Merge master into staging-next
This commit is contained in:
commit
a3ba713cd4
14 changed files with 143 additions and 65 deletions
|
@ -55,6 +55,7 @@ let
|
|||
concatMapStringsSep
|
||||
concatStringsSep
|
||||
escapeNixString
|
||||
hasInfix
|
||||
isCoercibleToString
|
||||
;
|
||||
inherit (lib.trivial)
|
||||
|
@ -360,6 +361,11 @@ rec {
|
|||
deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types.";
|
||||
};
|
||||
|
||||
passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
|
||||
name = "passwdEntry ${entryType.name}";
|
||||
description = "${entryType.description}, not containing newlines or colons";
|
||||
};
|
||||
|
||||
attrs = mkOptionType {
|
||||
name = "attrs";
|
||||
description = "attribute set";
|
||||
|
|
|
@ -6,12 +6,6 @@ let
|
|||
ids = config.ids;
|
||||
cfg = config.users;
|
||||
|
||||
isPasswdCompatible = str: !(hasInfix ":" str || hasInfix "\n" str);
|
||||
passwdEntry = type: lib.types.addCheck type isPasswdCompatible // {
|
||||
name = "passwdEntry ${type.name}";
|
||||
description = "${type.description}, not containing newlines or colons";
|
||||
};
|
||||
|
||||
# Check whether a password hash will allow login.
|
||||
allowsLogin = hash:
|
||||
hash == "" # login without password
|
||||
|
@ -60,7 +54,7 @@ let
|
|||
options = {
|
||||
|
||||
name = mkOption {
|
||||
type = passwdEntry types.str;
|
||||
type = types.passwdEntry types.str;
|
||||
apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
|
||||
description = ''
|
||||
The name of the user account. If undefined, the name of the
|
||||
|
@ -69,7 +63,7 @@ let
|
|||
};
|
||||
|
||||
description = mkOption {
|
||||
type = passwdEntry types.str;
|
||||
type = types.passwdEntry types.str;
|
||||
default = "";
|
||||
example = "Alice Q. User";
|
||||
description = ''
|
||||
|
@ -134,7 +128,7 @@ let
|
|||
};
|
||||
|
||||
home = mkOption {
|
||||
type = passwdEntry types.path;
|
||||
type = types.passwdEntry types.path;
|
||||
default = "/var/empty";
|
||||
description = "The user's home directory.";
|
||||
};
|
||||
|
@ -169,7 +163,7 @@ let
|
|||
};
|
||||
|
||||
shell = mkOption {
|
||||
type = types.nullOr (types.either types.shellPackage (passwdEntry types.path));
|
||||
type = types.nullOr (types.either types.shellPackage (types.passwdEntry types.path));
|
||||
default = pkgs.shadow;
|
||||
defaultText = literalExpression "pkgs.shadow";
|
||||
example = literalExpression "pkgs.bashInteractive";
|
||||
|
@ -349,7 +343,7 @@ let
|
|||
options = {
|
||||
|
||||
name = mkOption {
|
||||
type = passwdEntry types.str;
|
||||
type = types.passwdEntry types.str;
|
||||
description = ''
|
||||
The name of the group. If undefined, the name of the attribute set
|
||||
will be used.
|
||||
|
|
|
@ -44,7 +44,13 @@ let
|
|||
transport_file_type: hash
|
||||
'';
|
||||
|
||||
mailmanCfg = lib.generators.toINI {} cfg.settings;
|
||||
mailmanCfg = lib.generators.toINI {}
|
||||
(recursiveUpdate cfg.settings
|
||||
((optionalAttrs (cfg.restApiPassFile != null) {
|
||||
webservice.admin_pass = "#NIXOS_MAILMAN_REST_API_PASS_SECRET#";
|
||||
})));
|
||||
|
||||
mailmanCfgFile = pkgs.writeText "mailman-raw.cfg" mailmanCfg;
|
||||
|
||||
mailmanHyperkittyCfg = pkgs.writeText "mailman-hyperkitty.cfg" ''
|
||||
[general]
|
||||
|
@ -247,6 +253,14 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
restApiPassFile = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
description = ''
|
||||
Path to the file containing the value for <literal>MAILMAN_REST_API_PASS</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
serve = {
|
||||
enable = mkEnableOption "Automatic nginx and uwsgi setup for mailman-web";
|
||||
};
|
||||
|
@ -363,8 +377,6 @@ in {
|
|||
};
|
||||
users.groups.mailman = {};
|
||||
|
||||
environment.etc."mailman.cfg".text = mailmanCfg;
|
||||
|
||||
environment.etc."mailman3/settings.py".text = ''
|
||||
import os
|
||||
|
||||
|
@ -383,6 +395,11 @@ in {
|
|||
with open('/var/lib/mailman-web/settings_local.json') as f:
|
||||
globals().update(json.load(f))
|
||||
|
||||
${optionalString (cfg.restApiPassFile != null) ''
|
||||
with open('${cfg.restApiPassFile}') as f:
|
||||
MAILMAN_REST_API_PASS = f.read().rstrip('\n')
|
||||
''}
|
||||
|
||||
${optionalString (cfg.ldap.enable) ''
|
||||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch, ${cfg.ldap.groupSearch.type}
|
||||
|
@ -456,7 +473,7 @@ in {
|
|||
after = [ "network.target" ]
|
||||
++ lib.optional cfg.enablePostfix "postfix-setup.service"
|
||||
++ lib.optional withPostgresql "postgresql.service";
|
||||
restartTriggers = [ config.environment.etc."mailman.cfg".source ];
|
||||
restartTriggers = [ mailmanCfgFile ];
|
||||
requires = optional withPostgresql "postgresql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
|
@ -480,6 +497,14 @@ in {
|
|||
requires = optional withPostgresql "postgresql.service";
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
install -m0750 -o mailman -g mailman ${mailmanCfgFile} /etc/mailman.cfg
|
||||
${optionalString (cfg.restApiPassFile != null) ''
|
||||
${pkgs.replace-secret}/bin/replace-secret \
|
||||
'#NIXOS_MAILMAN_REST_API_PASS_SECRET#' \
|
||||
${cfg.restApiPassFile} \
|
||||
/etc/mailman.cfg
|
||||
''}
|
||||
|
||||
mailmanDir=/var/lib/mailman
|
||||
mailmanWebDir=/var/lib/mailman-web
|
||||
|
||||
|
@ -560,7 +585,7 @@ in {
|
|||
mailman-daily = {
|
||||
description = "Trigger daily Mailman events";
|
||||
startAt = "daily";
|
||||
restartTriggers = [ config.environment.etc."mailman.cfg".source ];
|
||||
restartTriggers = [ mailmanCfgFile ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${mailmanEnv}/bin/mailman digests --send";
|
||||
User = "mailman";
|
||||
|
|
|
@ -8,21 +8,22 @@ let
|
|||
|
||||
pkg = cfg.package.override (optionalAttrs cfg.sso.enable {
|
||||
enableSSO = cfg.sso.enable;
|
||||
crowdProperties = ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password ${cfg.sso.applicationPassword}
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
});
|
||||
|
||||
crowdProperties = pkgs.writeText "crowd.properties" ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password ${if cfg.sso.applicationPassword != null then cfg.sso.applicationPassword else "@NIXOS_CONFLUENCE_CROWD_SSO_PWD@"}
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -107,10 +108,17 @@ in
|
|||
};
|
||||
|
||||
applicationPassword = mkOption {
|
||||
type = types.str;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Application password of this Confluence instance in Crowd";
|
||||
};
|
||||
|
||||
applicationPasswordFile = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "Path to the application password for Crowd of Confluence.";
|
||||
};
|
||||
|
||||
validationInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 2;
|
||||
|
@ -147,6 +155,16 @@ in
|
|||
group = cfg.group;
|
||||
};
|
||||
|
||||
assertions = [
|
||||
{ assertion = cfg.sso.enable -> ((cfg.sso.applicationPassword == null) != (cfg.sso.applicationPasswordFile));
|
||||
message = "Please set either applicationPassword or applicationPasswordFile";
|
||||
}
|
||||
];
|
||||
|
||||
warnings = mkIf (cfg.sso.enable && cfg.sso.applicationPassword != null) [
|
||||
"Using `services.confluence.sso.applicationPassword` is deprecated! Use `applicationPasswordFile` instead!"
|
||||
];
|
||||
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
@ -173,6 +191,7 @@ in
|
|||
CONF_USER = cfg.user;
|
||||
JAVA_HOME = "${cfg.jrePackage}";
|
||||
CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
|
||||
JAVA_OPTS = mkIf cfg.sso.enable "-Dcrowd.properties=${cfg.home}/crowd.properties";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
|
@ -183,6 +202,16 @@ in
|
|||
-e 's,protocol="org.apache.coyote.http11.Http11NioProtocol",protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}",' \
|
||||
'') + ''
|
||||
${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml
|
||||
|
||||
${optionalString cfg.sso.enable ''
|
||||
install -m660 ${crowdProperties} ${cfg.home}/crowd.properties
|
||||
${optionalString (cfg.sso.applicationPasswordFile != null) ''
|
||||
${pkgs.replace-secret}/bin/replace-secret \
|
||||
'@NIXOS_CONFLUENCE_CROWD_SSO_PWD@' \
|
||||
${cfg.sso.applicationPasswordFile} \
|
||||
${cfg.home}/crowd.properties
|
||||
''}
|
||||
''}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
|
|
|
@ -192,7 +192,7 @@ in {
|
|||
};
|
||||
|
||||
emergencyAccess = mkOption {
|
||||
type = with types; oneOf [ bool singleLineStr ];
|
||||
type = with types; oneOf [ bool (nullOr (passwdEntry str)) ];
|
||||
visible = false;
|
||||
description = ''
|
||||
Set to true for unauthenticated emergency access, and false for
|
||||
|
|
|
@ -5,16 +5,16 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "lightning-loop";
|
||||
version = "0.19.1-beta";
|
||||
version = "0.20.0-beta";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lightninglabs";
|
||||
repo = "loop";
|
||||
rev = "v${version}";
|
||||
sha256 = "08jn1ybh9l9qy4j9b3psvgk7b869aaabpxh73v81980qflb9snnc";
|
||||
sha256 = "1nx7i4i96982z756r79655hjf0yyz5l9lqjkvyvb62pbzqgm6my8";
|
||||
};
|
||||
|
||||
vendorSha256 = "0wirlf43jl888bh2qxis1ihsr1g2lp2rx7p100dsb3imqbm25q3b";
|
||||
vendorSha256 = "0gp89fw6g8mz2ifn9wcbj84dgm736cspfxj2x34b524l2d8wz3lb";
|
||||
|
||||
subPackages = [ "cmd/loop" "cmd/loopd" ];
|
||||
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
url_hint = callPackage ./url_hint { };
|
||||
|
||||
weechat-grep = callPackage ./weechat-grep { };
|
||||
|
||||
weechat-matrix-bridge = callPackage ./weechat-matrix-bridge {
|
||||
inherit (luaPackages) cjson luaffi;
|
||||
};
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "weechat-autosort";
|
||||
version = "3.8";
|
||||
version = "3.9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "de-vri-es";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "0a2gc8nhklvlivradhqy2pkymsqyy01pvzrmwg60cln8snmcqpd5";
|
||||
rev = "d62fa8633015ebc2676060fcdae88c402977be46";
|
||||
sha256 = "sha256-doYDRIWiuHam2i3r3J3BZuWEhopoN4jms/xPXGyypok=";
|
||||
};
|
||||
|
||||
passthru.scripts = [ "autosort.py" ];
|
||||
|
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
|
|||
meta = with lib; {
|
||||
description = "Autosort is a weechat script to automatically or manually keep your buffers sorted";
|
||||
homepage = "https://github.com/de-vri-es/weechat-autosort";
|
||||
license = licenses.gpl3;
|
||||
maintainers = with maintainers; [ emily ];
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ emily flokli ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
{ lib, stdenv, fetchurl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "weechat-grep";
|
||||
version = "0.8.5";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/weechat/scripts/raw/5ee93d56f371c829d2798a5446a14292c180f70b/python/grep.py";
|
||||
sha256 = "sha256-EVcoxjTTjXOYD8DppD+IULxpKerEdolmlgphrulFGC0=";
|
||||
};
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share
|
||||
cp $src $out/share/grep.py
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
scripts = [ "grep.py" ];
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Search in Weechat buffers and logs (for Weechat 0.3.*)";
|
||||
homepage = "https://github.com/weechat/scripts/blob/master/python/grep.py";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ flokli ];
|
||||
};
|
||||
}
|
|
@ -2,26 +2,14 @@
|
|||
, xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "3.14.8";
|
||||
version = "3.14.10";
|
||||
pname = "libdigidocpp";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
|
||||
sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=";
|
||||
hash = "sha256-n/+R4ho1Qcft3YSKE12oxZjbFHAsUDwoLFNuk5GXf5c=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
# fix runtime crashes when signing with OpenSSL>1.1.1l
|
||||
# https://github.com/open-eid/libdigidocpp/issues/474 asks for a new release
|
||||
url = "https://github.com/open-eid/libdigidocpp/commit/42a8cfd834c10bdd206fe784a13217df222b1c8e.patch";
|
||||
sha256 = "sha256-o3ZT0dXhIu79C5ZR+2HPdLMZ3YwPG1v3vly5bseuxtU=";
|
||||
excludes = [
|
||||
".github/workflows/build.yml" # failed hunk
|
||||
];
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config xxd ];
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -10,14 +10,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "jupyterlab";
|
||||
version = "3.4.3";
|
||||
version = "3.4.4";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-4tzEDpQ2bd5d5LGejEPuEzzwQbhS0Bo2JafPKVMtpJ0=";
|
||||
sha256 = "sha256-WioP3SK9hiitRbYY41IDh8MqSBjjrxEtutH2STBN/CA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -23,14 +23,12 @@
|
|||
|
||||
buildPythonApplication rec {
|
||||
pname = "python-manilaclient";
|
||||
version = "3.4.0";
|
||||
version = "4.0.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-F41/k7NJigwFNw2946sj3dZDKDH+PkgOjkml9t3Mgtw=";
|
||||
hash = "sha256-TEGzUNgYTkb2VrvW2E3lurD6N1XcIhH2tjmPlsJ/5MI=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -6,7 +6,14 @@
|
|||
|
||||
assert withMysql -> (mysql_jdbc != null);
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
let
|
||||
optionalWarning = cond: msg:
|
||||
if cond then lib.warn msg
|
||||
else lib.id;
|
||||
in
|
||||
|
||||
optionalWarning (crowdProperties != null) "Using `crowdProperties` is deprecated!"
|
||||
(stdenvNoCC.mkDerivation rec {
|
||||
pname = "atlassian-confluence";
|
||||
version = "7.18.1";
|
||||
|
||||
|
@ -45,6 +52,6 @@ stdenvNoCC.mkDerivation rec {
|
|||
homepage = "https://www.atlassian.com/software/confluence";
|
||||
sourceProvenance = with sourceTypes; [ binaryBytecode ];
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ fpletz globin willibutz ciil techknowlogick ];
|
||||
maintainers = with maintainers; [ fpletz globin willibutz ciil techknowlogick ma27 ];
|
||||
};
|
||||
}
|
||||
})
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "vimv-rs";
|
||||
version = "1.7.5";
|
||||
version = "1.7.7";
|
||||
|
||||
src = fetchCrate {
|
||||
inherit version;
|
||||
crateName = "vimv";
|
||||
sha256 = "sha256-VOHQLdwJ6c8KB/IjMDZe9/pNHmLuouNggIK8uJPu+NQ=";
|
||||
sha256 = "sha256-Y8xFoI/1zpaeT9jMuOME/g2vTLenhNSwGepncc1Ji+0=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-qXT44h4f4Zw1bi/gblczxehA6hqLLjQBpSwVpYd0PE4=";
|
||||
cargoHash = "sha256-yJHOeIjbWQTxLkkVv+YALrAhP5HBZpmbPDiLd+/bWZA=";
|
||||
|
||||
buildInputs = lib.optionals stdenv.isDarwin [ Foundation ];
|
||||
|
||||
|
|
Loading…
Reference in a new issue