commit 30dbc2dc7f6a103a6369a58d8f2cf6f8395b1eac · pyrox.dev/nixpkgs

+7

maintainers/maintainer-list.nix

··· 22845 22845 githubId = 159372832; 22846 22846 keys = [ { fingerprint = "6F54 C08C 37C8 EC78 15FA 0D01 A721 8CBA 2D80 15C3"; } ]; 22847 22847 }; 22848 + Tert0 = { 22849 + name = "Tert0"; 22850 + github = "Tert0"; 22851 + githubId = 62036464; 22852 + email = "tert0byte@gmail.com"; 22853 + keys = [ { fingerprint = "F899 D3B5 00BF 98AE 9097 F616 7069 D89F 9E5C 97ED"; } ]; 22854 + }; 22848 22855 tesq0 = { 22849 22856 email = "mikolaj.galkowski@gmail.com"; 22850 22857 github = "tesq0";

+396 -339

nixos/modules/services/backup/restic.nix

··· 1 - { config, lib, pkgs, utils, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + utils, 6 + ... 7 + }: 2 8 let 3 9 # Type for a valid systemd unit option. Needed for correctly passing "timerConfig" to "systemd.timers" 4 10 inherit (utils.systemdUtils.unitOptions) unitOption; ··· 8 14 description = '' 9 15 Periodic backups to create with Restic. 10 16 ''; 11 - type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { 12 - options = { 13 - passwordFile = lib.mkOption { 14 - type = lib.types.str; 15 - description = '' 16 - Read the repository password from a file. 17 - ''; 18 - example = "/etc/nixos/restic-password"; 19 - }; 17 + type = lib.types.attrsOf ( 18 + lib.types.submodule ( 19 + { name, ... }: 20 + { 21 + options = { 22 + passwordFile = lib.mkOption { 23 + type = lib.types.str; 24 + description = '' 25 + Read the repository password from a file. 26 + ''; 27 + example = "/etc/nixos/restic-password"; 28 + }; 20 29 21 - environmentFile = lib.mkOption { 22 - type = with lib.types; nullOr str; 23 - default = null; 24 - description = '' 25 - file containing the credentials to access the repository, in the 26 - format of an EnvironmentFile as described by {manpage}`systemd.exec(5)` 27 - ''; 28 - }; 30 + environmentFile = lib.mkOption { 31 + type = with lib.types; nullOr str; 32 + default = null; 33 + description = '' 34 + file containing the credentials to access the repository, in the 35 + format of an EnvironmentFile as described by {manpage}`systemd.exec(5)` 36 + ''; 37 + }; 29 38 30 - rcloneOptions = lib.mkOption { 31 - type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); 32 - default = null; 33 - description = '' 34 - Options to pass to rclone to control its behavior. 35 - See <https://rclone.org/docs/#options> for 36 - available options. When specifying option names, strip the 37 - leading `--`. To set a flag such as 38 - `--drive-use-trash`, which does not take a value, 39 - set the value to the Boolean `true`. 40 - ''; 41 - example = { 42 - bwlimit = "10M"; 43 - drive-use-trash = "true"; 44 - }; 45 - }; 39 + rcloneOptions = lib.mkOption { 40 + type = 41 + with lib.types; 42 + nullOr ( 43 + attrsOf (oneOf [ 44 + str 45 + bool 46 + ]) 47 + ); 48 + default = null; 49 + description = '' 50 + Options to pass to rclone to control its behavior. 51 + See <https://rclone.org/docs/#options> for 52 + available options. When specifying option names, strip the 53 + leading `--`. To set a flag such as 54 + `--drive-use-trash`, which does not take a value, 55 + set the value to the Boolean `true`. 56 + ''; 57 + example = { 58 + bwlimit = "10M"; 59 + drive-use-trash = "true"; 60 + }; 61 + }; 46 62 47 - rcloneConfig = lib.mkOption { 48 - type = with lib.types; nullOr (attrsOf (oneOf [ str bool ])); 49 - default = null; 50 - description = '' 51 - Configuration for the rclone remote being used for backup. 52 - See the remote's specific options under rclone's docs at 53 - <https://rclone.org/docs/>. When specifying 54 - option names, use the "config" name specified in the docs. 55 - For example, to set `--b2-hard-delete` for a B2 56 - remote, use `hard_delete = true` in the 57 - attribute set. 58 - Warning: Secrets set in here will be world-readable in the Nix 59 - store! Consider using the `rcloneConfigFile` 60 - option instead to specify secret values separately. Note that 61 - options set here will override those set in the config file. 62 - ''; 63 - example = { 64 - type = "b2"; 65 - account = "xxx"; 66 - key = "xxx"; 67 - hard_delete = true; 68 - }; 69 - }; 63 + rcloneConfig = lib.mkOption { 64 + type = 65 + with lib.types; 66 + nullOr ( 67 + attrsOf (oneOf [ 68 + str 69 + bool 70 + ]) 71 + ); 72 + default = null; 73 + description = '' 74 + Configuration for the rclone remote being used for backup. 75 + See the remote's specific options under rclone's docs at 76 + <https://rclone.org/docs/>. When specifying 77 + option names, use the "config" name specified in the docs. 78 + For example, to set `--b2-hard-delete` for a B2 79 + remote, use `hard_delete = true` in the 80 + attribute set. 81 + Warning: Secrets set in here will be world-readable in the Nix 82 + store! Consider using the `rcloneConfigFile` 83 + option instead to specify secret values separately. Note that 84 + options set here will override those set in the config file. 85 + ''; 86 + example = { 87 + type = "b2"; 88 + account = "xxx"; 89 + key = "xxx"; 90 + hard_delete = true; 91 + }; 92 + }; 70 93 71 - rcloneConfigFile = lib.mkOption { 72 - type = with lib.types; nullOr path; 73 - default = null; 74 - description = '' 75 - Path to the file containing rclone configuration. This file 76 - must contain configuration for the remote specified in this backup 77 - set and also must be readable by root. Options set in 78 - `rcloneConfig` will override those set in this 79 - file. 80 - ''; 81 - }; 94 + rcloneConfigFile = lib.mkOption { 95 + type = with lib.types; nullOr path; 96 + default = null; 97 + description = '' 98 + Path to the file containing rclone configuration. This file 99 + must contain configuration for the remote specified in this backup 100 + set and also must be readable by root. Options set in 101 + `rcloneConfig` will override those set in this 102 + file. 103 + ''; 104 + }; 82 105 83 - inhibitsSleep = lib.mkOption { 84 - default = false; 85 - type = lib.types.bool; 86 - example = true; 87 - description = '' 88 - Prevents the system from sleeping while backing up. 89 - ''; 90 - }; 106 + inhibitsSleep = lib.mkOption { 107 + default = false; 108 + type = lib.types.bool; 109 + example = true; 110 + description = '' 111 + Prevents the system from sleeping while backing up. 112 + ''; 113 + }; 91 114 92 - repository = lib.mkOption { 93 - type = with lib.types; nullOr str; 94 - default = null; 95 - description = '' 96 - repository to backup to. 97 - ''; 98 - example = "sftp:backup@192.168.1.100:/backups/${name}"; 99 - }; 115 + repository = lib.mkOption { 116 + type = with lib.types; nullOr str; 117 + default = null; 118 + description = '' 119 + repository to backup to. 120 + ''; 121 + example = "sftp:backup@192.168.1.100:/backups/${name}"; 122 + }; 100 123 101 - repositoryFile = lib.mkOption { 102 - type = with lib.types; nullOr path; 103 - default = null; 104 - description = '' 105 - Path to the file containing the repository location to backup to. 106 - ''; 107 - }; 124 + repositoryFile = lib.mkOption { 125 + type = with lib.types; nullOr path; 126 + default = null; 127 + description = '' 128 + Path to the file containing the repository location to backup to. 129 + ''; 130 + }; 108 131 109 - paths = lib.mkOption { 110 - # This is nullable for legacy reasons only. We should consider making it a pure listOf 111 - # after some time has passed since this comment was added. 112 - type = lib.types.nullOr (lib.types.listOf lib.types.str); 113 - default = [ ]; 114 - description = '' 115 - Which paths to backup, in addition to ones specified via 116 - `dynamicFilesFrom`. If null or an empty array and 117 - `dynamicFilesFrom` is also null, no backup command will be run. 118 - This can be used to create a prune-only job. 119 - ''; 120 - example = [ 121 - "/var/lib/postgresql" 122 - "/home/user/backup" 123 - ]; 124 - }; 132 + paths = lib.mkOption { 133 + # This is nullable for legacy reasons only. We should consider making it a pure listOf 134 + # after some time has passed since this comment was added. 135 + type = lib.types.nullOr (lib.types.listOf lib.types.str); 136 + default = [ ]; 137 + description = '' 138 + Which paths to backup, in addition to ones specified via 139 + `dynamicFilesFrom`. If null or an empty array and 140 + `dynamicFilesFrom` is also null, no backup command will be run. 141 + This can be used to create a prune-only job. 142 + ''; 143 + example = [ 144 + "/var/lib/postgresql" 145 + "/home/user/backup" 146 + ]; 147 + }; 125 148 126 - exclude = lib.mkOption { 127 - type = lib.types.listOf lib.types.str; 128 - default = [ ]; 129 - description = '' 130 - Patterns to exclude when backing up. See 131 - https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files for 132 - details on syntax. 133 - ''; 134 - example = [ 135 - "/var/cache" 136 - "/home/*/.cache" 137 - ".git" 138 - ]; 139 - }; 149 + exclude = lib.mkOption { 150 + type = lib.types.listOf lib.types.str; 151 + default = [ ]; 152 + description = '' 153 + Patterns to exclude when backing up. See 154 + https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files for 155 + details on syntax. 156 + ''; 157 + example = [ 158 + "/var/cache" 159 + "/home/*/.cache" 160 + ".git" 161 + ]; 162 + }; 140 163 141 - timerConfig = lib.mkOption { 142 - type = lib.types.nullOr (lib.types.attrsOf unitOption); 143 - default = { 144 - OnCalendar = "daily"; 145 - Persistent = true; 146 - }; 147 - description = '' 148 - When to run the backup. See {manpage}`systemd.timer(5)` for 149 - details. If null no timer is created and the backup will only 150 - run when explicitly started. 151 - ''; 152 - example = { 153 - OnCalendar = "00:05"; 154 - RandomizedDelaySec = "5h"; 155 - Persistent = true; 156 - }; 157 - }; 164 + timerConfig = lib.mkOption { 165 + type = lib.types.nullOr (lib.types.attrsOf unitOption); 166 + default = { 167 + OnCalendar = "daily"; 168 + Persistent = true; 169 + }; 170 + description = '' 171 + When to run the backup. See {manpage}`systemd.timer(5)` for 172 + details. If null no timer is created and the backup will only 173 + run when explicitly started. 174 + ''; 175 + example = { 176 + OnCalendar = "00:05"; 177 + RandomizedDelaySec = "5h"; 178 + Persistent = true; 179 + }; 180 + }; 158 181 159 - user = lib.mkOption { 160 - type = lib.types.str; 161 - default = "root"; 162 - description = '' 163 - As which user the backup should run. 164 - ''; 165 - example = "postgresql"; 166 - }; 182 + user = lib.mkOption { 183 + type = lib.types.str; 184 + default = "root"; 185 + description = '' 186 + As which user the backup should run. 187 + ''; 188 + example = "postgresql"; 189 + }; 167 190 168 - extraBackupArgs = lib.mkOption { 169 - type = lib.types.listOf lib.types.str; 170 - default = [ ]; 171 - description = '' 172 - Extra arguments passed to restic backup. 173 - ''; 174 - example = [ 175 - "--exclude-file=/etc/nixos/restic-ignore" 176 - ]; 177 - }; 191 + extraBackupArgs = lib.mkOption { 192 + type = lib.types.listOf lib.types.str; 193 + default = [ ]; 194 + description = '' 195 + Extra arguments passed to restic backup. 196 + ''; 197 + example = [ 198 + "--exclude-file=/etc/nixos/restic-ignore" 199 + ]; 200 + }; 178 201 179 - extraOptions = lib.mkOption { 180 - type = lib.types.listOf lib.types.str; 181 - default = [ ]; 182 - description = '' 183 - Extra extended options to be passed to the restic --option flag. 184 - ''; 185 - example = [ 186 - "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'" 187 - ]; 188 - }; 202 + extraOptions = lib.mkOption { 203 + type = lib.types.listOf lib.types.str; 204 + default = [ ]; 205 + description = '' 206 + Extra extended options to be passed to the restic --option flag. 207 + ''; 208 + example = [ 209 + "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'" 210 + ]; 211 + }; 189 212 190 - initialize = lib.mkOption { 191 - type = lib.types.bool; 192 - default = false; 193 - description = '' 194 - Create the repository if it doesn't exist. 195 - ''; 196 - }; 213 + initialize = lib.mkOption { 214 + type = lib.types.bool; 215 + default = false; 216 + description = '' 217 + Create the repository if it doesn't exist. 218 + ''; 219 + }; 220 + 221 + pruneOpts = lib.mkOption { 222 + type = lib.types.listOf lib.types.str; 223 + default = [ ]; 224 + description = '' 225 + A list of options (--keep-\* et al.) for 'restic forget 226 + --prune', to automatically prune old snapshots. The 227 + 'forget' command is run *after* the 'backup' command, so 228 + keep that in mind when constructing the --keep-\* options. 229 + ''; 230 + example = [ 231 + "--keep-daily 7" 232 + "--keep-weekly 5" 233 + "--keep-monthly 12" 234 + "--keep-yearly 75" 235 + ]; 236 + }; 197 237 198 - pruneOpts = lib.mkOption { 199 - type = lib.types.listOf lib.types.str; 200 - default = [ ]; 201 - description = '' 202 - A list of options (--keep-\* et al.) for 'restic forget 203 - --prune', to automatically prune old snapshots. The 204 - 'forget' command is run *after* the 'backup' command, so 205 - keep that in mind when constructing the --keep-\* options. 206 - ''; 207 - example = [ 208 - "--keep-daily 7" 209 - "--keep-weekly 5" 210 - "--keep-monthly 12" 211 - "--keep-yearly 75" 212 - ]; 213 - }; 238 + runCheck = lib.mkOption { 239 + type = lib.types.bool; 240 + default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0); 241 + defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; 242 + description = "Whether to run the `check` command with the provided `checkOpts` options."; 243 + example = true; 244 + }; 214 245 215 - runCheck = lib.mkOption { 216 - type = lib.types.bool; 217 - default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0); 218 - defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0''; 219 - description = "Whether to run the `check` command with the provided `checkOpts` options."; 220 - example = true; 221 - }; 246 + checkOpts = lib.mkOption { 247 + type = lib.types.listOf lib.types.str; 248 + default = [ ]; 249 + description = '' 250 + A list of options for 'restic check'. 251 + ''; 252 + example = [ 253 + "--with-cache" 254 + ]; 255 + }; 222 256 223 - checkOpts = lib.mkOption { 224 - type = lib.types.listOf lib.types.str; 225 - default = [ ]; 226 - description = '' 227 - A list of options for 'restic check'. 228 - ''; 229 - example = [ 230 - "--with-cache" 231 - ]; 232 - }; 257 + dynamicFilesFrom = lib.mkOption { 258 + type = with lib.types; nullOr str; 259 + default = null; 260 + description = '' 261 + A script that produces a list of files to back up. The 262 + results of this command are given to the '--files-from' 263 + option. The result is merged with paths specified via `paths`. 264 + ''; 265 + example = "find /home/matt/git -type d -name .git"; 266 + }; 233 267 234 - dynamicFilesFrom = lib.mkOption { 235 - type = with lib.types; nullOr str; 236 - default = null; 237 - description = '' 238 - A script that produces a list of files to back up. The 239 - results of this command are given to the '--files-from' 240 - option. The result is merged with paths specified via `paths`. 241 - ''; 242 - example = "find /home/matt/git -type d -name .git"; 243 - }; 268 + backupPrepareCommand = lib.mkOption { 269 + type = with lib.types; nullOr str; 270 + default = null; 271 + description = '' 272 + A script that must run before starting the backup process. 273 + ''; 274 + }; 244 275 245 - backupPrepareCommand = lib.mkOption { 246 - type = with lib.types; nullOr str; 247 - default = null; 248 - description = '' 249 - A script that must run before starting the backup process. 250 - ''; 251 - }; 276 + backupCleanupCommand = lib.mkOption { 277 + type = with lib.types; nullOr str; 278 + default = null; 279 + description = '' 280 + A script that must run after finishing the backup process. 281 + ''; 282 + }; 252 283 253 - backupCleanupCommand = lib.mkOption { 254 - type = with lib.types; nullOr str; 255 - default = null; 256 - description = '' 257 - A script that must run after finishing the backup process. 258 - ''; 259 - }; 284 + package = lib.mkPackageOption pkgs "restic" { }; 260 285 261 - package = lib.mkPackageOption pkgs "restic" { }; 286 + createWrapper = lib.mkOption { 287 + type = lib.types.bool; 288 + default = true; 289 + description = '' 290 + Whether to generate and add a script to the system path, that has the same environment variables set 291 + as the systemd service. This can be used to e.g. mount snapshots or perform other opterations, without 292 + having to manually specify most options. 293 + ''; 294 + }; 262 295 263 - createWrapper = lib.mkOption { 264 - type = lib.types.bool; 265 - default = true; 266 - description = '' 267 - Whether to generate and add a script to the system path, that has the same environment variables set 268 - as the systemd service. This can be used to e.g. mount snapshots or perform other opterations, without 269 - having to manually specify most options. 270 - ''; 271 - }; 272 - }; 273 - })); 296 + progressFps = lib.mkOption { 297 + type = with lib.types; nullOr numbers.nonnegative; 298 + default = null; 299 + description = '' 300 + Controls the frequency of progress reporting. 301 + ''; 302 + example = 0.1; 303 + }; 304 + }; 305 + } 306 + ) 307 + ); 274 308 default = { }; 275 309 example = { 276 310 localbackup = { ··· 300 334 assertion = (v.repository == null) != (v.repositoryFile == null); 301 335 message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set"; 302 336 }) config.services.restic.backups; 303 - systemd.services = 304 - lib.mapAttrs' 305 - (name: backup: 306 - let 307 - extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; 308 - inhibitCmd = lib.concatStringsSep " " [ 309 - "${pkgs.systemd}/bin/systemd-inhibit" 310 - "--mode='block'" 311 - "--who='restic'" 312 - "--what='sleep'" 313 - "--why=${lib.escapeShellArg "Scheduled backup ${name}"} " 314 - ]; 315 - resticCmd = "${lib.optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; 316 - excludeFlags = lib.optional (backup.exclude != []) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}"; 317 - filesFromTmpFile = "/run/restic-backups-${name}/includes"; 318 - doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != []); 319 - pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [ 320 - (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts)) 321 - ]; 322 - checkCmd = lib.optionals backup.runCheck [ 323 - (resticCmd + " check " + (lib.concatStringsSep " " backup.checkOpts)) 324 - ]; 325 - # Helper functions for rclone remotes 326 - rcloneRemoteName = builtins.elemAt (lib.splitString ":" backup.repository) 1; 327 - rcloneAttrToOpt = v: "RCLONE_" + lib.toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); 328 - rcloneAttrToConf = v: "RCLONE_CONFIG_" + lib.toUpper (rcloneRemoteName + "_" + v); 329 - toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; 330 - in 331 - lib.nameValuePair "restic-backups-${name}" ({ 332 - environment = { 337 + systemd.services = lib.mapAttrs' ( 338 + name: backup: 339 + let 340 + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; 341 + inhibitCmd = lib.concatStringsSep " " [ 342 + "${pkgs.systemd}/bin/systemd-inhibit" 343 + "--mode='block'" 344 + "--who='restic'" 345 + "--what='sleep'" 346 + "--why=${lib.escapeShellArg "Scheduled backup ${name}"} " 347 + ]; 348 + resticCmd = "${lib.optionalString backup.inhibitsSleep inhibitCmd}${backup.package}/bin/restic${extraOptions}"; 349 + excludeFlags = lib.optional ( 350 + backup.exclude != [ ] 351 + ) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}"; 352 + filesFromTmpFile = "/run/restic-backups-${name}/includes"; 353 + doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != [ ]); 354 + pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [ 355 + (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts)) 356 + ]; 357 + checkCmd = lib.optionals backup.runCheck [ 358 + (resticCmd + " check " + (lib.concatStringsSep " " backup.checkOpts)) 359 + ]; 360 + # Helper functions for rclone remotes 361 + rcloneRemoteName = builtins.elemAt (lib.splitString ":" backup.repository) 1; 362 + rcloneAttrToOpt = v: "RCLONE_" + lib.toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v); 363 + rcloneAttrToConf = v: "RCLONE_CONFIG_" + lib.toUpper (rcloneRemoteName + "_" + v); 364 + toRcloneVal = v: if lib.isBool v then lib.boolToString v else v; 365 + in 366 + lib.nameValuePair "restic-backups-${name}" ( 367 + { 368 + environment = 369 + { 333 370 # not %C, because that wouldn't work in the wrapper script 334 371 RESTIC_CACHE_DIR = "/var/cache/restic-backups-${name}"; 335 372 RESTIC_PASSWORD_FILE = backup.passwordFile; 336 373 RESTIC_REPOSITORY = backup.repository; 337 374 RESTIC_REPOSITORY_FILE = backup.repositoryFile; 338 - } // lib.optionalAttrs (backup.rcloneOptions != null) (lib.mapAttrs' 339 - (name: value: 340 - lib.nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) 341 - ) 342 - backup.rcloneOptions) // lib.optionalAttrs (backup.rcloneConfigFile != null) { 375 + } 376 + // lib.optionalAttrs (backup.rcloneOptions != null) ( 377 + lib.mapAttrs' ( 378 + name: value: lib.nameValuePair (rcloneAttrToOpt name) (toRcloneVal value) 379 + ) backup.rcloneOptions 380 + ) 381 + // lib.optionalAttrs (backup.rcloneConfigFile != null) { 343 382 RCLONE_CONFIG = backup.rcloneConfigFile; 344 - } // lib.optionalAttrs (backup.rcloneConfig != null) (lib.mapAttrs' 345 - (name: value: 346 - lib.nameValuePair (rcloneAttrToConf name) (toRcloneVal value) 347 - ) 348 - backup.rcloneConfig); 349 - path = [ config.programs.ssh.package ]; 350 - restartIfChanged = false; 351 - wants = [ "network-online.target" ]; 352 - after = [ "network-online.target" ]; 353 - serviceConfig = { 383 + } 384 + // lib.optionalAttrs (backup.rcloneConfig != null) ( 385 + lib.mapAttrs' ( 386 + name: value: lib.nameValuePair (rcloneAttrToConf name) (toRcloneVal value) 387 + ) backup.rcloneConfig 388 + ) 389 + // lib.optionalAttrs (backup.progressFps != null) { 390 + RESTIC_PROGRESS_FPS = toString backup.progressFps; 391 + }; 392 + path = [ config.programs.ssh.package ]; 393 + restartIfChanged = false; 394 + wants = [ "network-online.target" ]; 395 + after = [ "network-online.target" ]; 396 + serviceConfig = 397 + { 354 398 Type = "oneshot"; 355 - ExecStart = (lib.optionals doBackup [ "${resticCmd} backup ${lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)} --files-from=${filesFromTmpFile}" ]) 356 - ++ pruneCmd ++ checkCmd; 399 + ExecStart = 400 + (lib.optionals doBackup [ 401 + "${resticCmd} backup ${ 402 + lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags) 403 + } --files-from=${filesFromTmpFile}" 404 + ]) 405 + ++ pruneCmd 406 + ++ checkCmd; 357 407 User = backup.user; 358 408 RuntimeDirectory = "restic-backups-${name}"; 359 409 CacheDirectory = "restic-backups-${name}"; 360 410 CacheDirectoryMode = "0700"; 361 411 PrivateTmp = true; 362 - } // lib.optionalAttrs (backup.environmentFile != null) { 412 + } 413 + // lib.optionalAttrs (backup.environmentFile != null) { 363 414 EnvironmentFile = backup.environmentFile; 364 415 }; 365 - } // lib.optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { 366 - preStart = '' 367 - ${lib.optionalString (backup.backupPrepareCommand != null) '' 368 - ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} 369 - ''} 370 - ${lib.optionalString (backup.initialize) '' 371 - ${resticCmd} cat config > /dev/null || ${resticCmd} init 372 - ''} 373 - ${lib.optionalString (backup.paths != null && backup.paths != []) '' 374 - cat ${pkgs.writeText "staticPaths" (lib.concatLines backup.paths)} >> ${filesFromTmpFile} 375 - ''} 376 - ${lib.optionalString (backup.dynamicFilesFrom != null) '' 377 - ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} >> ${filesFromTmpFile} 378 - ''} 379 - ''; 380 - } // lib.optionalAttrs (doBackup || backup.backupCleanupCommand != null) { 381 - postStop = '' 382 - ${lib.optionalString (backup.backupCleanupCommand != null) '' 383 - ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} 384 - ''} 385 - ${lib.optionalString doBackup '' 386 - rm ${filesFromTmpFile} 387 - ''} 388 - ''; 389 - }) 390 - ) 391 - config.services.restic.backups; 392 - systemd.timers = 393 - lib.mapAttrs' 394 - (name: backup: lib.nameValuePair "restic-backups-${name}" { 395 - wantedBy = [ "timers.target" ]; 396 - timerConfig = backup.timerConfig; 397 - }) 398 - (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); 416 + } 417 + // lib.optionalAttrs (backup.initialize || doBackup || backup.backupPrepareCommand != null) { 418 + preStart = '' 419 + ${lib.optionalString (backup.backupPrepareCommand != null) '' 420 + ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand} 421 + ''} 422 + ${lib.optionalString (backup.initialize) '' 423 + ${resticCmd} cat config > /dev/null || ${resticCmd} init 424 + ''} 425 + ${lib.optionalString (backup.paths != null && backup.paths != [ ]) '' 426 + cat ${pkgs.writeText "staticPaths" (lib.concatLines backup.paths)} >> ${filesFromTmpFile} 427 + ''} 428 + ${lib.optionalString (backup.dynamicFilesFrom != null) '' 429 + ${pkgs.writeScript "dynamicFilesFromScript" backup.dynamicFilesFrom} >> ${filesFromTmpFile} 430 + ''} 431 + ''; 432 + } 433 + // lib.optionalAttrs (doBackup || backup.backupCleanupCommand != null) { 434 + postStop = '' 435 + ${lib.optionalString (backup.backupCleanupCommand != null) '' 436 + ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand} 437 + ''} 438 + ${lib.optionalString doBackup '' 439 + rm ${filesFromTmpFile} 440 + ''} 441 + ''; 442 + } 443 + ) 444 + ) config.services.restic.backups; 445 + systemd.timers = lib.mapAttrs' ( 446 + name: backup: 447 + lib.nameValuePair "restic-backups-${name}" { 448 + wantedBy = [ "timers.target" ]; 449 + timerConfig = backup.timerConfig; 450 + } 451 + ) (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups); 399 452 400 453 # generate wrapper scripts, as described in the createWrapper option 401 - environment.systemPackages = lib.mapAttrsToList (name: backup: let 402 - extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; 403 - resticCmd = "${backup.package}/bin/restic${extraOptions}"; 404 - in pkgs.writeShellScriptBin "restic-${name}" '' 405 - set -a # automatically export variables 406 - ${lib.optionalString (backup.environmentFile != null) "source ${backup.environmentFile}"} 407 - # set same environment variables as the systemd service 408 - ${lib.pipe config.systemd.services."restic-backups-${name}".environment [ 409 - (lib.filterAttrs (n: v: v != null && n != "PATH")) 410 - (lib.mapAttrsToList (n: v: "${n}=${v}")) 411 - (lib.concatStringsSep "\n") 412 - ]} 413 - PATH=${config.systemd.services."restic-backups-${name}".environment.PATH}:$PATH 454 + environment.systemPackages = lib.mapAttrsToList ( 455 + name: backup: 456 + let 457 + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") backup.extraOptions; 458 + resticCmd = "${backup.package}/bin/restic${extraOptions}"; 459 + in 460 + pkgs.writeShellScriptBin "restic-${name}" '' 461 + set -a # automatically export variables 462 + ${lib.optionalString (backup.environmentFile != null) "source ${backup.environmentFile}"} 463 + # set same environment variables as the systemd service 464 + ${lib.pipe config.systemd.services."restic-backups-${name}".environment [ 465 + (lib.filterAttrs (n: v: v != null && n != "PATH")) 466 + (lib.mapAttrsToList (n: v: "${n}=${v}")) 467 + (lib.concatStringsSep "\n") 468 + ]} 469 + PATH=${config.systemd.services."restic-backups-${name}".environment.PATH}:$PATH 414 470 415 - exec ${resticCmd} "$@" 416 - '') (lib.filterAttrs (_: v: v.createWrapper) config.services.restic.backups); 471 + exec ${resticCmd} "$@" 472 + '' 473 + ) (lib.filterAttrs (_: v: v.createWrapper) config.services.restic.backups); 417 474 }; 418 475 }

+13 -1

nixos/modules/services/web-apps/immich.nix

··· 20 20 NoNewPrivileges = true; 21 21 PrivateUsers = true; 22 22 PrivateTmp = true; 23 - PrivateDevices = true; 23 + PrivateDevices = cfg.accelerationDevices == [ ]; 24 + DeviceAllow = mkIf (cfg.accelerationDevices != null) cfg.accelerationDevices; 24 25 PrivateMounts = true; 25 26 ProtectClock = true; 26 27 ProtectControlGroups = true; ··· 159 160 Extra configuration environment variables. Refer to the [documentation](https://immich.app/docs/install/environment-variables) for options tagged with 'machine-learning'. 160 161 ''; 161 162 }; 163 + }; 164 + 165 + accelerationDevices = mkOption { 166 + type = types.nullOr (types.listOf types.str); 167 + default = [ ]; 168 + example = [ "/dev/dri/renderD128" ]; 169 + description = '' 170 + A list of device paths to hardware acceleration devices that immich should 171 + have access to. This is useful when transcoding media files. 172 + The special value `[ ]` will disallow all devices using `PrivateDevices`. `null` will give access to all devices. 173 + ''; 162 174 }; 163 175 164 176 database = {

+24

pkgs/applications/editors/vim/plugins/generated.nix

··· 1314 1314 meta.homepage = "https://github.com/ribru17/blink-cmp-spell/"; 1315 1315 }; 1316 1316 1317 + blink-cmp-git = buildVimPlugin { 1318 + pname = "blink-cmp-git"; 1319 + version = "2025-01-27"; 1320 + src = fetchFromGitHub { 1321 + owner = "Kaiser-Yang"; 1322 + repo = "blink-cmp-git"; 1323 + rev = "7c6cfa3d427f50a6eae5c38628b31b8675bab05d"; 1324 + sha256 = "08hfwnjgsl88bkphpdxkdswdnc10mlxpsrk084kgzk4j19w55gyq"; 1325 + }; 1326 + meta.homepage = "https://github.com/Kaiser-Yang/blink-cmp-git/"; 1327 + }; 1328 + 1317 1329 blink-compat = buildVimPlugin { 1318 1330 pname = "blink.compat"; 1319 1331 version = "2025-01-20"; ··· 3017 3029 sha256 = "1d4r12j5vx4hac8nf0d0j0bqdh9jjsij0cdlr8x9acbq3p0lcwv0"; 3018 3030 }; 3019 3031 meta.homepage = "https://github.com/hat0uma/csvview.nvim/"; 3032 + }; 3033 + 3034 + ctags-lsp-nvim = buildVimPlugin { 3035 + pname = "ctags-lsp.nvim"; 3036 + version = "2024-12-08"; 3037 + src = fetchFromGitHub { 3038 + owner = "netmute"; 3039 + repo = "ctags-lsp.nvim"; 3040 + rev = "aaae7b5d8dc7aeb836c63301b8eb7311af49bb2a"; 3041 + sha256 = "06h388vkp8nv15wbh96pza85994xf979s7kjqrli4s6y5ygw6m02"; 3042 + }; 3043 + meta.homepage = "https://github.com/netmute/ctags-lsp.nvim/"; 3020 3044 }; 3021 3045 3022 3046 ctrlp-cmatcher = buildVimPlugin {

+4

pkgs/applications/editors/vim/plugins/overrides.nix

··· 296 296 dependencies = [ self.blink-cmp ]; 297 297 }; 298 298 299 + blink-cmp-git = super.blink-cmp-git.overrideAttrs { 300 + dependencies = [ self.plenary-nvim ]; 301 + }; 302 + 299 303 bluloco-nvim = super.bluloco-nvim.overrideAttrs { 300 304 dependencies = [ self.lush-nvim ]; 301 305 };

+2

pkgs/applications/editors/vim/plugins/vim-plugin-names

··· 106 106 https://github.com/LunarVim/bigfile.nvim/,, 107 107 https://github.com/APZelos/blamer.nvim/,HEAD, 108 108 https://github.com/giuxtaposition/blink-cmp-copilot/,HEAD, 109 + https://github.com/Kaiser-Yang/blink-cmp-git/,HEAD, 109 110 https://github.com/ribru17/blink-cmp-spell/,HEAD, 110 111 https://github.com/fang2hou/blink-copilot/,HEAD, 111 112 https://github.com/moyiz/blink-emoji.nvim/,HEAD, ··· 249 250 https://github.com/davidmh/cspell.nvim/,HEAD, 250 251 https://github.com/chrisbra/csv.vim/,, 251 252 https://github.com/hat0uma/csvview.nvim/,HEAD, 253 + https://github.com/netmute/ctags-lsp.nvim/,HEAD, 252 254 https://github.com/JazzCore/ctrlp-cmatcher/,, 253 255 https://github.com/FelikZ/ctrlp-py-matcher/,, 254 256 https://github.com/amiorin/ctrlp-z/,,

+109

pkgs/by-name/cu/cups-brother-dcpl3550cdw/package.nix

··· 1 + { 2 + pkgsi686Linux, 3 + lib, 4 + stdenv, 5 + fetchurl, 6 + dpkg, 7 + makeWrapper, 8 + ghostscript, 9 + file, 10 + gnused, 11 + gnugrep, 12 + coreutils, 13 + which, 14 + perl, 15 + }: 16 + let 17 + version = "1.0.2-0"; 18 + model = "dcpl3550cdw"; 19 + interpreter = "${pkgsi686Linux.stdenv.cc.libc}/lib/ld-linux.so.2"; 20 + in 21 + stdenv.mkDerivation { 22 + pname = "cups-brother-${model}"; 23 + inherit version; 24 + src = fetchurl { 25 + url = "https://download.brother.com/welcome/dlf103919/dcpl3550cdwpdrv-${version}.i386.deb"; 26 + hash = "sha256-FbtqISK3f1q1+JXJ+RP5O/8G0ZW9gcCS7OI0YRljwyY="; 27 + }; 28 + 29 + nativeBuildInputs = [ 30 + dpkg 31 + makeWrapper 32 + ]; 33 + 34 + unpackPhase = '' 35 + runHook preUnpack 36 + 37 + dpkg-deb -x $src $out 38 + 39 + runHook postUnpack 40 + ''; 41 + 42 + installPhase = '' 43 + runHook preInstall 44 + 45 + substituteInPlace $out/opt/brother/Printers/${model}/lpd/filter_${model} \ 46 + --replace-fail /usr/bin/perl ${lib.getExe perl} \ 47 + --replace-fail "PRINTER =~" "PRINTER = \"${model}\"; #" \ 48 + --replace-fail "BR_PRT_PATH =~" "BR_PRT_PATH = \"$out/opt/brother/Printers/${model}/\"; #" 49 + 50 + substituteInPlace $out/opt/brother/Printers/${model}/cupswrapper/brother_lpdwrapper_${model} \ 51 + --replace-fail /usr/bin/perl ${lib.getExe perl} \ 52 + --replace-fail "basedir =~ " "basedir = \"$out/opt/brother/Printers/${model}/\"; #" \ 53 + --replace-fail "PRINTER =~ " "PRINTER = \"${model}\"; #" \ 54 + --replace-fail "LPDCONFIGEXE=" "LPDCONFIGEXE=\"$out/usr/bin/brprintconf_\"; #" 55 + 56 + patchelf --set-interpreter ${interpreter} $out/opt/brother/Printers/${model}/lpd/br${model}filter 57 + patchelf --set-interpreter ${interpreter} $out/usr/bin/brprintconf_${model} 58 + 59 + mkdir -p $out/lib/cups/filter $out/share/cups/model 60 + ln -s $out/opt/brother/Printers/${model}/lpd/filter_${model} $out/lib/cups/filter/brlpdwrapper${model} 61 + ln -s $out/opt/brother/Printers/${model}/cupswrapper/brother_lpdwrapper_${model} $out/lib/cups/filter/brother_lpdwrapper_${model} 62 + ln -s $out/opt/brother/Printers/${model}/cupswrapper/brother_${model}_printer_en.ppd $out/share/cups/model/brother_${model}_printer_en.ppd 63 + 64 + runHook postInstall 65 + ''; 66 + 67 + postFixup = '' 68 + wrapProgram $out/opt/brother/Printers/${model}/lpd/filter_${model} \ 69 + --prefix PATH ":" ${ 70 + lib.makeBinPath [ 71 + ghostscript 72 + file 73 + gnused 74 + gnugrep 75 + coreutils 76 + which 77 + ] 78 + } 79 + wrapProgram $out/opt/brother/Printers/${model}/cupswrapper/brother_lpdwrapper_${model} \ 80 + --prefix PATH ":" ${ 81 + lib.makeBinPath [ 82 + gnugrep 83 + coreutils 84 + ] 85 + } 86 + wrapProgram $out/usr/bin/brprintconf_${model} \ 87 + --set LD_PRELOAD "${pkgsi686Linux.libredirect}/lib/libredirect.so" \ 88 + --set NIX_REDIRECTS /opt=$out/opt 89 + wrapProgram $out/opt/brother/Printers/${model}/lpd/br${model}filter \ 90 + --set LD_PRELOAD "${pkgsi686Linux.libredirect}/lib/libredirect.so" \ 91 + --set NIX_REDIRECTS /opt=$out/opt 92 + ''; 93 + 94 + meta = { 95 + homepage = "https://www.brother.com/"; 96 + downloadPage = "https://support.brother.com/g/b/downloadlist.aspx?c=eu_ot&lang=en&prod=${model}_eu&os=128"; 97 + description = "Brother DCP-L3550CDW printer driver"; 98 + license = with lib.licenses; [ 99 + unfreeRedistributable 100 + gpl2Only 101 + ]; 102 + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; 103 + platforms = [ 104 + "x86_64-linux" 105 + "i686-linux" 106 + ]; 107 + maintainers = with lib.maintainers; [ Tert0 ]; 108 + }; 109 + }

+2 -2

pkgs/by-name/so/soteria/package.nix

··· 22 22 owner = "imvaskel"; 23 23 repo = "soteria"; 24 24 tag = "v${version}"; 25 - hash = "sha256-CinJEzH4GsCAzU8FiInulPHLm73KI4nLlAcskkjgeJM="; 25 + hash = "sha256-T6bJOXSXFWZYAxZ+nTDu+H8Wi75QRKddXkXdSOPwHbI="; 26 26 }; 27 27 28 28 useFetchCargoVendor = true; 29 - cargoHash = "sha256-inesrYFVIRIcckYWjFCG1dYyhLBInC8ODFEXwXgMjb4="; 29 + cargoHash = "sha256-5f915lrymOwg5bPsTp6sxKikCcTpbeia1fQzKnLYGOs="; 30 30 31 31 nativeBuildInputs = [ 32 32 pkg-config

+7 -6

pkgs/by-name/tg/tgpt/package.nix

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "tgpt"; 9 - version = "2.7.4"; 9 + version = "2.9.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "aandrew-me"; 13 13 repo = "tgpt"; 14 14 tag = "v${version}"; 15 - hash = "sha256-Nk+iLsTXnw6RAc1VztW8ZqeUVsywFjMCOBY2yuWbUXQ="; 15 + hash = "sha256-8R6rb4GvSf4nw78Yxcuh9Vct/qUTkQNatRolT1m7JR4="; 16 16 }; 17 17 18 - vendorHash = "sha256-docq/r6yyMPsuUyFbtCMaYfEVL0gLmyTy4PbrAemR00="; 18 + vendorHash = "sha256-HObEC0SqSHJOgiJxlniN4yJ3U8ksv1HeiMhtOiZRq50="; 19 19 20 20 ldflags = [ 21 21 "-s" ··· 25 25 preCheck = '' 26 26 # Remove test which need network access 27 27 rm providers/koboldai/koboldai_test.go 28 + rm providers/phind/phind_test.go 28 29 ''; 29 30 30 - meta = with lib; { 31 + meta = { 31 32 description = "ChatGPT in terminal without needing API keys"; 32 33 homepage = "https://github.com/aandrew-me/tgpt"; 33 34 changelog = "https://github.com/aandrew-me/tgpt/releases/tag/v${version}"; 34 - license = licenses.gpl3Only; 35 - maintainers = with maintainers; [ fab ]; 35 + license = lib.licenses.gpl3Only; 36 + maintainers = with lib.maintainers; [ fab ]; 36 37 mainProgram = "tgpt"; 37 38 }; 38 39 }

+2 -2

pkgs/by-name/vo/volatility3/package.nix

··· 6 6 7 7 python3.pkgs.buildPythonApplication rec { 8 8 pname = "volatility3"; 9 - version = "2.8.0"; 9 + version = "2.11.0"; 10 10 pyproject = true; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "volatilityfoundation"; 14 14 repo = "volatility3"; 15 15 tag = "v${version}"; 16 - hash = "sha256-XMoVfT1Wd8r684y4crTOjW9GklSTkivOGv1Ii10KzII="; 16 + hash = "sha256-X2cTZaEUQm7bE0k2ve4vKj0k1N6zeLXfDzhWm32diVY="; 17 17 }; 18 18 19 19 build-system = with python3.pkgs; [

+3 -5

pkgs/by-name/ya/yara-x/package.nix

··· 3 3 stdenv, 4 4 fetchFromGitHub, 5 5 rustPlatform, 6 - cmake, 7 6 installShellFiles, 8 7 testers, 9 8 yara-x, ··· 11 10 12 11 rustPlatform.buildRustPackage rec { 13 12 pname = "yara-x"; 14 - version = "0.12.0"; 13 + version = "0.13.0"; 15 14 16 15 src = fetchFromGitHub { 17 16 owner = "VirusTotal"; 18 17 repo = "yara-x"; 19 18 tag = "v${version}"; 20 - hash = "sha256-gIYqWRJI/IZwEyc1Fke/CD8PPoSZvwtvOT0rnK+LFIo="; 19 + hash = "sha256-ZSJHvpRZO6Tbw7Ct4oD6QmuV4mJ4RGW5gnT6PTX+nC8="; 21 20 }; 22 21 23 22 useFetchCargoVendor = true; 24 - cargoHash = "sha256-w/jMrWu/JKhrlI5Ux+6UNkIgnVpxJtTX2LU+wP+kYFY="; 23 + cargoHash = "sha256-pD4qyw+TTpmcoX1N3C65VelYszYifm9sFOsEkXEysvo="; 25 24 26 25 nativeBuildInputs = [ 27 - cmake 28 26 installShellFiles 29 27 ]; 30 28

+4 -4

pkgs/development/python-modules/aiosmtplib/default.nix

··· 13 13 14 14 buildPythonPackage rec { 15 15 pname = "aiosmtplib"; 16 - version = "3.0.2"; 16 + version = "4.0.0"; 17 17 pyproject = true; 18 18 19 - disabled = pythonOlder "3.7"; 19 + disabled = pythonOlder "3.9"; 20 20 21 21 src = fetchFromGitHub { 22 22 owner = "cole"; 23 23 repo = "aiosmtplib"; 24 24 tag = "v${version}"; 25 - hash = "sha256-1GuxlgNvzVv6hEQY1Mkv7NxAoOik9gpIS90a6flfC+k="; 25 + hash = "sha256-Bj5wkNaNm9ojjffsS4nNKUucwbitvApIK1Ux88MSOoE="; 26 26 }; 27 27 28 28 build-system = [ hatchling ]; ··· 41 41 description = "Module which provides a SMTP client"; 42 42 homepage = "https://github.com/cole/aiosmtplib"; 43 43 changelog = "https://github.com/cole/aiosmtplib/releases/tag/v${version}"; 44 - license = with licenses; [ mit ]; 44 + license = licenses.mit; 45 45 maintainers = with maintainers; [ fab ]; 46 46 }; 47 47 }

+2 -2

pkgs/development/python-modules/boto3-stubs/default.nix

··· 359 359 360 360 buildPythonPackage rec { 361 361 pname = "boto3-stubs"; 362 - version = "1.36.10"; 362 + version = "1.36.11"; 363 363 pyproject = true; 364 364 365 365 disabled = pythonOlder "3.7"; ··· 367 367 src = fetchPypi { 368 368 pname = "boto3_stubs"; 369 369 inherit version; 370 - hash = "sha256-/fgvvifEuQnfEwgJIv4nsuVlv1tUa/7JgF5m6YPBtdk="; 370 + hash = "sha256-tBzTzvXEQvL3fRCkYJ//qowiMjKzYRVK9nT1WWUfcIk="; 371 371 }; 372 372 373 373 build-system = [ setuptools ];

+2 -2

pkgs/development/python-modules/botocore-stubs/default.nix

··· 10 10 11 11 buildPythonPackage rec { 12 12 pname = "botocore-stubs"; 13 - version = "1.36.10"; 13 + version = "1.36.11"; 14 14 pyproject = true; 15 15 16 16 disabled = pythonOlder "3.7"; ··· 18 18 src = fetchPypi { 19 19 pname = "botocore_stubs"; 20 20 inherit version; 21 - hash = "sha256-Jubwgr4mJigOgCEAK1u1j4DffOmtXgF5AaAxv0FBe4c="; 21 + hash = "sha256-TBjwmUJURW+DTQEp7R9JQhyM2ABHxOXbkAcPafDm89I="; 22 22 }; 23 23 24 24 nativeBuildInputs = [ setuptools ];

+16 -11

pkgs/development/python-modules/enturclient/default.nix

··· 6 6 fetchFromGitHub, 7 7 poetry-core, 8 8 pythonOlder, 9 + unittestCheckHook, 9 10 }: 10 11 11 12 buildPythonPackage rec { 12 13 pname = "enturclient"; 13 14 version = "0.2.4"; 15 + pyproject = true; 16 + 14 17 disabled = pythonOlder "3.8"; 15 18 16 - format = "pyproject"; 17 - 18 19 src = fetchFromGitHub { 19 20 owner = "hfurubotten"; 20 21 repo = pname; ··· 22 23 hash = "sha256-Y2sBPikCAxumylP1LUy8XgjBRCWaNryn5XHSrRjJIIo="; 23 24 }; 24 25 25 - nativeBuildInputs = [ poetry-core ]; 26 + build-system = [ poetry-core ]; 26 27 27 - propagatedBuildInputs = [ 28 + dependencies = [ 28 29 aiohttp 29 30 async-timeout 30 31 ]; 31 32 32 - postPatch = '' 33 - substituteInPlace pyproject.toml \ 34 - --replace 'async_timeout = "^3.0.1"' 'async_timeout = ">=3.0.1"' 35 - ''; 33 + pythonRelaxDeps = [ 34 + "async_timeout" 35 + ]; 36 + 37 + pythonImportsCheck = [ "enturclient" ]; 36 38 37 - # Project has no tests 38 - doCheck = false; 39 + nativeCheckInputs = [ 40 + unittestCheckHook 41 + ]; 39 42 40 - pythonImportsCheck = [ "enturclient" ]; 43 + unittestFlagsArray = [ 44 + "tests/dto/" 45 + ]; 41 46 42 47 meta = with lib; { 43 48 description = "Python library for interacting with the Entur.org API";

+41

pkgs/development/python-modules/pynfsclient/default.nix

··· 1 + { 2 + lib, 3 + buildPythonPackage, 4 + fetchPypi, 5 + pythonAtLeast, 6 + setuptools, 7 + }: 8 + 9 + buildPythonPackage rec { 10 + pname = "pynfsclient"; 11 + version = "0.1.5"; 12 + pyproject = true; 13 + 14 + disabled = pythonAtLeast "3.13"; 15 + 16 + src = fetchPypi { 17 + pname = "pyNfsClient"; 18 + inherit version; 19 + hash = "sha256-xgZL08NlMCpSkALQwklh7Xq16bK2Sm2hAynbrIWsgaU="; 20 + }; 21 + 22 + postPatch = '' 23 + # HISTORY.md is missing 24 + substituteInPlace setup.py \ 25 + --replace-fail "HISTORY.md" "README.rst" 26 + ''; 27 + 28 + build-system = [ setuptools ]; 29 + 30 + # Module has no tests 31 + doCheck = false; 32 + 33 + pythonImportsCheck = [ "pyNfsClient" ]; 34 + 35 + meta = { 36 + description = "Pure python NFS client"; 37 + homepage = "https://pypi.org/project/pyNfsClient/"; 38 + license = lib.licenses.mit; 39 + maintainers = with lib.maintainers; [ fab ]; 40 + }; 41 + }

+2 -2

pkgs/development/tools/analysis/checkov/default.nix

··· 6 6 7 7 python3.pkgs.buildPythonApplication rec { 8 8 pname = "checkov"; 9 - version = "3.2.360"; 9 + version = "3.2.361"; 10 10 pyproject = true; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "bridgecrewio"; 14 14 repo = "checkov"; 15 15 tag = version; 16 - hash = "sha256-kFLtEVbj0XTa19MOS0di6bHBMHeHH4b9+H/iHqV39kU="; 16 + hash = "sha256-7w8oAIBAgYH/TXNnAVKC6E3AT37WJDSSgnpAeRfY4vA="; 17 17 }; 18 18 19 19 patches = [ ./flake8-compat-5.x.patch ];

+2 -1

pkgs/os-specific/linux/kernel/common-config.nix

··· 1342 1342 ACPI_HOTPLUG_CPU = yes; 1343 1343 ACPI_HOTPLUG_MEMORY = yes; 1344 1344 MEMORY_HOTPLUG = yes; 1345 - MEMORY_HOTPLUG_DEFAULT_ONLINE = yes; 1345 + MEMORY_HOTPLUG_DEFAULT_ONLINE = whenOlder "6.14" yes; 1346 + MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO = whenAtLeast "6.14" yes; 1346 1347 MEMORY_HOTREMOVE = yes; 1347 1348 HOTPLUG_CPU = yes; 1348 1349 MIGRATION = yes;

+2 -2

pkgs/os-specific/linux/kernel/kernels-org.json

··· 1 1 { 2 2 "testing": { 3 - "version": "6.13-rc7", 4 - "hash": "sha256:12c9bd0ikppkdpqmvg7g2062s60ks9p0qxx1jis29wl9swr74120" 3 + "version": "6.14-rc1", 4 + "hash": "sha256:0schcgij7kdzj0zb6g3sjf32mq7s388hysrfzjzi5g1y3py21igk" 5 5 }, 6 6 "6.1": { 7 7 "version": "6.1.128",

+2 -2

pkgs/os-specific/linux/kernel/linux-libre.nix

··· 5 5 linux, 6 6 scripts ? fetchsvn { 7 7 url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; 8 - rev = "19683"; 9 - sha256 = "1xp4vslbvvwys2pmms3y9phxwc7gnar3zvbwbgbp9vgjq0bsadjw"; 8 + rev = "19707"; 9 + sha256 = "1ixvavd9rhhwfnyvkdnyyjwckdijh02xppl0sjv1vw9i0jn1s1l2"; 10 10 }, 11 11 ... 12 12 }@args:

+3 -3

pkgs/os-specific/linux/kernel/linux-rt-5.10.nix

··· 10 10 }@args: 11 11 12 12 let 13 - version = "5.10.231-rt123"; # updated by ./update-rt.sh 13 + version = "5.10.233-rt125"; # updated by ./update-rt.sh 14 14 branch = lib.versions.majorMinor version; 15 15 kversion = builtins.elemAt (lib.splitString "-" version) 0; 16 16 in ··· 25 25 26 26 src = fetchurl { 27 27 url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; 28 - sha256 = "0xcnlz5ib4b368z5cyp4qwys3jsbm18wlvwn73rzj2j6rj1lhnjn"; 28 + sha256 = "0lkz2g8r032f027j3gih3f7crx991mrpng9qgqc5k4cc1wl5g7i3"; 29 29 }; 30 30 31 31 kernelPatches = ··· 34 34 name = "rt"; 35 35 patch = fetchurl { 36 36 url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; 37 - sha256 = "01ibh8krzmwdh7229fc3ajbg1mlmd4sv969px6nh7z8fvpb60lfn"; 37 + sha256 = "1cx91p88h169v69lxz7vbjjnxdzdz9v28liypz099xghibwhcwfh"; 38 38 }; 39 39 }; 40 40 in

+3 -3

pkgs/os-specific/linux/kernel/linux-rt-5.15.nix

··· 10 10 }@args: 11 11 12 12 let 13 - version = "5.15.173-rt82"; # updated by ./update-rt.sh 13 + version = "5.15.177-rt83"; # updated by ./update-rt.sh 14 14 branch = lib.versions.majorMinor version; 15 15 kversion = builtins.elemAt (lib.splitString "-" version) 0; 16 16 in ··· 29 29 30 30 src = fetchurl { 31 31 url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; 32 - sha256 = "1a3x3ld6g7ny0hdfqfvj5j2i5sx5l5p236pdnsr0icn9ri3jljwa"; 32 + sha256 = "1q56w3lqwi3ynny6z7siqzv3h8nryksyw70r3fhghca2il4bi7pa"; 33 33 }; 34 34 35 35 kernelPatches = ··· 38 38 name = "rt"; 39 39 patch = fetchurl { 40 40 url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; 41 - sha256 = "1xykbqkj4pqd7rdqnjk91mbdia3lxlng3c2nz7lnhhjnbva6b3vw"; 41 + sha256 = "1rc0cbc5jkgr3q3q2syqidak744lxcq3f5zdq6si2rsfxjz45www"; 42 42 }; 43 43 }; 44 44 in

+3 -3

pkgs/os-specific/linux/kernel/linux-rt-6.1.nix

··· 10 10 }@args: 11 11 12 12 let 13 - version = "6.1.120-rt47"; # updated by ./update-rt.sh 13 + version = "6.1.127-rt48"; # updated by ./update-rt.sh 14 14 branch = lib.versions.majorMinor version; 15 15 kversion = builtins.elemAt (lib.splitString "-" version) 0; 16 16 in ··· 29 29 30 30 src = fetchurl { 31 31 url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; 32 - sha256 = "06gp5fdq0bc39hd8mf9mrdrygdybdr3nzsb58lcapf5vmjw9gjb1"; 32 + sha256 = "0xkqpwhvz6qhaxzg1j993lv1iyvb2zydgq6d8mhdbfkz38fx9c0q"; 33 33 }; 34 34 35 35 kernelPatches = ··· 38 38 name = "rt"; 39 39 patch = fetchurl { 40 40 url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; 41 - sha256 = "0nq8diqbanlkglb0liva3s43wx8g6pr9znvl9cq6df093by4gcya"; 41 + sha256 = "1sq79iibjsph3jmmihabamzmm4sr68sw87jqqa3khzq7f2s6cwmg"; 42 42 }; 43 43 }; 44 44 in

+3 -3

pkgs/os-specific/linux/kernel/linux-rt-6.6.nix

··· 10 10 }@args: 11 11 12 12 let 13 - version = "6.6.65-rt47"; # updated by ./update-rt.sh 13 + version = "6.6.74-rt48"; # updated by ./update-rt.sh 14 14 branch = lib.versions.majorMinor version; 15 15 kversion = builtins.elemAt (lib.splitString "-" version) 0; 16 16 in ··· 29 29 30 30 src = fetchurl { 31 31 url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; 32 - sha256 = "1q53xiwnszchl9c4g4yfxyzk4nffzgb4a7aq9rsyg1jcidp4gqbs"; 32 + sha256 = "0ka9snxl0y57fajy8vszwa4ggn48pid8m1879d4vl3mbicd2nppi"; 33 33 }; 34 34 35 35 kernelPatches = ··· 38 38 name = "rt"; 39 39 patch = fetchurl { 40 40 url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; 41 - sha256 = "1sb6mmbiwh7kijb2bxhlz09dgvd2hpxh6rxghwi1d4cg2151jsr5"; 41 + sha256 = "1rpbbm9fln2v6xigxrsajivr4zmh0nika3nmm1y7ws31njkg57gq"; 42 42 }; 43 43 }; 44 44 in

+9

pkgs/os-specific/linux/systemd/default.nix

··· 17 17 getent, 18 18 glibcLocales, 19 19 autoPatchelfHook, 20 + fetchpatch, 20 21 21 22 # glib is only used during tests (test-bus-gvariant, test-bus-marshal) 22 23 glib, ··· 280 281 "0024-undef-stdin-for-references-using-stdin-as-a-struct-m.patch" 281 282 "0025-adjust-header-inclusion-order-to-avoid-redeclaration.patch" 282 283 "0026-build-path.c-avoid-boot-time-segfault-for-musl.patch" 284 + ] 285 + ++ [ 286 + # add a missing include 287 + (fetchpatch { 288 + url = "https://github.com/systemd/systemd/commit/34fcd3638817060c79e1186b370e46d9b3a7409f.patch"; 289 + hash = "sha256-Uaewo3jPrZGJttlLcqO6cCj1w3IGZmvbur4+TBdIPxc="; 290 + excludes = [ "src/udev/udevd.c" ]; 291 + }) 283 292 ] 284 293 ); 285 294

+2 -2

pkgs/tools/misc/diffoscope/default.nix

··· 106 106 # Note: when upgrading this package, please run the list-missing-tools.sh script as described below! 107 107 python.pkgs.buildPythonApplication rec { 108 108 pname = "diffoscope"; 109 - version = "285"; 109 + version = "287"; 110 110 111 111 src = fetchurl { 112 112 url = "https://diffoscope.org/archive/diffoscope-${version}.tar.bz2"; 113 - hash = "sha256-OTS4Lr2OF1mdIAiPGK31Ptc/gr3D216Z1kvKOMNeaJI="; 113 + hash = "sha256-0s7pT8pAMCE+csd9/+Dv4AbCK0qxDacQ9fNcMYCNDbw="; 114 114 }; 115 115 116 116 outputs = [

+24 -18

pkgs/tools/security/netexec/default.nix

··· 27 27 in 28 28 python.pkgs.buildPythonApplication rec { 29 29 pname = "netexec"; 30 - version = "1.1.0-unstable-2024-01-15"; 30 + version = "1.3.0"; 31 31 pyproject = true; 32 + 33 + src = fetchFromGitHub { 34 + owner = "Pennyw0rth"; 35 + repo = "NetExec"; 36 + tag = "v${version}"; 37 + hash = "sha256-Pub7PAw6CTN4c/PHTPE9KcnDR2a6hSza1ODp3EWMOH0="; 38 + }; 39 + 32 40 pythonRelaxDeps = true; 41 + 33 42 pythonRemoveDeps = [ 34 43 # Fail to detect dev version requirement 35 44 "neo4j" 36 45 ]; 37 46 38 - src = fetchFromGitHub { 39 - owner = "Pennyw0rth"; 40 - repo = "NetExec"; 41 - rev = "9df72e2f68b914dfdbd75b095dd8f577e992615f"; 42 - hash = "sha256-oQHtTE5hdlxHX4uc412VfNUrN0UHVbwI0Mm9kmJpNW4="; 43 - }; 44 - 45 47 postPatch = '' 46 48 substituteInPlace pyproject.toml \ 47 - --replace '{ git = "https://github.com/Pennyw0rth/impacket.git", branch = "gkdi" }' '"*"' \ 48 - --replace '{ git = "https://github.com/Pennyw0rth/oscrypto" }' '"*"' 49 + --replace-fail '{ git = "https://github.com/fortra/impacket.git" }' '"*"' \ 50 + --replace-fail '{ git = "https://github.com/Pennyw0rth/NfsClient" }' '"*"' 49 51 ''; 50 52 51 - nativeBuildInputs = with python.pkgs; [ 53 + build-system = with python.pkgs; [ 52 54 poetry-core 55 + poetry-dynamic-versioning 53 56 ]; 54 57 55 - propagatedBuildInputs = with python.pkgs; [ 58 + dependencies = with python.pkgs; [ 56 59 aardwolf 57 60 aioconsole 58 61 aiosqlite ··· 67 70 masky 68 71 minikerberos 69 72 msgpack 73 + msldap 70 74 neo4j 71 - oscrypto 72 75 paramiko 73 76 pyasn1-modules 74 77 pylnk3 78 + pynfsclient 75 79 pypsrp 76 80 pypykatz 81 + python-dateutil 77 82 python-libnmap 78 83 pywerview 79 84 requests ··· 84 89 xmltodict 85 90 ]; 86 91 87 - nativeCheckInputs = with python.pkgs; [ 88 - pytestCheckHook 89 - ]; 92 + nativeCheckInputs = with python.pkgs; [ pytestCheckHook ]; 93 + 94 + # Tests no longer works out-of-box with 1.3.0 95 + doCheck = false; 90 96 91 97 preCheck = '' 92 98 export HOME=$(mktemp -d) ··· 96 102 description = "Network service exploitation tool (maintained fork of CrackMapExec)"; 97 103 homepage = "https://github.com/Pennyw0rth/NetExec"; 98 104 changelog = "https://github.com/Pennyw0rth/NetExec/releases/tag/v${version}"; 99 - license = with licenses; [ bsd2 ]; 100 - mainProgram = "nxc"; 105 + license = licenses.bsd2; 101 106 maintainers = with maintainers; [ vncsb ]; 107 + mainProgram = "nxc"; 102 108 # FIXME: failing fixupPhase: 103 109 # $ Rewriting #!/nix/store/<hash>-python3-3.11.7/bin/python3.11 to #!/nix/store/<hash>-python3-3.11.7 104 110 # $ /nix/store/<hash>-wrap-python-hook/nix-support/setup-hook: line 65: 47758 Killed: 9 sed -i "$f" -e "1 s^#!/nix/store/<hash>-python3-3.11.7^#!/nix/store/<hash>-python3-3.11.7^"

+2

pkgs/top-level/python-packages.nix

··· 10717 10717 10718 10718 pylsl = callPackage ../development/python-modules/pylsl { }; 10719 10719 10720 + pynfsclient = callPackage ../development/python-modules/pynfsclient { }; 10721 + 10720 10722 pyngo = callPackage ../development/python-modules/pyngo { }; 10721 10723 10722 10724 pyngrok = callPackage ../development/python-modules/pyngrok { };