commit 045f0259febde0ca2e4c55f87f5f09609558aa09 · pyrox.dev/nixpkgs

+3

nixos/doc/manual/release-notes/rl-2311.section.md

··· 24 25 - [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as [services.guacamole-server](#opt-services.guacamole-server.enable) and [services.guacamole-client](#opt-services.guacamole-client.enable) services. 26 27 - [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable). 28 29 - [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics. 30 31 - [ebusd](https://ebusd.eu), a daemon for handling communication with eBUS devices connected to a 2-wire bus system (“energy bus” used by numerous heating systems). Available as [services.ebusd](#opt-services.ebusd.enable). 32 33 ## Backward Incompatibilities {#sec-release-23.11-incompatibilities} 34

··· 24 25 - [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as [services.guacamole-server](#opt-services.guacamole-server.enable) and [services.guacamole-client](#opt-services.guacamole-client.enable) services. 26 27 + - [pgBouncer](https://www.pgbouncer.org), a PostgreSQL connection pooler. Available as [services.pgbouncer](#opt-services.pgbouncer.enable). 28 + 29 - [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable). 30 31 - [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics. 32 33 - [ebusd](https://ebusd.eu), a daemon for handling communication with eBUS devices connected to a 2-wire bus system (“energy bus” used by numerous heating systems). Available as [services.ebusd](#opt-services.ebusd.enable). 34 + 35 36 ## Backward Incompatibilities {#sec-release-23.11-incompatibilities} 37

+1

nixos/modules/module-list.nix

··· 418 ./services/databases/neo4j.nix 419 ./services/databases/openldap.nix 420 ./services/databases/opentsdb.nix 421 ./services/databases/pgmanage.nix 422 ./services/databases/postgresql.nix 423 ./services/databases/redis.nix

··· 418 ./services/databases/neo4j.nix 419 ./services/databases/openldap.nix 420 ./services/databases/opentsdb.nix 421 + ./services/databases/pgbouncer.nix 422 ./services/databases/pgmanage.nix 423 ./services/databases/postgresql.nix 424 ./services/databases/redis.nix

+1 -1

nixos/modules/services/backup/borgbackup.nix

··· 33 } 34 trap on_exit EXIT 35 36 - archiveName="${if cfg.archiveBaseName == null then "" else cfg.archiveBaseName + "-"}$(date ${cfg.dateFormat})" 37 archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}" 38 ${cfg.preHook} 39 '' + optionalString cfg.doInit ''

··· 33 } 34 trap on_exit EXIT 35 36 + archiveName="${optionalString (cfg.archiveBaseName != null) (cfg.archiveBaseName + "-")}$(date ${cfg.dateFormat})" 37 archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}" 38 ${cfg.preHook} 39 '' + optionalString cfg.doInit ''

+2 -4

nixos/modules/services/continuous-integration/jenkins/default.nix

··· 210 211 preStart = 212 let replacePlugins = 213 - if cfg.plugins == null 214 - then "" 215 - else 216 let pluginCmds = lib.attrsets.mapAttrsToList 217 (n: v: "cp ${v} ${cfg.home}/plugins/${n}.jpi") 218 cfg.plugins; ··· 220 rm -r ${cfg.home}/plugins || true 221 mkdir -p ${cfg.home}/plugins 222 ${lib.strings.concatStringsSep "\n" pluginCmds} 223 - ''; 224 in '' 225 rm -rf ${cfg.home}/war 226 ${replacePlugins}

··· 210 211 preStart = 212 let replacePlugins = 213 + optionalString (cfg.plugins != null) ( 214 let pluginCmds = lib.attrsets.mapAttrsToList 215 (n: v: "cp ${v} ${cfg.home}/plugins/${n}.jpi") 216 cfg.plugins; ··· 218 rm -r ${cfg.home}/plugins || true 219 mkdir -p ${cfg.home}/plugins 220 ${lib.strings.concatStringsSep "\n" pluginCmds} 221 + ''); 222 in '' 223 rm -rf ${cfg.home}/war 224 ${replacePlugins}

+632

nixos/modules/services/databases/pgbouncer.nix

···

··· 1 + { lib, pkgs, config, ... } : 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.pgbouncer; 7 + 8 + confFile = pkgs.writeTextFile { 9 + name = "pgbouncer.ini"; 10 + text = '' 11 + [databases] 12 + ${concatStringsSep "\n" 13 + (mapAttrsToList (dbname : settings : "${dbname} = ${settings}") cfg.databases)} 14 + 15 + [users] 16 + ${concatStringsSep "\n" 17 + (mapAttrsToList (username : settings : "${username} = ${settings}") cfg.users)} 18 + 19 + [peers] 20 + ${concatStringsSep "\n" 21 + (mapAttrsToList (peerid : settings : "${peerid} = ${settings}") cfg.peers)} 22 + 23 + [pgbouncer] 24 + # general 25 + ${optionalString (cfg.ignoreStartupParameters != null) "ignore_startup_parameters = ${cfg.ignoreStartupParameters}"} 26 + listen_port = ${toString cfg.listenPort} 27 + ${optionalString (cfg.listenAddress != null) "listen_addr = ${cfg.listenAddress}"} 28 + pool_mode = ${cfg.poolMode} 29 + max_client_conn = ${toString cfg.maxClientConn} 30 + default_pool_size = ${toString cfg.defaultPoolSize} 31 + max_user_connections = ${toString cfg.maxUserConnections} 32 + max_db_connections = ${toString cfg.maxDbConnections} 33 + 34 + #auth 35 + auth_type = ${cfg.authType} 36 + ${optionalString (cfg.authHbaFile != null) "auth_hba_file = ${cfg.authHbaFile}"} 37 + ${optionalString (cfg.authFile != null) "auth_file = ${cfg.authFile}"} 38 + ${optionalString (cfg.authUser != null) "auth_user = ${cfg.authUser}"} 39 + ${optionalString (cfg.authQuery != null) "auth_query = ${cfg.authQuery}"} 40 + ${optionalString (cfg.authDbname != null) "auth_dbname = ${cfg.authDbname}"} 41 + 42 + # TLS 43 + ${optionalString (cfg.tls.client != null) '' 44 + client_tls_sslmode = ${cfg.tls.client.sslmode} 45 + client_tls_key_file = ${cfg.tls.client.keyFile} 46 + client_tls_cert_file = ${cfg.tls.client.certFile} 47 + client_tls_ca_file = ${cfg.tls.client.caFile} 48 + ''} 49 + ${optionalString (cfg.tls.server != null) '' 50 + server_tls_sslmode = ${cfg.tls.server.sslmode} 51 + server_tls_key_file = ${cfg.tls.server.keyFile} 52 + server_tls_cert_file = ${cfg.tls.server.certFile} 53 + server_tls_ca_file = ${cfg.tls.server.caFile} 54 + ''} 55 + 56 + # log 57 + ${optionalString (cfg.logFile != null) "logfile = ${cfg.homeDir}/${cfg.logFile}"} 58 + ${optionalString (cfg.syslog != null) '' 59 + syslog = ${if cfg.syslog.enable then "1" else "0"} 60 + syslog_ident = ${cfg.syslog.syslogIdent} 61 + syslog_facility = ${cfg.syslog.syslogFacility} 62 + ''} 63 + ${optionalString (cfg.verbose != null) "verbose = ${toString cfg.verbose}"} 64 + 65 + # console access 66 + ${optionalString (cfg.adminUsers != null) "admin_users = ${cfg.adminUsers}"} 67 + ${optionalString (cfg.statsUsers != null) "stats_users = ${cfg.statsUsers}"} 68 + 69 + # linux 70 + pidfile = /run/pgbouncer/pgbouncer.pid 71 + 72 + # extra 73 + ${cfg.extraConfig} 74 + ''; 75 + }; 76 + 77 + in { 78 + 79 + options.services.pgbouncer = { 80 + 81 + # NixOS settings 82 + 83 + enable = mkEnableOption (lib.mdDoc "PostgreSQL connection pooler"); 84 + 85 + package = mkOption { 86 + type = types.package; 87 + default = pkgs.pgbouncer; 88 + defaultText = literalExpression "pkgs.pgbouncer"; 89 + description = lib.mdDoc '' 90 + The pgbouncer package to use. 91 + ''; 92 + }; 93 + 94 + openFirewall = mkOption { 95 + type = types.bool; 96 + default = false; 97 + description = lib.mdDoc '' 98 + Whether to automatically open the specified TCP port in the firewall. 99 + ''; 100 + }; 101 + 102 + # Generic settings 103 + 104 + logFile = mkOption { 105 + type = types.nullOr types.str; 106 + default = "pgbouncer.log"; 107 + description = lib.mdDoc '' 108 + Specifies the log file. 109 + Either this or syslog has to be specified. 110 + ''; 111 + }; 112 + 113 + listenAddress = mkOption { 114 + type = types.nullOr types.commas; 115 + example = "*"; 116 + default = null; 117 + description = lib.mdDoc '' 118 + Specifies a list (comma-separated) of addresses where to listen for TCP connections. 119 + You may also use * meaning “listen on all addresses”. 120 + When not set, only Unix socket connections are accepted. 121 + 122 + Addresses can be specified numerically (IPv4/IPv6) or by name. 123 + ''; 124 + }; 125 + 126 + listenPort = mkOption { 127 + type = types.port; 128 + default = 6432; 129 + description = lib.mdDoc '' 130 + Which port to listen on. Applies to both TCP and Unix sockets. 131 + ''; 132 + }; 133 + 134 + poolMode = mkOption { 135 + type = types.enum [ "session" "transaction" "statement" ]; 136 + default = "session"; 137 + description = lib.mdDoc '' 138 + Specifies when a server connection can be reused by other clients. 139 + 140 + session 141 + Server is released back to pool after client disconnects. Default. 142 + transaction 143 + Server is released back to pool after transaction finishes. 144 + statement 145 + Server is released back to pool after query finishes. 146 + Transactions spanning multiple statements are disallowed in this mode. 147 + ''; 148 + }; 149 + 150 + maxClientConn = mkOption { 151 + type = types.int; 152 + default = 100; 153 + description = lib.mdDoc '' 154 + Maximum number of client connections allowed. 155 + 156 + When this setting is increased, then the file descriptor limits in the operating system 157 + might also have to be increased. Note that the number of file descriptors potentially 158 + used is more than maxClientConn. If each user connects under its own user name to the server, 159 + the theoretical maximum used is: 160 + maxClientConn + (max pool_size * total databases * total users) 161 + 162 + If a database user is specified in the connection string (all users connect under the same user name), 163 + the theoretical maximum is: 164 + maxClientConn + (max pool_size * total databases) 165 + 166 + The theoretical maximum should never be reached, unless somebody deliberately crafts a special load for it. 167 + Still, it means you should set the number of file descriptors to a safely high number. 168 + ''; 169 + }; 170 + 171 + defaultPoolSize = mkOption { 172 + type = types.int; 173 + default = 20; 174 + description = lib.mdDoc '' 175 + How many server connections to allow per user/database pair. 176 + Can be overridden in the per-database configuration. 177 + ''; 178 + }; 179 + 180 + maxDbConnections = mkOption { 181 + type = types.int; 182 + default = 0; 183 + description = lib.mdDoc '' 184 + Do not allow more than this many server connections per database (regardless of user). 185 + This considers the PgBouncer database that the client has connected to, 186 + not the PostgreSQL database of the outgoing connection. 187 + 188 + This can also be set per database in the [databases] section. 189 + 190 + Note that when you hit the limit, closing a client connection to one pool will 191 + not immediately allow a server connection to be established for another pool, 192 + because the server connection for the first pool is still open. 193 + Once the server connection closes (due to idle timeout), 194 + a new server connection will immediately be opened for the waiting pool. 195 + 196 + 0 = unlimited 197 + ''; 198 + }; 199 + 200 + maxUserConnections = mkOption { 201 + type = types.int; 202 + default = 0; 203 + description = lib.mdDoc '' 204 + Do not allow more than this many server connections per user (regardless of database). 205 + This considers the PgBouncer user that is associated with a pool, 206 + which is either the user specified for the server connection 207 + or in absence of that the user the client has connected as. 208 + 209 + This can also be set per user in the [users] section. 210 + 211 + Note that when you hit the limit, closing a client connection to one pool 212 + will not immediately allow a server connection to be established for another pool, 213 + because the server connection for the first pool is still open. 214 + Once the server connection closes (due to idle timeout), a new server connection 215 + will immediately be opened for the waiting pool. 216 + 217 + 0 = unlimited 218 + ''; 219 + }; 220 + 221 + ignoreStartupParameters = mkOption { 222 + type = types.nullOr types.commas; 223 + example = "extra_float_digits"; 224 + default = null; 225 + description = lib.mdDoc '' 226 + By default, PgBouncer allows only parameters it can keep track of in startup packets: 227 + client_encoding, datestyle, timezone and standard_conforming_strings. 228 + 229 + All others parameters will raise an error. 230 + To allow others parameters, they can be specified here, so that PgBouncer knows that 231 + they are handled by the admin and it can ignore them. 232 + 233 + If you need to specify multiple values, use a comma-separated list. 234 + 235 + IMPORTANT: When using prometheus-pgbouncer-exporter, you need: 236 + extra_float_digits 237 + <https://github.com/prometheus-community/pgbouncer_exporter#pgbouncer-configuration> 238 + ''; 239 + }; 240 + 241 + # Section [databases] 242 + databases = mkOption { 243 + type = types.attrsOf types.str; 244 + default = {}; 245 + example = { 246 + exampledb = "host=/run/postgresql/ port=5432 auth_user=exampleuser dbname=exampledb sslmode=require"; 247 + bardb = "host=localhost dbname=bazdb"; 248 + foodb = "host=host1.example.com port=5432"; 249 + }; 250 + description = lib.mdDoc '' 251 + Detailed information about PostgreSQL database definitions: 252 + <https://www.pgbouncer.org/config.html#section-databases> 253 + ''; 254 + }; 255 + 256 + # Section [users] 257 + users = mkOption { 258 + type = types.attrsOf types.str; 259 + default = {}; 260 + example = { 261 + user1 = "pool_mode=session"; 262 + }; 263 + description = lib.mdDoc '' 264 + Optional. 265 + 266 + Detailed information about PostgreSQL user definitions: 267 + <https://www.pgbouncer.org/config.html#section-users> 268 + ''; 269 + }; 270 + 271 + # Section [peers] 272 + peers = mkOption { 273 + type = types.attrsOf types.str; 274 + default = {}; 275 + example = { 276 + "1" = "host=host1.example.com"; 277 + "2" = "host=/tmp/pgbouncer-2 port=5555"; 278 + }; 279 + description = lib.mdDoc '' 280 + Optional. 281 + 282 + Detailed information about PostgreSQL database definitions: 283 + <https://www.pgbouncer.org/config.html#section-peers> 284 + ''; 285 + }; 286 + 287 + # Authentication settings 288 + authType = mkOption { 289 + type = types.enum [ "cert" "md5" "scram-sha-256" "plain" "trust" "any" "hba" "pam" ]; 290 + default = "md5"; 291 + description = lib.mdDoc '' 292 + How to authenticate users. 293 + 294 + cert 295 + Client must connect over TLS connection with a valid client certificate. 296 + The user name is then taken from the CommonName field from the certificate. 297 + md5 298 + Use MD5-based password check. This is the default authentication method. 299 + authFile may contain both MD5-encrypted and plain-text passwords. 300 + If md5 is configured and a user has a SCRAM secret, then SCRAM authentication is used automatically instead. 301 + scram-sha-256 302 + Use password check with SCRAM-SHA-256. authFile has to contain SCRAM secrets or plain-text passwords. 303 + plain 304 + The clear-text password is sent over the wire. Deprecated. 305 + trust 306 + No authentication is done. The user name must still exist in authFile. 307 + any 308 + Like the trust method, but the user name given is ignored. 309 + Requires that all databases are configured to log in as a specific user. 310 + Additionally, the console database allows any user to log in as admin. 311 + hba 312 + The actual authentication type is loaded from authHbaFile. 313 + This allows different authentication methods for different access paths, 314 + for example: connections over Unix socket use the peer auth method, connections over TCP must use TLS. 315 + pam 316 + PAM is used to authenticate users, authFile is ignored. 317 + This method is not compatible with databases using the authUser option. 318 + The service name reported to PAM is “pgbouncer”. pam is not supported in the HBA configuration file. 319 + ''; 320 + }; 321 + 322 + authHbaFile = mkOption { 323 + type = types.nullOr types.path; 324 + default = null; 325 + example = "/secrets/pgbouncer_hba"; 326 + description = lib.mdDoc '' 327 + HBA configuration file to use when authType is hba. 328 + 329 + See HBA file format details: 330 + <https://www.pgbouncer.org/config.html#hba-file-format> 331 + ''; 332 + }; 333 + 334 + authFile = mkOption { 335 + type = types.nullOr types.path; 336 + default = null; 337 + example = "/secrets/pgbouncer_authfile"; 338 + description = lib.mdDoc '' 339 + The name of the file to load user names and passwords from. 340 + 341 + See section Authentication file format details: 342 + <https://www.pgbouncer.org/config.html#authentication-file-format> 343 + 344 + Most authentication types require that either authFile or authUser be set; 345 + otherwise there would be no users defined. 346 + ''; 347 + }; 348 + 349 + authUser = mkOption { 350 + type = types.nullOr types.str; 351 + default = null; 352 + example = "pgbouncer"; 353 + description = lib.mdDoc '' 354 + If authUser is set, then any user not specified in authFile will be queried 355 + through the authQuery query from pg_shadow in the database, using authUser. 356 + The password of authUser will be taken from authFile. 357 + (If the authUser does not require a password then it does not need to be defined in authFile.) 358 + 359 + Direct access to pg_shadow requires admin rights. 360 + It's preferable to use a non-superuser that calls a SECURITY DEFINER function instead. 361 + ''; 362 + }; 363 + 364 + authQuery = mkOption { 365 + type = types.nullOr types.str; 366 + default = null; 367 + example = "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"; 368 + description = lib.mdDoc '' 369 + Query to load user's password from database. 370 + 371 + Direct access to pg_shadow requires admin rights. 372 + It's preferable to use a non-superuser that calls a SECURITY DEFINER function instead. 373 + 374 + Note that the query is run inside the target database. 375 + So if a function is used, it needs to be installed into each database. 376 + ''; 377 + }; 378 + 379 + authDbname = mkOption { 380 + type = types.nullOr types.str; 381 + default = null; 382 + example = "authdb"; 383 + description = lib.mdDoc '' 384 + Database name in the [database] section to be used for authentication purposes. 385 + This option can be either global or overriden in the connection string if this parameter is specified. 386 + ''; 387 + }; 388 + 389 + # TLS settings 390 + tls.client = mkOption { 391 + type = types.nullOr (types.submodule { 392 + options = { 393 + sslmode = mkOption { 394 + type = types.enum [ "disable" "allow" "prefer" "require" "verify-ca" "verify-full" ]; 395 + default = "disable"; 396 + description = lib.mdDoc '' 397 + TLS mode to use for connections from clients. 398 + TLS connections are disabled by default. 399 + 400 + When enabled, tls.client.keyFile and tls.client.certFile 401 + must be also configured to set up the key and certificate 402 + PgBouncer uses to accept client connections. 403 + 404 + disable 405 + Plain TCP. If client requests TLS, it's ignored. Default. 406 + allow 407 + If client requests TLS, it is used. If not, plain TCP is used. 408 + If the client presents a client certificate, it is not validated. 409 + prefer 410 + Same as allow. 411 + require 412 + Client must use TLS. If not, the client connection is rejected. 413 + If the client presents a client certificate, it is not validated. 414 + verify-ca 415 + Client must use TLS with valid client certificate. 416 + verify-full 417 + Same as verify-ca 418 + ''; 419 + }; 420 + certFile = mkOption { 421 + type = types.path; 422 + example = "/secrets/pgbouncer.key"; 423 + description = lib.mdDoc "Path to certificate for private key. Clients can validate it"; 424 + }; 425 + keyFile = mkOption { 426 + type = types.path; 427 + example = "/secrets/pgbouncer.crt"; 428 + description = lib.mdDoc "Path to private key for PgBouncer to accept client connections"; 429 + }; 430 + caFile = mkOption { 431 + type = types.path; 432 + example = "/secrets/pgbouncer.crt"; 433 + description = lib.mdDoc "Path to root certificate file to validate client certificates"; 434 + }; 435 + }; 436 + }); 437 + default = null; 438 + description = lib.mdDoc '' 439 + <https://www.pgbouncer.org/config.html#tls-settings> 440 + ''; 441 + }; 442 + 443 + tls.server = mkOption { 444 + type = types.nullOr (types.submodule { 445 + options = { 446 + sslmode = mkOption { 447 + type = types.enum [ "disable" "allow" "prefer" "require" "verify-ca" "verify-full" ]; 448 + default = "disable"; 449 + description = lib.mdDoc '' 450 + TLS mode to use for connections to PostgreSQL servers. 451 + TLS connections are disabled by default. 452 + 453 + disable 454 + Plain TCP. TLS is not even requested from the server. Default. 455 + allow 456 + FIXME: if server rejects plain, try TLS? 457 + prefer 458 + TLS connection is always requested first from PostgreSQL. 459 + If refused, the connection will be established over plain TCP. 460 + Server certificate is not validated. 461 + require 462 + Connection must go over TLS. If server rejects it, plain TCP is not attempted. 463 + Server certificate is not validated. 464 + verify-ca 465 + Connection must go over TLS and server certificate must be valid according to tls.server.caFile. 466 + Server host name is not checked against certificate. 467 + verify-full 468 + Connection must go over TLS and server certificate must be valid according to tls.server.caFile. 469 + Server host name must match certificate information. 470 + ''; 471 + }; 472 + certFile = mkOption { 473 + type = types.path; 474 + example = "/secrets/pgbouncer_server.key"; 475 + description = lib.mdDoc "Certificate for private key. PostgreSQL server can validate it."; 476 + }; 477 + keyFile = mkOption { 478 + type = types.path; 479 + example = "/secrets/pgbouncer_server.crt"; 480 + description = lib.mdDoc "Private key for PgBouncer to authenticate against PostgreSQL server."; 481 + }; 482 + caFile = mkOption { 483 + type = types.path; 484 + example = "/secrets/pgbouncer_server.crt"; 485 + description = lib.mdDoc "Root certificate file to validate PostgreSQL server certificates."; 486 + }; 487 + }; 488 + }); 489 + default = null; 490 + description = lib.mdDoc '' 491 + <https://www.pgbouncer.org/config.html#tls-settings> 492 + ''; 493 + }; 494 + 495 + # Log settings 496 + syslog = mkOption { 497 + type = types.nullOr (types.submodule { 498 + options = { 499 + enable = mkOption { 500 + type = types.bool; 501 + default = false; 502 + description = lib.mdDoc '' 503 + Toggles syslog on/off. 504 + ''; 505 + }; 506 + syslogIdent = mkOption { 507 + type = types.str; 508 + default = "pgbouncer"; 509 + description = lib.mdDoc '' 510 + Under what name to send logs to syslog. 511 + ''; 512 + }; 513 + syslogFacility = mkOption { 514 + type = types.enum [ "auth" "authpriv" "daemon" "user" "local0" "local1" "local2" "local3" "local4" "local5" "local6" "local7" ]; 515 + default = "daemon"; 516 + description = lib.mdDoc '' 517 + Under what facility to send logs to syslog. 518 + ''; 519 + }; 520 + }; 521 + }); 522 + default = null; 523 + description = lib.mdDoc '' 524 + <https://www.pgbouncer.org/config.html#log-settings> 525 + ''; 526 + }; 527 + 528 + verbose = lib.mkOption { 529 + type = lib.types.int; 530 + default = 0; 531 + description = lib.mdDoc '' 532 + Increase verbosity. Mirrors the “-v” switch on the command line. 533 + ''; 534 + }; 535 + 536 + # Console access control 537 + adminUsers = mkOption { 538 + type = types.nullOr types.commas; 539 + default = null; 540 + description = lib.mdDoc '' 541 + Comma-separated list of database users that are allowed to connect and run all commands on the console. 542 + Ignored when authType is any, in which case any user name is allowed in as admin. 543 + ''; 544 + }; 545 + 546 + statsUsers = mkOption { 547 + type = types.nullOr types.commas; 548 + default = null; 549 + description = lib.mdDoc '' 550 + Comma-separated list of database users that are allowed to connect and run read-only queries on the console. 551 + That means all SHOW commands except SHOW FDS. 552 + ''; 553 + }; 554 + 555 + # Linux settings 556 + openFilesLimit = lib.mkOption { 557 + type = lib.types.int; 558 + default = 65536; 559 + description = lib.mdDoc '' 560 + Maximum number of open files. 561 + ''; 562 + }; 563 + 564 + user = mkOption { 565 + type = types.str; 566 + default = "pgbouncer"; 567 + description = lib.mdDoc '' 568 + The user pgbouncer is run as. 569 + ''; 570 + }; 571 + 572 + group = mkOption { 573 + type = types.str; 574 + default = "pgbouncer"; 575 + description = lib.mdDoc '' 576 + The group pgbouncer is run as. 577 + ''; 578 + }; 579 + 580 + homeDir = mkOption { 581 + type = types.path; 582 + default = "/var/lib/pgbouncer"; 583 + description = lib.mdDoc '' 584 + Specifies the home directory. 585 + ''; 586 + }; 587 + 588 + # Extra settings 589 + extraConfig = mkOption { 590 + type = types.lines; 591 + description = lib.mdDoc '' 592 + Any additional text to be appended to config.ini 593 + <https://www.pgbouncer.org/config.html>. 594 + ''; 595 + default = ""; 596 + }; 597 + }; 598 + 599 + config = mkIf cfg.enable { 600 + users.groups.${cfg.group} = { }; 601 + users.users.${cfg.user} = { 602 + description = "PgBouncer service user"; 603 + group = cfg.group; 604 + home = cfg.homeDir; 605 + createHome = true; 606 + isSystemUser = true; 607 + }; 608 + 609 + systemd.services.pgbouncer = { 610 + description = "PgBouncer - PostgreSQL connection pooler"; 611 + wants = [ "postgresql.service" ]; 612 + after = [ "postgresql.service" ]; 613 + wantedBy = [ "multi-user.target" ]; 614 + serviceConfig = { 615 + Type = "forking"; 616 + User = cfg.user; 617 + Group = cfg.group; 618 + ExecStart = "${pkgs.pgbouncer}/bin/pgbouncer -d ${confFile}"; 619 + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; 620 + RuntimeDirectory = "pgbouncer"; 621 + PIDFile = "/run/pgbouncer/pgbouncer.pid"; 622 + LimitNOFILE = cfg.openFilesLimit; 623 + }; 624 + }; 625 + 626 + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; 627 + 628 + }; 629 + 630 + meta.maintainers = [ maintainers._1000101 ]; 631 + 632 + }

+1 -1

nixos/modules/services/misc/cgminer.nix

··· 11 mapAttrsToList (n: v: ''"${n}": "${(concatStringsSep "," (map convType v))}"'') 12 (foldAttrs (n: a: [n] ++ a) [] cfg.hardware); 13 mergedConfig = with builtins; 14 - mapAttrsToList (n: v: ''"${n}": ${if isBool v then "" else ''"''}${convType v}${if isBool v then "" else ''"''}'') 15 cfg.config; 16 17 cgminerConfig = pkgs.writeText "cgminer.conf" ''

··· 11 mapAttrsToList (n: v: ''"${n}": "${(concatStringsSep "," (map convType v))}"'') 12 (foldAttrs (n: a: [n] ++ a) [] cfg.hardware); 13 mergedConfig = with builtins; 14 + mapAttrsToList (n: v: ''"${n}": ${if isBool v then convType v else ''"${convType v}"''}'') 15 cfg.config; 16 17 cgminerConfig = pkgs.writeText "cgminer.conf" ''

+3 -3

nixos/modules/services/misc/sourcehut/default.nix

··· 8 settingsFormat = pkgs.formats.ini { 9 listToValue = concatMapStringsSep "," (generators.mkValueStringDefault {}); 10 mkKeyValue = k: v: 11 - if v == null then "" 12 - else generators.mkKeyValueDefault { 13 mkValueString = v: 14 if v == true then "yes" 15 else if v == false then "no" 16 else generators.mkValueStringDefault {} v; 17 - } "=" k v; 18 }; 19 configIniOfService = srv: settingsFormat.generate "sourcehut-${srv}-config.ini" 20 # Each service needs access to only a subset of sections (and secrets).

··· 8 settingsFormat = pkgs.formats.ini { 9 listToValue = concatMapStringsSep "," (generators.mkValueStringDefault {}); 10 mkKeyValue = k: v: 11 + optionalString (v != null) 12 + (generators.mkKeyValueDefault { 13 mkValueString = v: 14 if v == true then "yes" 15 else if v == false then "no" 16 else generators.mkValueStringDefault {} v; 17 + } "=" k v); 18 }; 19 configIniOfService = srv: settingsFormat.generate "sourcehut-${srv}-config.ini" 20 # Each service needs access to only a subset of sections (and secrets).

+6 -6

nixos/modules/services/monitoring/prometheus/exporters/pve.nix

··· 104 LoadCredential = "configFile:${computedConfigFile}"; 105 ExecStart = '' 106 ${cfg.package}/bin/pve_exporter \ 107 - --${if cfg.collectors.status == true then "" else "no-"}collector.status \ 108 - --${if cfg.collectors.version == true then "" else "no-"}collector.version \ 109 - --${if cfg.collectors.node == true then "" else "no-"}collector.node \ 110 - --${if cfg.collectors.cluster == true then "" else "no-"}collector.cluster \ 111 - --${if cfg.collectors.resources == true then "" else "no-"}collector.resources \ 112 - --${if cfg.collectors.config == true then "" else "no-"}collector.config \ 113 %d/configFile \ 114 ${toString cfg.port} ${cfg.listenAddress} 115 '';

··· 104 LoadCredential = "configFile:${computedConfigFile}"; 105 ExecStart = '' 106 ${cfg.package}/bin/pve_exporter \ 107 + --${optionalString (!cfg.collectors.status) "no-"}collector.status \ 108 + --${optionalString (!cfg.collectors.version) "no-"}collector.version \ 109 + --${optionalString (!cfg.collectors.node) "no-"}collector.node \ 110 + --${optionalString (!cfg.collectors.cluster) "no-"}collector.cluster \ 111 + --${optionalString (!cfg.collectors.resources) "no-"}collector.resources \ 112 + --${optionalString (!cfg.collectors.config) "no-"}collector.config \ 113 %d/configFile \ 114 ${toString cfg.port} ${cfg.listenAddress} 115 '';

+1 -2

nixos/modules/services/networking/biboumi.nix

··· 8 settingsFile = pkgs.writeText "biboumi.cfg" ( 9 generators.toKeyValue { 10 mkKeyValue = k: v: 11 - if v == null then "" 12 - else generators.mkKeyValueDefault {} "=" k v; 13 } cfg.settings); 14 need_CAP_NET_BIND_SERVICE = cfg.settings.identd_port != 0 && cfg.settings.identd_port < 1024; 15 in

··· 8 settingsFile = pkgs.writeText "biboumi.cfg" ( 9 generators.toKeyValue { 10 mkKeyValue = k: v: 11 + lib.optionalString (v != null) (generators.mkKeyValueDefault {} "=" k v); 12 } cfg.settings); 13 need_CAP_NET_BIND_SERVICE = cfg.settings.identd_port != 0 && cfg.settings.identd_port < 1024; 14 in

+1 -1

nixos/modules/services/networking/cjdns.nix

··· 239 after = [ "network-online.target" ]; 240 bindsTo = [ "network-online.target" ]; 241 242 - preStart = if cfg.confFile != null then "" else '' 243 [ -e /etc/cjdns.keys ] && source /etc/cjdns.keys 244 245 if [ -z "$CJDNS_PRIVATE_KEY" ]; then

··· 239 after = [ "network-online.target" ]; 240 bindsTo = [ "network-online.target" ]; 241 242 + preStart = optionalString (cfg.confFile == null) '' 243 [ -e /etc/cjdns.keys ] && source /etc/cjdns.keys 244 245 if [ -z "$CJDNS_PRIVATE_KEY" ]; then

+2 -2

nixos/modules/services/networking/libreswan.nix

··· 14 nonchars = filter (x : !(elem x.value chars)) 15 (imap0 (i: v: {ind = i; value = v;}) (stringToCharacters str)); 16 in 17 - if length nonchars == 0 then "" 18 - else substring (head nonchars).ind (add 1 (sub (last nonchars).ind (head nonchars).ind)) str; 19 indent = str: concatStrings (concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (splitString "\n" str)); 20 configText = indent (toString cfg.configSetup); 21 connectionText = concatStrings (mapAttrsToList (n: v:

··· 14 nonchars = filter (x : !(elem x.value chars)) 15 (imap0 (i: v: {ind = i; value = v;}) (stringToCharacters str)); 16 in 17 + lib.optionalString (nonchars != [ ]) 18 + (substring (head nonchars).ind (add 1 (sub (last nonchars).ind (head nonchars).ind)) str); 19 indent = str: concatStrings (concatMap (s: [" " (trim [" " "\t"] s) "\n"]) (splitString "\n" str)); 20 configText = indent (toString cfg.configSetup); 21 connectionText = concatStrings (mapAttrsToList (n: v:

+10 -10

nixos/modules/services/networking/murmur.nix

··· 19 welcometext="${cfg.welcometext}" 20 port=${toString cfg.port} 21 22 - ${if cfg.hostName == "" then "" else "host="+cfg.hostName} 23 - ${if cfg.password == "" then "" else "serverpassword="+cfg.password} 24 25 bandwidth=${toString cfg.bandwidth} 26 users=${toString cfg.users} ··· 32 bonjour=${boolToString cfg.bonjour} 33 sendversion=${boolToString cfg.sendVersion} 34 35 - ${if cfg.registerName == "" then "" else "registerName="+cfg.registerName} 36 - ${if cfg.registerPassword == "" then "" else "registerPassword="+cfg.registerPassword} 37 - ${if cfg.registerUrl == "" then "" else "registerUrl="+cfg.registerUrl} 38 - ${if cfg.registerHostname == "" then "" else "registerHostname="+cfg.registerHostname} 39 40 certrequired=${boolToString cfg.clientCertRequired} 41 - ${if cfg.sslCert == "" then "" else "sslCert="+cfg.sslCert} 42 - ${if cfg.sslKey == "" then "" else "sslKey="+cfg.sslKey} 43 - ${if cfg.sslCa == "" then "" else "sslCA="+cfg.sslCa} 44 45 - ${lib.optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"} 46 47 ${cfg.extraConfig} 48 '';

··· 19 welcometext="${cfg.welcometext}" 20 port=${toString cfg.port} 21 22 + ${optionalString (cfg.hostName != "") "host=${cfg.hostName}"} 23 + ${optionalString (cfg.password != "") "serverpassword=${cfg.password}"} 24 25 bandwidth=${toString cfg.bandwidth} 26 users=${toString cfg.users} ··· 32 bonjour=${boolToString cfg.bonjour} 33 sendversion=${boolToString cfg.sendVersion} 34 35 + ${optionalString (cfg.registerName != "") "registerName=${cfg.registerName}"} 36 + ${optionalString (cfg.registerPassword == "") "registerPassword=${cfg.registerPassword}"} 37 + ${optionalString (cfg.registerUrl != "") "registerUrl=${cfg.registerUrl}"} 38 + ${optionalString (cfg.registerHostname != "") "registerHostname=${cfg.registerHostname}"} 39 40 certrequired=${boolToString cfg.clientCertRequired} 41 + ${optionalString (cfg.sslCert != "") "sslCert=${cfg.sslCert}"} 42 + ${optionalString (cfg.sslKey != "") "sslKey=${cfg.sslKey}"} 43 + ${optionalString (cfg.sslCa != "") "sslCA=${cfg.sslCa}"} 44 45 + ${optionalString (cfg.dbus != null) "dbus=${cfg.dbus}"} 46 47 ${cfg.extraConfig} 48 '';

+2 -2

nixos/modules/services/networking/nsd.nix

··· 137 ''; 138 139 yesOrNo = b: if b then "yes" else "no"; 140 - maybeString = prefix: x: if x == null then "" else ''${prefix} "${x}"''; 141 - maybeToString = prefix: x: if x == null then "" else ''${prefix} ${toString x}''; 142 forEach = pre: l: concatMapStrings (x: pre + x + "\n") l; 143 144

··· 137 ''; 138 139 yesOrNo = b: if b then "yes" else "no"; 140 + maybeString = prefix: x: optionalString (x != null) ''${prefix} "${x}"''; 141 + maybeToString = prefix: x: optionalString (x != null) ''${prefix} ${toString x}''; 142 forEach = pre: l: concatMapStrings (x: pre + x + "\n") l; 143 144

+1 -3

nixos/modules/services/networking/ssh/lshd.nix

··· 165 ${lsh}/sbin/lshd --daemonic \ 166 --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ 167 -p ${toString portNumber} \ 168 - ${if interfaces == [] then "" 169 - else (concatStrings (map (i: "--interface=\"${i}\"") 170 - interfaces))} \ 171 -h "${hostKey}" \ 172 ${optionalString (!syslog) "--no-syslog" } \ 173 ${if passwordAuthentication then "--password" else "--no-password" } \

··· 165 ${lsh}/sbin/lshd --daemonic \ 166 --password-helper="${lsh}/sbin/lsh-pam-checkpw" \ 167 -p ${toString portNumber} \ 168 + ${optionalString (interfaces != []) (concatStrings (map (i: "--interface=\"${i}\"") interfaces))} \ 169 -h "${hostKey}" \ 170 ${optionalString (!syslog) "--no-syslog" } \ 171 ${if passwordAuthentication then "--password" else "--no-password" } \

+1 -1

nixos/modules/services/scheduling/fcron.nix

··· 6 7 cfg = config.services.fcron; 8 9 - queuelen = if cfg.queuelen == null then "" else "-q ${toString cfg.queuelen}"; 10 11 # Duplicate code, also found in cron.nix. Needs deduplication. 12 systemCronJobs =

··· 6 7 cfg = config.services.fcron; 8 9 + queuelen = optionalString (cfg.queuelen != null) "-q ${toString cfg.queuelen}"; 10 11 # Duplicate code, also found in cron.nix. Needs deduplication. 12 systemCronJobs =

+1 -1

nixos/modules/services/web-apps/invidious.nix

··· 62 port = cfg.database.port; 63 # Blank for unix sockets, see 64 # https://github.com/will/crystal-pg/blob/1548bb255210/src/pq/conninfo.cr#L100-L108 65 - host = if cfg.database.host == null then "" else cfg.database.host; 66 # Not needed because peer authentication is enabled 67 password = lib.mkIf (cfg.database.host == null) ""; 68 };

··· 62 port = cfg.database.port; 63 # Blank for unix sockets, see 64 # https://github.com/will/crystal-pg/blob/1548bb255210/src/pq/conninfo.cr#L100-L108 65 + host = lib.optionalString (cfg.database.host != null) cfg.database.host; 66 # Not needed because peer authentication is enabled 67 password = lib.mkIf (cfg.database.host == null) ""; 68 };

+1 -1

nixos/modules/services/web-apps/invoiceplane.nix

··· 16 DB_HOSTNAME=${cfg.database.host} 17 DB_USERNAME=${cfg.database.user} 18 # NOTE: file_get_contents adds newline at the end of returned string 19 - DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"} 20 DB_DATABASE=${cfg.database.name} 21 DB_PORT=${toString cfg.database.port} 22 SESS_EXPIRATION=864000

··· 16 DB_HOSTNAME=${cfg.database.host} 17 DB_USERNAME=${cfg.database.user} 18 # NOTE: file_get_contents adds newline at the end of returned string 19 + DB_PASSWORD=${optionalString (cfg.database.passwordFile != null) "trim(file_get_contents('${cfg.database.passwordFile}'), \"\\r\\n\")"} 20 DB_DATABASE=${cfg.database.name} 21 DB_PORT=${toString cfg.database.port} 22 SESS_EXPIRATION=864000

+1 -1

nixos/modules/services/web-apps/peertube.nix

··· 348 }; 349 redis = { 350 hostname = "${toString cfg.redis.host}"; 351 - port = (if cfg.redis.port == null then "" else cfg.redis.port); 352 }; 353 storage = { 354 tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/";

··· 348 }; 349 redis = { 350 hostname = "${toString cfg.redis.host}"; 351 + port = (lib.optionalString (cfg.redis.port != null) cfg.redis.port); 352 }; 353 storage = { 354 tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/";

+1 -1

nixos/modules/services/web-servers/lighttpd/cgit.nix

··· 4 5 let 6 cfg = config.services.lighttpd.cgit; 7 - pathPrefix = if stringLength cfg.subdir == 0 then "" else "/" + cfg.subdir; 8 configFile = pkgs.writeText "cgitrc" 9 '' 10 # default paths to static assets

··· 4 5 let 6 cfg = config.services.lighttpd.cgit; 7 + pathPrefix = optionalString (stringLength cfg.subdir != 0) ("/" + cfg.subdir); 8 configFile = pkgs.writeText "cgitrc" 9 '' 10 # default paths to static assets

+1 -1

nixos/modules/services/x11/desktop-managers/phosh.nix

··· 100 }; 101 }; 102 103 - optionalKV = k: v: if v == null then "" else "${k} = ${builtins.toString v}"; 104 105 renderPhocOutput = name: output: let 106 modelines = if builtins.isList output.modeline

··· 100 }; 101 }; 102 103 + optionalKV = k: v: optionalString (v != null) "${k} = ${builtins.toString v}"; 104 105 renderPhocOutput = name: output: let 106 modelines = if builtins.isList output.modeline

+3 -4

nixos/modules/system/boot/kernel_config.nix

··· 70 let 71 val = if item.freeform != null then item.freeform else item.tristate; 72 in 73 - if val == null 74 - then "" 75 - else if (item.optional) 76 then "${key}? ${mkValue val}\n" 77 - else "${key} ${mkValue val}\n"; 78 79 mkConf = cfg: concatStrings (mapAttrsToList mkConfigLine cfg); 80 in mkConf exprs;

··· 70 let 71 val = if item.freeform != null then item.freeform else item.tristate; 72 in 73 + optionalString (val != null) 74 + (if (item.optional) 75 then "${key}? ${mkValue val}\n" 76 + else "${key} ${mkValue val}\n"); 77 78 mkConf = cfg: concatStrings (mapAttrsToList mkConfigLine cfg); 79 in mkConf exprs;

+2 -2

nixos/modules/system/boot/loader/grub/grub.nix

··· 65 [ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ] 66 ++ optional cfg.efiSupport efibootmgr 67 ++ optionals cfg.useOSProber [ busybox os-prober ]); 68 - font = if cfg.font == null then "" 69 - else (if lib.last (lib.splitString "." cfg.font) == "pf2" 70 then cfg.font 71 else "${convertedFont}"); 72 });

··· 65 [ coreutils gnused gnugrep findutils diffutils btrfs-progs util-linux mdadm ] 66 ++ optional cfg.efiSupport efibootmgr 67 ++ optionals cfg.useOSProber [ busybox os-prober ]); 68 + font = lib.optionalString (cfg.font != null) ( 69 + if lib.last (lib.splitString "." cfg.font) == "pf2" 70 then cfg.font 71 else "${convertedFont}"); 72 });

+1 -1

nixos/modules/system/boot/systemd/user.nix

··· 42 43 writeTmpfiles = { rules, user ? null }: 44 let 45 - suffix = if user == null then "" else "-${user}"; 46 in 47 pkgs.writeTextFile { 48 name = "nixos-user-tmpfiles.d${suffix}";

··· 42 43 writeTmpfiles = { rules, user ? null }: 44 let 45 + suffix = optionalString (user != null) "-${user}"; 46 in 47 pkgs.writeTextFile { 48 name = "nixos-user-tmpfiles.d${suffix}";

+1

nixos/tests/all-tests.nix

··· 599 peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; 600 peroxide = handleTest ./peroxide.nix {}; 601 pgadmin4 = handleTest ./pgadmin4.nix {}; 602 pgjwt = handleTest ./pgjwt.nix {}; 603 pgmanage = handleTest ./pgmanage.nix {}; 604 phosh = handleTest ./phosh.nix {};

··· 599 peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; 600 peroxide = handleTest ./peroxide.nix {}; 601 pgadmin4 = handleTest ./pgadmin4.nix {}; 602 + pgbouncer = handleTest ./pgbouncer.nix {}; 603 pgjwt = handleTest ./pgjwt.nix {}; 604 pgmanage = handleTest ./pgmanage.nix {}; 605 phosh = handleTest ./phosh.nix {};

+61

nixos/tests/pgbouncer.nix

···

··· 1 + import ./make-test-python.nix ({ pkgs, ... } : 2 + let 3 + testAuthFile = pkgs.writeTextFile { 4 + name = "authFile"; 5 + text = '' 6 + "testuser" "testpass" 7 + ''; 8 + }; 9 + in 10 + { 11 + name = "pgbouncer"; 12 + meta = with pkgs.lib.maintainers; { 13 + maintainers = [ _1000101 ]; 14 + }; 15 + nodes = { 16 + one = { config, pkgs, ... }: { 17 + 18 + systemd.services.postgresql = { 19 + postStart = '' 20 + ${pkgs.postgresql}/bin/psql -U postgres -c "ALTER ROLE testuser WITH LOGIN PASSWORD 'testpass'"; 21 + ''; 22 + }; 23 + 24 + services = { 25 + postgresql = { 26 + enable = true; 27 + ensureDatabases = [ "testdb" ]; 28 + ensureUsers = [ 29 + { 30 + name = "testuser"; 31 + ensurePermissions = { 32 + "DATABASE testdb" = "ALL PRIVILEGES"; 33 + }; 34 + }]; 35 + authentication = '' 36 + local testdb testuser scram-sha-256 37 + ''; 38 + }; 39 + 40 + pgbouncer = { 41 + enable = true; 42 + listenAddress = "localhost"; 43 + databases = { testdb = "host=/run/postgresql/ port=5432 auth_user=testuser dbname=testdb"; }; 44 + authType = "scram-sha-256"; 45 + authFile = testAuthFile; 46 + }; 47 + }; 48 + }; 49 + }; 50 + 51 + testScript = '' 52 + start_all() 53 + one.wait_for_unit("default.target") 54 + one.require_unit_state("pgbouncer.service", "active") 55 + 56 + # Test if we can make a query through PgBouncer 57 + one.wait_until_succeeds( 58 + "psql 'postgres://testuser:testpass@localhost:6432/testdb' -c 'SELECT 1;'" 59 + ) 60 + ''; 61 + })

+4 -4

pkgs/applications/editors/texmacs/darwin.nix

··· 47 48 postInstall = "wrapProgram $out/Applications/TeXmacs-${version}/Contents/MacOS/TeXmacs --suffix PATH : " + 49 "${ghostscript}/bin:" + 50 - (if aspell == null then "" else "${aspell}/bin:") + 51 - (if tex == null then "" else "${tex}/bin:") + 52 - (if netpbm == null then "" else "${lib.getBin netpbm}/bin:") + 53 - (if imagemagick == null then "" else "${imagemagick}/bin:"); 54 55 enableParallelBuilding = true; 56

··· 47 48 postInstall = "wrapProgram $out/Applications/TeXmacs-${version}/Contents/MacOS/TeXmacs --suffix PATH : " + 49 "${ghostscript}/bin:" + 50 + (lib.optionalString (aspell != null) "${aspell}/bin:") + 51 + (lib.optionalString (tex != null) "${tex}/bin:") + 52 + (lib.optionalString (netpbm != null) "${lib.getBin netpbm}/bin:") + 53 + (lib.optionalString (imagemagick != null) "${imagemagick}/bin:"); 54 55 enableParallelBuilding = true; 56

+1 -1

pkgs/applications/editors/vscode/vscodium.nix

··· 22 armv7l-linux = "1cp739i5002j2kmdh3rhh7p88gyvjrfwcr430g5dvhdp7mgkbwn1"; 23 }.${system} or throwSystem; 24 25 - sourceRoot = if stdenv.isDarwin then "" else "."; 26 in 27 callPackage ./generic.nix rec { 28 inherit sourceRoot commandLineArgs useVSCodeRipgrep;

··· 22 armv7l-linux = "1cp739i5002j2kmdh3rhh7p88gyvjrfwcr430g5dvhdp7mgkbwn1"; 23 }.${system} or throwSystem; 24 25 + sourceRoot = lib.optionalString (!stdenv.isDarwin) "."; 26 in 27 callPackage ./generic.nix rec { 28 inherit sourceRoot commandLineArgs useVSCodeRipgrep;

+2 -2

pkgs/applications/misc/mkgmap/default.nix

··· 15 in 16 stdenv.mkDerivation rec { 17 pname = "mkgmap"; 18 - version = "4909"; 19 20 src = fetchsvn { 21 url = "https://svn.mkgmap.org.uk/mkgmap/mkgmap/trunk"; 22 rev = version; 23 - sha256 = "sha256-B3G1xpDZtJqkjyufLwYnJQlXREvN6OrJEjHWWP05jDM="; 24 }; 25 26 patches = [

··· 15 in 16 stdenv.mkDerivation rec { 17 pname = "mkgmap"; 18 + version = "4910"; 19 20 src = fetchsvn { 21 url = "https://svn.mkgmap.org.uk/mkgmap/mkgmap/trunk"; 22 rev = version; 23 + sha256 = "sha256-t4SyvDvwNdqKh95MRmHxlX6q84dN0y4ANPIXqS7ynBA="; 24 }; 25 26 patches = [

+1 -3

pkgs/applications/networking/browsers/chromium/default.nix

··· 135 }; 136 }; 137 138 - suffix = if (channel == "stable" || channel == "ungoogled-chromium") 139 - then "" 140 - else "-" + channel; 141 142 sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; 143

··· 135 }; 136 }; 137 138 + suffix = lib.optionalString (channel != "stable" && channel != "ungoogled-chromium") ("-" + channel); 139 140 sandboxExecutableName = chromium.browser.passthru.sandboxExecutableName; 141

-1

pkgs/applications/networking/browsers/firefox/common.nix

··· 187 # These values are exposed through telemetry 188 "app.distributor" = "nixos"; 189 "app.distributor.channel" = "nixpkgs"; 190 - "app.partner.nixos" = "nixos"; 191 }; 192 }); 193

··· 187 # These values are exposed through telemetry 188 "app.distributor" = "nixos"; 189 "app.distributor.channel" = "nixpkgs"; 190 }; 191 }); 192

+2 -6

pkgs/applications/networking/browsers/microsoft-edge/browser.nix

··· 46 then baseName 47 else baseName + "-" + channel; 48 49 - iconSuffix = if channel == "stable" 50 - then "" 51 - else "_${channel}"; 52 53 - desktopSuffix = if channel == "stable" 54 - then "" 55 - else "-${channel}"; 56 in 57 58 stdenv.mkDerivation rec {

··· 46 then baseName 47 else baseName + "-" + channel; 48 49 + iconSuffix = lib.optionalString (channel != "stable") "_${channel}"; 50 51 + desktopSuffix = lib.optionalString (channel != "stable") "-${channel}"; 52 in 53 54 stdenv.mkDerivation rec {

+2 -2

pkgs/applications/networking/flexget/default.nix

··· 6 7 python3.pkgs.buildPythonApplication rec { 8 pname = "flexget"; 9 - version = "3.7.9"; 10 format = "pyproject"; 11 12 # Fetch from GitHub in order to use `requirements.in` ··· 14 owner = "Flexget"; 15 repo = "Flexget"; 16 rev = "refs/tags/v${version}"; 17 - hash = "sha256-TD57tGLTYy8E7lx6hzH1/00oWFYqCQ325UNEhgv/AEA="; 18 }; 19 20 postPatch = ''

··· 6 7 python3.pkgs.buildPythonApplication rec { 8 pname = "flexget"; 9 + version = "3.7.10"; 10 format = "pyproject"; 11 12 # Fetch from GitHub in order to use `requirements.in` ··· 14 owner = "Flexget"; 15 repo = "Flexget"; 16 rev = "refs/tags/v${version}"; 17 + hash = "sha256-5wf1oQzriawhthAfHMMtZbUMvGNviBPzmnLKahRkmXQ="; 18 }; 19 20 postPatch = ''

+1 -1

pkgs/applications/office/libreoffice/default.nix

··· 395 dontWrapQtApps = true; 396 397 configureFlags = [ 398 - (if withHelp then "" else "--without-help") 399 "--with-boost=${getDev boost}" 400 "--with-boost-libdir=${getLib boost}/lib" 401 "--with-beanshell-jar=${bsh}"

··· 395 dontWrapQtApps = true; 396 397 configureFlags = [ 398 + (lib.optionalString (!withHelp) "--without-help") 399 "--with-boost=${getDev boost}" 400 "--with-boost-libdir=${getLib boost}/lib" 401 "--with-beanshell-jar=${bsh}"

+1

pkgs/applications/office/trilium/desktop.nix

··· 42 comment = meta.description; 43 desktopName = "Trilium Notes"; 44 categories = [ "Office" ]; 45 }) 46 ]; 47

··· 42 comment = meta.description; 43 desktopName = "Trilium Notes"; 44 categories = [ "Office" ]; 45 + startupWMClass = "trilium notes"; 46 }) 47 ]; 48

+1 -2

pkgs/applications/science/logic/hol_light/default.nix

··· 2 3 let 4 load_num = 5 - if num == null then "" else 6 - '' 7 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/num \ 8 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/top-num \ 9 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/stublibs \

··· 2 3 let 4 load_num = 5 + lib.optionalString (num != null) '' 6 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/num \ 7 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/top-num \ 8 -I ${num}/lib/ocaml/${ocaml.version}/site-lib/stublibs \

+1 -1

pkgs/applications/science/math/sage/sage-tests.nix

··· 19 runAllTests = files == null; 20 testArgs = if runAllTests then "--all" else testFileList; 21 patienceSpecifier = lib.optionalString longTests "--long"; 22 - timeSpecifier = if timeLimit == null then "" else "--short ${toString timeLimit}"; 23 relpathToArg = relpath: lib.escapeShellArg "${src}/${relpath}"; # paths need to be absolute 24 testFileList = lib.concatStringsSep " " (map relpathToArg files); 25 in

··· 19 runAllTests = files == null; 20 testArgs = if runAllTests then "--all" else testFileList; 21 patienceSpecifier = lib.optionalString longTests "--long"; 22 + timeSpecifier = lib.optionalString (timeLimit != null) "--short ${toString timeLimit}"; 23 relpathToArg = relpath: lib.escapeShellArg "${src}/${relpath}"; # paths need to be absolute 24 testFileList = lib.concatStringsSep " " (map relpathToArg files); 25 in

+1 -1

pkgs/applications/version-management/sapling/default.nix

··· 38 # 39 # See https://github.com/NixOS/nixpkgs/pull/198311#issuecomment-1326894295 40 myCargoSetupHook = rustPlatform.cargoSetupHook.overrideAttrs (old: { 41 - cargoConfig = if stdenv.isDarwin then "" else old.cargoConfig; 42 }); 43 44 src = fetchFromGitHub {

··· 38 # 39 # See https://github.com/NixOS/nixpkgs/pull/198311#issuecomment-1326894295 40 myCargoSetupHook = rustPlatform.cargoSetupHook.overrideAttrs (old: { 41 + cargoConfig = lib.optionalString (!stdenv.isDarwin) old.cargoConfig; 42 }); 43 44 src = fetchFromGitHub {

+2 -2

pkgs/applications/video/obs-studio/plugins/obs-vertical-canvas.nix

··· 9 10 stdenv.mkDerivation rec { 11 pname = "obs-vertical-canvas"; 12 - version = "1.2.4"; 13 14 src = fetchFromGitHub { 15 owner = "Aitum"; 16 repo = "obs-vertical-canvas"; 17 rev = version; 18 - sha256 = "sha256-a9r01adzeC8KSr+ATgRQLoJ+dlAj6NWFZ5cRYlS7FeM="; 19 }; 20 21 nativeBuildInputs = [ cmake ];

··· 9 10 stdenv.mkDerivation rec { 11 pname = "obs-vertical-canvas"; 12 + version = "1.2.5"; 13 14 src = fetchFromGitHub { 15 owner = "Aitum"; 16 repo = "obs-vertical-canvas"; 17 rev = version; 18 + sha256 = "sha256-6I73YukhqOLsqVimTfVKYG6LzIYoJRnMaxkPhEAinfQ="; 19 }; 20 21 nativeBuildInputs = [ cmake ];

+1 -1

pkgs/applications/window-managers/sway/wrapper.nix

··· 28 export DBUS_SESSION_BUS_ADDRESS 29 exec ${sway}/bin/sway "$@" 30 else 31 - exec ${if !dbusSupport then "" else "${dbus}/bin/dbus-run-session"} ${sway}/bin/sway "$@" 32 fi 33 ''; 34 in symlinkJoin {

··· 28 export DBUS_SESSION_BUS_ADDRESS 29 exec ${sway}/bin/sway "$@" 30 else 31 + exec ${lib.optionalString dbusSupport "${dbus}/bin/dbus-run-session"} ${sway}/bin/sway "$@" 32 fi 33 ''; 34 in symlinkJoin {

+8 -8

pkgs/build-support/bintools-wrapper/default.nix

··· 59 bintoolsVersion = lib.getVersion bintools; 60 bintoolsName = lib.removePrefix targetPrefix (lib.getName bintools); 61 62 - libc_bin = if libc == null then "" else getBin libc; 63 - libc_dev = if libc == null then "" else getDev libc; 64 - libc_lib = if libc == null then "" else getLib libc; 65 - bintools_bin = if nativeTools then "" else getBin bintools; 66 # The wrapper scripts use 'cat' and 'grep', so we may need coreutils. 67 - coreutils_bin = if nativeTools then "" else getBin coreutils; 68 69 # See description in cc-wrapper. 70 suffixSalt = replaceStrings ["-" "."] ["_" "_"] targetPlatform.config; ··· 103 stdenv.mkDerivation { 104 pname = targetPrefix 105 + (if name != "" then name else "${bintoolsName}-wrapper"); 106 - version = if bintools == null then "" else bintoolsVersion; 107 108 preferLocalBuild = true; 109 ··· 265 # install the wrapper, you get tools like objdump (same for any 266 # binaries of libc). 267 + optionalString (!nativeTools) '' 268 - printWords ${bintools_bin} ${if libc == null then "" else libc_bin} > $out/nix-support/propagated-user-env-packages 269 '' 270 271 ## ··· 381 # for substitution in utils.bash 382 expandResponseParams = "${expand-response-params}/bin/expand-response-params"; 383 shell = getBin shell + shell.shellPath or ""; 384 - gnugrep_bin = if nativeTools then "" else gnugrep; 385 wrapperName = "BINTOOLS_WRAPPER"; 386 inherit dynamicLinker targetPrefix suffixSalt coreutils_bin; 387 inherit bintools_bin libc_bin libc_dev libc_lib;

··· 59 bintoolsVersion = lib.getVersion bintools; 60 bintoolsName = lib.removePrefix targetPrefix (lib.getName bintools); 61 62 + libc_bin = lib.optionalString (libc != null) (getBin libc); 63 + libc_dev = lib.optionalString (libc != null) (getDev libc); 64 + libc_lib = lib.optionalString (libc != null) (getLib libc); 65 + bintools_bin = lib.optionalString (!nativeTools) (getBin bintools); 66 # The wrapper scripts use 'cat' and 'grep', so we may need coreutils. 67 + coreutils_bin = lib.optionalString (!nativeTools) (getBin coreutils); 68 69 # See description in cc-wrapper. 70 suffixSalt = replaceStrings ["-" "."] ["_" "_"] targetPlatform.config; ··· 103 stdenv.mkDerivation { 104 pname = targetPrefix 105 + (if name != "" then name else "${bintoolsName}-wrapper"); 106 + version = lib.optionalString (bintools != null) bintoolsVersion; 107 108 preferLocalBuild = true; 109 ··· 265 # install the wrapper, you get tools like objdump (same for any 266 # binaries of libc). 267 + optionalString (!nativeTools) '' 268 + printWords ${bintools_bin} ${lib.optionalString (libc != null) libc_bin} > $out/nix-support/propagated-user-env-packages 269 '' 270 271 ## ··· 381 # for substitution in utils.bash 382 expandResponseParams = "${expand-response-params}/bin/expand-response-params"; 383 shell = getBin shell + shell.shellPath or ""; 384 + gnugrep_bin = lib.optionalString (!nativeTools) gnugrep; 385 wrapperName = "BINTOOLS_WRAPPER"; 386 inherit dynamicLinker targetPrefix suffixSalt coreutils_bin; 387 inherit bintools_bin libc_bin libc_dev libc_lib;

+7 -7

pkgs/build-support/cc-wrapper/default.nix

··· 75 ccVersion = lib.getVersion cc; 76 ccName = lib.removePrefix targetPrefix (lib.getName cc); 77 78 - libc_bin = if libc == null then "" else getBin libc; 79 - libc_dev = if libc == null then "" else getDev libc; 80 - libc_lib = if libc == null then "" else getLib libc; 81 cc_solib = getLib cc 82 + optionalString (targetPlatform != hostPlatform) "/${targetPlatform.config}"; 83 84 # The wrapper scripts use 'cat' and 'grep', so we may need coreutils. 85 - coreutils_bin = if nativeTools then "" else getBin coreutils; 86 87 # The "suffix salt" is a arbitrary string added in the end of env vars 88 # defined by cc-wrapper's hooks so that multiple cc-wrappers can be used ··· 176 stdenv.mkDerivation { 177 pname = targetPrefix 178 + (if name != "" then name else "${ccName}-wrapper"); 179 - version = if cc == null then "" else ccVersion; 180 181 preferLocalBuild = true; 182 ··· 612 # for substitution in utils.bash 613 expandResponseParams = "${expand-response-params}/bin/expand-response-params"; 614 shell = getBin shell + shell.shellPath or ""; 615 - gnugrep_bin = if nativeTools then "" else gnugrep; 616 # stdenv.cc.cc should not be null and we have nothing better for now. 617 # if the native impure bootstrap is gotten rid of this can become `inherit cc;` again. 618 - cc = if nativeTools then "" else cc; 619 wrapperName = "CC_WRAPPER"; 620 inherit suffixSalt coreutils_bin bintools; 621 inherit libc_bin libc_dev libc_lib;

··· 75 ccVersion = lib.getVersion cc; 76 ccName = lib.removePrefix targetPrefix (lib.getName cc); 77 78 + libc_bin = optionalString (libc != null) (getBin libc); 79 + libc_dev = optionalString (libc != null) (getDev libc); 80 + libc_lib = optionalString (libc != null) (getLib libc); 81 cc_solib = getLib cc 82 + optionalString (targetPlatform != hostPlatform) "/${targetPlatform.config}"; 83 84 # The wrapper scripts use 'cat' and 'grep', so we may need coreutils. 85 + coreutils_bin = optionalString (!nativeTools) (getBin coreutils); 86 87 # The "suffix salt" is a arbitrary string added in the end of env vars 88 # defined by cc-wrapper's hooks so that multiple cc-wrappers can be used ··· 176 stdenv.mkDerivation { 177 pname = targetPrefix 178 + (if name != "" then name else "${ccName}-wrapper"); 179 + version = optionalString (cc != null) ccVersion; 180 181 preferLocalBuild = true; 182 ··· 612 # for substitution in utils.bash 613 expandResponseParams = "${expand-response-params}/bin/expand-response-params"; 614 shell = getBin shell + shell.shellPath or ""; 615 + gnugrep_bin = optionalString (!nativeTools) gnugrep; 616 # stdenv.cc.cc should not be null and we have nothing better for now. 617 # if the native impure bootstrap is gotten rid of this can become `inherit cc;` again. 618 + cc = optionalString (!nativeTools) cc; 619 wrapperName = "CC_WRAPPER"; 620 inherit suffixSalt coreutils_bin bintools; 621 inherit libc_bin libc_dev libc_lib;

+1 -1

pkgs/build-support/docker/default.nix

··· 594 nativeBuildInputs = [ jshon pigz jq moreutils ]; 595 # Image name must be lowercase 596 imageName = lib.toLower name; 597 - imageTag = if tag == null then "" else tag; 598 inherit fromImage baseJson; 599 layerClosure = writeReferencesToFile layer; 600 passthru.buildArgs = args;

··· 594 nativeBuildInputs = [ jshon pigz jq moreutils ]; 595 # Image name must be lowercase 596 imageName = lib.toLower name; 597 + imageTag = lib.optionalString (tag != null) tag; 598 inherit fromImage baseJson; 599 layerClosure = writeReferencesToFile layer; 600 passthru.buildArgs = args;

+1 -1

pkgs/build-support/fetchgithub/default.nix

··· 24 position = "${position.file}:${toString position.line}"; 25 }; 26 passthruAttrs = removeAttrs args [ "owner" "repo" "rev" "fetchSubmodules" "forceFetchGit" "private" "githubBase" "varPrefix" ]; 27 - varBase = "NIX${if varPrefix == null then "" else "_${varPrefix}"}_GITHUB_PRIVATE_"; 28 useFetchGit = fetchSubmodules || (leaveDotGit == true) || deepClone || forceFetchGit || (sparseCheckout != []); 29 # We prefer fetchzip in cases we don't need submodules as the hash 30 # is more stable in that case.

··· 24 position = "${position.file}:${toString position.line}"; 25 }; 26 passthruAttrs = removeAttrs args [ "owner" "repo" "rev" "fetchSubmodules" "forceFetchGit" "private" "githubBase" "varPrefix" ]; 27 + varBase = "NIX${lib.optionalString (varPrefix != null) "_${varPrefix}"}_GITHUB_PRIVATE_"; 28 useFetchGit = fetchSubmodules || (leaveDotGit == true) || deepClone || forceFetchGit || (sparseCheckout != []); 29 # We prefer fetchzip in cases we don't need submodules as the hash 30 # is more stable in that case.

+1 -1

pkgs/build-support/kernel/make-initrd-ng.nix

··· 72 ${if makeUInitrd then "uInitrdCompression" else null} = uInitrdCompression; 73 74 passAsFile = ["contents"]; 75 - contents = lib.concatMapStringsSep "\n" ({ object, symlink, ... }: "${object}\n${if symlink == null then "" else symlink}") contents + "\n"; 76 77 nativeBuildInputs = [makeInitrdNGTool cpio] ++ lib.optional makeUInitrd ubootTools ++ lib.optional strip binutils; 78

··· 72 ${if makeUInitrd then "uInitrdCompression" else null} = uInitrdCompression; 73 74 passAsFile = ["contents"]; 75 + contents = lib.concatMapStringsSep "\n" ({ object, symlink, ... }: "${object}\n${lib.optionalString (symlink != null) symlink}") contents + "\n"; 76 77 nativeBuildInputs = [makeInitrdNGTool cpio] ++ lib.optional makeUInitrd ubootTools ++ lib.optional strip binutils; 78

+1 -1

pkgs/build-support/nix-gitignore/default.nix

··· 66 handleSlashPrefix = l: 67 let 68 split = (match "^(/?)(.*)" l); 69 - findSlash = l: if (match ".+/.+" l) != null then "" else l; 70 hasSlash = mapAroundCharclass findSlash l != l; 71 in 72 (if (elemAt split 0) == "/" || hasSlash

··· 66 handleSlashPrefix = l: 67 let 68 split = (match "^(/?)(.*)" l); 69 + findSlash = l: lib.optionalString ((match ".+/.+" l) == null) l; 70 hasSlash = mapAroundCharclass findSlash l != l; 71 in 72 (if (elemAt split 0) == "/" || hasSlash

+1 -1

pkgs/build-support/rust/build-rust-crate/configure-crate.nix

··· 21 , verbose 22 , workspace_member }: 23 let version_ = lib.splitString "-" crateVersion; 24 - versionPre = if lib.tail version_ == [] then "" else lib.elemAt version_ 1; 25 version = lib.splitVersion (lib.head version_); 26 rustcOpts = lib.foldl' (opts: opt: opts + " " + opt) 27 (if release then "-C opt-level=3" else "-C debuginfo=2")

··· 21 , verbose 22 , workspace_member }: 23 let version_ = lib.splitString "-" crateVersion; 24 + versionPre = lib.optionalString (lib.tail version_ != []) (lib.elemAt version_ 1); 25 version = lib.splitVersion (lib.head version_); 26 rustcOpts = lib.foldl' (opts: opt: opts + " " + opt) 27 (if release then "-C opt-level=3" else "-C debuginfo=2")

+1 -1

pkgs/build-support/vm/default.nix

··· 468 469 echo "installing RPMs..." 470 PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \ 471 - rpm -iv --nosignature ${if runScripts then "" else "--noscripts"} $rpms 472 473 echo "running post-install script..." 474 eval "$postInstall"

··· 468 469 echo "installing RPMs..." 470 PATH=/usr/bin:/bin:/usr/sbin:/sbin $chroot /mnt \ 471 + rpm -iv --nosignature ${lib.optionalString (!runScripts) "--noscripts"} $rpms 472 473 echo "running post-install script..." 474 eval "$postInstall"

+1 -1

pkgs/data/sgml+xml/stylesheets/xslt/docbook-xsl/default.nix

··· 3 let 4 5 common = { pname, sha256, suffix ? "" }: let 6 - legacySuffix = if suffix == "-nons" then "" else "-ns"; 7 self = stdenv.mkDerivation rec { 8 inherit pname; 9 version = "1.79.2";

··· 3 let 4 5 common = { pname, sha256, suffix ? "" }: let 6 + legacySuffix = lib.optionalString (suffix != "-nons") "-ns"; 7 self = stdenv.mkDerivation rec { 8 inherit pname; 9 version = "1.79.2";

+1 -4

pkgs/development/compilers/purescript/purescript/default.nix

··· 7 dynamic-linker = stdenv.cc.bintools.dynamicLinker; 8 9 patchelf = libPath : 10 - if stdenv.isDarwin 11 - then "" 12 - else 13 - '' 14 chmod u+w $PURS 15 patchelf --interpreter ${dynamic-linker} --set-rpath ${libPath} $PURS 16 chmod u-w $PURS

··· 7 dynamic-linker = stdenv.cc.bintools.dynamicLinker; 8 9 patchelf = libPath : 10 + lib.optionalString (!stdenv.isDarwin) '' 11 chmod u+w $PURS 12 patchelf --interpreter ${dynamic-linker} --set-rpath ${libPath} $PURS 13 chmod u-w $PURS

+1 -1

pkgs/development/interpreters/acl2/libipasirglucose4/default.nix

··· 24 25 postBuild = '' 26 $CXX -shared -o ${libname} \ 27 - ${if stdenv.cc.isClang then "" else "-Wl,-soname,${libname}"} \ 28 ipasirglucoseglue.o libipasirglucose4.a 29 ''; 30

··· 24 25 postBuild = '' 26 $CXX -shared -o ${libname} \ 27 + ${lib.optionalString (!stdenv.cc.isClang) "-Wl,-soname,${libname}"} \ 28 ipasirglucoseglue.o libipasirglucose4.a 29 ''; 30

+1 -1

pkgs/development/interpreters/python/mk-python-derivation.nix

··· 118 119 optionalLocation = let 120 pos = builtins.unsafeGetAttrPos (if attrs ? "pname" then "pname" else "name") attrs; 121 - in if pos == null then "" else " at ${pos.file}:${toString pos.line}:${toString pos.column}"; 122 123 leftPadName = name: against: let 124 len = lib.max (lib.stringLength name) (lib.stringLength against);

··· 118 119 optionalLocation = let 120 pos = builtins.unsafeGetAttrPos (if attrs ? "pname" then "pname" else "name") attrs; 121 + in lib.optionalString (pos != null) " at ${pos.file}:${toString pos.line}:${toString pos.column}"; 122 123 leftPadName = name: against: let 124 len = lib.max (lib.stringLength name) (lib.stringLength against);

+1 -1

pkgs/development/interpreters/python/wrapper.nix

··· 42 if [ -f "$prg" ]; then 43 rm -f "$out/bin/$prg" 44 if [ -x "$prg" ]; then 45 - makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set NIX_PYTHONPREFIX "$out" --set NIX_PYTHONEXECUTABLE ${pythonExecutable} --set NIX_PYTHONPATH ${pythonPath} ${if permitUserSite then "" else ''--set PYTHONNOUSERSITE "true"''} ${lib.concatStringsSep " " makeWrapperArgs} 46 fi 47 fi 48 done

··· 42 if [ -f "$prg" ]; then 43 rm -f "$out/bin/$prg" 44 if [ -x "$prg" ]; then 45 + makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set NIX_PYTHONPREFIX "$out" --set NIX_PYTHONEXECUTABLE ${pythonExecutable} --set NIX_PYTHONPATH ${pythonPath} ${lib.optionalString (!permitUserSite) ''--set PYTHONNOUSERSITE "true"''} ${lib.concatStringsSep " " makeWrapperArgs} 46 fi 47 fi 48 done

+1 -1

pkgs/development/libraries/ffmpeg/generic.nix

··· 330 assert buildSwscale -> buildAvutil; 331 332 stdenv.mkDerivation (finalAttrs: { 333 - pname = "ffmpeg" + (if ffmpegVariant == "small" then "" else "-${ffmpegVariant}"); 334 inherit version; 335 336 src = fetchgit {

··· 330 assert buildSwscale -> buildAvutil; 331 332 stdenv.mkDerivation (finalAttrs: { 333 + pname = "ffmpeg" + (optionalString (ffmpegVariant != "small") "-${ffmpegVariant}"); 334 inherit version; 335 336 src = fetchgit {

+25 -5

pkgs/development/libraries/liblcf/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, expat, icu }: 2 3 stdenv.mkDerivation rec { 4 pname = "liblcf"; 5 - version = "0.7.0"; 6 7 src = fetchFromGitHub { 8 owner = "EasyRPG"; 9 repo = "liblcf"; 10 rev = version; 11 - sha256 = "sha256-69cYZ8hJ92gK39gueaEoUM0K7BDWIQ/0NvcQ/6e3Sg8="; 12 }; 13 14 - nativeBuildInputs = [ autoreconfHook pkg-config ]; 15 - propagatedBuildInputs = [ expat icu ]; 16 enableParallelBuilding = true; 17 18 meta = with lib; { 19 description = "Library to handle RPG Maker 2000/2003 and EasyRPG projects";

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , autoreconfHook 5 + , pkg-config 6 + , expat 7 + , icu 8 + }: 9 10 stdenv.mkDerivation rec { 11 pname = "liblcf"; 12 + version = "0.8"; 13 14 src = fetchFromGitHub { 15 owner = "EasyRPG"; 16 repo = "liblcf"; 17 rev = version; 18 + hash = "sha256-jJGIsNw7wplTL5FBWGL8osb9255o9ZaWgl77R+RLDMM="; 19 }; 20 21 + dtrictDeps = true; 22 + 23 + nativeBuildInputs = [ 24 + autoreconfHook 25 + pkg-config 26 + ]; 27 + 28 + propagatedBuildInputs = [ 29 + expat 30 + icu 31 + ]; 32 + 33 enableParallelBuilding = true; 34 + enableParallelChecking = true; 35 + 36 + doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform; 37 38 meta = with lib; { 39 description = "Library to handle RPG Maker 2000/2003 and EasyRPG projects";

+1 -1

pkgs/development/libraries/opencv/tests.nix

··· 39 "stitching" 40 "video" 41 ] ++ lib.optionals (!stdenv.isAarch64 && enableGStreamer) [ "gapi" ]; 42 - testRunner = if stdenv.isDarwin then "" else "${lib.getExe xvfb-run} -a "; 43 testsPreparation = '' 44 touch $out 45 # several tests want a write access, so we have to copy files

··· 39 "stitching" 40 "video" 41 ] ++ lib.optionals (!stdenv.isAarch64 && enableGStreamer) [ "gapi" ]; 42 + testRunner = lib.optionalString (!stdenv.isDarwin) "${lib.getExe xvfb-run} -a "; 43 testsPreparation = '' 44 touch $out 45 # several tests want a write access, so we have to copy files

+3 -3

pkgs/development/libraries/qt-4.x/4.8/default.nix

··· 173 "-make" "libs" "-make" "tools" "-make" "translations" 174 "-no-phonon" "-no-webkit" "-no-multimedia" "-audio-backend" 175 ]) ++ [ 176 - "-${if demos then "" else "no"}make" "demos" 177 - "-${if examples then "" else "no"}make" "examples" 178 - "-${if docs then "" else "no"}make" "docs" 179 ] ++ lib.optional developerBuild "-developer-build" 180 ++ lib.optionals stdenv.hostPlatform.isDarwin [ platformFlag "unsupported/macx-clang-libc++" ] 181 ++ lib.optionals stdenv.hostPlatform.isWindows [ platformFlag "win32-g++-4.6" ];

··· 173 "-make" "libs" "-make" "tools" "-make" "translations" 174 "-no-phonon" "-no-webkit" "-no-multimedia" "-audio-backend" 175 ]) ++ [ 176 + "-${lib.optionalString (!demos) "no"}make" "demos" 177 + "-${lib.optionalString (!examples) "no"}make" "examples" 178 + "-${lib.optionalString (!docs) "no"}make" "docs" 179 ] ++ lib.optional developerBuild "-developer-build" 180 ++ lib.optionals stdenv.hostPlatform.isDarwin [ platformFlag "unsupported/macx-clang-libc++" ] 181 ++ lib.optionals stdenv.hostPlatform.isWindows [ platformFlag "win32-g++-4.6" ];

+1 -2

pkgs/development/mobile/titaniumenv/build-app.nix

··· 158 159 installPhase = '' 160 ${if target == "android" then '' 161 - ${if release then "" 162 - else '' 163 cp "$(ls build/android/bin/*.apk | grep -v '\-unsigned.apk')" $out 164 ''} 165

··· 158 159 installPhase = '' 160 ${if target == "android" then '' 161 + ${lib.optionalString (!release) '' 162 cp "$(ls build/android/bin/*.apk | grep -v '\-unsigned.apk')" $out 163 ''} 164

+1 -1

pkgs/development/python-modules/azure-common/default.nix

··· 23 azure-nspkg 24 ] ++ lib.optionals (!isPy3k) [ setuptools ]; # need for namespace lookup 25 26 - postInstall = if isPy3k then "" else '' 27 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/__init__.py 28 ''; 29

··· 23 azure-nspkg 24 ] ++ lib.optionals (!isPy3k) [ setuptools ]; # need for namespace lookup 25 26 + postInstall = lib.optionalString (!isPy3k) '' 27 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/__init__.py 28 ''; 29

+1 -1

pkgs/development/python-modules/azure-mgmt-common/default.nix

··· 26 msrestazure 27 ]; 28 29 - postInstall = if isPy3k then "" else '' 30 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/mgmt/__init__.py 31 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/__init__.py 32 '';

··· 26 msrestazure 27 ]; 28 29 + postInstall = pkgs.lib.optionalString (!isPy3k) '' 30 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/mgmt/__init__.py 31 echo "__import__('pkg_resources').declare_namespace(__name__)" >> "$out/lib/${python.libPrefix}"/site-packages/azure/__init__.py 32 '';

+2 -2

pkgs/development/python-modules/hcloud/default.nix

··· 11 12 buildPythonPackage rec { 13 pname = "hcloud"; 14 - version = "1.25.0"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.7"; 18 19 src = fetchPypi { 20 inherit pname version; 21 - hash = "sha256-xKoyRwMeyU+qQ0wXsVCTXdQatxQCc5re2Iv6KGjusuA="; 22 }; 23 24 propagatedBuildInputs = [

··· 11 12 buildPythonPackage rec { 13 pname = "hcloud"; 14 + version = "1.26.0"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.7"; 18 19 src = fetchPypi { 20 inherit pname version; 21 + hash = "sha256-siyPuSLqzH30bdY1y+VaBBCjOU1YLtBgPpTvZCJtcXc="; 22 }; 23 24 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/pyfuse3/default.nix

··· 14 15 buildPythonPackage rec { 16 pname = "pyfuse3"; 17 - version = "3.2.2"; 18 19 disabled = pythonOlder "3.5"; 20 ··· 24 owner = "libfuse"; 25 repo = "pyfuse3"; 26 rev = "refs/tags/${version}"; 27 - hash = "sha256-Y9Haz3MMhTXkvYFOGNWJnoGNnvoK6wiQ+s3AwJhBD8Q="; 28 }; 29 30 postPatch = ''

··· 14 15 buildPythonPackage rec { 16 pname = "pyfuse3"; 17 + version = "3.2.3"; 18 19 disabled = pythonOlder "3.5"; 20 ··· 24 owner = "libfuse"; 25 repo = "pyfuse3"; 26 rev = "refs/tags/${version}"; 27 + hash = "sha256-2YrVapCojcFRaljqNeWPMWz3hEgSutKPy2u8FXp0fME="; 28 }; 29 30 postPatch = ''

+2 -2

pkgs/development/python-modules/pymilvus/default.nix

··· 17 18 buildPythonPackage rec { 19 pname = "pymilvus"; 20 - version = "2.2.8"; 21 format = "pyproject"; 22 23 disabled = pythonOlder "3.7"; ··· 26 owner = "milvus-io"; 27 repo = pname; 28 rev = "refs/tags/v${version}"; 29 - hash = "sha256-Oqwa/2UT9jyGaEEzjr/phZZStLOZ6JRj+4ck0tmP0W0="; 30 }; 31 32 SETUPTOOLS_SCM_PRETEND_VERSION = version;

··· 17 18 buildPythonPackage rec { 19 pname = "pymilvus"; 20 + version = "2.2.13"; 21 format = "pyproject"; 22 23 disabled = pythonOlder "3.7"; ··· 26 owner = "milvus-io"; 27 repo = pname; 28 rev = "refs/tags/v${version}"; 29 + hash = "sha256-NTzdbmI2vNvNBFhN+xyZewH4b6l1BbKkDDE7rLNJ4IE="; 30 }; 31 32 SETUPTOOLS_SCM_PRETEND_VERSION = version;

+54

pkgs/development/python-modules/rauth/default.nix

···

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , requests 6 + , pytestCheckHook 7 + , mock 8 + , nose 9 + , pycrypto 10 + }: 11 + 12 + buildPythonPackage rec { 13 + pname = "rauth"; 14 + version = "0.7.2"; 15 + format = "setuptools"; 16 + 17 + src = fetchFromGitHub { 18 + owner = "litl"; 19 + repo = "rauth"; 20 + rev = version; 21 + hash = "sha256-wRKZbxZCEfihOaJM8sk8438LE++KJWxdOGImpL1gHa4="; 22 + }; 23 + 24 + patches = [ 25 + (fetchpatch { 26 + # https://github.com/litl/rauth/pull/211 27 + name = "fix-pycrypdodome-replacement-for-pycrypto.patch"; 28 + url = "https://github.com/litl/rauth/commit/7fb3b7bf1a1869a52cf59ee3eb607d318e97265c.patch"; 29 + hash = "sha256-jiAIw+VQ2d/bkm2brqfY1RUrNGf+lsMPnoI91gGUS6o="; 30 + }) 31 + ]; 32 + 33 + propagatedBuildInputs = [ 34 + requests 35 + ]; 36 + 37 + pythonImportsCheck = [ "rauth" ]; 38 + 39 + nativeCheckInputs = [ 40 + pytestCheckHook 41 + mock 42 + nose 43 + pycrypto 44 + ]; 45 + 46 + meta = with lib; { 47 + description = "A Python library for OAuth 1.0/a, 2.0, and Ofly"; 48 + homepage = "https://github.com/litl/rauth"; 49 + changelog = "https://github.com/litl/rauth/blob/${src.rev}/CHANGELOG"; 50 + license = licenses.mit; 51 + maintainers = with maintainers; [ blaggacao ]; 52 + }; 53 + } 54 +

+1 -1

pkgs/development/python-modules/tensorflow/bin.nix

··· 53 disabled = pythonAtLeast "3.11"; 54 55 src = let 56 - pyVerNoDot = lib.strings.stringAsChars (x: if x == "." then "" else x) python.pythonVersion; 57 platform = if stdenv.isDarwin then "mac" else "linux"; 58 unit = if cudaSupport then "gpu" else "cpu"; 59 key = "${platform}_py_${pyVerNoDot}_${unit}";

··· 53 disabled = pythonAtLeast "3.11"; 54 55 src = let 56 + pyVerNoDot = lib.strings.stringAsChars (x: lib.optionalString (x != ".") x) python.pythonVersion; 57 platform = if stdenv.isDarwin then "mac" else "linux"; 58 unit = if cudaSupport then "gpu" else "cpu"; 59 key = "${platform}_py_${pyVerNoDot}_${unit}";

+2 -2

pkgs/development/python-modules/types-deprecated/default.nix

··· 5 6 buildPythonPackage rec { 7 pname = "types-deprecated"; 8 - version = "1.2.9.2"; 9 format = "setuptools"; 10 11 src = fetchPypi { 12 pname = "types-Deprecated"; 13 inherit version; 14 - hash = "sha256-kWFv1nRfi/LUV/u779FM3kODjp8AoEtaDq5Pwfe7xpc="; 15 }; 16 17 # Modules has no tests

··· 5 6 buildPythonPackage rec { 7 pname = "types-deprecated"; 8 + version = "1.2.9.3"; 9 format = "setuptools"; 10 11 src = fetchPypi { 12 pname = "types-Deprecated"; 13 inherit version; 14 + hash = "sha256-74cyet8+PEpMfY4G5Y9kdnENNGbs+1PEnvsICASnDvM="; 15 }; 16 17 # Modules has no tests

+6 -5

pkgs/development/ruby-modules/bundled-common/default.nix

··· 70 assert gemFiles.gemdir != null; "cp -a ${gemFiles.gemdir}/* $out/") #*/ 71 ); 72 73 - maybeCopyAll = pkgname: if pkgname == null then "" else 74 - let 75 - mainGem = gems.${pkgname} or (throw "bundlerEnv: gem ${pkgname} not found"); 76 - in 77 - copyIfBundledByPath mainGem; 78 79 # We have to normalize the Gemfile.lock, otherwise bundler tries to be 80 # helpful by doing so at run time, causing executables to immediately bail

··· 70 assert gemFiles.gemdir != null; "cp -a ${gemFiles.gemdir}/* $out/") #*/ 71 ); 72 73 + maybeCopyAll = pkgname: lib.optionalString (pkgname != null) ( 74 + let 75 + mainGem = gems.${pkgname} or (throw "bundlerEnv: gem ${pkgname} not found"); 76 + in 77 + copyIfBundledByPath mainGem 78 + ); 79 80 # We have to normalize the Gemfile.lock, otherwise bundler tries to be 81 # helpful by doing so at run time, causing executables to immediately bail

+1 -1

pkgs/development/ruby-modules/gem/default.nix

··· 233 pushd $out/${ruby.gemPath} 234 find doc/ -iname created.rid -delete -print 235 find gems/*/ext/ extensions/ $ -iname Makefile -o -iname mkmf.log -o -iname gem_make.out $ -delete -print 236 - ${if keepGemCache then "" else "rm -fvr cache"} 237 popd 238 239 # write out metadata and binstubs

··· 233 pushd $out/${ruby.gemPath} 234 find doc/ -iname created.rid -delete -print 235 find gems/*/ext/ extensions/ $ -iname Makefile -o -iname mkmf.log -o -iname gem_make.out $ -delete -print 236 + ${lib.optionalString (!keepGemCache) "rm -fvr cache"} 237 popd 238 239 # write out metadata and binstubs

+2 -2

pkgs/development/tools/flyway/default.nix

··· 1 { lib, stdenv, fetchurl, jre_headless, makeWrapper }: 2 stdenv.mkDerivation rec{ 3 pname = "flyway"; 4 - version = "9.18.0"; 5 src = fetchurl { 6 url = "mirror://maven/org/flywaydb/flyway-commandline/${version}/flyway-commandline-${version}.tar.gz"; 7 - sha256 = "sha256-fsw4gzp3R9ZgN3ZVr0xLUCqckEHA4OSpIdwiKYp06AM="; 8 }; 9 nativeBuildInputs = [ makeWrapper ]; 10 dontBuild = true;

··· 1 { lib, stdenv, fetchurl, jre_headless, makeWrapper }: 2 stdenv.mkDerivation rec{ 3 pname = "flyway"; 4 + version = "9.21.0"; 5 src = fetchurl { 6 url = "mirror://maven/org/flywaydb/flyway-commandline/${version}/flyway-commandline-${version}.tar.gz"; 7 + sha256 = "sha256-jy+hgEmLs2jfW5zD9gIKUltcb4zD8hxLiP7ZyKLMpoU="; 8 }; 9 nativeBuildInputs = [ makeWrapper ]; 10 dontBuild = true;

+1 -1

pkgs/development/tools/misc/distcc/default.nix

··· 26 configureFlagsArray=( CFLAGS="-O2 -fno-strict-aliasing" 27 CXXFLAGS="-O2 -fno-strict-aliasing" 28 --mandir=$out/share/man 29 - ${if sysconfDir == "" then "" else "--sysconfdir=${sysconfDir}"} 30 ${lib.optionalString static "LDFLAGS=-static"} 31 ${lib.withFeature (static == true || popt == null) "included-popt"} 32 ${lib.withFeature (avahi != null) "avahi"}

··· 26 configureFlagsArray=( CFLAGS="-O2 -fno-strict-aliasing" 27 CXXFLAGS="-O2 -fno-strict-aliasing" 28 --mandir=$out/share/man 29 + ${lib.optionalString (sysconfDir != "") "--sysconfdir=${sysconfDir}"} 30 ${lib.optionalString static "LDFLAGS=-static"} 31 ${lib.withFeature (static == true || popt == null) "included-popt"} 32 ${lib.withFeature (avahi != null) "avahi"}

+2 -2

pkgs/development/web/nodejs/v20.nix

··· 9 in 10 buildNodejs { 11 inherit enableNpm; 12 - version = "20.4.0"; 13 - sha256 = "sha256-Cb0Lc8UmtjwCnV3f2IXRCWLnrYfJdblFg8H4zpDuU0g="; 14 patches = [ 15 ./revert-arm64-pointer-auth.patch 16 ./disable-darwin-v8-system-instrumentation-node19.patch

··· 9 in 10 buildNodejs { 11 inherit enableNpm; 12 + version = "20.5.0"; 13 + sha256 = "sha256-yzJ1aVje8cBOBpp5txtSymHtFZDBfyz6HuOvZB9y4Fg="; 14 patches = [ 15 ./revert-arm64-pointer-auth.patch 16 ./disable-darwin-v8-system-instrumentation-node19.patch

+95 -17

pkgs/games/easyrpg-player/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, cmake, doxygen ? null, pkg-config 2 - , freetype ? null, fmt, glib, harfbuzz ? null 3 - , liblcf, libpng, libsndfile ? null, libvorbis ? null, libxmp ? null 4 - , libXcursor, libXext, libXi, libXinerama, libXrandr, libXScrnSaver, libXxf86vm 5 - , mpg123 ? null, opusfile ? null, pcre, pixman, SDL2, speexdsp ? null, wildmidi ? null, zlib 6 , libdecor 7 }: 8 9 stdenv.mkDerivation rec { 10 pname = "easyrpg-player"; 11 - version = "0.7.0"; 12 13 src = fetchFromGitHub { 14 owner = "EasyRPG"; 15 repo = "Player"; 16 rev = version; 17 - sha256 = "049bj3jg3ldi3n11nx8xvh6pll68g7dcxz51q6z1gyyfxxws1qpj"; 18 }; 19 20 - nativeBuildInputs = [ cmake doxygen pkg-config ]; 21 22 buildInputs = [ 23 fmt ··· 29 libsndfile 30 libvorbis 31 libxmp 32 - libXcursor 33 - libXext 34 - libXi 35 - libXinerama 36 - libXrandr 37 - libXScrnSaver 38 - libXxf86vm 39 mpg123 40 opusfile 41 pcre 42 pixman 43 SDL2 44 speexdsp 45 - wildmidi 46 zlib 47 libdecor 48 ]; 49 50 meta = with lib; { 51 description = "RPG Maker 2000/2003 and EasyRPG games interpreter"; 52 homepage = "https://easyrpg.org/"; 53 license = licenses.gpl3; 54 maintainers = with maintainers; [ yana ]; 55 - platforms = platforms.linux; 56 }; 57 }

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , cmake 6 + , doxygen 7 + , pkg-config 8 + , freetype 9 + , fmt 10 + , glib 11 + , harfbuzz 12 + , liblcf 13 + , libpng 14 + , libsndfile 15 + , libvorbis 16 + , libxmp 17 + , libXcursor 18 + , libXext 19 + , libXi 20 + , libXinerama 21 + , libXrandr 22 + , libXScrnSaver 23 + , libXxf86vm 24 + , mpg123 25 + , opusfile 26 + , pcre 27 + , pixman 28 + , SDL2 29 + , speexdsp 30 + , wildmidi 31 + , zlib 32 , libdecor 33 + , alsa-lib 34 + , asciidoctor 35 + , Foundation 36 + , AudioUnit 37 + , AudioToolbox 38 }: 39 40 stdenv.mkDerivation rec { 41 pname = "easyrpg-player"; 42 + version = "0.8"; 43 44 src = fetchFromGitHub { 45 owner = "EasyRPG"; 46 repo = "Player"; 47 rev = version; 48 + hash = "sha256-t0sa9ONVVfsiTy+us06vU2bMa4QmmQeYxU395g0WS6w="; 49 }; 50 51 + patches = [ 52 + # Fixed compatibility with fmt > 9 53 + # Remove when version > 0.8 54 + (fetchpatch { 55 + name = "0001-Fix-building-with-fmtlib-10.patch"; 56 + url = "https://github.com/EasyRPG/Player/commit/ab6286f6d01bada649ea52d1f0881dde7db7e0cf.patch"; 57 + hash = "sha256-GdSdVFEG1OJCdf2ZIzTP+hSrz+ddhTMBvOPjvYQHy54="; 58 + }) 59 + ]; 60 + 61 + strictDeps = true; 62 + 63 + nativeBuildInputs = [ 64 + asciidoctor 65 + cmake 66 + doxygen 67 + pkg-config 68 + ]; 69 70 buildInputs = [ 71 fmt ··· 77 libsndfile 78 libvorbis 79 libxmp 80 mpg123 81 opusfile 82 pcre 83 pixman 84 SDL2 85 speexdsp 86 zlib 87 + ] ++ lib.optionals stdenv.hostPlatform.isLinux [ 88 + alsa-lib 89 + libXcursor 90 + libXext 91 + libXi 92 + libXinerama 93 + libXrandr 94 + libXScrnSaver 95 + libXxf86vm 96 libdecor 97 + wildmidi # until packaged on Darwin 98 + ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ 99 + Foundation 100 + AudioUnit 101 + AudioToolbox 102 ]; 103 104 + cmakeFlags = [ 105 + "-DPLAYER_ENABLE_TESTS=${lib.boolToString doCheck}" 106 + ]; 107 + 108 + makeFlags = [ 109 + "all" 110 + "man" 111 + ]; 112 + 113 + buildFlags = lib.optionals doCheck [ 114 + "test_runner_player" 115 + ]; 116 + 117 + postInstall = lib.optionalString stdenv.hostPlatform.isDarwin '' 118 + mkdir $out/bin 119 + mv Package $out/Applications 120 + ln -s $out/{Applications/EasyRPG\ Player.app/Contents/MacOS,bin}/EasyRPG\ Player 121 + ''; 122 + 123 + doCheck = stdenv.buildPlatform.canExecute stdenv.hostPlatform; 124 + 125 + enableParallelChecking = true; 126 + 127 meta = with lib; { 128 description = "RPG Maker 2000/2003 and EasyRPG games interpreter"; 129 homepage = "https://easyrpg.org/"; 130 license = licenses.gpl3; 131 maintainers = with maintainers; [ yana ]; 132 + platforms = platforms.all; 133 + mainProgram = lib.optionalString stdenv.hostPlatform.isDarwin "EasyRPG Player"; 134 }; 135 }

+3 -2

pkgs/os-specific/linux/kernel/manual-config.nix

··· 409 meta = { 410 description = 411 "The Linux kernel" + 412 - (if kernelPatches == [] then "" else 413 " (with patches: " 414 + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) 415 - + ")"); 416 license = lib.licenses.gpl2Only; 417 homepage = "https://www.kernel.org/"; 418 maintainers = lib.teams.linux-kernel.members ++ [

··· 409 meta = { 410 description = 411 "The Linux kernel" + 412 + (lib.optionalString (kernelPatches != []) ( 413 " (with patches: " 414 + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) 415 + + ")" 416 + )); 417 license = lib.licenses.gpl2Only; 418 homepage = "https://www.kernel.org/"; 419 maintainers = lib.teams.linux-kernel.members ++ [

+34

pkgs/servers/mail/mox/default.nix

···

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "mox"; 8 + version = "0.0.5"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "mjl-"; 12 + repo = "mox"; 13 + rev = "v${version}"; 14 + hash = "sha256-f5/K6cPqJJkbdiVCNGOTd9Fjx2/gvSZCxeR6nnEaeJw="; 15 + }; 16 + 17 + # set the version during buildtime 18 + patches = [ ./version.patch ]; 19 + 20 + vendorHash = null; 21 + 22 + ldflags = [ 23 + "-s" 24 + "-w" 25 + "-X github.com/mjl-/mox/moxvar.Version=${version}" 26 + ]; 27 + 28 + meta = { 29 + description = "Modern full-featured open source secure mail server for low-maintenance self-hosted email"; 30 + homepage = "https://github.com/mjl-/mox"; 31 + license = lib.licenses.mit; 32 + maintainers = with lib.maintainers; [ dit7ya ]; 33 + }; 34 + }

+45

pkgs/servers/mail/mox/version.patch

···

··· 1 + diff --git a/moxvar/version.go b/moxvar/version.go 2 + index 8c6bac8..69b5f7c 100644 3 + --- a/moxvar/version.go 4 + +++ b/moxvar/version.go 5 + @@ -1,38 +1,5 @@ 6 + // Package moxvar provides the version number of a mox build. 7 + package moxvar 8 + 9 + -import ( 10 + - "runtime/debug" 11 + -) 12 + - 13 + -// Version is set at runtime based on the Go module used to build. 14 + -var Version = "(devel)" 15 + - 16 + -func init() { 17 + - buildInfo, ok := debug.ReadBuildInfo() 18 + - if !ok { 19 + - return 20 + - } 21 + - Version = buildInfo.Main.Version 22 + - if Version == "(devel)" { 23 + - var vcsRev, vcsMod string 24 + - for _, setting := range buildInfo.Settings { 25 + - if setting.Key == "vcs.revision" { 26 + - vcsRev = setting.Value 27 + - } else if setting.Key == "vcs.modified" { 28 + - vcsMod = setting.Value 29 + - } 30 + - } 31 + - if vcsRev == "" { 32 + - return 33 + - } 34 + - Version = vcsRev 35 + - switch vcsMod { 36 + - case "false": 37 + - case "true": 38 + - Version += "+modifications" 39 + - default: 40 + - Version += "+unknown" 41 + - } 42 + - } 43 + -} 44 + +// Version is set via a build flag 45 + +var Version string;

+3 -3

pkgs/servers/miniflux/default.nix

··· 2 3 let 4 pname = "miniflux"; 5 - version = "2.0.45"; 6 7 in buildGoModule { 8 inherit pname version; ··· 11 owner = pname; 12 repo = "v2"; 13 rev = version; 14 - sha256 = "sha256-/d5+Qc2kXZZkKe80+879YdxYt+zy/Y1sf2dwSjGw0EM="; 15 }; 16 17 - vendorHash = "sha256-nwKo4Sjg8HjuxeDUgwQYZ2LOHxkRSlyaBlQwSjOuJ7U="; 18 19 nativeBuildInputs = [ installShellFiles ]; 20

··· 2 3 let 4 pname = "miniflux"; 5 + version = "2.0.46"; 6 7 in buildGoModule { 8 inherit pname version; ··· 11 owner = pname; 12 repo = "v2"; 13 rev = version; 14 + sha256 = "sha256-a27eKOhW2vHmPktLgqHKqiwtC9T6GRwnOeNReeMsaeM="; 15 }; 16 17 + vendorHash = "sha256-Oe7el4tE/gwI6qL/fjJgnv1jbNSKrCnq1nBq+dD7Gik="; 18 19 nativeBuildInputs = [ installShellFiles ]; 20

+5 -1

pkgs/servers/sql/pgbouncer/default.nix

··· 1 - { lib, stdenv, fetchurl, openssl, libevent, c-ares, pkg-config }: 2 3 stdenv.mkDerivation rec { 4 pname = "pgbouncer"; ··· 12 nativeBuildInputs = [ pkg-config ]; 13 buildInputs = [ libevent openssl c-ares ]; 14 enableParallelBuilding = true; 15 16 meta = with lib; { 17 homepage = "https://www.pgbouncer.org/";

··· 1 + { lib, stdenv, fetchurl, openssl, libevent, c-ares, pkg-config, nixosTests }: 2 3 stdenv.mkDerivation rec { 4 pname = "pgbouncer"; ··· 12 nativeBuildInputs = [ pkg-config ]; 13 buildInputs = [ libevent openssl c-ares ]; 14 enableParallelBuilding = true; 15 + 16 + passthru.tests = { 17 + pgbouncer = nixosTests.pgbouncer; 18 + }; 19 20 meta = with lib; { 21 homepage = "https://www.pgbouncer.org/";

+2 -2

pkgs/shells/zsh/grml-zsh-config/default.nix

··· 5 6 stdenv.mkDerivation rec { 7 pname = "grml-zsh-config"; 8 - version = "0.19.5"; 9 10 src = fetchFromGitHub { 11 owner = "grml"; 12 repo = "grml-etc-core"; 13 rev = "v${version}"; 14 - sha256 = "sha256-/phoIi8amqdO+OK26+CE2OXwHTE71PaV9NIXEnGl6Co="; 15 }; 16 17 strictDeps = true;

··· 5 6 stdenv.mkDerivation rec { 7 pname = "grml-zsh-config"; 8 + version = "0.19.6"; 9 10 src = fetchFromGitHub { 11 owner = "grml"; 12 repo = "grml-etc-core"; 13 rev = "v${version}"; 14 + sha256 = "sha256-31BD5jUA54oLSsL4NzGaGAiOXMcZwy7uX65pD+jtE4M="; 15 }; 16 17 strictDeps = true;

+3 -3

pkgs/tools/admin/eksctl/default.nix

··· 2 3 buildGoModule rec { 4 pname = "eksctl"; 5 - version = "0.148.0"; 6 7 src = fetchFromGitHub { 8 owner = "weaveworks"; 9 repo = pname; 10 rev = version; 11 - hash = "sha256-0/gjBUbngj6lVw3ascI0P+n95IkjsDhEq5x72P5DnSg="; 12 }; 13 14 - vendorHash = "sha256-30OmvzC0Sd0ce2IAleE7prQBlMvMGvUGF5IfrG2m0IQ="; 15 16 doCheck = false; 17

··· 2 3 buildGoModule rec { 4 pname = "eksctl"; 5 + version = "0.150.0"; 6 7 src = fetchFromGitHub { 8 owner = "weaveworks"; 9 repo = pname; 10 rev = version; 11 + hash = "sha256-JmmbIeLr9jxr+LgVOw/IyIxkun0aTvdvq1e/EPUvvng="; 12 }; 13 14 + vendorHash = "sha256-zSRsPO7ms7k2B+KEOUIqc6hZuKJ2lpZatnBQWjqFdJA="; 15 16 doCheck = false; 17

+60

pkgs/tools/networking/ebpf-verifier/default.nix

···

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , boost 5 + , cmake 6 + , catch2 7 + , pkg-config 8 + , substituteAll 9 + , yaml-cpp 10 + }: 11 + 12 + stdenv.mkDerivation (finalAttrs: { 13 + pname = "ebpf-verifier"; 14 + version = "unstable-2023-07-15"; 15 + 16 + src = fetchFromGitHub { 17 + owner = "vbpf"; 18 + repo = "ebpf-verifier"; 19 + rev = "de14d3aa3cd2845b621faf32b599766a66e158cf"; 20 + fetchSubmodules = true; 21 + hash = "sha256-gnxB8ZLbTyIYpd61T57LPKFm1MHufeVEq/qN9pu2Vpk="; 22 + }; 23 + 24 + patches = [ 25 + (substituteAll { 26 + # We will download them instead of cmake's fetchContent 27 + src = ./remove-fetchcontent-usage.patch; 28 + catch2Src = catch2.src; 29 + }) 30 + ]; 31 + 32 + nativeBuildInputs = [ 33 + pkg-config 34 + cmake 35 + ]; 36 + 37 + buildInputs = [ 38 + boost 39 + yaml-cpp 40 + ]; 41 + 42 + cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" ]; 43 + 44 + installPhase = '' 45 + runHook preInstall 46 + 47 + mkdir -p $out/bin 48 + cp ../check $out/bin/ebpf-verifier 49 + 50 + runHook postInstall 51 + ''; 52 + 53 + meta = with lib; { 54 + description = "eBPF verifier based on abstract interpretation"; 55 + homepage = "https://github.com/vbpf/ebpf-verifier"; 56 + license = licenses.mit; 57 + platforms = platforms.linux; 58 + maintainers = with maintainers; [ gaelreyrol ]; 59 + }; 60 + })

+14

pkgs/tools/networking/ebpf-verifier/remove-fetchcontent-usage.patch

···

··· 1 + diff --git a/CMakeLists.txt b/CMakeLists.txt 2 + index d7cf256..cb94e5a 100644 3 + --- a/CMakeLists.txt 4 + +++ b/CMakeLists.txt 5 + @@ -6,8 +6,7 @@ project(ebpf_verifier) 6 + include(FetchContent) 7 + FetchContent_Declare( 8 + Catch2 9 + - GIT_REPOSITORY https://github.com/catchorg/Catch2.git 10 + - GIT_TAG ac93f1943762f6fc92f0dc5bac0d720a33a27530 11 + + SOURCE_DIR @catch2Src@ 12 + ) 13 + FetchContent_MakeAvailable(Catch2) 14 +

+3 -3

pkgs/tools/security/cnspec/default.nix

··· 5 6 buildGoModule rec { 7 pname = "cnspec"; 8 - version = "8.18.0"; 9 10 src = fetchFromGitHub { 11 owner = "mondoohq"; 12 repo = "cnspec"; 13 rev = "refs/tags/v${version}"; 14 - hash = "sha256-JlFPJ4tbpxt/UBXpQCod3zythOHP9wQ8yqAMqKAyqoU="; 15 }; 16 17 proxyVendor = true; 18 - vendorHash = "sha256-RDQQVl3AxdZaF4ISQiQ8ZliZi6TWwIzYLZLxs0yPkJc="; 19 20 subPackages = [ 21 "apps/cnspec"

··· 5 6 buildGoModule rec { 7 pname = "cnspec"; 8 + version = "8.19.0"; 9 10 src = fetchFromGitHub { 11 owner = "mondoohq"; 12 repo = "cnspec"; 13 rev = "refs/tags/v${version}"; 14 + hash = "sha256-0vRhEkkyZMcqA5CGq1oDnODCTSzstpkVOGv2WrPnuWY="; 15 }; 16 17 proxyVendor = true; 18 + vendorHash = "sha256-UH46ejn6SfXjkyKaM3mX4IYgyNbt2mp9ycl2M+3xvU0="; 19 20 subPackages = [ 21 "apps/cnspec"

+41 -4

pkgs/tools/security/jadx/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }: 2 3 let 4 pname = "jadx"; ··· 46 outputHashMode = "recursive"; 47 outputHash = "sha256-QebPRmfLtXy4ZlyKeGC5XNzhMTsYI0X36My+nTFvQpM="; 48 }; 49 - in stdenv.mkDerivation { 50 inherit pname version src; 51 52 - nativeBuildInputs = [ gradle jdk makeWrapper ]; 53 54 # Otherwise, Gradle fails with `java.net.SocketException: Operation not permitted` 55 __darwinAllowLocalNetworking = true; ··· 96 ''; 97 98 installPhase = '' 99 mkdir $out $out/bin 100 cp -R build/jadx/lib $out 101 for prog in jadx jadx-gui; do 102 cp build/jadx/bin/$prog $out/bin 103 wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home} 104 done 105 ''; 106 107 meta = with lib; { 108 description = "Dex to Java decompiler"; 109 longDescription = '' ··· 118 platforms = platforms.unix; 119 maintainers = with maintainers; [ delroth ]; 120 }; 121 - }

··· 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , gradle 5 + , jdk 6 + , makeWrapper 7 + , perl 8 + , imagemagick 9 + , makeDesktopItem 10 + , copyDesktopItems 11 + , desktopToDarwinBundle 12 + }: 13 14 let 15 pname = "jadx"; ··· 57 outputHashMode = "recursive"; 58 outputHash = "sha256-QebPRmfLtXy4ZlyKeGC5XNzhMTsYI0X36My+nTFvQpM="; 59 }; 60 + in stdenv.mkDerivation (finalAttrs: { 61 inherit pname version src; 62 63 + nativeBuildInputs = [ gradle jdk imagemagick makeWrapper copyDesktopItems ] 64 + ++ lib.optionals stdenv.hostPlatform.isDarwin [ desktopToDarwinBundle ]; 65 66 # Otherwise, Gradle fails with `java.net.SocketException: Operation not permitted` 67 __darwinAllowLocalNetworking = true; ··· 108 ''; 109 110 installPhase = '' 111 + runHook preInstall 112 + 113 mkdir $out $out/bin 114 cp -R build/jadx/lib $out 115 for prog in jadx jadx-gui; do 116 cp build/jadx/bin/$prog $out/bin 117 wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home} 118 done 119 + 120 + for size in 16 32 48; do 121 + install -Dm444 \ 122 + jadx-gui/src/main/resources/logos/jadx-logo-"$size"px.png \ 123 + $out/share/icons/hicolor/"$size"x"$size"/apps/jadx.png 124 + done 125 + for size in 64 128 256; do 126 + mkdir -p $out/share/icons/hicolor/"$size"x"$size"/apps 127 + convert -resize "$size"x"$size" jadx-gui/src/main/resources/logos/jadx-logo.png $out/share/icons/hicolor/"$size"x"$size"/apps/jadx.png 128 + done 129 + 130 + runHook postInstall 131 ''; 132 133 + desktopItems = [ 134 + (makeDesktopItem { 135 + name = "jadx"; 136 + desktopName = "JADX"; 137 + exec = "jadx-gui"; 138 + icon = "jadx"; 139 + comment = finalAttrs.meta.description; 140 + categories = [ "Development" "Utility" ]; 141 + }) 142 + ]; 143 + 144 meta = with lib; { 145 description = "Dex to Java decompiler"; 146 longDescription = '' ··· 155 platforms = platforms.unix; 156 maintainers = with maintainers; [ delroth ]; 157 }; 158 + })

+2 -2

pkgs/tools/text/fanficfare/default.nix

··· 2 3 python3Packages.buildPythonApplication rec { 4 pname = "FanFicFare"; 5 - version = "4.24.0"; 6 7 src = fetchPypi { 8 inherit pname version; 9 - hash = "sha256-DQaiP0EIvP0gT0b0nqJT18xqd5J5tuwIp6y7bpNH6tA="; 10 }; 11 12 propagatedBuildInputs = with python3Packages; [

··· 2 3 python3Packages.buildPythonApplication rec { 4 pname = "FanFicFare"; 5 + version = "4.25.0"; 6 7 src = fetchPypi { 8 inherit pname version; 9 + hash = "sha256-ky6N/AcfoXJahW7tw++WtnpTnpRv4ZUraMTWjVXDjEE="; 10 }; 11 12 propagatedBuildInputs = with python3Packages; [

+16 -1

pkgs/top-level/all-packages.nix

··· 591 592 eclipse-mat = callPackage ../development/tools/eclipse-mat { }; 593 594 edgedb = callPackage ../tools/networking/edgedb { 595 inherit (darwin.apple_sdk.frameworks) CoreServices Security; 596 }; ··· 6241 moosefs = callPackage ../tools/filesystems/moosefs { }; 6242 6243 mountain-duck = callPackage ../tools/filesystems/mountain-duck { }; 6244 6245 mozlz4a = callPackage ../tools/compression/mozlz4a { }; 6246 ··· 37116 d1x-rebirth-full 37117 d2x-rebirth-full; 37118 37119 - easyrpg-player = callPackage ../games/easyrpg-player { }; 37120 37121 eboard = callPackage ../games/eboard { }; 37122

··· 591 592 eclipse-mat = callPackage ../development/tools/eclipse-mat { }; 593 594 + ebpf-verifier = callPackage ../tools/networking/ebpf-verifier { 595 + # Replace this to `catch2 = catch2_3` when catch2 3.4.0 is merged 596 + # https://github.com/NixOS/nixpkgs/pull/243485 597 + catch2.src = fetchFromGitHub { 598 + owner = "catchorg"; 599 + repo = "Catch2"; 600 + rev = "v3.4.0"; 601 + hash = "sha256-DqGGfNjKPW9HFJrX9arFHyNYjB61uoL6NabZatTWrr0="; 602 + }; 603 + }; 604 + 605 edgedb = callPackage ../tools/networking/edgedb { 606 inherit (darwin.apple_sdk.frameworks) CoreServices Security; 607 }; ··· 6252 moosefs = callPackage ../tools/filesystems/moosefs { }; 6253 6254 mountain-duck = callPackage ../tools/filesystems/mountain-duck { }; 6255 + 6256 + mox = callPackage ../servers/mail/mox { }; 6257 6258 mozlz4a = callPackage ../tools/compression/mozlz4a { }; 6259 ··· 37129 d1x-rebirth-full 37130 d2x-rebirth-full; 37131 37132 + easyrpg-player = callPackage ../games/easyrpg-player { 37133 + inherit (darwin.apple_sdk.frameworks) Foundation AudioUnit AudioToolbox; 37134 + }; 37135 37136 eboard = callPackage ../games/eboard { }; 37137

+2

pkgs/top-level/python-packages.nix

··· 10742 10743 ratelimiter = callPackage ../development/python-modules/ratelimiter { }; 10744 10745 raven = callPackage ../development/python-modules/raven { }; 10746 10747 rawkit = callPackage ../development/python-modules/rawkit { };

··· 10742 10743 ratelimiter = callPackage ../development/python-modules/ratelimiter { }; 10744 10745 + rauth = callPackage ../development/python-modules/rauth { }; 10746 + 10747 raven = callPackage ../development/python-modules/raven { }; 10748 10749 rawkit = callPackage ../development/python-modules/rawkit { };