZ/JMis5VyUkqsESZA=";
postPatch = ''
cp ${hlsJs} internal/servers/hls/hls.min.js
echo "v${version}" > internal/core/VERSION
'';
subPackages = [ "." ];
# Tests need docker
doCheck = false;
ldflags = [ "-X github.com/bluenviron/mediamtx/internal/core.version=v${version}" ];
passthru.tests = {
inherit (nixosTests) mediamtx;
};

47
pkgs/tools/filesystems/mtdutils/default.nix → pkgs/by-name/mt/mtdutils/package.nix
View File

@ -1,17 +1,45 @@
{ lib, stdenv, fetchgit, autoreconfHook, pkg-config, cmocka, acl, libuuid, lzo, zlib, zstd }:
{
lib,
stdenv,
fetchgit,
autoreconfHook,
pkg-config,
cmocka,
acl,
libuuid,
lzo,
util-linux,
zlib,
zstd,
}:
stdenv.mkDerivation rec {
pname = "mtd-utils";
version = "2.2.0";
version = "2.2.1";
src = fetchgit {
url = "git://git.infradead.org/mtd-utils.git";
rev = "v${version}";
hash = "sha256-uYXzZnVL5PkyDAntH8YsocwmQ8tf1f0Vl78SdE2B+Oc=";
hash = "sha256-vGgBOKu+ClmyRZHQkAS8r/YJtZihr/oD/yj8V7DeAQ8=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ] ++ lib.optional doCheck cmocka;
buildInputs = [ acl libuuid lzo zlib zstd ];
nativeBuildInputs = [
autoreconfHook
pkg-config
] ++ lib.optional doCheck cmocka;
buildInputs = [
acl
libuuid
lzo
util-linux
zlib
zstd
];
postPatch = ''
substituteInPlace ubifs-utils/mount.ubifs \
--replace-fail "/bin/mount" "${util-linux}/bin/mount"
'';
enableParallelBuilding = true;
@ -20,13 +48,14 @@ stdenv.mkDerivation rec {
(lib.enableFeature doCheck "tests")
];
makeFlags = [
"AR:=$(AR)"
];
makeFlags = [ "AR:=$(AR)" ];
doCheck = stdenv.hostPlatform == stdenv.buildPlatform;
outputs = [ "out" "dev" ];
outputs = [
"out"
"dev"
];
postInstall = ''
mkdir -p $dev/lib

4
pkgs/by-name/mu/muffon/package.nix
View File

@ -7,10 +7,10 @@
let
pname = "muffon";
version = "2.0.3";
version = "2.1.0";
src = fetchurl {
url = "https://github.com/staniel359/muffon/releases/download/v${version}/muffon-${version}-linux-x86_64.AppImage";
hash = "sha256-2eLe/xvdWcOcUSE0D+pMOcOYCfFVEyKO13LiaJiZgX0=";
hash = "sha256-GT91MLjBWsbk9P5fsIxlYUNziAPsdvMSPq9bLL3rKDw=";
};
appimageContents = appimageTools.extractType2 { inherit pname src version; };
in

4
pkgs/by-name/mu/mullvad-browser/package.nix
View File

@ -90,7 +90,7 @@ let
++ lib.optionals mediaSupport [ ffmpeg ]
);
version = "13.5.6";
version = "13.5.7";
sources = {
x86_64-linux = fetchurl {
@ -102,7 +102,7 @@ let
"https://tor.eff.org/dist/mullvadbrowser/${version}/mullvad-browser-linux-x86_64-${version}.tar.xz"
"https://tor.calyxinstitute.org/dist/mullvadbrowser/${version}/mullvad-browser-linux-x86_64-${version}.tar.xz"
];
hash = "sha256-AayGWFfsdAK9Ku4J4nDolJxnQn0HhGeZeEf//9OspWA=";
hash = "sha256-Te6Cw3fUs4XGz07lL54bKUU9HYC5soaKFlbWGujd/oU=";
};
};

26
pkgs/by-name/my/mycelium/Cargo.lock generated
View File

@ -170,9 +170,9 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
[[package]]
name = "axum"
version = "0.7.6"
version = "0.7.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f43644eed690f5374f1af436ecd6aea01cd201f6fbdf0178adaf6907afb2cec"
checksum = "504e3947307ac8326a5437504c517c4b56716c9d98fac0028c2acc7ca47d70ae"
dependencies = [
"async-trait",
"axum-core",
@ -203,9 +203,9 @@ dependencies = [
[[package]]
name = "axum-core"
version = "0.4.4"
version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e6b8ba012a258d63c9adfa28b9ddcf66149da6f986c5b5452e629d5ee64bf00"
checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199"
dependencies = [
"async-trait",
"bytes",
@ -1182,9 +1182,9 @@ dependencies = [
[[package]]
name = "libc"
version = "0.2.158"
version = "0.2.159"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439"
checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
[[package]]
name = "libloading"
@ -1312,7 +1312,7 @@ dependencies = [
[[package]]
name = "mycelium"
version = "0.5.5"
version = "0.5.6"
dependencies = [
"aes-gcm",
"arc-swap",
@ -1347,7 +1347,7 @@ dependencies = [
[[package]]
name = "mycelium-api"
version = "0.5.5"
version = "0.5.6"
dependencies = [
"axum",
"base64 0.22.1",
@ -1360,7 +1360,7 @@ dependencies = [
[[package]]
name = "mycelium-cli"
version = "0.5.5"
version = "0.5.6"
dependencies = [
"base64 0.22.1",
"byte-unit",
@ -1377,7 +1377,7 @@ dependencies = [
[[package]]
name = "mycelium-metrics"
version = "0.5.5"
version = "0.5.6"
dependencies = [
"axum",
"mycelium",
@ -1388,7 +1388,7 @@ dependencies = [
[[package]]
name = "myceliumd"
version = "0.5.5"
version = "0.5.6"
dependencies = [
"base64 0.22.1",
"byte-unit",
@ -2064,9 +2064,9 @@ dependencies = [
[[package]]
name = "reqwest"
version = "0.12.7"
version = "0.12.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8f4955649ef5c38cc7f9e8aa41761d48fb9677197daea9984dc54f56aad5e63"
checksum = "f713147fbe92361e52392c73b8c9e48c04c6625bce969ef54dc901e58e042a7b"
dependencies = [
"base64 0.22.1",
"bytes",

4
pkgs/by-name/my/mycelium/package.nix
View File

@ -12,7 +12,7 @@
rustPlatform.buildRustPackage rec {
pname = "mycelium";
version = "0.5.5";
version = "0.5.6";
sourceRoot = "${src.name}/myceliumd";
@ -20,7 +20,7 @@ rustPlatform.buildRustPackage rec {
owner = "threefoldtech";
repo = "mycelium";
rev = "v${version}";
hash = "sha256-IfWS7U52pviRL8oySOjBYCogwqUqoMLmvtHFSjWghHg=";
hash = "sha256-Lv/k35mZCGc4u4E6fMAO5tGi5CmcPXEuSJUHh4iIDdQ=";
};
cargoLock = {

100
pkgs/by-name/nb/nbdkit/package.nix Normal file
View File

@ -0,0 +1,100 @@
{
stdenv,
testers,
fetchurl,
autoreconfHook,
makeWrapper,
pkg-config,
bash-completion,
gnutls,
libtool,
curl,
xz,
zlib-ng,
libssh,
libnbd,
lib,
cdrkit,
e2fsprogs,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "nbdkit";
version = "1.40.4";
src = fetchurl {
url = "https://download.libguestfs.org/nbdkit/${lib.versions.majorMinor finalAttrs.version}-stable/nbdkit-${finalAttrs.version}.tar.gz";
hash = "sha256-hGoc34F7eAvHjdQHxcquNJhpwpL5CLfv2DBZKVmpcpw=";
};
prePatch = ''
patchShebangs .
'';
strictDeps = true;
nativeBuildInputs = [
bash-completion
autoreconfHook
makeWrapper
pkg-config
e2fsprogs # for Autoconf: xorriso, mkisofs
cdrkit # for Autoconf: mke2fs
];
buildInputs = [
bash-completion
gnutls
libtool
curl
xz
zlib-ng
libssh
libnbd
e2fsprogs
];
configureFlags = [
"--enable-linuxdisk"
"--enable-floppy"
"--with-ext2"
"--with-curl"
"--with-iso"
"--with-ssh"
"--with-zlib"
"--with-libnbd"
"--disable-rust"
"--disable-golang"
"--disable-perl"
"--disable-ocaml"
"--disable-tcl"
"--disable-lua"
"--without-libguestfs"
"--disable-example4"
];
installFlags = [ "bashcompdir=$(out)/share/bash-completion/completions" ];
postInstall = ''
for bin in $out/bin/*; do
wrapProgram "$bin" \
--prefix PATH : "$out/bin:${
lib.makeBinPath [
e2fsprogs
cdrkit
]
}"
done
'';
passthru.tests.version = testers.testVersion { package = finalAttrs.finalPackage; };
meta = {
homepage = "https://gitlab.com/nbdkit/nbdkit";
description = "NBD server with stable plugin ABI and permissive license";
license = with lib.licenses; bsd3;
maintainers = with lib.maintainers; [ lukts30 ];
platforms = lib.platforms.unix;
mainProgram = "nbdkit";
};
})

84
pkgs/by-name/ni/nitrokey-storage-firmware/package.nix Normal file
View File

@ -0,0 +1,84 @@
{
lib,
stdenv,
fetchzip,
fetchFromGitHub,
}:
let
pname = "nitrokey-storage-firmware";
version = "0.57";
src = fetchFromGitHub {
owner = "Nitrokey";
repo = "nitrokey-storage-firmware";
rev = "V${version}";
hash = "sha256-u8IK57NVS/IOPIE3Ah/O8WuOIr0EY6AF1bEaeDgIBuk=";
};
toolchain = stdenv.mkDerivation (finalAttrs: {
pname = "avr32-toolchain";
version = "3.0.0.201009140852";
src = fetchzip {
url = "https://ww1.microchip.com/downloads/archive/avr32studio-ide-2.6.0.753-linux.gtk.x86_64.zip";
hash = "sha256-MwsaGyNqbO0lBy1rcczuvKOaGbO3f0V+j84sUCkRlxc=";
};
postPatch = ''
cp ${src}/pm_240.h plugins/com.atmel.avr.toolchains.linux.x86_64_${finalAttrs.version}/os/linux/x86_64/avr32/include/avr32/pm_231.h
'';
installPhase = ''
runHook preInstall
cp -r plugins/com.atmel.avr.toolchains.linux.x86_64_${finalAttrs.version}/os/linux/x86_64 $out
rm -r $out/avr $out/bin/avr-*
runHook postInstall
'';
meta = {
description = "AVR32 toolchain";
homepage = "https://web.archive.org/web/20210419192039/https://www.microchip.com/mplab/avr-support/avr-and-sam-downloads-archive";
# The zip does not explicitly say this,
# it only mentions the license(s) of AVR32 Studio.
# Because it is very clearly a fork of GCC 4.3.3,
# it should be licensed under GPLv2+
license = lib.licenses.gpl2Plus;
platforms = [ "x86_64-linux" ];
};
});
in
stdenv.mkDerivation {
inherit pname version src;
sourceRoot = "source/src";
postPatch = ''
substituteInPlace Makefile \
--replace-fail '$(shell git describe)' "V${version}"
'';
makeFlags = [
"CC=${toolchain}/bin/avr32-gcc"
"nitrokey-storage-V${version}-reproducible.hex"
];
enableParallelBuilding = true;
installPhase = ''
runHook preInstall
install -D nitrokey-storage-V${version}-reproducible.hex $out/nitrokey-storage-V${version}-reproducible.hex
runHook postInstall
'';
meta = {
description = "Firmware for the Nitrokey Storage device";
homepage = "https://github.com/Nitrokey/nitrokey-storage-firmware";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [
imadnyc
kiike
amerino
];
platforms = [ "x86_64-linux" ];
};
}

11921
pkgs/by-name/no/node-red/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

50
pkgs/by-name/no/node-red/package.nix Normal file
View File

@ -0,0 +1,50 @@
{
buildNpmPackage,
fetchFromGitHub,
jq,
lib,
nixosTests,
}:
buildNpmPackage rec {
pname = "node-red";
version = "4.0.3";
src = fetchFromGitHub {
owner = "node-red";
repo = "node-red";
rev = "refs/tags/${version}";
hash = "sha256-AiLGqpEUqvWpI+7cL7ZygT2mSCVt7zCUwEJXvRaiGT8=";
};
npmDepsHash = "sha256-ipUhco5Z+x2FYqLPdgMYJk4eXrIqn1BHidaYXXgujis=";
postPatch =
let
packageDir = "packages/node_modules/node-red";
in
''
ln -s ${./package-lock.json} package-lock.json
${lib.getExe jq} '. += {"bin": {"node-red": "${packageDir}/red.js", "node-red-pi": "${packageDir}/bin/node-red-pi"}}' package.json > package.json.tmp
mv package.json.tmp package.json
'';
makeCacheWritable = true;
passthru = {
tests = {
inherit (nixosTests) node-red;
};
updateScript = ./update.sh;
};
meta = {
changelog = "https://github.com/node-red/node-red/blob/${src.rev}/CHANGELOG.md";
description = "Low-code programming for event-driven applications";
homepage = "https://nodered.org/";
license = lib.licenses.asl20;
mainProgram = "node-red";
maintainers = with lib.maintainers; [ matthewcroughan ];
};
}

21
pkgs/by-name/no/node-red/update.sh Executable file
View File

@ -0,0 +1,21 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p curl nix-update prefetch-npm-deps nodejs jq gnused
set -eu -o pipefail
pushd "$(dirname "${BASH_SOURCE[0]}")"
tag=$(curl -sfL ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} https://api.github.com/repos/node-red/node-red/releases/latest | jq -r .tag_name)
curl -sfL ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} "https://github.com/node-red/node-red/raw/refs/tags/$tag/package.json" > package.json
rm package-lock.json
npm i --package-lock-only
npm_hash=$(prefetch-npm-deps package-lock.json)
sed -i "s|npmDepsHash = \".*\";|npmDepsHash = \"$npm_hash\";|" package.nix
rm package.json
popd
nix-update node-red --version "$tag"

4
pkgs/by-name/no/normaliz/package.nix
View File

@ -10,13 +10,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "normaliz";
version = "3.10.3";
version = "3.10.4";
src = fetchFromGitHub {
owner = "normaliz";
repo = "normaliz";
rev = "v${finalAttrs.version}";
hash = "sha256-9jN3EbYfWmir+pa4XuJpeT7CnQdhVU9pP8G11npIG00=";
hash = "sha256-qmbLgjAkLrW8rqFthK3H4n63zLVJ33Pe82V7yU1StOo=";
};
buildInputs = [

58
pkgs/by-name/nv/nvrh/package.nix Normal file
View File

@ -0,0 +1,58 @@
{
lib,
buildGoModule,
fetchFromGitHub,
versionCheckHook,
nix-update-script,
}:
buildGoModule rec {
pname = "nvrh";
version = "0.1.8";
src = fetchFromGitHub {
owner = "mikew";
repo = "nvrh";
rev = "refs/tags/v${version}";
hash = "sha256-a/TFSS4PeZWEYph4B8qDr4BJPY4CnHafvw07t1ytofo=";
};
postPatch = ''
substituteInPlace go.mod \
--replace-fail "go 1.23.1" "go 1.22.7"
'';
preBuild = ''
cp manifest.json src/
'';
vendorHash = "sha256-Ao2BrB6fUOw2uFziQWNKeVTZtIeoW0MP7aLyuI1J3ng=";
ldflags = [
"-s"
"-w"
];
postInstall = ''
mv $out/bin/src $out/bin/nvrh
'';
nativeInstallCheckInputs = [
versionCheckHook
];
versionCheckProgramArg = [ "--version" ];
doInstallCheck = true;
passthru = {
updateScript = nix-update-script { };
};
meta = {
description = "Aims to be similar to VSCode Remote, but for Neovim";
homepage = "https://github.com/mikew/nvrh";
changelog = "https://github.com/mikew/nvrh/blob/${src.rev}/CHANGELOG.md";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ GaetanLepage ];
mainProgram = "nvrh";
};
}

10
pkgs/by-name/op/openapi-changes/package.nix
View File

@ -1,19 +1,19 @@
{ lib
, buildGoModule
, buildGo123Module
, fetchFromGitHub
, git
, makeWrapper
}:
buildGoModule rec {
buildGo123Module rec {
pname = "openapi-changes";
version = "0.0.67";
version = "0.0.68";
src = fetchFromGitHub {
owner = "pb33f";
repo = pname;
rev = "v${version}";
hash = "sha256-SNH11z/0DeaYfGwBKW3iIeCVdlpcoZ1elIlgl+quWIY=";
hash = "sha256-v+THD4ZWnpeuxLfxaA4LUGdYV3X5rUKeCWq9HIub59Y=";
};
# this test requires the `.git` of the project to be present
@ -27,7 +27,7 @@ buildGoModule rec {
wrapProgram $out/bin/openapi-changes --prefix PATH : ${lib.makeBinPath [ git ]}
'';
vendorHash = "sha256-VtwIAP2+FZ6Vpexcb9O68WfJdsTMrJn5bDjkxDe69e4=";
vendorHash = "sha256-IiI+mSbJNEpM6rryGtAnGSOcY2RXnvqXTZmZ82L1HPc=";
meta = with lib; {
description = "World's sexiest OpenAPI breaking changes detector";

4
pkgs/by-name/op/openpgl/package.nix
View File

@ -8,13 +8,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "openpgl";
version = "0.5.0";
version = "0.7.0";
src = fetchFromGitHub {
owner = "OpenPathGuidingLibrary";
repo = "openpgl";
rev = "v${finalAttrs.version}";
hash = "sha256-dbHmGGiHQkU0KPpQYpY/o0uCWdb3L5namETdOcOREgs=";
hash = "sha256-HX3X1dmOazUUiYCqa6irpNm37YthB2YHb8u1P1qDHco=";
};
nativeBuildInputs = [

100
pkgs/by-name/os/osu-lazer-bin/package.nix Normal file
View File

@ -0,0 +1,100 @@
{
lib,
stdenv,
fetchurl,
fetchzip,
appimageTools,
makeWrapper,
}:
let
pname = "osu-lazer-bin";
version = "2024.1009.1";
src =
{
aarch64-darwin = fetchzip {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.app.Apple.Silicon.zip";
hash = "sha256-fH7cuk879nS8FDIZ8p29pg2aXLJUT+j6Emb39Y6FXq4=";
stripRoot = false;
};
x86_64-darwin = fetchzip {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.app.Intel.zip";
hash = "sha256-kIH+zlNaqMVbr8FVDiLUh19gfrFUDPGBvMOrZqkMZAE=";
stripRoot = false;
};
x86_64-linux = fetchurl {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
hash = "sha256-G7+Mr0Zd/p8XUVU5aG7KywvLD2hz2N37kEbm5rlghEw=";
};
}
.${stdenv.system} or (throw "osu-lazer-bin: ${stdenv.system} is unsupported.");
meta = {
description = "Rhythm is just a *click* away (AppImage version for score submission and multiplayer, and binary distribution for Darwin systems)";
homepage = "https://osu.ppy.sh";
license = with lib.licenses; [
mit
cc-by-nc-40
unfreeRedistributable # osu-framework contains libbass.so in repository
];
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
maintainers = with lib.maintainers; [
gepbird
stepbrobd
];
mainProgram = "osu!";
platforms = [
"aarch64-darwin"
"x86_64-darwin"
"x86_64-linux"
];
};
passthru.updateScript = ./update.sh;
in
if stdenv.hostPlatform.isDarwin then
stdenv.mkDerivation {
inherit
pname
version
src
meta
passthru
;
installPhase = ''
runHook preInstall
APP_DIR="$out/Applications"
mkdir -p "$APP_DIR"
cp -r . "$APP_DIR"
runHook postInstall
'';
}
else
appimageTools.wrapType2 {
inherit
pname
version
src
meta
passthru
;
extraPkgs = pkgs: with pkgs; [ icu ];
extraInstallCommands =
let
contents = appimageTools.extract { inherit pname version src; };
in
''
. ${makeWrapper}/nix-support/setup-hook
mv -v $out/bin/${pname} $out/bin/osu!
wrapProgram $out/bin/osu! \
--set OSU_EXTERNAL_UPDATE_PROVIDER 1
install -m 444 -D ${contents}/osu!.desktop -t $out/share/applications
for i in 16 32 48 64 96 128 256 512 1024; do
install -D ${contents}/osu!.png $out/share/icons/hicolor/''${i}x$i/apps/osu!.png
done
'';
}

6
pkgs/games/osu-lazer/update-bin.sh → pkgs/by-name/os/osu-lazer-bin/update.sh
View File

@ -3,16 +3,16 @@
set -eo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
bin_file="$(realpath ./bin.nix)"
bin_file="$(realpath ./package.nix)"
new_version="$(curl -s "https://api.github.com/repos/ppy/osu/releases?per_page=1" | jq -r '.[0].name')"
old_version="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./bin.nix)"
old_version="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./package.nix)"
if [[ "$new_version" == "$old_version" ]]; then
echo "Already up to date."
exit 0
fi
cd ../../..
cd ../../../..
echo "Updating osu-lazer-bin from $old_version to $new_version..."
sed -Ei.bak '/ *version = "/s/".+"/"'"$new_version"'"/' "$bin_file"

10
pkgs/games/osu-lazer/deps.nix → pkgs/by-name/os/osu-lazer/deps.nix generated
View File

@ -138,13 +138,13 @@
(fetchNuGet { pname = "ppy.ManagedBass.Fx"; version = "2022.1216.0"; hash = "sha256-VfIbFhCDsCRZW5bCbt8MSmE2kAlcKxxx6vdFOus4he8="; })
(fetchNuGet { pname = "ppy.ManagedBass.Mix"; version = "2022.1216.0"; hash = "sha256-qUEGJHoYfDvHrpuXdVaiSoV2iVVh9X0yEB41u96+q6A="; })
(fetchNuGet { pname = "ppy.ManagedBass.Wasapi"; version = "2022.1216.0"; hash = "sha256-HzhypEVJA+6h3aBB95zNeGbmzEIRc5435Eh9nYpjVkA="; })
(fetchNuGet { pname = "ppy.osu.Framework"; version = "2024.907.1"; hash = "sha256-h9wQPX7EP4b6+a7D/qU3qvSi05yp2rOj52nBmko1Y2o="; })
(fetchNuGet { pname = "ppy.osu.Framework"; version = "2024.1009.0"; hash = "sha256-aLZcnVYyrLMeaoz/Jt49m5Po5i814MvtcGcVOVu18ls="; })
(fetchNuGet { pname = "ppy.osu.Framework.NativeLibs"; version = "2024.809.1-nativelibs"; hash = "sha256-F7xd66bCEDgEjYgqmx21lYde+ebCsX/E2fuqWXH4xyU="; })
(fetchNuGet { pname = "ppy.osu.Framework.SourceGeneration"; version = "2023.720.0"; hash = "sha256-XXV/qBJ9vEVF15fcOlDyoJ8j47azuSJaXHEgsn3fOwA="; })
(fetchNuGet { pname = "ppy.osu.Game.Resources"; version = "2024.904.0"; hash = "sha256-x3et2Rnr90bdlFzR852Pt1EkW69/eQxlXciPNtFrN44="; })
(fetchNuGet { pname = "ppy.osu.Game.Resources"; version = "2024.1003.0"; hash = "sha256-aeY9jfvyC+GFovHs0b5SSGZHMOO5tMMplZQWIRxo9DA="; })
(fetchNuGet { pname = "ppy.osuTK.NS20"; version = "1.0.211"; hash = "sha256-Xu4uiYs1pqIXcBWeTBIc8OIqbLmH6MvaY6Dim4ZNikg="; })
(fetchNuGet { pname = "ppy.SDL2-CS"; version = "1.0.741-alpha"; hash = "sha256-sdX+MoMlIPUyi4yEUVHtqxKWF/VK04e2VaUavmgBEJU="; })
(fetchNuGet { pname = "ppy.SDL3-CS"; version = "2024.807.1"; hash = "sha256-9ppVYCkc43NIsfe9iKWlxd8elgECZqP+pRPT9ybxiAU="; })
(fetchNuGet { pname = "ppy.SDL3-CS"; version = "2024.916.0"; hash = "sha256-ioILyAlyMiaVVGYxoLzNH78Mlp1Dfbv5xKjDWtwCP8M="; })
(fetchNuGet { pname = "ppy.Veldrid"; version = "4.9.62-gca0239da6b"; hash = "sha256-mGlMQbp2/ewA7PzamEeMA1pbboC73iAIARhK4MPrwO4="; })
(fetchNuGet { pname = "ppy.Veldrid.MetalBindings"; version = "4.9.62-gca0239da6b"; hash = "sha256-8jkbU2QV4HV8RU1vnSNtP8kNEhDWbTb3Dr2cl8w/T6A="; })
(fetchNuGet { pname = "ppy.Veldrid.OpenGLBindings"; version = "4.9.62-gca0239da6b"; hash = "sha256-I81to2x5D4LlIJN80d5DbqcU0jPTVSPoc0tvL15YG6I="; })
@ -237,7 +237,7 @@
(fetchNuGet { pname = "System.IO.FileSystem"; version = "4.0.1"; hash = "sha256-4VKXFgcGYCTWVXjAlniAVq0dO3o5s8KHylg2wg2/7k0="; })
(fetchNuGet { pname = "System.IO.FileSystem"; version = "4.3.0"; hash = "sha256-vNIYnvlayuVj0WfRfYKpDrhDptlhp1pN8CYmlVd2TXw="; })
(fetchNuGet { pname = "System.IO.FileSystem.Primitives"; version = "4.3.0"; hash = "sha256-LMnfg8Vwavs9cMnq9nNH8IWtAtSfk0/Fy4s4Rt9r1kg="; })
(fetchNuGet { pname = "System.IO.Packaging"; version = "8.0.0"; hash = "sha256-kBOaG1Y3te708l81mIig7YKl6wPbEIAQ9J8mzHUdO/A="; })
(fetchNuGet { pname = "System.IO.Packaging"; version = "8.0.1"; hash = "sha256-xf0BAfqQvITompBsvfpxiLts/6sRQEzdjNA3f/q/vY4="; })
(fetchNuGet { pname = "System.IO.Pipelines"; version = "7.0.0"; hash = "sha256-W2181khfJUTxLqhuAVRhCa52xZ3+ePGOLIPwEN8WisY="; })
(fetchNuGet { pname = "System.Linq"; version = "4.1.0"; hash = "sha256-ZQpFtYw5N1F1aX0jUK3Tw+XvM5tnlnshkTCNtfVA794="; })
(fetchNuGet { pname = "System.Linq"; version = "4.3.0"; hash = "sha256-R5uiSL3l6a3XrXSSL6jz+q/PcyVQzEAByiuXZNSqD/A="; })
@ -321,7 +321,7 @@
(fetchNuGet { pname = "System.Xml.ReaderWriter"; version = "4.3.0"; hash = "sha256-QQ8KgU0lu4F5Unh+TbechO//zaAGZ4MfgvW72Cn1hzA="; })
(fetchNuGet { pname = "System.Xml.XDocument"; version = "4.3.0"; hash = "sha256-rWtdcmcuElNOSzCehflyKwHkDRpiOhJJs8CeQ0l1CCI="; })
(fetchNuGet { pname = "TagLibSharp"; version = "2.3.0"; hash = "sha256-PD9bVZiPaeC8hNx2D+uDUf701cCaMi2IRi5oPTNN+/w="; })
(fetchNuGet { pname = "Velopack"; version = "0.0.598-g933b2ab"; hash = "sha256-i1VR1tZ+rNl8F4EL8x5OAdnqfIRuHmviTp19uPFi14A="; })
(fetchNuGet { pname = "Velopack"; version = "0.0.630-g9c52e40"; hash = "sha256-6dSuIl1HpqOaIPiCziQSgkDGiPf04q253ADYAo0rghA="; })
(fetchNuGet { pname = "Vortice.D3DCompiler"; version = "2.4.2"; hash = "sha256-LXdgts8lKbTU67c1W001XRbq5nenzf8XcYCRxc75jR8="; })
(fetchNuGet { pname = "Vortice.Direct3D11"; version = "2.4.2"; hash = "sha256-hU4qzLKhv4QxiP2c9s4IZUGgeQxsOjRhgurrlXXq/qM="; })
(fetchNuGet { pname = "Vortice.DirectX"; version = "2.4.2"; hash = "sha256-LOIxdET0ynaJz70fakVwDYU0qm+1P0SfD1+I9P320oc="; })

0
pkgs/games/osu-lazer/osu.runtimeconfig.json → pkgs/by-name/os/osu-lazer/osu.runtimeconfig.json
View File

66
pkgs/games/osu-lazer/default.nix → pkgs/by-name/os/osu-lazer/package.nix
View File

@ -1,30 +1,31 @@
{ lib
, stdenvNoCC
, buildDotnetModule
, fetchFromGitHub
, dotnetCorePackages
, makeDesktopItem
, copyDesktopItems
, makeWrapper
, ffmpeg
, alsa-lib
, SDL2
, lttng-ust
, numactl
, libglvnd
, xorg
, udev
{
lib,
stdenvNoCC,
buildDotnetModule,
fetchFromGitHub,
dotnetCorePackages,
makeDesktopItem,
copyDesktopItems,
makeWrapper,
ffmpeg,
alsa-lib,
SDL2,
lttng-ust,
numactl,
libglvnd,
xorg,
udev,
}:
buildDotnetModule rec {
pname = "osu-lazer";
version = "2024.906.2";
version = "2024.1009.1";
src = fetchFromGitHub {
owner = "ppy";
repo = "osu";
rev = version;
hash = "sha256-ykCO+q28IUJumt3nra1BUlwuXqLS1FYOqcDe2LPPGVY=";
hash = "sha256-odWTLvx41miFgn4O/EDzwm2pfWKxj4B1ieSfNS0hrW8=";
};
projectFile = "osu.Desktop/osu.Desktop.csproj";
@ -76,27 +77,32 @@ buildDotnetModule rec {
runHook postFixup
'';
desktopItems = [(makeDesktopItem {
desktopName = "osu!";
name = "osu";
exec = "osu!";
icon = "osu!";
comment = "Rhythm is just a *click* away (no score submission or multiplayer, see osu-lazer-bin)";
type = "Application";
categories = [ "Game" ];
})];
desktopItems = [
(makeDesktopItem {
desktopName = "osu!";
name = "osu";
exec = "osu!";
icon = "osu!";
comment = "Rhythm is just a *click* away (no score submission or multiplayer, see osu-lazer-bin)";
type = "Application";
categories = [ "Game" ];
})
];
passthru.updateScript = ./update.sh;
meta = with lib; {
meta = {
description = "Rhythm is just a *click* away (no score submission or multiplayer, see osu-lazer-bin)";
homepage = "https://osu.ppy.sh";
license = with licenses; [
license = with lib.licenses; [
mit
cc-by-nc-40
unfreeRedistributable # osu-framework contains libbass.so in repository
];
maintainers = with maintainers; [ gepbird thiagokokada ];
maintainers = with lib.maintainers; [
gepbird
thiagokokada
];
platforms = [ "x86_64-linux" ];
mainProgram = "osu!";
};

4
pkgs/games/osu-lazer/update.sh → pkgs/by-name/os/osu-lazer/update.sh
View File

@ -4,13 +4,13 @@ set -eo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
new_version="$(curl -s "https://api.github.com/repos/ppy/osu/releases?per_page=1" | jq -r '.[0].name')"
old_version="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./default.nix)"
old_version="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./package.nix)"
if [[ "$new_version" == "$old_version" ]]; then
echo "Up to date"
exit 0
fi
cd ../../..
cd ../../../..
if [[ "$1" != "--deps-only" ]]; then
update-source-version osu-lazer "$new_version"

6
pkgs/by-name/ov/overskride/package.nix
View File

@ -4,7 +4,7 @@
owner = "kaii-lb";
name = "overskride";
version = "0.6.0";
version = "0.6.1";
in rustPlatform.buildRustPackage {
@ -15,10 +15,10 @@ in rustPlatform.buildRustPackage {
inherit owner;
repo = name;
rev = "v${version}";
hash = "sha256-TbakYKYbVe8wEFOrfj97m2bdAb1BJ7zoi/lyYLobw/k=";
hash = "sha256-SqaPhub/HwZz7uBg/kevH8LvPDVLgRd/Rvi03ivNrRc=";
};
cargoHash = "sha256-p2PmcLoHfeRUEG2v33vVyiKBkOjpNDbVteSmH5R3RmI=";
cargoHash = "sha256-jSTCCPNPKPNVr3h8uZ21dP8Z7shbX+QmoWM/jk1qjfg=";
nativeBuildInputs = [
pkg-config

4
pkgs/by-name/pr/protonplus/package.nix
View File

@ -20,13 +20,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "protonplus";
version = "0.4.13";
version = "0.4.20";
src = fetchFromGitHub {
owner = "Vysp3r";
repo = "protonplus";
rev = "v${finalAttrs.version}";
hash = "sha256-eIW30Tl/vOLXlUXiN3lAcww7Ipkfshzilb9ntxjF8C0=";
hash = "sha256-nnobk1N+r1tLekc8CLiAULsEQFjgzoQQvRz3F8vVjzU=";
};
nativeBuildInputs = [

4
pkgs/by-name/ra/rasm/package.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "rasm";
version = "2.2.7";
version = "2.2.8";
src = fetchFromGitHub {
owner = "EdouardBERGE";
repo = "rasm";
rev = "v${version}";
hash = "sha256-X3GEQJdfw4znqVyUIi2teUkQZpOV5X1EpF5Zob9g8PI=";
hash = "sha256-L3kVwB6ZGw8HGqn2m60Grd3fwpTeRK8LeMtmNb4UjdQ=";
};
# by default the EXEC variable contains `rasm.exe`

6
pkgs/by-name/re/renode-dts2repl/package.nix
View File

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication {
pname = "renode-dts2repl";
version = "0-unstable-2024-09-27";
version = "0-unstable-2024-10-09";
pyproject = true;
src = fetchFromGitHub {
owner = "antmicro";
repo = "dts2repl";
rev = "9963f8eb0ef9d356b2d1bfa031c2e136ce4a5509";
hash = "sha256-RrKnLSBCtXUfdC9PNXddIAFFBbT39ZYxJJqYwKHYLP0=";
rev = "ada6afd90cc36ef3114ba81c057e48bfaa9b70e3";
hash = "sha256-8f1Vg1rRsavyX+7D8w6JZ0y0PWnYWXuETBPEd5aBKtA=";
};
nativeBuildInputs = [

4
pkgs/by-name/re/reposilite/package.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "Reposilite";
version = "3.5.17";
version = "3.5.18";
src = fetchurl {
url = "https://maven.reposilite.com/releases/com/reposilite/reposilite/${finalAttrs.version}/reposilite-${finalAttrs.version}-all.jar";
hash = "sha256-O2dDkjypTLRu3tWRLEQQSwgX53doTsTxGSEfA2k0hlI=";
hash = "sha256-Wc7VAUkM6c1BJLTg5GXY6nNtjDxi6I2ym14Tpc667Tw=";
};
dontUnpack = true;

6
pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix
View File

@ -7,13 +7,13 @@
stdenvNoCC.mkDerivation {
pname = "roddhjav-apparmor-rules";
version = "0-unstable-2024-09-27";
version = "0-unstable-2024-10-06";
src = fetchFromGitHub {
owner = "roddhjav";
repo = "apparmor.d";
rev = "a8c18f9b9418ac42922eee1e31b1e3c9f791c1dc";
hash = "sha256-LUHU6Buh+91b99pF7d8jqmAoYD1EmkKzsAOxiP7w3So=";
rev = "03b777340d4b17957c7533d20bc3f8fca5a6dff8";
hash = "sha256-qytv7haQj+xuRm5ks4rnyY0eu7i3Kv4X4gAsFLDvLSk=";
};
dontConfigure = true;

Some files were not shown because too many files have changed in this diff Show More