commit 63fd3b2b2cdf0f368b5b8581fcda0f7b45f27e45

+8

maintainers/maintainer-list.nix

··· 10188 10188 githubId = 1064477; 10189 10189 name = "Hannes Hornwall"; 10190 10190 }; 10191 + hougo = { 10192 + name = "Hugo Renard"; 10193 + email = "hugo.renard@proton.me"; 10194 + matrix = "@hougo:liiib.re"; 10195 + github = "hrenard"; 10196 + githubId = 7594435; 10197 + keys = [ { fingerprint = "3AE9 67F9 2C9F 55E9 03C8 283F 3A28 5FD4 7020 9C59"; } ]; 10198 + }; 10191 10199 hoverbear = { 10192 10200 email = "operator+nix@hoverbear.org"; 10193 10201 matrix = "@hoverbear:matrix.org";

+2

nixos/doc/manual/release-notes/rl-2511.section.md

··· 24 24 - [LACT](https://github.com/ilya-zlobintsev/LACT), a GPU monitoring and configuration tool, can now be enabled through [services.lact.enable](#opt-services.lact.enable). 25 25 Note that for LACT to work properly on AMD GPU systems, you need to enable [hardware.amdgpu.overdrive.enable](#opt-hardware.amdgpu.overdrive.enable). 26 26 27 + - [tlsrpt-reporter], an application suite to generate and deliver TLSRPT reports. Available as [services.tlsrpt](#opt-services.tlsrpt.enable). 28 + 27 29 - [Broadcast Box](https://github.com/Glimesh/broadcast-box), a WebRTC broadcast server. Available as [services.broadcast-box](options.html#opt-services.broadcast-box.enable). 28 30 29 31 - Docker now defaults to 28.x, because version 27.x stopped receiving security updates and bug fixes after [May 2, 2025](https://github.com/moby/moby/pull/49910).

+1

nixos/modules/module-list.nix

··· 754 754 ./services/mail/spamassassin.nix 755 755 ./services/mail/stalwart-mail.nix 756 756 ./services/mail/sympa.nix 757 + ./services/mail/tlsrpt.nix 757 758 ./services/mail/zeyple.nix 758 759 ./services/matrix/appservice-discord.nix 759 760 ./services/matrix/appservice-irc.nix

+324

nixos/modules/services/mail/tlsrpt.nix

··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + 8 + let 9 + inherit (lib) 10 + mkEnableOption 11 + mkIf 12 + mkOption 13 + mkPackageOption 14 + types 15 + ; 16 + 17 + cfg = config.services.tlsrpt; 18 + 19 + format = pkgs.formats.ini { }; 20 + dropNullValues = lib.filterAttrsRecursive (_: value: value != null); 21 + 22 + commonServiceSettings = { 23 + DynamicUser = true; 24 + User = "tlsrpt"; 25 + Restart = "always"; 26 + StateDirectory = "tlsrpt"; 27 + StateDirectoryMode = "0700"; 28 + 29 + # Hardening 30 + CapabilityBoundingSet = [ "" ]; 31 + LockPersonality = true; 32 + MemoryDenyWriteExecute = true; 33 + PrivateDevices = true; 34 + PrivateUsers = false; 35 + ProcSubset = "pid"; 36 + ProtectControlGroups = true; 37 + ProtectClock = true; 38 + ProtectHome = true; 39 + ProtectHostname = true; 40 + ProtectKernelLogs = true; 41 + ProtectKernelModules = true; 42 + ProtectKernelTunables = true; 43 + ProtectProc = "noaccess"; 44 + RestrictNamespaces = true; 45 + RestrictRealtime = true; 46 + SystemCallArchitectures = "native"; 47 + SystemCallFilter = [ 48 + "@system-service" 49 + "~@privileged @resources" 50 + ]; 51 + }; 52 + 53 + in 54 + 55 + { 56 + options.services.tlsrpt = { 57 + enable = mkEnableOption "the TLSRPT services"; 58 + 59 + package = mkPackageOption pkgs "tlsrpt-reporter" { }; 60 + 61 + collectd = { 62 + settings = mkOption { 63 + type = types.submodule { 64 + freeformType = format.type; 65 + options = { 66 + storage = mkOption { 67 + type = types.str; 68 + default = "sqlite:///var/lib/tlsrpt/collectd.sqlite"; 69 + description = '' 70 + Storage backend definition. 71 + ''; 72 + }; 73 + 74 + socketname = mkOption { 75 + type = types.path; 76 + default = "/run/tlsrpt/collectd.sock"; 77 + description = '' 78 + Path at which the UNIX socket will be created. 79 + ''; 80 + }; 81 + 82 + socketmode = mkOption { 83 + type = types.str; 84 + default = "0220"; 85 + description = '' 86 + Permissions on the UNIX socket. 87 + ''; 88 + }; 89 + 90 + log_level = mkOption { 91 + type = types.enum [ 92 + "debug" 93 + "info" 94 + "warning" 95 + "error" 96 + "critical" 97 + ]; 98 + default = "info"; 99 + description = '' 100 + Level of log messages to emit. 101 + ''; 102 + }; 103 + }; 104 + }; 105 + default = { }; 106 + description = '' 107 + Flags from {manpage}`tlsrpt-collectd(1)` as key-value pairs. 108 + ''; 109 + }; 110 + 111 + extraFlags = mkOption { 112 + type = with types; listOf str; 113 + default = [ ]; 114 + description = '' 115 + List of extra flags to pass to the tlsrpt-reportd executable. 116 + 117 + See {manpage}`tlsrpt-collectd(1)` for possible flags. 118 + ''; 119 + }; 120 + 121 + configurePostfix = mkOption { 122 + type = types.bool; 123 + default = true; 124 + description = '' 125 + Whether to modify the local Postfix service to grant access to the collectd socket. 126 + ''; 127 + }; 128 + }; 129 + 130 + fetcher = { 131 + settings = mkOption { 132 + type = types.submodule { 133 + freeformType = format.type; 134 + options = { 135 + storage = mkOption { 136 + type = types.str; 137 + default = config.services.tlsrpt.collectd.settings.storage; 138 + defaultText = lib.literalExpression '' 139 + config.services.tlsrpt.collectd.settings.storage 140 + ''; 141 + description = '' 142 + Path to the collectd sqlite database. 143 + ''; 144 + }; 145 + 146 + log_level = mkOption { 147 + type = types.enum [ 148 + "debug" 149 + "info" 150 + "warning" 151 + "error" 152 + "critical" 153 + ]; 154 + default = "info"; 155 + description = '' 156 + Level of log messages to emit. 157 + ''; 158 + }; 159 + }; 160 + }; 161 + default = { }; 162 + description = '' 163 + Flags from {manpage}`tlsrpt-fetcher(1)` as key-value pairs. 164 + ''; 165 + }; 166 + }; 167 + 168 + reportd = { 169 + settings = mkOption { 170 + type = types.submodule { 171 + freeformType = format.type; 172 + options = { 173 + dbname = mkOption { 174 + type = types.str; 175 + default = "/var/lib/tlsrpt/reportd.sqlite"; 176 + description = '' 177 + Path to the sqlite database. 178 + ''; 179 + }; 180 + 181 + fetchers = mkOption { 182 + type = types.str; 183 + default = lib.getExe' cfg.package "tlsrpt-fetcher"; 184 + defaultText = lib.literalExpression '' 185 + lib.getExe' cfg.package "tlsrpt-fetcher" 186 + ''; 187 + description = '' 188 + Comma-separated list of fetcher programs that retrieve collectd data. 189 + ''; 190 + }; 191 + 192 + log_level = mkOption { 193 + type = types.enum [ 194 + "debug" 195 + "info" 196 + "warning" 197 + "error" 198 + "critical" 199 + ]; 200 + default = "info"; 201 + description = '' 202 + Level of log messages to emit. 203 + ''; 204 + }; 205 + 206 + organization_name = mkOption { 207 + type = types.str; 208 + example = "ACME Corp."; 209 + description = '' 210 + Name of the organization sending out the reports. 211 + ''; 212 + }; 213 + 214 + contact_info = mkOption { 215 + type = types.str; 216 + example = "smtp-tls-reporting@example.com"; 217 + description = '' 218 + Contact information embedded into the reports. 219 + ''; 220 + }; 221 + 222 + sender_address = mkOption { 223 + type = types.str; 224 + example = "noreply@example.com"; 225 + description = '' 226 + Sender address used for reports. 227 + ''; 228 + }; 229 + 230 + sendmail_script = mkOption { 231 + type = with types; nullOr str; 232 + default = if config.services.postfix.enable then "sendmail" else null; 233 + defaultText = lib.literalExpression '' 234 + if any [ config.services.postfix.enable ] then "sendmail" else null 235 + ''; 236 + description = '' 237 + Path to a sendmail-compatible executable for delivery reports. 238 + ''; 239 + }; 240 + }; 241 + }; 242 + default = { }; 243 + description = '' 244 + Flags from {manpage}`tlsrpt-reportd(1)` as key-value pairs. 245 + ''; 246 + }; 247 + 248 + extraFlags = mkOption { 249 + type = with types; listOf str; 250 + default = [ ]; 251 + description = '' 252 + List of extra flags to pass to the tlsrpt-reportd executable. 253 + 254 + See {manpage}`tlsrpt-report(1)` for possible flags. 255 + ''; 256 + }; 257 + }; 258 + }; 259 + 260 + config = mkIf cfg.enable { 261 + environment.etc = { 262 + "tlsrpt/collectd.cfg".source = format.generate "tlsrpt-collectd.cfg" { 263 + tlsrpt_collectd = dropNullValues cfg.collectd.settings; 264 + }; 265 + "tlsrpt/fetcher.cfg".source = format.generate "tlsrpt-fetcher.cfg" { 266 + tlsrpt_fetcher = dropNullValues cfg.fetcher.settings; 267 + }; 268 + "tlsrpt/reportd.cfg".source = format.generate "tlsrpt-reportd.cfg" { 269 + tlsrpt_reportd = dropNullValues cfg.reportd.settings; 270 + }; 271 + }; 272 + 273 + systemd.services.postfix.serviceConfig.SupplementaryGroups = mkIf ( 274 + config.services.postfix.enable && cfg.collectd.configurePostfix 275 + ) [ "tlsrpt" ]; 276 + 277 + systemd.services.tlsrpt-collectd = { 278 + description = "TLSRPT datagram collector"; 279 + documentation = [ "man:tlsrpt-collectd(1)" ]; 280 + 281 + wantedBy = [ "multi-user.target" ]; 282 + 283 + restartTriggers = [ "/etc/tlsrpt/collectd.cfg" ]; 284 + 285 + serviceConfig = commonServiceSettings // { 286 + ExecStart = toString ( 287 + [ 288 + (lib.getExe' cfg.package "tlsrpt-collectd") 289 + ] 290 + ++ cfg.collectd.extraFlags 291 + ); 292 + IPAddressDeny = "any"; 293 + PrivateNetwork = true; 294 + RestrictAddressFamilies = [ "AF_UNIX" ]; 295 + RuntimeDirectory = "tlsrpt"; 296 + RuntimeDirectoryMode = "0750"; 297 + UMask = "0157"; 298 + }; 299 + }; 300 + 301 + systemd.services.tlsrpt-reportd = { 302 + description = "TLSRPT report generator"; 303 + documentation = [ "man:tlsrpt-reportd(1)" ]; 304 + 305 + wantedBy = [ "multi-user.target" ]; 306 + 307 + restartTriggers = [ "/etc/tlsrpt/reportd.cfg" ]; 308 + 309 + serviceConfig = commonServiceSettings // { 310 + ExecStart = toString ( 311 + [ 312 + (lib.getExe' cfg.package "tlsrpt-reportd") 313 + ] 314 + ++ cfg.reportd.extraFlags 315 + ); 316 + RestrictAddressFamilies = [ 317 + "AF_INET" 318 + "AF_INET6" 319 + ]; 320 + UMask = "0077"; 321 + }; 322 + }; 323 + }; 324 + }

+2 -1

nixos/tests/all-tests.nix

··· 1398 1398 tinydns = runTest ./tinydns.nix; 1399 1399 tinyproxy = runTest ./tinyproxy.nix; 1400 1400 tinywl = runTest ./tinywl.nix; 1401 + tlsrpt = runTest ./tlsrpt.nix; 1401 1402 tmate-ssh-server = runTest ./tmate-ssh-server.nix; 1402 1403 tomcat = runTest ./tomcat.nix; 1403 1404 tor = runTest ./tor.nix; ··· 1464 1465 vault-postgresql = runTest ./vault-postgresql.nix; 1465 1466 vaultwarden = discoverTests (import ./vaultwarden.nix); 1466 1467 vdirsyncer = runTest ./vdirsyncer.nix; 1467 - vector = handleTest ./vector { }; 1468 + vector = import ./vector { inherit runTest; }; 1468 1469 velocity = runTest ./velocity.nix; 1469 1470 vengi-tools = runTest ./vengi-tools.nix; 1470 1471 victoriametrics = handleTest ./victoriametrics { };

+41

nixos/tests/tlsrpt.nix

··· 1 + { 2 + pkgs, 3 + ... 4 + }: 5 + 6 + { 7 + name = "tlsrpt"; 8 + 9 + meta = { 10 + inherit (pkgs.tlsrpt-reporter.meta) maintainers; 11 + }; 12 + 13 + nodes.machine = { 14 + services.tlsrpt = { 15 + enable = true; 16 + reportd.settings = { 17 + organization_name = "NixOS Testers United"; 18 + contact_info = "smtp-tls-report@localhost"; 19 + sender_address = "noreply@localhost"; 20 + }; 21 + }; 22 + 23 + # To test the postfix integration 24 + services.postfix.enable = true; 25 + }; 26 + 27 + testScript = '' 28 + machine.wait_for_unit("tlsrpt-collectd.service") 29 + machine.wait_for_unit("tlsrpt-reportd.service") 30 + 31 + machine.wait_for_file("/run/tlsrpt/collectd.sock") 32 + machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd | grep -Pq 'Database .* setup finished'") 33 + machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Database .* setup finished'") 34 + 35 + # Enabling postfix should put sendmail as the sendmail setting 36 + machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg") 37 + machine.succeed("systemctl show --property SupplementaryGroups postfix.service | grep tlsrpt") 38 + 39 + machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service | grep -v ✓")) 40 + ''; 41 + }

+32 -34

nixos/tests/vector/api.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 1 + { lib, pkgs, ... }: 3 2 4 - { 5 - name = "vector-api"; 6 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 3 + { 4 + name = "vector-api"; 5 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 7 6 8 - nodes.machineapi = 9 - { config, pkgs, ... }: 10 - { 11 - services.vector = { 12 - enable = true; 13 - journaldAccess = false; 14 - settings = { 15 - api.enabled = true; 7 + nodes.machineapi = 8 + { config, pkgs, ... }: 9 + { 10 + services.vector = { 11 + enable = true; 12 + journaldAccess = false; 13 + settings = { 14 + api.enabled = true; 16 15 17 - sources = { 18 - demo_logs = { 19 - type = "demo_logs"; 20 - format = "json"; 21 - }; 16 + sources = { 17 + demo_logs = { 18 + type = "demo_logs"; 19 + format = "json"; 22 20 }; 21 + }; 23 22 24 - sinks = { 25 - file = { 26 - type = "file"; 27 - inputs = [ "demo_logs" ]; 28 - path = "/var/lib/vector/logs.log"; 29 - encoding = { 30 - codec = "json"; 31 - }; 23 + sinks = { 24 + file = { 25 + type = "file"; 26 + inputs = [ "demo_logs" ]; 27 + path = "/var/lib/vector/logs.log"; 28 + encoding = { 29 + codec = "json"; 32 30 }; 33 31 }; 34 32 }; 35 33 }; 36 34 }; 35 + }; 37 36 38 - testScript = '' 39 - machineapi.wait_for_unit("vector") 40 - machineapi.wait_for_open_port(8686) 41 - machineapi.succeed("journalctl -o cat -u vector.service | grep 'API server running'") 42 - machineapi.wait_until_succeeds("curl -sSf http://localhost:8686/health") 43 - ''; 44 - } 45 - ) 37 + testScript = '' 38 + machineapi.wait_for_unit("vector") 39 + machineapi.wait_for_open_port(8686) 40 + machineapi.succeed("journalctl -o cat -u vector.service | grep 'API server running'") 41 + machineapi.wait_until_succeeds("curl -sSf http://localhost:8686/health") 42 + ''; 43 + }

+206

nixos/tests/vector/caddy-clickhouse.nix

··· 1 + { lib, pkgs, ... }: 2 + 3 + { 4 + name = "vector-caddy-clickhouse"; 5 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 6 + 7 + nodes = { 8 + caddy = 9 + { config, pkgs, ... }: 10 + { 11 + networking.firewall.allowedTCPPorts = [ 80 ]; 12 + 13 + services.caddy = { 14 + enable = true; 15 + virtualHosts = { 16 + "http://caddy" = { 17 + extraConfig = '' 18 + encode gzip 19 + 20 + file_server 21 + root /srv 22 + ''; 23 + logFormat = " 24 + output file ${config.services.caddy.logDir}/access-caddy.log { 25 + mode 0640 26 + } 27 + "; 28 + }; 29 + }; 30 + }; 31 + 32 + systemd.services.vector.serviceConfig = { 33 + SupplementaryGroups = [ "caddy" ]; 34 + }; 35 + 36 + services.vector = { 37 + enable = true; 38 + 39 + settings = { 40 + sources = { 41 + caddy-log = { 42 + type = "file"; 43 + include = [ "/var/log/caddy/*.log" ]; 44 + }; 45 + }; 46 + 47 + transforms = { 48 + caddy_logs_timestamp = { 49 + type = "remap"; 50 + inputs = [ "caddy-log" ]; 51 + source = '' 52 + .tmp_timestamp, err = parse_json!(.message).ts * 1000000 53 + 54 + if err != null { 55 + log("Unable to parse ts value: " + err, level: "error") 56 + } else { 57 + .timestamp = from_unix_timestamp!(to_int!(.tmp_timestamp), unit: "microseconds") 58 + } 59 + 60 + del(.tmp_timestamp) 61 + ''; 62 + }; 63 + }; 64 + 65 + sinks = { 66 + vector_sink = { 67 + type = "vector"; 68 + inputs = [ "caddy_logs_timestamp" ]; 69 + address = "clickhouse:6000"; 70 + }; 71 + }; 72 + }; 73 + }; 74 + }; 75 + 76 + client = 77 + { config, pkgs, ... }: 78 + { 79 + environment.systemPackages = [ pkgs.curl ]; 80 + }; 81 + 82 + clickhouse = 83 + { config, pkgs, ... }: 84 + { 85 + virtualisation.memorySize = 4096; 86 + 87 + networking.firewall.allowedTCPPorts = [ 6000 ]; 88 + 89 + services.vector = { 90 + enable = true; 91 + 92 + settings = { 93 + sources = { 94 + vector_source = { 95 + type = "vector"; 96 + address = "[::]:6000"; 97 + }; 98 + }; 99 + 100 + sinks = { 101 + clickhouse = { 102 + type = "clickhouse"; 103 + inputs = [ 104 + "vector_source" 105 + ]; 106 + endpoint = "http://localhost:8123"; 107 + database = "caddy"; 108 + table = "access_logs"; 109 + date_time_best_effort = true; 110 + skip_unknown_fields = true; 111 + }; 112 + }; 113 + }; 114 + 115 + }; 116 + 117 + services.clickhouse = { 118 + enable = true; 119 + }; 120 + }; 121 + }; 122 + 123 + testScript = 124 + let 125 + # work around quote/substitution complexity by Nix, Perl, bash and SQL. 126 + databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS caddy"; 127 + 128 + tableDDL = pkgs.writeText "table.sql" '' 129 + CREATE TABLE IF NOT EXISTS caddy.access_logs ( 130 + timestamp DateTime64(6), 131 + host LowCardinality(String), 132 + message String, 133 + ) 134 + ENGINE = MergeTree() 135 + ORDER BY timestamp 136 + PARTITION BY toYYYYMM(timestamp) 137 + ''; 138 + 139 + tableViewBase = pkgs.writeText "table-view-base.sql" '' 140 + CREATE TABLE IF NOT EXISTS caddy.access_logs_view_base ( 141 + timestamp DateTime64(6), 142 + host LowCardinality(String), 143 + request JSON, 144 + status UInt16, 145 + ) 146 + ENGINE = MergeTree() 147 + ORDER BY timestamp 148 + PARTITION BY toYYYYMM(timestamp) 149 + ''; 150 + 151 + tableView = pkgs.writeText "table-view.sql" '' 152 + CREATE MATERIALIZED VIEW IF NOT EXISTS caddy.access_logs_view TO caddy.access_logs_view_base 153 + AS SELECT 154 + timestamp, 155 + host, 156 + simpleJSONExtractRaw(message, 'request') AS request, 157 + simpleJSONExtractRaw(message, 'status') AS status 158 + FROM caddy.access_logs; 159 + ''; 160 + 161 + selectQuery = pkgs.writeText "select.sql" '' 162 + SELECT 163 + timestamp, 164 + request.host, 165 + request.remote_ip, 166 + request.proto, 167 + request.method, 168 + request.uri, 169 + status 170 + FROM caddy.access_logs_view_base 171 + WHERE request.uri LIKE '%test-uri%' 172 + FORMAT Pretty 173 + ''; 174 + in 175 + '' 176 + clickhouse.wait_for_unit("clickhouse") 177 + clickhouse.wait_for_unit("vector") 178 + clickhouse.wait_for_open_port(6000) 179 + clickhouse.wait_for_open_port(8123) 180 + 181 + clickhouse.succeed( 182 + "cat ${databaseDDL} | clickhouse-client", 183 + "cat ${tableDDL} | clickhouse-client", 184 + "cat ${tableViewBase} | clickhouse-client", 185 + "cat ${tableView} | clickhouse-client", 186 + ) 187 + 188 + caddy.wait_for_unit("caddy") 189 + caddy.wait_for_open_port(80) 190 + caddy.wait_for_unit("vector") 191 + caddy.wait_until_succeeds( 192 + "journalctl -o cat -u vector.service | grep 'Vector has started'" 193 + ) 194 + 195 + client.systemctl("start network-online.target") 196 + client.wait_until_succeeds("curl http://caddy/test-uri") 197 + 198 + caddy.wait_until_succeeds( 199 + "journalctl -o cat -u vector.service | grep 'Found new file to watch. file=/var/log/caddy/access-caddy.log'" 200 + ) 201 + 202 + clickhouse.wait_until_succeeds( 203 + "cat ${selectQuery} | clickhouse-client | grep test-uri" 204 + ) 205 + ''; 206 + }

+8 -11

nixos/tests/vector/default.nix

··· 1 - { 2 - system ? builtins.currentSystem, 3 - config ? { }, 4 - pkgs ? import ../../.. { inherit system config; }, 5 - }: 1 + { runTest }: 6 2 7 3 { 8 - file-sink = import ./file-sink.nix { inherit system pkgs; }; 9 - api = import ./api.nix { inherit system pkgs; }; 10 - dnstap = import ./dnstap.nix { inherit system pkgs; }; 11 - journald-clickhouse = import ./journald-clickhouse.nix { inherit system pkgs; }; 12 - nginx-clickhouse = import ./nginx-clickhouse.nix { inherit system pkgs; }; 13 - syslog-quickwit = import ./syslog-quickwit.nix { inherit system pkgs; }; 4 + file-sink = runTest ./file-sink.nix; 5 + api = runTest ./api.nix; 6 + caddy-clickhouse = runTest ./caddy-clickhouse.nix; 7 + dnstap = runTest ./dnstap.nix; 8 + journald-clickhouse = runTest ./journald-clickhouse.nix; 9 + nginx-clickhouse = runTest ./nginx-clickhouse.nix; 10 + syslog-quickwit = runTest ./syslog-quickwit.nix; 14 11 }

+187 -80

nixos/tests/vector/dnstap.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 1 + { lib, pkgs, ... }: 3 2 4 - let 5 - dnstapSocket = "/var/run/vector/dnstap.sock"; 6 - in 7 - { 8 - name = "vector-dnstap"; 9 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 3 + let 4 + dnstapSocket = "/var/run/vector/dnstap.sock"; 5 + in 6 + { 7 + name = "vector-dnstap"; 8 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 10 9 11 - nodes = { 12 - unbound = 13 - { config, pkgs, ... }: 14 - { 15 - networking.firewall.allowedUDPPorts = [ 53 ]; 10 + nodes = { 11 + clickhouse = 12 + { config, pkgs, ... }: 13 + { 14 + networking.firewall.allowedTCPPorts = [ 6000 ]; 16 15 17 - services.vector = { 18 - enable = true; 16 + services.vector = { 17 + enable = true; 19 18 20 - settings = { 21 - sources = { 22 - dnstap = { 23 - type = "dnstap"; 24 - multithreaded = true; 25 - mode = "unix"; 26 - lowercase_hostnames = true; 27 - socket_file_mode = 504; 28 - socket_path = "${dnstapSocket}"; 29 - }; 19 + settings = { 20 + sources = { 21 + vector_dnstap_source = { 22 + type = "vector"; 23 + address = "[::]:6000"; 30 24 }; 25 + }; 31 26 32 - sinks = { 33 - file = { 34 - type = "file"; 35 - inputs = [ "dnstap" ]; 36 - path = "/var/lib/vector/logs.log"; 37 - encoding = { 38 - codec = "json"; 39 - }; 40 - }; 27 + sinks = { 28 + clickhouse = { 29 + type = "clickhouse"; 30 + inputs = [ 31 + "vector_dnstap_source" 32 + ]; 33 + endpoint = "http://localhost:8123"; 34 + database = "dnstap"; 35 + table = "records"; 36 + date_time_best_effort = true; 41 37 }; 42 38 }; 43 39 }; 40 + }; 44 41 45 - systemd.services.vector.serviceConfig = { 46 - RuntimeDirectory = "vector"; 47 - RuntimeDirectoryMode = "0770"; 48 - }; 42 + services.clickhouse.enable = true; 43 + }; 49 44 50 - services.unbound = { 51 - enable = true; 52 - enableRootTrustAnchor = false; 53 - package = pkgs.unbound-full; 54 - settings = { 55 - server = { 56 - interface = [ 57 - "0.0.0.0" 58 - "::" 59 - ]; 60 - access-control = [ 61 - "192.168.0.0/24 allow" 62 - "::/0 allow" 63 - ]; 45 + unbound = 46 + { config, pkgs, ... }: 47 + { 48 + networking.firewall.allowedUDPPorts = [ 53 ]; 49 + 50 + services.vector = { 51 + enable = true; 64 52 65 - domain-insecure = "local"; 66 - private-domain = "local"; 53 + settings = { 54 + sources = { 55 + dnstap = { 56 + type = "dnstap"; 57 + multithreaded = true; 58 + mode = "unix"; 59 + lowercase_hostnames = true; 60 + socket_file_mode = 504; 61 + socket_path = "${dnstapSocket}"; 62 + }; 63 + }; 67 64 68 - local-zone = "local. static"; 69 - local-data = [ 70 - ''"test.local. 10800 IN A 192.168.123.5"'' 71 - ]; 65 + sinks = { 66 + file = { 67 + type = "file"; 68 + inputs = [ "dnstap" ]; 69 + path = "/var/lib/vector/logs.log"; 70 + encoding = { 71 + codec = "json"; 72 + }; 72 73 }; 73 74 74 - dnstap = { 75 - dnstap-enable = "yes"; 76 - dnstap-socket-path = "${dnstapSocket}"; 77 - dnstap-send-identity = "yes"; 78 - dnstap-send-version = "yes"; 79 - dnstap-log-client-query-messages = "yes"; 80 - dnstap-log-client-response-messages = "yes"; 75 + vector_dnstap_sink = { 76 + type = "vector"; 77 + inputs = [ "dnstap" ]; 78 + address = "clickhouse:6000"; 81 79 }; 82 80 }; 83 81 }; 82 + }; 83 + 84 + systemd.services.vector.serviceConfig = { 85 + RuntimeDirectory = "vector"; 86 + RuntimeDirectoryMode = "0770"; 87 + }; 84 88 85 - systemd.services.unbound = { 86 - after = [ "vector.service" ]; 87 - wants = [ "vector.service" ]; 88 - serviceConfig = { 89 - # DNSTAP access 90 - ReadWritePaths = [ "/var/run/vector" ]; 91 - SupplementaryGroups = [ "vector" ]; 89 + services.unbound = { 90 + enable = true; 91 + enableRootTrustAnchor = false; 92 + package = pkgs.unbound-full; 93 + settings = { 94 + server = { 95 + interface = [ 96 + "0.0.0.0" 97 + "::" 98 + ]; 99 + access-control = [ 100 + "192.168.0.0/24 allow" 101 + "::/0 allow" 102 + ]; 103 + 104 + domain-insecure = "local"; 105 + private-domain = "local"; 106 + 107 + local-zone = "local. static"; 108 + local-data = [ 109 + ''"test.local. 10800 IN A 192.168.123.5"'' 110 + ]; 111 + }; 112 + 113 + dnstap = { 114 + dnstap-enable = "yes"; 115 + dnstap-socket-path = "${dnstapSocket}"; 116 + dnstap-send-identity = "yes"; 117 + dnstap-send-version = "yes"; 118 + dnstap-log-client-query-messages = "yes"; 119 + dnstap-log-client-response-messages = "yes"; 92 120 }; 93 121 }; 94 122 }; 95 123 96 - dnsclient = 97 - { config, pkgs, ... }: 98 - { 99 - environment.systemPackages = [ pkgs.dig ]; 124 + systemd.services.unbound = { 125 + after = [ "vector.service" ]; 126 + wants = [ "vector.service" ]; 127 + serviceConfig = { 128 + # DNSTAP access 129 + ReadWritePaths = [ "/var/run/vector" ]; 130 + SupplementaryGroups = [ "vector" ]; 131 + }; 100 132 }; 101 - }; 133 + }; 134 + 135 + dnsclient = 136 + { config, pkgs, ... }: 137 + { 138 + environment.systemPackages = [ pkgs.dig ]; 139 + }; 140 + }; 141 + 142 + testScript = 143 + let 144 + # work around quote/substitution complexity by Nix, Perl, bash and SQL. 145 + databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS dnstap"; 146 + 147 + tableDDL = pkgs.writeText "table.sql" '' 148 + CREATE TABLE IF NOT EXISTS dnstap.records ( 149 + timestamp DateTime64(6), 150 + dataType LowCardinality(String), 151 + dataTypeId UInt8, 152 + messageType LowCardinality(String), 153 + messageTypeId UInt8, 154 + requestData Nullable(JSON), 155 + responseData Nullable(JSON), 156 + responsePort UInt16, 157 + serverId LowCardinality(String), 158 + serverVersion LowCardinality(String), 159 + socketFamily LowCardinality(String), 160 + socketProtocol LowCardinality(String), 161 + sourceAddress String, 162 + sourcePort UInt16, 163 + ) 164 + ENGINE = MergeTree() 165 + ORDER BY (serverId, timestamp) 166 + PARTITION BY toYYYYMM(timestamp) 167 + ''; 102 168 103 - testScript = '' 169 + tableView = pkgs.writeText "view.sql" '' 170 + CREATE MATERIALIZED VIEW dnstap.domains_view ( 171 + timestamp DateTime64(6), 172 + serverId LowCardinality(String), 173 + domain String, 174 + record_type LowCardinality(String) 175 + ) 176 + ENGINE = MergeTree() 177 + PARTITION BY toYYYYMM(timestamp) 178 + ORDER BY (serverId, timestamp) 179 + POPULATE AS 180 + SELECT 181 + timestamp, 182 + serverId, 183 + JSONExtractString(requestData.question[1]::String, 'domainName') as domain, 184 + JSONExtractString(requestData.question[1]::String, 'questionType') as record_type 185 + FROM dnstap.records 186 + WHERE messageTypeId = 5 # ClientQuery 187 + ''; 188 + 189 + selectQuery = pkgs.writeText "select.sql" '' 190 + SELECT 191 + domain, 192 + count(domain) 193 + FROM dnstap.domains_view 194 + GROUP BY domain 195 + ''; 196 + in 197 + '' 198 + clickhouse.wait_for_unit("clickhouse") 199 + clickhouse.wait_for_open_port(6000) 200 + clickhouse.wait_for_open_port(8123) 201 + 202 + clickhouse.succeed( 203 + "cat ${databaseDDL} | clickhouse-client", 204 + "cat ${tableDDL} | clickhouse-client", 205 + "cat ${tableView} | clickhouse-client", 206 + ) 207 + 104 208 unbound.wait_for_unit("unbound") 105 209 unbound.wait_for_unit("vector") 106 210 ··· 128 232 unbound.wait_until_succeeds( 129 233 "grep ClientResponse /var/lib/vector/logs.log | grep '\"domainName\":\"test.local.\"' | grep '\"rData\":\"192.168.123.5\"'" 130 234 ) 235 + 236 + clickhouse.log(clickhouse.wait_until_succeeds( 237 + "cat ${selectQuery} | clickhouse-client | grep 'test.local.'" 238 + )) 131 239 ''; 132 - } 133 - ) 240 + }

+44 -46

nixos/tests/vector/file-sink.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 1 + { lib, pkgs, ... }: 3 2 4 - { 5 - name = "vector-test1"; 6 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 3 + { 4 + name = "vector-test1"; 5 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 7 6 8 - nodes.machine = 9 - { config, pkgs, ... }: 10 - { 11 - services.vector = { 12 - enable = true; 13 - journaldAccess = true; 14 - settings = { 15 - sources = { 16 - journald.type = "journald"; 7 + nodes.machine = 8 + { config, pkgs, ... }: 9 + { 10 + services.vector = { 11 + enable = true; 12 + journaldAccess = true; 13 + settings = { 14 + sources = { 15 + journald.type = "journald"; 17 16 18 - vector_metrics.type = "internal_metrics"; 17 + vector_metrics.type = "internal_metrics"; 19 18 20 - vector_logs.type = "internal_logs"; 21 - }; 19 + vector_logs.type = "internal_logs"; 20 + }; 22 21 23 - sinks = { 24 - file = { 25 - type = "file"; 26 - inputs = [ 27 - "journald" 28 - "vector_logs" 29 - ]; 30 - path = "/var/lib/vector/logs.log"; 31 - encoding = { 32 - codec = "json"; 33 - }; 22 + sinks = { 23 + file = { 24 + type = "file"; 25 + inputs = [ 26 + "journald" 27 + "vector_logs" 28 + ]; 29 + path = "/var/lib/vector/logs.log"; 30 + encoding = { 31 + codec = "json"; 34 32 }; 33 + }; 35 34 36 - prometheus_exporter = { 37 - type = "prometheus_exporter"; 38 - inputs = [ "vector_metrics" ]; 39 - address = "[::]:9598"; 40 - }; 35 + prometheus_exporter = { 36 + type = "prometheus_exporter"; 37 + inputs = [ "vector_metrics" ]; 38 + address = "[::]:9598"; 41 39 }; 42 40 }; 43 41 }; 44 42 }; 43 + }; 45 44 46 - # ensure vector is forwarding the messages appropriately 47 - testScript = '' 48 - machine.wait_for_unit("vector.service") 49 - machine.wait_for_open_port(9598) 50 - machine.wait_until_succeeds("journalctl -o cat -u vector.service | grep 'version=\"${pkgs.vector.version}\"'") 51 - machine.wait_until_succeeds("journalctl -o cat -u vector.service | grep 'API is disabled'") 52 - machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_build_info") 53 - machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_component_received_bytes_total | grep journald") 54 - machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_utilization | grep prometheus_exporter") 55 - machine.wait_for_file("/var/lib/vector/logs.log") 56 - ''; 57 - } 58 - ) 45 + # ensure vector is forwarding the messages appropriately 46 + testScript = '' 47 + machine.wait_for_unit("vector.service") 48 + machine.wait_for_open_port(9598) 49 + machine.wait_until_succeeds("journalctl -o cat -u vector.service | grep 'version=\"${pkgs.vector.version}\"'") 50 + machine.wait_until_succeeds("journalctl -o cat -u vector.service | grep 'API is disabled'") 51 + machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_build_info") 52 + machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_component_received_bytes_total | grep journald") 53 + machine.wait_until_succeeds("curl -sSf http://localhost:9598/metrics | grep vector_utilization | grep prometheus_exporter") 54 + machine.wait_for_file("/var/lib/vector/logs.log") 55 + ''; 56 + }

+125 -127

nixos/tests/vector/journald-clickhouse.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 3 - let 4 - # Take the original journald message and create a new payload which only 5 - # contains the relevant fields - these must match the database columns. 6 - journalVrlRemapTransform = { 7 - journald_remap = { 8 - inputs = [ "journald" ]; 9 - type = "remap"; 10 - source = '' 11 - m = {} 12 - m.app = .SYSLOG_IDENTIFIER 13 - m.host = .host 14 - m.severity = to_int(.PRIORITY) ?? 0 15 - m.level = to_syslog_level(m.severity) ?? "" 16 - m.message = strip_ansi_escape_codes!(.message) 17 - m.timestamp = .timestamp 18 - m.uid = to_int(._UID) ?? 0 19 - m.pid = to_int(._PID) ?? 0 20 - . = [m] 21 - ''; 22 - }; 1 + { lib, pkgs, ... }: 2 + let 3 + # Take the original journald message and create a new payload which only 4 + # contains the relevant fields - these must match the database columns. 5 + journalVrlRemapTransform = { 6 + journald_remap = { 7 + inputs = [ "journald" ]; 8 + type = "remap"; 9 + source = '' 10 + m = {} 11 + m.app = .SYSLOG_IDENTIFIER 12 + m.host = .host 13 + m.severity = to_int(.PRIORITY) ?? 0 14 + m.level = to_syslog_level(m.severity) ?? "" 15 + m.message = strip_ansi_escape_codes!(.message) 16 + m.timestamp = .timestamp 17 + m.uid = to_int(._UID) ?? 0 18 + m.pid = to_int(._PID) ?? 0 19 + . = [m] 20 + ''; 23 21 }; 24 - in 25 - { 26 - name = "vector-journald-clickhouse"; 27 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 22 + }; 23 + in 24 + { 25 + name = "vector-journald-clickhouse"; 26 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 28 27 29 - nodes = { 30 - clickhouse = 31 - { config, pkgs, ... }: 32 - { 33 - virtualisation.diskSize = 5 * 1024; 34 - virtualisation.memorySize = 4096; 28 + nodes = { 29 + clickhouse = 30 + { config, pkgs, ... }: 31 + { 32 + virtualisation.diskSize = 5 * 1024; 33 + virtualisation.memorySize = 4096; 35 34 36 - networking.firewall.allowedTCPPorts = [ 6000 ]; 35 + networking.firewall.allowedTCPPorts = [ 6000 ]; 37 36 38 - services.vector = { 39 - enable = true; 40 - journaldAccess = true; 37 + services.vector = { 38 + enable = true; 39 + journaldAccess = true; 41 40 42 - settings = { 43 - sources = { 44 - journald = { 45 - type = "journald"; 46 - }; 41 + settings = { 42 + sources = { 43 + journald = { 44 + type = "journald"; 45 + }; 47 46 48 - vector_source = { 49 - type = "vector"; 50 - address = "[::]:6000"; 51 - }; 47 + vector_source = { 48 + type = "vector"; 49 + address = "[::]:6000"; 52 50 }; 51 + }; 53 52 54 - transforms = journalVrlRemapTransform; 53 + transforms = journalVrlRemapTransform; 55 54 56 - sinks = { 57 - clickhouse = { 58 - type = "clickhouse"; 59 - inputs = [ 60 - "journald_remap" 61 - "vector_source" 62 - ]; 63 - endpoint = "http://localhost:8123"; 64 - database = "journald"; 65 - table = "logs"; 66 - date_time_best_effort = true; 67 - }; 55 + sinks = { 56 + clickhouse = { 57 + type = "clickhouse"; 58 + inputs = [ 59 + "journald_remap" 60 + "vector_source" 61 + ]; 62 + endpoint = "http://localhost:8123"; 63 + database = "journald"; 64 + table = "logs"; 65 + date_time_best_effort = true; 68 66 }; 69 67 }; 70 - 71 68 }; 72 69 73 - services.clickhouse = { 74 - enable = true; 75 - }; 76 70 }; 77 71 78 - vector = 79 - { config, pkgs, ... }: 80 - { 81 - services.vector = { 82 - enable = true; 83 - journaldAccess = true; 72 + services.clickhouse = { 73 + enable = true; 74 + }; 75 + }; 84 76 85 - settings = { 86 - sources = { 87 - journald = { 88 - type = "journald"; 89 - }; 77 + vector = 78 + { config, pkgs, ... }: 79 + { 80 + services.vector = { 81 + enable = true; 82 + journaldAccess = true; 83 + 84 + settings = { 85 + sources = { 86 + journald = { 87 + type = "journald"; 90 88 }; 89 + }; 91 90 92 - transforms = journalVrlRemapTransform; 91 + transforms = journalVrlRemapTransform; 93 92 94 - sinks = { 95 - vector_sink = { 96 - type = "vector"; 97 - inputs = [ "journald_remap" ]; 98 - address = "clickhouse:6000"; 99 - }; 93 + sinks = { 94 + vector_sink = { 95 + type = "vector"; 96 + inputs = [ "journald_remap" ]; 97 + address = "clickhouse:6000"; 100 98 }; 101 99 }; 102 100 }; 103 101 }; 104 - }; 105 - 106 - testScript = 107 - let 108 - # work around quote/substitution complexity by Nix, Perl, bash and SQL. 109 - databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS journald"; 102 + }; 103 + }; 110 104 111 - # https://clickhouse.com/blog/storing-log-data-in-clickhouse-fluent-bit-vector-open-telemetry 112 - tableDDL = pkgs.writeText "table.sql" '' 113 - CREATE TABLE IF NOT EXISTS journald.logs ( 114 - timestamp DateTime64(6), 115 - app LowCardinality(String), 116 - host LowCardinality(String), 117 - level LowCardinality(String), 118 - severity UInt8, 119 - message String, 120 - uid UInt16, 121 - pid UInt32, 122 - ) 123 - ENGINE = MergeTree() 124 - ORDER BY (host, app, timestamp) 125 - PARTITION BY toYYYYMM(timestamp) 126 - ''; 127 - 128 - selectQuery = pkgs.writeText "select.sql" '' 129 - SELECT COUNT(host) FROM journald.logs 130 - WHERE message LIKE '%Vector has started%' 131 - ''; 132 - in 133 - '' 134 - clickhouse.wait_for_unit("clickhouse") 135 - clickhouse.wait_for_open_port(6000) 136 - clickhouse.wait_for_open_port(8123) 105 + testScript = 106 + let 107 + # work around quote/substitution complexity by Nix, Perl, bash and SQL. 108 + databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS journald"; 137 109 138 - clickhouse.succeed( 139 - "cat ${databaseDDL} | clickhouse-client" 110 + # https://clickhouse.com/blog/storing-log-data-in-clickhouse-fluent-bit-vector-open-telemetry 111 + tableDDL = pkgs.writeText "table.sql" '' 112 + CREATE TABLE IF NOT EXISTS journald.logs ( 113 + timestamp DateTime64(6), 114 + app LowCardinality(String), 115 + host LowCardinality(String), 116 + level LowCardinality(String), 117 + severity UInt8, 118 + message String, 119 + uid UInt16, 120 + pid UInt32, 140 121 ) 122 + ENGINE = MergeTree() 123 + ORDER BY (host, app, timestamp) 124 + PARTITION BY toYYYYMM(timestamp) 125 + ''; 141 126 142 - clickhouse.succeed( 143 - "cat ${tableDDL} | clickhouse-client" 144 - ) 127 + selectQuery = pkgs.writeText "select.sql" '' 128 + SELECT COUNT(host) FROM journald.logs 129 + WHERE message LIKE '%Vector has started%' 130 + ''; 131 + in 132 + '' 133 + clickhouse.wait_for_unit("clickhouse") 134 + clickhouse.wait_for_open_port(6000) 135 + clickhouse.wait_for_open_port(8123) 145 136 146 - for machine in clickhouse, vector: 147 - machine.wait_for_unit("vector") 148 - machine.wait_until_succeeds( 149 - "journalctl -o cat -u vector.service | grep 'Vector has started'" 150 - ) 137 + clickhouse.succeed( 138 + "cat ${databaseDDL} | clickhouse-client" 139 + ) 140 + 141 + clickhouse.succeed( 142 + "cat ${tableDDL} | clickhouse-client" 143 + ) 151 144 152 - clickhouse.wait_until_succeeds( 153 - "cat ${selectQuery} | clickhouse-client | grep 2" 145 + for machine in clickhouse, vector: 146 + machine.wait_for_unit("vector") 147 + machine.wait_until_succeeds( 148 + "journalctl -o cat -u vector.service | grep 'Vector has started'" 154 149 ) 155 - ''; 156 - } 157 - ) 150 + 151 + clickhouse.wait_until_succeeds( 152 + "cat ${selectQuery} | clickhouse-client | grep 2" 153 + ) 154 + ''; 155 + }

+138 -140

nixos/tests/vector/nginx-clickhouse.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 1 + { lib, pkgs, ... }: 3 2 4 - { 5 - name = "vector-nginx-clickhouse"; 6 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 3 + { 4 + name = "vector-nginx-clickhouse"; 5 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 7 6 8 - nodes = { 9 - clickhouse = 10 - { config, pkgs, ... }: 11 - { 12 - virtualisation.memorySize = 4096; 7 + nodes = { 8 + clickhouse = 9 + { config, pkgs, ... }: 10 + { 11 + virtualisation.memorySize = 4096; 13 12 14 - # Clickhouse module can't listen on a non-loopback IP. 15 - networking.firewall.allowedTCPPorts = [ 6000 ]; 16 - services.clickhouse.enable = true; 13 + # Clickhouse module can't listen on a non-loopback IP. 14 + networking.firewall.allowedTCPPorts = [ 6000 ]; 15 + services.clickhouse.enable = true; 17 16 18 - # Exercise Vector sink->source for now. 19 - services.vector = { 20 - enable = true; 17 + # Exercise Vector sink->source for now. 18 + services.vector = { 19 + enable = true; 21 20 22 - settings = { 23 - sources = { 24 - vector_source = { 25 - type = "vector"; 26 - address = "[::]:6000"; 27 - }; 21 + settings = { 22 + sources = { 23 + vector_source = { 24 + type = "vector"; 25 + address = "[::]:6000"; 28 26 }; 27 + }; 29 28 30 - sinks = { 31 - clickhouse = { 32 - type = "clickhouse"; 33 - inputs = [ "vector_source" ]; 34 - endpoint = "http://localhost:8123"; 35 - database = "nginxdb"; 36 - table = "access_logs"; 37 - skip_unknown_fields = true; 38 - }; 29 + sinks = { 30 + clickhouse = { 31 + type = "clickhouse"; 32 + inputs = [ "vector_source" ]; 33 + endpoint = "http://localhost:8123"; 34 + database = "nginxdb"; 35 + table = "access_logs"; 36 + skip_unknown_fields = true; 39 37 }; 40 38 }; 41 39 }; 42 40 }; 41 + }; 43 42 44 - nginx = 45 - { config, pkgs, ... }: 46 - { 47 - services.nginx = { 48 - enable = true; 49 - virtualHosts.localhost = { }; 50 - }; 43 + nginx = 44 + { config, pkgs, ... }: 45 + { 46 + services.nginx = { 47 + enable = true; 48 + virtualHosts.localhost = { }; 49 + }; 51 50 52 - services.vector = { 53 - enable = true; 51 + services.vector = { 52 + enable = true; 54 53 55 - settings = { 56 - sources = { 57 - nginx_logs = { 58 - type = "file"; 59 - include = [ "/var/log/nginx/access.log" ]; 60 - read_from = "end"; 61 - }; 54 + settings = { 55 + sources = { 56 + nginx_logs = { 57 + type = "file"; 58 + include = [ "/var/log/nginx/access.log" ]; 59 + read_from = "end"; 62 60 }; 61 + }; 63 62 64 - sinks = { 65 - vector_sink = { 66 - type = "vector"; 67 - inputs = [ "nginx_logs" ]; 68 - address = "clickhouse:6000"; 69 - }; 63 + sinks = { 64 + vector_sink = { 65 + type = "vector"; 66 + inputs = [ "nginx_logs" ]; 67 + address = "clickhouse:6000"; 70 68 }; 71 69 }; 72 70 }; 71 + }; 73 72 74 - systemd.services.vector.serviceConfig = { 75 - SupplementaryGroups = [ "nginx" ]; 76 - }; 73 + systemd.services.vector.serviceConfig = { 74 + SupplementaryGroups = [ "nginx" ]; 77 75 }; 78 - }; 76 + }; 77 + }; 79 78 80 - testScript = 81 - let 82 - # work around quote/substitution complexity by Nix, Perl, bash and SQL. 83 - databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS nginxdb"; 79 + testScript = 80 + let 81 + # work around quote/substitution complexity by Nix, Perl, bash and SQL. 82 + databaseDDL = pkgs.writeText "database.sql" "CREATE DATABASE IF NOT EXISTS nginxdb"; 84 83 85 - tableDDL = pkgs.writeText "table.sql" '' 86 - CREATE TABLE IF NOT EXISTS nginxdb.access_logs ( 87 - message String 88 - ) 89 - ENGINE = MergeTree() 90 - ORDER BY tuple() 91 - ''; 84 + tableDDL = pkgs.writeText "table.sql" '' 85 + CREATE TABLE IF NOT EXISTS nginxdb.access_logs ( 86 + message String 87 + ) 88 + ENGINE = MergeTree() 89 + ORDER BY tuple() 90 + ''; 92 91 93 - # Graciously taken from https://clickhouse.com/docs/en/integrations/vector 94 - tableView = pkgs.writeText "table-view.sql" '' 95 - CREATE MATERIALIZED VIEW nginxdb.access_logs_view 96 - ( 97 - RemoteAddr String, 98 - Client String, 99 - RemoteUser String, 100 - TimeLocal DateTime, 101 - RequestMethod String, 102 - Request String, 103 - HttpVersion String, 104 - Status Int32, 105 - BytesSent Int64, 106 - UserAgent String 107 - ) 108 - ENGINE = MergeTree() 109 - ORDER BY RemoteAddr 110 - POPULATE AS 111 - WITH 112 - splitByWhitespace(message) as split, 113 - splitByRegexp('\S \d+ "([^"]*)"', message) as referer 114 - SELECT 115 - split[1] AS RemoteAddr, 116 - split[2] AS Client, 117 - split[3] AS RemoteUser, 118 - parseDateTimeBestEffort(replaceOne(trim(LEADING '[' FROM split[4]), ':', ' ')) AS TimeLocal, 119 - trim(LEADING '"' FROM split[6]) AS RequestMethod, 120 - split[7] AS Request, 121 - trim(TRAILING '"' FROM split[8]) AS HttpVersion, 122 - split[9] AS Status, 123 - split[10] AS BytesSent, 124 - trim(BOTH '"' from referer[2]) AS UserAgent 125 - FROM 126 - (SELECT message FROM nginxdb.access_logs) 127 - ''; 92 + # Graciously taken from https://clickhouse.com/docs/en/integrations/vector 93 + tableView = pkgs.writeText "table-view.sql" '' 94 + CREATE MATERIALIZED VIEW nginxdb.access_logs_view 95 + ( 96 + RemoteAddr String, 97 + Client String, 98 + RemoteUser String, 99 + TimeLocal DateTime, 100 + RequestMethod String, 101 + Request String, 102 + HttpVersion String, 103 + Status Int32, 104 + BytesSent Int64, 105 + UserAgent String 106 + ) 107 + ENGINE = MergeTree() 108 + ORDER BY RemoteAddr 109 + POPULATE AS 110 + WITH 111 + splitByWhitespace(message) as split, 112 + splitByRegexp('\S \d+ "([^"]*)"', message) as referer 113 + SELECT 114 + split[1] AS RemoteAddr, 115 + split[2] AS Client, 116 + split[3] AS RemoteUser, 117 + parseDateTimeBestEffort(replaceOne(trim(LEADING '[' FROM split[4]), ':', ' ')) AS TimeLocal, 118 + trim(LEADING '"' FROM split[6]) AS RequestMethod, 119 + split[7] AS Request, 120 + trim(TRAILING '"' FROM split[8]) AS HttpVersion, 121 + split[9] AS Status, 122 + split[10] AS BytesSent, 123 + trim(BOTH '"' from referer[2]) AS UserAgent 124 + FROM 125 + (SELECT message FROM nginxdb.access_logs) 126 + ''; 128 127 129 - selectQuery = pkgs.writeText "select.sql" "SELECT * from nginxdb.access_logs_view"; 130 - in 131 - '' 132 - clickhouse.wait_for_unit("clickhouse") 133 - clickhouse.wait_for_open_port(8123) 128 + selectQuery = pkgs.writeText "select.sql" "SELECT * from nginxdb.access_logs_view"; 129 + in 130 + '' 131 + clickhouse.wait_for_unit("clickhouse") 132 + clickhouse.wait_for_open_port(8123) 134 133 135 - clickhouse.wait_until_succeeds( 136 - "journalctl -o cat -u clickhouse.service | grep 'Started ClickHouse server'" 137 - ) 134 + clickhouse.wait_until_succeeds( 135 + "journalctl -o cat -u clickhouse.service | grep 'Started ClickHouse server'" 136 + ) 138 137 139 - clickhouse.wait_for_unit("vector") 140 - clickhouse.wait_for_open_port(6000) 138 + clickhouse.wait_for_unit("vector") 139 + clickhouse.wait_for_open_port(6000) 141 140 142 - clickhouse.succeed( 143 - "cat ${databaseDDL} | clickhouse-client" 144 - ) 141 + clickhouse.succeed( 142 + "cat ${databaseDDL} | clickhouse-client" 143 + ) 145 144 146 - clickhouse.succeed( 147 - "cat ${tableDDL} | clickhouse-client" 148 - ) 145 + clickhouse.succeed( 146 + "cat ${tableDDL} | clickhouse-client" 147 + ) 149 148 150 - clickhouse.succeed( 151 - "cat ${tableView} | clickhouse-client" 152 - ) 149 + clickhouse.succeed( 150 + "cat ${tableView} | clickhouse-client" 151 + ) 153 152 154 - nginx.wait_for_unit("nginx") 155 - nginx.wait_for_open_port(80) 156 - nginx.wait_for_unit("vector") 157 - nginx.wait_until_succeeds( 158 - "journalctl -o cat -u vector.service | grep 'Starting file server'" 159 - ) 153 + nginx.wait_for_unit("nginx") 154 + nginx.wait_for_open_port(80) 155 + nginx.wait_for_unit("vector") 156 + nginx.wait_until_succeeds( 157 + "journalctl -o cat -u vector.service | grep 'Starting file server'" 158 + ) 160 159 161 - nginx.succeed("curl http://localhost/") 162 - nginx.succeed("curl http://localhost/") 160 + nginx.succeed("curl http://localhost/") 161 + nginx.succeed("curl http://localhost/") 163 162 164 - nginx.wait_for_file("/var/log/nginx/access.log") 165 - nginx.wait_until_succeeds( 166 - "journalctl -o cat -u vector.service | grep 'Found new file to watch. file=/var/log/nginx/access.log'" 167 - ) 163 + nginx.wait_for_file("/var/log/nginx/access.log") 164 + nginx.wait_until_succeeds( 165 + "journalctl -o cat -u vector.service | grep 'Found new file to watch. file=/var/log/nginx/access.log'" 166 + ) 168 167 169 - clickhouse.wait_until_succeeds( 170 - "cat ${selectQuery} | clickhouse-client | grep 'curl'" 171 - ) 172 - ''; 173 - } 174 - ) 168 + clickhouse.wait_until_succeeds( 169 + "cat ${selectQuery} | clickhouse-client | grep 'curl'" 170 + ) 171 + ''; 172 + }

+129 -131

nixos/tests/vector/syslog-quickwit.nix

··· 1 - import ../make-test-python.nix ( 2 - { lib, pkgs, ... }: 1 + { lib, pkgs, ... }: 3 2 4 - # Based on https://quickwit.io/docs/log-management/send-logs/using-vector 3 + # Based on https://quickwit.io/docs/log-management/send-logs/using-vector 5 4 6 - { 7 - name = "vector-syslog-quickwit"; 8 - meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 5 + { 6 + name = "vector-syslog-quickwit"; 7 + meta.maintainers = [ pkgs.lib.maintainers.happysalada ]; 9 8 10 - nodes = { 11 - quickwit = 12 - { config, pkgs, ... }: 13 - { 14 - environment.systemPackages = [ pkgs.jq ]; 9 + nodes = { 10 + quickwit = 11 + { config, pkgs, ... }: 12 + { 13 + environment.systemPackages = [ pkgs.jq ]; 15 14 16 - networking.firewall.allowedTCPPorts = [ 7280 ]; 15 + networking.firewall.allowedTCPPorts = [ 7280 ]; 17 16 18 - services.quickwit = { 19 - enable = true; 20 - settings = { 21 - listen_address = "::"; 22 - }; 17 + services.quickwit = { 18 + enable = true; 19 + settings = { 20 + listen_address = "::"; 23 21 }; 24 22 }; 23 + }; 25 24 26 - syslog = 27 - { config, pkgs, ... }: 28 - { 29 - services.vector = { 30 - enable = true; 25 + syslog = 26 + { config, pkgs, ... }: 27 + { 28 + services.vector = { 29 + enable = true; 31 30 32 - settings = { 33 - sources = { 34 - generate_syslog = { 35 - type = "demo_logs"; 36 - format = "syslog"; 37 - interval = 0.5; 38 - }; 31 + settings = { 32 + sources = { 33 + generate_syslog = { 34 + type = "demo_logs"; 35 + format = "syslog"; 36 + interval = 0.5; 39 37 }; 38 + }; 40 39 41 - transforms = { 42 - remap_syslog = { 43 - inputs = [ "generate_syslog" ]; 44 - type = "remap"; 45 - source = '' 46 - structured = parse_syslog!(.message) 47 - .timestamp_nanos = to_unix_timestamp!(structured.timestamp, unit: "nanoseconds") 48 - .body = structured 49 - .service_name = structured.appname 50 - .resource_attributes.source_type = .source_type 51 - .resource_attributes.host.hostname = structured.hostname 52 - .resource_attributes.service.name = structured.appname 53 - .attributes.syslog.procid = structured.procid 54 - .attributes.syslog.facility = structured.facility 55 - .attributes.syslog.version = structured.version 56 - .severity_text = if includes(["emerg", "err", "crit", "alert"], structured.severity) { 57 - "ERROR" 58 - } else if structured.severity == "warning" { 59 - "WARN" 60 - } else if structured.severity == "debug" { 61 - "DEBUG" 62 - } else if includes(["info", "notice"], structured.severity) { 63 - "INFO" 64 - } else { 65 - structured.severity 66 - } 67 - .scope_name = structured.msgid 68 - del(.message) 69 - del(.host) 70 - del(.timestamp) 71 - del(.service) 72 - del(.source_type) 73 - ''; 74 - }; 40 + transforms = { 41 + remap_syslog = { 42 + inputs = [ "generate_syslog" ]; 43 + type = "remap"; 44 + source = '' 45 + structured = parse_syslog!(.message) 46 + .timestamp_nanos = to_unix_timestamp!(structured.timestamp, unit: "nanoseconds") 47 + .body = structured 48 + .service_name = structured.appname 49 + .resource_attributes.source_type = .source_type 50 + .resource_attributes.host.hostname = structured.hostname 51 + .resource_attributes.service.name = structured.appname 52 + .attributes.syslog.procid = structured.procid 53 + .attributes.syslog.facility = structured.facility 54 + .attributes.syslog.version = structured.version 55 + .severity_text = if includes(["emerg", "err", "crit", "alert"], structured.severity) { 56 + "ERROR" 57 + } else if structured.severity == "warning" { 58 + "WARN" 59 + } else if structured.severity == "debug" { 60 + "DEBUG" 61 + } else if includes(["info", "notice"], structured.severity) { 62 + "INFO" 63 + } else { 64 + structured.severity 65 + } 66 + .scope_name = structured.msgid 67 + del(.message) 68 + del(.host) 69 + del(.timestamp) 70 + del(.service) 71 + del(.source_type) 72 + ''; 75 73 }; 74 + }; 76 75 77 - sinks = { 78 - #emit_syslog = { 79 - # inputs = ["remap_syslog"]; 80 - # type = "console"; 81 - # encoding.codec = "json"; 82 - #}; 83 - quickwit_logs = { 84 - type = "http"; 85 - method = "post"; 86 - inputs = [ "remap_syslog" ]; 87 - encoding.codec = "json"; 88 - framing.method = "newline_delimited"; 89 - uri = "http://quickwit:7280/api/v1/otel-logs-v0_7/ingest"; 90 - }; 76 + sinks = { 77 + #emit_syslog = { 78 + # inputs = ["remap_syslog"]; 79 + # type = "console"; 80 + # encoding.codec = "json"; 81 + #}; 82 + quickwit_logs = { 83 + type = "http"; 84 + method = "post"; 85 + inputs = [ "remap_syslog" ]; 86 + encoding.codec = "json"; 87 + framing.method = "newline_delimited"; 88 + uri = "http://quickwit:7280/api/v1/otel-logs-v0_7/ingest"; 91 89 }; 92 90 }; 93 91 }; 94 92 }; 95 - }; 93 + }; 94 + }; 96 95 97 - testScript = 98 - let 99 - aggregationQuery = pkgs.writeText "aggregation-query.json" '' 100 - { 101 - "query": "*", 102 - "max_hits": 0, 103 - "aggs": { 104 - "count_per_minute": { 105 - "histogram": { 106 - "field": "timestamp_nanos", 107 - "interval": 60000000 108 - }, 109 - "aggs": { 110 - "severity_text_count": { 111 - "terms": { 112 - "field": "severity_text" 113 - } 96 + testScript = 97 + let 98 + aggregationQuery = pkgs.writeText "aggregation-query.json" '' 99 + { 100 + "query": "*", 101 + "max_hits": 0, 102 + "aggs": { 103 + "count_per_minute": { 104 + "histogram": { 105 + "field": "timestamp_nanos", 106 + "interval": 60000000 107 + }, 108 + "aggs": { 109 + "severity_text_count": { 110 + "terms": { 111 + "field": "severity_text" 114 112 } 115 113 } 116 114 } 117 115 } 118 116 } 119 - ''; 120 - in 121 - '' 122 - quickwit.wait_for_unit("quickwit") 123 - quickwit.wait_for_open_port(7280) 124 - quickwit.wait_for_open_port(7281) 117 + } 118 + ''; 119 + in 120 + '' 121 + quickwit.wait_for_unit("quickwit") 122 + quickwit.wait_for_open_port(7280) 123 + quickwit.wait_for_open_port(7281) 125 124 126 - quickwit.wait_until_succeeds( 127 - "journalctl -o cat -u quickwit.service | grep 'transitioned to ready state'" 128 - ) 125 + quickwit.wait_until_succeeds( 126 + "journalctl -o cat -u quickwit.service | grep 'transitioned to ready state'" 127 + ) 129 128 130 - syslog.wait_for_unit("vector") 131 - syslog.wait_until_succeeds( 132 - "journalctl -o cat -u vector.service | grep 'Vector has started'" 133 - ) 129 + syslog.wait_for_unit("vector") 130 + syslog.wait_until_succeeds( 131 + "journalctl -o cat -u vector.service | grep 'Vector has started'" 132 + ) 134 133 135 - quickwit.wait_until_succeeds( 136 - "journalctl -o cat -u quickwit.service | grep 'publish-new-splits'" 137 - ) 134 + quickwit.wait_until_succeeds( 135 + "journalctl -o cat -u quickwit.service | grep 'publish-new-splits'" 136 + ) 138 137 139 - # Wait for logs to be generated 140 - # Test below aggregates by the minute 141 - syslog.sleep(60 * 2) 138 + # Wait for logs to be generated 139 + # Test below aggregates by the minute 140 + syslog.sleep(60 * 2) 142 141 143 - quickwit.wait_until_succeeds( 144 - "curl -sSf -XGET http://127.0.0.1:7280/api/v1/otel-logs-v0_7/search?query=severity_text:ERROR |" 145 - + " jq '.num_hits' | grep -v '0'" 146 - ) 142 + quickwit.wait_until_succeeds( 143 + "curl -sSf -XGET http://127.0.0.1:7280/api/v1/otel-logs-v0_7/search?query=severity_text:ERROR |" 144 + + " jq '.num_hits' | grep -v '0'" 145 + ) 147 146 148 - quickwit.wait_until_succeeds( 149 - "journalctl -o cat -u quickwit.service | grep 'SearchRequest'" 150 - ) 147 + quickwit.wait_until_succeeds( 148 + "journalctl -o cat -u quickwit.service | grep 'SearchRequest'" 149 + ) 151 150 152 - quickwit.wait_until_succeeds( 153 - "curl -sSf -XPOST -H 'Content-Type: application/json' http://127.0.0.1:7280/api/v1/otel-logs-v0_7/search --data @${aggregationQuery} |" 154 - + " jq '.num_hits' | grep -v '0'" 155 - ) 151 + quickwit.wait_until_succeeds( 152 + "curl -sSf -XPOST -H 'Content-Type: application/json' http://127.0.0.1:7280/api/v1/otel-logs-v0_7/search --data @${aggregationQuery} |" 153 + + " jq '.num_hits' | grep -v '0'" 154 + ) 156 155 157 - quickwit.wait_until_succeeds( 158 - "journalctl -o cat -u quickwit.service | grep 'count_per_minute'" 159 - ) 160 - ''; 161 - } 162 - ) 156 + quickwit.wait_until_succeeds( 157 + "journalctl -o cat -u quickwit.service | grep 'count_per_minute'" 158 + ) 159 + ''; 160 + }

+5 -5

pkgs/applications/editors/vscode/extensions/charliermarsh.ruff/default.nix

··· 12 12 sources = { 13 13 "x86_64-linux" = { 14 14 arch = "linux-x64"; 15 - hash = "sha256-lGV/Zc4pibm7sTVtN4UYzuroxNgUltaUT9oJPaa5S8Q="; 15 + hash = "sha256-+EiBEYZpJYjUMvVcNgs5pdXr1g8FB1ha2bKy29OPcSM="; 16 16 }; 17 17 "x86_64-darwin" = { 18 18 arch = "darwin-x64"; 19 - hash = "sha256-h1cvTJ9VUHOL27F9twdbLTSzLb+NUhqrbaScoKF5jZ4="; 19 + hash = "sha256-ijy/ZVhVU1/ZrS1Fu3vuiThcjLuKSqf3lrgl8is54Co="; 20 20 }; 21 21 "aarch64-linux" = { 22 22 arch = "linux-arm64"; 23 - hash = "sha256-Ca9DGjQDT5BbJUL7FtU3dS6Zb7C2Blxr69l5HpZR4ZQ="; 23 + hash = "sha256-mpUV/xN98Xi3B7ujotXK9T6xEfZWsQuWtvuPyufxfoY="; 24 24 }; 25 25 "aarch64-darwin" = { 26 26 arch = "darwin-arm64"; 27 - hash = "sha256-8Qay/ynixASQ8FFyAYjBeGcjBKQGXucGlOndOYa1Fn8="; 27 + hash = "sha256-YaNMN7887v3tFccoPBz7hVhpGbGtbys7e5D5GCBIe20="; 28 28 }; 29 29 }; 30 30 in 31 31 { 32 32 name = "ruff"; 33 33 publisher = "charliermarsh"; 34 - version = "2025.22.0"; 34 + version = "2025.24.0"; 35 35 } 36 36 // sources.${stdenvNoCC.hostPlatform.system} 37 37 or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

+10 -10

pkgs/applications/networking/browsers/chromium/info.json

··· 1 1 { 2 2 "chromium": { 3 - "version": "137.0.7151.103", 3 + "version": "137.0.7151.119", 4 4 "chromedriver": { 5 - "version": "137.0.7151.104", 6 - "hash_darwin": "sha256-K7kixWvPmTX35LB6whyHetvtaGxCBYoyr30LozPjQxI=", 7 - "hash_darwin_aarch64": "sha256-57cLYzeZi1jKTBQcsSP0JD2RJDIl9RVQSGdY6cz3J68=" 5 + "version": "137.0.7151.120", 6 + "hash_darwin": "sha256-3NECoMlK57ZlCUPra20rJrZcx9FnMWvTXlcdksn8FUc=", 7 + "hash_darwin_aarch64": "sha256-P1trGStKjTD/h+avjAXE5N6nqvAra9RDsSvrR/pTRUA=" 8 8 }, 9 9 "deps": { 10 10 "depot_tools": { ··· 20 20 "DEPS": { 21 21 "src": { 22 22 "url": "https://chromium.googlesource.com/chromium/src.git", 23 - "rev": "3dcc738117a3439068c9773ccd31f9858923fc4a", 24 - "hash": "sha256-MIEjHLpfKIBiTFh+bO+NUf6iDpizTP9yfXQqbHfiDwo=", 23 + "rev": "e0ac9d12dff5f2d33c935958b06bf1ded7f1c08c", 24 + "hash": "sha256-+3C2n/7bbIOpXGvBrFnSMNlgLVRMoPtOF14CDROVClI=", 25 25 "recompress": true 26 26 }, 27 27 "src/third_party/clang-format/script": { ··· 241 241 }, 242 242 "src/third_party/devtools-frontend/src": { 243 243 "url": "https://chromium.googlesource.com/devtools/devtools-frontend", 244 - "rev": "e423961606946be24c8c1ec0d1ec91511efbabc5", 245 - "hash": "sha256-MhooXuF6aw+ixPzvVCBl+6T+79cTReCYx86qqXAZ6bg=" 244 + "rev": "afc8e923a37090445d6d97ca23fea49d9eb7b9cf", 245 + "hash": "sha256-io0J6tt0RXumjjSklZyJpALV5IikPbROd40xcrX4iBs=" 246 246 }, 247 247 "src/third_party/dom_distiller_js/dist": { 248 248 "url": "https://chromium.googlesource.com/chromium/dom-distiller/dist.git", ··· 791 791 }, 792 792 "src/v8": { 793 793 "url": "https://chromium.googlesource.com/v8/v8.git", 794 - "rev": "41f53aba7095888c959932bd8f2ee8b4e16af223", 795 - "hash": "sha256-ICrdvHA6fe2CUphRgPdlofazr0L+NFypWDNOI5e5QIM=" 794 + "rev": "075234cf3d7622d9d588a6f748fc4501aa23080c", 795 + "hash": "sha256-wrLxRuJ3rq1yC0PIUGPsuDB/YNee1x3J/i6ZSLk70HM=" 796 796 } 797 797 } 798 798 },

+11

pkgs/by-name/au/autokuma/no-doctest.patch

··· 1 + diff --git a/kuma-client/Cargo.toml b/kuma-client/Cargo.toml 2 + index 144be59..017e1de 100644 3 + --- a/kuma-client/Cargo.toml 4 + +++ b/kuma-client/Cargo.toml 5 + @@ -1,3 +1,6 @@ 6 + +[lib] 7 + +doctest = false 8 + + 9 + [package] 10 + name = "kuma-client" 11 + description = "Rust wrapper for the Uptime Kuma Socket.IO API"

+39

pkgs/by-name/au/autokuma/package.nix

··· 1 + { 2 + lib, 3 + fetchFromGitHub, 4 + rustPlatform, 5 + pkg-config, 6 + openssl, 7 + }: 8 + 9 + rustPlatform.buildRustPackage (finalAttrs: { 10 + pname = "autokuma"; 11 + version = "1.0.0"; 12 + 13 + src = fetchFromGitHub { 14 + owner = "BigBoot"; 15 + repo = "AutoKuma"; 16 + tag = "v${finalAttrs.version}"; 17 + hash = "sha256-o1W0ssR4cjzx9VWg3qS2RhJEe4y4Ez/Y+4yRgXs6q0Y="; 18 + }; 19 + 20 + cargoHash = "sha256-nu37qOv34nZ4pkxX7mu4zoLJFZWw3QCPQDS7SMKhqVw="; 21 + 22 + patches = [ ./no-doctest.patch ]; 23 + 24 + nativeBuildInputs = [ pkg-config ]; 25 + buildInputs = [ openssl ]; 26 + 27 + postInstall = '' 28 + mv $out/bin/crdgen $out/bin/autokuma-crdgen 29 + ''; 30 + 31 + meta = { 32 + description = "Utility that automates the creation of Uptime Kuma monitors"; 33 + homepage = "https://github.com/BigBoot/AutoKuma"; 34 + mainProgram = "autokuma"; 35 + license = lib.licenses.mit; 36 + platforms = lib.platforms.linux; 37 + maintainers = with lib.maintainers; [ hougo ]; 38 + }; 39 + })

+3 -3

pkgs/by-name/ho/hot-resize/package.nix

··· 19 19 20 20 rustPlatform.buildRustPackage (finalAttrs: { 21 21 pname = "hot-resize"; 22 - version = "0.1.3"; 22 + version = "0.1.4"; 23 23 24 24 src = fetchFromGitHub { 25 25 owner = "liberodark"; 26 26 repo = "hot-resize"; 27 27 tag = "v${finalAttrs.version}"; 28 - hash = "sha256-5mh09ZYNpuWVJ2g9p8C6Ad4k132UWjudBhTb3HfoFRc="; 28 + hash = "sha256-JB1U7mL3rkrsekmKt+0J1nnbtnlk/typIIfz3E+1moc="; 29 29 }; 30 30 31 31 useFetchCargoVendor = true; 32 - cargoHash = "sha256-kUWyL36BC1+4FjujVxeguB0VvBtIN32QpuNYV6wjC5s="; 32 + cargoHash = "sha256-+POAqB0msStix5KNqVwy8ckLEQ/rUsD52BtyetuKt2I="; 33 33 34 34 nativeBuildInputs = [ 35 35 pkg-config

+3 -3

pkgs/by-name/jj/jjui/package.nix

··· 6 6 }: 7 7 buildGoModule (finalAttrs: { 8 8 pname = "jjui"; 9 - version = "0.8.10"; 9 + version = "0.8.11"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "idursun"; 13 13 repo = "jjui"; 14 14 tag = "v${finalAttrs.version}"; 15 - hash = "sha256-pDK2ZjnhSlLepOdr7QEnj2+0vMvL2LPaWw1miA1oMSA="; 15 + hash = "sha256-MBW0hjwyR0jguCWNnXiqZL0xa+vV9f2Ojfb2/61o9KY="; 16 16 }; 17 17 18 - vendorHash = "sha256-YlOK+NvyH/3uvvFcCZixv2+Y2m26TP8+ohUSdl3ppro="; 18 + vendorHash = "sha256-2nUU5rrVWBk+9ljC+OiAVLcRnWghPPfpvq5yoNSRdVk="; 19 19 20 20 passthru.updateScript = nix-update-script { }; 21 21

+2 -2

pkgs/by-name/ne/newcomputermodern/package.nix

··· 8 8 9 9 stdenvNoCC.mkDerivation (finalAttrs: { 10 10 pname = "newcomputermodern"; 11 - version = "7.0.2"; 11 + version = "7.0.3"; 12 12 13 13 src = fetchgit { 14 14 url = "https://git.gnu.org.ua/newcm.git"; 15 15 rev = finalAttrs.version; 16 - hash = "sha256-J2k3gbQgmb+hsIYQi+kCccejrNccHryuC140rNwNPTQ="; 16 + hash = "sha256-sMjzM0nRcMxgJax3ecJ/a5YB3mH7+7RWbNkdhU+V7dU="; 17 17 }; 18 18 19 19 nativeBuildInputs = [ fontforge ];

+2 -2

pkgs/by-name/no/nom/package.nix

··· 5 5 }: 6 6 buildGoModule rec { 7 7 pname = "nom"; 8 - version = "2.8.2"; 8 + version = "2.10.0"; 9 9 10 10 src = fetchFromGitHub { 11 11 owner = "guyfedwards"; 12 12 repo = "nom"; 13 13 tag = "v${version}"; 14 - hash = "sha256-SkmY3eFEAC4EJtFpe6FwRmECIZJa/Oyb1yov75ySSH0="; 14 + hash = "sha256-F1lKBfDufotQjVNJ1yMosRl1UlGMBlYCTHXdCzeVflg="; 15 15 }; 16 16 17 17 vendorHash = "sha256-d5KTDZKfuzv84oMgmsjJoXGO5XYLVKxOB5XehqgRvYw=";

-150

pkgs/by-name/ox/oxide-rs/0001-use-crates-io-over-git-dependencies.patch

··· 1 - diff --git a/Cargo.lock b/Cargo.lock 2 - index c0d18e4..45686a0 100644 3 - --- a/Cargo.lock 4 - +++ b/Cargo.lock 5 - @@ -1514,7 +1514,7 @@ dependencies = [ 6 - "httpdate", 7 - "itoa", 8 - "pin-project-lite", 9 - - "socket2 0.5.7", 10 - + "socket2 0.4.10", 11 - "tokio", 12 - "tower-service", 13 - "tracing", 14 - @@ -2240,7 +2240,7 @@ version = "5.0.0-rc.1" 15 - source = "registry+https://github.com/rust-lang/crates.io-index" 16 - checksum = "23d385da3c602d29036d2f70beed71c36604df7570be17fed4c5b839616785bf" 17 - dependencies = [ 18 - - "base64 0.22.1", 19 - + "base64 0.21.7", 20 - "chrono", 21 - "getrandom", 22 - "http 1.1.0", 23 - @@ -2354,7 +2354,7 @@ dependencies = [ 24 - "clap", 25 - "dirs", 26 - "futures", 27 - - "progenitor-client 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", 28 - + "progenitor-client", 29 - "rand", 30 - "regress", 31 - "reqwest", 32 - @@ -2684,9 +2684,10 @@ dependencies = [ 33 - [[package]] 34 - name = "progenitor" 35 - version = "0.8.0" 36 - -source = "git+https://github.com/oxidecomputer/progenitor#04da1197662209339ae8dd3768a0157c65ff5d67" 37 - +source = "registry+https://github.com/rust-lang/crates.io-index" 38 - +checksum = "293df5b79211fbf0c1ebad6513ba451d267e9c15f5f19ee5d3da775e2dd27331" 39 - dependencies = [ 40 - - "progenitor-client 0.8.0 (git+https://github.com/oxidecomputer/progenitor)", 41 - + "progenitor-client", 42 - "progenitor-impl", 43 - "progenitor-macro", 44 - ] 45 - @@ -2706,24 +2707,11 @@ dependencies = [ 46 - "serde_urlencoded", 47 - ] 48 - 49 - -[[package]] 50 - -name = "progenitor-client" 51 - -version = "0.8.0" 52 - -source = "git+https://github.com/oxidecomputer/progenitor#04da1197662209339ae8dd3768a0157c65ff5d67" 53 - -dependencies = [ 54 - - "bytes", 55 - - "futures-core", 56 - - "percent-encoding", 57 - - "reqwest", 58 - - "serde", 59 - - "serde_json", 60 - - "serde_urlencoded", 61 - -] 62 - - 63 - [[package]] 64 - name = "progenitor-impl" 65 - version = "0.8.0" 66 - -source = "git+https://github.com/oxidecomputer/progenitor#04da1197662209339ae8dd3768a0157c65ff5d67" 67 - +source = "registry+https://github.com/rust-lang/crates.io-index" 68 - +checksum = "d85934a440963a69f9f04f48507ff6e7aa2952a5b2d8f96cc37fa3dd5c270f66" 69 - dependencies = [ 70 - "heck", 71 - "http 1.1.0", 72 - @@ -2736,7 +2724,7 @@ dependencies = [ 73 - "serde", 74 - "serde_json", 75 - "syn", 76 - - "thiserror 2.0.6", 77 - + "thiserror 1.0.69", 78 - "typify", 79 - "unicode-ident", 80 - ] 81 - @@ -2744,7 +2732,8 @@ dependencies = [ 82 - [[package]] 83 - name = "progenitor-macro" 84 - version = "0.8.0" 85 - -source = "git+https://github.com/oxidecomputer/progenitor#04da1197662209339ae8dd3768a0157c65ff5d67" 86 - +source = "registry+https://github.com/rust-lang/crates.io-index" 87 - +checksum = "d99a5a259e2d65a4933054aa51717c70b6aba0522695731ac354a522124efc9b" 88 - dependencies = [ 89 - "openapiv3", 90 - "proc-macro2", 91 - @@ -4069,7 +4058,8 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" 92 - [[package]] 93 - name = "typify" 94 - version = "0.2.0" 95 - -source = "git+https://github.com/oxidecomputer/typify#f3e0cc9d6a5cee617a636136b99db650817bcbde" 96 - +source = "registry+https://github.com/rust-lang/crates.io-index" 97 - +checksum = "b4c644dda9862f0fef3a570d8ddb3c2cfb1d5ac824a1f2ddfa7bc8f071a5ad8a" 98 - dependencies = [ 99 - "typify-impl", 100 - "typify-macro", 101 - @@ -4078,7 +4068,8 @@ dependencies = [ 102 - [[package]] 103 - name = "typify-impl" 104 - version = "0.2.0" 105 - -source = "git+https://github.com/oxidecomputer/typify#f3e0cc9d6a5cee617a636136b99db650817bcbde" 106 - +source = "registry+https://github.com/rust-lang/crates.io-index" 107 - +checksum = "d59ab345b6c0d8ae9500b9ff334a4c7c0d316c1c628dc55726b95887eb8dbd11" 108 - dependencies = [ 109 - "heck", 110 - "log", 111 - @@ -4090,14 +4081,15 @@ dependencies = [ 112 - "serde", 113 - "serde_json", 114 - "syn", 115 - - "thiserror 2.0.6", 116 - + "thiserror 1.0.69", 117 - "unicode-ident", 118 - ] 119 - 120 - [[package]] 121 - name = "typify-macro" 122 - version = "0.2.0" 123 - -source = "git+https://github.com/oxidecomputer/typify#f3e0cc9d6a5cee617a636136b99db650817bcbde" 124 - +source = "registry+https://github.com/rust-lang/crates.io-index" 125 - +checksum = "785e2cdcef0df8160fdd762ed548a637aaec1e83704fdbc14da0df66013ee8d0" 126 - dependencies = [ 127 - "proc-macro2", 128 - "quote", 129 - @@ -4413,7 +4405,7 @@ version = "0.1.9" 130 - source = "registry+https://github.com/rust-lang/crates.io-index" 131 - checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" 132 - dependencies = [ 133 - - "windows-sys 0.59.0", 134 - + "windows-sys 0.48.0", 135 - ] 136 - 137 - [[package]] 138 - diff --git a/Cargo.toml b/Cargo.toml 139 - index 8ef28ff..15739d7 100644 140 - --- a/Cargo.toml 141 - +++ b/Cargo.toml 142 - @@ -40,7 +40,7 @@ oxide-httpmock = { path = "sdk-httpmock", version = "0.9.0" } 143 - oxnet = { git = "https://github.com/oxidecomputer/oxnet" } 144 - predicates = "3.1.2" 145 - pretty_assertions = "1.4.1" 146 - -progenitor = { git = "https://github.com/oxidecomputer/progenitor" } 147 - +progenitor = "0.8.0" 148 - progenitor-client = "0.8.0" 149 - rand = "0.8.5" 150 - ratatui = "0.26.3"

+15 -11

pkgs/by-name/ox/oxide-rs/package.nix

··· 11 11 12 12 rustPlatform.buildRustPackage rec { 13 13 pname = "oxide-rs"; 14 - version = "0.9.0+20241204.0.0"; 14 + version = "0.12.0+20250604.0.0"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "oxidecomputer"; 18 18 repo = "oxide.rs"; 19 19 rev = "v${version}"; 20 - hash = "sha256-NtTXpXDYazcXilQNW455UDkqMCFzFPvTUkbEBQsWIDo="; 21 - # leaveDotGit is necessary because `build.rs` expects git information which 22 - # is used to write a `built.rs` file which is read by the CLI application 23 - # to display version information. 24 - leaveDotGit = true; 20 + hash = "sha256-XtN/ZRaVrw4pB82cCmWijjTMZzte7VlUzx5BaCq2mCc="; 25 21 }; 26 22 27 - useFetchCargoVendor = true; 28 - cargoHash = "sha256-We5yNF8gtHWAUAead0uc99FIoMcicDWdGbTzPgpiFyY="; 23 + patches = [ 24 + # original patch: https://git.iliana.fyi/nixos-configs/tree/packages/oxide-git-version.patch?id=0e4dc0d21def9084e2c6c1e20f3da08c31590945 25 + ./rm-built-ref-head-lookup.patch 26 + ./rm-commit-hash-in-version-output.patch 27 + ]; 29 28 30 - cargoPatches = [ 31 - ./0001-use-crates-io-over-git-dependencies.patch 29 + checkFlags = [ 30 + # skip since output check includes git commit hash 31 + "--skip=cmd_version::version_success" 32 + # skip due to failure with loopback on debug 33 + "--skip=test_cmd_auth_debug_logging" 32 34 ]; 33 35 36 + useFetchCargoVendor = true; 37 + cargoHash = "sha256-b3RYPjkKgmcE70wSYl5Lu2uMS2gALxRSbLoKzXisUx4="; 38 + 34 39 cargoBuildFlags = [ 35 40 "--package=oxide-cli" 36 - "--package=xtask" 37 41 ]; 38 42 39 43 cargoTestFlags = [

+17

pkgs/by-name/ox/oxide-rs/rm-built-ref-head-lookup.patch

··· 1 + diff --git a/cli/build.rs b/cli/build.rs 2 + index adba6cf..a7a2a53 100644 3 + --- a/cli/build.rs 4 + +++ b/cli/build.rs 5 + @@ -5,12 +5,5 @@ 6 + // Copyright 2023 Oxide Computer Company 7 + 8 + fn main() { 9 + - let src = std::env::var("CARGO_MANIFEST_DIR").unwrap(); 10 + - match built::util::get_repo_head(src.as_ref()) { 11 + - Ok(Some((_branch, _commit, _commit_short))) => (), 12 + - Ok(None) => panic!("Error: Build script could not find git commit information"), 13 + - Err(e) => panic!("Build script error: {}", e), 14 + - }; 15 + - 16 + built::write_built_file().expect("Failed to acquire build-time information"); 17 + }

+21

pkgs/by-name/ox/oxide-rs/rm-commit-hash-in-version-output.patch

··· 1 + diff --git a/cli/src/cmd_version.rs b/cli/src/cmd_version.rs 2 + index 72153fb..1add398 100644 3 + --- a/cli/src/cmd_version.rs 4 + +++ b/cli/src/cmd_version.rs 5 + @@ -30,16 +30,6 @@ impl RunnableCmd for CmdVersion { 6 + 7 + println_nopipe!("Oxide CLI {}", cli_version); 8 + 9 + - println_nopipe!( 10 + - "Built from commit: {} {}", 11 + - built_info::GIT_COMMIT_HASH.unwrap(), 12 + - if matches!(built_info::GIT_DIRTY, Some(true)) { 13 + - "(dirty)" 14 + - } else { 15 + - "" 16 + - } 17 + - ); 18 + - 19 + println_nopipe!("Oxide API: {}", api_version); 20 + 21 + Ok(())

+3 -3

pkgs/by-name/pa/particle-cli/package.nix

··· 8 8 9 9 buildNpmPackage (finalAttrs: { 10 10 pname = "particle-cli"; 11 - version = "3.36.1"; 11 + version = "3.36.2"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "particle-iot"; 15 15 repo = "particle-cli"; 16 16 tag = "v${finalAttrs.version}"; 17 - hash = "sha256-7u0RXoUBu/aJSBVSdmheIPvQ6b6Vji2KZ2t3sNhh3kY="; 17 + hash = "sha256-KLcQmbIuhp71dpJttKA0tWAn2Qf+zl6njBypFkaLmzE="; 18 18 }; 19 19 20 - npmDepsHash = "sha256-0yLu3iyHQwWId+EAXu4dlCNHvuFZeEts2r5Y+FpHPQI="; 20 + npmDepsHash = "sha256-oQch+7hH+URMI15YOA3iz4FVPwckJ3K/DOC1PfrA2dU="; 21 21 22 22 buildInputs = [ 23 23 udev

+2 -2

pkgs/by-name/pl/plasma-panel-colorizer/package.nix

··· 9 9 10 10 stdenv.mkDerivation (finalAttrs: { 11 11 pname = "plasma-panel-colorizer"; 12 - version = "4.3.0"; 12 + version = "4.3.1"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "luisbocanegra"; 16 16 repo = "plasma-panel-colorizer"; 17 17 tag = "v${finalAttrs.version}"; 18 - hash = "sha256-B0aP49udYTV/zfEdZS4uvkGG4wZUScqTVn9+d5SYCEQ="; 18 + hash = "sha256-1vDFFQKuEwfOnYCEDvGBRCVS4m36vuAd/bpimkI4suM="; 19 19 }; 20 20 21 21 nativeBuildInputs = [

+63

pkgs/by-name/py/pyroscope/package.nix

··· 1 + { 2 + stdenv, 3 + buildGoModule, 4 + lib, 5 + fetchFromGitHub, 6 + versionCheckHook, 7 + installShellFiles, 8 + nix-update-script, 9 + ... 10 + }: 11 + 12 + buildGoModule (finalAttrs: { 13 + pname = "pyroscope"; 14 + version = "1.13.4"; 15 + 16 + src = fetchFromGitHub { 17 + owner = "grafana"; 18 + repo = "pyroscope"; 19 + rev = "v1.13.4"; 20 + hash = "sha256-nyb91BO4zzJl3AG/ojBO+q7WiicZYmOtztW6FTlQHMM="; 21 + }; 22 + 23 + vendorHash = "sha256-GZMoXsoE3pL0T3tkWY7i1f9sGy5uVDqeurCvBteqV9A="; 24 + proxyVendor = true; 25 + 26 + subPackages = [ 27 + "cmd/pyroscope" 28 + "cmd/profilecli" 29 + ]; 30 + 31 + ldflags = [ 32 + "-X=github.com/grafana/pyroscope/pkg/util/build.Branch=${finalAttrs.src.rev}" 33 + "-X=github.com/grafana/pyroscope/pkg/util/build.Version=${finalAttrs.version}" 34 + "-X=github.com/grafana/pyroscope/pkg/util/build.Revision=${finalAttrs.src.rev}" 35 + "-X=github.com/grafana/pyroscope/pkg/util/build.BuildDate=1970-01-01T00:00:00Z" 36 + ]; 37 + 38 + # We're overriding the version in 'ldFlags', so we should check that the 39 + # derivation 'version' string is found in 'pyroscope --version'. 40 + nativeInstallCheckInputs = [ versionCheckHook ]; 41 + doInstallCheck = true; 42 + versionCheckProgram = "${placeholder "out"}/bin/${finalAttrs.meta.mainProgram}"; 43 + versionCheckProgramArg = "--version"; 44 + 45 + nativeBuildInputs = [ installShellFiles ]; 46 + postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' 47 + installShellCompletion --cmd pyroscope \ 48 + --bash <($out/bin/pyroscope completion bash) \ 49 + --fish <($out/bin/pyroscope completion fish) \ 50 + --zsh <($out/bin/pyroscope completion zsh) 51 + ''; 52 + 53 + passthru.updateScript = nix-update-script { }; 54 + 55 + meta = { 56 + description = "Continuous profiling platform; debug performance issues down to a single line of code"; 57 + homepage = "https://github.com/grafana/pyroscope"; 58 + changelog = "https://github.com/grafana/pyroscope/blob/${finalAttrs.src.rev}/CHANGELOG.md"; 59 + license = lib.licenses.agpl3Only; 60 + maintainers = [ lib.teams.mercury ]; 61 + mainProgram = "pyroscope"; 62 + }; 63 + })

+2 -2

pkgs/by-name/si/simdutf/package.nix

··· 8 8 9 9 stdenv.mkDerivation (finalAttrs: { 10 10 pname = "simdutf"; 11 - version = "7.3.0"; 11 + version = "7.3.1"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "simdutf"; 15 15 repo = "simdutf"; 16 16 rev = "v${finalAttrs.version}"; 17 - hash = "sha256-P1Ryi0LdibqrHfBjq2lLBMQfB0WjLA69K3SwK/apFZM="; 17 + hash = "sha256-U53FYlojKc3Q/GIC5TtfYmJMrB+NlPhSwIjNlp/5ZvI="; 18 18 }; 19 19 20 20 # Fix build on darwin

+3 -3

pkgs/by-name/ta/taproot-assets/package.nix

··· 6 6 7 7 buildGoModule rec { 8 8 pname = "taproot-assets"; 9 - version = "0.5.1"; 9 + version = "0.6.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "lightninglabs"; 13 13 repo = "taproot-assets"; 14 14 rev = "v${version}"; 15 - hash = "sha256-R6x8M69HM7mC0XG5cAH5SwTzeoSicNwZx0ExAKwcI80="; 15 + hash = "sha256-ZLuV52W5WTNp45tnF1mmf+Snjd14604cKpnOjhabuoc="; 16 16 }; 17 17 18 - vendorHash = "sha256-aak2TNwAXpQLsMgOkeAyQM9f6logR5U+LS10g2Jtq1U="; 18 + vendorHash = "sha256-9Du4WHLltGqmJXDOs2t5dwK5dbFGxWn0EiEE47czW2M="; 19 19 20 20 subPackages = [ 21 21 "cmd/tapcli"

+65

pkgs/by-name/tl/tlsrpt-reporter/package.nix

··· 1 + { 2 + lib, 3 + asciidoctor, 4 + automake, 5 + installShellFiles, 6 + python3, 7 + fetchFromGitHub, 8 + nixosTests, 9 + }: 10 + 11 + python3.pkgs.buildPythonApplication rec { 12 + pname = "tlsrpt-reporter"; 13 + version = "0.5.0"; 14 + pyproject = true; 15 + 16 + outputs = [ 17 + "out" 18 + "man" 19 + ]; 20 + 21 + src = fetchFromGitHub { 22 + owner = "sys4"; 23 + repo = "tlsrpt-reporter"; 24 + tag = "v${version}"; 25 + hash = "sha256-IH8hJX9l+YonqOuszcMome4mjdIaedgGNIptxTyH1ng="; 26 + }; 27 + 28 + nativeBuildInputs = [ 29 + asciidoctor 30 + automake 31 + installShellFiles 32 + ]; 33 + 34 + build-system = [ 35 + python3.pkgs.hatchling 36 + ]; 37 + 38 + postBuild = '' 39 + make -C doc 40 + ''; 41 + 42 + postInstall = '' 43 + installManPage doc/*.1 44 + ''; 45 + 46 + nativeCheckInputs = [ 47 + python3.pkgs.pytestCheckHook 48 + ]; 49 + 50 + pythonImportsCheck = [ 51 + "tlsrpt_reporter" 52 + ]; 53 + 54 + passthru.tests = { 55 + inherit (nixosTests) tlsrpt; 56 + }; 57 + 58 + meta = { 59 + description = "Application suite to receive TLSRPT datagrams and to generate and deliver TLSRPT reports"; 60 + homepage = "https://github.com/sys4/tlsrpt-reporter"; 61 + changelog = "https://github.com/sys4/tlsrpt-reporter/blob/${src.tag}/CHANGELOG.md"; 62 + license = lib.licenses.gpl3Only; 63 + maintainers = with lib.maintainers; [ hexa ]; 64 + }; 65 + }

+7 -18

pkgs/by-name/tt/tty-solitaire/package.nix

··· 2 2 lib, 3 3 stdenv, 4 4 fetchFromGitHub, 5 - fetchpatch, 6 5 ncurses, 7 6 }: 8 7 9 - stdenv.mkDerivation rec { 8 + stdenv.mkDerivation (finalAttrs: { 10 9 pname = "tty-solitaire"; 11 - version = "1.3.1"; 10 + version = "1.4.1"; 12 11 13 12 src = fetchFromGitHub { 14 13 owner = "mpereira"; 15 14 repo = "tty-solitaire"; 16 - rev = "v${version}"; 17 - sha256 = "sha256-zMLNWJieHxHALFQoSkdAxGbUBGuZnznLX86lI3P21F0="; 15 + tag = "v${finalAttrs.version}"; 16 + hash = "sha256-8lEF1P2aKh0D4moCu54Z4Tv9xLFkZJzFuXJLo7oF9MQ="; 18 17 }; 19 18 20 - patches = [ 21 - # Patch pending upstream inclusion to support ncurses-6.3: 22 - # https://github.com/mpereira/tty-solitaire/pull/61 23 - (fetchpatch { 24 - name = "ncurses-6.3.patch"; 25 - url = "https://github.com/mpereira/tty-solitaire/commit/4d066c564d086ce272b78cb8f80717a7fb83c261.patch"; 26 - sha256 = "sha256-E1XVG0be6JH3K1y7UPap93s8xk8Nk0dKLdKHcJ7mA8E="; 27 - }) 28 - ]; 29 - 30 19 postPatch = '' 31 20 sed -i -e '/^CFLAGS *?= *-g *$/d' Makefile 32 21 ''; ··· 38 27 "PREFIX=${placeholder "out"}" 39 28 ]; 40 29 41 - meta = with lib; { 30 + meta = { 42 31 description = "Klondike Solitaire in your ncurses terminal"; 43 - license = licenses.mit; 32 + license = lib.licenses.mit; 44 33 homepage = "https://github.com/mpereira/tty-solitaire"; 45 34 platforms = ncurses.meta.platforms; 46 35 maintainers = [ ]; 47 36 mainProgram = "ttysolitaire"; 48 37 }; 49 - } 38 + })

+3 -3

pkgs/by-name/ty/ty/package.nix

··· 14 14 15 15 rustPlatform.buildRustPackage (finalAttrs: { 16 16 pname = "ty"; 17 - version = "0.0.1-alpha.10"; 17 + version = "0.0.1-alpha.11"; 18 18 19 19 src = fetchFromGitHub { 20 20 owner = "astral-sh"; 21 21 repo = "ty"; 22 22 tag = finalAttrs.version; 23 23 fetchSubmodules = true; 24 - hash = "sha256-0aBvCO3ohINxwX2qa07OY/WDZj6gq+z9my+B/yD03JQ="; 24 + hash = "sha256-ns78SUbCRGWl7fr+acN8yjrx3/odIYFqO/sOL/5ayLw="; 25 25 }; 26 26 27 27 # For Darwin platforms, remove the integration test for file notifications, ··· 35 35 36 36 cargoBuildFlags = [ "--package=ty" ]; 37 37 38 - cargoHash = "sha256-MLdB1vGLVnylvYj8/asbXq5fy8yw8dbZoi4fytknfR4="; 38 + cargoHash = "sha256-GNBQ522FX7Yly963/msRfiYKybpk+XDmn1rujfbO22A="; 39 39 40 40 nativeBuildInputs = [ installShellFiles ]; 41 41

+4 -4

pkgs/by-name/un/unison-ucm/package.nix

··· 14 14 15 15 stdenv.mkDerivation (finalAttrs: { 16 16 pname = "unison-code-manager"; 17 - version = "0.5.40"; 17 + version = "0.5.41"; 18 18 19 19 src = 20 20 { 21 21 aarch64-darwin = fetchurl { 22 22 url = "https://github.com/unisonweb/unison/releases/download/release/${finalAttrs.version}/ucm-macos-arm64.tar.gz"; 23 - hash = "sha256-KsypPKHyscOiPXy4ZeCZcUFGIV97lsnLREJp5KAGFcM="; 23 + hash = "sha256-0Zz8lc1s46y2JC6DAbJjahap+hsz1QuLRl4nGryhSxA="; 24 24 }; 25 25 x86_64-darwin = fetchurl { 26 26 url = "https://github.com/unisonweb/unison/releases/download/release/${finalAttrs.version}/ucm-macos-x64.tar.gz"; 27 - hash = "sha256-TpD2W+j7F83E+YPQRNe1K7fnNfpJEwt25ldB+nqQw7I="; 27 + hash = "sha256-O9H62uhWnOPQp7s4yUhnUXFyk0vNS4BAddaCru4n1GU="; 28 28 }; 29 29 x86_64-linux = fetchurl { 30 30 url = "https://github.com/unisonweb/unison/releases/download/release/${finalAttrs.version}/ucm-linux-x64.tar.gz"; 31 - hash = "sha256-o1Zx9Vmovl0b/QMVT9XGaRM6FphsIsZQZamYlJ6b6y0="; 31 + hash = "sha256-ul5PCDqjfpsMiZZaZaH04Mrv29U9uS/ik8KwFNmXbgg="; 32 32 }; 33 33 } 34 34 .${stdenv.hostPlatform.system} or (throw "Unsupported platform ${stdenv.hostPlatform.system}");

+48 -6

pkgs/by-name/ve/vectorcode/package.nix

··· 1 1 { 2 2 lib, 3 - python3Packages, 3 + cargo, 4 4 fetchFromGitHub, 5 5 installShellFiles, 6 + pkg-config, 7 + protobuf, 8 + python3, 9 + rustc, 10 + rustPlatform, 6 11 versionCheckHook, 7 12 8 13 lspSupport ? true, 9 14 }: 10 15 11 - python3Packages.buildPythonApplication rec { 16 + let 17 + python = python3.override { 18 + packageOverrides = self: super: { 19 + # https://github.com/Davidyz/VectorCode/pull/36 20 + chromadb = super.chromadb.overridePythonAttrs (old: rec { 21 + version = "0.6.3"; 22 + src = fetchFromGitHub { 23 + owner = "chroma-core"; 24 + repo = "chroma"; 25 + tag = version; 26 + hash = "sha256-yvAX8buETsdPvMQmRK5+WFz4fVaGIdNlfhSadtHwU5U="; 27 + }; 28 + cargoDeps = rustPlatform.fetchCargoVendor { 29 + pname = "chromadb"; 30 + inherit version src; 31 + hash = "sha256-lHRBXJa/OFNf4x7afEJw9XcuDveTBIy3XpQ3+19JXn4="; 32 + }; 33 + postPatch = null; 34 + build-system = with self; [ 35 + setuptools 36 + setuptools-scm 37 + ]; 38 + nativeBuildInputs = [ 39 + cargo 40 + pkg-config 41 + protobuf 42 + rustc 43 + rustPlatform.cargoSetupHook 44 + ]; 45 + dependencies = old.dependencies ++ [ 46 + self.chroma-hnswlib 47 + ]; 48 + doCheck = false; 49 + }); 50 + }; 51 + }; 52 + in 53 + python.pkgs.buildPythonApplication rec { 12 54 pname = "vectorcode"; 13 55 version = "0.6.10"; 14 56 pyproject = true; ··· 20 62 hash = "sha256-k9YpsVFV1HkIIIFPB7Iz7Jar+lY5vK6gpzNIlX55ZDY="; 21 63 }; 22 64 23 - build-system = with python3Packages; [ 65 + build-system = with python.pkgs; [ 24 66 pdm-backend 25 67 ]; 26 68 27 69 dependencies = 28 - with python3Packages; 70 + with python.pkgs; 29 71 [ 30 72 chromadb 31 73 colorlog ··· 44 86 ] 45 87 ++ lib.optionals lspSupport optional-dependencies.lsp; 46 88 47 - optional-dependencies = with python3Packages; { 89 + optional-dependencies = with python.pkgs; { 48 90 intel = [ 49 91 openvino 50 92 optimum ··· 77 119 installShellFiles 78 120 versionCheckHook 79 121 ] 80 - ++ (with python3Packages; [ 122 + ++ (with python.pkgs; [ 81 123 mcp 82 124 pygls 83 125 pytestCheckHook

+3 -3

pkgs/by-name/vh/vhs/package.nix

··· 12 12 13 13 buildGoModule rec { 14 14 pname = "vhs"; 15 - version = "0.9.0"; 15 + version = "0.10.0"; 16 16 17 17 src = fetchFromGitHub { 18 18 owner = "charmbracelet"; 19 19 repo = "vhs"; 20 20 rev = "v${version}"; 21 - hash = "sha256-ceY4zLd+4EwXpwunKiWnaAB25qutSK1b1SyIriAbAI0="; 21 + hash = "sha256-ZnE5G8kfj7qScsT+bZg90ze4scpUxeC6xF8dAhdUUCo="; 22 22 }; 23 23 24 - vendorHash = "sha256-2vRAI+Mm8Pzk3u4rndtwYnUlrAtjffe0kpoA1EHprQk="; 24 + vendorHash = "sha256-jmabOEFHduHzOBAymnxQrvYzXzxKnS1RqZZ0re3w63Y="; 25 25 26 26 nativeBuildInputs = [ 27 27 installShellFiles

+10 -20

pkgs/by-name/yt/ytree/0001-use-prefix-and-gzip-n.diff

··· 4 4 @@ -11,13 +11,13 @@ 5 5 # ADD_CFLAGS: Add -DVI_KEYS if you want vi-cursor-keys 6 6 # 7 - 7 + 8 8 -DESTDIR = /usr 9 9 +PREFIX = /usr 10 - 11 - ADD_CFLAGS = -O # -DVI_KEYS 12 - 10 + 11 + ADD_CFLAGS = # -DVI_KEYS 12 + 13 13 -BINDIR = $(DESTDIR)/bin 14 14 -MANDIR = $(DESTDIR)/share/man/man1 15 15 -MANESDIR = $(DESTDIR)/share/man/es/man1 16 16 +BINDIR = $(DESTDIR)$(PREFIX)/bin 17 17 +MANDIR = $(DESTDIR)$(PREFIX)/share/man/man1 18 18 +MANESDIR = $(DESTDIR)$(PREFIX)/share/man/es/man1 19 - 20 - 19 + 20 + 21 21 # Uncomment the lines for your system (default is linux) 22 - @@ -224,14 +224,14 @@ 23 - 22 + @@ -221,7 +221,7 @@ 24 23 install: $(MAIN) 24 + if [ ! -e $(BINDIR) ]; then mkdir -p $(BINDIR); fi 25 25 install $(MAIN) $(BINDIR) 26 26 - gzip -9c ytree.1 > ytree.1.gz 27 27 + gzip -n -9c ytree.1 > ytree.1.gz 28 - if [ -d $(MANDIR) ]; then install -m 0644 ytree.1.gz $(MANDIR)/; fi 29 - - gzip -9c ytree.1.es > ytree.1.es.gz 30 - + gzip -n -9c ytree.1.es > ytree.1.es.gz 31 - if [ -d $(MANESDIR) ]; then install -m 0644 ytree.1.es.gz $(MANESDIR)/; fi 32 - 33 - clean: 34 - rm -f core *.o *~ *.orig *.bak 35 - - 36 - + 37 - clobber: clean 38 - rm -f $(MAIN) ytree.1.es.gz ytree.1.gz 39 - 28 + if [ ! -e $(MANDIR) ]; then mkdir -p $(MANDIR); fi 29 + install -m 0644 ytree.1.gz $(MANDIR)/

+2 -2

pkgs/by-name/yt/ytree/package.nix

··· 8 8 9 9 stdenv.mkDerivation (finalAttrs: { 10 10 pname = "ytree"; 11 - version = "2.06"; 11 + version = "2.10"; 12 12 13 13 src = fetchurl { 14 14 url = "https://han.de/~werner/ytree-${finalAttrs.version}.tar.gz"; 15 - hash = "sha256-QRqI779ZnnytVUC7A7Zt0zyWexRwBnp+CVQcNvnvWeY="; 15 + hash = "sha256-O7u9MvVoza4+A/xzWxeD2MumBaLKYFbRuXEUPX3dUX0="; 16 16 }; 17 17 18 18 patches = [

+11 -2

pkgs/development/python-modules/google-genai/default.nix

··· 1 1 { 2 + aiohttp, 2 3 anyio, 3 4 buildPythonPackage, 4 5 fetchFromGitHub, 5 6 google-auth, 6 7 httpx, 7 8 lib, 9 + packaging, 10 + pkginfo, 8 11 pydantic, 9 12 pytestCheckHook, 10 13 requests, ··· 16 19 17 20 buildPythonPackage rec { 18 21 pname = "google-genai"; 19 - version = "1.19.0"; 22 + version = "1.20.0"; 20 23 pyproject = true; 21 24 22 25 src = fetchFromGitHub { 23 26 owner = "googleapis"; 24 27 repo = "python-genai"; 25 28 tag = "v${version}"; 26 - hash = "sha256-p9W34v1ToLwketM+wOfrouLLl9pFBljL5doykuZRINo="; 29 + hash = "sha256-7DwLIK3/VCVSt9lq0Q0IRbhfLXOWw1TbPpDgI4jr9cg="; 27 30 }; 28 31 29 32 build-system = [ 33 + packaging 34 + pkginfo 30 35 setuptools 31 36 twine 32 37 ]; ··· 42 47 typing-extensions 43 48 websockets 44 49 ]; 50 + 51 + optional-dependencies = { 52 + aiohttp = [ aiohttp ]; 53 + }; 45 54 46 55 pythonImportsCheck = [ "google.genai" ]; 47 56

+2 -2

pkgs/development/python-modules/openrazer/common.nix

··· 1 1 { lib, fetchFromGitHub }: 2 2 rec { 3 - version = "3.10.1"; 3 + version = "3.10.3"; 4 4 pyproject = true; 5 5 6 6 src = fetchFromGitHub { 7 7 owner = "openrazer"; 8 8 repo = "openrazer"; 9 9 tag = "v${version}"; 10 - hash = "sha256-igrGx7Y6ENtZatJCTAW43/0q6ZjljJ9/kU3QFli4yIU="; 10 + hash = "sha256-M5g3Rn9WuyudhWQfDooopjexEgGVB0rzfJsPg+dqwn4="; 11 11 }; 12 12 13 13 meta = {

+47

pkgs/development/python-modules/py-libnuma/default.nix

··· 1 + { 2 + lib, 3 + stdenv, 4 + buildPythonPackage, 5 + fetchFromGitHub, 6 + pythonOlder, 7 + setuptools, 8 + numactl, 9 + }: 10 + 11 + buildPythonPackage rec { 12 + pname = "py-libnuma"; 13 + version = "1.2"; 14 + pyproject = true; 15 + 16 + src = fetchFromGitHub { 17 + owner = "eedalong"; 18 + repo = "pynuma"; 19 + rev = "66cab0e008b850a04cfec5c4fb3f50bf28e3d488"; 20 + hash = "sha256-ALYCcdN5eXrVWsTRwkHCwo4xsLMs/du3mUl1xSlo5iU="; 21 + }; 22 + 23 + postPatch = '' 24 + substituteInPlace numa/__init__.py \ 25 + --replace-fail \ 26 + 'LIBNUMA = CDLL(find_library("numa"))' \ 27 + 'LIBNUMA = CDLL("${numactl}/lib/libnuma${stdenv.hostPlatform.extensions.sharedLibrary}")' 28 + ''; 29 + 30 + build-system = [ setuptools ]; 31 + 32 + dependencies = [ 33 + numactl 34 + ]; 35 + 36 + # Tests write NUMA configuration, which may be persistent until reboot. 37 + doCheck = false; 38 + 39 + pythonImportsCheck = [ "numa" ]; 40 + 41 + meta = { 42 + description = "Python3 Interface to numa Linux library"; 43 + homepage = "https://github.com/eedalong/pynuma"; 44 + platforms = lib.platforms.linux; 45 + license = lib.licenses.mit; 46 + }; 47 + }

+2 -2

pkgs/development/python-modules/txtai/default.nix

··· 93 93 pytestCheckHook, 94 94 }: 95 95 let 96 - version = "8.5.0"; 96 + version = "8.6.0"; 97 97 agent = [ 98 98 mcpadapt 99 99 smolagents ··· 240 240 owner = "neuml"; 241 241 repo = "txtai"; 242 242 tag = "v${version}"; 243 - hash = "sha256-kYjlA7pJ+xCC+tu0aaxziKaPo3hph5Ld8P/lVrip/eM="; 243 + hash = "sha256-xFGVX0Ustime6ttysY3dcOCWc+jB75xqpSDBuRetIJc="; 244 244 }; 245 245 in 246 246 buildPythonPackage {

+17 -4

pkgs/development/python-modules/vllm/0005-drop-intel-reqs.patch

··· 1 + From 7511784ceb9252091a9d63ac6b54dcc67dd2b262 Mon Sep 17 00:00:00 2001 2 + From: Conroy Cheers <conroy@corncheese.org> 3 + Date: Fri, 13 Jun 2025 17:42:10 +1000 4 + Subject: [PATCH] drop intel reqs 5 + 6 + --- 7 + requirements/cpu.txt | 3 --- 8 + 1 file changed, 3 deletions(-) 9 + 1 10 diff --git a/requirements/cpu.txt b/requirements/cpu.txt 2 - index 121330158..d41918883 100644 11 + index d7b0fc6d8..be2df751b 100644 3 12 --- a/requirements/cpu.txt 4 13 +++ b/requirements/cpu.txt 5 - @@ -20,7 +20,3 @@ datasets # for benchmark scripts 6 - 14 + @@ -24,8 +24,5 @@ datasets # for benchmark scripts 7 15 # cpu cannot use triton 3.3.0 8 16 triton==3.2.0; platform_machine == "x86_64" 9 - - 17 + 10 18 -# Intel Extension for PyTorch, only for x86_64 CPUs 11 19 -intel-openmp==2024.2.1; platform_machine == "x86_64" 12 20 -intel_extension_for_pytorch==2.7.0; platform_machine == "x86_64" 21 + py-libnuma; platform_system != "Darwin" 22 + psutil; platform_system != "Darwin" 23 + -- 24 + 2.49.0 25 +

+34 -25

pkgs/development/python-modules/vllm/default.nix

··· 3 3 stdenv, 4 4 python, 5 5 buildPythonPackage, 6 + pythonAtLeast, 6 7 fetchFromGitHub, 7 8 fetchpatch, 8 9 symlinkJoin, ··· 67 68 opentelemetry-exporter-otlp, 68 69 bitsandbytes, 69 70 flashinfer, 71 + py-libnuma, 70 72 71 73 # internal dependency - for overriding in overlays 72 74 vllm-flash-attn ? null, ··· 246 248 247 249 buildPythonPackage rec { 248 250 pname = "vllm"; 249 - version = "0.9.0.1"; 251 + version = "0.9.1"; 250 252 pyproject = true; 253 + 254 + # https://github.com/vllm-project/vllm/issues/12083 255 + disabled = pythonAtLeast "3.13"; 251 256 252 257 stdenv = torch.stdenv; 253 258 ··· 255 260 owner = "vllm-project"; 256 261 repo = "vllm"; 257 262 tag = "v${version}"; 258 - hash = "sha256-gNe/kdsDQno8Fd6mo29feWmbyC0c2+kljlVxY4v7R9U="; 263 + hash = "sha256-sp7rDpewTPXTVRBJHJMj+8pJDS6wAu0/OTJZwbPPqKc="; 259 264 }; 260 265 261 266 patches = [ ··· 264 269 url = "https://github.com/vllm-project/vllm/commit/6a5d7e45f52c3a13de43b8b4fa9033e3b342ebd2.patch"; 265 270 hash = "sha256-KYthqu+6XwsYYd80PtfrMMjuRV9+ionccr7EbjE4jJE="; 266 271 }) 272 + (fetchpatch { 273 + name = "fall-back-to-gloo-when-nccl-unavailable.patch"; 274 + url = "https://github.com/vllm-project/vllm/commit/aa131a94410683b0a02e74fed2ce95e6c2b6b030.patch"; 275 + hash = "sha256-jNlQZQ8xiW85JWyBjsPZ6FoRQsiG1J8bwzmQjnaWFBg="; 276 + }) 267 277 ./0002-setup.py-nix-support-respect-cmakeFlags.patch 268 278 ./0003-propagate-pythonpath.patch 269 279 ./0004-drop-lsmod.patch 270 280 ./0005-drop-intel-reqs.patch 271 281 ]; 272 282 273 - postPatch = 274 - '' 275 - # pythonRelaxDeps does not cover build-system 276 - substituteInPlace pyproject.toml \ 277 - --replace-fail "torch ==" "torch >=" 283 + postPatch = '' 284 + # pythonRelaxDeps does not cover build-system 285 + substituteInPlace pyproject.toml \ 286 + --replace-fail "torch ==" "torch >=" 278 287 279 - # Ignore the python version check because it hard-codes minor versions and 280 - # lags behind `ray`'s python interpreter support 281 - substituteInPlace CMakeLists.txt \ 282 - --replace-fail \ 283 - 'set(PYTHON_SUPPORTED_VERSIONS' \ 284 - 'set(PYTHON_SUPPORTED_VERSIONS "${lib.versions.majorMinor python.version}"' 288 + # Ignore the python version check because it hard-codes minor versions and 289 + # lags behind `ray`'s python interpreter support 290 + substituteInPlace CMakeLists.txt \ 291 + --replace-fail \ 292 + 'set(PYTHON_SUPPORTED_VERSIONS' \ 293 + 'set(PYTHON_SUPPORTED_VERSIONS "${lib.versions.majorMinor python.version}"' 285 294 286 - # Pass build environment PYTHONPATH to vLLM's Python configuration scripts 287 - substituteInPlace CMakeLists.txt \ 288 - --replace-fail '$PYTHONPATH' '$ENV{PYTHONPATH}' 289 - '' 290 - + lib.optionalString (nccl == null) '' 291 - # On platforms where NCCL is not supported (e.g. Jetson), substitute Gloo (provided by Torch) 292 - substituteInPlace vllm/distributed/parallel_state.py \ 293 - --replace-fail '"nccl"' '"gloo"' 294 - ''; 295 + # Pass build environment PYTHONPATH to vLLM's Python configuration scripts 296 + substituteInPlace CMakeLists.txt \ 297 + --replace-fail '$PYTHONPATH' '$ENV{PYTHONPATH}' 298 + ''; 295 299 296 300 nativeBuildInputs = 297 301 [ ··· 362 366 outlines 363 367 pandas 364 368 prometheus-fastapi-instrumentator 365 - psutil 366 369 py-cpuinfo 367 370 pyarrow 368 371 pydantic ··· 392 395 opentelemetry-api 393 396 opentelemetry-exporter-otlp 394 397 bitsandbytes 398 + # vLLM needs Torch's compiler to be present in order to use torch.compile 399 + torch.stdenv.cc 395 400 ] 396 401 ++ uvicorn.optional-dependencies.standard 397 402 ++ aioprometheus.optional-dependencies.starlette 403 + ++ lib.optionals stdenv.targetPlatform.isLinux [ 404 + py-libnuma 405 + psutil 406 + ] 398 407 ++ lib.optionals cudaSupport [ 399 408 cupy 400 409 pynvml ··· 404 413 dontUseCmakeConfigure = true; 405 414 cmakeFlags = 406 415 [ 416 + ] 417 + ++ lib.optionals cudaSupport [ 407 418 (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_CUTLASS" "${lib.getDev cutlass}") 408 419 (lib.cmakeFeature "FLASH_MLA_SRC_DIR" "${lib.getDev flashmla}") 409 420 (lib.cmakeFeature "VLLM_FLASH_ATTN_SRC_DIR" "${lib.getDev vllm-flash-attn'}") 410 - ] 411 - ++ lib.optionals cudaSupport [ 412 421 (lib.cmakeFeature "TORCH_CUDA_ARCH_LIST" "${gpuTargetString}") 413 422 (lib.cmakeFeature "CUTLASS_NVCC_ARCHS_ENABLED" "${cudaPackages.flags.cmakeCudaArchitecturesString}") 414 423 (lib.cmakeFeature "CUDA_TOOLKIT_ROOT_DIR" "${symlinkJoin {

+3 -3

pkgs/development/python-modules/whenever/default.nix

··· 20 20 21 21 buildPythonPackage rec { 22 22 pname = "whenever"; 23 - version = "0.8.0"; 23 + version = "0.8.5"; 24 24 pyproject = true; 25 25 26 26 disabled = pythonOlder "3.9"; ··· 29 29 owner = "ariebovenberg"; 30 30 repo = "whenever"; 31 31 tag = version; 32 - hash = "sha256-HeEuzOHT0EbmkbIH/yejKu54943ItUy8oY2ZlnEwgBA="; 32 + hash = "sha256-AXAvjCtSnm1B/2NlZzzYdlI7BPHIuwKAeF+AxDp0PYQ="; 33 33 }; 34 34 35 35 cargoDeps = rustPlatform.fetchCargoVendor { 36 36 inherit src; 37 - hash = "sha256-szNRzaswILPjMJ+QFUWSJPfB6mF+o78Qg6AWkkancuU="; 37 + hash = "sha256-qIIi1yKHaVz7NegOunzzdoQbeAavbdXPM4MBupLebDs="; 38 38 }; 39 39 40 40 build-system = [

+41

pkgs/development/python-modules/xgrammar/0001-fix-find-nanobind-from-python-module.patch

··· 1 + From c01e056ee845ae973ec36cc50125492ef8c02c12 Mon Sep 17 00:00:00 2001 2 + From: Conroy Cheers <conroy@corncheese.org> 3 + Date: Thu, 12 Jun 2025 17:45:27 +1000 4 + Subject: [PATCH] [Fix] find nanobind from Python module 5 + 6 + --- 7 + cpp/nanobind/CMakeLists.txt | 4 ++++ 8 + pyproject.toml | 2 +- 9 + 2 files changed, 5 insertions(+), 1 deletion(-) 10 + 11 + diff --git a/cpp/nanobind/CMakeLists.txt b/cpp/nanobind/CMakeLists.txt 12 + index 8ea5622..02500ac 100644 13 + --- a/cpp/nanobind/CMakeLists.txt 14 + +++ b/cpp/nanobind/CMakeLists.txt 15 + @@ -3,6 +3,10 @@ find_package( 16 + COMPONENTS Interpreter Development.Module 17 + REQUIRED 18 + ) 19 + + 20 + +execute_process( 21 + + COMMAND "${Python_EXECUTABLE}" -m nanobind --cmake_dir 22 + + OUTPUT_STRIP_TRAILING_WHITESPACE OUTPUT_VARIABLE nanobind_DIR) 23 + find_package(nanobind CONFIG REQUIRED) 24 + 25 + # Compile this source file seperately. Nanobind suggests to optimize bindings code for size, but 26 + diff --git a/pyproject.toml b/pyproject.toml 27 + index 11fae7d..d2078b1 100644 28 + --- a/pyproject.toml 29 + +++ b/pyproject.toml 30 + @@ -44,7 +44,7 @@ provider = "scikit_build_core.metadata.regex" 31 + input = "python/xgrammar/version.py" 32 + 33 + [build-system] 34 + -requires = ["scikit-build-core>=0.10.0", "nanobind==2.5.0"] 35 + +requires = ["scikit-build-core>=0.10.0", "nanobind>=2.5.0"] 36 + build-backend = "scikit_build_core.build" 37 + 38 + [tool.scikit-build] 39 + -- 40 + 2.49.0 41 +

+13 -4

pkgs/development/python-modules/xgrammar/default.nix

··· 7 7 # build-system 8 8 cmake, 9 9 ninja, 10 - pybind11, 10 + nanobind, 11 11 scikit-build-core, 12 12 13 13 # dependencies ··· 25 25 26 26 buildPythonPackage rec { 27 27 pname = "xgrammar"; 28 - version = "0.1.14"; 28 + version = "0.1.19"; 29 29 pyproject = true; 30 30 31 31 src = fetchFromGitHub { ··· 33 33 repo = "xgrammar"; 34 34 tag = "v${version}"; 35 35 fetchSubmodules = true; 36 - hash = "sha256-ohsoc3g5XUp9vSXxyOGj20wXzCXZC02ktHYVQjDqNeM="; 36 + hash = "sha256-0b2tJx1D/2X/uosbthHfevUpTCBtuSKNlxOKyidTotA="; 37 37 }; 38 38 39 + patches = [ 40 + ./0001-fix-find-nanobind-from-python-module.patch 41 + ]; 42 + 39 43 build-system = [ 40 44 cmake 41 45 ninja 42 - pybind11 46 + nanobind 43 47 scikit-build-core 44 48 ]; 45 49 dontUseCmakeConfigure = true; ··· 59 63 nativeCheckInputs = [ 60 64 pytestCheckHook 61 65 writableTmpDirAsHomeHook 66 + ]; 67 + 68 + NIX_CFLAGS_COMPILE = toString [ 69 + # xgrammar hardcodes -flto=auto while using static linking, which can cause linker errors without this additional flag. 70 + "-ffat-lto-objects" 62 71 ]; 63 72 64 73 disabledTests = [

+5 -3

pkgs/os-specific/linux/nvidia-x11/default.nix

··· 101 101 # Vulkan developer beta driver 102 102 # See here for more information: https://developer.nvidia.com/vulkan-driver 103 103 vulkan_beta = generic rec { 104 - version = "570.123.14"; 104 + version = "570.123.18"; 105 105 persistencedVersion = "550.142"; 106 106 settingsVersion = "550.142"; 107 - sha256_64bit = "sha256-Tkh/zjv2G4v5TV0VkR2urQiCNPYruVdNm0qXFQ7yAqk="; 108 - openSha256 = "sha256-1The9ceUuj0VuUshQw/gRRHzKbt+PrIlmWth2qkNIkg="; 107 + sha256_64bit = "sha256-GoBNatVpits13a3xsJSUr9BFG+5xrUDROfHmvss2cSY="; 108 + openSha256 = "sha256-AYl8En0ZAZXWlJ8J8LKbPvAEKX+y65L1aq4Hm+dJScs="; 109 109 settingsSha256 = "sha256-Wk6IlVvs23cB4s0aMeZzSvbOQqB1RnxGMv3HkKBoIgY="; 110 110 persistencedSha256 = "sha256-yQFrVk4i2dwReN0XoplkJ++iA1WFhnIkP7ns4ORmkFA="; 111 111 url = "https://developer.nvidia.com/downloads/vulkan-beta-${lib.concatStrings (lib.splitVersion version)}-linux"; 112 + 113 + broken = kernel.kernelAtLeast "6.15"; 112 114 }; 113 115 114 116 # data center driver compatible with current default cudaPackages

+2

pkgs/top-level/python-packages.nix

··· 12017 12017 12018 12018 py-improv-ble-client = callPackage ../development/python-modules/py-improv-ble-client { }; 12019 12019 12020 + py-libnuma = callPackage ../development/python-modules/py-libnuma { }; 12021 + 12020 12022 py-libzfs = callPackage ../development/python-modules/py-libzfs { }; 12021 12023 12022 12024 py-lru-cache = callPackage ../development/python-modules/py-lru-cache { };