BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2023-11-27 12:01:31 +00:00 committed by GitHub
commit 3ebf92edfa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
36 changed files with 606 additions and 2320 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
lib/attrsets.nix
View file

@ -34,12 +34,20 @@ rec {
default:
# The nested attribute set to select values from
set:
let attr = head attrPath;
let
lenAttrPath = length attrPath;
attrByPath' = n: s: (
if n == lenAttrPath then s
else (
let
attr = elemAt attrPath n;
in
if s ? ${attr} then attrByPath' (n + 1) s.${attr}
else default
)
);
in
if attrPath == [] then set
else if set ? ${attr}
then attrByPath (tail attrPath) default set.${attr}
else default;
attrByPath' 0 set;
/* Return if an attribute from nested attribute set exists.
@ -58,13 +66,19 @@ rec {
attrPath:
# The nested attribute set to check
e:
let attr = head attrPath;
let
lenAttrPath = length attrPath;
hasAttrByPath' = n: s: (
n == lenAttrPath || (
let
attr = elemAt attrPath n;
in
if s ? ${attr} then hasAttrByPath' (n + 1) s.${attr}
else false
)
);
in
if attrPath == [] then true
else if e ? ${attr}
then hasAttrByPath (tail attrPath) e.${attr}
else false;
hasAttrByPath' 0 e;
/* Create a new attribute set with `value` set at the nested attribute location specified in `attrPath`.

13
nixos/modules/services/misc/sourcehut/default.nix
View file

@ -1,6 +1,15 @@
{ config, pkgs, lib, ... }:
with lib;
let
inherit (builtins) head tail;
inherit (lib) generators maintainers types;
inherit (lib.attrsets) attrValues filterAttrs mapAttrs mapAttrsToList recursiveUpdate;
inherit (lib.lists) flatten optional optionals;
inherit (lib.options) literalExpression mkEnableOption mkOption;
inherit (lib.strings) concatMapStringsSep concatStringsSep optionalString versionOlder;
inherit (lib.trivial) mapNullable;
inherit (lib.modules) mkBefore mkDefault mkForce mkIf mkMerge
mkRemovedOptionModule mkRenamedOptionModule;
inherit (config.services) nginx postfix postgresql redis;
inherit (config.users) users groups;
cfg = config.services.sourcehut;
@ -1369,5 +1378,5 @@ in
];
meta.doc = ./default.md;
meta.maintainers = with maintainers; [ tomberek ];
meta.maintainers = with maintainers; [ tomberek nessdoor ];
}

645
nixos/modules/services/misc/sourcehut/service.nix
View file

@ -3,117 +3,133 @@ srv:
, srvsrht ? "${srv}srht" # Because "buildsrht" does not follow that pattern (missing an "s").
, iniKey ? "${srv}.sr.ht"
, webhooks ? false
, extraTimers ? {}
, mainService ? {}
, extraServices ? {}
, extraConfig ? {}
, extraTimers ? { }
, mainService ? { }
, extraServices ? { }
, extraConfig ? { }
, port
}:
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib) types;
inherit (lib.attrsets) mapAttrs optionalAttrs;
inherit (lib.lists) optional;
inherit (lib.modules) mkBefore mkDefault mkForce mkIf mkMerge;
inherit (lib.options) mkEnableOption mkOption;
inherit (lib.strings) concatStringsSep hasSuffix optionalString;
inherit (config.services) postgresql;
redis = config.services.redis.servers."sourcehut-${srvsrht}";
inherit (config.users) users;
cfg = config.services.sourcehut;
configIni = configIniOfService srv;
srvCfg = cfg.${srv};
baseService = serviceName: { allowStripe ? false }: extraService: let
runDir = "/run/sourcehut/${serviceName}";
rootDir = "/run/sourcehut/chroots/${serviceName}";
baseService = serviceName: { allowStripe ? false }: extraService:
let
runDir = "/run/sourcehut/${serviceName}";
rootDir = "/run/sourcehut/chroots/${serviceName}";
in
mkMerge [ extraService {
after = [ "network.target" ] ++
optional cfg.postgresql.enable "postgresql.service" ++
optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
requires =
optional cfg.postgresql.enable "postgresql.service" ++
optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
path = [ pkgs.gawk ];
environment.HOME = runDir;
serviceConfig = {
User = mkDefault srvCfg.user;
Group = mkDefault srvCfg.group;
RuntimeDirectory = [
"sourcehut/${serviceName}"
# Used by *srht-keys which reads ../config.ini
"sourcehut/${serviceName}/subdir"
"sourcehut/chroots/${serviceName}"
];
RuntimeDirectoryMode = "2750";
# No need for the chroot path once inside the chroot
InaccessiblePaths = [ "-+${rootDir}" ];
# g+rx is for group members (eg. fcgiwrap or nginx)
# to read Git/Mercurial repositories, buildlogs, etc.
# o+x is for intermediate directories created by BindPaths= and like,
# as they're owned by root:root.
UMask = "0026";
RootDirectory = rootDir;
RootDirectoryStartOnly = true;
PrivateTmp = true;
MountAPIVFS = true;
# config.ini is looked up in there, before /etc/srht/config.ini
# Note that it fails to be set in ExecStartPre=
WorkingDirectory = mkDefault ("-"+runDir);
BindReadOnlyPaths = [
builtins.storeDir
"/etc"
"/run/booted-system"
"/run/current-system"
"/run/systemd"
] ++
optional cfg.postgresql.enable "/run/postgresql" ++
optional cfg.redis.enable "/run/redis-sourcehut-${srvsrht}";
# LoadCredential= are unfortunately not available in ExecStartPre=
# Hence this one is run as root (the +) with RootDirectoryStartOnly=
# to reach credentials wherever they are.
# Note that each systemd service gets its own ${runDir}/config.ini file.
ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "${serviceName}-credentials" ''
set -x
# Replace values beginning with a '<' by the content of the file whose name is after.
gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} |
${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"}
install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini
'')];
# The following options are only for optimizing:
# systemd-analyze security
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateNetwork = mkDefault false;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
#SocketBindAllow = [ "tcp:${toString srvCfg.port}" "tcp:${toString srvCfg.prometheusPort}" ];
#SocketBindDeny = "any";
SystemCallFilter = [
"@system-service"
"~@aio" "~@keyring" "~@memlock" "~@privileged" "~@timer"
"@chown" "@setuid"
];
SystemCallArchitectures = "native";
};
} ];
mkMerge [
extraService
{
after = [ "network.target" ] ++
optional cfg.postgresql.enable "postgresql.service" ++
optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
requires =
optional cfg.postgresql.enable "postgresql.service" ++
optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
path = [ pkgs.gawk ];
environment.HOME = runDir;
serviceConfig = {
User = mkDefault srvCfg.user;
Group = mkDefault srvCfg.group;
RuntimeDirectory = [
"sourcehut/${serviceName}"
# Used by *srht-keys which reads ../config.ini
"sourcehut/${serviceName}/subdir"
"sourcehut/chroots/${serviceName}"
];
RuntimeDirectoryMode = "2750";
# No need for the chroot path once inside the chroot
InaccessiblePaths = [ "-+${rootDir}" ];
# g+rx is for group members (eg. fcgiwrap or nginx)
# to read Git/Mercurial repositories, buildlogs, etc.
# o+x is for intermediate directories created by BindPaths= and like,
# as they're owned by root:root.
UMask = "0026";
RootDirectory = rootDir;
RootDirectoryStartOnly = true;
PrivateTmp = true;
MountAPIVFS = true;
# config.ini is looked up in there, before /etc/srht/config.ini
# Note that it fails to be set in ExecStartPre=
WorkingDirectory = mkDefault ("-" + runDir);
BindReadOnlyPaths = [
builtins.storeDir
"/etc"
"/run/booted-system"
"/run/current-system"
"/run/systemd"
] ++
optional cfg.postgresql.enable "/run/postgresql" ++
optional cfg.redis.enable "/run/redis-sourcehut-${srvsrht}";
# LoadCredential= are unfortunately not available in ExecStartPre=
# Hence this one is run as root (the +) with RootDirectoryStartOnly=
# to reach credentials wherever they are.
# Note that each systemd service gets its own ${runDir}/config.ini file.
ExecStartPre = mkBefore [
("+" + pkgs.writeShellScript "${serviceName}-credentials" ''
set -x
# Replace values beginning with a '<' by the content of the file whose name is after.
gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} |
${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"}
install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini
'')
];
# The following options are only for optimizing:
# systemd-analyze security
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateNetwork = mkDefault false;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
#SocketBindAllow = [ "tcp:${toString srvCfg.port}" "tcp:${toString srvCfg.prometheusPort}" ];
#SocketBindDeny = "any";
SystemCallFilter = [
"@system-service"
"~@aio"
"~@keyring"
"~@memlock"
"~@privileged"
"~@timer"
"@chown"
"@setuid"
];
SystemCallArchitectures = "native";
};
}
];
in
{
options.services.sourcehut.${srv} = {
@ -173,7 +189,7 @@ in
gunicorn = {
extraArgs = mkOption {
type = with types; listOf str;
default = ["--timeout 120" "--workers 1" "--log-level=info"];
default = [ "--timeout 120" "--workers 1" "--log-level=info" ];
description = lib.mdDoc "Extra arguments passed to Gunicorn.";
};
};
@ -181,7 +197,7 @@ in
webhooks = {
extraArgs = mkOption {
type = with types; listOf str;
default = ["--loglevel DEBUG" "--pool eventlet" "--without-heartbeat"];
default = [ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ];
description = lib.mdDoc "Extra arguments passed to the Celery responsible for webhooks.";
};
celeryConfig = mkOption {
@ -192,216 +208,237 @@ in
};
};
config = lib.mkIf (cfg.enable && srvCfg.enable) (mkMerge [ extraConfig {
users = {
config = lib.mkIf (cfg.enable && srvCfg.enable) (mkMerge [
extraConfig
{
users = {
"${srvCfg.user}" = {
isSystemUser = true;
group = mkDefault srvCfg.group;
description = mkDefault "sourcehut user for ${srv}.sr.ht";
};
};
groups = {
"${srvCfg.group}" = { };
} // optionalAttrs (cfg.postgresql.enable
&& hasSuffix "0" (postgresql.settings.unix_socket_permissions or "")) {
"postgres".members = [ srvCfg.user ];
} // optionalAttrs (cfg.redis.enable
&& hasSuffix "0" (redis.settings.unixsocketperm or "")) {
"redis-sourcehut-${srvsrht}".members = [ srvCfg.user ];
};
};
services.nginx = mkIf cfg.nginx.enable {
virtualHosts."${srv}.${cfg.settings."sr.ht".global-domain}" = mkMerge [ {
forceSSL = mkDefault true;
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}";
locations."/static" = {
root = "${pkgs.sourcehut.${srvsrht}}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}";
extraConfig = mkDefault ''
expires 30d;
'';
};
locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) {
proxyPass = cfg.settings.${iniKey}.api-origin;
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
'';
};
} cfg.nginx.virtualHost ];
};
services.postgresql = mkIf cfg.postgresql.enable {
authentication = ''
local ${srvCfg.postgresql.database} ${srvCfg.user} trust
'';
ensureDatabases = [ srvCfg.postgresql.database ];
ensureUsers = map (name: {
inherit name;
# We don't use it because we have a special default database name with dots.
# TODO(for maintainers of sourcehut): migrate away from custom preStart script.
ensureDBOwnership = false;
}) [srvCfg.user];
};
services.sourcehut.settings = mkMerge [
{
"${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}";
}
(mkIf cfg.postgresql.enable {
"${srv}.sr.ht".connection-string = mkDefault "postgresql:///${srvCfg.postgresql.database}?user=${srvCfg.user}&host=/run/postgresql";
})
];
services.redis.servers."sourcehut-${srvsrht}" = mkIf cfg.redis.enable {
enable = true;
databases = 3;
syslog = true;
# TODO: set a more informed value
save = mkDefault [ [1800 10] [300 100] ];
settings = {
# TODO: set a more informed value
maxmemory = "128MB";
maxmemory-policy = "volatile-ttl";
};
};
systemd.services = mkMerge [
{
"${srvsrht}" = baseService srvsrht { allowStripe = srv == "meta"; } (mkMerge [
{
description = "sourcehut ${srv}.sr.ht website service";
before = optional cfg.nginx.enable "nginx.service";
wants = optional cfg.nginx.enable "nginx.service";
wantedBy = [ "multi-user.target" ];
path = optional cfg.postgresql.enable postgresql.package;
# Beware: change in credentials' content will not trigger restart.
restartTriggers = [ configIni ];
serviceConfig = {
Type = "simple";
Restart = mkDefault "always";
#RestartSec = mkDefault "2min";
StateDirectory = [ "sourcehut/${srvsrht}" ];
StateDirectoryMode = "2750";
ExecStart = "${cfg.python}/bin/gunicorn ${srvsrht}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} " + concatStringsSep " " srvCfg.gunicorn.extraArgs;
users = {
"${srvCfg.user}" = {
isSystemUser = true;
group = mkDefault srvCfg.group;
description = mkDefault "sourcehut user for ${srv}.sr.ht";
};
preStart = let
version = pkgs.sourcehut.${srvsrht}.version;
stateDir = "/var/lib/sourcehut/${srvsrht}";
in mkBefore ''
set -x
# Use the /run/sourcehut/${srvsrht}/config.ini
# installed by a previous ExecStartPre= in baseService
cd /run/sourcehut/${srvsrht}
if test ! -e ${stateDir}/db; then
# Setup the initial database.
# Note that it stamps the alembic head afterward
${cfg.python}/bin/${srvsrht}-initdb
echo ${version} >${stateDir}/db
fi
${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
if [ "$(cat ${stateDir}/db)" != "${version}" ]; then
# Manage schema migrations using alembic
${cfg.python}/bin/${srvsrht}-migrate -a upgrade head
echo ${version} >${stateDir}/db
fi
''}
# Update copy of each users' profile to the latest
# See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain>
if test ! -e ${stateDir}/webhook; then
# Update ${iniKey}'s users' profile copy to the latest
${cfg.python}/bin/srht-update-profiles ${iniKey}
touch ${stateDir}/webhook
fi
'';
} mainService ]);
}
(mkIf webhooks {
"${srvsrht}-webhooks" = baseService "${srvsrht}-webhooks" {}
};
groups = {
"${srvCfg.group}" = { };
} // optionalAttrs
(cfg.postgresql.enable
&& hasSuffix "0" (postgresql.settings.unix_socket_permissions or ""))
{
description = "sourcehut ${srv}.sr.ht webhooks service";
after = [ "${srvsrht}.service" ];
wantedBy = [ "${srvsrht}.service" ];
partOf = [ "${srvsrht}.service" ];
preStart = ''
cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" srvCfg.webhooks.celeryConfig} \
/run/sourcehut/${srvsrht}-webhooks/celeryconfig.py
"postgres".members = [ srvCfg.user ];
} // optionalAttrs
(cfg.redis.enable
&& hasSuffix "0" (redis.settings.unixsocketperm or ""))
{
"redis-sourcehut-${srvsrht}".members = [ srvCfg.user ];
};
};
services.nginx = mkIf cfg.nginx.enable {
virtualHosts."${srv}.${cfg.settings."sr.ht".global-domain}" = mkMerge [{
forceSSL = mkDefault true;
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}";
locations."/static" = {
root = "${pkgs.sourcehut.${srvsrht}}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}";
extraConfig = mkDefault ''
expires 30d;
'';
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = "${cfg.python}/bin/celery --app ${srvsrht}.webhooks worker --hostname ${srvsrht}-webhooks@%%h " + concatStringsSep " " srvCfg.webhooks.extraArgs;
# Avoid crashing: os.getloadavg()
ProcSubset = mkForce "all";
};
locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) {
proxyPass = cfg.settings.${iniKey}.api-origin;
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
'';
};
}
cfg.nginx.virtualHost];
};
services.postgresql = mkIf cfg.postgresql.enable {
authentication = ''
local ${srvCfg.postgresql.database} ${srvCfg.user} trust
'';
ensureDatabases = [ srvCfg.postgresql.database ];
ensureUsers = map
(name: {
inherit name;
# We don't use it because we have a special default database name with dots.
# TODO(for maintainers of sourcehut): migrate away from custom preStart script.
ensureDBOwnership = false;
}) [ srvCfg.user ];
};
services.sourcehut.settings = mkMerge [
{
"${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}";
}
(mkIf cfg.postgresql.enable {
"${srv}.sr.ht".connection-string = mkDefault "postgresql:///${srvCfg.postgresql.database}?user=${srvCfg.user}&host=/run/postgresql";
})
];
services.redis.servers."sourcehut-${srvsrht}" = mkIf cfg.redis.enable {
enable = true;
databases = 3;
syslog = true;
# TODO: set a more informed value
save = mkDefault [ [ 1800 10 ] [ 300 100 ] ];
settings = {
# TODO: set a more informed value
maxmemory = "128MB";
maxmemory-policy = "volatile-ttl";
};
};
systemd.services = mkMerge [
{
"${srvsrht}" = baseService srvsrht { allowStripe = srv == "meta"; } (mkMerge [
{
description = "sourcehut ${srv}.sr.ht website service";
before = optional cfg.nginx.enable "nginx.service";
wants = optional cfg.nginx.enable "nginx.service";
wantedBy = [ "multi-user.target" ];
path = optional cfg.postgresql.enable postgresql.package;
# Beware: change in credentials' content will not trigger restart.
restartTriggers = [ configIni ];
serviceConfig = {
Type = "simple";
Restart = mkDefault "always";
#RestartSec = mkDefault "2min";
StateDirectory = [ "sourcehut/${srvsrht}" ];
StateDirectoryMode = "2750";
ExecStart = "${cfg.python}/bin/gunicorn ${srvsrht}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} " + concatStringsSep " " srvCfg.gunicorn.extraArgs;
};
preStart =
let
version = pkgs.sourcehut.${srvsrht}.version;
stateDir = "/var/lib/sourcehut/${srvsrht}";
in
mkBefore ''
set -x
# Use the /run/sourcehut/${srvsrht}/config.ini
# installed by a previous ExecStartPre= in baseService
cd /run/sourcehut/${srvsrht}
if test ! -e ${stateDir}/db; then
# Setup the initial database.
# Note that it stamps the alembic head afterward
${cfg.python}/bin/${srvsrht}-initdb
echo ${version} >${stateDir}/db
fi
${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
if [ "$(cat ${stateDir}/db)" != "${version}" ]; then
# Manage schema migrations using alembic
${cfg.python}/bin/${srvsrht}-migrate -a upgrade head
echo ${version} >${stateDir}/db
fi
''}
# Update copy of each users' profile to the latest
# See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain>
if test ! -e ${stateDir}/webhook; then
# Update ${iniKey}'s users' profile copy to the latest
${cfg.python}/bin/srht-update-profiles ${iniKey}
touch ${stateDir}/webhook
fi
'';
}
mainService
]);
}
(mkIf webhooks {
"${srvsrht}-webhooks" = baseService "${srvsrht}-webhooks" { }
{
description = "sourcehut ${srv}.sr.ht webhooks service";
after = [ "${srvsrht}.service" ];
wantedBy = [ "${srvsrht}.service" ];
partOf = [ "${srvsrht}.service" ];
preStart = ''
cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" srvCfg.webhooks.celeryConfig} \
/run/sourcehut/${srvsrht}-webhooks/celeryconfig.py
'';
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = "${cfg.python}/bin/celery --app ${srvsrht}.webhooks worker --hostname ${srvsrht}-webhooks@%%h " + concatStringsSep " " srvCfg.webhooks.extraArgs;
# Avoid crashing: os.getloadavg()
ProcSubset = mkForce "all";
};
};
};
})
})
(mapAttrs (timerName: timer: (baseService timerName {} (mkMerge [
{
description = "sourcehut ${timerName} service";
after = [ "network.target" "${srvsrht}.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.python}/bin/${timerName}";
};
}
(timer.service or {})
]))) extraTimers)
(mapAttrs
(timerName: timer: (baseService timerName { } (mkMerge [
{
description = "sourcehut ${timerName} service";
after = [ "network.target" "${srvsrht}.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.python}/bin/${timerName}";
};
}
(timer.service or { })
])))
extraTimers)
(mapAttrs (serviceName: extraService: baseService serviceName {} (mkMerge [
{
description = "sourcehut ${serviceName} service";
# So that extraServices have the PostgreSQL database initialized.
after = [ "${srvsrht}.service" ];
wantedBy = [ "${srvsrht}.service" ];
partOf = [ "${srvsrht}.service" ];
serviceConfig = {
Type = "simple";
Restart = mkDefault "always";
};
}
extraService
])) extraServices)
(mapAttrs
(serviceName: extraService: baseService serviceName { } (mkMerge [
{
description = "sourcehut ${serviceName} service";
# So that extraServices have the PostgreSQL database initialized.
after = [ "${srvsrht}.service" ];
wantedBy = [ "${srvsrht}.service" ];
partOf = [ "${srvsrht}.service" ];
serviceConfig = {
Type = "simple";
Restart = mkDefault "always";
};
}
extraService
]))
extraServices)
# Work around 'pq: permission denied for schema public' with postgres v15.
# See https://github.com/NixOS/nixpkgs/issues/216989
# Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741
# TODO(to maintainers of sourcehut): please migrate away from this workaround
# by migrating away from database name defaults with dots.
(lib.mkIf (
cfg.postgresql.enable
&& lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
) {
postgresql.postStart = (lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";'
'');
}
)
];
# Work around 'pq: permission denied for schema public' with postgres v15.
# See https://github.com/NixOS/nixpkgs/issues/216989
# Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741
# TODO(to maintainers of sourcehut): please migrate away from this workaround
# by migrating away from database name defaults with dots.
(lib.mkIf
(
cfg.postgresql.enable
&& lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
)
{
postgresql.postStart = (lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";'
'');
}
)
];
systemd.timers = mapAttrs (timerName: timer:
{
description = "sourcehut timer for ${timerName}";
wantedBy = [ "timers.target" ];
inherit (timer) timerConfig;
}) extraTimers;
} ]);
systemd.timers = mapAttrs
(timerName: timer:
{
description = "sourcehut timer for ${timerName}";
wantedBy = [ "timers.target" ];
inherit (timer) timerConfig;
})
extraTimers;
}
]);
}

4
pkgs/applications/editors/setzer/default.nix
View file

@ -20,13 +20,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "setzer";
version = "61";
version = "62";
src = fetchFromGitHub {
owner = "cvfosammmm";
repo = "Setzer";
rev = "v${version}";
hash = "sha256-7qkQelB0Y+DBihhaYVVQjK66pk8p2Sjhno87bW554SY=";
hash = "sha256-CynYWzFnsr5FoNwBlK4k8c+EE22NP0OrpEFrSiEtxUU=";
};
format = "other";

1916
pkgs/applications/misc/diebahn/Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

16
pkgs/applications/misc/diebahn/default.nix
View file

@ -21,20 +21,19 @@
stdenv.mkDerivation rec {
pname = "diebahn";
version = "1.5.0";
version = "2.1.0";
src = fetchFromGitLab {
owner = "schmiddi-on-mobile";
repo = "diebahn";
rev = version;
hash = "sha256-WEjMtRXRmcbgCIQNJRlGYGQhem9W8nb/lsjft0oWxAk=";
hash = "sha256-IKQaCdUpLbZwySpaywGbbLtBGljNR+ltQkbCcJwQ/K4=";
};
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"hafas-rs-0.1.0" = "sha256-9YmWiief8Nux1ZkPTZjzer/qKAa5hORVn8HngMtKDxM=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
name = "${pname}-${src}";
inherit src;
hash = "sha256-FlXAWMHrWnYXIWuG0wXDkxiJfNHlZmJFkYRfOxzIg1g=";
};
nativeBuildInputs = [
@ -70,7 +69,8 @@ stdenv.mkDerivation rec {
};
meta = {
description = "GTK4 frontend for the travel information of the german railway";
changelog = "https://gitlab.com/schmiddi-on-mobile/railway/-/blob/${src.rev}/CHANGELOG.md";
description = "Travel with all your train information in one place";
homepage = "https://gitlab.com/schmiddi-on-mobile/diebahn";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ dotlambda ];

97
pkgs/applications/misc/downonspot/Cargo.lock.patch Normal file
View file

@ -0,0 +1,97 @@
diff --git a/Cargo.lock b/Cargo.lock
index e6f1267..3bf16a5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1632,7 +1632,8 @@ dependencies = [
[[package]]
name = "librespot"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea4c9952ef48968f8184a4a87f8576982426ebe623342d5a28f7d9c4978e4a44"
dependencies = [
"base64 0.13.1",
"env_logger",
@@ -1658,7 +1659,8 @@ dependencies = [
[[package]]
name = "librespot-audio"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c176a31355e1ea8e0b9c4ced19df4947bfe4770661c25c142b6fba2365940d9d"
dependencies = [
"aes-ctr",
"byteorder",
@@ -1673,7 +1675,8 @@ dependencies = [
[[package]]
name = "librespot-connect"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ffafb6a443e9445ccb3d5d591573b5b1da3c89a9b8846c63ba2c3710210d3ec"
dependencies = [
"form_urlencoded",
"futures-util",
@@ -1693,7 +1696,8 @@ dependencies = [
[[package]]
name = "librespot-core"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "046349f25888e644bf02d9c5de0164b2a493d29aa4ce18e1ad0b756da9b55d6d"
dependencies = [
"aes",
"base64 0.13.1",
@@ -1733,7 +1737,8 @@ dependencies = [
[[package]]
name = "librespot-discovery"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2aa877d18f6150364012cb4be5682d62d7c712c88bae2d0d01720fd7c15e2f06"
dependencies = [
"aes-ctr",
"base64 0.13.1",
@@ -1754,7 +1759,8 @@ dependencies = [
[[package]]
name = "librespot-metadata"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b80361fcbcb5092056fd47c08c34d5d51b08385d8efb6941c0d3e46d032c21c"
dependencies = [
"async-trait",
"byteorder",
@@ -1767,7 +1773,8 @@ dependencies = [
[[package]]
name = "librespot-playback"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5190a0b9bcc7f70ee4196a6b4a1c731d405ca130d4a6fcd4c561cfdde8b7cfb7"
dependencies = [
"byteorder",
"cpal",
@@ -1792,7 +1799,8 @@ dependencies = [
[[package]]
name = "librespot-protocol"
version = "0.4.2"
-source = "git+ssh://git@github.com/oSumAtrIX/free-librespot.git#f28fa264528dc85f8f325c18e8461b0f2b43dca1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d6d3ac6196ac0ea67bbe039f56d6730a5d8b31502ef9bce0f504ed729dcb39f"
dependencies = [
"glob",
"protobuf 2.28.0",
diff --git a/Cargo.toml b/Cargo.toml
index 40ca2c1..734a3fb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,7 +29,7 @@ reqwest = "0.11"
colored = "2"
lame = "0.1"
aspotify = "0.7.1"
-librespot = { git = "ssh://git@github.com/oSumAtrIX/free-librespot.git" }
+librespot = "0.4.2"
async-std = { version = "1.12", features = ["attributes", "tokio1"] }
serde_json = "1.0"
async-stream = "0.3"

12
pkgs/applications/misc/downonspot/default.nix
View file

@ -10,19 +10,19 @@
rustPlatform.buildRustPackage rec {
pname = "downonspot";
version = "unstable-2021-10-13";
version = "unstable-2023-11-26";
src = fetchFromGitHub {
owner = "oSumAtrIX";
repo = "DownOnSpot";
rev = "9d78ea2acad4dfe653a895a1547ad0abe7c5b47a";
sha256 = "03g99yx9sldcg3i6hvpdxyk70f09f8kfj3kh283vl09b1a2c477w";
rev = "406fbf137306208bcb9835ad3aa92b0edbc01805";
hash = "sha256-gY5pDZ5EwKhBmV8VyuKW/19BgfPSIZSp9rEI/GuonYQ=";
};
cargoSha256 = "0k200p6wgwb60ax1r8mjn3aq08zxpkqbfqpi3b25zi3xf83my44d";
# Use official public librespot version
cargoPatches = [ ./Cargo.lock.patch ];
# fixes: error: the option `Z` is only accepted on the nightly compiler
RUSTC_BOOTSTRAP = 1;
cargoHash = "sha256-CG9QY9Nfy/dxzvSPG2NB2/6yjTvdoDI76PRSaM138Wk=";
nativeBuildInputs = [
pkg-config

14
pkgs/applications/networking/p2p/transgui/default.nix
View file

@ -3,23 +3,15 @@
stdenv.mkDerivation rec {
pname = "transgui";
version = "unstable-2022-02-02";
version = "unstable-2023-10-19";
src = fetchFromGitHub {
owner = "transmission-remote-gui";
repo = "transgui";
rev = "0e2c2a07c1b21b1704c0a4945a111a8aa1050a1a";
sha256 = "1x9wzii3q9zanpik4xc99jqsfrqch8vjmlx12jrvczxcfy51b1ba";
rev = "b1f5c2334edb6659c04863ef4a534ba1e57284f0";
sha256 = "sha256-XCokcA5lINC9B+qwg0vjkymwa16ZNHRKLI829+X7CvE=";
};
patches = [
# TDDO: remove when transgui updates for transmission-daemon v3 rpc protocol
(fetchpatch {
url = "https://github.com/transmission-remote-gui/transgui/commit/9275c3fb877dd753a1940d1b900630cdc09a0cc2.patch";
sha256 = "0w2x7gcxp5kqczdz7ckfqhdz9hhkm62k8gcws54d6km7x9vc1023";
})
];
nativeBuildInputs = [ pkg-config unzip ];
buildInputs = [
fpc lazarus stdenv.cc libX11 glib gtk2 gdk-pixbuf

6
pkgs/applications/networking/sync/rclone/default.nix
View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "rclone";
version = "1.64.2";
version = "1.65.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-gOFOcqCgFAiTc6W3v8Z917hGCzxluswqnuOoUht73GA=";
hash = "sha256-hlkX8JrBz/hFwQj0xCZfuBt2t3CP3Xa1JkNDH0zomxg=";
};
vendorHash = "sha256-eYIGVCTvUfGbsIMFthEfD0r6aeA7Ly9xJ8PJ6hR2SjA=";
vendorHash = "sha256-qKRIT2HqNDpEtZBNHZMXp4Yhh5fCkQSTPU5MQ7FmCHI=";
subPackages = [ "." ];

5
pkgs/applications/video/mpv/default.nix
View file

@ -4,6 +4,7 @@
, fetchFromGitHub
, fetchpatch
, addOpenGLRunpath
, bash
, docutils
, meson
, ninja
@ -153,19 +154,20 @@ in stdenv'.mkDerivation (finalAttrs: {
meson
ninja
pkg-config
python3
]
++ lib.optionals stdenv.isDarwin [ xcbuild.xcrun sigtool ]
++ lib.optionals swiftSupport [ swift ]
++ lib.optionals waylandSupport [ wayland-scanner ];
buildInputs = [
bash
ffmpeg
freetype
libass
libpthreadstubs
libuchardet
luaEnv
python3
] ++ lib.optionals alsaSupport [ alsa-lib ]
++ lib.optionals archiveSupport [ libarchive ]
++ lib.optionals bluraySupport [ libbluray ]
@ -231,6 +233,7 @@ in stdenv'.mkDerivation (finalAttrs: {
# See the explanation in addOpenGLRunpath.
postFixup = lib.optionalString stdenv.isLinux ''
addOpenGLRunpath $out/bin/mpv
patchShebangs --update --host $out/bin/umpv $out/bin/mpv_identify.sh
'';
passthru = {

4
pkgs/applications/window-managers/phosh/default.nix
View file

@ -36,7 +36,7 @@
stdenv.mkDerivation rec {
pname = "phosh";
version = "0.32.0";
version = "0.33.0";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
@ -45,7 +45,7 @@ stdenv.mkDerivation rec {
repo = pname;
rev = "v${version}";
fetchSubmodules = true; # including gvc and libcall-ui which are designated as subprojects
sha256 = "sha256-4LsB/7zKRkoxNQQVxwrSSIqGP7KQ0WHBnSVY+ClWTxo=";
sha256 = "sha256-t+1MYfsz7KqsMvN8TyLIUrTLTQPWQQpOSk/ysxgE7kg=";
};
nativeBuildInputs = [

8
pkgs/development/haskell-modules/configuration-darwin.nix
View file

@ -123,6 +123,14 @@ self: super: ({
__darwinAllowLocalNetworking = true;
});
hidapi =
addExtraLibraries [
darwin.apple_sdk.frameworks.AppKit
darwin.apple_sdk.frameworks.IOKit
darwin.apple_sdk.frameworks.CoreFoundation
]
(super.hidapi.override { systemd = null; });
hmatrix = addBuildDepend darwin.apple_sdk.frameworks.Accelerate super.hmatrix;
blas-hs = overrideCabal (drv: {

1
pkgs/development/haskell-modules/configuration-hackage2nix/main.yaml
View file

@ -640,7 +640,6 @@ unsupported-platforms:
haskell-snake: [ platforms.darwin ]
hcwiid: [ platforms.darwin ]
HDRUtils: [ platforms.darwin ]
hidapi: [ platforms.darwin ]
hinotify-bytestring: [ platforms.darwin ]
honk: [ platforms.darwin ]
HSoM: [ platforms.darwin ]

2
pkgs/development/haskell-modules/configuration-nix.nix
View file

@ -625,8 +625,6 @@ self: super: builtins.intersectAttrs super {
# https://github.com/haskell-fswatch/hfsnotify/issues/62
fsnotify = dontCheck super.fsnotify;
hidapi = addExtraLibrary pkgs.udev super.hidapi;
hs-GeoIP = super.hs-GeoIP.override { GeoIP = pkgs.geoipWithDatabase; };
discount = super.discount.override { markdown = pkgs.discount; };

1
pkgs/development/haskell-modules/hackage-packages.nix generated
View file

@ -146371,7 +146371,6 @@ self: {
librarySystemDepends = [ systemd ];
description = "Haskell bindings to HIDAPI";
license = lib.licenses.mit;
badPlatforms = lib.platforms.darwin;
}) {inherit (pkgs) systemd;};
"hidden-char" = callPackage

2
pkgs/development/ocaml-modules/caqti/default.nix
View file

@ -23,7 +23,7 @@ buildDunePackage rec {
meta = {
description = "Unified interface to relational database libraries";
license = "LGPL-3.0-or-later WITH OCaml-LGPL-linking-exception";
license = with lib.licenses; [ lgpl3Plus ocamlLgplLinkingException ];
maintainers = with lib.maintainers; [ bcc32 ];
homepage = "https://github.com/paurkedal/ocaml-caqti";
};

4
pkgs/development/php-packages/apcu/default.nix
View file

@ -1,7 +1,7 @@
{ buildPecl, lib, pcre2, fetchFromGitHub, php, fetchpatch }:
let
version = "5.1.22";
version = "5.1.23";
in buildPecl {
inherit version;
pname = "apcu";
@ -10,7 +10,7 @@ in buildPecl {
owner = "krakjoe";
repo = "apcu";
rev = "v${version}";
sha256 = "sha256-L4a+/kWT95a1Km+FzFNiAaBw8enU6k4ZiCFRErjj9o8=";
sha256 = "sha256-UDKLLCCnYJj/lCD8ZkkDf2WYZMoIbcP75+0/IXo4vdQ=";
};
patches = lib.optionals (lib.versionAtLeast php.version "8.3") [

4
pkgs/development/php-packages/ast/default.nix
View file

@ -1,7 +1,7 @@
{ buildPecl, lib, fetchFromGitHub }:
let
version = "1.1.0";
version = "1.1.1";
in buildPecl {
inherit version;
pname = "ast";
@ -10,7 +10,7 @@ in buildPecl {
owner = "nikic";
repo = "php-ast";
rev = "v${version}";
sha256 = "sha256-e9J6O4A+8xRBlR9m4OK1kTVpzgzsviD0Eqi0iY4AgkY=";
sha256 = "sha256-ulMLufhLf9E11Z6+rVBZ14CY3ILp/NrhMjRXmrUHnBA=";
};
meta = with lib; {

2
pkgs/development/php-packages/datadog_trace/Cargo.lock generated
View file

@ -678,7 +678,7 @@ dependencies = [
[[package]]
name = "datadog-php-profiling"
version = "0.93.1"
version = "0.94.0"
dependencies = [
"ahash 0.8.3",
"anyhow",

4
pkgs/development/php-packages/datadog_trace/default.nix
View file

@ -13,14 +13,14 @@
buildPecl rec {
pname = "ddtrace";
version = "0.93.1";
version = "0.94.0";
src = fetchFromGitHub {
owner = "DataDog";
repo = "dd-trace-php";
rev = version;
fetchSubmodules = true;
hash = "sha256-eiqwcSDwxkuYEsseHdjBE3KFnTnD/7BMyz/DNVAKUIA=";
hash = "sha256-1EdA68zynm0M4NJH8kFmrtprUzWpjObarxNigY8viY8=";
};
cargoDeps = rustPlatform.importCargoLock {

4
pkgs/development/python-modules/imap-tools/default.nix
View file

@ -7,7 +7,7 @@
buildPythonPackage rec {
pname = "imap-tools";
version = "1.4.0";
version = "1.5.0";
disabled = pythonOlder "3.5";
@ -17,7 +17,7 @@ buildPythonPackage rec {
owner = "ikvk";
repo = "imap_tools";
rev = "refs/tags/v${version}";
hash = "sha256-bTYfAXc/2bRj8TBd9mmg0EGjUcUu6aiZXl8MF0+1xcs=";
hash = "sha256-kY6Y8Uu1HwSkcmlKL5+zPh4n+4mofX2aoPVXAZvInlI=";
};
nativeCheckInputs = [

11
pkgs/development/python-modules/img2pdf/default-icc-profile.patch
View file

@ -1,8 +1,8 @@
diff --git a/src/img2pdf.py b/src/img2pdf.py
index 036232b..d2e7829 100755
index f89670b..01ec4d3 100755
--- a/src/img2pdf.py
+++ b/src/img2pdf.py
@@ -3815,14 +3815,7 @@ def gui():
@@ -3841,17 +3841,7 @@ def validate_icc(fname):
def get_default_icc_profile():
@ -11,8 +11,11 @@ index 036232b..d2e7829 100755
- "/usr/share/color/icc/OpenICC/sRGB.icc",
- "/usr/share/color/icc/colord/sRGB.icc",
- ]:
- if os.path.exists(profile):
- return profile
- if not os.path.exists(profile):
- continue
- if not file_is_icc(profile):
- continue
- return profile
- return "/usr/share/color/icc/sRGB.icc"
+ return "@srgbProfile@"

4
pkgs/development/python-modules/img2pdf/default.nix
View file

@ -22,7 +22,7 @@
buildPythonPackage rec {
pname = "img2pdf";
version = "0.5.0";
version = "0.5.1";
disabled = isPy27;
pyproject = true;
@ -32,7 +32,7 @@ buildPythonPackage rec {
owner = "josch";
repo = "img2pdf";
rev = version;
hash = "sha256-k0GqBTS8PvYDmjzyLCSdQB7oBakrEQYJcQykDNrzgcA=";
hash = "sha256-mrNTc37GrHTc7NW0sYI1FlAOlnvXum02867enqHsAEQ=";
};
patches = [

4
pkgs/development/tools/esbuild/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "esbuild";
version = "0.19.7";
version = "0.19.8";
src = fetchFromGitHub {
owner = "evanw";
repo = "esbuild";
rev = "v${version}";
hash = "sha256-a7IxZhmprwQuBqxTOaHo2KzguhXXQmrhaE7fHGh0yrQ=";
hash = "sha256-f13YbgHFQk71g7twwQ2nSOGA0RG0YYM01opv6txRMuw=";
};
vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ=";

4
pkgs/servers/monitoring/nagios/plugins/check_ssl_cert.nix
View file

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "check_ssl_cert";
version = "2.76.0";
version = "2.77.0";
src = fetchFromGitHub {
owner = "matteocorti";
repo = "check_ssl_cert";
rev = "refs/tags/v${version}";
hash = "sha256-nk+uYO8tJPUezu/nqfwNhK4q/ds9C96re/fWebrTa1Y=";
hash = "sha256-xU/1Bs3uIFomy6w2Vf50O3VbwoGfJMng88J1NXfg1pQ=";
};
nativeBuildInputs = [

22
pkgs/servers/samba/4.x.nix
View file

@ -27,6 +27,7 @@
, tdb
, tevent
, libxcrypt
, libxcrypt-legacy
, cmocka
, rpcsvc-proto
, bash
@ -49,6 +50,15 @@
with lib;
let
# samba-tool requires libxcrypt-legacy algorithms
python = python3Packages.python.override {
libxcrypt = libxcrypt-legacy;
};
wrapPython = python3Packages.wrapPython.override {
inherit python;
};
in
stdenv.mkDerivation rec {
pname = "samba";
version = "4.19.2";
@ -69,7 +79,7 @@ stdenv.mkDerivation rec {
];
nativeBuildInputs = [
python3Packages.python
python
wafHook
pkg-config
bison
@ -93,8 +103,8 @@ stdenv.mkDerivation rec {
buildInputs = [
bash
python3Packages.wrapPython
python3Packages.python
wrapPython
python
readline
popt
dbus
@ -165,7 +175,7 @@ stdenv.mkDerivation rec {
# module, which works correctly in all cases.
PYTHON_CONFIG = "/invalid";
pythonPath = [ python3Packages.dnspython tdb ];
pythonPath = [ python3Packages.dnspython python3Packages.markdown tdb ];
preBuild = ''
export MAKEFLAGS="-j $NIX_BUILD_CORES"
@ -208,12 +218,12 @@ stdenv.mkDerivation rec {
# Samba does its own shebang patching, but uses build Python
find $out/bin -type f -executable | while read file; do
isScript "$file" || continue
sed -i 's^${lib.getBin buildPackages.python3Packages.python}/bin^${lib.getBin python3Packages.python}/bin^' "$file"
sed -i 's^${lib.getBin buildPackages.python3Packages.python}^${lib.getBin python}^' "$file"
done
'';
disallowedReferences =
lib.optionals (buildPackages.python3Packages.python != python3Packages.python)
lib.optionals (buildPackages.python3Packages.python != python)
[ buildPackages.python3Packages.python ];
passthru = {

14
pkgs/servers/sql/postgresql/ext/pgrouting.nix
View file

@ -1,8 +1,8 @@
{ lib, stdenv, fetchFromGitHub, postgresql, perl, cmake, boost }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, postgresql, perl, cmake, boost }:
stdenv.mkDerivation rec {
pname = "pgrouting";
version = "3.5.1";
version = "3.6.0";
nativeBuildInputs = [ cmake perl ];
buildInputs = [ postgresql boost ];
@ -11,9 +11,17 @@ stdenv.mkDerivation rec {
owner = "pgRouting";
repo = pname;
rev = "v${version}";
sha256 = "sha256-X7ZXGPUkhPDBB2QpUGfqDTgOairkYZF78Ol0XEAmxD8=";
sha256 = "sha256-FOHIQzL8tmSWllCTzQkuGOiqk47S+HTB8aEpAC30YNk=";
};
patches = [
# Fix issues with size_t vs uint64_ on Darwin. Remove with the next release.
(fetchpatch {
url = "https://github.com/pgRouting/pgrouting/commit/b16e9da748e9d78c8b19d2b1db3baeb19c33c6aa.patch";
hash = "sha256-CJmuVxZ3zIJTa6KXhM2cvynAE6Vmff7XBDfSGg4W9dE=";
})
];
installPhase = ''
install -D lib/*.so -t $out/lib
install -D sql/pgrouting--${version}.sql -t $out/share/postgresql/extension

6
pkgs/tools/filesystems/blobfuse/default.nix
View file

@ -1,18 +1,18 @@
{ lib, buildGoModule, fetchFromGitHub, fuse3, testers, blobfuse }:
let
version = "2.1.0";
version = "2.1.2";
src = fetchFromGitHub {
owner = "Azure";
repo = "azure-storage-fuse";
rev = "blobfuse2-${version}";
sha256 = "sha256-+MnqIwLuR+YBTowgIQokV0kFzfYtMBdhd/+m9MOrF1Y=";
sha256 = "sha256-KzpD+6g1WwviydYE0v5pSH35zC41MrPlk5MitwAIgnE=";
};
in buildGoModule {
pname = "blobfuse";
inherit version src;
vendorHash = "sha256-WfVFV/6Owx51rHXyfMp7CRW7aQ3R5BFyfHronQ58Gik=";
vendorHash = "sha256-+Z+mkTs/8qCtYcWZIMzsW9MQsC08KDJUHNbxyc6Ro5Y=";
buildInputs = [ fuse3 ];

2
pkgs/tools/security/metasploit/Gemfile
View file

@ -1,4 +1,4 @@
# frozen_string_literal: true
source "https://rubygems.org"
gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.43"
gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.44"

8
pkgs/tools/security/metasploit/Gemfile.lock
View file

@ -1,9 +1,9 @@
GIT
remote: https://github.com/rapid7/metasploit-framework
revision: 58dcabe21524d8b2c4d05618ca8509dc42cc6515
ref: refs/tags/6.3.43
revision: 54a9eee7f85d369feef55d6a340340ad965f80a0
ref: refs/tags/6.3.44
specs:
metasploit-framework (6.3.43)
metasploit-framework (6.3.44)
actionpack (~> 7.0.0)
activerecord (~> 7.0.0)
activesupport (~> 7.0.0)
@ -462,4 +462,4 @@ DEPENDENCIES
metasploit-framework!
BUNDLED WITH
2.4.20
2.4.22

15
pkgs/tools/security/metasploit/default.nix
View file

@ -15,17 +15,22 @@ let
};
in stdenv.mkDerivation rec {
pname = "metasploit-framework";
version = "6.3.43";
version = "6.3.44";
src = fetchFromGitHub {
owner = "rapid7";
repo = "metasploit-framework";
rev = version;
sha256 = "sha256-IWdSxXhJFGbNTo9xqEjBJNEWB6imzdwzgnXoUbfao/g=";
rev = "refs/tags/${version}";
hash = "sha256-LBmyFE617G2ryEAp5fig3G2T/goa9NXUggu0XH4X1xs=";
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ (python3.withPackages (ps: [ ps.requests ])) ];
nativeBuildInputs = [
makeWrapper
];
buildInputs = [
(python3.withPackages (ps: [ ps.requests ]))
];
dontPatchELF = true; # stay away from exploit executables

6
pkgs/tools/security/metasploit/gemset.nix
View file

@ -654,12 +654,12 @@
platforms = [];
source = {
fetchSubmodules = false;
rev = "58dcabe21524d8b2c4d05618ca8509dc42cc6515";
sha256 = "1y53vavm3s3mh8rxrkd6m03idl94q54ahwcg9v6nc529g32m4rr1";
rev = "54a9eee7f85d369feef55d6a340340ad965f80a0";
sha256 = "06yp2xz5rd0bhbadbx0s1bz96vfwl3wfaaa0r2mnvv5m9qab469c";
type = "git";
url = "https://github.com/rapid7/metasploit-framework";
};
version = "6.3.43";
version = "6.3.44";
};
metasploit-model = {
groups = ["default"];

6
pkgs/tools/wayland/wl-gammactl/default.nix
View file

@ -1,6 +1,6 @@
{ lib, stdenv, fetchFromGitHub
, meson, pkg-config, ninja
, wayland, wayland-scanner, wlroots, wlr-protocols, gtk3, glib
, wayland, wayland-scanner, wlr-protocols, gtk3, glib
}:
stdenv.mkDerivation rec {
@ -16,13 +16,15 @@ stdenv.mkDerivation rec {
strictDeps = true;
nativeBuildInputs = [ meson pkg-config ninja glib wayland-scanner ];
buildInputs = [ wayland wlroots gtk3 ];
buildInputs = [ wayland gtk3 ];
postUnpack = ''
rmdir source/wlr-protocols
ln -s ${wlr-protocols}/share/wlr-protocols source
'';
patches = [ ./dont-need-wlroots.diff ];
postPatch = ''
substituteInPlace meson.build --replace "git = find_program('git')" "git = 'false'"
'';

20
pkgs/tools/wayland/wl-gammactl/dont-need-wlroots.diff Normal file
View file

@ -0,0 +1,20 @@
diff --git a/meson.build b/meson.build
index 5253f52..f5ff82e 100644
--- a/meson.build
+++ b/meson.build
@@ -6,7 +6,6 @@ project(
# Define dependecies
dep_gtk3 = dependency('gtk+-3.0')
-dep_wlroots = dependency('wlroots')
dep_wayland_client = dependency('wayland-client')
@@ -75,7 +74,6 @@ executable(
'wl-gammactl',
sources,
dependencies : [
- dep_wlroots,
dep_wayland_client,
dep_gtk3
],

4
pkgs/top-level/all-packages.nix
View file

@ -4861,9 +4861,7 @@ with pkgs;
wlsunset = callPackage ../tools/wayland/wlsunset { };
wl-gammactl = callPackage ../tools/wayland/wl-gammactl {
wlroots = wlroots_0_15;
};
wl-gammactl = callPackage ../tools/wayland/wl-gammactl { };
wluma = callPackage ../tools/wayland/wluma { };