BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'NixOS:master' into fix-nordic

Browse source
This commit is contained in:
Jacob Osborne 2024-02-18 23:43:57 -05:00 committed by GitHub
commit 6c41a3c04c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
713 changed files with 34442 additions and 9786 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
doc/build-helpers/images/dockertools.section.md
View file

@ -6,7 +6,7 @@ Docker itself is not used to perform any of the operations done by these functio
## buildImage {#ssec-pkgs-dockerTools-buildImage}
This function builds a Docker-compatible repository tarball containing a single image.
As such, the result is suitable for being loaded in Docker with `docker load` (see [](#ex-dockerTools-buildImage) for how to do this).
As such, the result is suitable for being loaded in Docker with `docker image load` (see [](#ex-dockerTools-buildImage) for how to do this).
This function will create a single layer for all files (and dependencies) that are specified in its argument.
Only new dependencies that are not already in the existing layers will be copied.
@ -43,7 +43,7 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has
`fromImage` (Path or Null; _optional_)
: The repository tarball of an image to be used as the base for the generated image.
It must be a valid Docker image, such as one exported by `docker save`, or another image built with the `dockerTools` utility functions.
It must be a valid Docker image, such as one exported by `docker image save`, or another image built with the `dockerTools` utility functions.
This can be seen as an equivalent of `FROM fromImage` in a `Dockerfile`.
A value of `null` can be seen as an equivalent of `FROM scratch`.
@ -123,7 +123,7 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has
_Default value:_ `""`.
`config` (Attribute Set; _optional_)
`config` (Attribute Set or Null; _optional_)
: Used to specify the configuration of the containers that will be started off the generated image.
Must be an attribute set, with each attribute as listed in the [Docker Image Specification v1.3.0](https://github.com/moby/moby/blob/46f7ab808b9504d735d600e259ca0723f76fb164/image/spec/spec.md#image-json-field-descriptions).
@ -247,7 +247,7 @@ Cooking the image...
Finished.
/nix/store/p4dsg62inh9d2ksy3c7bv58xa851dasr-docker-image-redis.tar.gz
$ docker load -i /nix/store/p4dsg62inh9d2ksy3c7bv58xa851dasr-docker-image-redis.tar.gz
$ docker image load -i /nix/store/p4dsg62inh9d2ksy3c7bv58xa851dasr-docker-image-redis.tar.gz
(some output removed for clarity)
Loaded image: redis:latest
```
@ -345,8 +345,8 @@ dockerTools.buildImage {
After importing the generated repository tarball with Docker, its CLI will display a reasonable date and sort the images as expected:
```ShellSession
$ docker images
```shell
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest de2bf4786de6 About a minute ago 25.2MB
```
@ -364,7 +364,7 @@ Despite the similar name, [`buildImage`](#ssec-pkgs-dockerTools-buildImage) work
Even though some of the arguments may seem related, they cannot be interchanged.
:::
You can use this function to load an image in Docker with `docker load`.
You can load the result of this function in Docker with `docker image load`.
See [](#ex-dockerTools-buildLayeredImage-hello) to see how to do that.
### Examples {#ssec-pkgs-dockerTools-buildLayeredImage-examples}
@ -404,7 +404,7 @@ Adding manifests...
Done.
/nix/store/hxcz7snvw7f8rzhbh6mv8jq39d992905-hello.tar.gz
$ docker load -i /nix/store/hxcz7snvw7f8rzhbh6mv8jq39d992905-hello.tar.gz
$ docker image load -i /nix/store/hxcz7snvw7f8rzhbh6mv8jq39d992905-hello.tar.gz
(some output removed for clarity)
Loaded image: hello:latest
```
@ -415,7 +415,7 @@ Loaded image: hello:latest
`streamLayeredImage` builds a **script** which, when run, will stream to stdout a Docker-compatible repository tarball containing a single image, using multiple layers to improve sharing between images.
This means that `streamLayeredImage` does not output an image into the Nix store, but only a script that builds the image, saving on IO and disk/cache space, particularly with large images.
You can use this function to load an image in Docker with `docker load`.
You can load the result of this function in Docker with `docker image load`.
See [](#ex-dockerTools-streamLayeredImage-hello) to see how to do that.
For this function, you specify a [store path](https://nixos.org/manual/nix/stable/store/store-path) or a list of store paths to be added to the image, and the functions will automatically include any dependencies of those paths in the image.
@ -440,7 +440,7 @@ This allows the function to produce reproducible images.
: The name of the generated image.
`tag` (String; _optional_)
`tag` (String or Null; _optional_)
: Tag of the generated image.
If `null`, the hash of the nix derivation will be used as the tag.
@ -450,7 +450,7 @@ This allows the function to produce reproducible images.
`fromImage`(Path or Null; _optional_)
: The repository tarball of an image to be used as the base for the generated image.
It must be a valid Docker image, such as one exported by `docker save`, or another image built with the `dockerTools` utility functions.
It must be a valid Docker image, such as one exported by `docker image save`, or another image built with the `dockerTools` utility functions.
This can be seen as an equivalent of `FROM fromImage` in a `Dockerfile`.
A value of `null` can be seen as an equivalent of `FROM scratch`.
@ -470,7 +470,7 @@ This allows the function to produce reproducible images.
_Default value:_ `[]`
`config` (Attribute Set; _optional_) []{#dockerTools-buildLayeredImage-arg-config}
`config` (Attribute Set or Null; _optional_) []{#dockerTools-buildLayeredImage-arg-config}
: Used to specify the configuration of the containers that will be started off the generated image.
Must be an attribute set, with each attribute as listed in the [Docker Image Specification v1.3.0](https://github.com/moby/moby/blob/46f7ab808b9504d735d600e259ca0723f76fb164/image/spec/spec.md#image-json-field-descriptions).
@ -594,7 +594,7 @@ dockerTools.streamLayeredImage {
```
The result of building this package is a script.
Running this script and piping it into `docker load` gives you the same image that was built in [](#ex-dockerTools-buildLayeredImage-hello).
Running this script and piping it into `docker image load` gives you the same image that was built in [](#ex-dockerTools-buildLayeredImage-hello).
Note that in this case, the image is never added to the Nix store, but instead streamed directly into Docker.
```shell
@ -602,7 +602,7 @@ $ nix-build
(output removed for clarity)
/nix/store/wsz2xl8ckxnlb769irvq6jv1280dfvxd-stream-hello
$ /nix/store/wsz2xl8ckxnlb769irvq6jv1280dfvxd-stream-hello | docker load
$ /nix/store/wsz2xl8ckxnlb769irvq6jv1280dfvxd-stream-hello | docker image load
No 'fromImage' provided
Creating layer 1 from paths: ['/nix/store/i93s7xxblavsacpy82zdbn4kplsyq48l-libunistring-1.1']
Creating layer 2 from paths: ['/nix/store/ji01n9vinnj22nbrb86nx8a1ssgpilx8-libidn2-2.3.4']
@ -718,7 +718,7 @@ dockerTools.streamLayeredImage {
[]{#ssec-pkgs-dockerTools-fetchFromRegistry}
## pullImage {#ssec-pkgs-dockerTools-pullImage}
This function is similar to the `docker pull` command, which means it can be used to pull a Docker image from a registry that implements the [Docker Registry HTTP API V2](https://distribution.github.io/distribution/spec/api/).
This function is similar to the `docker image pull` command, which means it can be used to pull a Docker image from a registry that implements the [Docker Registry HTTP API V2](https://distribution.github.io/distribution/spec/api/).
By default, the `docker.io` registry is used.
The image will be downloaded as an uncompressed Docker-compatible repository tarball, which is suitable for use with other `dockerTools` functions such as [`buildImage`](#ssec-pkgs-dockerTools-buildImage), [`buildLayeredImage`](#ssec-pkgs-dockerTools-buildLayeredImage), and [`streamLayeredImage`](#ssec-pkgs-dockerTools-streamLayeredImage).
@ -1105,7 +1105,7 @@ This is currently implemented by linking to the `env` binary from the `coreutils
### binSh {#sssec-pkgs-dockerTools-helpers-binSh}
This provides a `/bin/sh` link to the `bash` binary from the `bashInteractive` package.
Because of this, it supports cases such as running a command interactively in a container (for example by running `docker run -it <image_name>`).
Because of this, it supports cases such as running a command interactively in a container (for example by running `docker container run -it <image_name>`).
### caCertificates {#sssec-pkgs-dockerTools-helpers-caCertificates}
@ -1169,9 +1169,9 @@ This is made possible by `binSh`.
$ nix-build
(some output removed for clarity)
/nix/store/2p0i3i04cgjlk71hsn7ll4kxaxxiv4qg-docker-image-env-helpers.tar.gz
$ docker load -i /nix/store/2p0i3i04cgjlk71hsn7ll4kxaxxiv4qg-docker-image-env-helpers.tar.gz
$ docker image load -i /nix/store/2p0i3i04cgjlk71hsn7ll4kxaxxiv4qg-docker-image-env-helpers.tar.gz
(output removed for clarity)
$ docker run --rm -it env-helpers:latest /bin/sh
$ docker container run --rm -it env-helpers:latest /bin/sh
sh-5.2# help
GNU bash, version 5.2.21(1)-release (x86_64-pc-linux-gnu)
(rest of output removed for clarity)
@ -1209,9 +1209,9 @@ This is made possible by `binSh`.
$ nix-build
(some output removed for clarity)
/nix/store/rpf47f4z5b9qr4db4ach9yr4b85hjhxq-env-helpers.tar.gz
$ docker load -i /nix/store/rpf47f4z5b9qr4db4ach9yr4b85hjhxq-env-helpers.tar.gz
$ docker image load -i /nix/store/rpf47f4z5b9qr4db4ach9yr4b85hjhxq-env-helpers.tar.gz
(output removed for clarity)
$ docker run --rm -it env-helpers:latest /bin/sh
$ docker container run --rm -it env-helpers:latest /bin/sh
sh-5.2# help
GNU bash, version 5.2.21(1)-release (x86_64-pc-linux-gnu)
(rest of output removed for clarity)
@ -1315,7 +1315,7 @@ $ nix-build
(some output removed for clarity)
/nix/store/pkj1sgzaz31wl0pbvbg3yp5b3kxndqms-hello-2.12.1-env.tar.gz
$ docker load -i /nix/store/pkj1sgzaz31wl0pbvbg3yp5b3kxndqms-hello-2.12.1-env.tar.gz
$ docker image load -i /nix/store/pkj1sgzaz31wl0pbvbg3yp5b3kxndqms-hello-2.12.1-env.tar.gz
(some output removed for clarity)
Loaded image: hello-2.12.1-env:latest
```
@ -1323,7 +1323,7 @@ Loaded image: hello-2.12.1-env:latest
After starting an interactive container, the derivation can be built by running `buildDerivation`, and the output can be executed as expected:
```shell
$ docker run -it hello-2.12.1-env:latest
$ docker container run -it hello-2.12.1-env:latest
[nix-shell:~]$ buildDerivation
Running phase: unpackPhase
unpacking source archive /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
@ -1443,14 +1443,14 @@ dockerTools.streamNixShellImage {
```
The result of building this package is a script.
Running this script and piping it into `docker load` gives you the same image that was built in [](#ex-dockerTools-buildNixShellImage-hello).
Running this script and piping it into `docker image load` gives you the same image that was built in [](#ex-dockerTools-buildNixShellImage-hello).
```shell
$ nix-build
(some output removed for clarity)
/nix/store/8vhznpz2frqazxnd8pgdvf38jscdypax-stream-hello-2.12.1-env
$ /nix/store/8vhznpz2frqazxnd8pgdvf38jscdypax-stream-hello-2.12.1-env | docker load
$ /nix/store/8vhznpz2frqazxnd8pgdvf38jscdypax-stream-hello-2.12.1-env | docker image load
(some output removed for clarity)
Loaded image: hello-2.12.1-env:latest
```
@ -1458,7 +1458,7 @@ Loaded image: hello-2.12.1-env:latest
After starting an interactive container, the derivation can be built by running `buildDerivation`, and the output can be executed as expected:
```shell
$ docker run -it hello-2.12.1-env:latest
$ docker container run -it hello-2.12.1-env:latest
[nix-shell:~]$ buildDerivation
Running phase: unpackPhase
unpacking source archive /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
@ -1497,14 +1497,14 @@ dockerTools.streamNixShellImage {
}
```
The result of building this package is a script which can be run and piped into `docker load` to load the generated image.
The result of building this package is a script which can be run and piped into `docker image load` to load the generated image.
```shell
$ nix-build
(some output removed for clarity)
/nix/store/h5abh0vljgzg381lna922gqknx6yc0v7-stream-hello-2.12.1-env
$ /nix/store/h5abh0vljgzg381lna922gqknx6yc0v7-stream-hello-2.12.1-env | docker load
$ /nix/store/h5abh0vljgzg381lna922gqknx6yc0v7-stream-hello-2.12.1-env | docker image load
(some output removed for clarity)
Loaded image: hello-2.12.1-env:latest
```
@ -1512,7 +1512,7 @@ Loaded image: hello-2.12.1-env:latest
After starting an interactive container, we can verify the extra package is available by running `cowsay`:
```shell
$ docker run -it hello-2.12.1-env:latest
$ docker container run -it hello-2.12.1-env:latest
[nix-shell:~]$ cowsay "Hello, world!"
_______________
< Hello, world! >
@ -1546,14 +1546,14 @@ dockerTools.streamNixShellImage {
}
```
The result of building this package is a script which can be run and piped into `docker load` to load the generated image.
The result of building this package is a script which can be run and piped into `docker image load` to load the generated image.
```shell
$ nix-build
(some output removed for clarity)
/nix/store/iz4dhdvgzazl5vrgyz719iwjzjy6xlx1-stream-hello-2.12.1-env
$ /nix/store/iz4dhdvgzazl5vrgyz719iwjzjy6xlx1-stream-hello-2.12.1-env | docker load
$ /nix/store/iz4dhdvgzazl5vrgyz719iwjzjy6xlx1-stream-hello-2.12.1-env | docker image load
(some output removed for clarity)
Loaded image: hello-2.12.1-env:latest
```
@ -1561,7 +1561,7 @@ Loaded image: hello-2.12.1-env:latest
After starting an interactive container, we can see the result of the `shellHook`:
```shell
$ docker run -it hello-2.12.1-env:latest
$ docker container run -it hello-2.12.1-env:latest
Hello, world!
[nix-shell:~]$

28
doc/languages-frameworks/rust.section.md
View file

@ -44,11 +44,11 @@ rustPlatform.buildRustPackage rec {
}
```
`buildRustPackage` requires either the `cargoHash` or the `cargoSha256`
attribute which is computed over all crate sources of this package.
`cargoSha256` is used for traditional Nix SHA-256 hashes. `cargoHash` should
instead be used for [SRI](https://www.w3.org/TR/SRI/) hashes and should be
preferred. For example:
`buildRustPackage` requires either a `cargoHash` (preferred) or a
`cargoSha256` attribute, computed over all crate sources of this package.
`cargoHash` supports [SRI](https://www.w3.org/TR/SRI/) hashes and should be
preferred over `cargoSha256` which was used for traditional Nix SHA-256 hashes.
For example:
```nix
cargoHash = "sha256-l1vL2ZdtDRxSGvP0X/l3nMw8+6WF67KPutJEzUROjg8=";
@ -64,18 +64,18 @@ Both types of hashes are permitted when contributing to nixpkgs. The
Cargo hash is obtained by inserting a fake checksum into the
expression and building the package once. The correct checksum can
then be taken from the failed build. A fake hash can be used for
`cargoSha256` as follows:
```nix
cargoSha256 = lib.fakeSha256;
```
For `cargoHash` you can use:
`cargoHash` as follows:
```nix
cargoHash = lib.fakeHash;
```
For `cargoSha256` you can use:
```nix
cargoSha256 = lib.fakeSha256;
```
Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)
best practices guide, Rust applications should always commit the `Cargo.lock`
file in git to ensure a reproducible build. However, a few packages do not, and
@ -90,7 +90,7 @@ directory into a tar.gz archive.
The tarball with vendored dependencies contains a directory with the
package's `name`, which is normally composed of `pname` and
`version`. This means that the vendored dependencies hash
(`cargoSha256`/`cargoHash`) is dependent on the package name and
(`cargoHash`/`cargoSha256`) is dependent on the package name and
version. The `cargoDepsName` attribute can be used to use another name
for the directory of vendored dependencies. For example, the hash can
be made invariant to the version by setting `cargoDepsName` to
@ -115,7 +115,7 @@ rustPlatform.buildRustPackage rec {
### Importing a `Cargo.lock` file {#importing-a-cargo.lock-file}
Using `cargoSha256` or `cargoHash` is tedious when using
Using a vendored hash (`cargoHash`/`cargoSha256`) is tedious when using
`buildRustPackage` within a project, since it requires that the hash
is updated after every change to `Cargo.lock`. Therefore,
`buildRustPackage` also supports vendoring dependencies directly from

2
doc/packages/darwin-builder.section.md
View file

@ -98,7 +98,7 @@ $ sudo launchctl kickstart -k system/org.nixos.nix-daemon
host.pkgs = pkgs;
darwin-builder.workingDirectory = "/var/lib/darwin-builder";
};
};
}
];
};
in {

4
lib/modules.nix
View file

@ -81,9 +81,9 @@ let
, # `class`:
# A nominal type for modules. When set and non-null, this adds a check to
# make sure that only compatible modules are imported.
# This would be remove in the future, Prefer _module.args option instead.
class ? null
, args ? {}
, # This would be remove in the future, Prefer _module.args option instead.
args ? {}
, # This would be remove in the future, Prefer _module.check option instead.
check ? true
}:

96
maintainers/maintainer-list.nix
View file

@ -2250,6 +2250,12 @@
githubId = 24027;
name = "Bruno Bigras";
};
bbjubjub = {
name = "Julie B.";
email = "julie+nixpkgs@bbjubjub.fr";
github = "bbjubjub2494";
githubId = 15657735;
};
bburdette = {
email = "bburdette@protonmail.com";
github = "bburdette";
@ -3216,6 +3222,13 @@
github = "cdmistman";
githubId = 23486351;
};
cdombroski = {
name = "Chris Dombroski";
email = "cdombroski@gmail.com";
matrix = "@cdombroski:kow.is";
github = "cdombroski";
githubId = 244909;
};
ceedubs = {
email = "ceedubs@gmail.com";
github = "ceedubs";
@ -4103,6 +4116,12 @@
github = "D3vil0p3r";
githubId = 83867734;
};
d4ilyrun = {
name = "Léo Duboin";
email = "leo@duboin.com";
github = "d4ilyrun";
githubId = 34611103;
};
dadada = {
name = "dadada";
email = "dadada@dadada.li";
@ -4289,6 +4308,15 @@
githubId = 34766150;
name = "datafoo";
};
DataHearth = {
email = "dev@antoine-langlois.net";
github = "DataHearth";
githubId = 28595242;
name = "DataHearth";
keys = [{
fingerprint = "A129 2547 0298 BFEE 7EE0 92B3 946E 2D0C 410C 7B3D";
}];
};
davegallant = {
name = "Dave Gallant";
email = "davegallant@gmail.com";
@ -4782,6 +4810,12 @@
githubId = 8404455;
name = "Diego Lelis";
};
diegs = {
email = "dpontor@gmail.com";
github = "diegs";
githubId = 74719;
name = "Diego Pontoriero";
};
DieracDelta = {
email = "justin@restivo.me";
github = "DieracDelta";
@ -5304,6 +5338,12 @@
githubId = 7875;
name = "Rommel Martinez";
};
ecklf = {
email = "ecklf@icloud.com";
github = "ecklf";
githubId = 8146736;
name = "Florentin Eckl";
};
eclairevoyant = {
github = "eclairevoyant";
githubId = 848000;
@ -8260,6 +8300,12 @@
fingerprint = "E864 BDFA AB55 36FD C905 5195 DBF2 52AF FB26 19FD";
}];
};
ironicbadger = {
email = "alexktz@gmail.com";
github = "ironicbadger";
githubId = 2773080;
name = "Alex Kretzschmar";
};
ironpinguin = {
email = "michele@catalano.de";
github = "ironpinguin";
@ -9486,6 +9532,16 @@
githubId = 5802758;
name = "Joshua Trees";
};
juancmuller = {
email = "nix@juancmuller.com";
githubId = 208500;
github = "jcmuller";
matrix = "@jcmuller@beeper.com";
name = "Juan C. Müller";
keys = [{
fingerprint = "D78D 25D8 A1B8 2596 267F 35B8 F44E A51A 28F9 B4A7";
}];
};
juaningan = {
email = "juaningan@gmail.com";
github = "oneingan";
@ -11067,15 +11123,6 @@
githubId = 4969294;
name = "Louis Tim Larsen";
};
lourkeur = {
name = "Louis Bettens";
email = "louis@bettens.info";
github = "lourkeur";
githubId = 15657735;
keys = [{
fingerprint = "5B93 9CFA E8FC 4D8F E07A 3AEA DFE1 D4A0 1733 7E2A";
}];
};
loveisgrief = {
name = "LoveIsGrief";
email = "loveisgrief@tuta.io";
@ -11166,6 +11213,12 @@
githubId = 35580196;
name = "Luca Guerra";
};
lucasbergman = {
email = "lucas@bergmans.us";
github = "lucasbergman";
githubId = 3717454;
name = "Lucas Bergman";
};
lucasew = {
email = "lucas59356@gmail.com";
github = "lucasew";
@ -14867,6 +14920,12 @@
fingerprint = "3AC6 F170 F011 33CE 393B CD94 BE94 8AFD 7E78 73BE";
}];
};
phijor = {
name = "Philipp Joram";
email = "nixpkgs@phijor.me";
github = "phijor";
githubId = 10487782;
};
philandstuff = {
email = "philip.g.potter@gmail.com";
github = "philandstuff";
@ -17450,6 +17509,12 @@
github = "shymega";
githubId = 1334592;
};
siddarthkay = {
email = "siddarthkay@gmail.com";
github = "siddarthkay";
githubId = 64726664;
name = "Siddarth Kumar";
};
siddharthdhakane = {
email = "siddharthdhakane@gmail.com";
github = "siddharthdhakane";
@ -18320,6 +18385,13 @@
githubId = 2666479;
name = "Y Nguyen";
};
superherointj = {
email = "sergiomarcelo@yandex.com";
github = "superherointj";
githubId = 5861043;
matrix = "@superherointj:matrix.org";
name = "Sérgio Marcelo";
};
SuperSandro2000 = {
email = "sandro.jaeckel@gmail.com";
matrix = "@sandro:supersandro.de";
@ -18586,6 +18658,12 @@
githubId = 11619234;
name = "Sergey Volkov";
};
tarantoj = {
email = "taranto.james@gmail.com";
github = "tarantoj";
githubId = 13129552;
name = "James Taranto";
};
tari = {
email = "peter@taricorp.net";
github = "tari";

2
maintainers/team-list.nix
View file

@ -176,7 +176,7 @@ with lib.maintainers; {
cosmopolitan = {
members = [
lourkeur
bbjubjub
tomberek
];
scope = "Maintain the Cosmopolitan LibC and related programs.";

4
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -71,6 +71,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [TigerBeetle](https://tigerbeetle.com/), a distributed financial accounting database designed for mission critical safety and performance. Available as [services.tigerbeetle](#opt-services.tigerbeetle.enable).
- [go-camo](https://github.com/cactus/go-camo), a secure image proxy server. Available as [services.go-camo](#opt-services.go-camo.enable).
- [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable).
- [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable).
@ -337,6 +339,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- The `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed.
- The `services.teeworlds` module now has a wealth of configuration options, including a new `package` option.
- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399).
- The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration.

3
nixos/maintainers/scripts/lxd/lxd-container-image.nix
View file

@ -20,8 +20,7 @@
};
in ''
if [ ! -e /etc/nixos/configuration.nix ]; then
mkdir -p /etc/nixos
cp ${config} /etc/nixos/configuration.nix
install -m 644 -D ${config} /etc/nixos/configuration.nix
fi
'';

6
nixos/modules/config/ldso.nix
View file

@ -6,9 +6,9 @@ let
libDir = pkgs.stdenv.hostPlatform.libDir;
ldsoBasename = builtins.unsafeDiscardStringContext (last (splitString "/" pkgs.stdenv.cc.bintools.dynamicLinker));
pkgs32 = pkgs.pkgsi686Linux;
libDir32 = pkgs32.stdenv.hostPlatform.libDir;
ldsoBasename32 = builtins.unsafeDiscardStringContext (last (splitString "/" pkgs32.stdenv.cc.bintools.dynamicLinker));
# Hard-code to avoid creating another instance of nixpkgs. Also avoids eval errors in some cases.
libDir32 = "lib"; # pkgs.pkgsi686Linux.stdenv.hostPlatform.libDir
ldsoBasename32 = "ld-linux.so.2"; # last (splitString "/" pkgs.pkgsi686Linux.stdenv.cc.bintools.dynamicLinker)
in {
options = {
environment.ldso = mkOption {

1
nixos/modules/config/no-x-libs.nix
View file

@ -83,6 +83,7 @@ with lib;
# translateManpages -> perlPackages.po4a -> texlive-combined-basic -> texlive-core-big -> libX11
util-linux = super.util-linux.override { translateManpages = false; };
vim-full = super.vim-full.override { guiSupport = false; };
vte = super.vte.override { gtkVersion = null; };
zbar = super.zbar.override { enableVideo = false; withXorg = false; };
}));
};

22
nixos/modules/config/users-groups.nix
View file

@ -649,7 +649,6 @@ in {
home = "/root";
shell = mkDefault cfg.defaultUserShell;
group = "root";
initialHashedPassword = mkDefault "!";
};
nobody = {
uid = ids.uids.nobody;
@ -897,7 +896,26 @@ in {
));
warnings =
builtins.filter (x: x != null) (
flip concatMap (attrValues cfg.users) (user: let
unambiguousPasswordConfiguration = 1 >= length (filter (x: x != null) ([
user.hashedPassword
user.hashedPasswordFile
user.password
] ++ optionals cfg.mutableUsers [
# For immutable users, initialHashedPassword is set to hashedPassword,
# so using these options would always trigger the assertion.
user.initialHashedPassword
user.initialPassword
]));
in optional (!unambiguousPasswordConfiguration) ''
The user '${user.name}' has multiple of the options
`hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword`
& `initialHashedPassword` set to a non-null value.
The options silently discard others by the order of precedence
given above which can lead to surprising results. To resolve this warning,
set at most one of the options above to a non-`null` value.
'')
++ builtins.filter (x: x != null) (
flip mapAttrsToList cfg.users (_: user:
# This regex matches a subset of the Modular Crypto Format (MCF)[1]
# informal standard. Since this depends largely on the OS or the

4
nixos/modules/config/vte.nix
View file

@ -1,5 +1,3 @@
# VTE
{ config, pkgs, lib, ... }:
with lib;
@ -9,7 +7,7 @@ let
vteInitSnippet = ''
# Show current working directory in VTE terminals window title.
# Supports both bash and zsh, requires interactive shell.
. ${pkgs.vte}/etc/profile.d/vte.sh
. ${pkgs.vte.override { gtkVersion = null; }}/etc/profile.d/vte.sh
'';
in

28
nixos/modules/config/xdg/portal.nix
View file

@ -119,19 +119,6 @@ in
let
cfg = config.xdg.portal;
packages = [ pkgs.xdg-desktop-portal ] ++ cfg.extraPortals;
configPackages = cfg.configPackages;
joinedPortals = pkgs.buildEnv {
name = "xdg-portals";
paths = packages;
pathsToLink = [ "/share/xdg-desktop-portal/portals" "/share/applications" ];
};
joinedPortalConfigs = pkgs.buildEnv {
name = "xdg-portal-configs";
paths = configPackages;
pathsToLink = [ "/share/xdg-desktop-portal" ];
};
in
mkIf cfg.enable {
warnings = lib.optional (cfg.configPackages == [ ] && cfg.config == { }) ''
@ -158,17 +145,18 @@ in
systemd.packages = packages;
environment = {
# fixes screen sharing on plasmawayland on non-chromium apps by linking
# share/applications/*.desktop files
# see https://github.com/NixOS/nixpkgs/issues/145174
systemPackages = [ joinedPortals ];
pathsToLink = [ "/share/applications" ];
systemPackages = packages ++ cfg.configPackages;
pathsToLink = [
# Portal definitions and upstream desktop environment portal configurations.
"/share/xdg-desktop-portal"
# .desktop files to register fallback icon and app name.
"/share/applications"
];
sessionVariables = {
GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
NIXOS_XDG_OPEN_USE_PORTAL = mkIf cfg.xdgOpenUsePortal "1";
XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
NIXOS_XDG_DESKTOP_PORTAL_CONFIG_DIR = mkIf (cfg.configPackages != [ ]) "${joinedPortalConfigs}/share/xdg-desktop-portal";
NIX_XDG_DESKTOP_PORTAL_DIR = "/run/current-system/sw/share/xdg-desktop-portal/portals";
};
etc = lib.concatMapAttrs

2
nixos/modules/module-list.nix
View file

@ -241,6 +241,7 @@
./programs/proxychains.nix
./programs/qdmr.nix
./programs/qt5ct.nix
./programs/quark-goldleaf.nix
./programs/regreet.nix
./programs/rog-control-center.nix
./programs/rust-motd.nix
@ -962,6 +963,7 @@
./services/networking/gns3-server.nix
./services/networking/gnunet.nix
./services/networking/go-autoconfig.nix
./services/networking/go-camo.nix
./services/networking/go-neb.nix
./services/networking/go-shadowsocks2.nix
./services/networking/gobgpd.nix

18
nixos/modules/programs/quark-goldleaf.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.quark-goldleaf;
in
{
options = {
programs.quark-goldleaf = {
enable = lib.mkEnableOption "quark-goldleaf with udev rules applied";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.quark-goldleaf ];
services.udev.packages = [ pkgs.quark-goldleaf ];
};
meta.maintainers = pkgs.quark-goldleaf.meta.maintainers;
}

4
nixos/modules/programs/yazi.nix
View file

@ -22,7 +22,7 @@ in
description = lib.mdDoc ''
Configuration included in `${name}.toml`.
See https://github.com/sxyazi/yazi/blob/v${cfg.package.version}/config/docs/${name}.md for documentation.
See https://yazi-rs.github.io/docs/configuration/${name}/ for documentation.
'';
}))
names);
@ -47,7 +47,5 @@ in
};
meta = {
maintainers = with lib.maintainers; [ linsui ];
# The version of the package is used in the doc.
buildDocsInSandbox = false;
};
}

3
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -285,7 +285,7 @@ in {
systemd.tmpfiles.rules = [
"d /opt/cni/bin 0755 root root -"
"d /run/kubernetes 0755 kubernetes kubernetes -"
"d /var/lib/kubernetes 0755 kubernetes kubernetes -"
"d ${cfg.dataDir} 0755 kubernetes kubernetes -"
];
users.users.kubernetes = {
@ -294,6 +294,7 @@ in {
group = "kubernetes";
home = cfg.dataDir;
createHome = true;
homeMode = "755";
};
users.groups.kubernetes.gid = config.ids.gids.kubernetes;

3
nixos/modules/services/cluster/kubernetes/pki.nix
View file

@ -192,7 +192,8 @@ in
mkdir -p "$(dirname "${certmgrAPITokenPath}")"
if [ -f "${cfsslAPITokenPath}" ]; then
ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}"
else
elif [ ! -f "${certmgrAPITokenPath}" ]; then
# Don't remove the token if it already exists
install -m 600 /dev/null "${certmgrAPITokenPath}"
fi
''

2
nixos/modules/services/continuous-integration/hydra/default.nix
View file

@ -39,7 +39,7 @@ let
hydra-package =
let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set \"${key}\" \"${value}\"") hydraEnv);
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set-default \"${key}\" \"${value}\"") hydraEnv);
in pkgs.buildEnv rec {
name = "hydra-env";
nativeBuildInputs = [ pkgs.makeWrapper ];

15
nixos/modules/services/databases/mysql.nix
View file

@ -7,6 +7,9 @@ let
cfg = config.services.mysql;
isMariaDB = lib.getName cfg.package == lib.getName pkgs.mariadb;
isOracle = lib.getName cfg.package == lib.getName pkgs.mysql80;
# Oracle MySQL has supported "notify" service type since 8.0
hasNotify = isMariaDB || (isOracle && versionAtLeast cfg.package.version "8.0");
mysqldOptions =
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${cfg.package}";
@ -377,19 +380,11 @@ in
# The super user account to use on *first* run of MySQL server
superUser = if isMariaDB then cfg.user else "root";
in ''
${optionalString (!isMariaDB) ''
${optionalString (!hasNotify) ''
# Wait until the MySQL server is available for use
count=0
while [ ! -e /run/mysqld/mysqld.sock ]
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "MySQL daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
''}
@ -477,7 +472,7 @@ in
serviceConfig = mkMerge [
{
Type = if isMariaDB then "notify" else "simple";
Type = if hasNotify then "notify" else "simple";
Restart = "on-abort";
RestartSec = "5s";

2
nixos/modules/services/display-managers/greetd.nix
View file

@ -78,7 +78,7 @@ in
serviceConfig = {
ExecStart = "${pkgs.greetd.greetd}/bin/greetd --config ${settingsFormat.generate "greetd.toml" cfg.settings}";
Restart = mkIf cfg.restart "always";
Restart = mkIf cfg.restart "on-success";
# Defaults from greetd upstream configuration
IgnoreSIGPIPE = false;

310
nixos/modules/services/games/teeworlds.nix
View file

@ -6,13 +6,86 @@ let
cfg = config.services.teeworlds;
register = cfg.register;
bool = b: if b != null && b then "1" else "0";
optionalSetting = s: setting: optionalString (s != null) "${setting} ${s}";
lookup = attrs: key: default: if attrs ? key then attrs."${key}" else default;
inactivePenaltyOptions = {
"spectator" = "1";
"spectator/kick" = "2";
"kick" = "3";
};
skillLevelOptions = {
"casual" = "0";
"normal" = "1";
"competitive" = "2";
};
tournamentModeOptions = {
"disable" = "0";
"enable" = "1";
"restrictSpectators" = "2";
};
teeworldsConf = pkgs.writeText "teeworlds.cfg" ''
sv_port ${toString cfg.port}
sv_register ${if cfg.register then "1" else "0"}
${optionalString (cfg.name != null) "sv_name ${cfg.name}"}
${optionalString (cfg.motd != null) "sv_motd ${cfg.motd}"}
${optionalString (cfg.password != null) "password ${cfg.password}"}
${optionalString (cfg.rconPassword != null) "sv_rcon_password ${cfg.rconPassword}"}
sv_register ${bool cfg.register}
sv_name ${cfg.name}
${optionalSetting cfg.motd "sv_motd"}
${optionalSetting cfg.password "password"}
${optionalSetting cfg.rconPassword "sv_rcon_password"}
${optionalSetting cfg.server.bindAddr "bindaddr"}
${optionalSetting cfg.server.hostName "sv_hostname"}
sv_high_bandwidth ${bool cfg.server.enableHighBandwidth}
sv_inactivekick ${lookup inactivePenaltyOptions cfg.server.inactivePenalty "spectator/kick"}
sv_inactivekick_spec ${bool cfg.server.kickInactiveSpectators}
sv_inactivekick_time ${toString cfg.server.inactiveTime}
sv_max_clients ${toString cfg.server.maxClients}
sv_max_clients_per_ip ${toString cfg.server.maxClientsPerIP}
sv_skill_level ${lookup skillLevelOptions cfg.server.skillLevel "normal"}
sv_spamprotection ${bool cfg.server.enableSpamProtection}
sv_gametype ${cfg.game.gameType}
sv_map ${cfg.game.map}
sv_match_swap ${bool cfg.game.swapTeams}
sv_player_ready_mode ${bool cfg.game.enableReadyMode}
sv_player_slots ${toString cfg.game.playerSlots}
sv_powerups ${bool cfg.game.enablePowerups}
sv_scorelimit ${toString cfg.game.scoreLimit}
sv_strict_spectate_mode ${bool cfg.game.restrictSpectators}
sv_teamdamage ${bool cfg.game.enableTeamDamage}
sv_timelimit ${toString cfg.game.timeLimit}
sv_tournament_mode ${lookup tournamentModeOptions cfg.server.tournamentMode "disable"}
sv_vote_kick ${bool cfg.game.enableVoteKick}
sv_vote_kick_bantime ${toString cfg.game.voteKickBanTime}
sv_vote_kick_min ${toString cfg.game.voteKickMinimumPlayers}
${optionalSetting cfg.server.bindAddr "bindaddr"}
${optionalSetting cfg.server.hostName "sv_hostname"}
sv_high_bandwidth ${bool cfg.server.enableHighBandwidth}
sv_inactivekick ${lookup inactivePenaltyOptions cfg.server.inactivePenalty "spectator/kick"}
sv_inactivekick_spec ${bool cfg.server.kickInactiveSpectators}
sv_inactivekick_time ${toString cfg.server.inactiveTime}
sv_max_clients ${toString cfg.server.maxClients}
sv_max_clients_per_ip ${toString cfg.server.maxClientsPerIP}
sv_skill_level ${lookup skillLevelOptions cfg.server.skillLevel "normal"}
sv_spamprotection ${bool cfg.server.enableSpamProtection}
sv_gametype ${cfg.game.gameType}
sv_map ${cfg.game.map}
sv_match_swap ${bool cfg.game.swapTeams}
sv_player_ready_mode ${bool cfg.game.enableReadyMode}
sv_player_slots ${toString cfg.game.playerSlots}
sv_powerups ${bool cfg.game.enablePowerups}
sv_scorelimit ${toString cfg.game.scoreLimit}
sv_strict_spectate_mode ${bool cfg.game.restrictSpectators}
sv_teamdamage ${bool cfg.game.enableTeamDamage}
sv_timelimit ${toString cfg.game.timeLimit}
sv_tournament_mode ${lookup tournamentModeOptions cfg.server.tournamentMode "disable"}
sv_vote_kick ${bool cfg.game.enableVoteKick}
sv_vote_kick_bantime ${toString cfg.game.voteKickBanTime}
sv_vote_kick_min ${toString cfg.game.voteKickMinimumPlayers}
${concatStringsSep "\n" cfg.extraOptions}
'';
@ -22,17 +95,19 @@ in
services.teeworlds = {
enable = mkEnableOption (lib.mdDoc "Teeworlds Server");
package = mkPackageOptionMD pkgs "teeworlds-server" { };
openPorts = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to open firewall ports for Teeworlds";
description = lib.mdDoc "Whether to open firewall ports for Teeworlds.";
};
name = mkOption {
type = types.nullOr types.str;
default = null;
type = types.str;
default = "unnamed server";
description = lib.mdDoc ''
Name of the server. Defaults to 'unnamed server'.
Name of the server.
'';
};
@ -41,7 +116,7 @@ in
example = true;
default = false;
description = lib.mdDoc ''
Whether the server registers as public server in the global server list. This is disabled by default because of privacy.
Whether the server registers as a public server in the global server list. This is disabled by default for privacy reasons.
'';
};
@ -49,7 +124,7 @@ in
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Set the server message of the day text.
The server's message of the day text.
'';
};
@ -85,6 +160,217 @@ in
'';
example = [ "sv_map dm1" "sv_gametype dm" ];
};
server = {
bindAddr = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
The address the server will bind to.
'';
};
enableHighBandwidth = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable high bandwidth mode on LAN servers. This will double the amount of bandwidth required for running the server.
'';
};
hostName = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc ''
Hostname for the server.
'';
};
inactivePenalty = mkOption {
type = types.enum [ "spectator" "spectator/kick" "kick" ];
example = "spectator";
default = "spectator/kick";
description = lib.mdDoc ''
Specify what to do when a client goes inactive (see [](#opt-services.teeworlds.server.inactiveTime)).
- `spectator`: send the client into spectator mode
- `spectator/kick`: send the client into a free spectator slot, otherwise kick the client
- `kick`: kick the client
'';
};
kickInactiveSpectators = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to kick inactive spectators.
'';
};
inactiveTime = mkOption {
type = types.ints.unsigned;
default = 3;
description = lib.mdDoc ''
The amount of minutes a client has to idle before it is considered inactive.
'';
};
maxClients = mkOption {
type = types.ints.unsigned;
default = 12;
description = lib.mdDoc ''
The maximum amount of clients that can be connected to the server at the same time.
'';
};
maxClientsPerIP = mkOption {
type = types.ints.unsigned;
default = 12;
description = lib.mdDoc ''
The maximum amount of clients with the same IP address that can be connected to the server at the same time.
'';
};
skillLevel = mkOption {
type = types.enum [ "casual" "normal" "competitive" ];
default = "normal";
description = lib.mdDoc ''
The skill level shown in the server browser.
'';
};
enableSpamProtection = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to enable chat spam protection.
'';
};
};
game = {
gameType = mkOption {
type = types.str;
example = "ctf";
default = "dm";
description = lib.mdDoc ''
The game type to use on the server.
The default gametypes are `dm`, `tdm`, `ctf`, `lms`, and `lts`.
'';
};
map = mkOption {
type = types.str;
example = "ctf5";
default = "dm1";
description = lib.mdDoc ''
The map to use on the server.
'';
};
swapTeams = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to swap teams each round.
'';
};
enableReadyMode = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable "ready mode"; where players can pause/unpause the game
and start the game in warmup, using their ready state.
'';
};
playerSlots = mkOption {
type = types.ints.unsigned;
default = 8;
description = lib.mdDoc ''
The amount of slots to reserve for players (as opposed to spectators).
'';
};
enablePowerups = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to allow powerups such as the ninja.
'';
};
scoreLimit = mkOption {
type = types.ints.unsigned;
example = 400;
default = 20;
description = lib.mdDoc ''
The score limit needed to win a round.
'';
};
restrictSpectators = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to restrict access to information such as health, ammo and armour in spectator mode.
'';
};
enableTeamDamage = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable team damage; whether to allow team mates to inflict damage on one another.
'';
};
timeLimit = mkOption {
type = types.ints.unsigned;
default = 0;
description = lib.mdDoc ''
Time limit of the game. In cases of equal points, there will be sudden death.
Setting this to 0 disables a time limit.
'';
};
tournamentMode = mkOption {
type = types.enum [ "disable" "enable" "restrictSpectators" ];
default = "disable";
description = lib.mdDoc ''
Whether to enable tournament mode. In tournament mode, players join as spectators.
If this is set to `restrictSpectators`, tournament mode is enabled but spectator chat is restricted.
'';
};
enableVoteKick = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to enable voting to kick players.
'';
};
voteKickBanTime = mkOption {
type = types.ints.unsigned;
default = 5;
description = lib.mdDoc ''
The amount of minutes that a player is banned for if they get kicked by a vote.
'';
};
voteKickMinimumPlayers = mkOption {
type = types.ints.unsigned;
default = 5;
description = lib.mdDoc ''
The minimum amount of players required to start a kick vote.
'';
};
};
};
};
@ -100,7 +386,7 @@ in
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.teeworlds-server}/bin/teeworlds_srv -f ${teeworldsConf}";
ExecStart = "${cfg.package}/bin/teeworlds_srv -f ${teeworldsConf}";
# Hardening
CapabilityBoundingSet = false;

10
nixos/modules/services/hardware/asusd.nix
View file

@ -8,6 +8,8 @@ in
services.asusd = {
enable = lib.mkEnableOption (lib.mdDoc "the asusd service for ASUS ROG laptops");
package = lib.mkPackageOption pkgs "asusctl" { };
enableUserService = lib.mkOption {
type = lib.types.bool;
default = false;
@ -73,7 +75,7 @@ in
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.asusctl ];
environment.systemPackages = [ cfg.package ];
environment.etc =
let
@ -92,9 +94,9 @@ in
};
services.dbus.enable = true;
systemd.packages = [ pkgs.asusctl ];
services.dbus.packages = [ pkgs.asusctl ];
services.udev.packages = [ pkgs.asusctl ];
systemd.packages = [ cfg.package ];
services.dbus.packages = [ cfg.package ];
services.udev.packages = [ cfg.package ];
services.supergfxd.enable = lib.mkDefault true;
systemd.user.services.asusd-user.enable = cfg.enableUserService;

19
nixos/modules/services/hardware/bolt.nix
View file

@ -1,14 +1,13 @@
# Thunderbolt 3 device manager
{ config, lib, pkgs, ...}:
with lib;
let
cfg = config.services.hardware.bolt;
in
{
options = {
services.hardware.bolt = {
enable = mkOption {
type = types.bool;
default = false;
@ -20,15 +19,13 @@ with lib;
'';
};
package = mkPackageOption pkgs "bolt" { };
};
};
config = mkIf config.services.hardware.bolt.enable {
environment.systemPackages = [ pkgs.bolt ];
services.udev.packages = [ pkgs.bolt ];
systemd.packages = [ pkgs.bolt ];
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
services.udev.packages = [ cfg.package ];
systemd.packages = [ cfg.package ];
};
}

22
nixos/modules/services/misc/sourcehut/default.nix
View file

@ -790,13 +790,21 @@ in
'';
};
systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable (
builtins.listToAttrs (map (name: {
name = "/var/log/sourcehut/gitsrht-${name}";
value.f = {
inherit (cfg.git) user group;
mode = "0644";
};
}) [ "keys" "shell" "update-hook" ])
mkMerge [
(builtins.listToAttrs (map (name: {
name = "/var/log/sourcehut/gitsrht-${name}";
value.f = {
inherit (cfg.git) user group;
mode = "0644";
};
}) [ "keys" "shell" "update-hook" ]))
{
${cfg.settings."git.sr.ht".repos}.d = {
inherit (cfg.git) user group;
mode = "0644";
};
}
]
);
systemd.services.sshd = {
preStart = mkIf cfg.hg.enable ''

13
nixos/modules/services/misc/tandoor-recipes.nix
View file

@ -17,14 +17,11 @@ let
lib.mapAttrs (_: toString) cfg.extraConfig
);
manage =
let
setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env);
in
pkgs.writeShellScript "manage" ''
${setupEnv}
exec ${pkg}/bin/tandoor-recipes "$@"
'';
manage = pkgs.writeShellScript "manage" ''
set -o allexport # Export the following env vars
${lib.toShellVars env}
exec ${pkg}/bin/tandoor-recipes "$@"
'';
in
{
meta.maintainers = with maintainers; [ ambroisie ];

73
nixos/modules/services/networking/go-camo.nix Normal file
View file

@ -0,0 +1,73 @@
{ lib, pkgs, config, ... }:
let
cfg = config.services.go-camo;
inherit (lib) mkOption mkEnableOption mkIf mkMerge types optionalString;
in
{
options.services.go-camo = {
enable = mkEnableOption "go-camo service";
listen = mkOption {
type = types.nullOr types.str;
default = null;
description = "Address:Port to bind to for HTTP (default: 0.0.0.0:8080).";
apply = v: optionalString (v != null) "--listen=${v}";
};
sslListen = mkOption {
type = types.nullOr types.str;
default = null;
description = "Address:Port to bind to for HTTPS.";
apply = v: optionalString (v != null) "--ssl-listen=${v}";
};
sslKey = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to TLS private key.";
apply = v: optionalString (v != null) "--ssl-key=${v}";
};
sslCert = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to TLS certificate.";
apply = v: optionalString (v != null) "--ssl-cert=${v}";
};
keyFile = mkOption {
type = types.path;
default = null;
description = ''
A file containing the HMAC key to use for signing URLs.
The file can contain any string. Can be generated using "openssl rand -base64 18 > the_file".
'';
};
extraOptions = mkOption {
type = with types; listOf str;
default = [];
description = "Extra options passed to the go-camo command.";
};
};
config = mkIf cfg.enable {
systemd.services.go-camo = {
description = "go-camo service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
GOCAMO_HMAC_FILE = "%d/hmac";
};
script = ''
export GOCAMO_HMAC=$(cat "$GOCAMO_HMAC_FILE")
exec ${lib.escapeShellArgs(lib.lists.remove "" ([ "${pkgs.go-camo}/bin/go-camo" cfg.listen cfg.sslListen cfg.sslKey cfg.sslCert ] ++ cfg.extraOptions))}
'';
serviceConfig = {
NoNewPrivileges = true;
ProtectSystem = "strict";
DynamicUser = true;
User = "gocamo";
Group = "gocamo";
LoadCredential = [
"hmac:${cfg.keyFile}"
];
};
};
};
}

109
nixos/modules/services/networking/knot.nix
View file

@ -1,8 +1,36 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, utils, ... }:
with lib;
let
inherit (lib)
attrNames
concatMapStrings
concatMapStringsSep
concatStrings
concatStringsSep
elem
filter
flip
hasAttr
hasPrefix
isAttrs
isBool
isDerivation
isList
mapAttrsToList
mkChangedOptionModule
mkEnableOption
mkIf
mkOption
mkPackageOption
optionals
types
;
inherit (utils)
escapeSystemdExecArgs
;
cfg = config.services.knot;
yamlConfig = let
@ -113,8 +141,7 @@ let
mkConfigFile = configString: pkgs.writeTextFile {
name = "knot.conf";
text = (concatMapStringsSep "\n" (file: "include: ${file}") cfg.keyFiles) + "\n" + configString;
# TODO: maybe we could do some checks even when private keys complicate this?
checkPhase = lib.optionalString (cfg.keyFiles == []) ''
checkPhase = lib.optionalString cfg.checkConfig ''
${cfg.package}/bin/knotc --config=$out conf-check
'';
};
@ -142,12 +169,45 @@ let
in {
options = {
services.knot = {
enable = mkEnableOption (lib.mdDoc "Knot authoritative-only DNS server");
enable = mkEnableOption "Knot authoritative-only DNS server";
enableXDP = mkOption {
type = types.bool;
default = lib.hasAttrByPath [ "xdp" "listen" ] cfg.settings;
defaultText = ''
Enabled when the `xdp.listen` setting is configured through `settings`.
'';
example = true;
description = ''
Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
::: {.note}
Make sure to read up on functional [limitations](https://www.knot-dns.cz/docs/latest/singlehtml/index.html#mode-xdp-limitations)
when running in XDP mode.
:::
'';
};
checkConfig = mkOption {
type = types.bool;
# TODO: maybe we could do some checks even when private keys complicate this?
# conf-check fails hard on missing IPs/devices with XDP
default = cfg.keyFiles == [] && !cfg.enableXDP;
defaultText = ''
Disabled when the config uses `keyFiles` or `enableXDP`.
'';
example = false;
description = ''
Toggles the configuration test at build time. It runs in a
sandbox, and therefore cannot be used in all scenarios.
'';
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
description = ''
List of additional command line parameters for knotd
'';
};
@ -155,7 +215,7 @@ in {
keyFiles = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc ''
description = ''
A list of files containing additional configuration
to be included using the include directive. This option
allows to include configuration like TSIG keys without
@ -168,7 +228,7 @@ in {
settings = mkOption {
type = types.attrs;
default = {};
description = lib.mdDoc ''
description = ''
Extra configuration as nix values.
'';
};
@ -176,7 +236,7 @@ in {
settingsFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
description = ''
As alternative to ``settings``, you can provide whole configuration
directly in the almost-YAML format of Knot DNS.
You might want to utilize ``pkgs.writeText "knot.conf" "longConfigString"`` for this.
@ -210,19 +270,35 @@ in {
wants = [ "network.target" ];
after = ["network.target" ];
serviceConfig = {
serviceConfig = let
# https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#pre-requisites
xdpCapabilities = lib.optionals (cfg.enableXDP) [
"CAP_NET_ADMIN"
"CAP_NET_RAW"
"CAP_SYS_ADMIN"
"CAP_IPC_LOCK"
] ++ lib.optionals (lib.versionOlder config.boot.kernelPackages.kernel.version "5.11") [
"CAP_SYS_RESOURCE"
];
in {
Type = "notify";
ExecStart = "${cfg.package}/bin/knotd --config=${configFile} --socket=${socketFile} ${concatStringsSep " " cfg.extraArgs}";
ExecReload = "${knot-cli-wrappers}/bin/knotc reload";
ExecStart = escapeSystemdExecArgs ([
(lib.getExe cfg.package)
"--config=${configFile}"
"--socket=${socketFile}"
] ++ cfg.extraArgs);
ExecReload = escapeSystemdExecArgs [
"${knot-cli-wrappers}/bin/knotc" "reload"
];
User = "knot";
Group = "knot";
AmbientCapabilities = [
"CAP_NET_BIND_SERVICE"
];
] ++ xdpCapabilities;
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE"
];
] ++ xdpCapabilities;
DeviceAllow = "";
DevicePolicy = "closed";
LockPersonality = true;
@ -247,6 +323,9 @@ in {
"AF_INET"
"AF_INET6"
"AF_UNIX"
] ++ optionals (cfg.enableXDP) [
"AF_NETLINK"
"AF_XDP"
];
RestrictNamespaces = true;
RestrictRealtime =true;
@ -258,6 +337,8 @@ in {
SystemCallFilter = [
"@system-service"
"~@privileged"
] ++ optionals (cfg.enableXDP) [
"bpf"
];
UMask = "0077";
};

2
nixos/modules/services/torrent/transmission.nix
View file

@ -74,7 +74,7 @@ in
description = lib.mdDoc "";
};
options.message-level = mkOption {
type = types.ints.between 0 3;
type = types.ints.between 0 6;
default = 2;
description = lib.mdDoc "Set verbosity of transmission messages.";
};

46
nixos/modules/services/web-apps/mastodon.nix
View file

@ -4,7 +4,8 @@ let
cfg = config.services.mastodon;
opt = options.services.mastodon;
# We only want to create a database if we're actually going to connect to it.
# We only want to create a Redis and PostgreSQL databases if we're actually going to connect to it local.
redisActuallyCreateLocally = cfg.redis.createLocally && (cfg.redis.host == "127.0.0.1" || cfg.redis.enableUnixSocket);
databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "/run/postgresql";
env = {
@ -33,6 +34,7 @@ let
TRUSTED_PROXY_IP = cfg.trustedProxy;
}
// lib.optionalAttrs (cfg.redis.createLocally && cfg.redis.enableUnixSocket) { REDIS_URL = "unix://${config.services.redis.servers.mastodon.unixSocket}"; }
// lib.optionalAttrs (cfg.database.host != "/run/postgresql" && cfg.database.port != null) { DB_PORT = toString cfg.database.port; }
// lib.optionalAttrs cfg.smtp.authenticate { SMTP_LOGIN = cfg.smtp.user; }
// lib.optionalAttrs (cfg.elasticsearch.host != null) { ES_HOST = cfg.elasticsearch.host; }
@ -116,9 +118,11 @@ let
threads = toString (if processCfg.threads == null then cfg.sidekiqThreads else processCfg.threads);
in {
after = [ "network.target" "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
requires = [ "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
description = "Mastodon sidekiq${jobClassLabel}";
@ -146,9 +150,11 @@ let
name = "mastodon-streaming-${toString i}";
value = {
after = [ "network.target" "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
requires = [ "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
wantedBy = [ "mastodon.target" "mastodon-streaming.target" ];
@ -404,6 +410,19 @@ in {
type = lib.types.port;
default = 31637;
};
passwordFile = lib.mkOption {
description = lib.mdDoc "A file containing the password for Redis database.";
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/keys/mastodon-redis-password";
};
enableUnixSocket = lib.mkOption {
description = lib.mdDoc "Use Unix socket";
type = lib.types.bool;
default = true;
};
};
database = {
@ -612,6 +631,13 @@ in {
config = lib.mkIf cfg.enable (lib.mkMerge [{
assertions = [
{
assertion = redisActuallyCreateLocally -> (!cfg.redis.enableUnixSocket || cfg.redis.passwordFile == null);
message = ''
<option>services.mastodon.redis.enableUnixSocket</option> needs to be disabled if
<option>services.mastodon.redis.passwordFile</option> is used.
'';
}
{
assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user && cfg.database.user == cfg.database.name);
message = ''
@ -689,6 +715,8 @@ in {
OTP_SECRET="$(cat ${cfg.otpSecretFile})"
VAPID_PRIVATE_KEY="$(cat ${cfg.vapidPrivateKeyFile})"
VAPID_PUBLIC_KEY="$(cat ${cfg.vapidPublicKeyFile})"
'' + lib.optionalString (cfg.redis.passwordFile != null)''
REDIS_PASSWORD="$(cat ${cfg.redis.passwordFile})"
'' + lib.optionalString (cfg.database.passwordFile != null) ''
DB_PASS="$(cat ${cfg.database.passwordFile})"
'' + lib.optionalString cfg.smtp.authenticate ''
@ -751,9 +779,11 @@ in {
systemd.services.mastodon-web = {
after = [ "network.target" "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
requires = [ "mastodon-init-dirs.service" ]
++ lib.optional redisActuallyCreateLocally "redis-mastodon.service"
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
wantedBy = [ "mastodon.target" ];
@ -834,11 +864,14 @@ in {
enable = true;
hostname = lib.mkDefault "${cfg.localDomain}";
};
services.redis.servers.mastodon = lib.mkIf (cfg.redis.createLocally && cfg.redis.host == "127.0.0.1") {
enable = true;
port = cfg.redis.port;
bind = "127.0.0.1";
};
services.redis.servers.mastodon = lib.mkIf redisActuallyCreateLocally (lib.mkMerge [
{
enable = true;
}
(lib.mkIf (!cfg.redis.enableUnixSocket) {
port = cfg.redis.port;
})
]);
services.postgresql = lib.mkIf databaseActuallyCreateLocally {
enable = true;
ensureUsers = [
@ -859,6 +892,7 @@ in {
};
})
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package pkgs.imagemagick ])
(lib.mkIf (cfg.redis.createLocally && cfg.redis.enableUnixSocket) {${config.services.mastodon.user}.extraGroups = [ "redis-mastodon" ];})
];
users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;

19
nixos/modules/services/web-apps/photoprism.nix
View file

@ -12,17 +12,14 @@ let
lib.mapAttrs (_: toString) cfg.settings
);
manage =
let
setupEnv = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: val: "export ${name}=${lib.escapeShellArg val}") env);
in
pkgs.writeShellScript "manage" ''
${setupEnv}
eval "$(${config.systemd.package}/bin/systemctl show -pUID,MainPID photoprism.service | ${pkgs.gnused}/bin/sed "s/UID/ServiceUID/")"
exec ${pkgs.util-linux}/bin/nsenter \
-t $MainPID -m -S $ServiceUID -G $ServiceUID --wdns=${cfg.storagePath} \
${cfg.package}/bin/photoprism "$@"
'';
manage = pkgs.writeShellScript "manage" ''
set -o allexport # Export the following env vars
${lib.toShellVars env}
eval "$(${config.systemd.package}/bin/systemctl show -pUID,MainPID photoprism.service | ${pkgs.gnused}/bin/sed "s/UID/ServiceUID/")"
exec ${pkgs.util-linux}/bin/nsenter \
-t $MainPID -m -S $ServiceUID -G $ServiceUID --wdns=${cfg.storagePath} \
${cfg.package}/bin/photoprism "$@"
'';
in
{
meta.maintainers = with lib.maintainers; [ stunkymonkey ];

7
nixos/modules/system/boot/kernel.nix
View file

@ -81,6 +81,13 @@ in
extraStructuredConfig.FOO = lib.kernel.yes;
features.foo = true;
}
{
name = "foo-ml-mbox";
patch = (fetchurl {
url = "https://lore.kernel.org/lkml/19700205182810.58382-1-email@domain/t.mbox.gz";
hash = "sha256-...";
});
}
]
'';
description = lib.mdDoc ''

6
nixos/modules/system/boot/systemd/oomd.nix
View file

@ -49,15 +49,15 @@ in {
systemd.slices."-".sliceConfig = lib.mkIf cfg.enableRootSlice {
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "80%";
ManagedOOMMemoryPressureLimit = lib.mkDefault "80%";
};
systemd.slices."system".sliceConfig = lib.mkIf cfg.enableSystemSlice {
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "80%";
ManagedOOMMemoryPressureLimit = lib.mkDefault "80%";
};
systemd.slices."user-".sliceConfig = lib.mkIf cfg.enableUserSlices {
ManagedOOMMemoryPressure = "kill";
ManagedOOMMemoryPressureLimit = "80%";
ManagedOOMMemoryPressureLimit = lib.mkDefault "80%";
};
systemd.user.units."slice" = lib.mkIf cfg.enableUserSlices {
text = ''

2
nixos/tests/all-tests.nix
View file

@ -799,7 +799,7 @@ in {
solanum = handleTest ./solanum.nix {};
sonarr = handleTest ./sonarr.nix {};
sonic-server = handleTest ./sonic-server.nix {};
sourcehut = handleTest ./sourcehut.nix {};
sourcehut = handleTest ./sourcehut {};
spacecookie = handleTest ./spacecookie.nix {};
spark = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./spark {};
sqlite3-to-mysql = handleTest ./sqlite3-to-mysql.nix {};

30
nixos/tests/go-camo.nix Normal file
View file

@ -0,0 +1,30 @@
{ system ? builtins.currentSystem, config ? { }
, pkgs ? import ../.. { inherit system config; } }:
with import ../lib/testing-python.nix { inherit system pkgs; };
{
gocamo_file_key = let
key_val = "12345678";
in
makeTest {
name = "go-camo-file-key";
meta = {
maintainers = [ pkgs.lib.maintainers.viraptor ];
};
nodes.machine = { config, pkgs, ... }: {
services.go-camo = {
enable = true;
keyFile = pkgs.writeText "foo" key_val;
};
};
# go-camo responds to http requests
testScript = ''
machine.wait_for_unit("go-camo.service")
machine.wait_for_open_port(8080)
machine.succeed("curl http://localhost:8080")
'';
};
}

2
nixos/tests/keepalived.nix
View file

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "keepalived";
maintainers = [ lib.maintainers.raitobezarius ];
meta.maintainers = [ lib.maintainers.raitobezarius ];
nodes = {
node1 = { pkgs, ... }: {

13
nixos/tests/knot.nix
View file

@ -114,13 +114,16 @@ in {
services.knot.extraArgs = [ "-v" ];
services.knot.settings = {
server = {
listen = [
"0.0.0.0@53"
"::@53"
];
automatic-acl = true;
};
xdp = {
listen = [
"eth1"
];
tcp = true;
};
remote.primary = {
address = "192.168.0.1@53";
key = "xfr_key";
@ -140,7 +143,7 @@ in {
"sub.example.com".file = "sub.example.com.zone";
};
log.syslog.any = "info";
log.syslog.any = "debug";
};
};
client = { lib, nodes, ... }: {

3
nixos/tests/lemmy.nix
View file

@ -51,7 +51,8 @@ in
with subtest("the backend starts and responds"):
server.wait_for_open_port(${toString backendPort})
server.succeed("curl --fail localhost:${toString backendPort}/api/v3/site")
# wait until succeeds, it just needs few seconds for migrations, but lets give it 10s max
server.wait_until_succeeds("curl --fail localhost:${toString backendPort}/api/v3/site", 10)
with subtest("the UI starts and responds"):
server.wait_for_unit("lemmy-ui.service")

3
nixos/tests/prometheus-exporters.nix
View file

@ -218,6 +218,9 @@ let
services.dnsmasq.enable = true;
};
exporterTest = ''
wait_for_unit("dnsmasq.service")
wait_for_open_port(53)
wait_for_file("/var/lib/dnsmasq/dnsmasq.leases")
wait_for_unit("prometheus-dnsmasq-exporter.service")
wait_for_open_port(9153)
succeed("curl -sSf http://localhost:9153/metrics | grep 'dnsmasq_leases 0'")

16
nixos/tests/qownnotes.nix
View file

@ -21,6 +21,7 @@ import ./make-test-python.nix ({ lib, pkgs, ...} :
enableOCR = true;
# https://nixos.org/manual/nixos/stable/#ssec-machine-objects
testScript = { nodes, ... }: let
aliceDo = cmd: ''machine.succeed("su - alice -c '${cmd}' >&2 &");'';
in ''
@ -52,8 +53,13 @@ import ./make-test-python.nix ({ lib, pkgs, ...} :
machine.wait_for_text("App metric")
machine.send_key("ret")
# Doesn't work for non-root
#machine.wait_for_window("QOwnNotes - ${pkgs.qownnotes.version}")
# OCR doesn't seem to be able any more to handle the main window
#machine.wait_for_text("QOwnNotes - ${pkgs.qownnotes.version}")
# The main window should now show up
machine.wait_for_text("QOwnNotes - ${pkgs.qownnotes.version}")
machine.wait_for_open_port(22222)
machine.wait_for_console_text("QOwnNotes server listening on port 22222")
@ -63,7 +69,13 @@ import ./make-test-python.nix ({ lib, pkgs, ...} :
machine.send_key("ctrl-n")
machine.sleep(1)
machine.send_chars("This is a NixOS test!\n")
machine.wait_for_text("This is a NixOS test!")
machine.wait_until_succeeds("find /home/alice/Notes -type f | grep -qi 'Note 2'")
# OCR doesn't seem to be able any more to handle the main window
#machine.wait_for_text("This is a NixOS test!")
# Doesn't work for non-root
#machine.wait_for_window("- QOwnNotes - ${pkgs.qownnotes.version}")
machine.screenshot("QOwnNotes-NewNote")
'';

2
nixos/tests/slurm.nix
View file

@ -45,7 +45,7 @@ let
'';
in pkgs.runCommand "mpitest" {} ''
mkdir -p $out/bin
${pkgs.openmpi}/bin/mpicc ${mpitestC} -o $out/bin/mpitest
${lib.getDev pkgs.mpi}/bin/mpicc ${mpitestC} -o $out/bin/mpitest
'';
in {
name = "slurm";

252
nixos/tests/sourcehut.nix
View file

@ -1,252 +0,0 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
domain = "sourcehut.localdomain";
# Note that wildcard certificates just under the TLD (eg. *.com)
# would be rejected by clients like curl.
tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 36500 \
-subj '/CN=${domain}' -extensions v3_req \
-addext 'subjectAltName = DNS:*.${domain}'
install -D -t $out key.pem cert.pem
'';
images = {
nixos.unstable.x86_64 =
let
systemConfig = { pkgs, ... }: {
# passwordless ssh server
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = true;
};
};
users = {
mutableUsers = false;
# build user
extraUsers."build" = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
password = "";
};
users.root.password = "";
};
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "root" "build" ];
documentation.nixos.enable = false;
# builds.sr.ht-image-specific network settings
networking = {
hostName = "build";
dhcpcd.enable = false;
defaultGateway.address = "10.0.2.2";
usePredictableInterfaceNames = false;
interfaces."eth0".ipv4.addresses = [{
address = "10.0.2.15";
prefixLength = 25;
}];
enableIPv6 = false;
nameservers = [
# OpenNIC anycast
"185.121.177.177"
"169.239.202.202"
# Google
"8.8.8.8"
];
firewall.allowedTCPPorts = [ 22 ];
};
environment.systemPackages = [
pkgs.gitMinimal
#pkgs.mercurial
pkgs.curl
pkgs.gnupg
];
};
qemuConfig = { pkgs, ... }: {
imports = [ systemConfig ];
fileSystems."/".device = "/dev/disk/by-label/nixos";
boot.initrd.availableKernelModules = [
"ahci"
"ehci_pci"
"sd_mod"
"usb_storage"
"usbhid"
"virtio_balloon"
"virtio_blk"
"virtio_pci"
"virtio_ring"
"xhci_pci"
];
boot.loader = {
grub = {
version = 2;
device = "/dev/vda";
};
timeout = 0;
};
};
config = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
inherit pkgs; modules = [ qemuConfig ];
system = "x86_64-linux";
}).config;
in
import (pkgs.path + "/nixos/lib/make-disk-image.nix") {
inherit pkgs lib config;
diskSize = 16000;
format = "qcow2-compressed";
contents = [
{ source = pkgs.writeText "gitconfig" ''
[user]
name = builds.sr.ht
email = build@sr.ht
'';
target = "/home/build/.gitconfig";
user = "build";
group = "users";
mode = "644";
}
];
};
};
in
{
name = "sourcehut";
meta.maintainers = [ pkgs.lib.maintainers.tomberek ];
nodes.machine = { config, pkgs, nodes, ... }: {
# buildsrht needs space
virtualisation.diskSize = 4 * 1024;
virtualisation.memorySize = 2 * 1024;
networking.domain = domain;
networking.enableIPv6 = false;
networking.extraHosts = ''
${config.networking.primaryIPAddress} builds.${domain}
${config.networking.primaryIPAddress} git.${domain}
${config.networking.primaryIPAddress} meta.${domain}
'';
services.sourcehut = {
enable = true;
nginx.enable = true;
nginx.virtualHost = {
forceSSL = true;
sslCertificate = "${tls-cert}/cert.pem";
sslCertificateKey = "${tls-cert}/key.pem";
};
postgresql.enable = true;
redis.enable = true;
meta.enable = true;
builds = {
enable = true;
# FIXME: see why it does not seem to activate fully.
#enableWorker = true;
inherit images;
};
git.enable = true;
settings."sr.ht" = {
global-domain = config.networking.domain;
service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01";
network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ=";
};
settings."builds.sr.ht" = {
oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc";
oauth-client-id = "299db9f9c2013170";
};
settings."git.sr.ht" = {
oauth-client-secret = pkgs.writeText "gitsrht-oauth-client-secret" "3597288dc2c716e567db5384f493b09d";
oauth-client-id = "d07cb713d920702e";
};
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
settings.mail = {
smtp-from = "root+hut@${domain}";
# WARNING: take care to keep pgp-privkey outside the Nix store in production,
# or use LoadCredentialEncrypted=
pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" ''
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv
cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp
bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA
BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi
2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h
Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv
D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2
cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC
GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN
xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG
=Hjoc
-----END PGP PRIVATE KEY BLOCK-----
'');
pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0
LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg
0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ
JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt
H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ
3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL
8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6
3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE
xy+wKRdhGy/evLT/w9oSBg==
=pJD7
-----END PGP PUBLIC KEY BLOCK-----
'';
pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9";
};
};
networking.firewall.allowedTCPPorts = [ 443 ];
security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
services.postgresql = {
enable = true;
enableTCPIP = false;
settings.unix_socket_permissions = "0770";
};
};
testScript = ''
start_all()
machine.wait_for_unit("multi-user.target")
# Testing metasrht
machine.wait_for_unit("metasrht-api.service")
machine.wait_for_unit("metasrht.service")
machine.wait_for_unit("metasrht-webhooks.service")
machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
# Testing buildsrht
machine.wait_for_unit("buildsrht.service")
machine.wait_for_open_port(5002)
machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}")
#machine.wait_for_unit("buildsrht-worker.service")
# Testing gitsrht
machine.wait_for_unit("gitsrht-api.service")
machine.wait_for_unit("gitsrht.service")
machine.wait_for_unit("gitsrht-webhooks.service")
machine.succeed("curl -sL http://git.${domain} | grep git.${domain}")
'';
})

54
nixos/tests/sourcehut/builds.nix Normal file
View file

@ -0,0 +1,54 @@
import ../make-test-python.nix ({ pkgs, lib, ... }:
let
domain = "sourcehut.localdomain";
in
{
name = "sourcehut";
meta.maintainers = with pkgs.lib.maintainers; [ tomberek nessdoor ];
nodes.machine = { config, pkgs, nodes, ... }: {
imports = [
./nodes/common.nix
];
networking.domain = domain;
networking.extraHosts = ''
${config.networking.primaryIPAddress} builds.${domain}
${config.networking.primaryIPAddress} meta.${domain}
'';
services.sourcehut = {
builds = {
enable = true;
# FIXME: see why it does not seem to activate fully.
#enableWorker = true;
images = { };
};
settings."builds.sr.ht" = {
oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc";
oauth-client-id = "299db9f9c2013170";
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("multi-user.target")
with subtest("Check whether meta comes up"):
machine.wait_for_unit("metasrht-api.service")
machine.wait_for_unit("metasrht.service")
machine.wait_for_unit("metasrht-webhooks.service")
machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
with subtest("Check whether builds comes up"):
machine.wait_for_unit("buildsrht.service")
machine.wait_for_open_port(5002)
machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}")
#machine.wait_for_unit("buildsrht-worker.service")
'';
})

6
nixos/tests/sourcehut/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ system, pkgs, ... }:
{
git = import ./git.nix { inherit system pkgs; };
builds = import ./builds.nix { inherit system pkgs; };
}

96
nixos/tests/sourcehut/git.nix Normal file
View file

@ -0,0 +1,96 @@
import ../make-test-python.nix ({ pkgs, lib, ... }:
let
domain = "sourcehut.localdomain";
in
{
name = "sourcehut";
meta.maintainers = with pkgs.lib.maintainers; [ tomberek nessdoor ];
nodes.machine = { config, pkgs, nodes, ... }: {
imports = [
./nodes/common.nix
];
networking.domain = domain;
networking.extraHosts = ''
${config.networking.primaryIPAddress} git.${domain}
${config.networking.primaryIPAddress} meta.${domain}
'';
services.sourcehut = {
git.enable = true;
settings."git.sr.ht" = {
oauth-client-secret = pkgs.writeText "gitsrht-oauth-client-secret" "3597288dc2c716e567db5384f493b09d";
oauth-client-id = "d07cb713d920702e";
};
};
environment.systemPackages = with pkgs; [
git
];
};
testScript =
let
userName = "nixos-test";
userPass = "AutoNixosTestPwd";
hutConfig = pkgs.writeText "hut-config" ''
instance "${domain}" {
# Will be replaced at runtime with the generated token
access-token "OAUTH-TOKEN"
}
'';
sshConfig = pkgs.writeText "ssh-config" ''
Host git.${domain}
IdentityFile = ~/.ssh/id_rsa
'';
in
''
start_all()
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("sshd.service")
with subtest("Check whether meta comes up"):
machine.wait_for_unit("metasrht-api.service")
machine.wait_for_unit("metasrht.service")
machine.wait_for_unit("metasrht-webhooks.service")
machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
with subtest("Create a new user account and OAuth access key"):
machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\
-t active_paying ${userName}");
(_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}")
token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed
machine.execute("mkdir -p ~/.config/hut/")
machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config")
with subtest("Check whether git comes up"):
machine.wait_for_unit("gitsrht-api.service")
machine.wait_for_unit("gitsrht.service")
machine.wait_for_unit("gitsrht-webhooks.service")
machine.succeed("curl -sL http://git.${domain} | grep git.${domain}")
with subtest("Add an SSH key for Git access"):
machine.execute("ssh-keygen -q -N \"\" -t rsa -f ~/.ssh/id_rsa")
machine.execute("cat ${sshConfig} > ~/.ssh/config")
machine.succeed("hut meta ssh-key create ~/.ssh/id_rsa.pub")
with subtest("Create a new repo and push contents to it"):
machine.execute("git init test")
machine.execute("echo \"Hello world!\" > test/hello.txt")
machine.execute("cd test && git add .")
machine.execute("cd test && git commit -m \"Initial commit\"")
machine.execute("cd test && git tag v0.1")
machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test")
machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts")
machine.succeed("hut git create test")
machine.succeed("cd test && git push --tags --set-upstream origin master")
with subtest("Verify that the repo is downloadable and its contents match the original"):
machine.succeed("curl https://git.${domain}/~${userName}/test/archive/v0.1.tar.gz | tar -xz")
machine.succeed("diff test-v0.1/hello.txt test/hello.txt")
'';
})

107
nixos/tests/sourcehut/nodes/common.nix Normal file
View file

@ -0,0 +1,107 @@
{ config, pkgs, nodes, ... }:
let
domain = config.networking.domain;
# Note that wildcard certificates just under the TLD (eg. *.com)
# would be rejected by clients like curl.
tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 36500 \
-subj '/CN=${domain}' -extensions v3_req \
-addext 'subjectAltName = DNS:*.${domain}'
install -D -t $out key.pem cert.pem
'';
in
{
# buildsrht needs space
virtualisation.diskSize = 4 * 1024;
virtualisation.memorySize = 2 * 1024;
networking.enableIPv6 = false;
services.sourcehut = {
enable = true;
nginx.enable = true;
nginx.virtualHost = {
forceSSL = true;
sslCertificate = "${tls-cert}/cert.pem";
sslCertificateKey = "${tls-cert}/key.pem";
};
postgresql.enable = true;
redis.enable = true;
meta.enable = true;
settings."sr.ht" = {
environment = "production";
global-domain = config.networking.domain;
service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01";
network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ=";
};
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
settings.mail = {
smtp-from = "root+hut@${domain}";
# WARNING: take care to keep pgp-privkey outside the Nix store in production,
# or use LoadCredentialEncrypted=
pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" ''
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv
cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp
bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA
BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi
2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h
Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv
D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2
cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC
GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN
xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG
=Hjoc
-----END PGP PRIVATE KEY BLOCK-----
'');
pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0
LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg
0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ
JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt
H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ
3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL
8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6
3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE
xy+wKRdhGy/evLT/w9oSBg==
=pJD7
-----END PGP PUBLIC KEY BLOCK-----
'';
pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
services.postgresql = {
enable = true;
enableTCPIP = false;
settings.unix_socket_permissions = "0770";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "no";
};
environment.systemPackages = with pkgs; [
hut # For interacting with the Sourcehut APIs via CLI
srht-gen-oauth-tok # To automatically generate user OAuth tokens
];
}

2
nixos/tests/web-apps/mastodon/default.nix
View file

@ -5,5 +5,5 @@ let
in
{
standard = handleTestOn supportedSystems ./standard.nix { inherit system; };
remote-postgresql = handleTestOn supportedSystems ./remote-postgresql.nix { inherit system; };
remote-databases = handleTestOn supportedSystems ./remote-databases.nix { inherit system; };
}

38
nixos/tests/web-apps/mastodon/remote-postgresql.nix → nixos/tests/web-apps/mastodon/remote-databases.nix
View file

@ -16,7 +16,14 @@ in
meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin ];
nodes = {
database = { config, ... }: {
databases = { config, ... }: {
environment = {
etc = {
"redis/password-redis-db".text = ''
ogjhJL8ynrP7MazjYOF6
'';
};
};
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -24,7 +31,17 @@ in
];
};
extraHosts = hosts;
firewall.allowedTCPPorts = [ config.services.postgresql.port ];
firewall.allowedTCPPorts = [
config.services.redis.servers.mastodon.port
config.services.postgresql.port
];
};
services.redis.servers.mastodon = {
enable = true;
bind = "0.0.0.0";
port = 31637;
requirePassFile = "/etc/redis/password-redis-db";
};
services.postgresql = {
@ -83,6 +100,9 @@ in
environment = {
etc = {
"mastodon/password-redis-db".text = ''
ogjhJL8ynrP7MazjYOF6
'';
"mastodon/password-posgressql-db".text = ''
SoDTZcISc3f1M1LJsRLT
'';
@ -108,6 +128,12 @@ in
localDomain = "mastodon.local";
enableUnixSocket = false;
streamingProcesses = 2;
redis = {
createLocally = false;
host = "192.168.2.102";
port = 31637;
passwordFile = "/etc/mastodon/password-redis-db";
};
database = {
createLocally = false;
host = "192.168.2.102";
@ -151,12 +177,14 @@ in
extraInit = ''
nginx.wait_for_unit("nginx.service")
nginx.wait_for_open_port(443)
database.wait_for_unit("postgresql.service")
database.wait_for_open_port(5432)
databases.wait_for_unit("redis-mastodon.service")
databases.wait_for_unit("postgresql.service")
databases.wait_for_open_port(31637)
databases.wait_for_open_port(5432)
'';
extraShutdown = ''
nginx.shutdown()
database.shutdown()
databases.shutdown()
'';
};
})

1
nixos/tests/web-apps/mastodon/script.nix
View file

@ -8,7 +8,6 @@
${extraInit}
server.wait_for_unit("redis-mastodon.service")
server.wait_for_unit("mastodon-sidekiq-all.service")
server.wait_for_unit("mastodon-streaming.target")
server.wait_for_unit("mastodon-web.service")

7
nixos/tests/web-apps/mastodon/standard.nix
View file

@ -34,12 +34,6 @@ in
pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
};
services.redis.servers.mastodon = {
enable = true;
bind = "127.0.0.1";
port = 31637;
};
# TODO remove once https://github.com/NixOS/nixpkgs/pull/266270 is resolved.
services.postgresql.package = pkgs.postgresql_14;
@ -89,6 +83,7 @@ in
extraInit = ''
server.wait_for_unit("nginx.service")
server.wait_for_open_port(443)
server.wait_for_unit("redis-mastodon.service")
server.wait_for_unit("postgresql.service")
server.wait_for_open_port(5432)
'';

4
pkgs/applications/audio/bitwig-studio/bitwig-studio5.nix
View file

@ -27,11 +27,11 @@
stdenv.mkDerivation rec {
pname = "bitwig-studio";
version = "5.0.11";
version = "5.1.3";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";
sha256 = "sha256-c9bRWVWCC9hLxmko6EHgxgmghrxskJP4PQf3ld2BHoY=";
sha256 = "sha256-1/iKezOD2HCym6JBXRa9rGpjolJjrxRZA4vwfgZyVng=";
};
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];

6
pkgs/applications/audio/gtkcord4/default.nix
View file

@ -18,13 +18,13 @@
buildGoModule rec {
pname = "gtkcord4";
version = "0.0.18";
version = "0.0.19";
src = fetchFromGitHub {
owner = "diamondburned";
repo = pname;
rev = "v${version}";
hash = "sha256-J76MkbXtlrRIyQEbNlHFNpAW9+mXcOcrx9ahMQ61NL4=";
hash = "sha256-TOrAUTYS4J4W1wZvP1TxZf5Nel29YCPoWPN7GYNomkc=";
};
nativeBuildInputs = [
@ -56,7 +56,7 @@ buildGoModule rec {
install -D -m 444 internal/icons/hicolor/scalable/apps/logo.svg $out/share/icons/hicolor/scalable/apps/gtkcord4.svg
'';
vendorHash = "sha256-BDR67P4Gxveg2FpxijT0eWjUciGDO+l02QmBUxVb99c=";
vendorHash = "sha256-dJm+v7/2+TQWoU7G1uOpie6KN5W0JqfLU4mF8mghV4A=";
meta = with lib; {
description = "GTK4 Discord client in Go, attempt #4";

4
pkgs/applications/audio/mympd/default.nix
View file

@ -16,13 +16,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "mympd";
version = "14.0.2";
version = "14.0.3";
src = fetchFromGitHub {
owner = "jcorporation";
repo = "myMPD";
rev = "v${finalAttrs.version}";
sha256 = "sha256-tyNX/bPKg4aWDnSrzymdcz5ZbTlyowuoizm6kQngHj8=";
sha256 = "sha256-lVGQc33bntvvMMNn8DCYwWGbbRGYvDi6Gxs41t3uLXs=";
};
nativeBuildInputs = [

4
pkgs/applications/audio/noson/default.nix
View file

@ -13,13 +13,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "noson";
version = "5.6.3";
version = "5.6.5";
src = fetchFromGitHub {
owner = "janbar";
repo = "noson-app";
rev = finalAttrs.version;
hash = "sha256-Yv5p9yAEhJHm9ZDZlR76z10oGBNpdifR7ITXcAHIb54=";
hash = "sha256-UAhaTfj2lCBmHoVEK5IvJfJ9d1OSuZZ+3f5HaTx8hhA=";
};
nativeBuildInputs = [

2946
pkgs/applications/audio/waylyrics/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

68
pkgs/applications/audio/waylyrics/default.nix
View file

@ -1,59 +1,61 @@
{ lib, fetchFromGitHub, rustPlatform, gtk4, pkg-config, openssl, dbus, wrapGAppsHook4, glib, makeDesktopItem, copyDesktopItems }:
{ lib
, rustPlatform
, fetchFromGitHub
, pkg-config
, wrapGAppsHook4
, openssl
, dbus
}:
rustPlatform.buildRustPackage rec {
pname = "waylyrics";
version = "unstable-2023-05-14";
version = "0.2.4";
src = fetchFromGitHub {
owner = "poly000";
repo = pname;
rev = "7e8bd99e1748a5448c1a5c49f0664bd96fbf965e";
hash = "sha256-vSYtLsLvRHCCHxomPSHifXFZKjkFrlskNp7IlFflrUU=";
repo = "waylyrics";
rev = "v${version}";
hash = "sha256-Tpsk1KL+QSiv8aWl8N5hextKnhMulI3YWtQvB6IIdmQ=";
};
cargoHash = "sha256-dpJa0T6xapCBPM5fWbSDEhBlZ55c3Sr5oTnu58B/voM=";
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"ncmapi-0.1.13" = "sha256-wh9RsyuS1L7rnz1jh2A27s6wUvyH8cNgUywPORIimmg=";
"qqmusic-rs-0.1.0" = "sha256-woLsO0n+m3EBUI+PRLio7iLp0UPQSliWK0djCSZEaZc=";
};
};
nativeBuildInputs = [ pkg-config wrapGAppsHook4 copyDesktopItems ];
buildInputs = [ gtk4 openssl dbus glib ];
postPatch = ''
cp ${./Cargo.lock} Cargo.lock
'';
RUSTC_BOOTSTRAP = 1;
nativeBuildInputs = [ pkg-config wrapGAppsHook4 ];
buildInputs = [ openssl dbus ];
doCheck = false; # No tests defined in the project.
doCheck = false; # Requires network access
WAYLYRICS_DEFAULT_CONFIG = "${placeholder "out"}/share/waylyrics/config.toml";
WAYLYRICS_THEME_PRESETS_DIR = "${placeholder "out"}/share/waylyrics/themes";
desktopItems = [
(makeDesktopItem {
name = "io.poly000.waylyrics";
exec = "waylyrics";
comment = "Simple on screen lyrics for MPRIS-friendly players";
type = "Application";
icon = "io.poly000.waylyrics";
desktopName = "Waylyrics";
terminal = false;
categories = [ "Audio" "AudioVideo" ];
})
];
postInstall = ''
$out/bin/gen_config_example
mkdir -p $out/share/waylyrics
install -Dm644 config.toml $WAYLYRICS_DEFAULT_CONFIG
cp -vr themes $out/share/waylyrics/
rm $out/bin/gen_config_example # Unnecessary for end users
# Install themes
install -d $WAYLYRICS_THEME_PRESETS_DIR
cp -vr themes/* $WAYLYRICS_THEME_PRESETS_DIR
# Install desktop entry
install -Dm644 io.poly000.waylyrics.desktop -t $out/share/applications
# Install schema
install -Dm644 io.poly000.waylyrics.gschema.xml -t $out/share/gsettings-schemas/$name/glib-2.0/schemas
glib-compile-schemas $out/share/gsettings-schemas/$name/glib-2.0/schemas/
# Install icons
cp -vr res/icons $out/share/
install -d $out/share/icons
cp -vr res/icons/hicolor $out/share/icons/hicolor
'';
meta = with lib; {
description = "On screen lyrics for Wayland with NetEase Music source";
description = "Desktop lyrics with QQ and NetEase Music source";
homepage = "https://github.com/poly000/waylyrics";
license = licenses.mit;
maintainers = [ maintainers.shadowrz ];
license = with licenses; [ mit cc-by-40 ];
maintainers = with maintainers; [ shadowrz aleksana ];
platforms = platforms.linux;
};
}

3
pkgs/applications/blockchains/aeon/default.nix
View file

@ -33,6 +33,9 @@ stdenv.mkDerivation {
hardeningDisable = [ "fortify" ];
meta = with lib; {
# Does not build against gcc-13. No development activity upstream
# for past few years.
broken = true;
description = "Private, secure, untraceable currency";
homepage = "http://www.aeon.cash/";
license = licenses.bsd3;

6
pkgs/applications/blockchains/bitcoin-abc/default.nix
View file

@ -15,6 +15,7 @@
, protobuf
, qrencode
, libevent
, libnatpmp
, sqlite
, withGui
, python3
@ -24,13 +25,13 @@
mkDerivation rec {
pname = "bitcoin" + lib.optionalString (!withGui) "d" + "-abc";
version = "0.26.2";
version = "0.28.9";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
sha256 = "0gz4713lk3alk3ykwq1bdqjywadrfrnb7n2878136g01n87j00az";
hash = "sha256-VK9/qL3rFdU7O62FwEdr3WD4VWli8KGZH9hcbTaVHGQ=";
};
nativeBuildInputs = [ pkg-config cmake ];
@ -41,6 +42,7 @@ mkDerivation rec {
zlib
python3
jemalloc
libnatpmp
zeromq4
miniupnpc
util-linux

6
pkgs/applications/blockchains/optimism/default.nix
View file

@ -6,19 +6,19 @@
buildGoModule rec {
pname = "optimism";
version = "1.5.1";
version = "1.6.1";
src = fetchFromGitHub {
owner = "ethereum-optimism";
repo = "optimism";
rev = "op-node/v${version}";
hash = "sha256-oVrm1mK2yw5IF7WZCwDQ1U/JdYvUPKJY/kzRSp6Pzwo=";
hash = "sha256-ic5OHGxU/crq6IqqUnzAC+99KpCXUKFagnAKD4FtYBI=";
fetchSubmodules = true;
};
subPackages = [ "op-node/cmd" "op-proposer/cmd" "op-batcher/cmd" ];
vendorHash = "sha256-QDpCGfykTUIgPQxHH8qIfmOsQrcQfZ3/vwjsuvUo1Fo=";
vendorHash = "sha256-zuATJ5FBdil9bHgkMf32WuTW6/99GIsGCzI5srP21m8=";
buildInputs = [
libpcap

4
pkgs/applications/editors/vim/plugins/deprecated.json
View file

@ -23,6 +23,10 @@
"date": "2023-08-19",
"new": "nvchad-ui"
},
"nvim-base16": {
"date": "2024-02-15",
"new": "base16-nvim"
},
"nvim-bufferline-lua": {
"date": "2021-08-22",
"new": "bufferline-nvim"

1366
pkgs/applications/editors/vim/plugins/generated.nix
View file

File diff suppressed because it is too large Load diff

665
pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix
View file

File diff suppressed because it is too large Load diff

10
pkgs/applications/editors/vim/plugins/overrides.nix
View file

@ -549,6 +549,12 @@
'';
});
elixir-tools-nvim = super.elixir-tools-nvim.overrideAttrs {
fixupPhase = ''
patchShebangs $(find $out/bin/ -type f -not -name credo-language-server)
'';
};
executor-nvim = super.executor-nvim.overrideAttrs {
dependencies = with self; [ nui-nvim ];
};
@ -988,7 +994,7 @@
inherit (old) version src;
sourceRoot = "source/spectre_oxi";
cargoHash = "sha256-y2ZIgOApIShkIesXmItPKDO6XjFrG4GS5HCPncJUmN8=";
cargoHash = "sha256-822+3s6FJVqBRYJAL/89bJfGv8fNhSN3nQelB29mXvQ=";
preCheck = ''
@ -1124,7 +1130,7 @@
pname = "sg-nvim-rust";
inherit (old) version src;
cargoHash = "sha256-BDNFZ/7nnfvtBA7T6a7MDNJsq/cOI9tgW0kxUoIcbV8=";
cargoHash = "sha256-nlPSsp/HbS1DxhOHh5+7x1re46oiQa9FQMLClc7TQLg=";
nativeBuildInputs = [ pkg-config ];

9
pkgs/applications/editors/vim/plugins/vim-plugin-names
View file

@ -78,11 +78,12 @@ https://github.com/nullishamy/autosave.nvim/,HEAD,
https://github.com/rafi/awesome-vim-colorschemes/,,
https://github.com/ayu-theme/ayu-vim/,,
https://github.com/taybart/b64.nvim/,HEAD,
https://github.com/m00qek/baleia.nvim/,HEAD,
https://github.com/romgrk/barbar.nvim/,,
https://github.com/utilyre/barbecue.nvim/,,
https://github.com/RRethy/base16-nvim/,,
https://github.com/chriskempson/base16-vim/,,
https://github.com/nvchad/base46/,HEAD,
https://github.com/IogaMaster/neocord.git,main,
https://github.com/jamespwilliams/bat.vim/,HEAD,
https://github.com/vim-scripts/bats.vim/,,
https://github.com/rbgrouleff/bclose.vim/,,
@ -512,6 +513,7 @@ https://github.com/Shougo/neco-vim/,,
https://github.com/nvim-neo-tree/neo-tree.nvim/,HEAD,
https://github.com/Shougo/neocomplete.vim/,,
https://github.com/folke/neoconf.nvim/,HEAD,
https://github.com/IogaMaster/neocord/,main,
https://github.com/KeitaNakamura/neodark.vim/,,
https://github.com/folke/neodev.nvim/,HEAD,
https://github.com/sbdchd/neoformat/,,
@ -574,13 +576,12 @@ https://github.com/MunifTanjim/nui.nvim/,main,
https://github.com/jose-elias-alvarez/null-ls.nvim/,,
https://github.com/nacro90/numb.nvim/,,
https://github.com/nvchad/nvchad/,HEAD,
https://github.com/altermo/ultimate-autopair.nvim.git,HEAD,
https://github.com/ChristianChiarulli/nvcode-color-schemes.vim/,,
https://github.com/catppuccin/nvim/,,catppuccin-nvim
https://github.com/AckslD/nvim-FeMaco.lua/,HEAD,
https://github.com/nathanmsmith/nvim-ale-diagnostic/,,
https://github.com/windwp/nvim-autopairs/,,
https://github.com/RRethy/nvim-base16/,,
https://github.com/Canop/nvim-bacon/,HEAD,
https://github.com/code-biscuits/nvim-biscuits/,HEAD,
https://github.com/kevinhwang91/nvim-bqf/,,
https://github.com/ojroques/nvim-bufdel/,,
@ -795,6 +796,7 @@ https://github.com/srcery-colors/srcery-vim/,,
https://github.com/chr4/sslsecure.vim/,,
https://github.com/cshuaimin/ssr.nvim/,HEAD,
https://github.com/luukvbaal/stabilize.nvim/,,
https://github.com/tamton-aquib/staline.nvim/,main,
https://github.com/eigenfoo/stan-vim/,,
https://github.com/josegamez82/starrynight/,HEAD,
https://github.com/darfink/starsearch.vim/,,
@ -890,6 +892,7 @@ https://github.com/leafgarland/typescript-vim/,,
https://github.com/jose-elias-alvarez/typescript.nvim/,,
https://github.com/kaarmu/typst.vim/,HEAD,
https://github.com/nvchad/ui/,HEAD,nvchad-ui
https://github.com/altermo/ultimate-autopair.nvim/,HEAD,
https://github.com/SirVer/ultisnips/,,
https://github.com/mbbill/undotree/,,
https://github.com/chrisbra/unicode.vim/,,

110
pkgs/applications/editors/vscode/extensions/default.nix
View file

@ -98,6 +98,23 @@ let
};
};
aaron-bond.better-comments = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "better-comments";
publisher = "aaron-bond";
version = "3.0.2";
sha256 = "850980f0f5a37f635deb4bf9100baaa83f0b204bbbb25acdb3c96e73778f8197";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/aaron-bond.better-comments/changelog";
description = "Improve your code commenting by annotating with alert, informational, TODOs, and more!";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=aaron-bond.better-comments";
homepage = "https://github.com/aaron-bond/better-comments";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.DataHearth ];
};
};
adpyke.codesnap = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "codesnap";
@ -173,6 +190,23 @@ let
};
};
alexisvt.flutter-snippets = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "flutter-snippets";
publisher = "alexisvt";
version = "3.0.0";
sha256 = "44ac46f826625f0a4aec40f2542f32c161e672ff96f45a548d0bccd9feed04ef";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/alexisvt.flutter-snippets/changelog";
description = "A set of helpful widget snippets for day to day Flutter development";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=alexisvt.flutter-snippets";
homepage = "https://github.com/Alexisvt/flutter-snippets";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.DataHearth ];
};
};
alygin.vscode-tlaplus = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-tlaplus";
@ -753,22 +787,57 @@ let
};
charliermarsh.ruff = buildVscodeMarketplaceExtension {
mktplcRef = {
mktplcRef = let
sources = {
"x86_64-linux" = {
arch = "linux-x64";
sha256 = "sha256-2c0tH/MlDOqeyffcV8ZCy4woogBTcf1GCuPPO8JXaWc=";
};
"x86_64-darwin" = {
arch = "darwin-x64";
sha256 = "sha256-euvGIlO7931N56R5BWKu3F9nSEoDgf+DXk7Hgl1qSUw=";
};
"aarch64-linux" = {
arch = "linux-arm64";
sha256 = "sha256-dGpIHChnfrQbxRZDuoAi4imgStyyPdxdvTQ3lknMYu0=";
};
"aarch64-darwin" = {
arch = "darwin-arm64";
sha256 = "sha256-tElX4C0I5AmpxSHMtqOsxSAUImD1tqArB5fnvhw4LFc=";
};
};
in {
name = "ruff";
publisher = "charliermarsh";
version = "2023.60.0";
sha256 = "sha256-qgwud2gzHLHID45VxDlngFMoks5O3pTHQe+Q7bdf8+I=";
};
version = "2024.4.0";
} // sources.${stdenv.system} or (throw "Unsupported system ${stdenv.system}");
meta = {
license = lib.licenses.mit;
changelog = "https://github.com/astral-sh/ruff-vscode/releases";
description = "Ruff extension for Visual Studio Code";
changelog = "https://marketplace.visualstudio.com/items/charliermarsh.ruff/changelog";
description = "A Visual Studio Code extension with support for the Ruff linter.";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=charliermarsh.ruff";
homepage = "https://github.com/astral-sh/ruff-vscode/";
homepage = "https://github.com/astral-sh/ruff-vscode";
maintainers = [ lib.maintainers.azd325 ];
};
};
christian-kohler.npm-intellisense = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "npm-intellisense";
publisher = "christian-kohler";
version = "1.4.5";
sha256 = "962b851a7cafbd51f34afeb4a0b91e985caff3947e46218a12b448533d8f60ab";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/christian-kohler.npm-intellisense/changelog";
description = "Visual Studio Code plugin that autocompletes npm modules in import statements";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=christian-kohler.npm-intellisense";
homepage = "https://github.com/ChristianKohler/NpmIntellisense";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.DataHearth ];
};
};
chenglou92.rescript-vscode = callPackage ./chenglou92.rescript-vscode { };
chris-hayes.chatgpt-reborn = buildVscodeMarketplaceExtension {
@ -1252,6 +1321,23 @@ let
};
};
ecmel.vscode-html-css = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-html-css";
publisher = "ecmel";
version = "2.0.9";
sha256 = "7c30d57d2ff9986bd5daa2c9f51ec4bb04239ca23a51e971a63f7b93d005d297";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/ecmel.vscode-html-css/changelog";
description = "CSS Intellisense for HTML";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=ecmel.vscode-html-css";
homepage = "https://github.com/ecmel/vscode-html-css";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.DataHearth ];
};
};
editorconfig.editorconfig = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "EditorConfig";
@ -2220,6 +2306,16 @@ let
};
};
karunamurti.haml = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "haml";
publisher = "karunamurti";
version = "1.4.1";
sha256 = "123cwfajakkg2pr0z4v289fzzlhwbxx9dvb5bjc32l3pzvbhq4gv";
};
meta.license = lib.licenses.mit;
};
kddejong.vscode-cfn-lint =
let
inherit (python3Packages) cfn-lint pydot;

16
pkgs/applications/editors/vscode/vscode.nix
View file

@ -30,21 +30,21 @@ let
archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "0nffz9xqm1iny7sqi1pkmnfcski15qsycw9gxir18j51kfzz50wf";
x86_64-darwin = "082m2wwd67ayjadlywqimnmdm8imw6lz0rd8rnwjd2sjksxnrsk8";
aarch64-linux = "0wlm8ajm1xw8lpmnbkzkgvaakfa9gacwi7m2fdyc4822rq7fn09b";
aarch64-darwin = "1rgcljj97f551yr0q5f0vxdkvbhxrbyqrw85gb6qfxpg5d0l7y4f";
armv7l-linux = "1wpslrysi8a6rnx99lq16zx277lnmqjp02q6gxmkpcvrvw27m6yj";
x86_64-linux = "17fzqq44p7ix4ihkg8nq582njjy96a8zz8vz9hl62hdxxg3llgfg";
x86_64-darwin = "12vbkzv2l02wifcjd7amq583vlv0iqixpa2kf5swhl0arww1viqa";
aarch64-linux = "1myv8zy2cycsmnp8xhjbm2lpcad3hj9zh79ywcinc50yncwj6wdl";
aarch64-darwin = "0vvbwcbxf0fmcfyk2y231qd8lxaj869ap865zps6wcdjqr5wnbdq";
armv7l-linux = "04gy6ls3gnbdcg4998widy9b9h04rx1gzp6iml6pi73li1cmfawz";
}.${system} or throwSystem;
in
callPackage ./generic.nix rec {
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.86.1";
version = "1.86.2";
pname = "vscode" + lib.optionalString isInsiders "-insiders";
# This is used for VS Code - Remote SSH test
rev = "31c37ee8f63491495ac49e43b8544550fbae4533";
rev = "903b1e9d8990623e3d7da1df3d33db3e42d80eda";
executableName = "code" + lib.optionalString isInsiders "-insiders";
longName = "Visual Studio Code" + lib.optionalString isInsiders " - Insiders";
@ -68,7 +68,7 @@ in
src = fetchurl {
name = "vscode-server-${rev}.tar.gz";
url = "https://update.code.visualstudio.com/commit:${rev}/server-linux-x64/stable";
sha256 = "1hq6i51d1dhpippc8gmhygw3kj9cx021y54ga58l5b80wvg2cf1y";
sha256 = "06jv2kzxy7p7y7294c4sq6fk6slwk4gfw6jqh79avnq0riy669gv";
};
};

4
pkgs/applications/emulators/duckstation/002-hardcode-vars.diff
View file

@ -1,5 +1,5 @@
diff --git a/src/scmversion/gen_scmversion.sh b/src/scmversion/gen_scmversion.sh
index 9c1dacab..d1f895ee 100755
index 9122cd8..50ed8f9 100755
--- a/src/scmversion/gen_scmversion.sh
+++ b/src/scmversion/gen_scmversion.sh
@@ -10,10 +10,10 @@ else
@ -8,7 +8,7 @@ index 9c1dacab..d1f895ee 100755
-HASH=$(git rev-parse HEAD)
-BRANCH=$(git rev-parse --abbrev-ref HEAD | tr -d '\r\n')
-TAG=$(git describe --tags --dirty --exclude latest --exclude preview --exclude legacy --exclude previous-latest | tr -d '\r\n')
-TAG=$(git describe --dirty | tr -d '\r\n')
-DATE=$(git log -1 --date=iso8601-strict --format=%cd)
+HASH="@gitHash@"
+BRANCH="@gitBranch@"

57
pkgs/applications/emulators/duckstation/default.nix
View file

@ -9,7 +9,7 @@
, extra-cmake-modules
, libXrandr
, libbacktrace
, makeDesktopItem
, makeWrapper
, ninja
, pkg-config
, qtbase
@ -20,18 +20,17 @@
, vulkan-loader
, wayland
, wrapQtAppsHook
, enableWayland ? true
}:
stdenv.mkDerivation (finalAttrs: {
pname = "duckstation";
version = "unstable-2023-09-30";
version = "0.1-6292";
src = fetchFromGitHub {
owner = "stenzek";
repo = "duckstation";
rev = "d5608bf12df7a7e03750cb94a08a3d7999034ae2";
hash = "sha256-ktfZgacjkN6GQb1vLmyTZMr8QmmH12qAvFSIBTjgRSs=";
rev = "0bc42c38aab49030118f507c9783de047769148b";
hash = "sha256-8OavixSwEWihFY2fEdsepR1lqWlTH+//xZRKwb7lFCQ=";
};
patches = [
@ -42,21 +41,19 @@ stdenv.mkDerivation (finalAttrs: {
src = ./002-hardcode-vars.diff;
gitHash = finalAttrs.src.rev;
gitBranch = "master";
gitTag = "0.1-5889-gd5608bf1";
gitDate = "2023-09-30T23:20:09+10:00";
gitTag = "${finalAttrs.version}-g0bc42c38";
gitDate = "2024-02-06T22:47:47+09:00";
})
];
nativeBuildInputs = [
cmake
copyDesktopItems
extra-cmake-modules
ninja
pkg-config
qttools
wrapQtAppsHook
]
++ lib.optionals enableWayland [
extra-cmake-modules
];
buildInputs = [
@ -66,9 +63,6 @@ stdenv.mkDerivation (finalAttrs: {
libbacktrace
qtbase
qtsvg
vulkan-loader
]
++ lib.optionals enableWayland [
qtwayland
wayland
]
@ -78,21 +72,6 @@ stdenv.mkDerivation (finalAttrs: {
cmakeFlags = [
(lib.cmakeBool "BUILD_TESTS" true)
(lib.cmakeBool "ENABLE_WAYLAND" enableWayland)
];
desktopItems = [
(makeDesktopItem {
name = "duckstation-qt";
desktopName = "DuckStation";
genericName = "PlayStation 1 Emulator";
icon = "duckstation";
tryExec = "duckstation-qt";
exec = "duckstation-qt %f";
comment = "Fast PlayStation 1 emulator";
categories = [ "Game" "Emulator" "Qt" ];
type = "Application";
})
];
doCheck = true;
@ -110,14 +89,28 @@ stdenv.mkDerivation (finalAttrs: {
cp -r bin $out/share/duckstation
ln -s $out/share/duckstation/duckstation-qt $out/bin/
install -Dm644 bin/resources/images/duck.png $out/share/pixmaps/duckstation.png
install -Dm644 $src/scripts/org.duckstation.DuckStation.desktop $out/share/applications/org.duckstation.DuckStation.desktop
install -Dm644 $src/scripts/org.duckstation.DuckStation.png $out/share/pixmaps/org.duckstation.DuckStation.png
runHook postInstall
'';
qtWrapperArgs = [
"--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath ([ vulkan-loader ] ++ cubeb.passthru.backendLibs)}"
];
qtWrapperArgs =
let
libPath = lib.makeLibraryPath ([
vulkan-loader
] ++ cubeb.passthru.backendLibs);
in [
"--prefix LD_LIBRARY_PATH : ${libPath}"
];
# https://github.com/stenzek/duckstation/blob/master/scripts/appimage/apprun-hooks/default-to-x11.sh
# Can't avoid the double wrapping, the binary wrapper from qtWrapperArgs doesn't support --run
postFixup = ''
source "${makeWrapper}/nix-support/setup-hook"
wrapProgram $out/bin/duckstation-qt \
--run 'if [[ -z $I_WANT_A_BROKEN_WAYLAND_UI ]]; then export QT_QPA_PLATFORM=xcb; fi'
'';
meta = {
homepage = "https://github.com/stenzek/duckstation";

16
pkgs/applications/emulators/retroarch/cores.nix
View file

@ -48,13 +48,15 @@ let
getCore = repo: (lib.getAttr repo hashesFile);
getCoreSrc = repo:
(lib.pipe repo [
getCore
(x: builtins.removeAttrs x [ "date" ])
fetchFromGitHub
]);
let
inherit (getCore repo) src fetcher;
fetcherFn = {
inherit fetchFromGitHub;
}.${fetcher} or (throw "Unknown fetcher: ${fetcher}");
in
fetcherFn src;
getCoreDate = repo: (getCore repo).date or "unstable-1970-01-01";
getCoreVersion = repo: (getCore repo).version;
mkLibretroCore =
# Sometimes core name != repo name, so you may need to set them differently
@ -67,7 +69,7 @@ let
{ core
, repo ? core
, src ? (getCoreSrc repo)
, version ? (getCoreDate repo)
, version ? (getCoreVersion repo)
, ...
}@args:
import ./mkLibretroCore.nix ({

1161
pkgs/applications/emulators/retroarch/hashes.json
View file

File diff suppressed because it is too large Load diff

68
pkgs/applications/emulators/retroarch/update_cores.py
View file

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -I nixpkgs=./ -i python3 -p "python3.withPackages (ps: with ps; [ requests ])" -p git -p nix-prefetch-github
#!nix-shell -I nixpkgs=./ -i python3 -p "python3.withPackages (ps: with ps; [ ])" -p git -p nix-prefetch-github -p nix-prefetch-scripts
import json
import os
@ -8,8 +8,6 @@ import sys
from concurrent.futures import ThreadPoolExecutor
from pathlib import Path
import requests
SCRIPT_PATH = Path(__file__).absolute().parent
HASHES_PATH = SCRIPT_PATH / "hashes.json"
GET_REPO_THREADS = int(os.environ.get("GET_REPO_THREADS", 8))
@ -19,10 +17,13 @@ GET_REPO_THREADS = int(os.environ.get("GET_REPO_THREADS", 8))
# You may set `deep_clone`, `fetch_submodules` or `leave_dot_git` options to
# `True` and they're similar to `fetchgit` options. Also if for some reason you
# need to pin a specific revision, set `rev` to a commit.
# To generate the hash file for your new core, you can run `update_cores.py
# <core>`. The script needs to be run from the root of your `nixpkgs` clone.
# Do not forget to add your core to `cores.nix` file with the proper overrides
# so the core can be build.
# There is also a `fetcher` option that for now only supports `fetchFromGitHub`
# (see `get_repo_hash()`), but it may be extended in the future if there is a
# need to support fetchers from other source hubs.
# To generate the hash file for your new core, you can run
# `<nixpkgs>/pkgs/applications/emulators/retroarch/update_cores.py <core>`. Do
# not forget to add your core to `cores.nix` file with the proper overrides so
# the core can be build.
CORES = {
"2048": {"repo": "libretro-2048"},
"atari800": {"repo": "libretro-atari800"},
@ -128,30 +129,6 @@ def info(*msg):
print(*msg, file=sys.stderr)
def get_rev_date_fetchFromGitHub(repo, owner, rev):
# https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#get-a-commit
url = f"https://api.github.com/repos/{owner}/{repo}/commits/{rev}"
headers = {
"Accept": "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
}
if token := os.environ.get("GITHUB_TOKEN"):
headers["Authorization"] = f"Bearer {token}"
r = requests.get(url, headers=headers)
try:
j = r.json()
except requests.exceptions.JSONDecodeError:
return None
date = j.get("commit", {}).get("committer", {}).get("date")
if date:
# Date format returned by API: 2023-01-30T06:29:13Z
return f"unstable-{date[:10]}"
else:
return None
def get_repo_hash_fetchFromGitHub(
repo,
owner="libretro",
@ -176,18 +153,24 @@ def get_repo_hash_fetchFromGitHub(
if rev:
extra_args.append("--rev")
extra_args.append(rev)
result = subprocess.run(
["nix-prefetch-github", owner, repo, *extra_args],
check=True,
capture_output=True,
text=True,
)
try:
result = subprocess.run(
["nix-prefetch-github", owner, repo, "--meta", *extra_args],
check=True,
capture_output=True,
text=True,
)
except subprocess.CalledProcessError as ex:
info(f"Error while updating {owner}/{repo}:", ex.stderr)
raise ex
j = json.loads(result.stdout)
date = get_rev_date_fetchFromGitHub(repo, owner, j["rev"])
if date:
j["date"] = date
# Remove False values
return {k: v for k, v in j.items() if v}
return {
"fetcher": "fetchFromGitHub",
# Remove False values
"src": {k: v for k, v in j["src"].items() if v},
"version": f"unstable-{j['meta']['commitDate']}",
}
def get_repo_hash(fetcher="fetchFromGitHub", **kwargs):
@ -229,6 +212,7 @@ def main():
cores = {core: repo for core, repo in CORES.items() if core in cores_to_update}
repo_hashes = get_repo_hashes(cores)
repo_hashes["!comment"] = "Generated with update_cores.py script, do not edit!"
info(f"Generating '{HASHES_PATH}'...")
with open(HASHES_PATH, "w") as f:
f.write(json.dumps(dict(sorted(repo_hashes.items())), indent=4))

6
pkgs/applications/emulators/yuzu/compat-list.nix
View file

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, unstableGitUpdater }:
stdenv.mkDerivation {
pname = "yuzu-compatibility-list";
version = "unstable-2024-02-04";
version = "unstable-2024-02-14";
src = fetchFromGitHub {
owner = "flathub";
repo = "org.yuzu_emu.yuzu";
rev = "963c657c2f852d96b5f203fbb6fafe6c56197ac9";
hash = "sha256-TNvAonMoGpJXjrkBFrBlYoTlwdPEMwiF/YhsOTYEB4k=";
rev = "8ef2f834b7437101d855f49f719474613c6fdfda";
hash = "sha256-RGEx7xediERrBW7vFwmecE3tLCo81zhOIVMnWG+XVd8=";
};
buildCommand = ''

8
pkgs/applications/emulators/yuzu/early-access/sources.nix
View file

@ -1,7 +1,7 @@
# Generated by ./update.sh - do not update manually!
# Last updated: 2024-02-05
# Last updated: 2024-02-15
{
version = "4115";
distHash = "sha256:16dfqlgz7lw909jqa505d69kx9jm0l3hxrfikkqpnvfr2fywkfng";
fullHash = "sha256:1506435pbpb1m8i6qz717wxbinxqbs6c8pq6ymw5zs9dnfh765ms";
version = "4141";
distHash = "sha256:0iy2q12fsnkl485ml6s6lh9j5qvwa7v3y2iy2vlps7rygdiaqxc2";
fullHash = "sha256:0980s2sxwqblyq936j0s7xz49xkfq1zzk50l5qlm5md5x64amf6r";
}

4
pkgs/applications/emulators/yuzu/mainline.nix
View file

@ -36,13 +36,13 @@
}:
stdenv.mkDerivation(finalAttrs: {
pname = "yuzu";
version = "1704";
version = "1715";
src = fetchFromGitHub {
owner = "yuzu-emu";
repo = "yuzu-mainline";
rev = "mainline-0-${finalAttrs.version}";
hash = "sha256-8vIwWahl5JmFlOfMRuec1LiYz4F6mPEH4+p2e1IRBdU=";
hash = "sha256-ctmySxBLI/1/0ekvqOq+FsWq73iHa/awARtCgZ/ztXs=";
fetchSubmodules = true;
};

5
pkgs/applications/file-managers/portfolio-filemanager/default.nix
View file

@ -18,7 +18,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "portfolio";
version = "1.0.0";
version = "1.0.1";
format = "other";
@ -26,7 +26,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "tchx84";
repo = "Portfolio";
rev = "v${version}";
hash = "sha256-ahVrOyyF/7X19ZJcHQ4YbC+4b96CPEnns7TUAFCvKao=";
hash = "sha256-IbzAkHlD6duXkPJRSyD9HJ/JHP8+IR7vIGFp2ESbBug=";
};
postPatch = ''
@ -78,6 +78,7 @@ python3.pkgs.buildPythonApplication rec {
changelog = "https://github.com/tchx84/Portfolio/blob/v${version}/CHANGELOG.md";
license = licenses.gpl3Plus;
platforms = platforms.linux;
mainProgram = "dev.tchx84.Portfolio";
maintainers = with maintainers; [ dotlambda chuangzhu ];
};
}

4
pkgs/applications/graphics/cloudcompare/default.nix
View file

@ -23,13 +23,13 @@
mkDerivation rec {
pname = "cloudcompare";
version = "2.12.4";
version = "2.13";
src = fetchFromGitHub {
owner = "CloudCompare";
repo = "CloudCompare";
rev = "v${version}";
sha256 = "sha256-rQ9/vS/fyRWGBL4UGPNSeeNsDtnRHEp9NCViBtu/QEs=";
hash = "sha256-tCmIdajizaTT1tvPA7YQoklfz7pYVKS0lJXrxV2fidg=";
fetchSubmodules = true;
};

4
pkgs/applications/graphics/darktable/default.nix
View file

@ -56,12 +56,12 @@
}:
stdenv.mkDerivation rec {
version = "4.6.0";
version = "4.6.1";
pname = "darktable";
src = fetchurl {
url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
sha256 = "sha256-cksn4yBNGCLebcU+oJCmsc5V98MiJtNGQmiXdcaKrMI=";
sha256 = "sha256-Fu3AoHApPi082k6hDkm9qb3pMuI/nmLi+i56x0rPev0=";
};
nativeBuildInputs = [ cmake ninja llvmPackages.llvm pkg-config intltool perl desktop-file-utils wrapGAppsHook ];

8
pkgs/applications/graphics/drawio/default.nix
View file

@ -13,19 +13,19 @@
stdenv.mkDerivation rec {
pname = "drawio";
version = "22.1.18";
version = "23.1.5";
src = fetchFromGitHub {
owner = "jgraph";
repo = "drawio-desktop";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-qOZm7XbF8QOx5rD5EJY0lJhaq2Yhp/nppOA4BIWheyE=";
hash = "sha256-ThmTahuU0o/vr6h/T/zCyEB5/APJlVA6t1TNfZgqTJ0=";
};
offlineCache = fetchYarnDeps {
yarnLock = src + "/yarn.lock";
hash = "sha256-TwI3NCIn5NnKXuwW5dBl4q6Ma5rZR7NVNb5hoKbmNLM=";
hash = "sha256-hL89WVYy/EQe6Zppmr17Q9T2o/UjBvydDIgGpr7AA5M=";
};
nativeBuildInputs = [
@ -61,7 +61,7 @@ stdenv.mkDerivation rec {
sed -i "/afterSign/d" electron-builder-linux-mac.json
'' + ''
yarn --offline run electron-builder --dir \
--config electron-builder-linux-mac.json \
${if stdenv.isDarwin then "--config electron-builder-linux-mac.json" else ""} \
-c.electronDist=${if stdenv.isDarwin then "." else "${electron}/libexec/electron"} \
-c.electronVersion=${electron.version}

13
pkgs/applications/graphics/hugin/default.nix
View file

@ -2,7 +2,6 @@
, stdenv
, cmake
, fetchurl
, fetchpatch
, gnumake
, makeWrapper
, pkg-config
@ -38,21 +37,13 @@
stdenv.mkDerivation rec {
pname = "hugin";
version = "2022.0.0";
version = "2023.0.0";
src = fetchurl {
url = "mirror://sourceforge/hugin/hugin-${version}.tar.bz2";
hash = "sha256-l8hWKgupp0PguVWkPf3gSLHGDNnl8u4rad4agWRuBac=";
hash = "sha256-BKOfzMYBfgVExjm9IjCUcsV001s0Vcut4fw4cOYxYys=";
};
patches = [
(fetchpatch {
name = "hugin-2022.0.0-exiv2-0.28.patch";
url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/media-gfx/hugin/files/hugin-2022.0.0-exiv2-0.28.patch?id=d18335caa756f5e5c1478d5fe3ba17f011a78c80";
hash = "sha256-Y+79bFb926GW5oLOL0e5y7kLhqU/vZcry+kLL4H2fUE=";
})
];
buildInputs = [
boost
cairo

3
pkgs/applications/graphics/imv/default.nix
View file

@ -16,7 +16,8 @@
, libxkbcommon
, libGLU
, wayland
, withBackends ? [ "freeimage" "libtiff" "libjpeg" "libpng" "librsvg" "libnsgif" "libheif" ]
# "libnsgif" is disabled until https://todo.sr.ht/~exec64/imv/55 is solved
, withBackends ? [ "freeimage" "libtiff" "libjpeg" "libpng" "librsvg" "libheif" ]
, freeimage
, libtiff
, libjpeg_turbo

4
pkgs/applications/graphics/komikku/default.nix
View file

@ -19,7 +19,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "komikku";
version = "1.37.1";
version = "1.38.1";
format = "other";
@ -28,7 +28,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "valos";
repo = "Komikku";
rev = "v${version}";
hash = "sha256-pGOut63+ST1Yqe1Fj0c4cI0du1q4JW7WVA4h+muWGJQ=";
hash = "sha256-eVNW8Iuhee9WBbiXP7ijvd0K44/IpwdrdiT4RkBNcxI=";
};
nativeBuildInputs = [

2
pkgs/applications/kde/angelfish.nix
View file

@ -24,7 +24,7 @@
, srcs
# provided as callPackage input to enable easier overrides through overlays
, cargoSha256 ? "sha256-EXsAvI8dKgCGmLbGr9fdk/F9UwtSfd/aIyqAy5tvFSI="
, cargoSha256 ? "sha256-PSrTo7nGgH0KxA82RlBEwtOu80WMCBeaCxHj3n7SgEE="
}:
mkDerivation rec {

2
pkgs/applications/kde/fetch.sh
View file

@ -1 +1 @@
WGET_ARGS=( https://download.kde.org/stable/release-service/23.08.4/src -A '*.tar.xz' )
WGET_ARGS=( https://download.kde.org/stable/release-service/23.08.5/src -A '*.tar.xz' )

2
pkgs/applications/kde/itinerary.nix
View file

@ -19,6 +19,7 @@
, kunitconversion
, libquotient
, networkmanager-qt
, prison
, qqc2-desktop-style
, qtpositioning
, qtquickcontrols2
@ -53,6 +54,7 @@ mkDerivation {
kunitconversion
libquotient
networkmanager-qt
prison
qqc2-desktop-style
qtpositioning
qtquickcontrols2

1952
pkgs/applications/kde/srcs.nix
View file

File diff suppressed because it is too large Load diff

6
pkgs/applications/misc/cotp/default.nix
View file

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "cotp";
version = "1.3.0";
version = "1.4.4";
src = fetchFromGitHub {
owner = "replydev";
repo = "cotp";
rev = "v${version}";
hash = "sha256-IGk7akmHGQXLHfCCq6GXOIUnh63/sE2Ds+8H91uMKnw=";
hash = "sha256-S2658xkaDshQBYfy8mwuuBAKWGF4j+UYtapqPEf1wP4=";
};
cargoHash = "sha256-2SD62zlWck+DPFs8bQipd8G09134L6LotrzfAiM1Pc8=";
cargoHash = "sha256-DGx/LsKzoITA4extStjULiuiHJx0sTlPloE8h8MvnXQ=";
buildInputs = lib.optionals stdenv.isLinux [ libxcb ]
++ lib.optionals stdenv.isDarwin [ AppKit ];

6
pkgs/applications/misc/dasel/default.nix
View file

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "dasel";
version = "2.5.0";
version = "2.6.0";
src = fetchFromGitHub {
owner = "TomWright";
repo = "dasel";
rev = "v${version}";
hash = "sha256-frd4jNn5uruz9oX40ly/AR5I/uKRIfQ8IjOlIvlsOlY=";
hash = "sha256-4SINZXjTILJDmjv6ubuAhBzBmrXY0gJ0huNM3Y0O7Go=";
};
vendorHash = "sha256-B3d+pbk0smBXqcJnac5he0TZPLiT1cLtz02OAGfqhC0=";
vendorHash = "sha256-G9IdTMF5Lnwq38rdJtuvUjD4RBaSmCYs3g+ETz29Mec=";
ldflags = [
"-s" "-w" "-X github.com/tomwright/dasel/v2/internal.Version=${version}"

2
pkgs/applications/misc/electrum/ltc.nix
View file

@ -136,6 +136,6 @@ python3.pkgs.buildPythonApplication {
homepage = "https://electrum-ltc.org/";
license = licenses.mit;
platforms = platforms.all;
maintainers = with maintainers; [ lourkeur ];
maintainers = with maintainers; [ bbjubjub ];
};
}

6
pkgs/applications/misc/exercism/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "exercism";
version = "3.2.0";
version = "3.3.0";
src = fetchFromGitHub {
owner = "exercism";
repo = "cli";
rev = "refs/tags/v${version}";
hash = "sha256-+DXmbbs9oo667o5P0OVcfBMMIvyBzEAdbrq9i+U7p0k=";
hash = "sha256-Mtb5c1/k8kp7bETOSE0X969BV176jpoprr1/mQ3E4Vg=";
};
vendorHash = "sha256-wQGnGshsRJLe3niHDoyr3BTxbwrV3L66EjJ8x633uHY=";
vendorHash = "sha256-fnsSvbuVGRAndU88su2Ck7mV8QBDhxozdmwI3XGtxcA=";
doCheck = false;

4
pkgs/applications/misc/gallery-dl/default.nix
View file

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "gallery-dl";
version = "1.26.7";
version = "1.26.8";
format = "setuptools";
src = fetchPypi {
inherit version;
pname = "gallery_dl";
sha256 = "sha256-+aoXcxJVBp9nXKS+3+CG7XkDMemSgvExMXtnR2FDhYs=";
sha256 = "sha256-tfNmKgWKr2TGQNgvC/qo2+Dvij4LUL0Zy77mfTcci2k=";
};
propagatedBuildInputs = [

4
pkgs/applications/misc/gpxsee/default.nix
View file

@ -18,13 +18,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "gpxsee";
version = "13.15";
version = "13.16";
src = fetchFromGitHub {
owner = "tumic0";
repo = "GPXSee";
rev = finalAttrs.version;
hash = "sha256-+JxxJKHOCz1Ccii27II4L4owo/qvb7RQ6STqJ+PEEBA=";
hash = "sha256-rw+I7Re1hqZ1k1flIAr7kW8Wst7pVdmFcqtQTg6L/9Y=";
};
buildInputs = [

4
pkgs/applications/misc/jetbrains-toolbox/default.nix
View file

@ -10,11 +10,11 @@
}:
let
pname = "jetbrains-toolbox";
version = "2.1.3.18901";
version = "2.2.1.19765";
src = fetchzip {
url = "https://download.jetbrains.com/toolbox/jetbrains-toolbox-${version}.tar.gz";
sha256 = "sha256-XZEpzzFm0DA6iiPGOKbmsuNlpIlt7Qa2A+jEqU6GqgE=";
sha256 = "sha256-53CsE1hmtys5hNY2V+tskgwKg9jDLrEsYF6iY2fJGHU=";
stripRoot = false;
};

4
pkgs/applications/misc/mainsail/default.nix
View file

@ -5,11 +5,11 @@
stdenvNoCC.mkDerivation rec {
pname = "mainsail";
version = "2.9.1";
version = "2.10.0";
src = fetchzip {
url = "https://github.com/mainsail-crew/mainsail/releases/download/v${version}/mainsail.zip";
hash = "sha256-OrCS+0zfXs72vJbrqjvEaHJWD0ndozfCcHs1N9Gqios=";
hash = "sha256-5bRmM/BXI0Afe7UK6avh5aWFXkYF4MsUG71uYUc5JlA=";
stripRoot = false;
};

6
pkgs/applications/misc/owmods-cli/default.nix
View file

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "owmods-cli";
version = "0.12.1";
version = "0.12.2";
src = fetchFromGitHub {
owner = "ow-mods";
repo = "ow-mod-man";
rev = "cli_v${version}";
hash = "sha256-hvzKTJKjO7MafvnrpG9ZkCz1ePr9NCo54zaRRkRCc60=";
hash = "sha256-AfqpLL3cGZLKW5/BE6SaBe4S8GzYM2GKUZU8mFH5uX4=";
};
cargoHash = "sha256-db6wZs7OVPoESl4RnvOtmaM07FgKmko3nyf1CXzyJHA=";
cargoHash = "sha256-PhdfpiUgeOB13ROgzPBYM+sBLGMP+RtV9j9ebo8PpJU=";
nativeBuildInputs = [
pkg-config

6
pkgs/applications/misc/oxker/default.nix
View file

@ -2,14 +2,14 @@
rustPlatform.buildRustPackage rec {
pname = "oxker";
version = "0.6.0";
version = "0.6.1";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-s1PVm5RBqHe5XVHt5Wgm05+6xXJYnMU9QO7Z8567oKk=";
sha256 = "sha256-cUM9+6BZcsrb850fm5mFWpo7/JmxwNDh+upHeE7+DU8=";
};
cargoHash = "sha256-zZFys59vEiGfB9NlAY5yjHBeXf8zQ3npFF7sg2SQTwU=";
cargoHash = "sha256-sFBI/+7oGjjUyr3PBkkqdgprGdcaYHtOvqFpkrF4Qx8=";
meta = with lib; {
description = "A simple tui to view & control docker containers";

4
pkgs/applications/misc/phoc/default.nix
View file

@ -24,12 +24,12 @@
stdenv.mkDerivation (finalAttrs: {
pname = "phoc";
version = "0.35.0";
version = "0.36.0";
src = fetchurl {
# This tarball includes the meson wrapped subproject 'gmobile'.
url = with finalAttrs; "https://sources.phosh.mobi/releases/${pname}/${pname}-${version}.tar.xz";
hash = "sha256-q2wyM0R7Mi/XuckNb6ZDkStaV9yJH1BgJ4cjqQc6EI4=";
hash = "sha256-eAKHboICsuQ4lecxnnZ8+hZjt5l1DDQbfuwypDYtdKk=";
};
nativeBuildInputs = [

56
pkgs/applications/misc/plots/default.nix
View file

@ -1,12 +1,13 @@
{ fetchFromGitHub
{ lib
, fetchFromGitHub
, python3Packages
, gobject-introspection
, lib
, libadwaita
, python3
, wrapGAppsHook
, lmmath
}:
python3.pkgs.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
pname = "plots";
version = "0.8.5";
@ -17,36 +18,21 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-GjNpaorxkkhZsqrKq4kO5nqF5+4I4tmSc023AZpY8Sw=";
};
nativeBuildInputs = [
gobject-introspection
wrapGAppsHook
nativeBuildInputs = [ gobject-introspection wrapGAppsHook ];
buildInputs = [ libadwaita ];
propagatedBuildInputs = with python3Packages; [
pygobject3
numpy
lark
jinja2
freetype-py
pyopengl
pycairo
pyglm
];
propagatedBuildInputs = [
libadwaita
(python3.withPackages (p: with p; [
numpy
pygobject3
lark
jinja2
freetype-py
pyopengl
pycairo
pyglm
]))
];
nativeCheckInputs = [
(python3.withPackages (p: with p; [
pytest
]))
];
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
nativeCheckInputs = with python3Packages; [ pytest ];
postInstall = ''
install -D ${lmmath}/share/fonts/opentype/latinmodern-math.otf -t $out/share/fonts/
@ -62,6 +48,12 @@ python3.pkgs.buildPythonApplication rec {
done
'';
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
description = "Graph plotting app for GNOME";
longDescription = ''

25
pkgs/applications/misc/qcad/default.nix
View file

@ -18,14 +18,14 @@
mkDerivation rec {
pname = "qcad";
version = "3.29.3.1";
version = "3.29.4.1";
src = fetchFromGitHub {
name = "qcad-${version}-src";
owner = "qcad";
repo = "qcad";
rev = "v${version}";
sha256 = "sha256-QPBiEoOseNUzAWQHPEBq6O0jg8ed5dH+8xlyRCct0g4=";
hash = "sha256-00lPgiE3hsP3SL96ygBP91CaAWi1IGOYUO7zC/ORG1U=";
};
patches = [
@ -65,23 +65,23 @@ mkDerivation rec {
"MUPARSER_DIR=${muparser}"
"INSTALLROOT=$(out)"
"BOOST_DIR=${boost.dev}"
"QMAKE_CXXFLAGS=-std=c++14"
];
qtWrapperArgs =
lib.optionals stdenv.isLinux [ "--prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib" ]
++
lib.optionals stdenv.isDarwin [ "--prefix DYLD_LIBRARY_PATH : ${placeholder "out"}/lib" ];
qtWrapperArgs = lib.optionals stdenv.isLinux [
"--prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib"
] ++ lib.optionals stdenv.isDarwin [
"--prefix DYLD_LIBRARY_PATH : ${placeholder "out"}/lib"
];
installPhase = ''
runHook preInstall
'' + lib.optionalString stdenv.isLinux ''
install -Dm555 release/qcad-bin $out/bin/qcad
'' + lib.optionalString stdenv.isDarwin ''
install -Dm555 release/QCAD.app/Contents/MacOS/QCAD $out/bin/qcad
mkdir -p $out/lib
'' +
''
'' + ''
install -Dm555 -t $out/lib release/libspatialindexnavel${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadcore${stdenv.hostPlatform.extensions.sharedLibrary}
install -Dm555 -t $out/lib release/libqcadentity${stdenv.hostPlatform.extensions.sharedLibrary}
@ -121,11 +121,12 @@ mkDerivation rec {
runHook postInstall
'';
meta = with lib; {
meta = {
description = "2D CAD package based on Qt";
homepage = "https://qcad.org";
license = licenses.gpl3Only;
maintainers = with maintainers; [ yvesf ];
license = lib.licenses.gpl3Only;
mainProgram = "qcad";
maintainers = with lib.maintainers; [ yvesf ];
platforms = qtbase.meta.platforms;
};
}

4
pkgs/applications/misc/solaar/default.nix
View file

@ -14,13 +14,13 @@
# instead of adding this to `services.udev.packages` on NixOS,
python3Packages.buildPythonApplication rec {
pname = "solaar";
version = "1.1.10";
version = "1.1.11";
src = fetchFromGitHub {
owner = "pwr-Solaar";
repo = "Solaar";
rev = "refs/tags/${version}";
hash = "sha256-cs1kj/spZtMUL9aUtBHINAH7uyjMSn9jRDF/hRPzIbo=";
hash = "sha256-fVWfV7rEu/knysWUrPeokBBlSGnvNlpiptAd1M7ZVd8=";
};
outputs = [ "out" "udev" ];

4
pkgs/applications/misc/tippecanoe/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "tippecanoe";
version = "2.43.0";
version = "2.45.0";
src = fetchFromGitHub {
owner = "felt";
repo = "tippecanoe";
rev = finalAttrs.version;
hash = "sha256-qJB3Y4UaSmSsDbT/EB+aQSvJj8+yYkI3sQR2UOjilfE=";
hash = "sha256-LsXK3qcS7x0FHJH5QQ0rM/h+jFSnkwa8mUbHKgcQ6NU=";
};
buildInputs = [ sqlite zlib ];

Some files were not shown because too many files have changed in this diff Show more