+14

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

··· 149 migration guide</link> for more details. 150 </para> 151 </listitem> 0 0 0 0 0 0 0 0 0 0 0 0 0 0 152 </itemizedlist> 153 </section> 154 <section xml:id="sec-release-22.05-notable-changes">

··· 149 migration guide</link> for more details. 150 </para> 151 </listitem> 152 + <listitem> 153 + <para> 154 + For <literal>pkgs.python3.pkgs.ipython</literal>, its direct 155 + dependency 156 + <literal>pkgs.python3.pkgs.matplotlib-inline</literal> (which 157 + is really an adapter to integrate matplotlib in ipython if it 158 + is installed) does not depend on 159 + <literal>pkgs.python3.pkgs.matplotlib</literal> anymore. This 160 + is closer to a non-Nix install of ipython. This has the added 161 + benefit to reduce the closure size of 162 + <literal>ipython</literal> from ~400MB to ~160MB (including 163 + ~100MB for python itself). 164 + </para> 165 + </listitem> 166 </itemizedlist> 167 </section> 168 <section xml:id="sec-release-22.05-notable-changes">

+7

nixos/doc/manual/release-notes/rl-2205.section.md

··· 53 54 - The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details. 55 0 0 0 0 0 0 0 56 ## Other Notable Changes {#sec-release-22.05-notable-changes} 57 58 - The option [services.redis.servers](#opt-services.redis.servers) was added

··· 53 54 - The `autorestic` package has been upgraded from 1.3.0 to 1.5.0 which introduces breaking changes in config file, check [their migration guide](https://autorestic.vercel.app/migration/1.4_1.5) for more details. 55 56 + - For `pkgs.python3.pkgs.ipython`, its direct dependency `pkgs.python3.pkgs.matplotlib-inline` 57 + (which is really an adapter to integrate matplotlib in ipython if it is installed) does 58 + not depend on `pkgs.python3.pkgs.matplotlib` anymore. 59 + This is closer to a non-Nix install of ipython. 60 + This has the added benefit to reduce the closure size of `ipython` from ~400MB to ~160MB 61 + (including ~100MB for python itself). 62 + 63 ## Other Notable Changes {#sec-release-22.05-notable-changes} 64 65 - The option [services.redis.servers](#opt-services.redis.servers) was added

+1 -1

nixos/lib/make-options-doc/options-to-docbook.xsl

··· 20 <title>Configuration Options</title> 21 <variablelist xml:id="configuration-variable-list"> 22 <xsl:for-each select="attrs"> 23 - <xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '&lt;', '_'), '>', '_'))" /> 24 <varlistentry> 25 <term xlink:href="#{$id}"> 26 <xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>

··· 20 <title>Configuration Options</title> 21 <variablelist xml:id="configuration-variable-list"> 22 <xsl:for-each select="attrs"> 23 + <xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '&lt;', '_'), '>', '_'), ':', '_'))" /> 24 <varlistentry> 25 <term xlink:href="#{$id}"> 26 <xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>

+1314 -131

nixos/modules/services/misc/sourcehut/default.nix

··· 1 { config, pkgs, lib, ... }: 2 - 3 with lib; 4 let 0 0 5 cfg = config.services.sourcehut; 6 - cfgIni = cfg.settings; 7 - settingsFormat = pkgs.formats.ini { }; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 8 9 # Specialized python containing all the modules 10 python = pkgs.sourcehut.python.withPackages (ps: with ps; [ 11 gunicorn 0 0 0 12 # Sourcehut services 13 srht 14 buildsrht ··· 19 listssrht 20 mansrht 21 metasrht 0 0 22 pastesrht 23 todosrht 24 ]); 0 0 0 0 0 25 in 26 { 27 - imports = 28 - [ 29 - ./git.nix 30 - ./hg.nix 31 - ./hub.nix 32 - ./todo.nix 33 - ./man.nix 34 - ./meta.nix 35 - ./paste.nix 36 - ./builds.nix 37 - ./lists.nix 38 - ./dispatch.nix 39 - (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] '' 40 - The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't 41 - support other reverse-proxies officially. 42 - 43 - However it's possible to use an alternative reverse-proxy by 44 - 45 - * disabling nginx 46 - * adjusting the relevant settings for server addresses and ports directly 47 - 48 - Further details about this can be found in the `Sourcehut`-section of the NixOS-manual. 49 - '') 50 - ]; 51 - 52 options.services.sourcehut = { 53 - enable = mkOption { 54 - type = types.bool; 55 - default = false; 56 - description = '' 57 - Enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, 58 - task dispatching, wiki and account management services 59 - ''; 60 - }; 61 62 services = mkOption { 63 - type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]); 64 - default = [ "man" "meta" "paste" ]; 65 - example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]; 66 - description = '' 67 - Services to enable on the sourcehut network. 68 - ''; 69 - }; 70 - 71 - originBase = mkOption { 72 - type = types.str; 73 - default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}"; 74 - defaultText = literalExpression '' 75 - with config.networking; hostName + optionalString (domain != null) ".''${domain}" 76 - ''; 77 description = '' 78 - Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht 79 ''; 80 }; 81 82 - address = mkOption { 83 type = types.str; 84 - default = "127.0.0.1"; 85 - description = '' 86 - Address to bind to. 87 - ''; 88 }; 89 90 python = mkOption { ··· 97 ''; 98 }; 99 100 - statePath = mkOption { 101 - type = types.path; 102 - default = "/var/lib/sourcehut"; 103 - description = '' 104 - Root state path for the sourcehut network. If left as the default value 105 - this directory will automatically be created before the sourcehut server 106 - starts, otherwise the sysadmin is responsible for ensuring the 107 - directory exists with appropriate ownership and permissions. 108 - ''; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 109 }; 110 111 settings = mkOption { 112 type = lib.types.submodule { 113 freeformType = settingsFormat.type; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 114 }; 115 default = { }; 116 description = '' 117 The configuration for the sourcehut network. 118 ''; 119 }; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 120 }; 121 122 - config = mkIf cfg.enable { 123 - assertions = 124 - [ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 125 { 126 - assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44; 127 - message = "The webhook's private key must be defined and of a 44 byte length."; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 128 } 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 129 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 130 { 131 - assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null; 132 - message = "meta.sr.ht's origin must be defined."; 0 0 0 0 0 0 133 } 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 134 ]; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 135 136 - virtualisation.docker.enable = true; 137 - environment.etc."sr.ht/config.ini".source = 138 - settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive 139 - ( 140 - path: v: if v == null then "" else v 141 - ) 142 - cfg.settings); 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 143 144 - environment.systemPackages = [ pkgs.sourcehut.coresrht ]; 0 0 0 0 0 0 0 0 0 145 146 - # PostgreSQL server 147 - services.postgresql.enable = mkOverride 999 true; 148 - # Mail server 149 - services.postfix.enable = mkOverride 999 true; 150 - # Cron daemon 151 - services.cron.enable = mkOverride 999 true; 152 - # Redis server 153 - services.redis.enable = mkOverride 999 true; 154 - services.redis.bind = mkOverride 999 "127.0.0.1"; 0 0 0 0 0 155 156 - services.sourcehut.settings = { 157 - # The name of your network of sr.ht-based sites 158 - "sr.ht".site-name = mkDefault "sourcehut"; 159 - # The top-level info page for your site 160 - "sr.ht".site-info = mkDefault "https://sourcehut.org"; 161 - # {{ site-name }}, {{ site-blurb }} 162 - "sr.ht".site-blurb = mkDefault "the hacker's forge"; 163 - # If this != production, we add a banner to each page 164 - "sr.ht".environment = mkDefault "development"; 165 - # Contact information for the site owners 166 - "sr.ht".owner-name = mkDefault "Drew DeVault"; 167 - "sr.ht".owner-email = mkDefault "sir@cmpwn.com"; 168 - # The source code for your fork of sr.ht 169 - "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht"; 170 - # A secret key to encrypt session cookies with 171 - "sr.ht".secret-key = mkDefault null; 172 - "sr.ht".global-domain = mkDefault null; 173 174 - # Outgoing SMTP settings 175 - mail.smtp-host = mkDefault null; 176 - mail.smtp-port = mkDefault null; 177 - mail.smtp-user = mkDefault null; 178 - mail.smtp-password = mkDefault null; 179 - mail.smtp-from = mkDefault null; 180 - # Application exceptions are emailed to this address 181 - mail.error-to = mkDefault null; 182 - mail.error-from = mkDefault null; 183 - # Your PGP key information (DO NOT mix up pub and priv here) 184 - # You must remove the password from your secret key, if present. 185 - # You can do this with gpg --edit-key [key-id], then use the passwd 186 - # command and do not enter a new password. 187 - mail.pgp-privkey = mkDefault null; 188 - mail.pgp-pubkey = mkDefault null; 189 - mail.pgp-key-id = mkDefault null; 190 191 - # base64-encoded Ed25519 key for signing webhook payloads. This should be 192 - # consistent for all *.sr.ht sites, as we'll use this key to verify signatures 193 - # from other sites in your network. 194 - # 195 - # Use the srht-webhook-keygen command to generate a key. 196 - webhooks.private-key = mkDefault null; 197 - }; 198 - }; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 199 meta.doc = ./sourcehut.xml; 200 - meta.maintainers = with maintainers; [ tomberek ]; 201 }

··· 1 { config, pkgs, lib, ... }: 0 2 with lib; 3 let 4 + inherit (config.services) nginx postfix postgresql redis; 5 + inherit (config.users) users groups; 6 cfg = config.services.sourcehut; 7 + domain = cfg.settings."sr.ht".global-domain; 8 + settingsFormat = pkgs.formats.ini { 9 + listToValue = concatMapStringsSep "," (generators.mkValueStringDefault {}); 10 + mkKeyValue = k: v: 11 + if v == null then "" 12 + else generators.mkKeyValueDefault { 13 + mkValueString = v: 14 + if v == true then "yes" 15 + else if v == false then "no" 16 + else generators.mkValueStringDefault {} v; 17 + } "=" k v; 18 + }; 19 + configIniOfService = srv: settingsFormat.generate "sourcehut-${srv}-config.ini" 20 + # Each service needs access to only a subset of sections (and secrets). 21 + (filterAttrs (k: v: v != null) 22 + (mapAttrs (section: v: 23 + let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht(::.*)?$" section; in 24 + if srvMatch == null # Include sections shared by all services 25 + || head srvMatch == srv # Include sections for the service being configured 26 + then v 27 + # Enable Web links and integrations between services. 28 + else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services 29 + then { 30 + inherit (v) origin; 31 + # mansrht crashes without it 32 + oauth-client-id = v.oauth-client-id or null; 33 + } 34 + # Drop sub-sections of other services 35 + else null) 36 + (recursiveUpdate cfg.settings { 37 + # Those paths are mounted using BindPaths= or BindReadOnlyPaths= 38 + # for services needing access to them. 39 + "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; 40 + "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; 41 + "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos"; 42 + "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; 43 + "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos"; 44 + # Making this a per service option despite being in a global section, 45 + # so that it uses the redis-server used by the service. 46 + "sr.ht".redis-host = cfg.${srv}.redis.host; 47 + }))); 48 + commonServiceSettings = srv: { 49 + origin = mkOption { 50 + description = "URL ${srv}.sr.ht is being served at (protocol://domain)"; 51 + type = types.str; 52 + default = "https://${srv}.${domain}"; 53 + defaultText = "https://${srv}.example.com"; 54 + }; 55 + debug-host = mkOption { 56 + description = "Address to bind the debug server to."; 57 + type = with types; nullOr str; 58 + default = null; 59 + }; 60 + debug-port = mkOption { 61 + description = "Port to bind the debug server to."; 62 + type = with types; nullOr str; 63 + default = null; 64 + }; 65 + connection-string = mkOption { 66 + description = "SQLAlchemy connection string for the database."; 67 + type = types.str; 68 + default = "postgresql:///localhost?user=${srv}srht&host=/run/postgresql"; 69 + }; 70 + migrate-on-upgrade = mkEnableOption "automatic migrations on package upgrade" // { default = true; }; 71 + oauth-client-id = mkOption { 72 + description = "${srv}.sr.ht's OAuth client id for meta.sr.ht."; 73 + type = types.str; 74 + }; 75 + oauth-client-secret = mkOption { 76 + description = "${srv}.sr.ht's OAuth client secret for meta.sr.ht."; 77 + type = types.path; 78 + apply = s: "<" + toString s; 79 + }; 80 + }; 81 82 # Specialized python containing all the modules 83 python = pkgs.sourcehut.python.withPackages (ps: with ps; [ 84 gunicorn 85 + eventlet 86 + # For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=5 flower 87 + flower 88 # Sourcehut services 89 srht 90 buildsrht ··· 95 listssrht 96 mansrht 97 metasrht 98 + # Not a python package 99 + #pagessrht 100 pastesrht 101 todosrht 102 ]); 103 + mkOptionNullOrStr = description: mkOption { 104 + inherit description; 105 + type = with types; nullOr str; 106 + default = null; 107 + }; 108 in 109 { 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 110 options.services.sourcehut = { 111 + enable = mkEnableOption '' 112 + sourcehut - git hosting, continuous integration, mailing list, ticket tracking, 113 + task dispatching, wiki and account management services 114 + ''; 0 0 0 0 115 116 services = mkOption { 117 + type = with types; listOf (enum 118 + [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); 119 + defaultText = "locally enabled services"; 0 0 0 0 0 0 0 0 0 0 0 120 description = '' 121 + Services that may be displayed as links in the title bar of the Web interface. 122 ''; 123 }; 124 125 + listenAddress = mkOption { 126 type = types.str; 127 + default = "localhost"; 128 + description = "Address to bind to."; 0 0 129 }; 130 131 python = mkOption { ··· 138 ''; 139 }; 140 141 + minio = { 142 + enable = mkEnableOption ''local minio integration''; 143 + }; 144 + 145 + nginx = { 146 + enable = mkEnableOption ''local nginx integration''; 147 + virtualHost = mkOption { 148 + type = types.attrs; 149 + default = {}; 150 + description = "Virtual-host configuration merged with all Sourcehut's virtual-hosts."; 151 + }; 152 + }; 153 + 154 + postfix = { 155 + enable = mkEnableOption ''local postfix integration''; 156 + }; 157 + 158 + postgresql = { 159 + enable = mkEnableOption ''local postgresql integration''; 160 + }; 161 + 162 + redis = { 163 + enable = mkEnableOption ''local redis integration in a dedicated redis-server''; 164 }; 165 166 settings = mkOption { 167 type = lib.types.submodule { 168 freeformType = settingsFormat.type; 169 + options."sr.ht" = { 170 + global-domain = mkOption { 171 + description = "Global domain name."; 172 + type = types.str; 173 + example = "example.com"; 174 + }; 175 + environment = mkOption { 176 + description = "Values other than \"production\" adds a banner to each page."; 177 + type = types.enum [ "development" "production" ]; 178 + default = "development"; 179 + }; 180 + network-key = mkOption { 181 + description = '' 182 + An absolute file path (which should be outside the Nix-store) 183 + to a secret key to encrypt internal messages with. Use <code>srht-keygen network</code> to 184 + generate this key. It must be consistent between all services and nodes. 185 + ''; 186 + type = types.path; 187 + apply = s: "<" + toString s; 188 + }; 189 + owner-email = mkOption { 190 + description = "Owner's email."; 191 + type = types.str; 192 + default = "contact@example.com"; 193 + }; 194 + owner-name = mkOption { 195 + description = "Owner's name."; 196 + type = types.str; 197 + default = "John Doe"; 198 + }; 199 + site-blurb = mkOption { 200 + description = "Blurb for your site."; 201 + type = types.str; 202 + default = "the hacker's forge"; 203 + }; 204 + site-info = mkOption { 205 + description = "The top-level info page for your site."; 206 + type = types.str; 207 + default = "https://sourcehut.org"; 208 + }; 209 + service-key = mkOption { 210 + description = '' 211 + An absolute file path (which should be outside the Nix-store) 212 + to a key used for encrypting session cookies. Use <code>srht-keygen service</code> to 213 + generate the service key. This must be shared between each node of the same 214 + service (e.g. git1.sr.ht and git2.sr.ht), but different services may use 215 + different keys. If you configure all of your services with the same 216 + config.ini, you may use the same service-key for all of them. 217 + ''; 218 + type = types.path; 219 + apply = s: "<" + toString s; 220 + }; 221 + site-name = mkOption { 222 + description = "The name of your network of sr.ht-based sites."; 223 + type = types.str; 224 + default = "sourcehut"; 225 + }; 226 + source-url = mkOption { 227 + description = "The source code for your fork of sr.ht."; 228 + type = types.str; 229 + default = "https://git.sr.ht/~sircmpwn/srht"; 230 + }; 231 + }; 232 + options.mail = { 233 + smtp-host = mkOptionNullOrStr "Outgoing SMTP host."; 234 + smtp-port = mkOption { 235 + description = "Outgoing SMTP port."; 236 + type = with types; nullOr port; 237 + default = null; 238 + }; 239 + smtp-user = mkOptionNullOrStr "Outgoing SMTP user."; 240 + smtp-password = mkOptionNullOrStr "Outgoing SMTP password."; 241 + smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM."; 242 + error-to = mkOptionNullOrStr "Address receiving application exceptions"; 243 + error-from = mkOptionNullOrStr "Address sending application exceptions"; 244 + pgp-privkey = mkOptionNullOrStr '' 245 + An absolute file path (which should be outside the Nix-store) 246 + to an OpenPGP private key. 247 + 248 + Your PGP key information (DO NOT mix up pub and priv here) 249 + You must remove the password from your secret key, if present. 250 + You can do this with <code>gpg --edit-key [key-id]</code>, 251 + then use the <code>passwd</code> command and do not enter a new password. 252 + ''; 253 + pgp-pubkey = mkOptionNullOrStr "OpenPGP public key."; 254 + pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier."; 255 + }; 256 + options.objects = { 257 + s3-upstream = mkOption { 258 + description = "Configure the S3-compatible object storage service."; 259 + type = with types; nullOr str; 260 + default = null; 261 + }; 262 + s3-access-key = mkOption { 263 + description = "Access key to the S3-compatible object storage service"; 264 + type = with types; nullOr str; 265 + default = null; 266 + }; 267 + s3-secret-key = mkOption { 268 + description = '' 269 + An absolute file path (which should be outside the Nix-store) 270 + to the secret key of the S3-compatible object storage service. 271 + ''; 272 + type = with types; nullOr path; 273 + default = null; 274 + apply = mapNullable (s: "<" + toString s); 275 + }; 276 + }; 277 + options.webhooks = { 278 + private-key = mkOption { 279 + description = '' 280 + An absolute file path (which should be outside the Nix-store) 281 + to a base64-encoded Ed25519 key for signing webhook payloads. 282 + This should be consistent for all *.sr.ht sites, 283 + as this key will be used to verify signatures 284 + from other sites in your network. 285 + Use the <code>srht-keygen webhook</code> command to generate a key. 286 + ''; 287 + type = types.path; 288 + apply = s: "<" + toString s; 289 + }; 290 + }; 291 + 292 + options."dispatch.sr.ht" = commonServiceSettings "dispatch" // { 293 + }; 294 + options."dispatch.sr.ht::github" = { 295 + oauth-client-id = mkOptionNullOrStr "OAuth client id."; 296 + oauth-client-secret = mkOptionNullOrStr "OAuth client secret."; 297 + }; 298 + options."dispatch.sr.ht::gitlab" = { 299 + enabled = mkEnableOption "GitLab integration"; 300 + canonical-upstream = mkOption { 301 + type = types.str; 302 + description = "Canonical upstream."; 303 + default = "gitlab.com"; 304 + }; 305 + repo-cache = mkOption { 306 + type = types.str; 307 + description = "Repository cache directory."; 308 + default = "./repo-cache"; 309 + }; 310 + "gitlab.com" = mkOption { 311 + type = with types; nullOr str; 312 + description = "GitLab id and secret."; 313 + default = null; 314 + example = "GitLab:application id:secret"; 315 + }; 316 + }; 317 + 318 + options."builds.sr.ht" = commonServiceSettings "builds" // { 319 + allow-free = mkEnableOption "nonpaying users to submit builds"; 320 + redis = mkOption { 321 + description = "The Redis connection used for the Celery worker."; 322 + type = types.str; 323 + default = "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"; 324 + }; 325 + shell = mkOption { 326 + description = '' 327 + Scripts used to launch on SSH connection. 328 + <literal>/usr/bin/master-shell</literal> on master, 329 + <literal>/usr/bin/runner-shell</literal> on runner. 330 + If master and worker are on the same system 331 + set to <literal>/usr/bin/runner-shell</literal>. 332 + ''; 333 + type = types.enum ["/usr/bin/master-shell" "/usr/bin/runner-shell"]; 334 + default = "/usr/bin/master-shell"; 335 + }; 336 + }; 337 + options."builds.sr.ht::worker" = { 338 + bind-address = mkOption { 339 + description = '' 340 + HTTP bind address for serving local build information/monitoring. 341 + ''; 342 + type = types.str; 343 + default = "localhost:8080"; 344 + }; 345 + buildlogs = mkOption { 346 + description = "Path to write build logs."; 347 + type = types.str; 348 + default = "/var/log/sourcehut/buildsrht-worker"; 349 + }; 350 + name = mkOption { 351 + description = '' 352 + Listening address and listening port 353 + of the build runner (with HTTP port if not 80). 354 + ''; 355 + type = types.str; 356 + default = "localhost:5020"; 357 + }; 358 + timeout = mkOption { 359 + description = '' 360 + Max build duration. 361 + See <link xlink:href="https://golang.org/pkg/time/#ParseDuration"/>. 362 + ''; 363 + type = types.str; 364 + default = "3m"; 365 + }; 366 + }; 367 + 368 + options."git.sr.ht" = commonServiceSettings "git" // { 369 + outgoing-domain = mkOption { 370 + description = "Outgoing domain."; 371 + type = types.str; 372 + default = "https://git.localhost.localdomain"; 373 + }; 374 + post-update-script = mkOption { 375 + description = '' 376 + A post-update script which is installed in every git repo. 377 + This setting is propagated to newer and existing repositories. 378 + ''; 379 + type = types.path; 380 + default = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; 381 + defaultText = "\${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; 382 + }; 383 + repos = mkOption { 384 + description = '' 385 + Path to git repositories on disk. 386 + If changing the default, you must ensure that 387 + the gitsrht's user as read and write access to it. 388 + ''; 389 + type = types.str; 390 + default = "/var/lib/sourcehut/gitsrht/repos"; 391 + }; 392 + webhooks = mkOption { 393 + description = "The Redis connection used for the webhooks worker."; 394 + type = types.str; 395 + default = "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"; 396 + }; 397 + }; 398 + options."git.sr.ht::api" = { 399 + internal-ipnet = mkOption { 400 + description = '' 401 + Set of IP subnets which are permitted to utilize internal API 402 + authentication. This should be limited to the subnets 403 + from which your *.sr.ht services are running. 404 + See <xref linkend="opt-services.sourcehut.listenAddress"/>. 405 + ''; 406 + type = with types; listOf str; 407 + default = [ "127.0.0.0/8" "::1/128" ]; 408 + }; 409 + }; 410 + 411 + options."hg.sr.ht" = commonServiceSettings "hg" // { 412 + changegroup-script = mkOption { 413 + description = '' 414 + A changegroup script which is installed in every mercurial repo. 415 + This setting is propagated to newer and existing repositories. 416 + ''; 417 + type = types.str; 418 + default = "${cfg.python}/bin/hgsrht-hook-changegroup"; 419 + defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup"; 420 + }; 421 + repos = mkOption { 422 + description = '' 423 + Path to mercurial repositories on disk. 424 + If changing the default, you must ensure that 425 + the hgsrht's user as read and write access to it. 426 + ''; 427 + type = types.str; 428 + default = "/var/lib/sourcehut/hgsrht/repos"; 429 + }; 430 + srhtext = mkOptionNullOrStr '' 431 + Path to the srht mercurial extension 432 + (defaults to where the hgsrht code is) 433 + ''; 434 + clone_bundle_threshold = mkOption { 435 + description = ".hg/store size (in MB) past which the nightly job generates clone bundles."; 436 + type = types.ints.unsigned; 437 + default = 50; 438 + }; 439 + hg_ssh = mkOption { 440 + description = "Path to hg-ssh (if not in $PATH)."; 441 + type = types.str; 442 + default = "${pkgs.mercurial}/bin/hg-ssh"; 443 + defaultText = "\${pkgs.mercurial}/bin/hg-ssh"; 444 + }; 445 + webhooks = mkOption { 446 + description = "The Redis connection used for the webhooks worker."; 447 + type = types.str; 448 + default = "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"; 449 + }; 450 + }; 451 + 452 + options."hub.sr.ht" = commonServiceSettings "hub" // { 453 + }; 454 + 455 + options."lists.sr.ht" = commonServiceSettings "lists" // { 456 + allow-new-lists = mkEnableOption "Allow creation of new lists."; 457 + notify-from = mkOption { 458 + description = "Outgoing email for notifications generated by users."; 459 + type = types.str; 460 + default = "lists-notify@localhost.localdomain"; 461 + }; 462 + posting-domain = mkOption { 463 + description = "Posting domain."; 464 + type = types.str; 465 + default = "lists.localhost.localdomain"; 466 + }; 467 + redis = mkOption { 468 + description = "The Redis connection used for the Celery worker."; 469 + type = types.str; 470 + default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"; 471 + }; 472 + webhooks = mkOption { 473 + description = "The Redis connection used for the webhooks worker."; 474 + type = types.str; 475 + default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"; 476 + }; 477 + }; 478 + options."lists.sr.ht::worker" = { 479 + reject-mimetypes = mkOption { 480 + description = '' 481 + Comma-delimited list of Content-Types to reject. Messages with Content-Types 482 + included in this list are rejected. Multipart messages are always supported, 483 + and each part is checked against this list. 484 + 485 + Uses fnmatch for wildcard expansion. 486 + ''; 487 + type = with types; listOf str; 488 + default = ["text/html"]; 489 + }; 490 + reject-url = mkOption { 491 + description = "Reject URL."; 492 + type = types.str; 493 + default = "https://man.sr.ht/lists.sr.ht/etiquette.md"; 494 + }; 495 + sock = mkOption { 496 + description = '' 497 + Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. 498 + Alternatively, specify IP:PORT and an SMTP server will be run instead. 499 + ''; 500 + type = types.str; 501 + default = "/tmp/lists.sr.ht-lmtp.sock"; 502 + }; 503 + sock-group = mkOption { 504 + description = '' 505 + The lmtp daemon will make the unix socket group-read/write 506 + for users in this group. 507 + ''; 508 + type = types.str; 509 + default = "postfix"; 510 + }; 511 + }; 512 + 513 + options."man.sr.ht" = commonServiceSettings "man" // { 514 + }; 515 + 516 + options."meta.sr.ht" = 517 + removeAttrs (commonServiceSettings "meta") 518 + ["oauth-client-id" "oauth-client-secret"] // { 519 + api-origin = mkOption { 520 + description = "Origin URL for API, 100 more than web."; 521 + type = types.str; 522 + default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 523 + defaultText = ''http://<xref linkend="opt-services.sourcehut.listenAddress"/>:''${toString (<xref linkend="opt-services.sourcehut.meta.port"/> + 100)}''; 524 + }; 525 + webhooks = mkOption { 526 + description = "The Redis connection used for the webhooks worker."; 527 + type = types.str; 528 + default = "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"; 529 + }; 530 + welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup"; 531 + }; 532 + options."meta.sr.ht::api" = { 533 + internal-ipnet = mkOption { 534 + description = '' 535 + Set of IP subnets which are permitted to utilize internal API 536 + authentication. This should be limited to the subnets 537 + from which your *.sr.ht services are running. 538 + See <xref linkend="opt-services.sourcehut.listenAddress"/>. 539 + ''; 540 + type = with types; listOf str; 541 + default = [ "127.0.0.0/8" "::1/128" ]; 542 + }; 543 + }; 544 + options."meta.sr.ht::aliases" = mkOption { 545 + description = "Aliases for the client IDs of commonly used OAuth clients."; 546 + type = with types; attrsOf int; 547 + default = {}; 548 + example = { "git.sr.ht" = 12345; }; 549 + }; 550 + options."meta.sr.ht::billing" = { 551 + enabled = mkEnableOption "the billing system"; 552 + stripe-public-key = mkOptionNullOrStr "Public key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys"; 553 + stripe-secret-key = mkOptionNullOrStr '' 554 + An absolute file path (which should be outside the Nix-store) 555 + to a secret key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys 556 + '' // { 557 + apply = mapNullable (s: "<" + toString s); 558 + }; 559 + }; 560 + options."meta.sr.ht::settings" = { 561 + registration = mkEnableOption "public registration"; 562 + onboarding-redirect = mkOption { 563 + description = "Where to redirect new users upon registration."; 564 + type = types.str; 565 + default = "https://meta.localhost.localdomain"; 566 + }; 567 + user-invites = mkOption { 568 + description = '' 569 + How many invites each user is issued upon registration 570 + (only applicable if open registration is disabled). 571 + ''; 572 + type = types.ints.unsigned; 573 + default = 5; 574 + }; 575 + }; 576 + 577 + options."pages.sr.ht" = commonServiceSettings "pages" // { 578 + gemini-certs = mkOption { 579 + description = '' 580 + An absolute file path (which should be outside the Nix-store) 581 + to Gemini certificates. 582 + ''; 583 + type = with types; nullOr path; 584 + default = null; 585 + }; 586 + max-site-size = mkOption { 587 + description = "Maximum size of any given site (post-gunzip), in MiB."; 588 + type = types.int; 589 + default = 1024; 590 + }; 591 + user-domain = mkOption { 592 + description = '' 593 + Configures the user domain, if enabled. 594 + All users are given &lt;username&gt;.this.domain. 595 + ''; 596 + type = with types; nullOr str; 597 + default = null; 598 + }; 599 + }; 600 + options."pages.sr.ht::api" = { 601 + internal-ipnet = mkOption { 602 + description = '' 603 + Set of IP subnets which are permitted to utilize internal API 604 + authentication. This should be limited to the subnets 605 + from which your *.sr.ht services are running. 606 + See <xref linkend="opt-services.sourcehut.listenAddress"/>. 607 + ''; 608 + type = with types; listOf str; 609 + default = [ "127.0.0.0/8" "::1/128" ]; 610 + }; 611 + }; 612 + 613 + options."paste.sr.ht" = commonServiceSettings "paste" // { 614 + }; 615 + 616 + options."todo.sr.ht" = commonServiceSettings "todo" // { 617 + notify-from = mkOption { 618 + description = "Outgoing email for notifications generated by users."; 619 + type = types.str; 620 + default = "todo-notify@localhost.localdomain"; 621 + }; 622 + webhooks = mkOption { 623 + description = "The Redis connection used for the webhooks worker."; 624 + type = types.str; 625 + default = "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"; 626 + }; 627 + }; 628 + options."todo.sr.ht::mail" = { 629 + posting-domain = mkOption { 630 + description = "Posting domain."; 631 + type = types.str; 632 + default = "todo.localhost.localdomain"; 633 + }; 634 + sock = mkOption { 635 + description = '' 636 + Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. 637 + Alternatively, specify IP:PORT and an SMTP server will be run instead. 638 + ''; 639 + type = types.str; 640 + default = "/tmp/todo.sr.ht-lmtp.sock"; 641 + }; 642 + sock-group = mkOption { 643 + description = '' 644 + The lmtp daemon will make the unix socket group-read/write 645 + for users in this group. 646 + ''; 647 + type = types.str; 648 + default = "postfix"; 649 + }; 650 + }; 651 }; 652 default = { }; 653 description = '' 654 The configuration for the sourcehut network. 655 ''; 656 }; 657 + 658 + builds = { 659 + enableWorker = mkEnableOption '' 660 + worker for builds.sr.ht 661 + 662 + <warning><para> 663 + For smaller deployments, job runners can be installed alongside the master server 664 + but even if you only build your own software, integration with other services 665 + may cause you to run untrusted builds 666 + (e.g. automatic testing of patches via listssrht). 667 + See <link xlink:href="https://man.sr.ht/builds.sr.ht/configuration.md#security-model"/>. 668 + </para></warning> 669 + ''; 670 + 671 + images = mkOption { 672 + type = with types; attrsOf (attrsOf (attrsOf package)); 673 + default = { }; 674 + example = lib.literalExpression ''(let 675 + # Pinning unstable to allow usage with flakes and limit rebuilds. 676 + pkgs_unstable = builtins.fetchGit { 677 + url = "https://github.com/NixOS/nixpkgs"; 678 + rev = "ff96a0fa5635770390b184ae74debea75c3fd534"; 679 + ref = "nixos-unstable"; 680 + }; 681 + image_from_nixpkgs = (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") { 682 + pkgs = (import pkgs_unstable {}); 683 + }); 684 + in 685 + { 686 + nixos.unstable.x86_64 = image_from_nixpkgs; 687 + } 688 + )''; 689 + description = '' 690 + Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2. 691 + ''; 692 + }; 693 + }; 694 + 695 + git = { 696 + package = mkOption { 697 + type = types.package; 698 + default = pkgs.git; 699 + example = literalExpression "pkgs.gitFull"; 700 + description = '' 701 + Git package for git.sr.ht. This can help silence collisions. 702 + ''; 703 + }; 704 + fcgiwrap.preforkProcess = mkOption { 705 + description = "Number of fcgiwrap processes to prefork."; 706 + type = types.int; 707 + default = 4; 708 + }; 709 + }; 710 + 711 + hg = { 712 + package = mkOption { 713 + type = types.package; 714 + default = pkgs.mercurial; 715 + description = '' 716 + Mercurial package for hg.sr.ht. This can help silence collisions. 717 + ''; 718 + }; 719 + cloneBundles = mkOption { 720 + type = types.bool; 721 + default = false; 722 + description = '' 723 + Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories). 724 + ''; 725 + }; 726 + }; 727 + 728 + lists = { 729 + process = { 730 + extraArgs = mkOption { 731 + type = with types; listOf str; 732 + default = [ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]; 733 + description = "Extra arguments passed to the Celery responsible for processing mails."; 734 + }; 735 + celeryConfig = mkOption { 736 + type = types.lines; 737 + default = ""; 738 + description = "Content of the <literal>celeryconfig.py</literal> used by the Celery of <literal>listssrht-process</literal>."; 739 + }; 740 + }; 741 + }; 742 }; 743 744 + config = mkIf cfg.enable (mkMerge [ 745 + { 746 + environment.systemPackages = [ pkgs.sourcehut.coresrht ]; 747 + 748 + services.sourcehut.settings = { 749 + "git.sr.ht".outgoing-domain = mkDefault "https://git.${domain}"; 750 + "lists.sr.ht".notify-from = mkDefault "lists-notify@${domain}"; 751 + "lists.sr.ht".posting-domain = mkDefault "lists.${domain}"; 752 + "meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${domain}"; 753 + "todo.sr.ht".notify-from = mkDefault "todo-notify@${domain}"; 754 + "todo.sr.ht::mail".posting-domain = mkDefault "todo.${domain}"; 755 + }; 756 + } 757 + (mkIf cfg.postgresql.enable { 758 + assertions = [ 759 + { assertion = postgresql.enable; 760 + message = "postgresql must be enabled and configured"; 761 + } 762 + ]; 763 + }) 764 + (mkIf cfg.postfix.enable { 765 + assertions = [ 766 + { assertion = postfix.enable; 767 + message = "postfix must be enabled and configured"; 768 + } 769 + ]; 770 + # Needed for sharing the LMTP sockets with JoinsNamespaceOf= 771 + systemd.services.postfix.serviceConfig.PrivateTmp = true; 772 + }) 773 + (mkIf cfg.redis.enable { 774 + services.redis.vmOverCommit = mkDefault true; 775 + }) 776 + (mkIf cfg.nginx.enable { 777 + assertions = [ 778 + { assertion = nginx.enable; 779 + message = "nginx must be enabled and configured"; 780 + } 781 + ]; 782 + # For proxyPass= in virtual-hosts for Sourcehut services. 783 + services.nginx.recommendedProxySettings = mkDefault true; 784 + }) 785 + (mkIf (cfg.builds.enable || cfg.git.enable || cfg.hg.enable) { 786 + services.openssh = { 787 + # Note that sshd will continue to honor AuthorizedKeysFile. 788 + # Note that you may want automatically rotate 789 + # or link to /dev/null the following log files: 790 + # - /var/log/gitsrht-dispatch 791 + # - /var/log/{build,git,hg}srht-keys 792 + # - /var/log/{git,hg}srht-shell 793 + # - /var/log/gitsrht-update-hook 794 + authorizedKeysCommand = ''/etc/ssh/sourcehut/subdir/srht-dispatch "%u" "%h" "%t" "%k"''; 795 + # srht-dispatch will setuid/setgid according to [git.sr.ht::dispatch] 796 + authorizedKeysCommandUser = "root"; 797 + extraConfig = '' 798 + PermitUserEnvironment SRHT_* 799 + ''; 800 + }; 801 + environment.etc."ssh/sourcehut/config.ini".source = 802 + settingsFormat.generate "sourcehut-dispatch-config.ini" 803 + (filterAttrs (k: v: k == "git.sr.ht::dispatch") 804 + cfg.settings); 805 + environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { 806 + # sshd_config(5): The program must be owned by root, not writable by group or others 807 + mode = "0755"; 808 + source = pkgs.writeShellScript "srht-dispatch" '' 809 + set -e 810 + cd /etc/ssh/sourcehut/subdir 811 + ${cfg.python}/bin/gitsrht-dispatch "$@" 812 + ''; 813 + }; 814 + systemd.services.sshd = { 815 + #path = optional cfg.git.enable [ cfg.git.package ]; 816 + serviceConfig = { 817 + BindReadOnlyPaths = 818 + # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, 819 + # for instance to get the user from the [git.sr.ht::dispatch] settings. 820 + # *srht-keys needs to: 821 + # - access a redis-server in [sr.ht] redis-host, 822 + # - access the PostgreSQL server in [*.sr.ht] connection-string, 823 + # - query metasrht-api (through the HTTP API). 824 + # Using this has the side effect of creating empty files in /usr/bin/ 825 + optionals cfg.builds.enable [ 826 + "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' 827 + set -e 828 + cd /run/sourcehut/buildsrht/subdir 829 + set -x 830 + exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" 831 + ''}:/usr/bin/buildsrht-keys" 832 + "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" 833 + "${pkgs.sourcehut.buildsrht}/bin/runner-shell:/usr/bin/runner-shell" 834 + ] ++ 835 + optionals cfg.git.enable [ 836 + # /path/to/gitsrht-keys calls /path/to/gitsrht-shell, 837 + # or [git.sr.ht] shell= if set. 838 + "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' 839 + set -e 840 + cd /run/sourcehut/gitsrht/subdir 841 + set -x 842 + exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" 843 + ''}:/usr/bin/gitsrht-keys" 844 + "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' 845 + set -e 846 + cd /run/sourcehut/gitsrht/subdir 847 + set -x 848 + exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" 849 + ''}:/usr/bin/gitsrht-shell" 850 + "${pkgs.writeShellScript "gitsrht-update-hook" '' 851 + set -e 852 + test -e "''${PWD%/*}"/config.ini || 853 + # Git hooks are run relative to their repository's directory, 854 + # but gitsrht-update-hook looks up ../config.ini 855 + ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini 856 + # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 857 + # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook 858 + # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 859 + if test "''${STAGE3:+set}" 860 + then 861 + set -x 862 + exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 863 + else 864 + export STAGE3=set 865 + set -x 866 + exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 867 + fi 868 + ''}:/usr/bin/gitsrht-update-hook" 869 + ] ++ 870 + optionals cfg.hg.enable [ 871 + # /path/to/hgsrht-keys calls /path/to/hgsrht-shell, 872 + # or [hg.sr.ht] shell= if set. 873 + "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' 874 + set -e 875 + cd /run/sourcehut/hgsrht/subdir 876 + set -x 877 + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" 878 + ''}:/usr/bin/hgsrht-keys" 879 + "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' 880 + set -e 881 + cd /run/sourcehut/hgsrht/subdir 882 + set -x 883 + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" 884 + ''}:/usr/bin/hgsrht-shell" 885 + # Mercurial's changegroup hooks are run relative to their repository's directory, 886 + # but hgsrht-hook-changegroup looks up ./config.ini 887 + "${pkgs.writeShellScript "hgsrht-hook-changegroup" '' 888 + set -e 889 + test -e "''$PWD"/config.ini || 890 + ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini 891 + set -x 892 + exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" 893 + ''}:/usr/bin/hgsrht-hook-changegroup" 894 + ]; 895 + }; 896 + }; 897 + }) 898 + ]); 899 + 900 + imports = [ 901 + 902 + (import ./service.nix "builds" { 903 + inherit configIniOfService; 904 + srvsrht = "buildsrht"; 905 + port = 5002; 906 + # TODO: a celery worker on the master and worker are apparently needed 907 + extraServices.buildsrht-worker = let 908 + qemuPackage = pkgs.qemu_kvm; 909 + serviceName = "buildsrht-worker"; 910 + statePath = "/var/lib/sourcehut/${serviceName}"; 911 + in mkIf cfg.builds.enableWorker { 912 + path = [ pkgs.openssh pkgs.docker ]; 913 + preStart = '' 914 + set -x 915 + if test -z "$(docker images -q qemu:latest 2>/dev/null)" \ 916 + || test "$(cat ${statePath}/docker-image-qemu)" != "${qemuPackage.version}" 917 + then 918 + # Create and import qemu:latest image for docker 919 + ${pkgs.dockerTools.streamLayeredImage { 920 + name = "qemu"; 921 + tag = "latest"; 922 + contents = [ qemuPackage ]; 923 + }} | docker load 924 + # Mark down current package version 925 + echo '${qemuPackage.version}' >${statePath}/docker-image-qemu 926 + fi 927 + ''; 928 + serviceConfig = { 929 + ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker"; 930 + BindPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ]; 931 + LogsDirectory = [ "sourcehut/${serviceName}" ]; 932 + RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ]; 933 + StateDirectory = [ "sourcehut/${serviceName}" ]; 934 + TimeoutStartSec = "1800s"; 935 + # builds.sr.ht-worker looks up ../config.ini 936 + WorkingDirectory = "-"+"/run/sourcehut/${serviceName}/subdir"; 937 + }; 938 + }; 939 + extraConfig = let 940 + image_dirs = flatten ( 941 + mapAttrsToList (distro: revs: 942 + mapAttrsToList (rev: archs: 943 + mapAttrsToList (arch: image: 944 + pkgs.runCommand "buildsrht-images" { } '' 945 + mkdir -p $out/${distro}/${rev}/${arch} 946 + ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2 947 + '' 948 + ) archs 949 + ) revs 950 + ) cfg.builds.images 951 + ); 952 + image_dir_pre = pkgs.symlinkJoin { 953 + name = "builds.sr.ht-worker-images-pre"; 954 + paths = image_dirs; 955 + # FIXME: not working, apparently because ubuntu/latest is a broken link 956 + # ++ [ "${pkgs.sourcehut.buildsrht}/lib/images" ]; 957 + }; 958 + image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } '' 959 + mkdir -p $out/images 960 + cp -Lr ${image_dir_pre}/* $out/images 961 + ''; 962 + in mkMerge [ 963 { 964 + users.users.${cfg.builds.user}.shell = pkgs.bash; 965 + 966 + virtualisation.docker.enable = true; 967 + 968 + services.sourcehut.settings = mkMerge [ 969 + { # Note that git.sr.ht::dispatch is not a typo, 970 + # gitsrht-dispatch always use this section 971 + "git.sr.ht::dispatch"."/usr/bin/buildsrht-keys" = 972 + mkDefault "${cfg.builds.user}:${cfg.builds.group}"; 973 + } 974 + (mkIf cfg.builds.enableWorker { 975 + "builds.sr.ht::worker".shell = "/usr/bin/runner-shell"; 976 + "builds.sr.ht::worker".images = mkDefault "${image_dir}/images"; 977 + "builds.sr.ht::worker".controlcmd = mkDefault "${image_dir}/images/control"; 978 + }) 979 + ]; 980 } 981 + (mkIf cfg.builds.enableWorker { 982 + users.groups = { 983 + docker.members = [ cfg.builds.user ]; 984 + }; 985 + }) 986 + (mkIf (cfg.builds.enableWorker && cfg.nginx.enable) { 987 + # Allow nginx access to buildlogs 988 + users.users.${nginx.user}.extraGroups = [ cfg.builds.group ]; 989 + systemd.services.nginx = { 990 + serviceConfig.BindReadOnlyPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ]; 991 + }; 992 + services.nginx.virtualHosts."logs.${domain}" = mkMerge [ { 993 + /* FIXME: is a listen needed? 994 + listen = with builtins; 995 + # FIXME: not compatible with IPv6 996 + let address = split ":" cfg.settings."builds.sr.ht::worker".name; in 997 + [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }]; 998 + */ 999 + locations."/logs/".alias = cfg.settings."builds.sr.ht::worker".buildlogs + "/"; 1000 + } cfg.nginx.virtualHost ]; 1001 + }) 1002 + ]; 1003 + }) 1004 1005 + (import ./service.nix "dispatch" { 1006 + inherit configIniOfService; 1007 + port = 5005; 1008 + }) 1009 + 1010 + (import ./service.nix "git" (let 1011 + baseService = { 1012 + path = [ cfg.git.package ]; 1013 + serviceConfig.BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; 1014 + }; 1015 + in { 1016 + inherit configIniOfService; 1017 + mainService = mkMerge [ baseService { 1018 + serviceConfig.StateDirectory = [ "sourcehut/gitsrht" "sourcehut/gitsrht/repos" ]; 1019 + preStart = mkIf (!versionAtLeast config.system.stateVersion "22.05") (mkBefore '' 1020 + # Fix Git hooks of repositories pre-dating https://github.com/NixOS/nixpkgs/pull/133984 1021 + ( 1022 + set +f 1023 + shopt -s nullglob 1024 + for h in /var/lib/sourcehut/gitsrht/repos/~*/*/hooks/{pre-receive,update,post-update} 1025 + do ln -fnsv /usr/bin/gitsrht-update-hook "$h"; done 1026 + ) 1027 + ''); 1028 + } ]; 1029 + port = 5001; 1030 + webhooks = true; 1031 + extraTimers.gitsrht-periodic = { 1032 + service = baseService; 1033 + timerConfig.OnCalendar = ["*:0/20"]; 1034 + }; 1035 + extraConfig = mkMerge [ 1036 { 1037 + # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this 1038 + # Probably could use gitsrht-shell if output is restricted to just parameters... 1039 + users.users.${cfg.git.user}.shell = pkgs.bash; 1040 + services.sourcehut.settings = { 1041 + "git.sr.ht::dispatch"."/usr/bin/gitsrht-keys" = 1042 + mkDefault "${cfg.git.user}:${cfg.git.group}"; 1043 + }; 1044 + systemd.services.sshd = baseService; 1045 } 1046 + (mkIf cfg.nginx.enable { 1047 + services.nginx.virtualHosts."git.${domain}" = { 1048 + locations."/authorize" = { 1049 + proxyPass = "http://${cfg.listenAddress}:${toString cfg.git.port}"; 1050 + extraConfig = '' 1051 + proxy_pass_request_body off; 1052 + proxy_set_header Content-Length ""; 1053 + proxy_set_header X-Original-URI $request_uri; 1054 + ''; 1055 + }; 1056 + locations."~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$" = { 1057 + root = "/var/lib/sourcehut/gitsrht/repos"; 1058 + fastcgiParams = { 1059 + GIT_HTTP_EXPORT_ALL = ""; 1060 + GIT_PROJECT_ROOT = "$document_root"; 1061 + PATH_INFO = "$uri"; 1062 + SCRIPT_FILENAME = "${cfg.git.package}/bin/git-http-backend"; 1063 + }; 1064 + extraConfig = '' 1065 + auth_request /authorize; 1066 + fastcgi_read_timeout 500s; 1067 + fastcgi_pass unix:/run/gitsrht-fcgiwrap.sock; 1068 + gzip off; 1069 + ''; 1070 + }; 1071 + }; 1072 + systemd.sockets.gitsrht-fcgiwrap = { 1073 + before = [ "nginx.service" ]; 1074 + wantedBy = [ "sockets.target" "gitsrht.service" ]; 1075 + # This path remains accessible to nginx.service, which has no RootDirectory= 1076 + socketConfig.ListenStream = "/run/gitsrht-fcgiwrap.sock"; 1077 + socketConfig.SocketUser = nginx.user; 1078 + socketConfig.SocketMode = "600"; 1079 + }; 1080 + }) 1081 ]; 1082 + extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { 1083 + serviceConfig = { 1084 + # Socket is passed by gitsrht-fcgiwrap.socket 1085 + ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${toString cfg.git.fcgiwrap.preforkProcess}"; 1086 + # No need for config.ini 1087 + ExecStartPre = mkForce []; 1088 + User = null; 1089 + DynamicUser = true; 1090 + BindReadOnlyPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; 1091 + IPAddressDeny = "any"; 1092 + InaccessiblePaths = [ "-+/run/postgresql" "-+/run/redis-sourcehut" ]; 1093 + PrivateNetwork = true; 1094 + RestrictAddressFamilies = mkForce [ "none" ]; 1095 + SystemCallFilter = mkForce [ 1096 + "@system-service" 1097 + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@setuid" 1098 + # @timer is needed for alarm() 1099 + ]; 1100 + }; 1101 + }; 1102 + })) 1103 + 1104 + (import ./service.nix "hg" (let 1105 + baseService = { 1106 + path = [ cfg.hg.package ]; 1107 + serviceConfig.BindPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/sourcehut/hgsrht/repos" ]; 1108 + }; 1109 + in { 1110 + inherit configIniOfService; 1111 + mainService = mkMerge [ baseService { 1112 + serviceConfig.StateDirectory = [ "sourcehut/hgsrht" "sourcehut/hgsrht/repos" ]; 1113 + } ]; 1114 + port = 5010; 1115 + webhooks = true; 1116 + extraTimers.hgsrht-periodic = { 1117 + service = baseService; 1118 + timerConfig.OnCalendar = ["*:0/20"]; 1119 + }; 1120 + extraTimers.hgsrht-clonebundles = mkIf cfg.hg.cloneBundles { 1121 + service = baseService; 1122 + timerConfig.OnCalendar = ["daily"]; 1123 + timerConfig.AccuracySec = "1h"; 1124 + }; 1125 + extraConfig = mkMerge [ 1126 + { 1127 + users.users.${cfg.hg.user}.shell = pkgs.bash; 1128 + services.sourcehut.settings = { 1129 + # Note that git.sr.ht::dispatch is not a typo, 1130 + # gitsrht-dispatch always uses this section. 1131 + "git.sr.ht::dispatch"."/usr/bin/hgsrht-keys" = 1132 + mkDefault "${cfg.hg.user}:${cfg.hg.group}"; 1133 + }; 1134 + systemd.services.sshd = baseService; 1135 + } 1136 + (mkIf cfg.nginx.enable { 1137 + # Allow nginx access to repositories 1138 + users.users.${nginx.user}.extraGroups = [ cfg.hg.group ]; 1139 + services.nginx.virtualHosts."hg.${domain}" = { 1140 + locations."/authorize" = { 1141 + proxyPass = "http://${cfg.listenAddress}:${toString cfg.hg.port}"; 1142 + extraConfig = '' 1143 + proxy_pass_request_body off; 1144 + proxy_set_header Content-Length ""; 1145 + proxy_set_header X-Original-URI $request_uri; 1146 + ''; 1147 + }; 1148 + # Let clients reach pull bundles. We don't really need to lock this down even for 1149 + # private repos because the bundles are named after the revision hashes... 1150 + # so someone would need to know or guess a SHA value to download anything. 1151 + # TODO: proxyPass to an hg serve service? 1152 + locations."~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\\.hg/bundles/.*$" = { 1153 + root = "/var/lib/nginx/hgsrht/repos"; 1154 + extraConfig = '' 1155 + auth_request /authorize; 1156 + gzip off; 1157 + ''; 1158 + }; 1159 + }; 1160 + systemd.services.nginx = { 1161 + serviceConfig.BindReadOnlyPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/nginx/hgsrht/repos" ]; 1162 + }; 1163 + }) 1164 + ]; 1165 + })) 1166 1167 + (import ./service.nix "hub" { 1168 + inherit configIniOfService; 1169 + port = 5014; 1170 + extraConfig = { 1171 + services.nginx = mkIf cfg.nginx.enable { 1172 + virtualHosts."hub.${domain}" = mkMerge [ { 1173 + serverAliases = [ domain ]; 1174 + } cfg.nginx.virtualHost ]; 1175 + }; 1176 + }; 1177 + }) 1178 + 1179 + (import ./service.nix "lists" (let 1180 + srvsrht = "listssrht"; 1181 + in { 1182 + inherit configIniOfService; 1183 + port = 5006; 1184 + webhooks = true; 1185 + # Receive the mail from Postfix and enqueue them into Redis and PostgreSQL 1186 + extraServices.listssrht-lmtp = { 1187 + wants = [ "postfix.service" ]; 1188 + unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1189 + serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp"; 1190 + # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1191 + serviceConfig.PrivateUsers = mkForce false; 1192 + }; 1193 + # Dequeue the mails from Redis and dispatch them 1194 + extraServices.listssrht-process = { 1195 + serviceConfig = { 1196 + preStart = '' 1197 + cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" cfg.lists.process.celeryConfig} \ 1198 + /run/sourcehut/${srvsrht}-webhooks/celeryconfig.py 1199 + ''; 1200 + ExecStart = "${cfg.python}/bin/celery --app listssrht.process worker --hostname listssrht-process@%%h " + concatStringsSep " " cfg.lists.process.extraArgs; 1201 + # Avoid crashing: os.getloadavg() 1202 + ProcSubset = mkForce "all"; 1203 + }; 1204 + }; 1205 + extraConfig = mkIf cfg.postfix.enable { 1206 + users.groups.${postfix.group}.members = [ cfg.lists.user ]; 1207 + services.sourcehut.settings."lists.sr.ht::mail".sock-group = postfix.group; 1208 + services.postfix = { 1209 + destination = [ "lists.${domain}" ]; 1210 + # FIXME: an accurate recipient list should be queried 1211 + # from the lists.sr.ht PostgreSQL database to avoid backscattering. 1212 + # But usernames are unfortunately not in that database but in meta.sr.ht. 1213 + # Note that two syntaxes are allowed: 1214 + # - ~username/list-name@lists.${domain} 1215 + # - u.username.list-name@lists.${domain} 1216 + localRecipients = [ "@lists.${domain}" ]; 1217 + transport = '' 1218 + lists.${domain} lmtp:unix:${cfg.settings."lists.sr.ht::worker".sock} 1219 + ''; 1220 + }; 1221 + }; 1222 + })) 1223 + 1224 + (import ./service.nix "man" { 1225 + inherit configIniOfService; 1226 + port = 5004; 1227 + }) 1228 + 1229 + (import ./service.nix "meta" { 1230 + inherit configIniOfService; 1231 + port = 5000; 1232 + webhooks = true; 1233 + extraServices.metasrht-api = { 1234 + serviceConfig.Restart = "always"; 1235 + serviceConfig.RestartSec = "2s"; 1236 + preStart = "set -x\n" + concatStringsSep "\n\n" (attrValues (mapAttrs (k: s: 1237 + let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht$" k; 1238 + srv = head srvMatch; 1239 + in 1240 + # Configure client(s) as "preauthorized" 1241 + optionalString (srvMatch != null && cfg.${srv}.enable && ((s.oauth-client-id or null) != null)) '' 1242 + # Configure ${srv}'s OAuth client as "preauthorized" 1243 + ${postgresql.package}/bin/psql '${cfg.settings."meta.sr.ht".connection-string}' \ 1244 + -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${s.oauth-client-id}'" 1245 + '' 1246 + ) cfg.settings)); 1247 + serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 1248 + }; 1249 + extraTimers.metasrht-daily.timerConfig = { 1250 + OnCalendar = ["daily"]; 1251 + AccuracySec = "1h"; 1252 + }; 1253 + extraConfig = mkMerge [ 1254 + { 1255 + assertions = [ 1256 + { assertion = let s = cfg.settings."meta.sr.ht::billing"; in 1257 + s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); 1258 + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; 1259 + } 1260 + ]; 1261 + environment.systemPackages = optional cfg.meta.enable 1262 + (pkgs.writeShellScriptBin "metasrht-manageuser" '' 1263 + set -eux 1264 + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' 1265 + then exec sudo -u '${cfg.meta.user}' "$0" "$@" 1266 + else 1267 + # In order to load config.ini 1268 + if cd /run/sourcehut/metasrht 1269 + then exec ${cfg.python}/bin/metasrht-manageuser "$@" 1270 + else cat <<EOF 1271 + Please run: sudo systemctl start metasrht 1272 + EOF 1273 + exit 1 1274 + fi 1275 + fi 1276 + ''); 1277 + } 1278 + (mkIf cfg.nginx.enable { 1279 + services.nginx.virtualHosts."meta.${domain}" = { 1280 + locations."/query" = { 1281 + proxyPass = cfg.settings."meta.sr.ht".api-origin; 1282 + extraConfig = '' 1283 + if ($request_method = 'OPTIONS') { 1284 + add_header 'Access-Control-Allow-Origin' '*'; 1285 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1286 + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1287 + add_header 'Access-Control-Max-Age' 1728000; 1288 + add_header 'Content-Type' 'text/plain; charset=utf-8'; 1289 + add_header 'Content-Length' 0; 1290 + return 204; 1291 + } 1292 1293 + add_header 'Access-Control-Allow-Origin' '*'; 1294 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1295 + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1296 + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 1297 + ''; 1298 + }; 1299 + }; 1300 + }) 1301 + ]; 1302 + }) 1303 1304 + (import ./service.nix "pages" { 1305 + inherit configIniOfService; 1306 + port = 5112; 1307 + mainService = let 1308 + srvsrht = "pagessrht"; 1309 + version = pkgs.sourcehut.${srvsrht}.version; 1310 + stateDir = "/var/lib/sourcehut/${srvsrht}"; 1311 + iniKey = "pages.sr.ht"; 1312 + in { 1313 + preStart = mkBefore '' 1314 + set -x 1315 + # Use the /run/sourcehut/${srvsrht}/config.ini 1316 + # installed by a previous ExecStartPre= in baseService 1317 + cd /run/sourcehut/${srvsrht} 1318 1319 + if test ! -e ${stateDir}/db; then 1320 + ${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f ${pkgs.sourcehut.pagessrht}/share/sql/schema.sql 1321 + echo ${version} >${stateDir}/db 1322 + fi 0 0 0 0 0 0 0 0 0 0 0 0 0 1323 1324 + ${optionalString cfg.settings.${iniKey}.migrate-on-upgrade '' 1325 + # Just try all the migrations because they're not linked to the version 1326 + for sql in ${pkgs.sourcehut.pagessrht}/share/sql/migrations/*.sql; do 1327 + ${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f "$sql" || true 1328 + done 1329 + ''} 0 0 0 0 0 0 0 0 0 0 1330 1331 + # Disable webhook 1332 + touch ${stateDir}/webhook 1333 + ''; 1334 + serviceConfig = { 1335 + ExecStart = mkForce "${pkgs.sourcehut.pagessrht}/bin/pages.sr.ht -b ${cfg.listenAddress}:${toString cfg.pages.port}"; 1336 + }; 1337 + }; 1338 + }) 1339 + 1340 + (import ./service.nix "paste" { 1341 + inherit configIniOfService; 1342 + port = 5011; 1343 + }) 1344 + 1345 + (import ./service.nix "todo" { 1346 + inherit configIniOfService; 1347 + port = 5003; 1348 + webhooks = true; 1349 + extraServices.todosrht-lmtp = { 1350 + wants = [ "postfix.service" ]; 1351 + unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1352 + serviceConfig.ExecStart = "${cfg.python}/bin/todosrht-lmtp"; 1353 + # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1354 + serviceConfig.PrivateUsers = mkForce false; 1355 + }; 1356 + extraConfig = mkIf cfg.postfix.enable { 1357 + users.groups.${postfix.group}.members = [ cfg.todo.user ]; 1358 + services.sourcehut.settings."todo.sr.ht::mail".sock-group = postfix.group; 1359 + services.postfix = { 1360 + destination = [ "todo.${domain}" ]; 1361 + # FIXME: an accurate recipient list should be queried 1362 + # from the todo.sr.ht PostgreSQL database to avoid backscattering. 1363 + # But usernames are unfortunately not in that database but in meta.sr.ht. 1364 + # Note that two syntaxes are allowed: 1365 + # - ~username/tracker-name@todo.${domain} 1366 + # - u.username.tracker-name@todo.${domain} 1367 + localRecipients = [ "@todo.${domain}" ]; 1368 + transport = '' 1369 + todo.${domain} lmtp:unix:${cfg.settings."todo.sr.ht::mail".sock} 1370 + ''; 1371 + }; 1372 + }; 1373 + }) 1374 + 1375 + (mkRenamedOptionModule [ "services" "sourcehut" "originBase" ] 1376 + [ "services" "sourcehut" "settings" "sr.ht" "global-domain" ]) 1377 + (mkRenamedOptionModule [ "services" "sourcehut" "address" ] 1378 + [ "services" "sourcehut" "listenAddress" ]) 1379 + 1380 + ]; 1381 + 1382 meta.doc = ./sourcehut.xml; 1383 + meta.maintainers = with maintainers; [ julm tomberek ]; 1384 }

+362 -53

nixos/modules/services/misc/sourcehut/service.nix

··· 1 - { config, pkgs, lib }: 2 - serviceCfg: serviceDrv: iniKey: attrs: 0 0 0 0 0 0 0 0 0 0 0 0 3 let 0 0 0 4 cfg = config.services.sourcehut; 5 - cfgIni = cfg.settings."${iniKey}"; 6 - pgSuperUser = config.services.postgresql.superUser; 7 - 8 - setupDB = pkgs.writeScript "${serviceDrv.pname}-gen-db" '' 9 - #! ${cfg.python}/bin/python 10 - from ${serviceDrv.pname}.app import db 11 - db.create() 12 - ''; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 13 in 14 - with serviceCfg; with lib; recursiveUpdate 15 { 16 - environment.HOME = statePath; 17 - path = [ config.services.postgresql.package ] ++ (attrs.path or [ ]); 18 - restartTriggers = [ config.environment.etc."sr.ht/config.ini".source ]; 19 - serviceConfig = { 20 - Type = "simple"; 21 - User = user; 22 - Group = user; 23 - Restart = "always"; 24 - WorkingDirectory = statePath; 25 - } // (if (cfg.statePath == "/var/lib/sourcehut/${serviceDrv.pname}") then { 26 - StateDirectory = [ "sourcehut/${serviceDrv.pname}" ]; 27 - } else {}) 28 - ; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 29 30 - preStart = '' 31 - if ! test -e ${statePath}/db; then 32 - # Setup the initial database 33 - ${setupDB} 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 34 35 - # Set the initial state of the database for future database upgrades 36 - if test -e ${cfg.python}/bin/${serviceDrv.pname}-migrate; then 37 - # Run alembic stamp head once to tell alembic the schema is up-to-date 38 - ${cfg.python}/bin/${serviceDrv.pname}-migrate stamp head 39 - fi 0 40 41 - printf "%s" "${serviceDrv.version}" > ${statePath}/db 42 - fi 0 0 0 0 0 43 44 - # Update copy of each users' profile to the latest 45 - # See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain> 46 - if ! test -e ${statePath}/webhook; then 47 - # Update ${iniKey}'s users' profile copy to the latest 48 - ${cfg.python}/bin/srht-update-profiles ${iniKey} 0 0 0 0 0 49 50 - touch ${statePath}/webhook 51 - fi 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 52 53 - ${optionalString (builtins.hasAttr "migrate-on-upgrade" cfgIni && cfgIni.migrate-on-upgrade == "yes") '' 54 - if [ "$(cat ${statePath}/db)" != "${serviceDrv.version}" ]; then 55 - # Manage schema migrations using alembic 56 - ${cfg.python}/bin/${serviceDrv.pname}-migrate -a upgrade head 0 0 0 0 0 0 0 57 58 - # Mark down current package version 59 - printf "%s" "${serviceDrv.version}" > ${statePath}/db 60 - fi 61 - ''} 0 0 0 0 0 0 0 0 0 0 0 62 63 - ${attrs.preStart or ""} 64 - ''; 0 0 0 0 0 65 } 66 - (builtins.removeAttrs attrs [ "path" "preStart" ])

··· 1 + srv: 2 + { configIniOfService 3 + , srvsrht ? "${srv}srht" # Because "buildsrht" does not follow that pattern (missing an "s"). 4 + , iniKey ? "${srv}.sr.ht" 5 + , webhooks ? false 6 + , extraTimers ? {} 7 + , mainService ? {} 8 + , extraServices ? {} 9 + , extraConfig ? {} 10 + , port 11 + }: 12 + { config, lib, pkgs, ... }: 13 + 14 + with lib; 15 let 16 + inherit (config.services) postgresql; 17 + redis = config.services.redis.servers."sourcehut-${srvsrht}"; 18 + inherit (config.users) users; 19 cfg = config.services.sourcehut; 20 + configIni = configIniOfService srv; 21 + srvCfg = cfg.${srv}; 22 + baseService = serviceName: { allowStripe ? false }: extraService: let 23 + runDir = "/run/sourcehut/${serviceName}"; 24 + rootDir = "/run/sourcehut/chroots/${serviceName}"; 25 + in 26 + mkMerge [ extraService { 27 + after = [ "network.target" ] ++ 28 + optional cfg.postgresql.enable "postgresql.service" ++ 29 + optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service"; 30 + requires = 31 + optional cfg.postgresql.enable "postgresql.service" ++ 32 + optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service"; 33 + path = [ pkgs.gawk ]; 34 + environment.HOME = runDir; 35 + serviceConfig = { 36 + User = mkDefault srvCfg.user; 37 + Group = mkDefault srvCfg.group; 38 + RuntimeDirectory = [ 39 + "sourcehut/${serviceName}" 40 + # Used by *srht-keys which reads ../config.ini 41 + "sourcehut/${serviceName}/subdir" 42 + "sourcehut/chroots/${serviceName}" 43 + ]; 44 + RuntimeDirectoryMode = "2750"; 45 + # No need for the chroot path once inside the chroot 46 + InaccessiblePaths = [ "-+${rootDir}" ]; 47 + # g+rx is for group members (eg. fcgiwrap or nginx) 48 + # to read Git/Mercurial repositories, buildlogs, etc. 49 + # o+x is for intermediate directories created by BindPaths= and like, 50 + # as they're owned by root:root. 51 + UMask = "0026"; 52 + RootDirectory = rootDir; 53 + RootDirectoryStartOnly = true; 54 + PrivateTmp = true; 55 + MountAPIVFS = true; 56 + # config.ini is looked up in there, before /etc/srht/config.ini 57 + # Note that it fails to be set in ExecStartPre= 58 + WorkingDirectory = mkDefault ("-"+runDir); 59 + BindReadOnlyPaths = [ 60 + builtins.storeDir 61 + "/etc" 62 + "/run/booted-system" 63 + "/run/current-system" 64 + "/run/systemd" 65 + ] ++ 66 + optional cfg.postgresql.enable "/run/postgresql" ++ 67 + optional cfg.redis.enable "/run/redis-sourcehut-${srvsrht}"; 68 + # LoadCredential= are unfortunately not available in ExecStartPre= 69 + # Hence this one is run as root (the +) with RootDirectoryStartOnly= 70 + # to reach credentials wherever they are. 71 + # Note that each systemd service gets its own ${runDir}/config.ini file. 72 + ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "${serviceName}-credentials" '' 73 + set -x 74 + # Replace values begining with a '<' by the content of the file whose name is after. 75 + gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} | 76 + ${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"} 77 + install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini 78 + '')]; 79 + # The following options are only for optimizing: 80 + # systemd-analyze security 81 + AmbientCapabilities = ""; 82 + CapabilityBoundingSet = ""; 83 + # ProtectClock= adds DeviceAllow=char-rtc r 84 + DeviceAllow = ""; 85 + LockPersonality = true; 86 + MemoryDenyWriteExecute = true; 87 + NoNewPrivileges = true; 88 + PrivateDevices = true; 89 + PrivateMounts = true; 90 + PrivateNetwork = mkDefault false; 91 + PrivateUsers = true; 92 + ProcSubset = "pid"; 93 + ProtectClock = true; 94 + ProtectControlGroups = true; 95 + ProtectHome = true; 96 + ProtectHostname = true; 97 + ProtectKernelLogs = true; 98 + ProtectKernelModules = true; 99 + ProtectKernelTunables = true; 100 + ProtectProc = "invisible"; 101 + ProtectSystem = "strict"; 102 + RemoveIPC = true; 103 + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 104 + RestrictNamespaces = true; 105 + RestrictRealtime = true; 106 + RestrictSUIDSGID = true; 107 + #SocketBindAllow = [ "tcp:${toString srvCfg.port}" "tcp:${toString srvCfg.prometheusPort}" ]; 108 + #SocketBindDeny = "any"; 109 + SystemCallFilter = [ 110 + "@system-service" 111 + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer" 112 + "@chown" "@setuid" 113 + ]; 114 + SystemCallArchitectures = "native"; 115 + }; 116 + } ]; 117 in 0 118 { 119 + options.services.sourcehut.${srv} = { 120 + enable = mkEnableOption "${srv} service"; 121 + 122 + user = mkOption { 123 + type = types.str; 124 + default = srvsrht; 125 + description = '' 126 + User for ${srv}.sr.ht. 127 + ''; 128 + }; 129 + 130 + group = mkOption { 131 + type = types.str; 132 + default = srvsrht; 133 + description = '' 134 + Group for ${srv}.sr.ht. 135 + Membership grants access to the Git/Mercurial repositories by default, 136 + but not to the config.ini file (where secrets are). 137 + ''; 138 + }; 139 + 140 + port = mkOption { 141 + type = types.port; 142 + default = port; 143 + description = '' 144 + Port on which the "${srv}" backend should listen. 145 + ''; 146 + }; 147 + 148 + redis = { 149 + host = mkOption { 150 + type = types.str; 151 + default = "unix:/run/redis-sourcehut-${srvsrht}/redis.sock?db=0"; 152 + example = "redis://shared.wireguard:6379/0"; 153 + description = '' 154 + The redis host URL. This is used for caching and temporary storage, and must 155 + be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be 156 + shared between services. It may be shared between services, however, with no 157 + ill effect, if this better suits your infrastructure. 158 + ''; 159 + }; 160 + }; 161 + 162 + postgresql = { 163 + database = mkOption { 164 + type = types.str; 165 + default = "${srv}.sr.ht"; 166 + description = '' 167 + PostgreSQL database name for the ${srv}.sr.ht service, 168 + used if <xref linkend="opt-services.sourcehut.postgresql.enable"/> is <literal>true</literal>. 169 + ''; 170 + }; 171 + }; 172 + 173 + gunicorn = { 174 + extraArgs = mkOption { 175 + type = with types; listOf str; 176 + default = ["--timeout 120" "--workers 1" "--log-level=info"]; 177 + description = "Extra arguments passed to Gunicorn."; 178 + }; 179 + }; 180 + } // optionalAttrs webhooks { 181 + webhooks = { 182 + extraArgs = mkOption { 183 + type = with types; listOf str; 184 + default = ["--loglevel DEBUG" "--pool eventlet" "--without-heartbeat"]; 185 + description = "Extra arguments passed to the Celery responsible for webhooks."; 186 + }; 187 + celeryConfig = mkOption { 188 + type = types.lines; 189 + default = ""; 190 + description = "Content of the <literal>celeryconfig.py</literal> used by the Celery responsible for webhooks."; 191 + }; 192 + }; 193 + }; 194 + 195 + config = lib.mkIf (cfg.enable && srvCfg.enable) (mkMerge [ extraConfig { 196 + users = { 197 + users = { 198 + "${srvCfg.user}" = { 199 + isSystemUser = true; 200 + group = mkDefault srvCfg.group; 201 + description = mkDefault "sourcehut user for ${srv}.sr.ht"; 202 + }; 203 + }; 204 + groups = { 205 + "${srvCfg.group}" = { }; 206 + } // optionalAttrs (cfg.postgresql.enable 207 + && hasSuffix "0" (postgresql.settings.unix_socket_permissions or "")) { 208 + "postgres".members = [ srvCfg.user ]; 209 + } // optionalAttrs (cfg.redis.enable 210 + && hasSuffix "0" (redis.settings.unixsocketperm or "")) { 211 + "redis-sourcehut-${srvsrht}".members = [ srvCfg.user ]; 212 + }; 213 + }; 214 215 + services.nginx = mkIf cfg.nginx.enable { 216 + virtualHosts."${srv}.${cfg.settings."sr.ht".global-domain}" = mkMerge [ { 217 + forceSSL = mkDefault true; 218 + locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}"; 219 + locations."/static" = { 220 + root = "${pkgs.sourcehut.${srvsrht}}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}"; 221 + extraConfig = mkDefault '' 222 + expires 30d; 223 + ''; 224 + }; 225 + } cfg.nginx.virtualHost ]; 226 + }; 227 + 228 + services.postgresql = mkIf cfg.postgresql.enable { 229 + authentication = '' 230 + local ${srvCfg.postgresql.database} ${srvCfg.user} trust 231 + ''; 232 + ensureDatabases = [ srvCfg.postgresql.database ]; 233 + ensureUsers = map (name: { 234 + inherit name; 235 + ensurePermissions = { "DATABASE \"${srvCfg.postgresql.database}\"" = "ALL PRIVILEGES"; }; 236 + }) [srvCfg.user]; 237 + }; 238 + 239 + services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable) 240 + [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); 241 + 242 + services.sourcehut.settings = mkMerge [ 243 + { 244 + "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}"; 245 + } 246 + 247 + (mkIf cfg.postgresql.enable { 248 + "${srv}.sr.ht".connection-string = mkDefault "postgresql:///${srvCfg.postgresql.database}?user=${srvCfg.user}&host=/run/postgresql"; 249 + }) 250 + ]; 251 + 252 + services.redis.servers."sourcehut-${srvsrht}" = mkIf cfg.redis.enable { 253 + enable = true; 254 + databases = 3; 255 + syslog = true; 256 + # TODO: set a more informed value 257 + save = mkDefault [ [1800 10] [300 100] ]; 258 + settings = { 259 + # TODO: set a more informed value 260 + maxmemory = "128MB"; 261 + maxmemory-policy = "volatile-ttl"; 262 + }; 263 + }; 264 + 265 + systemd.services = mkMerge [ 266 + { 267 + "${srvsrht}" = baseService srvsrht { allowStripe = srv == "meta"; } (mkMerge [ 268 + { 269 + description = "sourcehut ${srv}.sr.ht website service"; 270 + before = optional cfg.nginx.enable "nginx.service"; 271 + wants = optional cfg.nginx.enable "nginx.service"; 272 + wantedBy = [ "multi-user.target" ]; 273 + path = optional cfg.postgresql.enable postgresql.package; 274 + # Beware: change in credentials' content will not trigger restart. 275 + restartTriggers = [ configIni ]; 276 + serviceConfig = { 277 + Type = "simple"; 278 + Restart = mkDefault "always"; 279 + #RestartSec = mkDefault "2min"; 280 + StateDirectory = [ "sourcehut/${srvsrht}" ]; 281 + StateDirectoryMode = "2750"; 282 + ExecStart = "${cfg.python}/bin/gunicorn ${srvsrht}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} " + concatStringsSep " " srvCfg.gunicorn.extraArgs; 283 + }; 284 + preStart = let 285 + version = pkgs.sourcehut.${srvsrht}.version; 286 + stateDir = "/var/lib/sourcehut/${srvsrht}"; 287 + in mkBefore '' 288 + set -x 289 + # Use the /run/sourcehut/${srvsrht}/config.ini 290 + # installed by a previous ExecStartPre= in baseService 291 + cd /run/sourcehut/${srvsrht} 292 293 + if test ! -e ${stateDir}/db; then 294 + # Setup the initial database. 295 + # Note that it stamps the alembic head afterward 296 + ${cfg.python}/bin/${srvsrht}-initdb 297 + echo ${version} >${stateDir}/db 298 + fi 299 300 + ${optionalString cfg.settings.${iniKey}.migrate-on-upgrade '' 301 + if [ "$(cat ${stateDir}/db)" != "${version}" ]; then 302 + # Manage schema migrations using alembic 303 + ${cfg.python}/bin/${srvsrht}-migrate -a upgrade head 304 + echo ${version} >${stateDir}/db 305 + fi 306 + ''} 307 308 + # Update copy of each users' profile to the latest 309 + # See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain> 310 + if test ! -e ${stateDir}/webhook; then 311 + # Update ${iniKey}'s users' profile copy to the latest 312 + ${cfg.python}/bin/srht-update-profiles ${iniKey} 313 + touch ${stateDir}/webhook 314 + fi 315 + ''; 316 + } mainService ]); 317 + } 318 319 + (mkIf webhooks { 320 + "${srvsrht}-webhooks" = baseService "${srvsrht}-webhooks" {} 321 + { 322 + description = "sourcehut ${srv}.sr.ht webhooks service"; 323 + after = [ "${srvsrht}.service" ]; 324 + wantedBy = [ "${srvsrht}.service" ]; 325 + partOf = [ "${srvsrht}.service" ]; 326 + preStart = '' 327 + cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" srvCfg.webhooks.celeryConfig} \ 328 + /run/sourcehut/${srvsrht}-webhooks/celeryconfig.py 329 + ''; 330 + serviceConfig = { 331 + Type = "simple"; 332 + Restart = "always"; 333 + ExecStart = "${cfg.python}/bin/celery --app ${srvsrht}.webhooks worker --hostname ${srvsrht}-webhooks@%%h " + concatStringsSep " " srvCfg.webhooks.extraArgs; 334 + # Avoid crashing: os.getloadavg() 335 + ProcSubset = mkForce "all"; 336 + }; 337 + }; 338 + }) 339 340 + (mapAttrs (timerName: timer: (baseService timerName {} (mkMerge [ 341 + { 342 + description = "sourcehut ${timerName} service"; 343 + after = [ "network.target" "${srvsrht}.service" ]; 344 + serviceConfig = { 345 + Type = "oneshot"; 346 + ExecStart = "${cfg.python}/bin/${timerName}"; 347 + }; 348 + } 349 + (timer.service or {}) 350 + ]))) extraTimers) 351 352 + (mapAttrs (serviceName: extraService: baseService serviceName {} (mkMerge [ 353 + { 354 + description = "sourcehut ${serviceName} service"; 355 + # So that extraServices have the PostgreSQL database initialized. 356 + after = [ "${srvsrht}.service" ]; 357 + wantedBy = [ "${srvsrht}.service" ]; 358 + partOf = [ "${srvsrht}.service" ]; 359 + serviceConfig = { 360 + Type = "simple"; 361 + Restart = mkDefault "always"; 362 + }; 363 + } 364 + extraService 365 + ])) extraServices) 366 + ]; 367 368 + systemd.timers = mapAttrs (timerName: timer: 369 + { 370 + description = "sourcehut timer for ${timerName}"; 371 + wantedBy = [ "timers.target" ]; 372 + inherit (timer) timerConfig; 373 + }) extraTimers; 374 + } ]); 375 } 0

+14 -10

nixos/modules/services/misc/sourcehut/sourcehut.xml

··· 14 <title>Basic usage</title> 15 <para> 16 Sourcehut is a Python and Go based set of applications. 17 - <literal><link linkend="opt-services.sourcehut.enable">services.sourcehut</link></literal> 18 - by default will use 19 <literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>, 20 - <literal><link linkend="opt-services.nginx.enable">services.redis</link></literal>, 21 - <literal><link linkend="opt-services.nginx.enable">services.cron</link></literal>, 22 and 23 - <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>. 24 </para> 25 26 <para> ··· 42 43 services.sourcehut = { 44 <link linkend="opt-services.sourcehut.enable">enable</link> = true; 45 - <link linkend="opt-services.sourcehut.originBase">originBase</link> = fqdn; 46 - <link linkend="opt-services.sourcehut.services">services</link> = [ "meta" "man" "git" ]; 0 0 0 0 0 47 <link linkend="opt-services.sourcehut.settings">settings</link> = { 48 "sr.ht" = { 49 environment = "production"; 50 global-domain = fqdn; 51 origin = "https://${fqdn}"; 52 # Produce keys with srht-keygen from <package>sourcehut.coresrht</package>. 53 - network-key = "SECRET"; 54 - service-key = "SECRET"; 55 }; 56 - webhooks.private-key= "SECRET"; 57 }; 58 }; 59

··· 14 <title>Basic usage</title> 15 <para> 16 Sourcehut is a Python and Go based set of applications. 17 + This NixOS module also provides basic configuration integrating Sourcehut into locally running 0 18 <literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>, 19 + <literal><link linkend="opt-services.redis.servers">services.redis.servers.sourcehut</link></literal>, 20 + <literal><link linkend="opt-services.postfix.enable">services.postfix</link></literal> 21 and 22 + <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal> services. 23 </para> 24 25 <para> ··· 41 42 services.sourcehut = { 43 <link linkend="opt-services.sourcehut.enable">enable</link> = true; 44 + <link linkend="opt-services.sourcehut.git.enable">git.enable</link> = true; 45 + <link linkend="opt-services.sourcehut.man.enable">man.enable</link> = true; 46 + <link linkend="opt-services.sourcehut.meta.enable">meta.enable</link> = true; 47 + <link linkend="opt-services.sourcehut.nginx.enable">nginx.enable</link> = true; 48 + <link linkend="opt-services.sourcehut.postfix.enable">postfix.enable</link> = true; 49 + <link linkend="opt-services.sourcehut.postgresql.enable">postgresql.enable</link> = true; 50 + <link linkend="opt-services.sourcehut.redis.enable">redis.enable</link> = true; 51 <link linkend="opt-services.sourcehut.settings">settings</link> = { 52 "sr.ht" = { 53 environment = "production"; 54 global-domain = fqdn; 55 origin = "https://${fqdn}"; 56 # Produce keys with srht-keygen from <package>sourcehut.coresrht</package>. 57 + network-key = "/run/keys/path/to/network-key"; 58 + service-key = "/run/keys/path/to/service-key"; 59 }; 60 + webhooks.private-key= "/run/keys/path/to/webhook-key"; 61 }; 62 }; 63

+1

nixos/tests/all-tests.nix

··· 436 solanum = handleTest ./solanum.nix {}; 437 solr = handleTest ./solr.nix {}; 438 sonarr = handleTest ./sonarr.nix {}; 0 439 spacecookie = handleTest ./spacecookie.nix {}; 440 spark = handleTestOn ["x86_64-linux"] ./spark {}; 441 sslh = handleTest ./sslh.nix {};

··· 436 solanum = handleTest ./solanum.nix {}; 437 solr = handleTest ./solr.nix {}; 438 sonarr = handleTest ./sonarr.nix {}; 439 + sourcehut = handleTest ./sourcehut.nix {}; 440 spacecookie = handleTest ./spacecookie.nix {}; 441 spark = handleTestOn ["x86_64-linux"] ./spark {}; 442 sslh = handleTest ./sslh.nix {};

+178 -10

nixos/tests/sourcehut.nix

··· 1 - import ./make-test-python.nix ({ pkgs, ... }: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 { 4 name = "sourcehut"; 5 6 meta.maintainers = [ pkgs.lib.maintainers.tomberek ]; 7 8 - machine = { config, pkgs, ... }: { 9 - virtualisation.memorySize = 2048; 10 - networking.firewall.allowedTCPPorts = [ 80 ]; 0 0 0 0 0 0 11 12 services.sourcehut = { 13 enable = true; 14 - services = [ "meta" ]; 15 - originBase = "sourcehut"; 16 - settings."sr.ht".service-key = "8888888888888888888888888888888888888888888888888888888888888888"; 17 - settings."sr.ht".network-key = "0000000000000000000000000000000000000000000="; 18 - settings.webhooks.private-key = "0000000000000000000000000000000000000000000="; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 19 }; 20 }; 21 22 testScript = '' 23 start_all() 24 machine.wait_for_unit("multi-user.target") 0 0 0 25 machine.wait_for_unit("metasrht.service") 26 machine.wait_for_open_port(5000) 27 - machine.succeed("curl -sL http://localhost:5000 | grep meta.sourcehut") 0 0 0 0 0 0 0 28 ''; 29 })

··· 1 + import ./make-test-python.nix ({ pkgs, lib, ... }: 2 + let 3 + domain = "sourcehut.localdomain"; 4 + 5 + # Note that wildcard certificates just under the TLD (eg. *.com) 6 + # would be rejected by clients like curl. 7 + tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' 8 + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 36500 \ 9 + -subj '/CN=${domain}' -extensions v3_req \ 10 + -addext 'subjectAltName = DNS:*.${domain}' 11 + install -D -t $out key.pem cert.pem 12 + ''; 13 + 14 + images = { 15 + nixos.unstable.x86_64 = 16 + let 17 + systemConfig = { pkgs, ... }: { 18 + # passwordless ssh server 19 + services.openssh = { 20 + enable = true; 21 + permitRootLogin = "yes"; 22 + extraConfig = "PermitEmptyPasswords yes"; 23 + }; 24 + 25 + users = { 26 + mutableUsers = false; 27 + # build user 28 + extraUsers."build" = { 29 + isNormalUser = true; 30 + uid = 1000; 31 + extraGroups = [ "wheel" ]; 32 + password = ""; 33 + }; 34 + users.root.password = ""; 35 + }; 36 + 37 + security.sudo.wheelNeedsPassword = false; 38 + nix.trustedUsers = [ "root" "build" ]; 39 + documentation.nixos.enable = false; 40 41 + # builds.sr.ht-image-specific network settings 42 + networking = { 43 + hostName = "build"; 44 + dhcpcd.enable = false; 45 + defaultGateway.address = "10.0.2.2"; 46 + usePredictableInterfaceNames = false; 47 + interfaces."eth0".ipv4.addresses = [{ 48 + address = "10.0.2.15"; 49 + prefixLength = 25; 50 + }]; 51 + enableIPv6 = false; 52 + nameservers = [ 53 + # OpenNIC anycast 54 + "185.121.177.177" 55 + "169.239.202.202" 56 + # Google 57 + "8.8.8.8" 58 + ]; 59 + firewall.allowedTCPPorts = [ 22 ]; 60 + }; 61 + 62 + environment.systemPackages = [ 63 + pkgs.gitMinimal 64 + #pkgs.mercurial 65 + pkgs.curl 66 + pkgs.gnupg 67 + ]; 68 + }; 69 + qemuConfig = { pkgs, ... }: { 70 + imports = [ systemConfig ]; 71 + fileSystems."/".device = "/dev/disk/by-label/nixos"; 72 + boot.initrd.availableKernelModules = [ 73 + "ahci" 74 + "ehci_pci" 75 + "sd_mod" 76 + "usb_storage" 77 + "usbhid" 78 + "virtio_balloon" 79 + "virtio_blk" 80 + "virtio_pci" 81 + "virtio_ring" 82 + "xhci_pci" 83 + ]; 84 + boot.loader = { 85 + grub = { 86 + version = 2; 87 + device = "/dev/vda"; 88 + }; 89 + timeout = 0; 90 + }; 91 + }; 92 + config = (import (pkgs.path + "/nixos/lib/eval-config.nix") { 93 + inherit pkgs; modules = [ qemuConfig ]; 94 + system = "x86_64-linux"; 95 + }).config; 96 + in 97 + import (pkgs.path + "/nixos/lib/make-disk-image.nix") { 98 + inherit pkgs lib config; 99 + diskSize = 16000; 100 + format = "qcow2-compressed"; 101 + contents = [ 102 + { source = pkgs.writeText "gitconfig" '' 103 + [user] 104 + name = builds.sr.ht 105 + email = build@sr.ht 106 + ''; 107 + target = "/home/build/.gitconfig"; 108 + user = "build"; 109 + group = "users"; 110 + mode = "644"; 111 + } 112 + ]; 113 + }; 114 + }; 115 + 116 + in 117 { 118 name = "sourcehut"; 119 120 meta.maintainers = [ pkgs.lib.maintainers.tomberek ]; 121 122 + machine = { config, pkgs, nodes, ... }: { 123 + # buildsrht needs space 124 + virtualisation.diskSize = 4 * 1024; 125 + virtualisation.memorySize = 2 * 1024; 126 + networking.domain = domain; 127 + networking.extraHosts = '' 128 + ${config.networking.primaryIPAddress} meta.${domain} 129 + ${config.networking.primaryIPAddress} builds.${domain} 130 + ''; 131 132 services.sourcehut = { 133 enable = true; 134 + services = [ "meta" "builds" ]; 135 + nginx.enable = true; 136 + nginx.virtualHost = { 137 + forceSSL = true; 138 + sslCertificate = "${tls-cert}/cert.pem"; 139 + sslCertificateKey = "${tls-cert}/key.pem"; 140 + }; 141 + postgresql.enable = true; 142 + redis.enable = true; 143 + 144 + meta.enable = true; 145 + builds = { 146 + enable = true; 147 + # FIXME: see why it does not seem to activate fully. 148 + #enableWorker = true; 149 + inherit images; 150 + }; 151 + settings."sr.ht" = { 152 + global-domain = config.networking.domain; 153 + service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01"; 154 + network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ="; 155 + }; 156 + settings."builds.sr.ht" = { 157 + oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc"; 158 + oauth-client-id = "299db9f9c2013170"; 159 + }; 160 + settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; 161 + }; 162 + 163 + networking.firewall.allowedTCPPorts = [ 443 ]; 164 + security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; 165 + services.nginx = { 166 + enable = true; 167 + recommendedGzipSettings = true; 168 + recommendedOptimisation = true; 169 + recommendedTlsSettings = true; 170 + recommendedProxySettings = true; 171 + }; 172 + 173 + services.postgresql = { 174 + enable = true; 175 + enableTCPIP = false; 176 + settings.unix_socket_permissions = "0770"; 177 }; 178 }; 179 180 testScript = '' 181 start_all() 182 machine.wait_for_unit("multi-user.target") 183 + 184 + # Testing metasrht 185 + machine.wait_for_unit("metasrht-api.service") 186 machine.wait_for_unit("metasrht.service") 187 machine.wait_for_open_port(5000) 188 + machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") 189 + machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") 190 + 191 + # Testing buildsrht 192 + machine.wait_for_unit("buildsrht.service") 193 + machine.wait_for_open_port(5002) 194 + machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") 195 + #machine.wait_for_unit("buildsrht-worker.service") 196 ''; 197 })

+11 -13

pkgs/applications/audio/sfizz/default.nix

··· 1 - { lib, stdenv, fetchFromGitHub 2 - , libjack2, libsndfile, xorg, freetype, libxkbcommon 3 - , cairo, glib, gnome, flac, libogg, libvorbis, libopus 4 - , cmake, pkg-config 5 - }: 6 7 stdenv.mkDerivation rec { 8 pname = "sfizz"; 9 - version = "0.5.1"; 10 11 src = fetchFromGitHub { 12 owner = "sfztools"; 13 repo = pname; 14 rev = version; 15 - sha256 = "sha256-3RdY5+BPsdk6vctDy24w5aJsVOV9qzSgXs62Pm5UEKs="; 16 fetchSubmodules = true; 17 }; 18 ··· 37 glib 38 gnome.zenity 39 freetype 0 40 ]; 41 nativeBuildInputs = [ cmake pkg-config ]; 42 43 postPatch = '' 44 - substituteInPlace editor/external/vstgui4/vstgui/lib/platform/linux/x11fileselector.cpp \ 45 - --replace '"/usr/bin/zenity' '"${gnome.zenity}/bin/zenity' 0 0 46 ''; 47 48 - cmakeFlags = [ 49 - "-DCMAKE_BUILD_TYPE=Release" 50 - "-DSFIZZ_TESTS=ON" 51 - ]; 52 53 meta = with lib; { 54 homepage = "https://github.com/sfztools/sfizz";

··· 1 + { lib, stdenv, fetchFromGitHub, libjack2, libsndfile, xorg, freetype 2 + , libxkbcommon, cairo, glib, gnome, flac, libogg, libvorbis, libopus, cmake 3 + , pango, pkg-config }: 0 0 4 5 stdenv.mkDerivation rec { 6 pname = "sfizz"; 7 + version = "1.1.1"; 8 9 src = fetchFromGitHub { 10 owner = "sfztools"; 11 repo = pname; 12 rev = version; 13 + sha256 = "1gzpbns89j6ggzfjjvyhgigynsv20synrs7lmc32hwp4g73l0j7n"; 14 fetchSubmodules = true; 15 }; 16 ··· 35 glib 36 gnome.zenity 37 freetype 38 + pango 39 ]; 40 nativeBuildInputs = [ cmake pkg-config ]; 41 42 postPatch = '' 43 + substituteInPlace plugins/editor/external/vstgui4/vstgui/lib/platform/linux/x11fileselector.cpp \ 44 + --replace 'zenitypath = "zenity"' 'zenitypath = "${gnome.zenity}/bin/zenity"' 45 + substituteInPlace plugins/editor/src/editor/NativeHelpers.cpp \ 46 + --replace '/usr/bin/zenity' '${gnome.zenity}/bin/zenity' 47 ''; 48 49 + cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" "-DSFIZZ_TESTS=ON" ]; 0 0 0 50 51 meta = with lib; { 52 homepage = "https://github.com/sfztools/sfizz";

+1 -1

pkgs/applications/kde/kalzium.nix

··· 3 mkDerivation { 4 pname = "kalzium"; 5 meta = with lib; { 6 - homepage = "https://kde.org/applications/en/utilities/org.kde.kalzium"; 7 description = "Program that shows you the Periodic Table of Elements"; 8 maintainers = with maintainers; [ freezeboy ]; 9 license = licenses.gpl2Plus;

··· 3 mkDerivation { 4 pname = "kalzium"; 5 meta = with lib; { 6 + homepage = "https://edu.kde.org/kalzium/"; 7 description = "Program that shows you the Periodic Table of Elements"; 8 maintainers = with maintainers; [ freezeboy ]; 9 license = licenses.gpl2Plus;

+1 -1

pkgs/applications/kde/kipi-plugins.nix

··· 17 meta = { 18 description = "Plugins for KDE-based image applications"; 19 license = lib.licenses.gpl2; 20 - homepage = "https://cgit.kde.org/kipi-plugins.git"; 21 maintainers = with lib.maintainers; [ ttuegel ]; 22 }; 23 }

··· 17 meta = { 18 description = "Plugins for KDE-based image applications"; 19 license = lib.licenses.gpl2; 20 + homepage = "https://github.com/KDE/kipi-plugins"; 21 maintainers = with lib.maintainers; [ ttuegel ]; 22 }; 23 }

+4 -3

pkgs/applications/misc/inherd-quake/default.nix

··· 9 }: 10 11 rustPlatform.buildRustPackage rec { 12 - pname = "quake"; 13 version = "0.3.0"; 14 15 src = fetchFromGitHub { 16 owner = "phodal"; 17 - repo = pname; 18 rev = "v${version}"; 19 sha256 = "1f7k68g18g3dpnrsmhgmz753bly1i3f4lmsljiyp9ap0c6w8ahgg"; 20 }; 21 22 - cargoSha256 = "1yqj9rq770j116138bqn4ycggy13vvym1cz50myfddb9rjjzafrl"; 23 24 nativeBuildInputs = [ pkg-config ]; 25 ··· 35 homepage = "https://github.com/phodal/quake"; 36 license = licenses.mit; 37 maintainers = [ maintainers.elliot ]; 0 38 }; 39 }

··· 9 }: 10 11 rustPlatform.buildRustPackage rec { 12 + pname = "inherd-quake"; 13 version = "0.3.0"; 14 15 src = fetchFromGitHub { 16 owner = "phodal"; 17 + repo = "quake"; 18 rev = "v${version}"; 19 sha256 = "1f7k68g18g3dpnrsmhgmz753bly1i3f4lmsljiyp9ap0c6w8ahgg"; 20 }; 21 22 + cargoSha256 = "17q9sjypa331gdfvmx1kbcbvnj34rnsf37b9rnji4jrqfysgrs5w"; 23 24 nativeBuildInputs = [ pkg-config ]; 25 ··· 35 homepage = "https://github.com/phodal/quake"; 36 license = licenses.mit; 37 maintainers = [ maintainers.elliot ]; 38 + mainProgram = "quake"; 39 }; 40 }

+1

pkgs/applications/misc/marktext/default.nix

··· 50 license = licenses.mit; 51 maintainers = with maintainers; [ nh2 ]; 52 platforms = [ "x86_64-linux" ]; 0 53 }; 54 }

··· 50 license = licenses.mit; 51 maintainers = with maintainers; [ nh2 ]; 52 platforms = [ "x86_64-linux" ]; 53 + mainProgram = "marktext"; 54 }; 55 }

+4 -4

pkgs/applications/misc/metadata-cleaner/default.nix

··· 9 , itstool 10 , libadwaita 11 , librsvg 12 - , meson 13 , ninja 14 , pkg-config 15 , poppler_gi ··· 18 19 python3.pkgs.buildPythonApplication rec { 20 pname = "metadata-cleaner"; 21 - version = "2.0.1"; 22 23 format = "other"; 24 ··· 26 owner = "rmnvgr"; 27 repo = "metadata-cleaner"; 28 rev = "v${version}"; 29 - sha256 = "sha256-iTKs3DEZSzqRARXJKPPygvCS5JNUMbQBkfjacwd168Y="; 30 }; 31 32 nativeBuildInputs = [ ··· 35 glib 36 gtk4 37 itstool 38 - meson 39 ninja 40 pkg-config 41 wrapGAppsHook

··· 9 , itstool 10 , libadwaita 11 , librsvg 12 + , meson_0_60 13 , ninja 14 , pkg-config 15 , poppler_gi ··· 18 19 python3.pkgs.buildPythonApplication rec { 20 pname = "metadata-cleaner"; 21 + version = "2.1.3"; 22 23 format = "other"; 24 ··· 26 owner = "rmnvgr"; 27 repo = "metadata-cleaner"; 28 rev = "v${version}"; 29 + hash = "sha256-9sLjgqqQBXcudlBRmqAwWcWMUXoIUyAK272zaNKbJNY="; 30 }; 31 32 nativeBuildInputs = [ ··· 35 glib 36 gtk4 37 itstool 38 + meson_0_60 39 ninja 40 pkg-config 41 wrapGAppsHook

+1 -1

pkgs/applications/networking/cluster/spark/default.nix

··· 46 47 meta = { 48 description = "Apache Spark is a fast and general engine for large-scale data processing"; 49 - homepage = "http://spark.apache.org"; 50 license = lib.licenses.asl20; 51 platforms = lib.platforms.all; 52 maintainers = with maintainers; [ thoughtpolice offline kamilchm illustris ];

··· 46 47 meta = { 48 description = "Apache Spark is a fast and general engine for large-scale data processing"; 49 + homepage = "https://spark.apache.org"; 50 license = lib.licenses.asl20; 51 platforms = lib.platforms.all; 52 maintainers = with maintainers; [ thoughtpolice offline kamilchm illustris ];

+3 -3

pkgs/applications/radio/flex-ncat/default.nix

··· 2 3 buildGoModule rec { 4 pname = "flex-ncat"; 5 - version = "0.0-20210420.0"; 6 7 src = fetchFromGitHub { 8 owner = "kc2g-flex-tools"; 9 repo = "nCAT"; 10 rev = "v${version}"; 11 - sha256 = "0wrdmlp9rrr4n0g9pj0j20ddskllyr59dr3p5fm9z0avkncn3a0m"; 12 }; 13 14 - vendorSha256 = "0npzhvpyaxvfaivycnscvh45lp0ycdg9xrlfm8vhfr835yj2adiv"; 15 16 meta = with lib; { 17 homepage = "https://github.com/kc2g-flex-tools/nCAT";

··· 2 3 buildGoModule rec { 4 pname = "flex-ncat"; 5 + version = "0.1-20211223.0"; 6 7 src = fetchFromGitHub { 8 owner = "kc2g-flex-tools"; 9 repo = "nCAT"; 10 rev = "v${version}"; 11 + hash = "sha256-l5IH6EtWqxMLqUfIYpaKgZE9Jq8q4+WgZIazQ2scyxg="; 12 }; 13 14 + vendorSha256 = "sha256-OzYlpC8DZQc3qo7mnl5jHlxaCNxMW+Z3VG535e+G/1o="; 15 16 meta = with lib; { 17 homepage = "https://github.com/kc2g-flex-tools/nCAT";

+7 -7

pkgs/applications/version-management/gitlab/data.json

··· 1 { 2 - "version": "14.5.2", 3 - "repo_hash": "sha256-sXRVnxb7b3grosg0YXwd+GBXHF7mDxIRXhWHcswZjdA=", 4 - "yarn_hash": "134x774vz1w9qhxs6xfk7vnajxzqwfyb9f55qhpwqprg6ldwivkr", 5 "owner": "gitlab-org", 6 "repo": "gitlab", 7 - "rev": "v14.5.2-ee", 8 "passthru": { 9 - "GITALY_SERVER_VERSION": "14.5.2", 10 - "GITLAB_PAGES_VERSION": "1.48.0", 11 "GITLAB_SHELL_VERSION": "13.22.1", 12 - "GITLAB_WORKHORSE_VERSION": "14.5.2" 13 } 14 }

··· 1 { 2 + "version": "14.6.0", 3 + "repo_hash": "0b77nh7xq5qalzhvfmsymmkrb78lmaffk464b074wi5c8gy3f5dn", 4 + "yarn_hash": "1kcjbf8xn3bwac2s9i2i7dpgbkwcjh09wvgbgysm5yffpdswg6nl", 5 "owner": "gitlab-org", 6 "repo": "gitlab", 7 + "rev": "v14.6.0-ee", 8 "passthru": { 9 + "GITALY_SERVER_VERSION": "14.6.0", 10 + "GITLAB_PAGES_VERSION": "1.49.0", 11 "GITLAB_SHELL_VERSION": "13.22.1", 12 + "GITLAB_WORKHORSE_VERSION": "14.6.0" 13 } 14 }

+8

pkgs/applications/version-management/gitlab/gitaly/Gemfile

··· 31 32 gem 'grpc-tools', '= 1.30.2' 33 end 0 0 0 0 0 0 0 0

··· 31 32 gem 'grpc-tools', '= 1.30.2' 33 end 34 + 35 + # Gems required in omnibus-gitlab pipeline 36 + group :development, :test, :omnibus do 37 + # Using a fork until https://github.com/pivotal/LicenseFinder/pull/816 is 38 + # resolved. For details, check discussion in 39 + # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74881 40 + gem 'gitlab-license_finder', require: false 41 + end

+15 -2

pkgs/applications/version-management/gitlab/gitaly/Gemfile.lock

··· 26 memoizable (~> 0.4.0) 27 addressable (2.7.0) 28 public_suffix (>= 2.0.2, < 5.0) 29 - ast (2.4.1) 30 binding_ninja (0.2.3) 31 builder (3.2.4) 32 charlock_holmes (0.7.7) ··· 73 opentracing (~> 0.4) 74 pg_query (~> 2.1) 75 redis (> 3.0.0, < 5.0.0) 0 0 0 0 0 0 0 76 gitlab-markup (1.7.1) 77 google-protobuf (3.17.3) 78 googleapis-common-protos-types (1.1.0) ··· 119 opentracing (0.5.0) 120 optimist (3.0.1) 121 parallel (1.19.2) 122 - parser (2.7.2.0) 123 ast (~> 2.4.1) 124 pg_query (2.1.1) 125 google-protobuf (>= 3.17.1) ··· 184 rubocop-ast (0.2.0) 185 parser (>= 2.7.0.1) 186 ruby-progressbar (1.10.1) 0 187 rugged (1.2.0) 188 sanitize (4.6.6) 189 crass (~> 1.0.2) ··· 199 thread_safe (0.3.6) 200 thrift (0.15.0) 201 timecop (0.9.1) 0 202 tzinfo (2.0.4) 203 concurrent-ruby (~> 1.0) 204 unicode-display_width (1.7.0) ··· 210 equalizer (~> 0.0.9) 211 parser (>= 2.6.5) 212 procto (~> 0.0.2) 0 0 0 213 zeitwerk (2.4.2) 214 215 PLATFORMS ··· 223 gitlab-gollum-lib (~> 4.2.7.10.gitlab.1) 224 gitlab-gollum-rugged_adapter (~> 0.4.4.4.gitlab.1) 225 gitlab-labkit (~> 0.21.1) 0 226 gitlab-markup (~> 1.7.1) 227 google-protobuf (~> 3.17.0) 228 grpc (~> 1.30.2)

··· 26 memoizable (~> 0.4.0) 27 addressable (2.7.0) 28 public_suffix (>= 2.0.2, < 5.0) 29 + ast (2.4.2) 30 binding_ninja (0.2.3) 31 builder (3.2.4) 32 charlock_holmes (0.7.7) ··· 73 opentracing (~> 0.4) 74 pg_query (~> 2.1) 75 redis (> 3.0.0, < 5.0.0) 76 + gitlab-license_finder (6.14.2.1) 77 + bundler 78 + rubyzip (>= 1, < 3) 79 + thor (~> 1.0) 80 + tomlrb (>= 1.3, < 2.1) 81 + with_env (= 1.1.0) 82 + xml-simple (~> 1.1.5) 83 gitlab-markup (1.7.1) 84 google-protobuf (3.17.3) 85 googleapis-common-protos-types (1.1.0) ··· 126 opentracing (0.5.0) 127 optimist (3.0.1) 128 parallel (1.19.2) 129 + parser (3.0.3.2) 130 ast (~> 2.4.1) 131 pg_query (2.1.1) 132 google-protobuf (>= 3.17.1) ··· 191 rubocop-ast (0.2.0) 192 parser (>= 2.7.0.1) 193 ruby-progressbar (1.10.1) 194 + rubyzip (2.3.2) 195 rugged (1.2.0) 196 sanitize (4.6.6) 197 crass (~> 1.0.2) ··· 207 thread_safe (0.3.6) 208 thrift (0.15.0) 209 timecop (0.9.1) 210 + tomlrb (2.0.1) 211 tzinfo (2.0.4) 212 concurrent-ruby (~> 1.0) 213 unicode-display_width (1.7.0) ··· 219 equalizer (~> 0.0.9) 220 parser (>= 2.6.5) 221 procto (~> 0.0.2) 222 + with_env (1.1.0) 223 + xml-simple (1.1.9) 224 + rexml 225 zeitwerk (2.4.2) 226 227 PLATFORMS ··· 235 gitlab-gollum-lib (~> 4.2.7.10.gitlab.1) 236 gitlab-gollum-rugged_adapter (~> 0.4.4.4.gitlab.1) 237 gitlab-labkit (~> 0.21.1) 238 + gitlab-license_finder 239 gitlab-markup (~> 1.7.1) 240 google-protobuf (~> 3.17.0) 241 grpc (~> 1.30.2)

+2 -2

pkgs/applications/version-management/gitlab/gitaly/default.nix

··· 33 }; 34 }; 35 36 - version = "14.5.2"; 37 gitaly_package = "gitlab.com/gitlab-org/gitaly/v${lib.versions.major version}"; 38 in 39 ··· 45 owner = "gitlab-org"; 46 repo = "gitaly"; 47 rev = "v${version}"; 48 - sha256 = "sha256-x8LRBd0bw1JipBu3MbV0d8WFIFPD7joZDBGOr1gstMg="; 49 }; 50 51 vendorSha256 = "sha256-ZLd4E3+e25Hqmd6ZyF3X6BveMEg7OF0FX9IvNBWn3v0=";

··· 33 }; 34 }; 35 36 + version = "14.6.0"; 37 gitaly_package = "gitlab.com/gitlab-org/gitaly/v${lib.versions.major version}"; 38 in 39 ··· 45 owner = "gitlab-org"; 46 repo = "gitaly"; 47 rev = "v${version}"; 48 + sha256 = "sha256-YiDZtWRb1PnCAv+UCPRQFoCA12vf3xoHoJ1i/hW+vMg="; 49 }; 50 51 vendorSha256 = "sha256-ZLd4E3+e25Hqmd6ZyF3X6BveMEg7OF0FX9IvNBWn3v0=";

+56 -4

pkgs/applications/version-management/gitlab/gitaly/gemset.nix

··· 65 platforms = []; 66 source = { 67 remotes = ["https://rubygems.org"]; 68 - sha256 = "1l3468czzjmxl93ap40hp7z94yxp4nbag0bxqs789bm30md90m2a"; 69 type = "gem"; 70 }; 71 - version = "2.4.1"; 72 }; 73 binding_ninja = { 74 groups = ["default" "development" "test"]; ··· 273 type = "gem"; 274 }; 275 version = "0.21.2"; 0 0 0 0 0 0 0 0 0 0 0 276 }; 277 gitlab-markup = { 278 groups = ["default"]; ··· 543 platforms = []; 544 source = { 545 remotes = ["https://rubygems.org"]; 546 - sha256 = "1f7gmm60yla325wlnd3qkxs59qm2y0aan8ljpg6k18rwzrrfil6z"; 547 type = "gem"; 548 }; 549 - version = "2.7.2.0"; 550 }; 551 pg_query = { 552 dependencies = ["google-protobuf"]; ··· 825 }; 826 version = "1.10.1"; 827 }; 0 0 0 0 0 0 0 0 0 0 828 rugged = { 829 groups = ["default"]; 830 platforms = []; ··· 912 }; 913 version = "0.9.1"; 914 }; 0 0 0 0 0 0 0 0 0 0 915 tzinfo = { 916 dependencies = ["concurrent-ruby"]; 917 groups = ["default" "development" "test"]; ··· 943 type = "gem"; 944 }; 945 version = "0.4.7"; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 946 }; 947 zeitwerk = { 948 groups = ["default" "development" "test"];

··· 65 platforms = []; 66 source = { 67 remotes = ["https://rubygems.org"]; 68 + sha256 = "04nc8x27hlzlrr5c2gn7mar4vdr0apw5xg22wp6m8dx3wqr04a0y"; 69 type = "gem"; 70 }; 71 + version = "2.4.2"; 72 }; 73 binding_ninja = { 74 groups = ["default" "development" "test"]; ··· 273 type = "gem"; 274 }; 275 version = "0.21.2"; 276 + }; 277 + gitlab-license_finder = { 278 + dependencies = ["rubyzip" "thor" "tomlrb" "with_env" "xml-simple"]; 279 + groups = ["development" "omnibus" "test"]; 280 + platforms = []; 281 + source = { 282 + remotes = ["https://rubygems.org"]; 283 + sha256 = "0fzrv96kbzyqnsdj762x7n0y006rsgsi8k23nad4xsa43d065i71"; 284 + type = "gem"; 285 + }; 286 + version = "6.14.2.1"; 287 }; 288 gitlab-markup = { 289 groups = ["default"]; ··· 554 platforms = []; 555 source = { 556 remotes = ["https://rubygems.org"]; 557 + sha256 = "0sszdl9mpzqzn9kxrp28sqmg47mjxcwypr4d60vbajqba4v885di"; 558 type = "gem"; 559 }; 560 + version = "3.0.3.2"; 561 }; 562 pg_query = { 563 dependencies = ["google-protobuf"]; ··· 836 }; 837 version = "1.10.1"; 838 }; 839 + rubyzip = { 840 + groups = ["default" "development" "omnibus" "test"]; 841 + platforms = []; 842 + source = { 843 + remotes = ["https://rubygems.org"]; 844 + sha256 = "0grps9197qyxakbpw02pda59v45lfgbgiyw48i0mq9f2bn9y6mrz"; 845 + type = "gem"; 846 + }; 847 + version = "2.3.2"; 848 + }; 849 rugged = { 850 groups = ["default"]; 851 platforms = []; ··· 933 }; 934 version = "0.9.1"; 935 }; 936 + tomlrb = { 937 + groups = ["default" "development" "omnibus" "test"]; 938 + platforms = []; 939 + source = { 940 + remotes = ["https://rubygems.org"]; 941 + sha256 = "0a83cb5xpyzlr651d46rk5xgq37s46hs9nfqy9baawzs31hm9k2g"; 942 + type = "gem"; 943 + }; 944 + version = "2.0.1"; 945 + }; 946 tzinfo = { 947 dependencies = ["concurrent-ruby"]; 948 groups = ["default" "development" "test"]; ··· 974 type = "gem"; 975 }; 976 version = "0.4.7"; 977 + }; 978 + with_env = { 979 + groups = ["default" "development" "omnibus" "test"]; 980 + platforms = []; 981 + source = { 982 + remotes = ["https://rubygems.org"]; 983 + sha256 = "1r5ns064mbb99hf1dyxsk9183hznc5i7mn3bi86zka6dlvqf9csh"; 984 + type = "gem"; 985 + }; 986 + version = "1.1.0"; 987 + }; 988 + xml-simple = { 989 + dependencies = ["rexml"]; 990 + groups = ["default" "development" "omnibus" "test"]; 991 + platforms = []; 992 + source = { 993 + remotes = ["https://rubygems.org"]; 994 + sha256 = "0pb9plyl71mdbjr4kllfy53qx6g68ryxblmnq9dilvy837jk24fj"; 995 + type = "gem"; 996 + }; 997 + version = "1.1.9"; 998 }; 999 zeitwerk = { 1000 groups = ["default" "development" "test"];

+2 -2

pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix

··· 5 buildGoModule rec { 6 pname = "gitlab-workhorse"; 7 8 - version = "14.5.2"; 9 10 src = fetchFromGitLab { 11 owner = data.owner; ··· 16 17 sourceRoot = "source/workhorse"; 18 19 - vendorSha256 = "sha256-yLZY9FFUS4nJl4TkE6MwICCEwtPTXFc5zuj4FgiIy74="; 20 buildInputs = [ git ]; 21 ldflags = [ "-X main.Version=${version}" ]; 22 doCheck = false;

··· 5 buildGoModule rec { 6 pname = "gitlab-workhorse"; 7 8 + version = "14.6.0"; 9 10 src = fetchFromGitLab { 11 owner = data.owner; ··· 16 17 sourceRoot = "source/workhorse"; 18 19 + vendorSha256 = "sha256-ps/MjNY2woHrfcsNZTurnO2TbasWdS3LiuPUfVD2Ypc="; 20 buildInputs = [ git ]; 21 ldflags = [ "-X main.Version=${version}" ]; 22 doCheck = false;

+16 -11

pkgs/applications/version-management/gitlab/rubyEnv/Gemfile

··· 153 # Markdown and HTML processing 154 gem 'html-pipeline', '~> 2.13.2' 155 gem 'deckar01-task_list', '2.3.1' 156 - gem 'gitlab-markup', '~> 1.7.1' 157 gem 'github-markup', '~> 1.7.0', require: 'github/markup' 158 gem 'commonmarker', '~> 0.23.2' 159 gem 'kramdown', '~> 2.3.1' ··· 185 gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base' 186 187 group :puma do 188 - gem 'puma', '~> 5.3.1', require: false 189 gem 'puma_worker_killer', '~> 0.3.1', require: false 190 gem 'sd_notify', '~> 0.1.0', require: false 191 end ··· 194 gem 'state_machines-activerecord', '~> 0.8.0' 195 196 # Issue tags 197 - gem 'acts-as-taggable-on', '~> 7.0' 198 199 # Background jobs 200 - gem 'sidekiq', '~> 6.2.2' 201 gem 'sidekiq-cron', '~> 1.0' 202 gem 'redis-namespace', '~> 1.8.1' 203 gem 'gitlab-sidekiq-fetcher', '0.8.0', require: 'sidekiq-reliable-fetch' ··· 376 gem 'spring', '~> 2.1.0' 377 gem 'spring-commands-rspec', '~> 1.0.4' 378 379 - gem 'gitlab-styles', '~> 6.4.0', require: false 380 381 gem 'haml_lint', '~> 0.36.0', require: false 382 gem 'bundler-audit', '~> 0.7.0.1', require: false ··· 400 end 401 402 group :development, :test, :danger do 403 - gem 'gitlab-dangerfiles', '~> 2.5.0', require: false 404 end 405 406 group :development, :test, :coverage do 407 gem 'simplecov', '~> 0.18.5', require: false 0 408 gem 'simplecov-cobertura', '~> 1.3.1', require: false 0 409 end 410 411 # Gems required in omnibus-gitlab pipeline 412 group :development, :test, :omnibus do 413 - gem 'license_finder', '~> 6.0', require: false 0 0 0 414 end 415 416 group :test do ··· 459 460 # System information 461 gem 'vmstat', '~> 2.3.0' 462 - gem 'sys-filesystem', '~> 1.1.6' 463 464 # NTP client 465 gem 'net-ntp' ··· 471 # Required for ED25519 SSH host key support 472 group :ed25519 do 473 gem 'ed25519', '~> 1.2' 474 - gem 'bcrypt_pbkdf', '~> 1.0' 475 end 476 477 # Spamcheck GRPC protocol definitions ··· 494 gem 'flipper-active_record', '~> 0.21.0' 495 gem 'flipper-active_support_cache_store', '~> 0.21.0' 496 gem 'unleash', '~> 3.2.2' 497 - gem 'gitlab-experiment', '~> 0.6.4' 498 499 # Structured logging 500 gem 'lograge', '~> 0.5' ··· 539 540 gem 'parslet', '~> 1.8' 541 542 - gem 'ipynbdiff', '0.3.7'

··· 153 # Markdown and HTML processing 154 gem 'html-pipeline', '~> 2.13.2' 155 gem 'deckar01-task_list', '2.3.1' 156 + gem 'gitlab-markup', '~> 1.8.0' 157 gem 'github-markup', '~> 1.7.0', require: 'github/markup' 158 gem 'commonmarker', '~> 0.23.2' 159 gem 'kramdown', '~> 2.3.1' ··· 185 gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base' 186 187 group :puma do 188 + gem 'puma', '~> 5.5.2', require: false 189 gem 'puma_worker_killer', '~> 0.3.1', require: false 190 gem 'sd_notify', '~> 0.1.0', require: false 191 end ··· 194 gem 'state_machines-activerecord', '~> 0.8.0' 195 196 # Issue tags 197 + gem 'acts-as-taggable-on', '~> 8.1' 198 199 # Background jobs 200 + gem 'sidekiq', '~> 6.3' 201 gem 'sidekiq-cron', '~> 1.0' 202 gem 'redis-namespace', '~> 1.8.1' 203 gem 'gitlab-sidekiq-fetcher', '0.8.0', require: 'sidekiq-reliable-fetch' ··· 376 gem 'spring', '~> 2.1.0' 377 gem 'spring-commands-rspec', '~> 1.0.4' 378 379 + gem 'gitlab-styles', '~> 6.6.0', require: false 380 381 gem 'haml_lint', '~> 0.36.0', require: false 382 gem 'bundler-audit', '~> 0.7.0.1', require: false ··· 400 end 401 402 group :development, :test, :danger do 403 + gem 'gitlab-dangerfiles', '~> 2.6.1', require: false 404 end 405 406 group :development, :test, :coverage do 407 gem 'simplecov', '~> 0.18.5', require: false 408 + gem 'simplecov-lcov', '~> 0.8.0', require: false 409 gem 'simplecov-cobertura', '~> 1.3.1', require: false 410 + gem 'undercover', '~> 0.4.4', require: false 411 end 412 413 # Gems required in omnibus-gitlab pipeline 414 group :development, :test, :omnibus do 415 + # Using a fork until https://github.com/pivotal/LicenseFinder/pull/816 is 416 + # resolved. For details, check discussion in 417 + # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74881 418 + gem 'gitlab-license_finder', '~> 6.0', require: false 419 end 420 421 group :test do ··· 464 465 # System information 466 gem 'vmstat', '~> 2.3.0' 467 + gem 'sys-filesystem', '~> 1.4.3' 468 469 # NTP client 470 gem 'net-ntp' ··· 476 # Required for ED25519 SSH host key support 477 group :ed25519 do 478 gem 'ed25519', '~> 1.2' 479 + gem 'bcrypt_pbkdf', '~> 1.1' 480 end 481 482 # Spamcheck GRPC protocol definitions ··· 499 gem 'flipper-active_record', '~> 0.21.0' 500 gem 'flipper-active_support_cache_store', '~> 0.21.0' 501 gem 'unleash', '~> 3.2.2' 502 + gem 'gitlab-experiment', '~> 0.6.5' 503 504 # Structured logging 505 gem 'lograge', '~> 0.5' ··· 544 545 gem 'parslet', '~> 1.8' 546 547 + gem 'ipynbdiff', '0.3.8'

+46 -36

pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock

··· 66 minitest (>= 5.1) 67 tzinfo (~> 2.0) 68 zeitwerk (~> 2.3) 69 - acts-as-taggable-on (7.0.0) 70 activerecord (>= 5.0, < 6.2) 71 addressable (2.8.0) 72 public_suffix (>= 2.0.2, < 5.0) ··· 130 base32 (0.3.2) 131 batch-loader (2.0.1) 132 bcrypt (3.1.16) 133 - bcrypt_pbkdf (1.0.0) 134 benchmark (0.1.1) 135 benchmark-ips (2.3.0) 136 benchmark-memory (0.1.2) ··· 215 css_parser (1.7.0) 216 addressable 217 daemons (1.3.1) 218 - danger (8.4.1) 219 claide (~> 1.0) 220 claide-plugins (>= 0.9.2) 221 colored2 (~> 3.1) ··· 451 terminal-table (~> 1.5, >= 1.5.1) 452 gitlab-chronic (0.10.5) 453 numerizer (~> 0.2) 454 - gitlab-dangerfiles (2.5.0) 455 danger (>= 8.3.1) 456 danger-gitlab (>= 8.0.0) 457 - gitlab-experiment (0.6.4) 458 activesupport (>= 3.0) 459 request_store (>= 1.0) 460 scientist (~> 1.6, >= 1.6.0) ··· 474 pg_query (~> 2.1) 475 redis (> 3.0.0, < 5.0.0) 476 gitlab-license (2.0.0) 0 0 0 0 0 0 0 477 gitlab-mail_room (0.0.9) 478 - gitlab-markup (1.7.1) 479 gitlab-net-dns (0.9.1) 480 gitlab-omniauth-openid-connect (0.8.0) 481 addressable (~> 2.7) ··· 483 openid_connect (~> 1.2) 484 gitlab-sidekiq-fetcher (0.8.0) 485 sidekiq (~> 6.1) 486 - gitlab-styles (6.4.0) 487 rubocop (~> 0.91, >= 0.91.1) 488 rubocop-gitlab-security (~> 0.1.1) 0 489 rubocop-performance (~> 1.9.2) 490 rubocop-rails (~> 2.9) 491 rubocop-rspec (~> 1.44) ··· 626 mime-types (~> 3.0) 627 multi_xml (>= 0.5.2) 628 httpclient (2.8.3) 629 - i18n (1.8.10) 630 concurrent-ruby (~> 1.0) 631 i18n_data (0.8.0) 632 icalendar (2.4.1) 0 0 633 invisible_captcha (1.1.0) 634 rails (>= 4.2) 635 ipaddress (0.8.3) 636 - ipynbdiff (0.3.7) 637 diffy (= 3.3.0) 638 json (= 2.5.1) 639 jaeger-client (1.1.0) ··· 699 railties (>= 5.2) 700 rexml 701 libyajl2 (1.2.0) 702 - license_finder (6.0.0) 703 - bundler 704 - rubyzip (>= 1, < 3) 705 - thor 706 - toml (= 0.2.0) 707 - with_env (= 1.1.0) 708 - xml-simple 709 licensee (9.14.1) 710 dotenv (~> 2.0) 711 octokit (~> 4.17) ··· 896 orm_adapter (0.5.0) 897 os (1.1.1) 898 parallel (1.20.1) 899 - parser (3.0.2.0) 900 ast (~> 2.4.1) 901 parslet (1.8.2) 902 pastel (0.8.0) ··· 935 tty-markdown 936 tty-prompt 937 public_suffix (4.0.6) 938 - puma (5.3.2) 939 nio4r (~> 2.0) 940 puma_worker_killer (0.3.1) 941 get_process_mem (~> 0.2) ··· 1100 parser (>= 2.7.1.5) 1101 rubocop-gitlab-security (0.1.1) 1102 rubocop (>= 0.51) 0 0 1103 rubocop-performance (1.9.2) 1104 rubocop (>= 0.90.0, < 2.0) 1105 rubocop-ast (>= 0.4.0) ··· 1151 sawyer (0.8.2) 1152 addressable (>= 2.3.5) 1153 faraday (> 0.8, < 2.0) 1154 - scientist (1.6.0) 1155 sd_notify (0.1.0) 1156 securecompare (1.0.0) 1157 seed-fu (2.3.7) ··· 1168 shellany (0.0.1) 1169 shoulda-matchers (4.0.1) 1170 activesupport (>= 4.2.0) 1171 - sidekiq (6.2.2) 1172 connection_pool (>= 2.2.2) 1173 rack (~> 2.0) 1174 redis (>= 4.2.0) ··· 1187 simplecov-cobertura (1.3.1) 1188 simplecov (~> 0.8) 1189 simplecov-html (0.12.3) 0 1190 sixarm_ruby_unaccent (1.2.0) 1191 slack-messenger (2.3.4) 1192 snowplow-tracker (0.6.1) ··· 1242 activesupport (>= 3) 1243 attr_required (>= 0.0.5) 1244 httpclient (>= 2.4) 1245 - sys-filesystem (1.1.9) 1246 - ffi 1247 sysexits (1.2.0) 1248 tanuki_emoji (0.5.0) 1249 temple (0.8.2) ··· 1265 timecop (0.9.1) 1266 timeliness (0.3.10) 1267 timfel-krb5-auth (0.8.3) 1268 - toml (0.2.0) 1269 - parslet (~> 1.8.0) 1270 toml-rb (2.0.1) 1271 citrus (~> 3.0, > 3.0) 1272 tomlrb (1.3.0) ··· 1304 concurrent-ruby (~> 1.0) 1305 u2f (0.2.1) 1306 uber (0.1.0) 0 0 0 0 1307 unf (0.1.4) 1308 unf_ext 1309 unf_ext (0.0.7.7) ··· 1366 nokogiri (~> 1.8) 1367 yajl-ruby (1.4.1) 1368 yard (0.9.26) 1369 - zeitwerk (2.4.2) 1370 1371 PLATFORMS 1372 ruby ··· 1375 RedCloth (~> 4.3.2) 1376 acme-client (~> 2.0, >= 2.0.6) 1377 activerecord-explain-analyze (~> 0.1) 1378 - acts-as-taggable-on (~> 7.0) 1379 addressable (~> 2.8) 1380 akismet (~> 3.0) 1381 apollo_upload_server (~> 2.1.0) ··· 1395 base32 (~> 0.3.0) 1396 batch-loader (~> 2.0.1) 1397 bcrypt (~> 3.1, >= 3.1.14) 1398 - bcrypt_pbkdf (~> 1.0) 1399 benchmark-ips (~> 2.3.0) 1400 benchmark-memory (~> 0.1) 1401 better_errors (~> 2.9.0) ··· 1460 gitaly (~> 14.4.0.pre.rc43) 1461 github-markup (~> 1.7.0) 1462 gitlab-chronic (~> 0.10.5) 1463 - gitlab-dangerfiles (~> 2.5.0) 1464 - gitlab-experiment (~> 0.6.4) 1465 gitlab-fog-azure-rm (~> 1.2.0) 1466 gitlab-labkit (~> 0.21.1) 1467 gitlab-license (~> 2.0) 0 1468 gitlab-mail_room (~> 0.0.9) 1469 - gitlab-markup (~> 1.7.1) 1470 gitlab-net-dns (~> 0.9.1) 1471 gitlab-omniauth-openid-connect (~> 0.8.0) 1472 gitlab-sidekiq-fetcher (= 0.8.0) 1473 - gitlab-styles (~> 6.4.0) 1474 gitlab_chronic_duration (~> 0.10.6.2) 1475 gitlab_omniauth-ldap (~> 2.1.1) 1476 gon (~> 6.4.0) ··· 1500 icalendar 1501 invisible_captcha (~> 1.1.0) 1502 ipaddress (~> 0.8.3) 1503 - ipynbdiff (= 0.3.7) 1504 jira-ruby (~> 2.1.4) 1505 js_regex (~> 3.7) 1506 json (~> 2.5.1) ··· 1513 kubeclient (~> 4.9.2) 1514 lefthook (~> 0.7.0) 1515 letter_opener_web (~> 2.0.0) 1516 - license_finder (~> 6.0) 1517 licensee (~> 9.14.1) 1518 lockbox (~> 0.6.2) 1519 lograge (~> 0.5) ··· 1565 pry-byebug 1566 pry-rails (~> 0.3.9) 1567 pry-shell (~> 0.5.0) 1568 - puma (~> 5.3.1) 1569 puma_worker_killer (~> 0.3.1) 1570 rack (~> 2.2.3) 1571 rack-attack (~> 6.3.0) ··· 1612 sentry-raven (~> 3.1) 1613 settingslogic (~> 2.0.9) 1614 shoulda-matchers (~> 4.0.1) 1615 - sidekiq (~> 6.2.2) 1616 sidekiq-cron (~> 1.0) 1617 simple_po_parser (~> 1.1.2) 1618 simplecov (~> 0.18.5) 1619 simplecov-cobertura (~> 1.3.1) 0 1620 slack-messenger (~> 2.3.4) 1621 snowplow-tracker (~> 0.6.1) 1622 solargraph (~> 0.43) ··· 1628 sshkey (~> 2.0) 1629 stackprof (~> 0.2.15) 1630 state_machines-activerecord (~> 0.8.0) 1631 - sys-filesystem (~> 1.1.6) 1632 tanuki_emoji (~> 0.5) 1633 terser (= 1.0.2) 1634 test-prof (~> 1.0.7) ··· 1639 toml-rb (~> 2.0) 1640 truncato (~> 0.7.11) 1641 u2f (~> 0.2.1) 0 1642 unf (~> 0.1.4) 1643 unleash (~> 3.2.2) 1644 valid_email (~> 0.1)

··· 66 minitest (>= 5.1) 67 tzinfo (~> 2.0) 68 zeitwerk (~> 2.3) 69 + acts-as-taggable-on (8.1.0) 70 activerecord (>= 5.0, < 6.2) 71 addressable (2.8.0) 72 public_suffix (>= 2.0.2, < 5.0) ··· 130 base32 (0.3.2) 131 batch-loader (2.0.1) 132 bcrypt (3.1.16) 133 + bcrypt_pbkdf (1.1.0) 134 benchmark (0.1.1) 135 benchmark-ips (2.3.0) 136 benchmark-memory (0.1.2) ··· 215 css_parser (1.7.0) 216 addressable 217 daemons (1.3.1) 218 + danger (8.4.2) 219 claide (~> 1.0) 220 claide-plugins (>= 0.9.2) 221 colored2 (~> 3.1) ··· 451 terminal-table (~> 1.5, >= 1.5.1) 452 gitlab-chronic (0.10.5) 453 numerizer (~> 0.2) 454 + gitlab-dangerfiles (2.6.1) 455 danger (>= 8.3.1) 456 danger-gitlab (>= 8.0.0) 457 + gitlab-experiment (0.6.5) 458 activesupport (>= 3.0) 459 request_store (>= 1.0) 460 scientist (~> 1.6, >= 1.6.0) ··· 474 pg_query (~> 2.1) 475 redis (> 3.0.0, < 5.0.0) 476 gitlab-license (2.0.0) 477 + gitlab-license_finder (6.14.2.1) 478 + bundler 479 + rubyzip (>= 1, < 3) 480 + thor (~> 1.0) 481 + tomlrb (>= 1.3, < 2.1) 482 + with_env (= 1.1.0) 483 + xml-simple (~> 1.1.5) 484 gitlab-mail_room (0.0.9) 485 + gitlab-markup (1.8.0) 486 gitlab-net-dns (0.9.1) 487 gitlab-omniauth-openid-connect (0.8.0) 488 addressable (~> 2.7) ··· 490 openid_connect (~> 1.2) 491 gitlab-sidekiq-fetcher (0.8.0) 492 sidekiq (~> 6.1) 493 + gitlab-styles (6.6.0) 494 rubocop (~> 0.91, >= 0.91.1) 495 rubocop-gitlab-security (~> 0.1.1) 496 + rubocop-graphql (~> 0.10) 497 rubocop-performance (~> 1.9.2) 498 rubocop-rails (~> 2.9) 499 rubocop-rspec (~> 1.44) ··· 634 mime-types (~> 3.0) 635 multi_xml (>= 0.5.2) 636 httpclient (2.8.3) 637 + i18n (1.8.11) 638 concurrent-ruby (~> 1.0) 639 i18n_data (0.8.0) 640 icalendar (2.4.1) 641 + imagen (0.1.8) 642 + parser (>= 2.5, != 2.5.1.1) 643 invisible_captcha (1.1.0) 644 rails (>= 4.2) 645 ipaddress (0.8.3) 646 + ipynbdiff (0.3.8) 647 diffy (= 3.3.0) 648 json (= 2.5.1) 649 jaeger-client (1.1.0) ··· 709 railties (>= 5.2) 710 rexml 711 libyajl2 (1.2.0) 0 0 0 0 0 0 0 712 licensee (9.14.1) 713 dotenv (~> 2.0) 714 octokit (~> 4.17) ··· 899 orm_adapter (0.5.0) 900 os (1.1.1) 901 parallel (1.20.1) 902 + parser (3.0.3.2) 903 ast (~> 2.4.1) 904 parslet (1.8.2) 905 pastel (0.8.0) ··· 938 tty-markdown 939 tty-prompt 940 public_suffix (4.0.6) 941 + puma (5.5.2) 942 nio4r (~> 2.0) 943 puma_worker_killer (0.3.1) 944 get_process_mem (~> 0.2) ··· 1103 parser (>= 2.7.1.5) 1104 rubocop-gitlab-security (0.1.1) 1105 rubocop (>= 0.51) 1106 + rubocop-graphql (0.10.3) 1107 + rubocop (>= 0.87, < 2) 1108 rubocop-performance (1.9.2) 1109 rubocop (>= 0.90.0, < 2.0) 1110 rubocop-ast (>= 0.4.0) ··· 1156 sawyer (0.8.2) 1157 addressable (>= 2.3.5) 1158 faraday (> 0.8, < 2.0) 1159 + scientist (1.6.2) 1160 sd_notify (0.1.0) 1161 securecompare (1.0.0) 1162 seed-fu (2.3.7) ··· 1173 shellany (0.0.1) 1174 shoulda-matchers (4.0.1) 1175 activesupport (>= 4.2.0) 1176 + sidekiq (6.3.1) 1177 connection_pool (>= 2.2.2) 1178 rack (~> 2.0) 1179 redis (>= 4.2.0) ··· 1192 simplecov-cobertura (1.3.1) 1193 simplecov (~> 0.8) 1194 simplecov-html (0.12.3) 1195 + simplecov-lcov (0.8.0) 1196 sixarm_ruby_unaccent (1.2.0) 1197 slack-messenger (2.3.4) 1198 snowplow-tracker (0.6.1) ··· 1248 activesupport (>= 3) 1249 attr_required (>= 0.0.5) 1250 httpclient (>= 2.4) 1251 + sys-filesystem (1.4.3) 1252 + ffi (~> 1.1) 1253 sysexits (1.2.0) 1254 tanuki_emoji (0.5.0) 1255 temple (0.8.2) ··· 1271 timecop (0.9.1) 1272 timeliness (0.3.10) 1273 timfel-krb5-auth (0.8.3) 0 0 1274 toml-rb (2.0.1) 1275 citrus (~> 3.0, > 3.0) 1276 tomlrb (1.3.0) ··· 1308 concurrent-ruby (~> 1.0) 1309 u2f (0.2.1) 1310 uber (0.1.0) 1311 + undercover (0.4.4) 1312 + imagen (>= 0.1.8) 1313 + rainbow (>= 2.1, < 4.0) 1314 + rugged (>= 0.27, < 1.3) 1315 unf (0.1.4) 1316 unf_ext 1317 unf_ext (0.0.7.7) ··· 1374 nokogiri (~> 1.8) 1375 yajl-ruby (1.4.1) 1376 yard (0.9.26) 1377 + zeitwerk (2.5.1) 1378 1379 PLATFORMS 1380 ruby ··· 1383 RedCloth (~> 4.3.2) 1384 acme-client (~> 2.0, >= 2.0.6) 1385 activerecord-explain-analyze (~> 0.1) 1386 + acts-as-taggable-on (~> 8.1) 1387 addressable (~> 2.8) 1388 akismet (~> 3.0) 1389 apollo_upload_server (~> 2.1.0) ··· 1403 base32 (~> 0.3.0) 1404 batch-loader (~> 2.0.1) 1405 bcrypt (~> 3.1, >= 3.1.14) 1406 + bcrypt_pbkdf (~> 1.1) 1407 benchmark-ips (~> 2.3.0) 1408 benchmark-memory (~> 0.1) 1409 better_errors (~> 2.9.0) ··· 1468 gitaly (~> 14.4.0.pre.rc43) 1469 github-markup (~> 1.7.0) 1470 gitlab-chronic (~> 0.10.5) 1471 + gitlab-dangerfiles (~> 2.6.1) 1472 + gitlab-experiment (~> 0.6.5) 1473 gitlab-fog-azure-rm (~> 1.2.0) 1474 gitlab-labkit (~> 0.21.1) 1475 gitlab-license (~> 2.0) 1476 + gitlab-license_finder (~> 6.0) 1477 gitlab-mail_room (~> 0.0.9) 1478 + gitlab-markup (~> 1.8.0) 1479 gitlab-net-dns (~> 0.9.1) 1480 gitlab-omniauth-openid-connect (~> 0.8.0) 1481 gitlab-sidekiq-fetcher (= 0.8.0) 1482 + gitlab-styles (~> 6.6.0) 1483 gitlab_chronic_duration (~> 0.10.6.2) 1484 gitlab_omniauth-ldap (~> 2.1.1) 1485 gon (~> 6.4.0) ··· 1509 icalendar 1510 invisible_captcha (~> 1.1.0) 1511 ipaddress (~> 0.8.3) 1512 + ipynbdiff (= 0.3.8) 1513 jira-ruby (~> 2.1.4) 1514 js_regex (~> 3.7) 1515 json (~> 2.5.1) ··· 1522 kubeclient (~> 4.9.2) 1523 lefthook (~> 0.7.0) 1524 letter_opener_web (~> 2.0.0) 0 1525 licensee (~> 9.14.1) 1526 lockbox (~> 0.6.2) 1527 lograge (~> 0.5) ··· 1573 pry-byebug 1574 pry-rails (~> 0.3.9) 1575 pry-shell (~> 0.5.0) 1576 + puma (~> 5.5.2) 1577 puma_worker_killer (~> 0.3.1) 1578 rack (~> 2.2.3) 1579 rack-attack (~> 6.3.0) ··· 1620 sentry-raven (~> 3.1) 1621 settingslogic (~> 2.0.9) 1622 shoulda-matchers (~> 4.0.1) 1623 + sidekiq (~> 6.3) 1624 sidekiq-cron (~> 1.0) 1625 simple_po_parser (~> 1.1.2) 1626 simplecov (~> 0.18.5) 1627 simplecov-cobertura (~> 1.3.1) 1628 + simplecov-lcov (~> 0.8.0) 1629 slack-messenger (~> 2.3.4) 1630 snowplow-tracker (~> 0.6.1) 1631 solargraph (~> 0.43) ··· 1637 sshkey (~> 2.0) 1638 stackprof (~> 0.2.15) 1639 state_machines-activerecord (~> 0.8.0) 1640 + sys-filesystem (~> 1.4.3) 1641 tanuki_emoji (~> 0.5) 1642 terser (= 1.0.2) 1643 test-prof (~> 1.0.7) ··· 1648 toml-rb (~> 2.0) 1649 truncato (~> 0.7.11) 1650 u2f (~> 0.2.1) 1651 + undercover (~> 0.4.4) 1652 unf (~> 0.1.4) 1653 unleash (~> 3.2.2) 1654 valid_email (~> 0.1)

+86 -54

pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix

··· 148 platforms = []; 149 source = { 150 remotes = ["https://rubygems.org"]; 151 - sha256 = "09m7lvm6id8mm8y9qycjr54l9gyqfb43x6yjz23cggisjg0px1fv"; 152 type = "gem"; 153 }; 154 - version = "7.0.0"; 155 }; 156 addressable = { 157 dependencies = ["public_suffix"]; ··· 484 platforms = []; 485 source = { 486 remotes = ["https://rubygems.org"]; 487 - sha256 = "0cj4k13c7qvvck7y25i3xarvyqq8d27vl61jddifkc7llnnap1hv"; 488 type = "gem"; 489 }; 490 - version = "1.0.0"; 491 }; 492 benchmark = { 493 groups = ["default" "development"]; ··· 931 platforms = []; 932 source = { 933 remotes = ["https://rubygems.org"]; 934 - sha256 = "1f9p7sdj542cbn352qz58m4n26kamv6vbnxzpc06j0pxi50z3i0v"; 935 type = "gem"; 936 }; 937 - version = "8.4.1"; 938 }; 939 danger-gitlab = { 940 dependencies = ["danger" "gitlab"]; ··· 1942 platforms = []; 1943 source = { 1944 remotes = ["https://rubygems.org"]; 1945 - sha256 = "1488s24c9fm55z2a2pbry2fjx72fzgzv0y48krgldvf0qy43l0kz"; 1946 type = "gem"; 1947 }; 1948 - version = "2.5.0"; 1949 }; 1950 gitlab-experiment = { 1951 dependencies = ["activesupport" "request_store" "scientist"]; ··· 1953 platforms = []; 1954 source = { 1955 remotes = ["https://rubygems.org"]; 1956 - sha256 = "07b7fb8vkpwjf668mircz6lavr8yp5xc7f7yp1v1h7izhzhn7m8g"; 1957 type = "gem"; 1958 }; 1959 - version = "0.6.4"; 1960 }; 1961 gitlab-fog-azure-rm = { 1962 dependencies = ["azure-storage-blob" "azure-storage-common" "fog-core" "fog-json" "mime-types" "ms_rest_azure"]; ··· 1990 }; 1991 version = "2.0.0"; 1992 }; 0 0 0 0 0 0 0 0 0 0 0 1993 gitlab-mail_room = { 1994 groups = ["default"]; 1995 platforms = []; ··· 2005 platforms = []; 2006 source = { 2007 remotes = ["https://rubygems.org"]; 2008 - sha256 = "0xnlra517pfj3hx07kasbqlcw51ix4xajr6bsd3mwg8bc92dlwy7"; 2009 type = "gem"; 2010 }; 2011 - version = "1.7.1"; 2012 }; 2013 gitlab-net-dns = { 2014 groups = ["default"]; ··· 2043 version = "0.8.0"; 2044 }; 2045 gitlab-styles = { 2046 - dependencies = ["rubocop" "rubocop-gitlab-security" "rubocop-performance" "rubocop-rails" "rubocop-rspec"]; 2047 groups = ["development" "test"]; 2048 platforms = []; 2049 source = { 2050 remotes = ["https://rubygems.org"]; 2051 - sha256 = "16d90sd0x6qfkhgfjysswwrzk82zs82xs9azn9w287irpzdkvj7f"; 2052 type = "gem"; 2053 }; 2054 - version = "6.4.0"; 2055 }; 2056 gitlab_chronic_duration = { 2057 dependencies = ["numerizer"]; ··· 2532 platforms = []; 2533 source = { 2534 remotes = ["https://rubygems.org"]; 2535 - sha256 = "0g2fnag935zn2ggm5cn6k4s4xvv53v2givj1j90szmvavlpya96a"; 2536 type = "gem"; 2537 }; 2538 - version = "1.8.10"; 2539 }; 2540 i18n_data = { 2541 groups = ["default"]; ··· 2557 }; 2558 version = "2.4.1"; 2559 }; 0 0 0 0 0 0 0 0 0 0 0 2560 invisible_captcha = { 2561 dependencies = ["rails"]; 2562 groups = ["default"]; ··· 2584 platforms = []; 2585 source = { 2586 remotes = ["https://rubygems.org"]; 2587 - sha256 = "18337bzcwssmnyg2wf3za50z0zh2b1sh17wgaapavd1ffr24svkx"; 2588 type = "gem"; 2589 }; 2590 - version = "0.3.7"; 2591 }; 2592 jaeger-client = { 2593 dependencies = ["opentracing" "thrift"]; ··· 2846 }; 2847 version = "1.2.0"; 2848 }; 2849 - license_finder = { 2850 - dependencies = ["rubyzip" "thor" "toml" "with_env" "xml-simple"]; 2851 - groups = ["development" "omnibus" "test"]; 2852 - platforms = []; 2853 - source = { 2854 - remotes = ["https://rubygems.org"]; 2855 - sha256 = "0kc4bkaxy6mm6kpbpg8hdjsqpzybh7cy5b45qydc7bfa9c35vr93"; 2856 - type = "gem"; 2857 - }; 2858 - version = "6.0.0"; 2859 - }; 2860 licensee = { 2861 dependencies = ["dotenv" "octokit" "reverse_markdown" "rugged" "thor"]; 2862 groups = ["default"]; ··· 3758 }; 3759 parser = { 3760 dependencies = ["ast"]; 3761 - groups = ["default" "development" "test"]; 3762 platforms = []; 3763 source = { 3764 remotes = ["https://rubygems.org"]; 3765 - sha256 = "06ma6w87ph8lnc9z4hi40ynmcdnjv0p8x53x0s3fjkz4q2p6sxh5"; 3766 type = "gem"; 3767 }; 3768 - version = "3.0.2.0"; 3769 }; 3770 parslet = { 3771 groups = ["default" "development" "test"]; ··· 3958 platforms = []; 3959 source = { 3960 remotes = ["https://rubygems.org"]; 3961 - sha256 = "0lmaq05a257m9588a81wql3a5p039f221f0dmq57bm2qjwxydjmj"; 3962 type = "gem"; 3963 }; 3964 - version = "5.3.2"; 3965 }; 3966 puma_worker_killer = { 3967 dependencies = ["get_process_mem" "puma"]; ··· 4637 }; 4638 version = "0.1.1"; 4639 }; 0 0 0 0 0 0 0 0 0 0 0 4640 rubocop-performance = { 4641 dependencies = ["rubocop" "rubocop-ast"]; 4642 groups = ["default" "development" "test"]; ··· 4886 platforms = []; 4887 source = { 4888 remotes = ["https://rubygems.org"]; 4889 - sha256 = "0jklwk9aldvlmdv17m77g2f82j383alqd4jjnwn4c564q9wvz3fp"; 4890 type = "gem"; 4891 }; 4892 - version = "1.6.0"; 4893 }; 4894 sd_notify = { 4895 groups = ["puma"]; ··· 5001 platforms = []; 5002 source = { 5003 remotes = ["https://rubygems.org"]; 5004 - sha256 = "104a97cl94aclg71ngrr097zjbdf6cibnz4q3rqjb88izmd7cfk6"; 5005 type = "gem"; 5006 }; 5007 - version = "6.2.2"; 5008 }; 5009 sidekiq-cron = { 5010 dependencies = ["fugit" "sidekiq"]; ··· 5070 }; 5071 version = "0.12.3"; 5072 }; 0 0 0 0 0 0 0 0 0 0 5073 sixarm_ruby_unaccent = { 5074 groups = ["default"]; 5075 platforms = []; ··· 5297 platforms = []; 5298 source = { 5299 remotes = ["https://rubygems.org"]; 5300 - sha256 = "03y0mnn5mp9ydi5jc4d3y0gnk5fxwljzzfzj9rg7q94kslwi1kx4"; 5301 type = "gem"; 5302 }; 5303 - version = "1.1.9"; 5304 }; 5305 sysexits = { 5306 groups = ["default" "development" "test"]; ··· 5456 }; 5457 version = "0.8.3"; 5458 }; 5459 - toml = { 5460 - dependencies = ["parslet"]; 5461 - groups = ["default" "development" "test"]; 5462 - platforms = []; 5463 - source = { 5464 - remotes = ["https://rubygems.org"]; 5465 - sha256 = "0xj460rkyqvg74xc8kivmbvgc46c6mm7r8mbjs5m2gq8khf8sbki"; 5466 - type = "gem"; 5467 - }; 5468 - version = "0.2.0"; 5469 - }; 5470 toml-rb = { 5471 dependencies = ["citrus"]; 5472 groups = ["default"]; ··· 5614 type = "gem"; 5615 }; 5616 version = "0.1.0"; 0 0 0 0 0 0 0 0 0 0 0 5617 }; 5618 unf = { 5619 dependencies = ["unf_ext"]; ··· 5934 platforms = []; 5935 source = { 5936 remotes = ["https://rubygems.org"]; 5937 - sha256 = "1746czsjarixq0x05f7p3hpzi38ldg6wxnxxw74kbjzh1sdjgmpl"; 5938 type = "gem"; 5939 }; 5940 - version = "2.4.2"; 5941 }; 5942 }

··· 148 platforms = []; 149 source = { 150 remotes = ["https://rubygems.org"]; 151 + sha256 = "0kfnyix173bazjswab21bx7hmqmik71awj2kz090fsa2nv58c4mw"; 152 type = "gem"; 153 }; 154 + version = "8.1.0"; 155 }; 156 addressable = { 157 dependencies = ["public_suffix"]; ··· 484 platforms = []; 485 source = { 486 remotes = ["https://rubygems.org"]; 487 + sha256 = "0ndamfaivnkhc6hy0yqyk2gkwr6f3bz6216lh74hsiiyk3axz445"; 488 type = "gem"; 489 }; 490 + version = "1.1.0"; 491 }; 492 benchmark = { 493 groups = ["default" "development"]; ··· 931 platforms = []; 932 source = { 933 remotes = ["https://rubygems.org"]; 934 + sha256 = "07mxkgksgilfipd97rgfhx7c421j1fx7rk6lf0k18bkccyg1r8vn"; 935 type = "gem"; 936 }; 937 + version = "8.4.2"; 938 }; 939 danger-gitlab = { 940 dependencies = ["danger" "gitlab"]; ··· 1942 platforms = []; 1943 source = { 1944 remotes = ["https://rubygems.org"]; 1945 + sha256 = "0pgb0v41qn2cnzzn4fizffds07vhz9sf09bpmm0lw86x8lz6vfdq"; 1946 type = "gem"; 1947 }; 1948 + version = "2.6.1"; 1949 }; 1950 gitlab-experiment = { 1951 dependencies = ["activesupport" "request_store" "scientist"]; ··· 1953 platforms = []; 1954 source = { 1955 remotes = ["https://rubygems.org"]; 1956 + sha256 = "064iy0pgjfvfcxynclmk70cdi10hwx7xzq1c14p68cilg569vma2"; 1957 type = "gem"; 1958 }; 1959 + version = "0.6.5"; 1960 }; 1961 gitlab-fog-azure-rm = { 1962 dependencies = ["azure-storage-blob" "azure-storage-common" "fog-core" "fog-json" "mime-types" "ms_rest_azure"]; ··· 1990 }; 1991 version = "2.0.0"; 1992 }; 1993 + gitlab-license_finder = { 1994 + dependencies = ["rubyzip" "thor" "tomlrb" "with_env" "xml-simple"]; 1995 + groups = ["development" "omnibus" "test"]; 1996 + platforms = []; 1997 + source = { 1998 + remotes = ["https://rubygems.org"]; 1999 + sha256 = "0fzrv96kbzyqnsdj762x7n0y006rsgsi8k23nad4xsa43d065i71"; 2000 + type = "gem"; 2001 + }; 2002 + version = "6.14.2.1"; 2003 + }; 2004 gitlab-mail_room = { 2005 groups = ["default"]; 2006 platforms = []; ··· 2016 platforms = []; 2017 source = { 2018 remotes = ["https://rubygems.org"]; 2019 + sha256 = "11kc33j6m0nayppkb7645w0ldh8g18pgmxgb8wz39pd5vilr6qpv"; 2020 type = "gem"; 2021 }; 2022 + version = "1.8.0"; 2023 }; 2024 gitlab-net-dns = { 2025 groups = ["default"]; ··· 2054 version = "0.8.0"; 2055 }; 2056 gitlab-styles = { 2057 + dependencies = ["rubocop" "rubocop-gitlab-security" "rubocop-graphql" "rubocop-performance" "rubocop-rails" "rubocop-rspec"]; 2058 groups = ["development" "test"]; 2059 platforms = []; 2060 source = { 2061 remotes = ["https://rubygems.org"]; 2062 + sha256 = "1xs7v0sj3j4d5yflfn8n5azh5qwxsrc432q7v4nckg9irwqj99js"; 2063 type = "gem"; 2064 }; 2065 + version = "6.6.0"; 2066 }; 2067 gitlab_chronic_duration = { 2068 dependencies = ["numerizer"]; ··· 2543 platforms = []; 2544 source = { 2545 remotes = ["https://rubygems.org"]; 2546 + sha256 = "0vdd1kii40qhbr9n8qx71k2gskq6rkl8ygy8hw5hfj8bb5a364xf"; 2547 type = "gem"; 2548 }; 2549 + version = "1.8.11"; 2550 }; 2551 i18n_data = { 2552 groups = ["default"]; ··· 2568 }; 2569 version = "2.4.1"; 2570 }; 2571 + imagen = { 2572 + dependencies = ["parser"]; 2573 + groups = ["coverage" "default" "development" "test"]; 2574 + platforms = []; 2575 + source = { 2576 + remotes = ["https://rubygems.org"]; 2577 + sha256 = "0qm1jcprs0xys8m72kgm9pasd1xzhiqiyv64baxwcygyshkvgrzx"; 2578 + type = "gem"; 2579 + }; 2580 + version = "0.1.8"; 2581 + }; 2582 invisible_captcha = { 2583 dependencies = ["rails"]; 2584 groups = ["default"]; ··· 2606 platforms = []; 2607 source = { 2608 remotes = ["https://rubygems.org"]; 2609 + sha256 = "0raj4xwp2dz1xrzcpqqdp5ygfpjdy7jx28ziqg9f73hf850j90d1"; 2610 type = "gem"; 2611 }; 2612 + version = "0.3.8"; 2613 }; 2614 jaeger-client = { 2615 dependencies = ["opentracing" "thrift"]; ··· 2868 }; 2869 version = "1.2.0"; 2870 }; 0 0 0 0 0 0 0 0 0 0 0 2871 licensee = { 2872 dependencies = ["dotenv" "octokit" "reverse_markdown" "rugged" "thor"]; 2873 groups = ["default"]; ··· 3769 }; 3770 parser = { 3771 dependencies = ["ast"]; 3772 + groups = ["coverage" "default" "development" "test"]; 3773 platforms = []; 3774 source = { 3775 remotes = ["https://rubygems.org"]; 3776 + sha256 = "0sszdl9mpzqzn9kxrp28sqmg47mjxcwypr4d60vbajqba4v885di"; 3777 type = "gem"; 3778 }; 3779 + version = "3.0.3.2"; 3780 }; 3781 parslet = { 3782 groups = ["default" "development" "test"]; ··· 3969 platforms = []; 3970 source = { 3971 remotes = ["https://rubygems.org"]; 3972 + sha256 = "1xblxnrs0c5m326v7kgr32k4m00cl2ipcf5m0qvyisrw62vd5dbn"; 3973 type = "gem"; 3974 }; 3975 + version = "5.5.2"; 3976 }; 3977 puma_worker_killer = { 3978 dependencies = ["get_process_mem" "puma"]; ··· 4648 }; 4649 version = "0.1.1"; 4650 }; 4651 + rubocop-graphql = { 4652 + dependencies = ["rubocop"]; 4653 + groups = ["default" "development" "test"]; 4654 + platforms = []; 4655 + source = { 4656 + remotes = ["https://rubygems.org"]; 4657 + sha256 = "0hvm17hm7xjqcfn70c7h3rrz2y2mrazqmkp5ains08j0zd39x7rh"; 4658 + type = "gem"; 4659 + }; 4660 + version = "0.10.3"; 4661 + }; 4662 rubocop-performance = { 4663 dependencies = ["rubocop" "rubocop-ast"]; 4664 groups = ["default" "development" "test"]; ··· 4908 platforms = []; 4909 source = { 4910 remotes = ["https://rubygems.org"]; 4911 + sha256 = "05xiv6kznhawbkjrz97s6lp2ld0w95x1l2s80gm8m49f273399s2"; 4912 type = "gem"; 4913 }; 4914 + version = "1.6.2"; 4915 }; 4916 sd_notify = { 4917 groups = ["puma"]; ··· 5023 platforms = []; 5024 source = { 5025 remotes = ["https://rubygems.org"]; 5026 + sha256 = "0k38cbwhcj9ncfzlgfmvq2zqfdvldln58w8s8v89m0jqlhnhsqhj"; 5027 type = "gem"; 5028 }; 5029 + version = "6.3.1"; 5030 }; 5031 sidekiq-cron = { 5032 dependencies = ["fugit" "sidekiq"]; ··· 5092 }; 5093 version = "0.12.3"; 5094 }; 5095 + simplecov-lcov = { 5096 + groups = ["coverage" "development" "test"]; 5097 + platforms = []; 5098 + source = { 5099 + remotes = ["https://rubygems.org"]; 5100 + sha256 = "1h8kswnshgb9zidvc88f4zjy4gflgz3854sx9wrw8ppgnwfg6581"; 5101 + type = "gem"; 5102 + }; 5103 + version = "0.8.0"; 5104 + }; 5105 sixarm_ruby_unaccent = { 5106 groups = ["default"]; 5107 platforms = []; ··· 5329 platforms = []; 5330 source = { 5331 remotes = ["https://rubygems.org"]; 5332 + sha256 = "08bln6c3qmylakgpmpswv4zdis8bf96nkbrxpb9xcal2i7g1j29r"; 5333 type = "gem"; 5334 }; 5335 + version = "1.4.3"; 5336 }; 5337 sysexits = { 5338 groups = ["default" "development" "test"]; ··· 5488 }; 5489 version = "0.8.3"; 5490 }; 0 0 0 0 0 0 0 0 0 0 0 5491 toml-rb = { 5492 dependencies = ["citrus"]; 5493 groups = ["default"]; ··· 5635 type = "gem"; 5636 }; 5637 version = "0.1.0"; 5638 + }; 5639 + undercover = { 5640 + dependencies = ["imagen" "rainbow" "rugged"]; 5641 + groups = ["coverage" "development" "test"]; 5642 + platforms = []; 5643 + source = { 5644 + remotes = ["https://rubygems.org"]; 5645 + sha256 = "19gnc5sr41z3rqbw03k8v3sdpn7rccmgivnc0x5pdq4x7bhcpi31"; 5646 + type = "gem"; 5647 + }; 5648 + version = "0.4.4"; 5649 }; 5650 unf = { 5651 dependencies = ["unf_ext"]; ··· 5966 platforms = []; 5967 source = { 5968 remotes = ["https://rubygems.org"]; 5969 + sha256 = "18l4r6layck0d80ydc692mv1lxak5xbf6w2paj1x7m2ggbggzxgj"; 5970 type = "gem"; 5971 }; 5972 + version = "2.5.1"; 5973 }; 5974 }

+17 -10

pkgs/applications/version-management/sourcehut/builds.nix

··· 11 , python 12 }: 13 let 14 - version = "0.66.7"; 0 0 0 0 0 0 0 15 16 buildWorker = src: buildGoModule { 17 inherit src version; 18 pname = "builds-sr-ht-worker"; 19 20 - vendorSha256 = "sha256-giOaldV46aBqXyFH/cQVsbUr6Rb4VMhbBO86o48tRZY="; 21 }; 22 in 23 buildPythonPackage rec { 24 - inherit version; 25 pname = "buildsrht"; 26 27 - src = fetchFromSourcehut { 28 - owner = "~sircmpwn"; 29 - repo = "builds.sr.ht"; 30 - rev = version; 31 - sha256 = "sha256-2MLs/DOXHjEYarXDVUcPZe3o0fmZbzVxn528SE72lhM="; 32 - }; 33 34 nativeBuildInputs = srht.nativeBuildInputs; 35 ··· 56 cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker 57 ''; 58 0 0 59 meta = with lib; { 60 homepage = "https://git.sr.ht/~sircmpwn/builds.sr.ht"; 61 description = "Continuous integration service for the sr.ht network"; 62 - license = licenses.agpl3; 63 maintainers = with maintainers; [ eadwu ]; 64 }; 65 }

··· 11 , python 12 }: 13 let 14 + version = "0.74.17"; 15 + 16 + src = fetchFromSourcehut { 17 + owner = "~sircmpwn"; 18 + repo = "builds.sr.ht"; 19 + rev = version; 20 + sha256 = "sha256-6Yc33lkhozpnx8e6yukUfo+/Qw5mwpJQQKuYbC7uqcU="; 21 + }; 22 23 buildWorker = src: buildGoModule { 24 inherit src version; 25 pname = "builds-sr-ht-worker"; 26 27 + vendorSha256 = "sha256-Pf1M9a43eK4jr6QMi6kRHA8DodXQU0pqq9ua5VC3ER0="; 28 }; 29 in 30 buildPythonPackage rec { 31 + inherit src version; 32 pname = "buildsrht"; 33 34 + patches = [ 35 + # Revert change breaking Unix socket support for Redis 36 + patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch 37 + ]; 0 0 38 39 nativeBuildInputs = srht.nativeBuildInputs; 40 ··· 61 cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker 62 ''; 63 64 + pythonImportsCheck = [ "buildsrht" ]; 65 + 66 meta = with lib; { 67 homepage = "https://git.sr.ht/~sircmpwn/builds.sr.ht"; 68 description = "Continuous integration service for the sr.ht network"; 69 + license = licenses.agpl3Only; 70 maintainers = with maintainers; [ eadwu ]; 71 }; 72 }

+4 -3

pkgs/applications/version-management/sourcehut/core.nix

··· 25 , sassc 26 , nodejs 27 , redis 28 - , writeText 29 }: 30 31 buildPythonPackage rec { 32 pname = "srht"; 33 - version = "0.67.4"; 34 35 src = fetchgit { 36 url = "https://git.sr.ht/~sircmpwn/core.sr.ht"; 37 rev = version; 38 - sha256 = "sha256-XvzFfcBK5Mq8p7xEBAF/eupUE1kkUBh5k+ByM/WA9bc="; 39 fetchSubmodules = true; 40 }; 41 ··· 46 }; 47 48 patches = [ 0 49 ./disable-npm-install.patch 50 ]; 51 ··· 87 ''; 88 89 dontUseSetuptoolsCheck = true; 0 90 91 meta = with lib; { 92 homepage = "https://git.sr.ht/~sircmpwn/srht";

··· 25 , sassc 26 , nodejs 27 , redis 0 28 }: 29 30 buildPythonPackage rec { 31 pname = "srht"; 32 + version = "0.68.13"; 33 34 src = fetchgit { 35 url = "https://git.sr.ht/~sircmpwn/core.sr.ht"; 36 rev = version; 37 + sha256 = "sha256-LPyEfpNlmod18Fj16xpihKOrsU/hQUfAeOmWMmUeVPQ="; 38 fetchSubmodules = true; 39 }; 40 ··· 45 }; 46 47 patches = [ 48 + # Disable check for npm 49 ./disable-npm-install.patch 50 ]; 51 ··· 87 ''; 88 89 dontUseSetuptoolsCheck = true; 90 + pythonImportsCheck = [ "srht" ]; 91 92 meta = with lib; { 93 homepage = "https://git.sr.ht/~sircmpwn/srht";

+2

pkgs/applications/version-management/sourcehut/default.nix

··· 22 listssrht = self.callPackage ./lists.nix { }; 23 mansrht = self.callPackage ./man.nix { }; 24 metasrht = self.callPackage ./meta.nix { }; 0 25 pastesrht = self.callPackage ./paste.nix { }; 26 todosrht = self.callPackage ./todo.nix { }; 27 ··· 40 listssrht = toPythonApplication listssrht; 41 mansrht = toPythonApplication mansrht; 42 metasrht = toPythonApplication metasrht; 0 43 pastesrht = toPythonApplication pastesrht; 44 todosrht = toPythonApplication todosrht; 45 }

··· 22 listssrht = self.callPackage ./lists.nix { }; 23 mansrht = self.callPackage ./man.nix { }; 24 metasrht = self.callPackage ./meta.nix { }; 25 + pagessrht = self.callPackage ./pages.nix { }; 26 pastesrht = self.callPackage ./paste.nix { }; 27 todosrht = self.callPackage ./todo.nix { }; 28 ··· 41 listssrht = toPythonApplication listssrht; 42 mansrht = toPythonApplication mansrht; 43 metasrht = toPythonApplication metasrht; 44 + pagessrht = pagessrht; 45 pastesrht = toPythonApplication pastesrht; 46 todosrht = toPythonApplication todosrht; 47 }

+5 -3

pkgs/applications/version-management/sourcehut/dispatch.nix

··· 9 10 buildPythonPackage rec { 11 pname = "dispatchsrht"; 12 - version = "0.15.8"; 13 14 src = fetchFromSourcehut { 15 owner = "~sircmpwn"; 16 repo = "dispatch.sr.ht"; 17 rev = version; 18 - sha256 = "sha256-zWCGPjIgMKHXHJUs9aciV7IFgo0rpahon6KXHDwcfss="; 19 }; 20 21 nativeBuildInputs = srht.nativeBuildInputs; ··· 31 export SRHT_PATH=${srht}/${python.sitePackages}/srht 32 ''; 33 0 0 34 meta = with lib; { 35 homepage = "https://dispatch.sr.ht/~sircmpwn/dispatch.sr.ht"; 36 description = "Task dispatcher and service integration tool for the sr.ht network"; 37 - license = licenses.agpl3; 38 maintainers = with maintainers; [ eadwu ]; 39 }; 40 }

··· 9 10 buildPythonPackage rec { 11 pname = "dispatchsrht"; 12 + version = "0.15.34"; 13 14 src = fetchFromSourcehut { 15 owner = "~sircmpwn"; 16 repo = "dispatch.sr.ht"; 17 rev = version; 18 + sha256 = "sha256-bZ4ZKohMozZIyP0TUgxETOECib4XGUv29+Mg8ZsoMf8="; 19 }; 20 21 nativeBuildInputs = srht.nativeBuildInputs; ··· 31 export SRHT_PATH=${srht}/${python.sitePackages}/srht 32 ''; 33 34 + pythonImportsCheck = [ "dispatchsrht" ]; 35 + 36 meta = with lib; { 37 homepage = "https://dispatch.sr.ht/~sircmpwn/dispatch.sr.ht"; 38 description = "Task dispatcher and service integration tool for the sr.ht network"; 39 + license = licenses.agpl3Only; 40 maintainers = with maintainers; [ eadwu ]; 41 }; 42 }

+7 -5

pkgs/applications/version-management/sourcehut/git.nix

··· 8 , scmsrht 9 }: 10 let 11 - version = "0.72.8"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "git.sr.ht"; 16 rev = version; 17 - sha256 = "sha256-AB2uzajO5PtcpJfbOOTfuDFM6is5K39v3AZJ1hShRNc="; 18 }; 19 20 buildShell = src: buildGoModule { ··· 32 buildKeys = src: buildGoModule { 33 inherit src version; 34 pname = "gitsrht-keys"; 35 - vendorSha256 = "1d94cqy7x0q0agwg515xxsbl70b3qrzxbzsyjhn1pbyj532brn7f"; 36 }; 37 38 buildUpdateHook = src: buildGoModule { 39 inherit src version; 40 pname = "gitsrht-update-hook"; 41 - vendorSha256 = "0fwzqpjv8x5y3w3bfjd0x0cvqjjak23m0zj88hf32jpw49xmjkih"; 42 }; 43 44 updateHook = buildUpdateHook "${src}/gitsrht-update-hook"; ··· 72 inherit updateHook; 73 }; 74 0 0 75 meta = with lib; { 76 homepage = "https://git.sr.ht/~sircmpwn/git.sr.ht"; 77 description = "Git repository hosting service for the sr.ht network"; 78 - license = licenses.agpl3; 79 maintainers = with maintainers; [ eadwu ]; 80 }; 81 }

··· 8 , scmsrht 9 }: 10 let 11 + version = "0.76.4"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "git.sr.ht"; 16 rev = version; 17 + sha256 = "sha256-diUkQpB/ivg8JTaoTcSyKr9Q9LZiMo6qVInBDPceklc="; 18 }; 19 20 buildShell = src: buildGoModule { ··· 32 buildKeys = src: buildGoModule { 33 inherit src version; 34 pname = "gitsrht-keys"; 35 + vendorSha256 = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; 36 }; 37 38 buildUpdateHook = src: buildGoModule { 39 inherit src version; 40 pname = "gitsrht-update-hook"; 41 + vendorSha256 = "sha256-sBlG7EFqdDm7CkAHVX50Mf4N3sl1rPNmWExG/bfbfGA="; 42 }; 43 44 updateHook = buildUpdateHook "${src}/gitsrht-update-hook"; ··· 72 inherit updateHook; 73 }; 74 75 + pythonImportsCheck = [ "gitsrht" ]; 76 + 77 meta = with lib; { 78 homepage = "https://git.sr.ht/~sircmpwn/git.sr.ht"; 79 description = "Git repository hosting service for the sr.ht network"; 80 + license = licenses.agpl3Only; 81 maintainers = with maintainers; [ eadwu ]; 82 }; 83 }

+5 -3

pkgs/applications/version-management/sourcehut/hg.nix

··· 10 11 buildPythonPackage rec { 12 pname = "hgsrht"; 13 - version = "0.27.4"; 14 15 src = fetchhg { 16 url = "https://hg.sr.ht/~sircmpwn/hg.sr.ht"; 17 rev = version; 18 - sha256 = "1c0qfi0gmbfngvds6917fy9ii2iglawn429757rh7b4bvzn7n6mr"; 19 }; 20 21 nativeBuildInputs = srht.nativeBuildInputs; ··· 32 export SRHT_PATH=${srht}/${python.sitePackages}/srht 33 ''; 34 0 0 35 meta = with lib; { 36 homepage = "https://git.sr.ht/~sircmpwn/hg.sr.ht"; 37 description = "Mercurial repository hosting service for the sr.ht network"; 38 - license = licenses.agpl3; 39 maintainers = with maintainers; [ eadwu ]; 40 }; 41 }

··· 10 11 buildPythonPackage rec { 12 pname = "hgsrht"; 13 + version = "0.29.3"; 14 15 src = fetchhg { 16 url = "https://hg.sr.ht/~sircmpwn/hg.sr.ht"; 17 rev = version; 18 + sha256 = "y8gKaamwD5lsYqO1SkxMcn3E2TWidHAo2slvEU+8ovg="; 19 }; 20 21 nativeBuildInputs = srht.nativeBuildInputs; ··· 32 export SRHT_PATH=${srht}/${python.sitePackages}/srht 33 ''; 34 35 + pythonImportsCheck = [ "hgsrht" ]; 36 + 37 meta = with lib; { 38 homepage = "https://git.sr.ht/~sircmpwn/hg.sr.ht"; 39 description = "Mercurial repository hosting service for the sr.ht network"; 40 + license = licenses.agpl3Only; 41 maintainers = with maintainers; [ eadwu ]; 42 }; 43 }

+4 -3

pkgs/applications/version-management/sourcehut/hub.nix

··· 6 7 buildPythonPackage rec { 8 pname = "hubsrht"; 9 - version = "0.13.1"; 10 11 src = fetchFromSourcehut { 12 owner = "~sircmpwn"; 13 repo = "hub.sr.ht"; 14 rev = version; 15 - sha256 = "sha256-Kqzy4mh5Nn1emzHBco/LVuXro/tW3NX+OYqdEwBSQ/U="; 16 }; 17 18 nativeBuildInputs = srht.nativeBuildInputs; ··· 26 ''; 27 28 dontUseSetuptoolsCheck = true; 0 29 30 meta = with lib; { 31 homepage = "https://git.sr.ht/~sircmpwn/hub.sr.ht"; 32 description = "Project hub service for the sr.ht network"; 33 - license = licenses.agpl3; 34 maintainers = with maintainers; [ eadwu ]; 35 }; 36 }

··· 6 7 buildPythonPackage rec { 8 pname = "hubsrht"; 9 + version = "0.14.4"; 10 11 src = fetchFromSourcehut { 12 owner = "~sircmpwn"; 13 repo = "hub.sr.ht"; 14 rev = version; 15 + sha256 = "sha256-7HF+jykWGqzPWA0YtJZQZU7pnID1yexcqLkEf2HpnSs="; 16 }; 17 18 nativeBuildInputs = srht.nativeBuildInputs; ··· 26 ''; 27 28 dontUseSetuptoolsCheck = true; 29 + pythonImportsCheck = [ "hubsrht" ]; 30 31 meta = with lib; { 32 homepage = "https://git.sr.ht/~sircmpwn/hub.sr.ht"; 33 description = "Project hub service for the sr.ht network"; 34 + license = licenses.agpl3Only; 35 maintainers = with maintainers; [ eadwu ]; 36 }; 37 }

+5 -3

pkgs/applications/version-management/sourcehut/lists.nix

··· 12 13 buildPythonPackage rec { 14 pname = "listssrht"; 15 - version = "0.48.19"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "lists.sr.ht"; 20 rev = version; 21 - sha256 = "sha256-bsakEMyvWaxiE4/SGcAP4mlGG9jkdHfFxpt9H+TJn/8="; 22 }; 23 24 nativeBuildInputs = srht.nativeBuildInputs; ··· 37 export SRHT_PATH=${srht}/${python.sitePackages}/srht 38 ''; 39 0 0 40 meta = with lib; { 41 homepage = "https://git.sr.ht/~sircmpwn/lists.sr.ht"; 42 description = "Mailing list service for the sr.ht network"; 43 - license = licenses.agpl3; 44 maintainers = with maintainers; [ eadwu ]; 45 }; 46 }

··· 12 13 buildPythonPackage rec { 14 pname = "listssrht"; 15 + version = "0.51.0"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "lists.sr.ht"; 20 rev = version; 21 + sha256 = "sha256-iywZ6G5E4AJevg/Q1LoB7JMJxBcsAnbhiND++mFy/bw="; 22 }; 23 24 nativeBuildInputs = srht.nativeBuildInputs; ··· 37 export SRHT_PATH=${srht}/${python.sitePackages}/srht 38 ''; 39 40 + pythonImportsCheck = [ "listssrht" ]; 41 + 42 meta = with lib; { 43 homepage = "https://git.sr.ht/~sircmpwn/lists.sr.ht"; 44 description = "Mailing list service for the sr.ht network"; 45 + license = licenses.agpl3Only; 46 maintainers = with maintainers; [ eadwu ]; 47 }; 48 }

+5 -3

pkgs/applications/version-management/sourcehut/man.nix

··· 8 9 buildPythonPackage rec { 10 pname = "mansrht"; 11 - version = "0.15.12"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "man.sr.ht"; 16 rev = version; 17 - sha256 = "sha256-MqH/8K9XRvEg6P7GHE6XXtWnhDP3wT8iGoNaFtYQbio="; 18 }; 19 20 nativeBuildInputs = srht.nativeBuildInputs; ··· 29 export SRHT_PATH=${srht}/${python.sitePackages}/srht 30 ''; 31 0 0 32 meta = with lib; { 33 homepage = "https://git.sr.ht/~sircmpwn/man.sr.ht"; 34 description = "Wiki service for the sr.ht network"; 35 - license = licenses.agpl3; 36 maintainers = with maintainers; [ eadwu ]; 37 }; 38 }

··· 8 9 buildPythonPackage rec { 10 pname = "mansrht"; 11 + version = "0.15.22"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "man.sr.ht"; 16 rev = version; 17 + sha256 = "sha256-curouf+eNCKprDI23blGs4AzJMry6zlCLDt/+0j5c8A="; 18 }; 19 20 nativeBuildInputs = srht.nativeBuildInputs; ··· 29 export SRHT_PATH=${srht}/${python.sitePackages}/srht 30 ''; 31 32 + pythonImportsCheck = [ "mansrht" ]; 33 + 34 meta = with lib; { 35 homepage = "https://git.sr.ht/~sircmpwn/man.sr.ht"; 36 description = "Wiki service for the sr.ht network"; 37 + license = licenses.agpl3Only; 38 maintainers = with maintainers; [ eadwu ]; 39 }; 40 }

+11 -4

pkgs/applications/version-management/sourcehut/meta.nix

··· 18 , python 19 }: 20 let 21 - version = "0.53.14"; 22 23 src = fetchFromSourcehut { 24 owner = "~sircmpwn"; 25 repo = "meta.sr.ht"; 26 rev = version; 27 - sha256 = "sha256-/+r/XLDkcSTW647xPMh5bcJmR2xZNNH74AJ5jemna2k="; 28 }; 29 30 buildApi = src: buildGoModule { 31 inherit src version; 32 pname = "metasrht-api"; 33 - vendorSha256 = "sha256-eZyDrr2VcNMxI++18qUy7LA1Q1YDlWCoRtl00L8lfR4="; 34 }; 35 36 in ··· 38 pname = "metasrht"; 39 inherit version src; 40 0 0 0 0 0 41 nativeBuildInputs = srht.nativeBuildInputs; 42 43 propagatedBuildInputs = [ ··· 66 cp ${buildApi "${src}/api/"}/bin/api $out/bin/metasrht-api 67 ''; 68 0 0 69 meta = with lib; { 70 homepage = "https://git.sr.ht/~sircmpwn/meta.sr.ht"; 71 description = "Account management service for the sr.ht network"; 72 - license = licenses.agpl3; 73 maintainers = with maintainers; [ eadwu ]; 74 }; 75 }

··· 18 , python 19 }: 20 let 21 + version = "0.57.2"; 22 23 src = fetchFromSourcehut { 24 owner = "~sircmpwn"; 25 repo = "meta.sr.ht"; 26 rev = version; 27 + sha256 = "sha256-+ksfAOuch/fLkFLYU52Ug0Hf0EoERy+oCwa9g+GKuAA="; 28 }; 29 30 buildApi = src: buildGoModule { 31 inherit src version; 32 pname = "metasrht-api"; 33 + vendorSha256 = "sha256-vo+YbMyo/Eal7hbFxP9hwIW2cePJcGFszoDRCCzFYdM="; 34 }; 35 36 in ··· 38 pname = "metasrht"; 39 inherit version src; 40 41 + patches = [ 42 + # Revert change breaking Unix socket support for Redis 43 + patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch 44 + ]; 45 + 46 nativeBuildInputs = srht.nativeBuildInputs; 47 48 propagatedBuildInputs = [ ··· 71 cp ${buildApi "${src}/api/"}/bin/api $out/bin/metasrht-api 72 ''; 73 74 + pythonImportsCheck = [ "metasrht" ]; 75 + 76 meta = with lib; { 77 homepage = "https://git.sr.ht/~sircmpwn/meta.sr.ht"; 78 description = "Account management service for the sr.ht network"; 79 + license = licenses.agpl3Only; 80 maintainers = with maintainers; [ eadwu ]; 81 }; 82 }

+30

pkgs/applications/version-management/sourcehut/pages.nix

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + { lib 2 + , fetchFromSourcehut 3 + , buildGoModule 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "pagessrht"; 8 + version = "0.5.2"; 9 + 10 + src = fetchFromSourcehut { 11 + owner = "~sircmpwn"; 12 + repo = "pages.sr.ht"; 13 + rev = version; 14 + sha256 = "sha256-yEM122uhF0MNkMlNXyvBSfkLogRQETeuBl2K66kivac="; 15 + }; 16 + 17 + vendorSha256 = "sha256-udr+1y5ApQCSPhs3yQTTi9QfzRbz0A9COYuFMjQGa74="; 18 + 19 + postInstall = '' 20 + mkdir -p $out/share/sql/ 21 + cp -r -t $out/share/sql/ schema.sql migrations 22 + ''; 23 + 24 + meta = with lib; { 25 + homepage = "https://git.sr.ht/~sircmpwn/pages.sr.ht"; 26 + description = "Web hosting service for the sr.ht network"; 27 + license = licenses.agpl3Only; 28 + maintainers = with maintainers; [ eadwu ]; 29 + }; 30 + }

+5 -3

pkgs/applications/version-management/sourcehut/paste.nix

··· 8 9 buildPythonPackage rec { 10 pname = "pastesrht"; 11 - version = "0.12.1"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "paste.sr.ht"; 16 rev = version; 17 - sha256 = "sha256-QQhd2LeH9BLmlHilhsv+9fZ+RPNmEMSmOpFA3dsMBFc="; 18 }; 19 20 nativeBuildInputs = srht.nativeBuildInputs; ··· 29 export SRHT_PATH=${srht}/${python.sitePackages}/srht 30 ''; 31 0 0 32 meta = with lib; { 33 homepage = "https://git.sr.ht/~sircmpwn/paste.sr.ht"; 34 description = "Ad-hoc text file hosting service for the sr.ht network"; 35 - license = licenses.agpl3; 36 maintainers = with maintainers; [ eadwu ]; 37 }; 38 }

··· 8 9 buildPythonPackage rec { 10 pname = "pastesrht"; 11 + version = "0.13.6"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "paste.sr.ht"; 16 rev = version; 17 + sha256 = "sha256-Khcqk86iD9nxiKXN3+8mSLNoDau2qXNFOrLdkVu+rH8="; 18 }; 19 20 nativeBuildInputs = srht.nativeBuildInputs; ··· 29 export SRHT_PATH=${srht}/${python.sitePackages}/srht 30 ''; 31 32 + pythonImportsCheck = [ "pastesrht" ]; 33 + 34 meta = with lib; { 35 homepage = "https://git.sr.ht/~sircmpwn/paste.sr.ht"; 36 description = "Ad-hoc text file hosting service for the sr.ht network"; 37 + license = licenses.agpl3Only; 38 maintainers = with maintainers; [ eadwu ]; 39 }; 40 }

+69

pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + From 069b03f85847ed4a9223183b62ee53f420838911 Mon Sep 17 00:00:00 2001 2 + From: Julien Moutinho <julm+srht@sourcephile.fr> 3 + Date: Thu, 16 Dec 2021 04:54:24 +0100 4 + Subject: [PATCH builds.sr.ht] Revert "Add build submission and queue 5 + monitoring" 6 + 7 + This reverts commit 690f1aa16c77e418dc40109cd5e8fdf4a7ed947a. 8 + 9 + This has broken Unix socket support for Redis 10 + See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E 11 + --- 12 + buildsrht/app.py | 3 --- 13 + buildsrht/runner.py | 9 +-------- 14 + 2 files changed, 1 insertion(+), 11 deletions(-) 15 + 16 + diff --git a/buildsrht/app.py b/buildsrht/app.py 17 + index e5321a2..7c9977c 100644 18 + --- a/buildsrht/app.py 19 + +++ b/buildsrht/app.py 20 + @@ -36,9 +36,6 @@ class BuildApp(SrhtFlask): 21 + self.register_blueprint(secrets) 22 + self.register_blueprint(gql_blueprint) 23 + 24 + - from buildsrht.runner import builds_queue_metrics_collector 25 + - self.metrics_registry.register(builds_queue_metrics_collector) 26 + - 27 + @self.context_processor 28 + def inject(): 29 + return { 30 + diff --git a/buildsrht/runner.py b/buildsrht/runner.py 31 + index 7773452..0389c8e 100644 32 + --- a/buildsrht/runner.py 33 + +++ b/buildsrht/runner.py 34 + @@ -5,13 +5,10 @@ from srht.config import cfg 35 + from srht.database import db 36 + from srht.email import send_email 37 + from srht.oauth import UserType 38 + -from srht.metrics import RedisQueueCollector 39 + -from prometheus_client import Counter 40 + 41 + allow_free = cfg("builds.sr.ht", "allow-free", default="no") == "yes" 42 + 43 + -builds_broker = cfg("builds.sr.ht", "redis") 44 + -runner = Celery('builds', broker=builds_broker, config_source={ 45 + +runner = Celery('builds', broker=cfg("builds.sr.ht", "redis"), config_source={ 46 + "CELERY_TASK_SERIALIZER": "json", 47 + "CELERY_ACCEPT_CONTENT": ["json"], 48 + "CELERY_RESULT_SERIALIZER": "json", 49 + @@ -19,9 +16,6 @@ runner = Celery('builds', broker=builds_broker, config_source={ 50 + "CELERY_TASK_PROTOCOL": 1 51 + }) 52 + 53 + -builds_queue_metrics_collector = RedisQueueCollector(builds_broker, "buildsrht_builds", "Number of builds currently in queue") 54 + -builds_submitted = Counter("buildsrht_builds_submited", "Number of builds submitted") 55 + - 56 + def queue_build(job, manifest): 57 + from buildsrht.types import JobStatus 58 + job.status = JobStatus.queued 59 + @@ -34,7 +28,6 @@ def queue_build(job, manifest): 60 + cfg("sr.ht", "owner-email"), 61 + "Cryptocurrency mining attempt on builds.sr.ht") 62 + else: 63 + - builds_submitted.inc() 64 + run_build.delay(job.id, manifest.to_dict()) 65 + 66 + def requires_payment(user): 67 + -- 68 + 2.34.0 69 +

+48

pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + From d88bee195797c6c294320617ff14798da94cd0f3 Mon Sep 17 00:00:00 2001 2 + From: Julien Moutinho <julm+srht@sourcephile.fr> 3 + Date: Thu, 16 Dec 2021 04:52:08 +0100 4 + Subject: [PATCH meta.sr.ht] Revert "Add webhook queue monitoring" 5 + 6 + This reverts commit 9931df3c23094af5179df9ef019ca732b8125dac. 7 + 8 + This has broken Unix socket support for Redis. 9 + See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E 10 + --- 11 + metasrht/app.py | 3 --- 12 + metasrht/webhooks.py | 5 +---- 13 + 2 files changed, 1 insertion(+), 7 deletions(-) 14 + 15 + diff --git a/metasrht/app.py b/metasrht/app.py 16 + index b190875..89c59bc 100644 17 + --- a/metasrht/app.py 18 + +++ b/metasrht/app.py 19 + @@ -49,9 +49,6 @@ class MetaApp(SrhtFlask): 20 + from metasrht.blueprints.billing import billing 21 + self.register_blueprint(billing) 22 + 23 + - from metasrht.webhooks import webhook_metrics_collector 24 + - self.metrics_registry.register(webhook_metrics_collector) 25 + - 26 + @self.context_processor 27 + def inject(): 28 + return { 29 + diff --git a/metasrht/webhooks.py b/metasrht/webhooks.py 30 + index 3e1149e..3f0ba01 100644 31 + --- a/metasrht/webhooks.py 32 + +++ b/metasrht/webhooks.py 33 + @@ -7,11 +7,8 @@ if not hasattr(db, "session"): 34 + db.init() 35 + from srht.webhook import Event 36 + from srht.webhook.celery import CeleryWebhook, make_worker 37 + -from srht.metrics import RedisQueueCollector 38 + 39 + -webhook_broker = cfg("meta.sr.ht", "webhooks", "redis://") 40 + -worker = make_worker(broker=webhook_broker) 41 + -webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length") 42 + +worker = make_worker(broker=cfg("meta.sr.ht", "webhooks", "redis://")) 43 + 44 + class UserWebhook(CeleryWebhook): 45 + events = [ 46 + -- 47 + 2.34.0 48 +

+5 -5

pkgs/applications/version-management/sourcehut/scm.nix

··· 5 , redis 6 , pyyaml 7 , buildsrht 8 - , writeText 9 }: 10 11 buildPythonPackage rec { 12 pname = "scmsrht"; 13 - version = "0.22.9"; 14 15 src = fetchFromSourcehut { 16 owner = "~sircmpwn"; 17 repo = "scm.sr.ht"; 18 rev = version; 19 - sha256 = "sha256-327G6C8FW+iZx+167D7TQsFtV6FGc8MpMVo9L/cUUqU="; 20 }; 21 22 nativeBuildInputs = srht.nativeBuildInputs; ··· 33 ''; 34 35 dontUseSetuptoolsCheck = true; 0 36 37 meta = with lib; { 38 - homepage = "https://git.sr.ht/~sircmpwn/git.sr.ht"; 39 description = "Shared support code for sr.ht source control services."; 40 - license = licenses.agpl3; 41 maintainers = with maintainers; [ eadwu ]; 42 }; 43 }

··· 5 , redis 6 , pyyaml 7 , buildsrht 0 8 }: 9 10 buildPythonPackage rec { 11 pname = "scmsrht"; 12 + version = "0.22.16"; # Untagged version 13 14 src = fetchFromSourcehut { 15 owner = "~sircmpwn"; 16 repo = "scm.sr.ht"; 17 rev = version; 18 + sha256 = "sha256-A4Q7wUc4ag7KRWOkdYXCsbzuFHyJJsM15OjrCoVt9UQ="; 19 }; 20 21 nativeBuildInputs = srht.nativeBuildInputs; ··· 32 ''; 33 34 dontUseSetuptoolsCheck = true; 35 + pythonImportsCheck = [ "scmsrht" ]; 36 37 meta = with lib; { 38 + homepage = "https://git.sr.ht/~sircmpwn/scm.sr.ht"; 39 description = "Shared support code for sr.ht source control services."; 40 + license = licenses.agpl3Only; 41 maintainers = with maintainers; [ eadwu ]; 42 }; 43 }

+4 -3

pkgs/applications/version-management/sourcehut/todo.nix

··· 12 13 buildPythonPackage rec { 14 pname = "todosrht"; 15 - version = "0.64.14"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "todo.sr.ht"; 20 rev = version; 21 - sha256 = "sha256-huIAhn6h1F5w5ST4/yBwr82kAzyYwhLu+gpRuOQgnsE="; 22 }; 23 24 nativeBuildInputs = srht.nativeBuildInputs; ··· 42 ]; 43 44 dontUseSetuptoolsCheck = true; 0 45 46 meta = with lib; { 47 homepage = "https://todo.sr.ht/~sircmpwn/todo.sr.ht"; 48 description = "Ticket tracking service for the sr.ht network"; 49 - license = licenses.agpl3; 50 maintainers = with maintainers; [ eadwu ]; 51 }; 52 }

··· 12 13 buildPythonPackage rec { 14 pname = "todosrht"; 15 + version = "0.66.1"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "todo.sr.ht"; 20 rev = version; 21 + sha256 = "sha256-P0xaQpK7O9zipGSIa5jL1O0L/fKt51EMNGt7XndYQ+g="; 22 }; 23 24 nativeBuildInputs = srht.nativeBuildInputs; ··· 42 ]; 43 44 dontUseSetuptoolsCheck = true; 45 + pythonImportsCheck = [ "todosrht" ]; 46 47 meta = with lib; { 48 homepage = "https://todo.sr.ht/~sircmpwn/todo.sr.ht"; 49 description = "Ticket tracking service for the sr.ht network"; 50 + license = licenses.agpl3Only; 51 maintainers = with maintainers; [ eadwu ]; 52 }; 53 }

+42 -20

pkgs/applications/version-management/sourcehut/update.sh

··· 1 #! /usr/bin/env nix-shell 2 #! nix-shell -i bash -p git mercurial common-updater-scripts 0 3 4 - cd "$(dirname "${BASH_SOURCE[0]}")" 5 root=../../../.. 0 0 6 7 default() { 8 (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') ··· 13 } 14 15 src_url() { 16 - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.src.drvAttrs.url" | tr -d '"') 17 } 18 19 get_latest_version() { 20 src="$(src_url "$1")" 21 - tmp=$(mktemp -d) 22 - 23 if [ "$1" = "hgsrht" ]; then 24 - hg clone "$src" "$tmp" &> /dev/null 25 printf "%s" "$(cd "$tmp" && hg log --limit 1 --template '{latesttag}')" 26 else 27 - git clone "$src" "$tmp" 28 - printf "%s" "$(cd "$tmp" && git describe $(git rev-list --tags --max-count=1))" 29 fi 30 } 31 32 update_version() { 33 default_nix="$(default "$1")" 34 - version_old="$(version "$1")" 35 version="$(get_latest_version "$1")" 36 37 (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") 38 39 - git add "$default_nix" 40 - git commit -m "$1: $version_old -> $version" 41 - } 0 0 0 0 0 0 0 0 0 0 42 43 - services=( "srht" "buildsrht" "dispatchsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht" 44 - "metasrht" "pastesrht" "todosrht" "scmsrht" ) 0 0 0 45 46 - # Whether or not a specific service is requested 47 - if [ -n "$1" ]; then 48 - version="$(get_latest_version "$1")" 49 - (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") 50 else 51 - for service in "${services[@]}"; do 52 - update_version "$service" 53 - done 0 0 0 0 0 54 fi 0 0 0 0

··· 1 #! /usr/bin/env nix-shell 2 #! nix-shell -i bash -p git mercurial common-updater-scripts 3 + set -eux -o pipefail 4 5 + cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1 6 root=../../../.. 7 + tmp=$(mktemp -d) 8 + trap 'rm -rf "$tmp"' EXIT 9 10 default() { 11 (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') ··· 16 } 17 18 src_url() { 19 + nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.url or src.meta.homepage" | tr -d '"' 20 } 21 22 get_latest_version() { 23 src="$(src_url "$1")" 24 + rm -rf "$tmp" 0 25 if [ "$1" = "hgsrht" ]; then 26 + hg clone "$src" "$tmp" >/dev/null 27 printf "%s" "$(cd "$tmp" && hg log --limit 1 --template '{latesttag}')" 28 else 29 + git clone "$src" "$tmp" >/dev/null 30 + printf "%s" "$(cd "$tmp" && git describe "$(git rev-list --tags --max-count=1)")" 31 fi 32 } 33 34 update_version() { 35 default_nix="$(default "$1")" 36 + oldVersion="$(version "$1")" 37 version="$(get_latest_version "$1")" 38 39 (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") 40 41 + # Update vendorSha256 of Go modules 42 + retry=true 43 + while "$retry"; do 44 + retry=false; 45 + exec < <(exec nix -L build -f "$root" sourcehut.python.pkgs."$1" 2>&1) 46 + while IFS=' :' read -r origin hash; do 47 + case "$origin" in 48 + (expected|specified) oldHash="$hash";; 49 + (got) sed -i "s|$oldHash|$hash|" "$default_nix"; retry=true; break;; 50 + (*) printf >&2 "%s\n" "$origin${hash:+:$hash}" 51 + esac 52 + done 53 + done 54 55 + if [ "$oldVersion" != "$version" ]; then 56 + git add "$default_nix" 57 + git commit -m "sourcehut.$1: $oldVersion -> $version" 58 + fi 59 + } 60 61 + if [ $# -gt 0 ]; then 62 + services=("$@") 0 0 63 else 64 + # Beware that some packages must be updated before others, 65 + # eg. buildsrht must be updated before gitsrht, 66 + # otherwise this script would enter an infinite loop 67 + # because the reported $oldHash to be changed 68 + # may not actually be in $default_nix 69 + # but in the file of one of its dependencies. 70 + services=( "srht" "scmsrht" "buildsrht" "dispatchsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht" 71 + "metasrht" "pagessrht" "pastesrht" "todosrht" ) 72 fi 73 + 74 + for service in "${services[@]}"; do 75 + update_version "$service" 76 + done

+1 -1

pkgs/desktops/gnome/apps/gnome-power-manager/default.nix

··· 51 ]; 52 53 meta = with lib; { 54 - homepage = "https://projects-old.gnome.org/gnome-power-manager/"; 55 description = "View battery and power statistics provided by UPower"; 56 maintainers = teams.gnome.members; 57 license = licenses.gpl2Plus;

··· 51 ]; 52 53 meta = with lib; { 54 + homepage = "https://gitlab.gnome.org/GNOME/gnome-power-manager"; 55 description = "View battery and power statistics provided by UPower"; 56 maintainers = teams.gnome.members; 57 license = licenses.gpl2Plus;

+1

pkgs/development/go-modules/generic/default.nix

··· 71 inherit (go) GOOS GOARCH; 72 73 patches = args.patches or []; 0 74 preBuild = args.preBuild or ""; 75 sourceRoot = args.sourceRoot or ""; 76

··· 71 inherit (go) GOOS GOARCH; 72 73 patches = args.patches or []; 74 + patchFlags = args.patchFlags or []; 75 preBuild = args.preBuild or ""; 76 sourceRoot = args.sourceRoot or ""; 77

+1 -1

pkgs/development/interpreters/lfe/generic-builder.nix

··· 83 code. An LFE evaluator and shell is also included. 84 ''; 85 86 - homepage = "http://lfe.io"; 87 downloadPage = "https://github.com/rvirding/lfe/releases"; 88 89 license = licenses.asl20;

··· 83 code. An LFE evaluator and shell is also included. 84 ''; 85 86 + homepage = "https://lfe.io"; 87 downloadPage = "https://github.com/rvirding/lfe/releases"; 88 89 license = licenses.asl20;

+1 -1

pkgs/development/libraries/gf2x/default.nix

··· 30 31 meta = with lib; { 32 description = "Routines for fast arithmetic in GF(2)[x]"; 33 - homepage = "http://gf2x.gforge.inria.fr"; 34 license = licenses.gpl2Plus; 35 maintainers = teams.sage.members; 36 platforms = platforms.unix;

··· 30 31 meta = with lib; { 32 description = "Routines for fast arithmetic in GF(2)[x]"; 33 + homepage = "https://gitlab.inria.fr/gf2x/gf2x/"; 34 license = licenses.gpl2Plus; 35 maintainers = teams.sage.members; 36 platforms = platforms.unix;

+1 -1

pkgs/development/libraries/grantlee/5/default.nix

··· 46 The syntax is intended to follow the syntax of the Django template system, 47 and the design of Django is reused in Grantlee.''; 48 49 - homepage = "http://gitorious.org/grantlee"; 50 maintainers = [ maintainers.ttuegel ]; 51 license = licenses.lgpl21; 52 inherit (qtbase.meta) platforms;

··· 46 The syntax is intended to follow the syntax of the Django template system, 47 and the design of Django is reused in Grantlee.''; 48 49 + homepage = "https://github.com/steveire/grantlee"; 50 maintainers = [ maintainers.ttuegel ]; 51 license = licenses.lgpl21; 52 inherit (qtbase.meta) platforms;

+1 -1

pkgs/development/libraries/grantlee/default.nix

··· 27 The syntax is intended to follow the syntax of the Django template system, 28 and the design of Django is reused in Grantlee.''; 29 30 - homepage = "http://gitorious.org/grantlee"; 31 license = lib.licenses.lgpl21; 32 inherit (qt4.meta) platforms; 33 };

··· 27 The syntax is intended to follow the syntax of the Django template system, 28 and the design of Django is reused in Grantlee.''; 29 30 + homepage = "https://github.com/steveire/grantlee"; 31 license = lib.licenses.lgpl21; 32 inherit (qt4.meta) platforms; 33 };

+1 -1

pkgs/development/libraries/gtksourceviewmm/4.x.nix

··· 22 23 meta = with lib; { 24 platforms = platforms.linux; 25 - homepage = "https://developer.gnome.org/gtksourceviewmm/"; 26 description = "C++ wrapper for gtksourceview"; 27 license = licenses.lgpl2; 28 maintainers = teams.gnome.members;

··· 22 23 meta = with lib; { 24 platforms = platforms.linux; 25 + homepage = "https://gitlab.gnome.org/GNOME/gtksourceviewmm"; 26 description = "C++ wrapper for gtksourceview"; 27 license = licenses.lgpl2; 28 maintainers = teams.gnome.members;

+1 -1

pkgs/development/libraries/gtksourceviewmm/default.nix

··· 22 23 meta = with lib; { 24 platforms = platforms.unix; 25 - homepage = "https://developer.gnome.org/gtksourceviewmm/"; 26 description = "C++ wrapper for gtksourceview"; 27 license = licenses.lgpl2; 28 maintainers = [ maintainers.juliendehos ];

··· 22 23 meta = with lib; { 24 platforms = platforms.unix; 25 + homepage = "https://gitlab.gnome.org/GNOME/gtksourceviewmm"; 26 description = "C++ wrapper for gtksourceview"; 27 license = licenses.lgpl2; 28 maintainers = [ maintainers.juliendehos ];

+1 -1

pkgs/development/libraries/libnotify/default.nix

··· 61 }; 62 63 meta = with lib; { 64 - homepage = "https://developer.gnome.org/notification-spec/"; 65 description = "A library that sends desktop notifications to a notification daemon"; 66 platforms = platforms.unix; 67 maintainers = teams.gnome.members;

··· 61 }; 62 63 meta = with lib; { 64 + homepage = "https://gitlab.gnome.org/GNOME/libnotify"; 65 description = "A library that sends desktop notifications to a notification daemon"; 66 platforms = platforms.unix; 67 maintainers = teams.gnome.members;

+1 -1

pkgs/development/lua-modules/generated-packages.nix

··· 605 propagatedBuildInputs = [ lua ]; 606 607 meta = { 608 - homepage = "http://github.com/pavouk/lgi"; 609 description = "Lua bindings to GObject libraries"; 610 license.fullName = "MIT/X11"; 611 };

··· 605 propagatedBuildInputs = [ lua ]; 606 607 meta = { 608 + homepage = "https://github.com/pavouk/lgi"; 609 description = "Lua bindings to GObject libraries"; 610 license.fullName = "MIT/X11"; 611 };

+2 -5

pkgs/development/python-modules/angrcli/default.nix

··· 11 12 buildPythonPackage rec { 13 pname = "angrcli"; 14 - version = "1.1.1"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.6"; ··· 20 owner = "fmagin"; 21 repo = "angr-cli"; 22 rev = "v${version}"; 23 - sha256 = "0mz3yzsw08xwpj6188rxmr7darilh4ismcnh8nhp9945wjyzl4kr"; 24 }; 25 26 propagatedBuildInputs = [ ··· 35 ]; 36 37 postPatch = '' 38 - # Version mismatch, https://github.com/fmagin/angr-cli/pull/11 39 - substituteInPlace setup.py \ 40 - --replace "version='1.1.0'," "version='${version}'," 41 substituteInPlace tests/test_derefs.py \ 42 --replace "/bin/ls" "${coreutils}/bin/ls" 43 '';

··· 11 12 buildPythonPackage rec { 13 pname = "angrcli"; 14 + version = "1.2.0"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.6"; ··· 20 owner = "fmagin"; 21 repo = "angr-cli"; 22 rev = "v${version}"; 23 + sha256 = "sha256-a5ajUBQwt3xUNkeSOeGOAFf47wd4UVk+LcuAHGqbq4s="; 24 }; 25 26 propagatedBuildInputs = [ ··· 35 ]; 36 37 postPatch = '' 0 0 0 38 substituteInPlace tests/test_derefs.py \ 39 --replace "/bin/ls" "${coreutils}/bin/ls" 40 '';

+1 -1

pkgs/development/python-modules/apache-airflow/default.nix

··· 234 235 meta = with lib; { 236 description = "Programmatically author, schedule and monitor data pipelines"; 237 - homepage = "http://airflow.apache.org/"; 238 license = licenses.asl20; 239 maintainers = with maintainers; [ bhipple costrouc ingenieroariel ]; 240 };

··· 234 235 meta = with lib; { 236 description = "Programmatically author, schedule and monitor data pipelines"; 237 + homepage = "https://airflow.apache.org/"; 238 license = licenses.asl20; 239 maintainers = with maintainers; [ bhipple costrouc ingenieroariel ]; 240 };

+1 -1

pkgs/development/python-modules/certifi/default.nix

··· 25 pythonImportsCheck = [ "certifi" ]; 26 27 meta = with lib; { 28 - homepage = "https://certifi.io/"; 29 description = "Python package for providing Mozilla's CA Bundle"; 30 license = licenses.isc; 31 maintainers = with maintainers; [ koral ];

··· 25 pythonImportsCheck = [ "certifi" ]; 26 27 meta = with lib; { 28 + homepage = "https://github.com/certifi/python-certifi"; 29 description = "Python package for providing Mozilla's CA Bundle"; 30 license = licenses.isc; 31 maintainers = with maintainers; [ koral ];

+1 -1

pkgs/development/python-modules/certifi/python2.nix

··· 26 doCheck = false; 27 28 meta = with lib; { 29 - homepage = "https://certifi.io/"; 30 description = "Python package for providing Mozilla's CA Bundle"; 31 license = licenses.isc; 32 maintainers = with maintainers; [ ]; # NixOps team

··· 26 doCheck = false; 27 28 meta = with lib; { 29 + homepage = "https://github.com/certifi/python-certifi"; 30 description = "Python package for providing Mozilla's CA Bundle"; 31 license = licenses.isc; 32 maintainers = with maintainers; [ ]; # NixOps team

+17 -6

pkgs/development/python-modules/iso4217/default.nix

··· 2 , buildPythonPackage 3 , fetchFromGitHub 4 , fetchurl 0 5 , pytestCheckHook 6 , python 0 7 }: 8 let 9 table = fetchurl { 10 - # See https://github.com/dahlia/iso4217/blob/main/setup.py#L18 11 url = "http://www.currency-iso.org/dam/downloads/lists/list_one.xml"; 12 - sha256 = "0frhicc7s8gqglr41hzx61fic3ckvr4sg773ahp1s28n5by3y7ac"; 13 }; 14 in 15 buildPythonPackage rec { 16 pname = "iso4217"; 17 - version = "1.6"; 0 18 19 src = fetchFromGitHub { 20 owner = "dahlia"; 21 repo = pname; 22 rev = version; 23 - sha256 = "0mdpf5a0xr5lrcfgvqi1sdn7ln2w6pkc3lg0laqkbx5mhxky0fla"; 24 }; 25 0 0 0 0 26 checkInputs = [ 27 pytestCheckHook 28 ]; ··· 39 cp -r ${table} $out/${python.sitePackages}/$pname/table.xml 40 ''; 41 42 - pytestFlagsArray = [ "$pname/test.py" ]; 0 0 43 44 - pythonImportsCheck = [ "iso4217" ]; 0 0 45 46 meta = with lib; { 47 description = "ISO 4217 currency data package for Python";

··· 2 , buildPythonPackage 3 , fetchFromGitHub 4 , fetchurl 5 + , importlib-resources 6 , pytestCheckHook 7 , python 8 + , pythonOlder 9 }: 10 let 11 table = fetchurl { 12 + # See https://github.com/dahlia/iso4217/blob/main/setup.py#L19 13 url = "http://www.currency-iso.org/dam/downloads/lists/list_one.xml"; 14 + hash = "sha256-bp8uTMR1YRaI2cJLo0kdt9xD4nNaWK+LdlheWQ26qy0="; 15 }; 16 in 17 buildPythonPackage rec { 18 pname = "iso4217"; 19 + version = "1.7"; 20 + format = "setuptools"; 21 22 src = fetchFromGitHub { 23 owner = "dahlia"; 24 repo = pname; 25 rev = version; 26 + hash = "sha256-Ih2l6bGM7i5TUkzJPkgx8EOOL4a3/qE28SUZS6M4sQc="; 27 }; 28 29 + propagatedBuildInputs = lib.optionals (pythonOlder "3.9") [ 30 + importlib-resources 31 + ]; 32 + 33 checkInputs = [ 34 pytestCheckHook 35 ]; ··· 46 cp -r ${table} $out/${python.sitePackages}/$pname/table.xml 47 ''; 48 49 + pytestFlagsArray = [ 50 + "$pname/test.py" 51 + ]; 52 53 + pythonImportsCheck = [ 54 + "iso4217" 55 + ]; 56 57 meta = with lib; { 58 description = "ISO 4217 currency data package for Python";

+2 -2

pkgs/development/python-modules/pipx/default.nix

··· 11 12 buildPythonPackage rec { 13 pname = "pipx"; 14 - version = "0.16.5"; 15 16 disabled = pythonOlder "3.6"; 17 ··· 20 owner = "pipxproject"; 21 repo = pname; 22 rev = version; 23 - sha256 = "sha256-gBeaHEig47XWKoPx3jzvgk/jJPJXtr5R5qUL0LgvbDg="; 24 }; 25 26 propagatedBuildInputs = [

··· 11 12 buildPythonPackage rec { 13 pname = "pipx"; 14 + version = "0.17.0"; 15 16 disabled = pythonOlder "3.6"; 17 ··· 20 owner = "pipxproject"; 21 repo = pname; 22 rev = version; 23 + sha256 = "sha256-vR/tKV+ZB0nZaxEcB83dwoSI7kBC1rA+6fo30rizroM="; 24 }; 25 26 propagatedBuildInputs = [

+2 -2

pkgs/development/python-modules/pyupgrade/default.nix

··· 8 9 buildPythonPackage rec { 10 pname = "pyupgrade"; 11 - version = "2.29.1"; 12 format = "setuptools"; 13 14 disabled = pythonOlder "3.6"; ··· 17 owner = "asottile"; 18 repo = pname; 19 rev = "v${version}"; 20 - sha256 = "sha256-fN0+4/EeoMD2c16OgepjDWuUhowMxzM7nB3mkL3iDjc="; 21 }; 22 23 checkInputs = [

··· 8 9 buildPythonPackage rec { 10 pname = "pyupgrade"; 11 + version = "2.30.0"; 12 format = "setuptools"; 13 14 disabled = pythonOlder "3.6"; ··· 17 owner = "asottile"; 18 repo = pname; 19 rev = "v${version}"; 20 + sha256 = "sha256-Fku95ar5i+QV21GhomO6/ivlJcnOhPyximyPsh2/dc0="; 21 }; 22 23 checkInputs = [

+6 -3

pkgs/development/python-modules/types-pytz/default.nix

··· 5 6 buildPythonPackage rec { 7 pname = "types-pytz"; 8 - version = "2021.3.2"; 0 9 10 src = fetchPypi { 11 inherit pname version; 12 - sha256 = "sha256-xO42Rm+u2a8zTRUJPQXOpBYyPS0EMVi7WCu5TAQav1E="; 13 }; 14 15 # Modules doesn't have tests 16 doCheck = false; 17 18 - pythonImportsCheck = [ "pytz-stubs" ]; 0 0 19 20 meta = with lib; { 21 description = "Typing stubs for pytz";

··· 5 6 buildPythonPackage rec { 7 pname = "types-pytz"; 8 + version = "2021.3.3"; 9 + format = "setuptools"; 10 11 src = fetchPypi { 12 inherit pname version; 13 + sha256 = "sha256-9tIdZoeTWhYV20ZLHh34ANGVAsNrwEhvQ759/SxASUc="; 14 }; 15 16 # Modules doesn't have tests 17 doCheck = false; 18 19 + pythonImportsCheck = [ 20 + "pytz-stubs" 21 + ]; 22 23 meta = with lib; { 24 description = "Typing stubs for pytz";

+1 -1

pkgs/development/tools/build-managers/apache-ant/default.nix

··· 79 ''; # */ 80 81 meta = { 82 - homepage = "http://ant.apache.org/"; 83 description = "A Java-based build tool"; 84 85 longDescription = ''

··· 79 ''; # */ 80 81 meta = { 82 + homepage = "https://ant.apache.org/"; 83 description = "A Java-based build tool"; 84 85 longDescription = ''

+3 -6

pkgs/development/tools/rust/rust-analyzer/default.nix

··· 11 12 rustPlatform.buildRustPackage rec { 13 pname = "rust-analyzer-unwrapped"; 14 - version = "2021-12-13"; 15 - cargoSha256 = "sha256-VF4pwSl3Wei7KxyQFOPj7hVX/NG2zImRLv4iN+ijAs8="; 16 17 src = fetchFromGitHub { 18 owner = "rust-analyzer"; 19 repo = "rust-analyzer"; 20 rev = version; 21 - sha256 = "sha256-xt7iDfIoaBhStgqsgttyOFF4NYPQ8jeVwDoYUwrvtrA="; 22 }; 23 24 patches = [ 25 # Code format and git history check require more dependencies but don't really matter for packaging. 26 # So just ignore them. 27 ./ignore-git-and-rustfmt-tests.patch 28 - 29 - # Remove when we have rustc >= 1.57.0. 30 - ./no-1-57-map-while.patch 31 ]; 32 33 buildAndTestSubdir = "crates/rust-analyzer";

··· 11 12 rustPlatform.buildRustPackage rec { 13 pname = "rust-analyzer-unwrapped"; 14 + version = "2021-12-27"; 15 + cargoSha256 = "sha256-yok7kLcvKvDwrdgJR0540QLJi5/zXi0NyZxhtoQ8Xno="; 16 17 src = fetchFromGitHub { 18 owner = "rust-analyzer"; 19 repo = "rust-analyzer"; 20 rev = version; 21 + sha256 = "sha256-/195+NsV6Mku2roi8zVy4dw8QGL6rQcnPcQ29Os8oqs="; 22 }; 23 24 patches = [ 25 # Code format and git history check require more dependencies but don't really matter for packaging. 26 # So just ignore them. 27 ./ignore-git-and-rustfmt-tests.patch 0 0 0 28 ]; 29 30 buildAndTestSubdir = "crates/rust-analyzer";

-20

pkgs/development/tools/rust/rust-analyzer/no-1-57-map-while.patch

··· 1 - --- a/crates/ide_db/src/helpers.rs 2 - +++ b/crates/ide_db/src/helpers.rs 3 - @@ -309,7 +309,7 @@ pub fn lint_eq_or_in_group(lint: &str, lint_is: &str) -> bool { 4 - pub fn parse_tt_as_comma_sep_paths(input: ast::TokenTree) -> Option<Vec<ast::Path>> { 5 - let r_paren = input.r_paren_token(); 6 - let tokens = 7 - - input.syntax().children_with_tokens().skip(1).map_while(|it| match it.into_token() { 8 - + input.syntax().children_with_tokens().skip(1).map(|it| match it.into_token() { 9 - // seeing a keyword means the attribute is unclosed so stop parsing here 10 - Some(tok) if tok.kind().is_keyword() => None, 11 - // don't include the right token tree parenthesis if it exists 12 - @@ -317,7 +317,7 @@ pub fn parse_tt_as_comma_sep_paths(input: ast::TokenTree) -> Option<Vec<ast::Pat 13 - // only nodes that we can find are other TokenTrees, those are unexpected in this parse though 14 - None => None, 15 - Some(tok) => Some(tok), 16 - - }); 17 - + }).take_while(|tok| tok.is_some()).map(|tok| tok.unwrap()); 18 - let input_expressions = tokens.into_iter().group_by(|tok| tok.kind() == T![,]); 19 - let paths = input_expressions 20 - .into_iter()

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

+1 -2

pkgs/os-specific/linux/phc-intel/default.nix

··· 44 while noticably reducing fan noise. This driver works only on supported 45 Intel architectures. 46 ''; 47 - homepage = "http://www.linux-phc.org/"; 48 - downloadPage = "http://www.linux-phc.org/forum/viewtopic.php?f=7&t=267"; 49 license = licenses.gpl2; 50 platforms = [ "x86_64-linux" "i686-linux" ]; 51 broken = lib.versionAtLeast kernel.version "4.18";

··· 44 while noticably reducing fan noise. This driver works only on supported 45 Intel architectures. 46 ''; 47 + homepage = "https://github.com/danielw86dev/phc-intel-dkms"; 0 48 license = licenses.gpl2; 49 platforms = [ "x86_64-linux" "i686-linux" ]; 50 broken = lib.versionAtLeast kernel.version "4.18";

+1 -1

pkgs/servers/apache-kafka/default.nix

··· 59 ''; 60 61 meta = with lib; { 62 - homepage = "http://kafka.apache.org"; 63 description = "A high-throughput distributed messaging system"; 64 license = licenses.asl20; 65 maintainers = [ maintainers.ragge ];

··· 59 ''; 60 61 meta = with lib; { 62 + homepage = "https://kafka.apache.org"; 63 description = "A high-throughput distributed messaging system"; 64 license = licenses.asl20; 65 maintainers = [ maintainers.ragge ];

+2 -10

pkgs/servers/heisenbridge/default.nix

··· 2 3 python3Packages.buildPythonApplication rec { 4 pname = "heisenbridge"; 5 - version = "1.7.1"; 6 7 src = fetchFromGitHub { 8 owner = "hifi"; 9 repo = pname; 10 rev = "v${version}"; 11 - sha256 = "sha256-q1Rj8BehvYnV/Kah5YKAxBUz4j9WziSqn1fVeaKpy7g="; 12 }; 13 - 14 - patches = [ 15 - # Compatibility with aiohttp 3.8.0 16 - (fetchpatch { 17 - url = "https://github.com/hifi/heisenbridge/commit/cff5d33e0b617e6cf3a44dc00c72b98743175c9e.patch"; 18 - sha256 = "sha256-y5X4mWvX1bq0XNZNTYUc0iK3SzvaHpS7px53I7xC9c8="; 19 - }) 20 - ]; 21 22 postPatch = '' 23 echo "${version}" > heisenbridge/version.txt

··· 2 3 python3Packages.buildPythonApplication rec { 4 pname = "heisenbridge"; 5 + version = "1.8.2"; 6 7 src = fetchFromGitHub { 8 owner = "hifi"; 9 repo = pname; 10 rev = "v${version}"; 11 + sha256 = "173prcd56rwlxjxlw67arnm12k1l317xi5s6m7jhmp8zbbrj5vwr"; 12 }; 0 0 0 0 0 0 0 0 13 14 postPatch = '' 15 echo "${version}" > heisenbridge/version.txt

+1

pkgs/servers/home-assistant/default.nix

··· 320 ciso8601 321 cryptography 322 httpx 0 323 jinja2 324 pip 325 pyjwt

··· 320 ciso8601 321 cryptography 322 httpx 323 + ifaddr 324 jinja2 325 pip 326 pyjwt

+1

pkgs/servers/mail/dovecot/plugins/fts_xapian/default.nix

··· 31 license = licenses.lgpl21Only; 32 maintainers = with maintainers; [ julm symphorien ]; 33 platforms = platforms.unix; 0 34 }; 35 }

··· 31 license = licenses.lgpl21Only; 32 maintainers = with maintainers; [ julm symphorien ]; 33 platforms = platforms.unix; 34 + broken = stdenv.isDarwin; # never built on Hydra https://hydra.nixos.org/job/nixpkgs/trunk/dovecot_fts_xapian.x86_64-darwin 35 }; 36 }

+1 -1

pkgs/tools/filesystems/ceph/default.nix

··· 85 }; 86 87 getMeta = description: with lib; { 88 - homepage = "https://ceph.com/"; 89 inherit description; 90 license = with licenses; [ lgpl21 gpl2 bsd3 mit publicDomain ]; 91 maintainers = with maintainers; [ adev ak johanot krav ];

··· 85 }; 86 87 getMeta = description: with lib; { 88 + homepage = "https://ceph.io/"; 89 inherit description; 90 license = with licenses; [ lgpl21 gpl2 bsd3 mit publicDomain ]; 91 maintainers = with maintainers; [ adev ak johanot krav ];

+1 -1

pkgs/tools/graphics/ibniz/default.nix

··· 18 19 meta = with lib; { 20 description = "Virtual machine designed for extremely compact low-level audiovisual programs"; 21 - homepage = "http://www.pelulamu.net/ibniz/"; 22 license = licenses.zlib; 23 platforms = platforms.linux; 24 maintainers = [ maintainers.dezgeg ];

··· 18 19 meta = with lib; { 20 description = "Virtual machine designed for extremely compact low-level audiovisual programs"; 21 + homepage = "https://github.com/viznut/IBNIZ"; 22 license = licenses.zlib; 23 platforms = platforms.linux; 24 maintainers = [ maintainers.dezgeg ];

+1 -1

pkgs/tools/misc/libbitcoin/libbitcoin-network.nix

··· 28 29 meta = with lib; { 30 description = "Bitcoin P2P Network Library"; 31 - homepage = "https://libbitcoin.org/"; 32 platforms = platforms.linux ++ platforms.darwin; 33 maintainers = with maintainers; [ asymmetric ]; 34

··· 28 29 meta = with lib; { 30 description = "Bitcoin P2P Network Library"; 31 + homepage = "https://libbitcoin.info/"; 32 platforms = platforms.linux ++ platforms.darwin; 33 maintainers = with maintainers; [ asymmetric ]; 34

+1 -1

pkgs/tools/misc/libbitcoin/libbitcoin-protocol.nix

··· 29 30 meta = with lib; { 31 description = "Bitcoin Blockchain Query Protocol"; 32 - homepage = "https://libbitcoin.org/"; 33 platforms = platforms.linux ++ platforms.darwin; 34 maintainers = with maintainers; [ asymmetric ]; 35

··· 29 30 meta = with lib; { 31 description = "Bitcoin Blockchain Query Protocol"; 32 + homepage = "https://libbitcoin.info/"; 33 platforms = platforms.linux ++ platforms.darwin; 34 maintainers = with maintainers; [ asymmetric ]; 35

+1 -1

pkgs/tools/misc/libbitcoin/libbitcoin.nix

··· 29 30 meta = with lib; { 31 description = "C++ library for building bitcoin applications"; 32 - homepage = "https://libbitcoin.org/"; 33 platforms = platforms.linux ++ platforms.darwin; 34 maintainers = with maintainers; [ ]; 35

··· 29 30 meta = with lib; { 31 description = "C++ library for building bitcoin applications"; 32 + homepage = "https://libbitcoin.info/"; 33 platforms = platforms.linux ++ platforms.darwin; 34 maintainers = with maintainers; [ ]; 35

+4 -4

pkgs/tools/security/rekor/default.nix

··· 4 generic = { pname, packageToBuild, description }: 5 buildGoModule rec { 6 inherit pname; 7 - version = "0.3.0"; 8 9 src = fetchFromGitHub { 10 owner = "sigstore"; 11 repo = "rekor"; 12 rev = "v${version}"; 13 - sha256 = "sha256-FaVZm9C1pewJCZlYgNyD/ZYr/UIRvhqVTUhFTmysxeg="; 14 }; 15 16 - vendorSha256 = "sha256-EBKj/+ruE88qvlbOme4GBfAqt3/1jHcqhY0IHxh6Y5U="; 17 18 subPackages = [ packageToBuild ]; 19 20 - ldflags = [ "-s" "-w" "-X github.com/sigstore/rekor/${packageToBuild}/app.gitVersion=v${version}" ]; 21 22 meta = with lib; { 23 inherit description;

··· 4 generic = { pname, packageToBuild, description }: 5 buildGoModule rec { 6 inherit pname; 7 + version = "0.4.0"; 8 9 src = fetchFromGitHub { 10 owner = "sigstore"; 11 repo = "rekor"; 12 rev = "v${version}"; 13 + sha256 = "sha256-15p4hm4Cvs/yLaQIcxctVdMKRWPjIIFwBcbru6QcjXo="; 14 }; 15 16 + vendorSha256 = "sha256-XCCO4Vamzj5pJFmu1A8mpTLlVAtocrn20myYJVWtBrY="; 17 18 subPackages = [ packageToBuild ]; 19 20 + ldflags = [ "-s" "-w" "-X github.com/sigstore/rekor/${packageToBuild}/app.GitVersion=v${version}" ]; 21 22 meta = with lib; { 23 inherit description;

+3 -3

pkgs/tools/security/scorecard/default.nix

··· 2 3 buildGoModule rec { 4 pname = "scorecard"; 5 - version = "3.0.1"; 6 7 src = fetchFromGitHub { 8 owner = "ossf"; 9 repo = pname; 10 rev = "v${version}"; 11 - sha256 = "sha256-19XDAgv9ARCZ7eNlWUPcsbGNyKA9vYFry8m6D3+vQP8="; 12 # populate values otherwise taken care of by goreleaser, 13 # unfortunately these require us to use git. By doing 14 # this in postFetch we can delete .git afterwards and ··· 27 find "$out" -name .git -print0 | xargs -0 rm -rf 28 ''; 29 }; 30 - vendorSha256 = "sha256-ucF26pTEvG8tkzsyC9WNbvl8QCeetKBvBIcQL2NTfjo="; 31 32 # Install completions post-install 33 nativeBuildInputs = [ installShellFiles ];

··· 2 3 buildGoModule rec { 4 pname = "scorecard"; 5 + version = "3.2.1"; 6 7 src = fetchFromGitHub { 8 owner = "ossf"; 9 repo = pname; 10 rev = "v${version}"; 11 + sha256 = "sha256-MVFhw/r1sws82oofV4LHmiSlKxyYd8abYq8oFiB0HH8="; 12 # populate values otherwise taken care of by goreleaser, 13 # unfortunately these require us to use git. By doing 14 # this in postFetch we can delete .git afterwards and ··· 27 find "$out" -name .git -print0 | xargs -0 rm -rf 28 ''; 29 }; 30 + vendorSha256 = "sha256-WrM2aE0z6SnfoPEBqgn1TO6sSGPMrQvL6+ddvOS2w1k="; 31 32 # Install completions post-install 33 nativeBuildInputs = [ installShellFiles ];