+2

nixos/doc/manual/release-notes/rl-2511.section.md

··· 23 23 24 24 - [Fediwall](https://fediwall.social), a web application for live displaying toots from mastodon, inspired by mastowall. Available as [services.fediwall](#opt-services.fediwall.enable). 25 25 26 26 + - [umami](https://github.com/umami-software/umami), a simple, fast, privacy-focused alternative to Google Analytics. Available with [services.umami](#opt-services.umami.enable). 27 27 + 26 28 - [FileBrowser](https://filebrowser.org/), a web application for managing and sharing files. Available as [services.filebrowser](#opt-services.filebrowser.enable). 27 29 28 30 - Options under [networking.getaddrinfo](#opt-networking.getaddrinfo.enable) are now allowed to declaratively configure address selection and sorting behavior of `getaddrinfo` in dual-stack networks.

+1

nixos/modules/module-list.nix

··· 1690 1690 ./services/web-apps/szurubooru.nix 1691 1691 ./services/web-apps/trilium.nix 1692 1692 ./services/web-apps/tt-rss.nix 1693 1693 + ./services/web-apps/umami.nix 1693 1694 ./services/web-apps/vikunja.nix 1694 1695 ./services/web-apps/wakapi.nix 1695 1696 ./services/web-apps/weblate.nix

+316

nixos/modules/services/web-apps/umami.nix

··· 1 1 + { 2 2 + config, 3 3 + lib, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + let 8 8 + inherit (lib) 9 9 + concatStringsSep 10 10 + filterAttrs 11 11 + getExe 12 12 + hasPrefix 13 13 + hasSuffix 14 14 + isString 15 15 + literalExpression 16 16 + maintainers 17 17 + mapAttrs 18 18 + mkEnableOption 19 19 + mkIf 20 20 + mkOption 21 21 + mkPackageOption 22 22 + optional 23 23 + optionalString 24 24 + types 25 25 + ; 26 26 + 27 27 + cfg = config.services.umami; 28 28 + 29 29 + nonFileSettings = filterAttrs (k: _: !hasSuffix "_FILE" k) cfg.settings; 30 30 + in 31 31 + { 32 32 + options.services.umami = { 33 33 + enable = mkEnableOption "umami"; 34 34 + 35 35 + package = mkPackageOption pkgs "umami" { } // { 36 36 + apply = 37 37 + pkg: 38 38 + pkg.override { 39 39 + databaseType = cfg.settings.DATABASE_TYPE; 40 40 + collectApiEndpoint = optionalString ( 41 41 + cfg.settings.COLLECT_API_ENDPOINT != null 42 42 + ) cfg.settings.COLLECT_API_ENDPOINT; 43 43 + trackerScriptNames = cfg.settings.TRACKER_SCRIPT_NAME; 44 44 + basePath = cfg.settings.BASE_PATH; 45 45 + }; 46 46 + }; 47 47 + 48 48 + createPostgresqlDatabase = mkOption { 49 49 + type = types.bool; 50 50 + default = true; 51 51 + example = false; 52 52 + description = '' 53 53 + Whether to automatically create the database for Umami using PostgreSQL. 54 54 + Both the database name and username will be `umami`, and the connection is 55 55 + made through unix sockets using peer authentication. 56 56 + ''; 57 57 + }; 58 58 + 59 59 + settings = mkOption { 60 60 + description = '' 61 61 + Additional configuration (environment variables) for Umami, see 62 62 + <https://umami.is/docs/environment-variables> for supported values. 63 63 + ''; 64 64 + 65 65 + type = types.submodule { 66 66 + freeformType = 67 67 + with types; 68 68 + attrsOf (oneOf [ 69 69 + bool 70 70 + int 71 71 + str 72 72 + ]); 73 73 + 74 74 + options = { 75 75 + APP_SECRET_FILE = mkOption { 76 76 + type = types.nullOr ( 77 77 + types.str 78 78 + // { 79 79 + # We don't want users to be able to pass a path literal here but 80 80 + # it should look like a path. 81 81 + check = it: isString it && types.path.check it; 82 82 + } 83 83 + ); 84 84 + default = null; 85 85 + example = "/run/secrets/umamiAppSecret"; 86 86 + description = '' 87 87 + A file containing a secure random string. This is used for signing user sessions. 88 88 + The contents of the file are read through systemd credentials, therefore the 89 89 + user running umami does not need permissions to read the file. 90 90 + If you wish to set this to a string instead (not recommended since it will be 91 91 + placed world-readable in the Nix store), you can use the APP_SECRET option. 92 92 + ''; 93 93 + }; 94 94 + DATABASE_URL = mkOption { 95 95 + type = types.nullOr ( 96 96 + types.str 97 97 + // { 98 98 + check = 99 99 + it: 100 100 + isString it 101 101 + && ((hasPrefix "postgresql://" it) || (hasPrefix "postgres://" it) || (hasPrefix "mysql://" it)); 102 102 + } 103 103 + ); 104 104 + # For some reason, Prisma requires the username in the connection string 105 105 + # and can't derive it from the current user. 106 106 + default = 107 107 + if cfg.createPostgresqlDatabase then 108 108 + "postgresql://umami@localhost/umami?host=/run/postgresql" 109 109 + else 110 110 + null; 111 111 + defaultText = literalExpression ''if config.services.umami.createPostgresqlDatabase then "postgresql://umami@localhost/umami?host=/run/postgresql" else null''; 112 112 + example = "postgresql://root:root@localhost/umami"; 113 113 + description = '' 114 114 + Connection string for the database. Must start with `postgresql://`, `postgres://` 115 115 + or `mysql://`. 116 116 + ''; 117 117 + }; 118 118 + DATABASE_URL_FILE = mkOption { 119 119 + type = types.nullOr ( 120 120 + types.str 121 121 + // { 122 122 + # We don't want users to be able to pass a path literal here but 123 123 + # it should look like a path. 124 124 + check = it: isString it && types.path.check it; 125 125 + } 126 126 + ); 127 127 + default = null; 128 128 + example = "/run/secrets/umamiDatabaseUrl"; 129 129 + description = '' 130 130 + A file containing a connection string for the database. The connection string 131 131 + must start with `postgresql://`, `postgres://` or `mysql://`. 132 132 + If using this, then DATABASE_TYPE must be set to the appropriate value. 133 133 + The contents of the file are read through systemd credentials, therefore the 134 134 + user running umami does not need permissions to read the file. 135 135 + ''; 136 136 + }; 137 137 + DATABASE_TYPE = mkOption { 138 138 + type = types.nullOr ( 139 139 + types.enum [ 140 140 + "postgresql" 141 141 + "mysql" 142 142 + ] 143 143 + ); 144 144 + default = 145 145 + if cfg.settings.DATABASE_URL != null && hasPrefix "mysql://" cfg.settings.DATABASE_URL then 146 146 + "mysql" 147 147 + else 148 148 + "postgresql"; 149 149 + defaultText = literalExpression ''if config.services.umami.settings.DATABASE_URL != null && hasPrefix "mysql://" config.services.umami.settings.DATABASE_URL then "mysql" else "postgresql"''; 150 150 + example = "mysql"; 151 151 + description = '' 152 152 + The type of database to use. This is automatically inferred from DATABASE_URL, but 153 153 + must be set manually if you are using DATABASE_URL_FILE. 154 154 + ''; 155 155 + }; 156 156 + COLLECT_API_ENDPOINT = mkOption { 157 157 + type = types.nullOr types.str; 158 158 + default = null; 159 159 + example = "/api/alternate-send"; 160 160 + description = '' 161 161 + Allows you to send metrics to a location different than the default `/api/send`. 162 162 + ''; 163 163 + }; 164 164 + TRACKER_SCRIPT_NAME = mkOption { 165 165 + type = types.listOf types.str; 166 166 + default = [ ]; 167 167 + example = [ "tracker.js" ]; 168 168 + description = '' 169 169 + Allows you to assign a custom name to the tracker script different from the default `script.js`. 170 170 + ''; 171 171 + }; 172 172 + BASE_PATH = mkOption { 173 173 + type = types.str; 174 174 + default = ""; 175 175 + example = "/analytics"; 176 176 + description = '' 177 177 + Allows you to host Umami under a subdirectory. 178 178 + You may need to update your reverse proxy settings to correctly handle the BASE_PATH prefix. 179 179 + ''; 180 180 + }; 181 181 + DISABLE_UPDATES = mkOption { 182 182 + type = types.bool; 183 183 + default = true; 184 184 + example = false; 185 185 + description = '' 186 186 + Disables the check for new versions of Umami. 187 187 + ''; 188 188 + }; 189 189 + DISABLE_TELEMETRY = mkOption { 190 190 + type = types.bool; 191 191 + default = false; 192 192 + example = true; 193 193 + description = '' 194 194 + Umami collects completely anonymous telemetry data in order help improve the application. 195 195 + You can choose to disable this if you don't want to participate. 196 196 + ''; 197 197 + }; 198 198 + HOSTNAME = mkOption { 199 199 + type = types.str; 200 200 + default = "127.0.0.1"; 201 201 + example = "0.0.0.0"; 202 202 + description = '' 203 203 + The address to listen on. 204 204 + ''; 205 205 + }; 206 206 + PORT = mkOption { 207 207 + type = types.port; 208 208 + default = 3000; 209 209 + example = 3010; 210 210 + description = '' 211 211 + The port to listen on. 212 212 + ''; 213 213 + }; 214 214 + }; 215 215 + }; 216 216 + 217 217 + default = { }; 218 218 + 219 219 + example = { 220 220 + APP_SECRET_FILE = "/run/secrets/umamiAppSecret"; 221 221 + DISABLE_TELEMETRY = true; 222 222 + }; 223 223 + }; 224 224 + }; 225 225 + 226 226 + config = mkIf cfg.enable { 227 227 + assertions = [ 228 228 + { 229 229 + assertion = (cfg.settings.APP_SECRET_FILE != null) != (cfg.settings ? APP_SECRET); 230 230 + message = "One (and only one) of services.umami.settings.APP_SECRET_FILE and services.umami.settings.APP_SECRET must be set."; 231 231 + } 232 232 + { 233 233 + assertion = (cfg.settings.DATABASE_URL_FILE != null) != (cfg.settings.DATABASE_URL != null); 234 234 + message = "One (and only one) of services.umami.settings.DATABASE_URL_FILE and services.umami.settings.DATABASE_URL must be set."; 235 235 + } 236 236 + { 237 237 + assertion = 238 238 + cfg.createPostgresqlDatabase 239 239 + -> cfg.settings.DATABASE_URL == "postgresql://umami@localhost/umami?host=/run/postgresql"; 240 240 + message = "The option config.services.umami.createPostgresqlDatabase is enabled, but config.services.umami.settings.DATABASE_URL has been modified."; 241 241 + } 242 242 + ]; 243 243 + 244 244 + services.postgresql = mkIf cfg.createPostgresqlDatabase { 245 245 + enable = true; 246 246 + ensureDatabases = [ "umami" ]; 247 247 + ensureUsers = [ 248 248 + { 249 249 + name = "umami"; 250 250 + ensureDBOwnership = true; 251 251 + ensureClauses.login = true; 252 252 + } 253 253 + ]; 254 254 + }; 255 255 + 256 256 + systemd.services.umami = { 257 257 + environment = mapAttrs (_: toString) nonFileSettings; 258 258 + 259 259 + description = "Umami: a simple, fast, privacy-focused alternative to Google Analytics"; 260 260 + after = [ "network.target" ] ++ (optional (cfg.createPostgresqlDatabase) "postgresql.service"); 261 261 + wantedBy = [ "multi-user.target" ]; 262 262 + 263 263 + script = 264 264 + let 265 265 + loadCredentials = 266 266 + (optional ( 267 267 + cfg.settings.APP_SECRET_FILE != null 268 268 + ) ''export APP_SECRET="$(systemd-creds cat appSecret)"'') 269 269 + ++ (optional ( 270 270 + cfg.settings.DATABASE_URL_FILE != null 271 271 + ) ''export DATABASE_URL="$(systemd-creds cat databaseUrl)"''); 272 272 + in 273 273 + '' 274 274 + ${concatStringsSep "\n" loadCredentials} 275 275 + ${getExe cfg.package} 276 276 + ''; 277 277 + 278 278 + serviceConfig = { 279 279 + Type = "simple"; 280 280 + Restart = "on-failure"; 281 281 + RestartSec = 3; 282 282 + DynamicUser = true; 283 283 + 284 284 + LoadCredential = 285 285 + (optional (cfg.settings.APP_SECRET_FILE != null) "appSecret:${cfg.settings.APP_SECRET_FILE}") 286 286 + ++ (optional ( 287 287 + cfg.settings.DATABASE_URL_FILE != null 288 288 + ) "databaseUrl:${cfg.settings.DATABASE_URL_FILE}"); 289 289 + 290 290 + # Hardening 291 291 + CapabilityBoundingSet = ""; 292 292 + NoNewPrivileges = true; 293 293 + PrivateUsers = true; 294 294 + PrivateTmp = true; 295 295 + PrivateDevices = true; 296 296 + PrivateMounts = true; 297 297 + ProtectClock = true; 298 298 + ProtectControlGroups = true; 299 299 + ProtectHome = true; 300 300 + ProtectHostname = true; 301 301 + ProtectKernelLogs = true; 302 302 + ProtectKernelModules = true; 303 303 + ProtectKernelTunables = true; 304 304 + RestrictAddressFamilies = (optional cfg.createPostgresqlDatabase "AF_UNIX") ++ [ 305 305 + "AF_INET" 306 306 + "AF_INET6" 307 307 + ]; 308 308 + RestrictNamespaces = true; 309 309 + RestrictRealtime = true; 310 310 + RestrictSUIDSGID = true; 311 311 + }; 312 312 + }; 313 313 + }; 314 314 + 315 315 + meta.maintainers = with maintainers; [ diogotcorreia ]; 316 316 + }

+1

nixos/tests/all-tests.nix

··· 1509 1509 ucarp = runTest ./ucarp.nix; 1510 1510 udisks2 = runTest ./udisks2.nix; 1511 1511 ulogd = runTest ./ulogd/ulogd.nix; 1512 1512 + umami = runTest ./web-apps/umami.nix; 1512 1513 umurmur = runTest ./umurmur.nix; 1513 1514 unbound = runTest ./unbound.nix; 1514 1515 unifi = runTest ./unifi.nix;

+45

nixos/tests/web-apps/umami.nix

··· 1 1 + { lib, ... }: 2 2 + { 3 3 + name = "umami-nixos"; 4 4 + 5 5 + meta.maintainers = with lib.maintainers; [ diogotcorreia ]; 6 6 + 7 7 + nodes.machine = 8 8 + { pkgs, ... }: 9 9 + { 10 10 + services.umami = { 11 11 + enable = true; 12 12 + settings = { 13 13 + APP_SECRET = "very_secret"; 14 14 + }; 15 15 + }; 16 16 + }; 17 17 + 18 18 + testScript = '' 19 19 + import json 20 20 + 21 21 + machine.wait_for_unit("umami.service") 22 22 + 23 23 + machine.wait_for_open_port(3000) 24 24 + machine.succeed("curl --fail http://localhost:3000/") 25 25 + machine.succeed("curl --fail http://localhost:3000/script.js") 26 26 + 27 27 + res = machine.succeed(""" 28 28 + curl -f --json '{ "username": "admin", "password": "umami" }' http://localhost:3000/api/auth/login 29 29 + """) 30 30 + token = json.loads(res)['token'] 31 31 + 32 32 + res = machine.succeed(""" 33 33 + curl -f -H 'Authorization: Bearer %s' --json '{ "domain": "localhost", "name": "Test" }' http://localhost:3000/api/websites 34 34 + """ % token) 35 35 + print(res) 36 36 + websiteId = json.loads(res)['id'] 37 37 + 38 38 + res = machine.succeed(""" 39 39 + curl -f -H 'Authorization: Bearer %s' http://localhost:3000/api/websites/%s 40 40 + """ % (token, websiteId)) 41 41 + website = json.loads(res) 42 42 + assert website["name"] == "Test" 43 43 + assert website["domain"] == "localhost" 44 44 + ''; 45 45 + }

+201

pkgs/by-name/um/umami/package.nix

··· 1 1 + { 2 2 + lib, 3 3 + stdenvNoCC, 4 4 + fetchFromGitHub, 5 5 + fetchurl, 6 6 + makeWrapper, 7 7 + nixosTests, 8 8 + nodejs, 9 9 + pnpm_10, 10 10 + prisma-engines, 11 11 + openssl, 12 12 + rustPlatform, 13 13 + # build variables 14 14 + databaseType ? "postgresql", 15 15 + collectApiEndpoint ? "", 16 16 + trackerScriptNames ? [ ], 17 17 + basePath ? "", 18 18 + }: 19 19 + let 20 20 + sources = lib.importJSON ./sources.json; 21 21 + pnpm = pnpm_10; 22 22 + 23 23 + geocities = stdenvNoCC.mkDerivation { 24 24 + pname = "umami-geocities"; 25 25 + version = sources.geocities.date; 26 26 + src = fetchurl { 27 27 + url = "https://raw.githubusercontent.com/GitSquared/node-geolite2-redist/${sources.geocities.rev}/redist/GeoLite2-City.tar.gz"; 28 28 + inherit (sources.geocities) hash; 29 29 + }; 30 30 + 31 31 + doBuild = false; 32 32 + 33 33 + installPhase = '' 34 34 + mkdir -p $out 35 35 + cp ./GeoLite2-City.mmdb $out/GeoLite2-City.mmdb 36 36 + ''; 37 37 + 38 38 + meta.license = lib.licenses.cc-by-40; 39 39 + }; 40 40 + 41 41 + # Pin the specific version of prisma to the one used by upstream 42 42 + # to guarantee compatibility. 43 43 + prisma-engines' = prisma-engines.overrideAttrs (old: rec { 44 44 + version = "6.7.0"; 45 45 + src = fetchFromGitHub { 46 46 + owner = "prisma"; 47 47 + repo = "prisma-engines"; 48 48 + tag = version; 49 49 + hash = "sha256-Ty8BqWjZluU6a5xhSAVb2VoTVY91UUj6zoVXMKeLO4o="; 50 50 + }; 51 51 + cargoHash = "sha256-HjDoWa/JE6izUd+hmWVI1Yy3cTBlMcvD9ANsvqAoHBI="; 52 52 + 53 53 + cargoDeps = rustPlatform.fetchCargoVendor { 54 54 + inherit (old) pname; 55 55 + inherit src version; 56 56 + hash = cargoHash; 57 57 + }; 58 58 + }); 59 59 + in 60 60 + stdenvNoCC.mkDerivation (finalAttrs: { 61 61 + pname = "umami"; 62 62 + version = "2.19.0"; 63 63 + 64 64 + nativeBuildInputs = [ 65 65 + makeWrapper 66 66 + nodejs 67 67 + pnpm.configHook 68 68 + ]; 69 69 + 70 70 + src = fetchFromGitHub { 71 71 + owner = "umami-software"; 72 72 + repo = "umami"; 73 73 + tag = "v${finalAttrs.version}"; 74 74 + hash = "sha256-luiwGmCujbFGWANSCOiHIov56gsMQ6M+Bj0stcz9he8="; 75 75 + }; 76 76 + 77 77 + # install dev dependencies as well, for rollup 78 78 + pnpmInstallFlags = [ "--prod=false" ]; 79 79 + 80 80 + pnpmDeps = pnpm.fetchDeps { 81 81 + inherit (finalAttrs) 82 82 + pname 83 83 + pnpmInstallFlags 84 84 + version 85 85 + src 86 86 + ; 87 87 + fetcherVersion = 2; 88 88 + hash = "sha256-2GiCeCt/mU5Dm5YHQgJF3127WPHq5QLX8JRcUv6B6lE="; 89 89 + }; 90 90 + 91 91 + env.CYPRESS_INSTALL_BINARY = "0"; 92 92 + env.NODE_ENV = "production"; 93 93 + env.NEXT_TELEMETRY_DISABLED = "1"; 94 94 + 95 95 + # copy-db-files uses this variable to decide which Prisma schema to use 96 96 + env.DATABASE_TYPE = databaseType; 97 97 + 98 98 + env.COLLECT_API_ENDPOINT = collectApiEndpoint; 99 99 + env.TRACKER_SCRIPT_NAME = lib.concatStringsSep "," trackerScriptNames; 100 100 + env.BASE_PATH = basePath; 101 101 + 102 102 + # Allow prisma-cli to find prisma-engines without having to download them 103 103 + env.PRISMA_QUERY_ENGINE_LIBRARY = "${prisma-engines'}/lib/libquery_engine.node"; 104 104 + env.PRISMA_SCHEMA_ENGINE_BINARY = "${prisma-engines'}/bin/schema-engine"; 105 105 + 106 106 + buildPhase = '' 107 107 + runHook preBuild 108 108 + 109 109 + pnpm copy-db-files 110 110 + pnpm build-db-client # prisma generate 111 111 + 112 112 + pnpm build-tracker 113 113 + pnpm build-app 114 114 + 115 115 + runHook postBuild 116 116 + ''; 117 117 + 118 118 + checkPhase = '' 119 119 + runHook preCheck 120 120 + 121 121 + pnpm test 122 122 + 123 123 + runHook postCheck 124 124 + ''; 125 125 + 126 126 + doCheck = true; 127 127 + 128 128 + installPhase = '' 129 129 + runHook preInstall 130 130 + 131 131 + mv .next/standalone $out 132 132 + mv .next/static $out/.next/static 133 133 + 134 134 + # Include prisma cli in next standalone build. 135 135 + # This is preferred to using the prisma in nixpkgs because it guarantees 136 136 + # the version matches. 137 137 + # See https://nextjs-forum.com/post/1280550687998083198 138 138 + # and https://nextjs.org/docs/pages/api-reference/config/next-config-js/output#caveats 139 139 + # Unfortunately, using outputFileTracingIncludes doesn't work because of pnpm's symlink structure, 140 140 + # so we just copy the files manually. 141 141 + mkdir -p $out/node_modules/.bin 142 142 + cp node_modules/.bin/prisma $out/node_modules/.bin 143 143 + cp -a node_modules/prisma $out/node_modules 144 144 + cp -a node_modules/.pnpm/@prisma* $out/node_modules/.pnpm 145 145 + cp -a node_modules/.pnpm/prisma* $out/node_modules/.pnpm 146 146 + # remove broken symlinks (some dependencies that are not relevant for running migrations) 147 147 + find "$out"/node_modules/.pnpm/@prisma* -xtype l -exec rm {} \; 148 148 + find "$out"/node_modules/.pnpm/prisma* -xtype l -exec rm {} \; 149 149 + 150 150 + cp -R public $out/public 151 151 + cp -R prisma $out/prisma 152 152 + 153 153 + ln -s ${geocities} $out/geo 154 154 + 155 155 + mkdir -p $out/bin 156 156 + # Run database migrations before starting umami. 157 157 + # Add openssl to PATH since it is required for prisma to make SSL connections. 158 158 + # Force working directory to $out because umami assumes many paths are relative to it (e.g., prisma and geolite). 159 159 + makeWrapper ${nodejs}/bin/node $out/bin/umami-server \ 160 160 + --set NODE_ENV production \ 161 161 + --set NEXT_TELEMETRY_DISABLED 1 \ 162 162 + --set PRISMA_QUERY_ENGINE_LIBRARY "${prisma-engines'}/lib/libquery_engine.node" \ 163 163 + --set PRISMA_SCHEMA_ENGINE_BINARY "${prisma-engines'}/bin/schema-engine" \ 164 164 + --prefix PATH : ${ 165 165 + lib.makeBinPath [ 166 166 + openssl 167 167 + nodejs 168 168 + ] 169 169 + } \ 170 170 + --chdir $out \ 171 171 + --run "$out/node_modules/.bin/prisma migrate deploy" \ 172 172 + --add-flags "$out/server.js" 173 173 + 174 174 + runHook postInstall 175 175 + ''; 176 176 + 177 177 + passthru = { 178 178 + tests = { 179 179 + inherit (nixosTests) umami; 180 180 + }; 181 181 + inherit 182 182 + sources 183 183 + geocities 184 184 + ; 185 185 + prisma-engines = prisma-engines'; 186 186 + updateScript = ./update.sh; 187 187 + }; 188 188 + 189 189 + meta = with lib; { 190 190 + changelog = "https://github.com/umami-software/umami/releases/tag/v${finalAttrs.version}"; 191 191 + description = "Simple, easy to use, self-hosted web analytics solution"; 192 192 + homepage = "https://umami.is/"; 193 193 + license = with lib.licenses; [ 194 194 + mit 195 195 + cc-by-40 # geocities 196 196 + ]; 197 197 + platforms = lib.platforms.linux; 198 198 + mainProgram = "umami-server"; 199 199 + maintainers = with maintainers; [ diogotcorreia ]; 200 200 + }; 201 201 + })

+7

pkgs/by-name/um/umami/sources.json

··· 1 1 + { 2 2 + "geocities": { 3 3 + "rev": "0817bc800279e26e9ff045b7b129385e5b23012e", 4 4 + "date": "2025-07-29", 5 5 + "hash": "sha256-Rw9UEvUu7rtXFvHEqKza6kn9LwT6C17zJ/ljoN+t6Ek=" 6 6 + } 7 7 + }

+50

pkgs/by-name/um/umami/update.sh

··· 1 1 + #!/usr/bin/env nix-shell 2 2 + #!nix-shell -i bash -p curl jq prefetch-yarn-deps nix-prefetch-github coreutils nix-update 3 3 + # shellcheck shell=bash 4 4 + 5 5 + # This script exists to update geocities version and pin prisma-engines version 6 6 + 7 7 + set -euo pipefail 8 8 + SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" 9 9 + 10 10 + old_version=$(nix-instantiate --eval -A 'umami.version' default.nix | tr -d '"' || echo "0.0.1") 11 11 + version=$(curl -s "https://api.github.com/repos/umami-software/umami/releases/latest" | jq -r ".tag_name") 12 12 + version="${version#v}" 13 13 + 14 14 + echo "Updating to $version" 15 15 + 16 16 + if [[ "$old_version" == "$version" ]]; then 17 17 + echo "Already up to date!" 18 18 + exit 0 19 19 + fi 20 20 + 21 21 + nix-update --version "$version" umami 22 22 + 23 23 + echo "Fetching geolite" 24 24 + geocities_rev_date=$(curl https://api.github.com/repos/GitSquared/node-geolite2-redist/branches/master | jq -r ".commit.sha, .commit.commit.author.date") 25 25 + geocities_rev=$(echo "$geocities_rev_date" | head -1) 26 26 + geocities_date=$(echo "$geocities_rev_date" | tail -1 | sed 's/T.*//') 27 27 + 28 28 + # upstream is kind enough to provide a file with the hash of the tar.gz archive 29 29 + geocities_hash=$(curl -s "https://raw.githubusercontent.com/GitSquared/node-geolite2-redist/$geocities_rev/redist/GeoLite2-City.tar.gz.sha256") 30 30 + geocities_hash_sri=$(nix-hash --to-sri --type sha256 "$geocities_hash") 31 31 + 32 32 + cat <<EOF > "$SCRIPT_DIR/sources.json" 33 33 + { 34 34 + "geocities": { 35 35 + "rev": "$geocities_rev", 36 36 + "date": "$geocities_date", 37 37 + "hash": "$geocities_hash_sri" 38 38 + } 39 39 + } 40 40 + EOF 41 41 + 42 42 + echo "Pinning Prisma version" 43 43 + upstream_src="https://raw.githubusercontent.com/umami-software/umami/v$version" 44 44 + 45 45 + lock=$(mktemp) 46 46 + curl -s -o "$lock" "$upstream_src/pnpm-lock.yaml" 47 47 + prisma_version=$(grep "@prisma/engines@" "$lock" | head -n1 | awk -F"[@']" '{print $4}') 48 48 + rm "$lock" 49 49 + 50 50 + nix-update --version "$prisma_version" umami.prisma-engines