Merge remote-tracking branch 'origin/master' into staging-next
Conflicts: pkgs/development/tools/kubie/default.nix
This commit is contained in:
commit
5cd5b9b97f
31 changed files with 1960 additions and 1695 deletions
|
@ -299,9 +299,8 @@ in
|
|||
# Ensure essential files exist.
|
||||
if [[ ! -f ${cfg.dataDir}/configs/znc.conf ]]; then
|
||||
echo "No znc.conf file found in ${cfg.dataDir}. Creating one now."
|
||||
cp --no-clobber ${cfg.configFile} ${cfg.dataDir}/configs/znc.conf
|
||||
cp --no-preserve=ownership --no-clobber ${cfg.configFile} ${cfg.dataDir}/configs/znc.conf
|
||||
chmod u+rw ${cfg.dataDir}/configs/znc.conf
|
||||
chown ${cfg.user} ${cfg.dataDir}/configs/znc.conf
|
||||
fi
|
||||
|
||||
if [[ ! -f ${cfg.dataDir}/znc.pem ]]; then
|
||||
|
|
|
@ -54,6 +54,7 @@ in
|
|||
|
||||
frontendUrl = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
apply = x: if lib.hasSuffix "/" x then x else x + "/";
|
||||
example = "keycloak.example.com/auth";
|
||||
description = ''
|
||||
The public URL used as base for all frontend requests. Should
|
||||
|
@ -84,113 +85,128 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
certificatePrivateKeyBundle = lib.mkOption {
|
||||
sslCertificate = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_cert";
|
||||
description = ''
|
||||
The path to a PEM formatted bundle of the private key and
|
||||
certificate to use for TLS connections.
|
||||
The path to a PEM formatted certificate to use for TLS/SSL
|
||||
connections.
|
||||
|
||||
This should be a string, not a Nix path, since Nix paths are
|
||||
copied into the world-readable Nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseType = lib.mkOption {
|
||||
type = lib.types.enum [ "mysql" "postgresql" ];
|
||||
default = "postgresql";
|
||||
example = "mysql";
|
||||
description = ''
|
||||
The type of database Keycloak should connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseHost = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Hostname of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
databasePort =
|
||||
let
|
||||
dbPorts = {
|
||||
postgresql = 5432;
|
||||
mysql = 3306;
|
||||
};
|
||||
in
|
||||
lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = dbPorts.${cfg.databaseType};
|
||||
description = ''
|
||||
Port of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseUseSSL = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = cfg.databaseHost != "localhost";
|
||||
description = ''
|
||||
Whether the database connection should be secured by SSL /
|
||||
TLS.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseCaCert = lib.mkOption {
|
||||
sslCertificateKey = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_key";
|
||||
description = ''
|
||||
The SSL / TLS CA certificate that verifies the identity of the
|
||||
database server.
|
||||
|
||||
Required when PostgreSQL is used and SSL is turned on.
|
||||
|
||||
For MySQL, if left at <literal>null</literal>, the default
|
||||
Java keystore is used, which should suffice if the server
|
||||
certificate is issued by an official CA.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseCreateLocally = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether a database should be automatically created on the
|
||||
local host. Set this to false if you plan on provisioning a
|
||||
local database yourself. This has no effect if
|
||||
services.keycloak.databaseHost is customized.
|
||||
'';
|
||||
};
|
||||
|
||||
databaseUsername = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "keycloak";
|
||||
description = ''
|
||||
Username to use when connecting to an external or manually
|
||||
provisioned database; has no effect when a local database is
|
||||
automatically provisioned.
|
||||
|
||||
To use this with a local database, set <xref
|
||||
linkend="opt-services.keycloak.databaseCreateLocally" /> to
|
||||
<literal>false</literal> and create the database and user
|
||||
manually. The database should be called
|
||||
<literal>keycloak</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
databasePasswordFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
example = "/run/keys/db_password";
|
||||
description = ''
|
||||
File containing the database password.
|
||||
The path to a PEM formatted private key to use for TLS/SSL
|
||||
connections.
|
||||
|
||||
This should be a string, not a Nix path, since Nix paths are
|
||||
copied into the world-readable Nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
database = {
|
||||
type = lib.mkOption {
|
||||
type = lib.types.enum [ "mysql" "postgresql" ];
|
||||
default = "postgresql";
|
||||
example = "mysql";
|
||||
description = ''
|
||||
The type of database Keycloak should connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Hostname of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
port =
|
||||
let
|
||||
dbPorts = {
|
||||
postgresql = 5432;
|
||||
mysql = 3306;
|
||||
};
|
||||
in
|
||||
lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = dbPorts.${cfg.database.type};
|
||||
description = ''
|
||||
Port of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
useSSL = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = cfg.database.host != "localhost";
|
||||
description = ''
|
||||
Whether the database connection should be secured by SSL /
|
||||
TLS.
|
||||
'';
|
||||
};
|
||||
|
||||
caCert = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
The SSL / TLS CA certificate that verifies the identity of the
|
||||
database server.
|
||||
|
||||
Required when PostgreSQL is used and SSL is turned on.
|
||||
|
||||
For MySQL, if left at <literal>null</literal>, the default
|
||||
Java keystore is used, which should suffice if the server
|
||||
certificate is issued by an official CA.
|
||||
'';
|
||||
};
|
||||
|
||||
createLocally = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether a database should be automatically created on the
|
||||
local host. Set this to false if you plan on provisioning a
|
||||
local database yourself. This has no effect if
|
||||
services.keycloak.database.host is customized.
|
||||
'';
|
||||
};
|
||||
|
||||
username = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "keycloak";
|
||||
description = ''
|
||||
Username to use when connecting to an external or manually
|
||||
provisioned database; has no effect when a local database is
|
||||
automatically provisioned.
|
||||
|
||||
To use this with a local database, set <xref
|
||||
linkend="opt-services.keycloak.database.createLocally" /> to
|
||||
<literal>false</literal> and create the database and user
|
||||
manually. The database should be called
|
||||
<literal>keycloak</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
example = "/run/keys/db_password";
|
||||
description = ''
|
||||
File containing the database password.
|
||||
|
||||
This should be a string, not a Nix path, since Nix paths are
|
||||
copied into the world-readable Nix store.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default = pkgs.keycloak;
|
||||
|
@ -261,12 +277,12 @@ in
|
|||
config =
|
||||
let
|
||||
# We only want to create a database if we're actually going to connect to it.
|
||||
databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == "localhost";
|
||||
createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.databaseType == "postgresql";
|
||||
createLocalMySQL = databaseActuallyCreateLocally && cfg.databaseType == "mysql";
|
||||
databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "localhost";
|
||||
createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.database.type == "postgresql";
|
||||
createLocalMySQL = databaseActuallyCreateLocally && cfg.database.type == "mysql";
|
||||
|
||||
mySqlCaKeystore = pkgs.runCommandNoCC "mysql-ca-keystore" {} ''
|
||||
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.databaseCaCert} -keystore $out -storepass notsosecretpassword -noprompt
|
||||
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt
|
||||
'';
|
||||
|
||||
keycloakConfig' = builtins.foldl' lib.recursiveUpdate {
|
||||
|
@ -282,11 +298,11 @@ in
|
|||
};
|
||||
"subsystem=datasources"."data-source=KeycloakDS" = {
|
||||
max-pool-size = "20";
|
||||
user-name = if databaseActuallyCreateLocally then "keycloak" else cfg.databaseUsername;
|
||||
user-name = if databaseActuallyCreateLocally then "keycloak" else cfg.database.username;
|
||||
password = "@db-password@";
|
||||
};
|
||||
} [
|
||||
(lib.optionalAttrs (cfg.databaseType == "postgresql") {
|
||||
(lib.optionalAttrs (cfg.database.type == "postgresql") {
|
||||
"subsystem=datasources" = {
|
||||
"jdbc-driver=postgresql" = {
|
||||
driver-module-name = "org.postgresql";
|
||||
|
@ -294,16 +310,16 @@ in
|
|||
driver-xa-datasource-class-name = "org.postgresql.xa.PGXADataSource";
|
||||
};
|
||||
"data-source=KeycloakDS" = {
|
||||
connection-url = "jdbc:postgresql://${cfg.databaseHost}:${builtins.toString cfg.databasePort}/keycloak";
|
||||
connection-url = "jdbc:postgresql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
|
||||
driver-name = "postgresql";
|
||||
"connection-properties=ssl".value = lib.boolToString cfg.databaseUseSSL;
|
||||
} // (lib.optionalAttrs (cfg.databaseCaCert != null) {
|
||||
"connection-properties=sslrootcert".value = cfg.databaseCaCert;
|
||||
"connection-properties=ssl".value = lib.boolToString cfg.database.useSSL;
|
||||
} // (lib.optionalAttrs (cfg.database.caCert != null) {
|
||||
"connection-properties=sslrootcert".value = cfg.database.caCert;
|
||||
"connection-properties=sslmode".value = "verify-ca";
|
||||
});
|
||||
};
|
||||
})
|
||||
(lib.optionalAttrs (cfg.databaseType == "mysql") {
|
||||
(lib.optionalAttrs (cfg.database.type == "mysql") {
|
||||
"subsystem=datasources" = {
|
||||
"jdbc-driver=mysql" = {
|
||||
driver-module-name = "com.mysql";
|
||||
|
@ -311,22 +327,22 @@ in
|
|||
driver-class-name = "com.mysql.jdbc.Driver";
|
||||
};
|
||||
"data-source=KeycloakDS" = {
|
||||
connection-url = "jdbc:mysql://${cfg.databaseHost}:${builtins.toString cfg.databasePort}/keycloak";
|
||||
connection-url = "jdbc:mysql://${cfg.database.host}:${builtins.toString cfg.database.port}/keycloak";
|
||||
driver-name = "mysql";
|
||||
"connection-properties=useSSL".value = lib.boolToString cfg.databaseUseSSL;
|
||||
"connection-properties=requireSSL".value = lib.boolToString cfg.databaseUseSSL;
|
||||
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.databaseUseSSL;
|
||||
"connection-properties=useSSL".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=requireSSL".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=verifyServerCertificate".value = lib.boolToString cfg.database.useSSL;
|
||||
"connection-properties=characterEncoding".value = "UTF-8";
|
||||
valid-connection-checker-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker";
|
||||
validate-on-match = true;
|
||||
exception-sorter-class-name = "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter";
|
||||
} // (lib.optionalAttrs (cfg.databaseCaCert != null) {
|
||||
} // (lib.optionalAttrs (cfg.database.caCert != null) {
|
||||
"connection-properties=trustCertificateKeyStoreUrl".value = "file:${mySqlCaKeystore}";
|
||||
"connection-properties=trustCertificateKeyStorePassword".value = "notsosecretpassword";
|
||||
});
|
||||
};
|
||||
})
|
||||
(lib.optionalAttrs (cfg.certificatePrivateKeyBundle != null) {
|
||||
(lib.optionalAttrs (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
|
||||
"socket-binding-group=standard-sockets"."socket-binding=https".port = cfg.httpsPort;
|
||||
"core-service=management"."security-realm=UndertowRealm"."server-identity=ssl" = {
|
||||
keystore-path = "/run/keycloak/ssl/certificate_private_key_bundle.p12";
|
||||
|
@ -537,7 +553,9 @@ in
|
|||
|
||||
jbossCliScript = pkgs.writeText "jboss-cli-script" (mkJbossScript keycloakConfig');
|
||||
|
||||
keycloakConfig = pkgs.runCommandNoCC "keycloak-config" {} ''
|
||||
keycloakConfig = pkgs.runCommandNoCC "keycloak-config" {
|
||||
nativeBuildInputs = [ cfg.package ];
|
||||
} ''
|
||||
export JBOSS_BASE_DIR="$(pwd -P)";
|
||||
export JBOSS_MODULEPATH="${cfg.package}/modules";
|
||||
export JBOSS_LOG_DIR="$JBOSS_BASE_DIR/log";
|
||||
|
@ -547,11 +565,11 @@ in
|
|||
|
||||
mkdir -p {deployments,ssl}
|
||||
|
||||
"${cfg.package}/bin/standalone.sh"&
|
||||
standalone.sh&
|
||||
|
||||
attempt=1
|
||||
max_attempts=30
|
||||
while ! ${cfg.package}/bin/jboss-cli.sh --connect ':read-attribute(name=server-state)'; do
|
||||
while ! jboss-cli.sh --connect ':read-attribute(name=server-state)'; do
|
||||
if [[ "$attempt" == "$max_attempts" ]]; then
|
||||
echo "ERROR: Could not connect to Keycloak after $attempt attempts! Failing.." >&2
|
||||
exit 1
|
||||
|
@ -561,7 +579,7 @@ in
|
|||
(( attempt++ ))
|
||||
done
|
||||
|
||||
${cfg.package}/bin/jboss-cli.sh --connect --file=${jbossCliScript} --echo-command
|
||||
jboss-cli.sh --connect --file=${jbossCliScript} --echo-command
|
||||
|
||||
cp configuration/standalone.xml $out
|
||||
'';
|
||||
|
@ -570,8 +588,8 @@ in
|
|||
|
||||
assertions = [
|
||||
{
|
||||
assertion = (cfg.databaseUseSSL && cfg.databaseType == "postgresql") -> (cfg.databaseCaCert != null);
|
||||
message = "A CA certificate must be specified (in 'services.keycloak.databaseCaCert') when PostgreSQL is used with SSL";
|
||||
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
|
||||
message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL";
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -581,6 +599,7 @@ in
|
|||
after = [ "postgresql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
path = [ config.services.postgresql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
@ -588,13 +607,15 @@ in
|
|||
Group = "postgres";
|
||||
};
|
||||
script = ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
PSQL=${config.services.postgresql.package}/bin/psql
|
||||
create_role="$(mktemp)"
|
||||
trap 'rm -f "$create_role"' ERR EXIT
|
||||
|
||||
db_password="$(<'${cfg.databasePasswordFile}')"
|
||||
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || $PSQL -tAc "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB"
|
||||
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
|
||||
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$(<'${cfg.database.passwordFile}')' CREATEDB" > "$create_role"
|
||||
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
|
||||
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -602,6 +623,7 @@ in
|
|||
after = [ "mysql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "mysql.service" ];
|
||||
path = [ config.services.mysql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
@ -609,13 +631,14 @@ in
|
|||
Group = config.services.mysql.group;
|
||||
};
|
||||
script = ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
db_password="$(<'${cfg.databasePasswordFile}')"
|
||||
db_password="$(<'${cfg.database.passwordFile}')"
|
||||
( echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
|
||||
echo "CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
||||
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
|
||||
) | ${config.services.mysql.package}/bin/mysql -N
|
||||
) | mysql -N
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -634,6 +657,8 @@ in
|
|||
bindsTo = databaseServices;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = with pkgs; [
|
||||
cfg.package
|
||||
openssl
|
||||
replace-secret
|
||||
];
|
||||
environment = {
|
||||
|
@ -644,14 +669,21 @@ in
|
|||
serviceConfig = {
|
||||
ExecStartPre = let
|
||||
startPreFullPrivileges = ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.databasePasswordFile}' /run/keycloak/secrets/db_password
|
||||
'' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) ''
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.certificatePrivateKeyBundle}' /run/keycloak/secrets/ssl_cert_pk_bundle
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password
|
||||
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert
|
||||
install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key
|
||||
'';
|
||||
startPre = ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
install -m 0600 ${cfg.package}/standalone/configuration/*.properties /run/keycloak/configuration
|
||||
install -T -m 0600 ${keycloakConfig} /run/keycloak/configuration/standalone.xml
|
||||
|
@ -659,13 +691,16 @@ in
|
|||
replace-secret '@db-password@' '/run/keycloak/secrets/db_password' /run/keycloak/configuration/standalone.xml
|
||||
|
||||
export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration
|
||||
${cfg.package}/bin/add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
|
||||
'' + lib.optionalString (cfg.certificatePrivateKeyBundle != null) ''
|
||||
add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}'
|
||||
'' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
pushd /run/keycloak/ssl/
|
||||
cat /run/keycloak/secrets/ssl_cert_pk_bundle <(echo) /etc/ssl/certs/ca-certificates.crt > allcerts.pem
|
||||
${pkgs.openssl}/bin/openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert_pk_bundle -chain \
|
||||
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
|
||||
-CAfile allcerts.pem -passout pass:notsosecretpassword
|
||||
cat /run/keycloak/secrets/ssl_cert <(echo) \
|
||||
/run/keycloak/secrets/ssl_key <(echo) \
|
||||
/etc/ssl/certs/ca-certificates.crt \
|
||||
> allcerts.pem
|
||||
openssl pkcs12 -export -in /run/keycloak/secrets/ssl_cert -inkey /run/keycloak/secrets/ssl_key -chain \
|
||||
-name "${cfg.frontendUrl}" -out certificate_private_key_bundle.p12 \
|
||||
-CAfile allcerts.pem -passout pass:notsosecretpassword
|
||||
popd
|
||||
'';
|
||||
in [
|
||||
|
@ -697,4 +732,5 @@ in
|
|||
};
|
||||
|
||||
meta.doc = ./keycloak.xml;
|
||||
meta.maintainers = [ lib.maintainers.talyz ];
|
||||
}
|
||||
|
|
|
@ -41,31 +41,31 @@
|
|||
<productname>PostgreSQL</productname> or
|
||||
<productname>MySQL</productname>. Which one is used can be
|
||||
configured in <xref
|
||||
linkend="opt-services.keycloak.databaseType" />. The selected
|
||||
linkend="opt-services.keycloak.database.type" />. The selected
|
||||
database will automatically be enabled and a database and role
|
||||
created unless <xref
|
||||
linkend="opt-services.keycloak.databaseHost" /> is changed from
|
||||
linkend="opt-services.keycloak.database.host" /> is changed from
|
||||
its default of <literal>localhost</literal> or <xref
|
||||
linkend="opt-services.keycloak.databaseCreateLocally" /> is set
|
||||
linkend="opt-services.keycloak.database.createLocally" /> is set
|
||||
to <literal>false</literal>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
External database access can also be configured by setting
|
||||
<xref linkend="opt-services.keycloak.databaseHost" />, <xref
|
||||
linkend="opt-services.keycloak.databaseUsername" />, <xref
|
||||
linkend="opt-services.keycloak.databaseUseSSL" /> and <xref
|
||||
linkend="opt-services.keycloak.databaseCaCert" /> as
|
||||
<xref linkend="opt-services.keycloak.database.host" />, <xref
|
||||
linkend="opt-services.keycloak.database.username" />, <xref
|
||||
linkend="opt-services.keycloak.database.useSSL" /> and <xref
|
||||
linkend="opt-services.keycloak.database.caCert" /> as
|
||||
appropriate. Note that you need to manually create a database
|
||||
called <literal>keycloak</literal> and allow the configured
|
||||
database user full access to it.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<xref linkend="opt-services.keycloak.databasePasswordFile" />
|
||||
<xref linkend="opt-services.keycloak.database.passwordFile" />
|
||||
must be set to the path to a file containing the password used
|
||||
to log in to the database. If <xref linkend="opt-services.keycloak.databaseHost" />
|
||||
and <xref linkend="opt-services.keycloak.databaseCreateLocally" />
|
||||
to log in to the database. If <xref linkend="opt-services.keycloak.database.host" />
|
||||
and <xref linkend="opt-services.keycloak.database.createLocally" />
|
||||
are kept at their defaults, the database role
|
||||
<literal>keycloak</literal> with that password is provisioned
|
||||
on the local database instance.
|
||||
|
@ -115,17 +115,17 @@
|
|||
</para>
|
||||
|
||||
<para>
|
||||
For HTTPS support, a TLS certificate and private key is
|
||||
required. They should be <link
|
||||
HTTPS support requires a TLS/SSL certificate and a private key,
|
||||
both <link
|
||||
xlink:href="https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail">PEM
|
||||
formatted</link> and concatenated into a single file. The path
|
||||
to this file should be configured in
|
||||
<xref linkend="opt-services.keycloak.certificatePrivateKeyBundle" />.
|
||||
formatted</link>. Their paths should be set through <xref
|
||||
linkend="opt-services.keycloak.sslCertificate" /> and <xref
|
||||
linkend="opt-services.keycloak.sslCertificateKey" />.
|
||||
</para>
|
||||
|
||||
<warning>
|
||||
<para>
|
||||
The path should be provided as a string, not a Nix path,
|
||||
The paths should be provided as a strings, not a Nix paths,
|
||||
since Nix paths are copied into the world readable Nix store.
|
||||
</para>
|
||||
</warning>
|
||||
|
@ -195,8 +195,9 @@ services.keycloak = {
|
|||
<link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl"; # change on first login
|
||||
<link linkend="opt-services.keycloak.frontendUrl">frontendUrl</link> = "https://keycloak.example.com/auth";
|
||||
<link linkend="opt-services.keycloak.forceBackendUrlToFrontendUrl">forceBackendUrlToFrontendUrl</link> = true;
|
||||
<link linkend="opt-services.keycloak.certificatePrivateKeyBundle">certificatePrivateKeyBundle</link> = "/run/keys/ssl_cert";
|
||||
<link linkend="opt-services.keycloak.databasePasswordFile">databasePasswordFile</link> = "/run/keys/db_password";
|
||||
<link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert";
|
||||
<link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key";
|
||||
<link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password";
|
||||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
|
|
@ -448,10 +448,10 @@ in {
|
|||
join pg_namespace s on s.oid = c.relnamespace \
|
||||
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
|
||||
and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
|
||||
SAFETY_ASSURED=1 rake db:schema:load
|
||||
rake db:seed
|
||||
SAFETY_ASSURED=1 rails db:schema:load
|
||||
rails db:seed
|
||||
else
|
||||
rake db:migrate
|
||||
rails db:migrate
|
||||
fi
|
||||
'';
|
||||
path = [ cfg.package pkgs.postgresql ];
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
# client using their Keycloak login.
|
||||
|
||||
let
|
||||
frontendUrl = "http://keycloak/auth";
|
||||
certs = import ./common/acme/server/snakeoil-certs.nix;
|
||||
frontendUrl = "https://${certs.domain}/auth";
|
||||
initialAdminPassword = "h4IhoJFnt2iQIR9";
|
||||
|
||||
keycloakTest = import ./make-test-python.nix (
|
||||
|
@ -17,12 +18,27 @@ let
|
|||
nodes = {
|
||||
keycloak = { ... }: {
|
||||
virtualisation.memorySize = 1024;
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
certs.ca.cert
|
||||
];
|
||||
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 ${certs.domain}
|
||||
'';
|
||||
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
inherit frontendUrl databaseType initialAdminPassword;
|
||||
databaseUsername = "bogus";
|
||||
databasePasswordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH";
|
||||
inherit frontendUrl initialAdminPassword;
|
||||
sslCertificate = certs.${certs.domain}.cert;
|
||||
sslCertificateKey = certs.${certs.domain}.key;
|
||||
database = {
|
||||
type = databaseType;
|
||||
username = "bogus";
|
||||
passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
xmlstarlet
|
||||
libtidy
|
||||
|
|
|
@ -1,8 +1,49 @@
|
|||
{ lib, mkDerivation, fetchFromGitHub, fetchpatch, boost, cmake, chromaprint, gettext, gst_all_1, liblastfm
|
||||
, qtbase, qtx11extras, qttools
|
||||
, taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp
|
||||
, libpulseaudio, gvfs, libcdio, libechonest, libspotify, pcre, projectm, protobuf
|
||||
, qca2, pkg-config, sparsehash, config, makeWrapper, gst_plugins }:
|
||||
{ lib
|
||||
, mkDerivation
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, boost
|
||||
, cmake
|
||||
, chromaprint
|
||||
, gettext
|
||||
, gst_all_1
|
||||
, liblastfm
|
||||
, qtbase
|
||||
, qtx11extras
|
||||
, qttools
|
||||
, taglib
|
||||
, fftw
|
||||
, glew
|
||||
, qjson
|
||||
, sqlite
|
||||
, libgpod
|
||||
, libplist
|
||||
, usbmuxd
|
||||
, libmtp
|
||||
, libpulseaudio
|
||||
, gvfs
|
||||
, libcdio
|
||||
, libechonest
|
||||
, libspotify
|
||||
, pcre
|
||||
, projectm
|
||||
, protobuf
|
||||
, qca2
|
||||
, pkg-config
|
||||
, sparsehash
|
||||
, config
|
||||
, makeWrapper
|
||||
, gst_plugins
|
||||
|
||||
, util-linux
|
||||
, libunwind
|
||||
, libselinux
|
||||
, elfutils
|
||||
, libsepol
|
||||
, orc
|
||||
|
||||
, alsaLib
|
||||
}:
|
||||
|
||||
let
|
||||
withIpod = config.clementine.ipod or false;
|
||||
|
@ -22,9 +63,26 @@ let
|
|||
|
||||
patches = [
|
||||
./clementine-spotify-blob.patch
|
||||
(fetchpatch {
|
||||
# "short-term" fix for execution on wayland (1.4.0rc1-131-g2179027a6)
|
||||
# for https://github.com/clementine-player/Clementine/issues/6587
|
||||
url = "https://github.com/clementine-player/Clementine/commit/2179027a6d97530c857e43be873baacd696ff332.patch";
|
||||
sha256 = "0344bfcyvjim5ph8w4km6zkg96rj5g9ybp9x14qgyw2gkdksimn6";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config makeWrapper ];
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
makeWrapper
|
||||
|
||||
util-linux
|
||||
libunwind
|
||||
libselinux
|
||||
elfutils
|
||||
libsepol
|
||||
orc
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
boost
|
||||
|
@ -48,11 +106,13 @@ let
|
|||
qttools
|
||||
sqlite
|
||||
taglib
|
||||
|
||||
alsaLib
|
||||
]
|
||||
++ lib.optionals (withIpod) [libgpod libplist usbmuxd]
|
||||
++ lib.optionals (withMTP) [libmtp]
|
||||
++ lib.optionals (withCD) [libcdio]
|
||||
++ lib.optionals (withCloud) [sparsehash];
|
||||
++ lib.optionals (withIpod) [ libgpod libplist usbmuxd ]
|
||||
++ lib.optionals (withMTP) [ libmtp ]
|
||||
++ lib.optionals (withCD) [ libcdio ]
|
||||
++ lib.optionals (withCloud) [ sparsehash ];
|
||||
|
||||
postPatch = ''
|
||||
sed -i src/CMakeLists.txt \
|
||||
|
@ -132,4 +192,5 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
in free
|
||||
in
|
||||
free
|
||||
|
|
|
@ -19,20 +19,20 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pika-backup";
|
||||
version = "0.3.0";
|
||||
version = "0.3.1";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.gnome.org";
|
||||
owner = "World";
|
||||
repo = "pika-backup";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-k9kl6cSohWx+MB/9jyVcTgpv02gsVwAk5KDSNqQrmzI=";
|
||||
sha256 = "0cr3axfp15nzwmsqyz6j781qhr2gsn9p69m0jfzy89pl83d6vcz0";
|
||||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
sha256 = "0r6nbffik5j82bi82cmc00b17xv9m7xn3w3sarzwfxz0h43lal8a";
|
||||
sha256 = "1z0cbrkhxyzwf7vjjsvdppb7zhflpkw4m5cy90a2315nbll3hpbp";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -6,6 +6,6 @@
|
|||
|
||||
callPackage ./generic.nix {
|
||||
inherit buildGoPackage nvidia_x11 nvidiaGpuSupport;
|
||||
version = "1.0.5";
|
||||
sha256 = "06l56fi4fhplvl8v0i88q18yh1hwwd12fngnrflb91janbyk6p4l";
|
||||
version = "1.0.6";
|
||||
sha256 = "1nzaw4014bndxv042dkxdj492b21r5v5f06vav2kr1azk4m9sf07";
|
||||
}
|
||||
|
|
11
pkgs/applications/networking/cluster/nomad/1.1.nix
Normal file
11
pkgs/applications/networking/cluster/nomad/1.1.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ callPackage
|
||||
, buildGoPackage
|
||||
, nvidia_x11
|
||||
, nvidiaGpuSupport
|
||||
}:
|
||||
|
||||
callPackage ./generic.nix {
|
||||
inherit buildGoPackage nvidia_x11 nvidiaGpuSupport;
|
||||
version = "1.1.0";
|
||||
sha256 = "0sz6blyxyxi5iq170s9v4nndb1hpz603z5ps2cxkdkaafal39767";
|
||||
}
|
|
@ -20,13 +20,13 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "nextcloud-client";
|
||||
version = "3.2.0";
|
||||
version = "3.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nextcloud";
|
||||
repo = "desktop";
|
||||
rev = "v${version}";
|
||||
sha256 = "1nklsa2lx9ayjp8rk1mycjysqqmnq47djig0wygzna5mycl3ji06";
|
||||
sha256 = "sha256-I31w79GDZxSGlT6YPKSpq0aiyGnJiJBVdTyWI+DUoz4=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -19,11 +19,11 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "internetarchive";
|
||||
version = "2.0.2";
|
||||
version = "2.0.3";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "515e6646a2b917c15f2241670d21f14a014b9c67dc509aef4d4aca5a59cdda65";
|
||||
sha256 = "2ce0ab89fea37e5b2311bc7d163955e84f73f6beeac3942e17e9d51ad7cc9ffa";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
{ lib, buildGoPackage, fetchFromGitLab, fetchurl }:
|
||||
|
||||
let
|
||||
version = "13.11.0";
|
||||
version = "13.12.0";
|
||||
# Gitlab runner embeds some docker images these are prebuilt for arm and x86_64
|
||||
docker_x86_64 = fetchurl {
|
||||
url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/helper-images/prebuilt-x86_64.tar.xz";
|
||||
sha256 = "1vmj7vxz1a4js9kqz7mm6xgnkmb37c1jbx2lwsq2qkrybkxfcw8k";
|
||||
sha256 = "0m0r295520jy45wn8jw3jzhiixl4c6yrfx7gvgbd4c1v4y8ivrci";
|
||||
};
|
||||
|
||||
docker_arm = fetchurl {
|
||||
url = "https://gitlab-runner-downloads.s3.amazonaws.com/v${version}/helper-images/prebuilt-arm.tar.xz";
|
||||
sha256 = "1c1pywz7ylaysplvq1m15v7rf1sgdkh9scbqklzcm55fjk128lif";
|
||||
sha256 = "0syfggplp19bbmhhpyc17h0f1dii9hc6n04q483l0xdk7sv39fwx";
|
||||
};
|
||||
in
|
||||
buildGoPackage rec {
|
||||
|
@ -30,7 +30,7 @@ buildGoPackage rec {
|
|||
owner = "gitlab-org";
|
||||
repo = "gitlab-runner";
|
||||
rev = "v${version}";
|
||||
sha256 = "07jqsxac50xwmhlv0nbnn098290nkpsmrxw872yh67n1s9gqfd27";
|
||||
sha256 = "0jh5ghjyzr7srl3xjsklv9yskq8k88kmylpiigjir0mkbn43fgzq";
|
||||
};
|
||||
|
||||
patches = [ ./fix-shell-path.patch ];
|
||||
|
|
|
@ -4,16 +4,16 @@ with lib;
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "kind";
|
||||
version = "0.10.0";
|
||||
version = "0.11.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
rev = "v${version}";
|
||||
owner = "kubernetes-sigs";
|
||||
repo = "kind";
|
||||
sha256 = "1pp2x4bfqsd15siahyv9xkdyswsipmp9n86iwavrd0xhliqxlsa7";
|
||||
sha256 = "020s1fr92lv9yiy5kbnrfb8n0lpslriwyh5z31aym3x44qpc6jaj";
|
||||
};
|
||||
|
||||
vendorSha256 = "0c0j4s8kfzk2b3hy0d2g5bp1zr60l6vnwnpynsg6ksv8spwnpl5m";
|
||||
vendorSha256 = "08cjvhk587f3aar4drn0hq9q1zlsnl4p7by4j38jzb4r8ix5s98y";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "kubie";
|
||||
version = "0.13.4";
|
||||
version = "0.14.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
rev = "v${version}";
|
||||
owner = "sbstp";
|
||||
repo = "kubie";
|
||||
sha256 = "sha256-ZD63Xtnw7qzTrzFxzzZ37N177/PnRaMEzBbhz7h/zCY=";
|
||||
sha256 = "0mhm2j3i2ql7dz5vx0mwab8h8zr05ar5lfzdacgnrc293g1c01aq";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-WSjIN7YVX61V5nEei2iZfasIcBLjXxlZP6ZUj9nDnpo=";
|
||||
cargoSha256 = "1rfqk7dmcz5zfq9fm9kvxf5718m0v0yfjm5a8718d40zzzvam7sy";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ fetchFromGitHub, nixStable, callPackage, nixFlakes, nixosTests }:
|
||||
{ fetchFromGitHub, nixStable, callPackage, nixUnstable, nixosTests }:
|
||||
|
||||
{
|
||||
hydra-unstable = callPackage ./common.nix {
|
||||
|
@ -9,7 +9,7 @@
|
|||
rev = "886e6f85e45a1f757e9b77d2a9e4539fbde29468";
|
||||
sha256 = "t7Qb57Xjc0Ou+VDGC1N5u9AmeODW6MVOwKSrYRJq5f0=";
|
||||
};
|
||||
nix = nixFlakes;
|
||||
nix = nixUnstable;
|
||||
|
||||
tests = {
|
||||
basic = nixosTests.hydra.hydra-unstable;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv
|
||||
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_2_7, writeShellScript
|
||||
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
|
||||
|
||||
# Allow building a fork or custom version of Mastodon:
|
||||
, pname ? "mastodon"
|
||||
|
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
|||
mastodon-gems = bundlerEnv {
|
||||
name = "${pname}-gems-${version}";
|
||||
inherit version;
|
||||
ruby = ruby_2_7;
|
||||
ruby = ruby_3_0;
|
||||
gemdir = src;
|
||||
gemset = dependenciesDir + "/gemset.nix";
|
||||
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"version": "3.3.0",
|
||||
"version": "3.4.0",
|
||||
"name": "@tootsuite/mastodon",
|
||||
"license": "AGPL-3.0-or-later",
|
||||
"engines": {
|
||||
"node": ">=10.13"
|
||||
"node": ">=12"
|
||||
},
|
||||
"scripts": {
|
||||
"postversion": "git push --tags",
|
||||
|
@ -23,7 +23,7 @@
|
|||
},
|
||||
"browserslist": [
|
||||
"last 2 versions",
|
||||
"IE >= 11",
|
||||
"not IE 11",
|
||||
"iOS >= 9",
|
||||
"not dead"
|
||||
],
|
||||
|
@ -60,37 +60,35 @@
|
|||
},
|
||||
"private": true,
|
||||
"dependencies": {
|
||||
"@babel/core": "^7.12.7",
|
||||
"@babel/plugin-proposal-class-properties": "^7.8.3",
|
||||
"@babel/plugin-proposal-decorators": "^7.12.1",
|
||||
"@babel/plugin-transform-react-inline-elements": "^7.12.1",
|
||||
"@babel/plugin-transform-runtime": "^7.12.1",
|
||||
"@babel/preset-env": "^7.12.7",
|
||||
"@babel/preset-react": "^7.12.7",
|
||||
"@babel/runtime": "^7.12.5",
|
||||
"@clusterws/cws": "^3.0.0",
|
||||
"@babel/core": "^7.14.0",
|
||||
"@babel/plugin-proposal-decorators": "^7.13.15",
|
||||
"@babel/plugin-transform-react-inline-elements": "^7.12.13",
|
||||
"@babel/plugin-transform-runtime": "^7.13.15",
|
||||
"@babel/preset-env": "^7.14.1",
|
||||
"@babel/preset-react": "^7.13.13",
|
||||
"@babel/runtime": "^7.14.0",
|
||||
"@gamestdio/websocket": "^0.3.2",
|
||||
"@github/webauthn-json": "^0.5.7",
|
||||
"@rails/ujs": "^6.0.3",
|
||||
"array-includes": "^3.1.1",
|
||||
"@rails/ujs": "^6.1.3",
|
||||
"array-includes": "^3.1.3",
|
||||
"arrow-key-navigation": "^1.2.0",
|
||||
"autoprefixer": "^9.8.6",
|
||||
"axios": "^0.21.0",
|
||||
"babel-loader": "^8.2.1",
|
||||
"axios": "^0.21.1",
|
||||
"babel-loader": "^8.2.2",
|
||||
"babel-plugin-lodash": "^3.3.4",
|
||||
"babel-plugin-preval": "^5.0.0",
|
||||
"babel-plugin-react-intl": "^6.2.0",
|
||||
"babel-plugin-transform-react-remove-prop-types": "^0.4.24",
|
||||
"babel-runtime": "^6.26.0",
|
||||
"blurhash": "^1.1.3",
|
||||
"classnames": "^2.2.5",
|
||||
"color-blend": "^3.0.0",
|
||||
"classnames": "^2.3.1",
|
||||
"color-blend": "^3.0.1",
|
||||
"compression-webpack-plugin": "^6.1.1",
|
||||
"cross-env": "^7.0.2",
|
||||
"css-loader": "^5.0.1",
|
||||
"cssnano": "^4.1.10",
|
||||
"detect-passive-events": "^2.0.1",
|
||||
"dotenv": "^8.2.0",
|
||||
"cross-env": "^7.0.3",
|
||||
"css-loader": "^5.2.4",
|
||||
"cssnano": "^4.1.11",
|
||||
"detect-passive-events": "^2.0.3",
|
||||
"dotenv": "^9.0.1",
|
||||
"emoji-mart": "Gargron/emoji-mart#build",
|
||||
"es6-symbol": "^3.1.3",
|
||||
"escape-html": "^1.0.3",
|
||||
|
@ -98,29 +96,29 @@
|
|||
"express": "^4.17.1",
|
||||
"file-loader": "^6.2.0",
|
||||
"font-awesome": "^4.7.0",
|
||||
"glob": "^7.1.6",
|
||||
"glob": "^7.1.7",
|
||||
"history": "^4.10.1",
|
||||
"http-link-header": "^1.0.3",
|
||||
"immutable": "^3.8.2",
|
||||
"imports-loader": "^1.2.0",
|
||||
"intersection-observer": "^0.11.0",
|
||||
"intersection-observer": "^0.12.0",
|
||||
"intl": "^1.2.5",
|
||||
"intl-messageformat": "^2.2.0",
|
||||
"intl-relativeformat": "^6.4.3",
|
||||
"is-nan": "^1.3.0",
|
||||
"js-yaml": "^3.13.1",
|
||||
"lodash": "^4.17.19",
|
||||
"is-nan": "^1.3.2",
|
||||
"js-yaml": "^4.1.0",
|
||||
"lodash": "^4.17.21",
|
||||
"mark-loader": "^0.1.6",
|
||||
"marky": "^1.2.1",
|
||||
"mini-css-extract-plugin": "^1.3.1",
|
||||
"marky": "^1.2.2",
|
||||
"mini-css-extract-plugin": "^1.6.0",
|
||||
"mkdirp": "^1.0.4",
|
||||
"npmlog": "^4.1.2",
|
||||
"object-assign": "^4.1.1",
|
||||
"object-fit-images": "^3.2.3",
|
||||
"object.values": "^1.1.1",
|
||||
"object.values": "^1.1.3",
|
||||
"offline-plugin": "^5.0.7",
|
||||
"path-complete-extname": "^1.0.0",
|
||||
"pg": "^6.4.0",
|
||||
"pg": "^8.5.0",
|
||||
"postcss-loader": "^3.0.0",
|
||||
"postcss-object-fit-images": "^1.1.2",
|
||||
"promise.prototype.finally": "^3.1.2",
|
||||
|
@ -135,18 +133,18 @@
|
|||
"react-masonry-infinite": "^1.2.2",
|
||||
"react-motion": "^0.5.2",
|
||||
"react-notification": "^6.8.5",
|
||||
"react-overlays": "^0.9.2",
|
||||
"react-redux": "^7.2.2",
|
||||
"react-overlays": "^0.9.3",
|
||||
"react-redux": "^7.2.4",
|
||||
"react-redux-loading-bar": "^4.0.8",
|
||||
"react-router-dom": "^4.1.1",
|
||||
"react-router-scroll-4": "^1.0.0-beta.1",
|
||||
"react-select": "^3.1.0",
|
||||
"react-select": "^4.3.0",
|
||||
"react-sparklines": "^1.7.0",
|
||||
"react-swipeable-views": "^0.13.9",
|
||||
"react-textarea-autosize": "^8.3.0",
|
||||
"react-toggle": "^4.1.1",
|
||||
"redis": "^3.0.2",
|
||||
"redux": "^4.0.5",
|
||||
"react-textarea-autosize": "^8.3.2",
|
||||
"react-toggle": "^4.1.2",
|
||||
"redis": "^3.1.2",
|
||||
"redux": "^4.1.0",
|
||||
"redux-immutable": "^4.0.0",
|
||||
"redux-thunk": "^2.2.0",
|
||||
"regenerator-runtime": "^0.13.7",
|
||||
|
@ -154,8 +152,8 @@
|
|||
"requestidlecallback": "^0.3.0",
|
||||
"reselect": "^4.0.0",
|
||||
"rimraf": "^3.0.2",
|
||||
"sass": "^1.29.0",
|
||||
"sass-loader": "^10.1.0",
|
||||
"sass": "^1.32.12",
|
||||
"sass-loader": "^10.1.1",
|
||||
"stacktrace-js": "^2.0.2",
|
||||
"stringz": "^2.1.0",
|
||||
"substring-trie": "^1.0.2",
|
||||
|
@ -163,31 +161,37 @@
|
|||
"tesseract.js": "^2.1.1",
|
||||
"throng": "^4.0.0",
|
||||
"tiny-queue": "^0.2.1",
|
||||
"twitter-text": "3.1.0",
|
||||
"uuid": "^8.3.1",
|
||||
"webpack": "^4.44.2",
|
||||
"webpack-assets-manifest": "^3.1.1",
|
||||
"webpack-bundle-analyzer": "^4.1.0",
|
||||
"webpack": "^4.46.0",
|
||||
"webpack-assets-manifest": "^4.0.6",
|
||||
"webpack-bundle-analyzer": "^4.4.1",
|
||||
"webpack-cli": "^3.3.12",
|
||||
"webpack-merge": "^5.4.0",
|
||||
"wicg-inert": "^3.1.0",
|
||||
"webpack-merge": "^5.7.3",
|
||||
"wicg-inert": "^3.1.1",
|
||||
"ws": "^7.4.5",
|
||||
"kind-of": "^6.0.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@testing-library/jest-dom": "^5.11.6",
|
||||
"@testing-library/react": "^11.2.2",
|
||||
"@testing-library/jest-dom": "^5.12.0",
|
||||
"@testing-library/react": "^11.2.6",
|
||||
"babel-eslint": "^10.1.0",
|
||||
"babel-jest": "^26.6.3",
|
||||
"eslint": "^7.14.0",
|
||||
"eslint": "^7.26.0",
|
||||
"eslint-plugin-import": "~2.22.1",
|
||||
"eslint-plugin-jsx-a11y": "~6.4.1",
|
||||
"eslint-plugin-promise": "~4.2.1",
|
||||
"eslint-plugin-react": "~7.21.5",
|
||||
"eslint-plugin-promise": "~5.1.0",
|
||||
"eslint-plugin-react": "~7.23.2",
|
||||
"jest": "^26.6.3",
|
||||
"raf": "^3.4.1",
|
||||
"react-intl-translations-manager": "^5.0.3",
|
||||
"react-test-renderer": "^16.14.0",
|
||||
"sass-lint": "^1.13.1",
|
||||
"webpack-dev-server": "^3.11.0",
|
||||
"yargs": "^16.1.1"
|
||||
"webpack-dev-server": "^3.11.2",
|
||||
"yargs": "^17.0.1"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"bufferutil": "^4.0.3",
|
||||
"utf-8-validate": "^5.0.5"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,31 +1,32 @@
|
|||
diff --git a/package.json b/package.json
|
||||
index 7b8f49dd8..24cdd3498 100644
|
||||
index 5bc1f6bf3..8cc22a403 100644
|
||||
--- a/package.json
|
||||
+++ b/package.json
|
||||
@@ -168,7 +168,8 @@
|
||||
"webpack-bundle-analyzer": "^4.1.0",
|
||||
"webpack-cli": "^3.3.12",
|
||||
"webpack-merge": "^5.4.0",
|
||||
- "wicg-inert": "^3.1.0"
|
||||
+ "wicg-inert": "^3.1.0",
|
||||
"webpack-merge": "^5.7.3",
|
||||
"wicg-inert": "^3.1.1",
|
||||
- "ws": "^7.4.5"
|
||||
+ "ws": "^7.4.5",
|
||||
+ "kind-of": "^6.0.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@testing-library/jest-dom": "^5.11.6",
|
||||
@@ -187,8 +188,5 @@
|
||||
"sass-lint": "^1.13.1",
|
||||
"webpack-dev-server": "^3.11.0",
|
||||
"yargs": "^16.1.1"
|
||||
- },
|
||||
"@testing-library/jest-dom": "^5.12.0",
|
||||
@@ -188,9 +189,6 @@
|
||||
"webpack-dev-server": "^3.11.2",
|
||||
"yargs": "^17.0.1"
|
||||
},
|
||||
- "resolutions": {
|
||||
- "kind-of": "^6.0.3"
|
||||
}
|
||||
}
|
||||
- },
|
||||
"optionalDependencies": {
|
||||
"bufferutil": "^4.0.3",
|
||||
"utf-8-validate": "^5.0.5"
|
||||
diff --git a/yarn.lock b/yarn.lock
|
||||
index 4aa8f6380..68d2fd8b5 100644
|
||||
index 6c8bcf549..bda3adbe8 100644
|
||||
--- a/yarn.lock
|
||||
+++ b/yarn.lock
|
||||
@@ -5689,6 +5689,11 @@ is-binary-path@~2.1.0:
|
||||
@@ -5833,6 +5833,11 @@ is-binary-path@~2.1.0:
|
||||
dependencies:
|
||||
binary-extensions "^2.0.0"
|
||||
|
||||
|
@ -37,7 +38,7 @@ index 4aa8f6380..68d2fd8b5 100644
|
|||
is-callable@^1.1.4, is-callable@^1.2.2:
|
||||
version "1.2.2"
|
||||
resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.2.tgz#c7c6715cd22d4ddb48d3e19970223aceabb080d9"
|
||||
@@ -6639,7 +6644,26 @@ killable@^1.0.1:
|
||||
@@ -6769,7 +6774,26 @@ killable@^1.0.1:
|
||||
resolved "https://registry.yarnpkg.com/killable/-/killable-1.0.1.tgz#4c8ce441187a061c7474fb87ca08e2a638194892"
|
||||
integrity sha512-LzqtLKlUwirEUyl/nicirVmNiPvYs7l5n8wOPP7fyJVpUPkvCnW/vuiXGpylGUlnPDnB7311rARzAt3Mhswpjg==
|
||||
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
{ fetchgit, applyPatches }: let
|
||||
src = fetchgit {
|
||||
url = "https://github.com/tootsuite/mastodon.git";
|
||||
rev = "v3.3.0";
|
||||
sha256 = "17wvggvy5mmyf3f1i5v1hgvh6wjdhg9hb3wiyfaydx0slsg03qba";
|
||||
rev = "v3.4.0";
|
||||
sha256 = "0wa1j4iin6nlb1p5lxzgldzgr0vhrmm835gj2zqadw37vpsxdis3";
|
||||
};
|
||||
in applyPatches {
|
||||
inherit src;
|
||||
|
|
|
@ -1 +1 @@
|
|||
"3.3.0"
|
||||
"3.4.0"
|
||||
|
|
|
@ -3,7 +3,7 @@ diff -Naur --label a/package.json --label b/package.json a/package.json b/packag
|
|||
+++ b/package.json
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
+ "version": "3.3.0",
|
||||
+ "version": "3.4.0",
|
||||
"name": "@tootsuite/mastodon",
|
||||
"license": "AGPL-3.0-or-later",
|
||||
"engines": {
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
{ lib, stdenv, fetchFromGitHub, gnugrep, nixFlakes }:
|
||||
{ lib, stdenv, fetchFromGitHub, gnugrep, nixUnstable }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "nix-direnv";
|
||||
|
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
|||
# Substitute instead of wrapping because the resulting file is
|
||||
# getting sourced, not executed:
|
||||
postPatch = ''
|
||||
sed -i "1a NIX_BIN_PREFIX=${nixFlakes}/bin/" direnvrc
|
||||
sed -i "1a NIX_BIN_PREFIX=${nixUnstable}/bin/" direnvrc
|
||||
substituteInPlace direnvrc --replace "grep" "${gnugrep}/bin/grep"
|
||||
'';
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib
|
||||
, buildPythonApplication
|
||||
, fetchFromGitHub
|
||||
, nixFlakes
|
||||
, nixUnstable
|
||||
, nix-prefetch
|
||||
, nixpkgs-fmt
|
||||
, nixpkgs-review
|
||||
|
@ -19,7 +19,7 @@ buildPythonApplication rec {
|
|||
};
|
||||
|
||||
makeWrapperArgs = [
|
||||
"--prefix" "PATH" ":" (lib.makeBinPath [ nixFlakes nix-prefetch nixpkgs-fmt nixpkgs-review ])
|
||||
"--prefix" "PATH" ":" (lib.makeBinPath [ nixUnstable nix-prefetch nixpkgs-fmt nixpkgs-review ])
|
||||
];
|
||||
|
||||
checkPhase = ''
|
||||
|
|
|
@ -227,12 +227,4 @@ in rec {
|
|||
];
|
||||
});
|
||||
|
||||
nixExperimental = nixUnstable.overrideAttrs (prev: {
|
||||
patches = (prev.patches or []) ++ [ ./enable-all-experimental.patch ];
|
||||
});
|
||||
|
||||
nixFlakes = nixUnstable.overrideAttrs (prev: {
|
||||
patches = (prev.patches or []) ++ [ ./enable-flakes.patch ];
|
||||
});
|
||||
|
||||
}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
|
||||
index d3b27d7be..e7d002e1d 100644
|
||||
--- a/src/libstore/globals.cc
|
||||
+++ b/src/libstore/globals.cc
|
||||
@@ -172,8 +172,7 @@ MissingExperimentalFeature::MissingExperimentalFeature(std::string feature)
|
||||
|
||||
void Settings::requireExperimentalFeature(const std::string & name)
|
||||
{
|
||||
- if (!isExperimentalFeatureEnabled(name))
|
||||
- throw MissingExperimentalFeature(name);
|
||||
+ return;
|
||||
}
|
||||
|
||||
bool Settings::isWSL1()
|
|
@ -1,14 +0,0 @@
|
|||
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
|
||||
index 3e4ead76c..81d407236 100644
|
||||
--- a/src/libstore/globals.hh
|
||||
+++ b/src/libstore/globals.hh
|
||||
@@ -923,7 +923,8 @@ public:
|
||||
value.
|
||||
)"};
|
||||
|
||||
- Setting<Strings> experimentalFeatures{this, {}, "experimental-features",
|
||||
+ Setting<Strings> experimentalFeatures{
|
||||
+ this, {"flakes", "nix-command"}, "experimental-features",
|
||||
"Experimental Nix features to enable."};
|
||||
|
||||
bool isExperimentalFeatureEnabled(const std::string & name);
|
|
@ -1,7 +1,7 @@
|
|||
{ lib
|
||||
, python3
|
||||
, fetchFromGitHub
|
||||
, nixFlakes
|
||||
, nixUnstable
|
||||
, git
|
||||
}:
|
||||
|
||||
|
@ -17,7 +17,7 @@ python3.pkgs.buildPythonApplication rec {
|
|||
};
|
||||
|
||||
makeWrapperArgs = [
|
||||
"--prefix" "PATH" ":" (lib.makeBinPath [ nixFlakes git ])
|
||||
"--prefix" "PATH" ":" (lib.makeBinPath [ nixUnstable git ])
|
||||
];
|
||||
|
||||
doCheck = false;
|
||||
|
|
|
@ -492,6 +492,7 @@ mapAliases ({
|
|||
nginxUnstable = nginxMainline; # added 2018-04-25
|
||||
nilfs_utils = nilfs-utils; # added 2018-04-25
|
||||
nix-review = nixpkgs-review; # added 2019-12-22
|
||||
nixFlakes = nixUnstable; # added 2021-05-21
|
||||
nmap_graphical = nmap-graphical; # added 2017-01-19
|
||||
nologin = shadow; # added 2018-04-25
|
||||
nxproxy = nx-libs; # added 2019-02-15
|
||||
|
|
|
@ -7092,6 +7092,11 @@ in
|
|||
inherit (linuxPackages) nvidia_x11;
|
||||
nvidiaGpuSupport = config.cudaSupport or false;
|
||||
};
|
||||
nomad_1_1 = callPackage ../applications/networking/cluster/nomad/1.1.nix {
|
||||
buildGoPackage = buildGo116Package;
|
||||
inherit (linuxPackages) nvidia_x11;
|
||||
nvidiaGpuSupport = config.cudaSupport or false;
|
||||
};
|
||||
|
||||
nomad-driver-podman = callPackage ../applications/networking/cluster/nomad-driver-podman { };
|
||||
|
||||
|
@ -19086,11 +19091,7 @@ in
|
|||
|
||||
mailman-web = with python3.pkgs; toPythonApplication mailman-web;
|
||||
|
||||
mastodon = callPackage ../servers/mastodon {
|
||||
# With nodejs v14 the streaming endpoint breaks. Need migrate to uWebSockets.js or similar.
|
||||
# https://github.com/tootsuite/mastodon/issues/15184
|
||||
nodejs-slim = nodejs-slim-12_x;
|
||||
};
|
||||
mastodon = callPackage ../servers/mastodon { };
|
||||
|
||||
materialize = callPackage ../servers/sql/materialize {
|
||||
inherit (buildPackages.darwin) bootstrap_cmds;
|
||||
|
@ -30420,9 +30421,7 @@ in
|
|||
})
|
||||
nix
|
||||
nixStable
|
||||
nixUnstable
|
||||
nixFlakes
|
||||
nixExperimental;
|
||||
nixUnstable;
|
||||
|
||||
nixStatic = pkgsStatic.nix;
|
||||
|
||||
|
|
Loading…
Reference in a new issue