commit 6e1ffe6ba3c38d429bd15079a0935f3a86ae5e2c · pyrox.dev/nixpkgs

+8

maintainers/maintainer-list.nix

··· 17025 17025 github = "mrcjkb"; 17026 17026 githubId = 12857160; 17027 17027 }; 17028 + mrdev023 = { 17029 + name = "Florian RICHER"; 17030 + email = "florian.richer@protonmail.com"; 17031 + matrix = "@mrdev023:matrix.org"; 17032 + github = "mrdev023"; 17033 + githubId = 11292703; 17034 + keys = [ { fingerprint = "B19E 3F4A 2D80 6AB4 793F DF2F C73D 37CB ED7B FC77"; } ]; 17035 + }; 17028 17036 mredaelli = { 17029 17037 email = "massimo@typish.io"; 17030 17038 github = "mredaelli";

+1 -1

nixos/modules/services/continuous-integration/woodpecker/agents.nix

··· 24 24 DOCKER_HOST = "unix:///run/podman/podman.sock"; 25 25 } 26 26 ''; 27 - description = "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; 27 + description = "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/configuration/agent)"; 28 28 }; 29 29 30 30 extraGroups = lib.mkOption {

+1 -1

nixos/modules/services/continuous-integration/woodpecker/server.nix

··· 27 27 WOODPECKER_GITEA_URL = "https://git.example.com"; 28 28 } 29 29 ''; 30 - description = "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; 30 + description = "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/configuration/server)"; 31 31 }; 32 32 environmentFile = lib.mkOption { 33 33 type = with lib.types; coercedTo path (f: [ f ]) (listOf path);

+15 -3

nixos/modules/services/web-apps/drupal.nix

··· 80 80 ''; 81 81 }; 82 82 83 + privateFilesDir = mkOption { 84 + type = types.path; 85 + default = "/var/lib/drupal/${name}/private"; 86 + defaultText = "/var/lib/drupal/<name>/private"; 87 + description = "The location of the Drupal private files directory."; 88 + }; 89 + 83 90 stateDir = mkOption { 84 91 type = types.path; 85 92 default = "/var/lib/drupal/${name}"; ··· 299 306 "Z '${cfg.modulesDir}' 0750 ${user} ${webserver.group} - -" 300 307 "d '${cfg.themesDir}' 0750 ${user} ${webserver.group} - -" 301 308 "Z '${cfg.themesDir}' 0750 ${user} ${webserver.group} - -" 309 + "d '${cfg.privateFilesDir}' 0750 ${user} ${webserver.group} - -" 302 310 ]) eachSite 303 311 ); 304 312 ··· 335 343 chown -R ${user}:${webserver.group} ${cfg.filesDir} 336 344 fi 337 345 338 - settings="${cfg.stateDir}/sites/default/settings.php" 346 + settings_file="${cfg.stateDir}/sites/default/settings.php" 339 347 defaultSettings="${cfg.package}/share/php/drupal/sites/default/default.settings.php" 340 348 341 349 if [ ! -f "$settings" ]; then 342 350 echo "Preparing settings.php for ${hostName}..." 343 - cp "$defaultSettings" "$settings" 344 - chmod 644 "$settings" 351 + cp "$defaultSettings" "$settings_file" 352 + chmod 644 "$settings_file" 353 + 354 + # Append settings to settings file 355 + printf "\n\n// NixOS Automatically Generated Settings\n" >> $settings_file 356 + printf "\$settings['file_private_path'] = '${cfg.privateFilesDir}';" >> $settings_file 345 357 fi 346 358 347 359 # Set or reset file permissions so that the web user and webserver owns them.

+4 -1

nixos/tests/all-tests.nix

··· 1553 1553 whoogle-search = runTest ./whoogle-search.nix; 1554 1554 wiki-js = runTest ./wiki-js.nix; 1555 1555 wine = handleTest ./wine.nix { }; 1556 - wireguard = handleTest ./wireguard { }; 1556 + wireguard = import ./wireguard { 1557 + inherit pkgs runTest; 1558 + inherit (pkgs) lib; 1559 + }; 1557 1560 wg-access-server = runTest ./wg-access-server.nix; 1558 1561 without-nix = runTest ./without-nix.nix; 1559 1562 wmderland = runTest ./wmderland.nix;

+97 -102

nixos/tests/wireguard/amneziawg-quick.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - nftables ? false, 7 - ... 8 - }: 9 - let 10 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 11 - peer = import ./make-peer.nix { inherit lib; }; 12 - commonConfig = { 13 - boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + nftables ? false, 5 + ... 6 + }: 7 + let 8 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 9 + peer = import ./make-peer.nix; 10 + commonConfig = 11 + { pkgs, ... }: 12 + { 13 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 14 14 networking.nftables.enable = nftables; 15 15 # Make sure iptables doesn't work with nftables enabled 16 16 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ]; 17 17 }; 18 - extraOptions = { 19 - Jc = 5; 20 - Jmin = 10; 21 - Jmax = 42; 22 - S1 = 60; 23 - S2 = 90; 24 - }; 25 - in 26 - { 27 - name = "amneziawg-quick"; 28 - meta = with pkgs.lib.maintainers; { 29 - maintainers = [ 30 - averyanalex 31 - azahi 32 - ]; 33 - }; 18 + extraOptions = { 19 + Jc = 5; 20 + Jmin = 10; 21 + Jmax = 42; 22 + S1 = 60; 23 + S2 = 90; 24 + }; 25 + in 26 + { 27 + name = "amneziawg-quick"; 28 + meta.maintainers = with lib.maintainers; [ 29 + averyanalex 30 + azahi 31 + ]; 34 32 35 - nodes = { 36 - peer0 = peer { 37 - ip4 = "192.168.0.1"; 38 - ip6 = "fd00::1"; 39 - extraConfig = lib.mkMerge [ 40 - commonConfig 41 - { 42 - networking.firewall.allowedUDPPorts = [ 23542 ]; 43 - networking.wg-quick.interfaces.wg0 = { 44 - type = "amneziawg"; 33 + nodes = { 34 + peer0 = peer { 35 + ip4 = "192.168.0.1"; 36 + ip6 = "fd00::1"; 37 + extraConfig = { 38 + imports = [ commonConfig ]; 45 39 46 - address = [ 47 - "10.23.42.1/32" 48 - "fc00::1/128" 49 - ]; 50 - listenPort = 23542; 40 + networking.firewall.allowedUDPPorts = [ 23542 ]; 41 + networking.wg-quick.interfaces.wg0 = { 42 + type = "amneziawg"; 43 + 44 + address = [ 45 + "10.23.42.1/32" 46 + "fc00::1/128" 47 + ]; 48 + listenPort = 23542; 51 49 52 - inherit (wg-snakeoil-keys.peer0) privateKey; 50 + inherit (wg-snakeoil-keys.peer0) privateKey; 53 51 54 - peers = lib.singleton { 55 - allowedIPs = [ 56 - "10.23.42.2/32" 57 - "fc00::2/128" 58 - ]; 52 + peers = lib.singleton { 53 + allowedIPs = [ 54 + "10.23.42.2/32" 55 + "fc00::2/128" 56 + ]; 59 57 60 - inherit (wg-snakeoil-keys.peer1) publicKey; 61 - }; 58 + inherit (wg-snakeoil-keys.peer1) publicKey; 59 + }; 62 60 63 - dns = [ 64 - "10.23.42.2" 65 - "fc00::2" 66 - "wg0" 67 - ]; 61 + dns = [ 62 + "10.23.42.2" 63 + "fc00::2" 64 + "wg0" 65 + ]; 68 66 69 - inherit extraOptions; 70 - }; 71 - } 72 - ]; 67 + inherit extraOptions; 68 + }; 73 69 }; 70 + }; 74 71 75 - peer1 = peer { 76 - ip4 = "192.168.0.2"; 77 - ip6 = "fd00::2"; 78 - extraConfig = lib.mkMerge [ 79 - commonConfig 80 - { 81 - networking.useNetworkd = true; 82 - networking.wg-quick.interfaces.wg0 = { 83 - type = "amneziawg"; 72 + peer1 = peer { 73 + ip4 = "192.168.0.2"; 74 + ip6 = "fd00::2"; 75 + extraConfig = { 76 + imports = [ commonConfig ]; 77 + 78 + networking.useNetworkd = true; 79 + networking.wg-quick.interfaces.wg0 = { 80 + type = "amneziawg"; 84 81 85 - address = [ 86 - "10.23.42.2/32" 87 - "fc00::2/128" 88 - ]; 89 - inherit (wg-snakeoil-keys.peer1) privateKey; 82 + address = [ 83 + "10.23.42.2/32" 84 + "fc00::2/128" 85 + ]; 86 + inherit (wg-snakeoil-keys.peer1) privateKey; 90 87 91 - peers = lib.singleton { 92 - allowedIPs = [ 93 - "0.0.0.0/0" 94 - "::/0" 95 - ]; 96 - endpoint = "192.168.0.1:23542"; 97 - persistentKeepalive = 25; 88 + peers = lib.singleton { 89 + allowedIPs = [ 90 + "0.0.0.0/0" 91 + "::/0" 92 + ]; 93 + endpoint = "192.168.0.1:23542"; 94 + persistentKeepalive = 25; 98 95 99 - inherit (wg-snakeoil-keys.peer0) publicKey; 100 - }; 96 + inherit (wg-snakeoil-keys.peer0) publicKey; 97 + }; 101 98 102 - dns = [ 103 - "10.23.42.1" 104 - "fc00::1" 105 - "wg0" 106 - ]; 99 + dns = [ 100 + "10.23.42.1" 101 + "fc00::1" 102 + "wg0" 103 + ]; 107 104 108 - inherit extraOptions; 109 - }; 110 - } 111 - ]; 105 + inherit extraOptions; 106 + }; 112 107 }; 113 108 }; 109 + }; 114 110 115 - testScript = '' 116 - start_all() 111 + testScript = '' 112 + start_all() 117 113 118 - peer0.wait_for_unit("wg-quick-wg0.service") 119 - peer1.wait_for_unit("wg-quick-wg0.service") 114 + peer0.wait_for_unit("wg-quick-wg0.service") 115 + peer1.wait_for_unit("wg-quick-wg0.service") 120 116 121 - peer1.succeed("ping -c5 fc00::1") 122 - peer1.succeed("ping -c5 10.23.42.1") 123 - ''; 124 - } 125 - ) 117 + peer1.succeed("ping -c5 fc00::1") 118 + peer1.succeed("ping -c5 10.23.42.1") 119 + ''; 120 + }

+50 -51

nixos/tests/wireguard/amneziawg.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - ... 7 - }: 8 - let 9 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 10 - peer = (import ./make-peer.nix) { inherit lib; }; 11 - extraOptions = { 12 - Jc = 5; 13 - Jmin = 10; 14 - Jmax = 42; 15 - S1 = 60; 16 - S2 = 90; 17 - }; 18 - in 19 - { 20 - name = "amneziawg"; 21 - meta = with pkgs.lib.maintainers; { 22 - maintainers = [ 23 - averyanalex 24 - azahi 25 - ]; 26 - }; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + ... 5 + }: 6 + let 7 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 8 + peer = import ./make-peer.nix; 9 + extraOptions = { 10 + Jc = 5; 11 + Jmin = 10; 12 + Jmax = 42; 13 + S1 = 60; 14 + S2 = 90; 15 + }; 16 + in 17 + { 18 + name = "amneziawg"; 19 + meta.maintainers = with lib.maintainers; [ 20 + averyanalex 21 + azahi 22 + ]; 27 23 28 - nodes = { 29 - peer0 = peer { 30 - ip4 = "192.168.0.1"; 31 - ip6 = "fd00::1"; 32 - extraConfig = { 33 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 24 + nodes = { 25 + peer0 = peer { 26 + ip4 = "192.168.0.1"; 27 + ip6 = "fd00::1"; 28 + extraConfig = 29 + { lib, pkgs, ... }: 30 + { 31 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 34 32 networking.firewall.allowedUDPPorts = [ 23542 ]; 35 33 networking.wireguard.interfaces.wg0 = { 36 34 type = "amneziawg"; ··· 54 52 inherit extraOptions; 55 53 }; 56 54 }; 57 - }; 55 + }; 58 56 59 - peer1 = peer { 60 - ip4 = "192.168.0.2"; 61 - ip6 = "fd00::2"; 62 - extraConfig = { 63 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 57 + peer1 = peer { 58 + ip4 = "192.168.0.2"; 59 + ip6 = "fd00::2"; 60 + extraConfig = 61 + { lib, pkgs, ... }: 62 + { 63 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 64 64 networking.wireguard.interfaces.wg0 = { 65 65 type = "amneziawg"; 66 66 ips = [ ··· 85 85 86 86 postSetup = 87 87 let 88 - inherit (pkgs) iproute2; 88 + ip = lib.getExe' pkgs.iproute2 "ip"; 89 89 in 90 90 '' 91 - ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0 92 - ${iproute2}/bin/ip route replace fc00::1/128 dev wg0 91 + ${ip} route replace 10.23.42.1/32 dev wg0 92 + ${ip} route replace fc00::1/128 dev wg0 93 93 ''; 94 94 95 95 inherit extraOptions; 96 96 }; 97 97 }; 98 - }; 99 98 }; 99 + }; 100 100 101 - testScript = '' 102 - start_all() 101 + testScript = '' 102 + start_all() 103 103 104 - peer0.wait_for_unit("wireguard-wg0.service") 105 - peer1.wait_for_unit("wireguard-wg0.service") 104 + peer0.wait_for_unit("wireguard-wg0.service") 105 + peer1.wait_for_unit("wireguard-wg0.service") 106 106 107 - peer1.succeed("ping -c5 fc00::1") 108 - peer1.succeed("ping -c5 10.23.42.1") 109 - ''; 110 - } 111 - ) 107 + peer1.succeed("ping -c5 fc00::1") 108 + peer1.succeed("ping -c5 10.23.42.1") 109 + ''; 110 + }

+40 -41

nixos/tests/wireguard/basic.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - ... 7 - }: 8 - let 9 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 10 - peer = (import ./make-peer.nix) { inherit lib; }; 11 - in 12 - { 13 - name = "wireguard"; 14 - meta = with pkgs.lib.maintainers; { 15 - maintainers = [ ma27 ]; 16 - }; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + ... 5 + }: 6 + let 7 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 8 + peer = import ./make-peer.nix; 9 + in 10 + { 11 + name = "wireguard"; 12 + meta.maintainers = with lib.maintainers; [ ma27 ]; 17 13 18 - nodes = { 19 - peer0 = peer { 20 - ip4 = "192.168.0.1"; 21 - ip6 = "fd00::1"; 22 - extraConfig = { 23 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 14 + nodes = { 15 + peer0 = peer { 16 + ip4 = "192.168.0.1"; 17 + ip6 = "fd00::1"; 18 + extraConfig = 19 + { lib, pkgs, ... }: 20 + { 21 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 24 22 networking.firewall.allowedUDPPorts = [ 23542 ]; 25 23 networking.wireguard.interfaces.wg0 = { 26 24 ips = [ ··· 41 39 }; 42 40 }; 43 41 }; 44 - }; 42 + }; 45 43 46 - peer1 = peer { 47 - ip4 = "192.168.0.2"; 48 - ip6 = "fd00::2"; 49 - extraConfig = { 50 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 44 + peer1 = peer { 45 + ip4 = "192.168.0.2"; 46 + ip6 = "fd00::2"; 47 + extraConfig = 48 + { lib, pkgs, ... }: 49 + { 50 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 51 51 networking.wireguard.interfaces.wg0 = { 52 52 ips = [ 53 53 "10.23.42.2/32" ··· 71 71 72 72 postSetup = 73 73 let 74 - inherit (pkgs) iproute2; 74 + ip = lib.getExe' pkgs.iproute2 "ip"; 75 75 in 76 76 '' 77 - ${iproute2}/bin/ip route replace 10.23.42.1/32 dev wg0 78 - ${iproute2}/bin/ip route replace fc00::1/128 dev wg0 77 + ${ip} route replace 10.23.42.1/32 dev wg0 78 + ${ip} route replace fc00::1/128 dev wg0 79 79 ''; 80 80 }; 81 81 }; 82 - }; 83 82 }; 83 + }; 84 84 85 - testScript = '' 86 - start_all() 85 + testScript = '' 86 + start_all() 87 87 88 - peer0.wait_for_unit("wireguard-wg0.service") 89 - peer1.wait_for_unit("wireguard-wg0.service") 88 + peer0.wait_for_unit("wireguard-wg0.service") 89 + peer1.wait_for_unit("wireguard-wg0.service") 90 90 91 - peer1.succeed("ping -c5 fc00::1") 92 - peer1.succeed("ping -c5 10.23.42.1") 93 - ''; 94 - } 95 - ) 91 + peer1.succeed("ping -c5 fc00::1") 92 + peer1.succeed("ping -c5 10.23.42.1") 93 + ''; 94 + }

+19 -16

nixos/tests/wireguard/default.nix

··· 1 1 { 2 - system ? builtins.currentSystem, 3 - config ? { }, 4 - pkgs ? import ../../.. { inherit system config; }, 2 + runTest, 3 + lib, 4 + pkgs, 5 5 # Test current default (LTS) and latest kernel 6 6 kernelVersionsToTest ? [ 7 - (pkgs.lib.versions.majorMinor pkgs.linuxPackages.kernel.version) 7 + (lib.versions.majorMinor pkgs.linuxPackages.kernel.version) 8 8 "latest" 9 9 ], 10 10 }: 11 11 12 - with pkgs.lib; 13 - 14 12 let 15 13 tests = 16 14 let 17 - callTest = p: args: import p ({ inherit system pkgs; } // args); 15 + callTest = 16 + p: args: 17 + runTest { 18 + imports = [ p ]; 19 + _module = { inherit args; }; 20 + }; 18 21 in 19 22 { 20 23 basic = callTest ./basic.nix; 21 24 amneziawg = callTest ./amneziawg.nix; 22 25 namespaces = callTest ./namespaces.nix; 23 26 networkd = callTest ./networkd.nix; 24 - wg-quick = callTest ./wg-quick.nix; 27 + wg-quick = args: callTest ./wg-quick.nix ({ nftables = false; } // args); 25 28 wg-quick-nftables = args: callTest ./wg-quick.nix ({ nftables = true; } // args); 26 - amneziawg-quick = callTest ./amneziawg-quick.nix; 29 + amneziawg-quick = args: callTest ./amneziawg-quick.nix ({ nftables = false; } // args); 27 30 generated = callTest ./generated.nix; 28 - dynamic-refresh = callTest ./dynamic-refresh.nix; 31 + dynamic-refresh = args: callTest ./dynamic-refresh.nix ({ useNetworkd = false; } // args); 29 32 dynamic-refresh-networkd = args: callTest ./dynamic-refresh.nix ({ useNetworkd = true; } // args); 30 33 }; 31 34 in 32 35 33 - listToAttrs ( 34 - flip concatMap kernelVersionsToTest ( 36 + lib.listToAttrs ( 37 + lib.flip lib.concatMap kernelVersionsToTest ( 35 38 version: 36 39 let 37 - v' = replaceStrings [ "." ] [ "_" ] version; 40 + v' = lib.replaceString "." "_" version; 38 41 in 39 - flip mapAttrsToList tests ( 42 + lib.flip lib.mapAttrsToList tests ( 40 43 name: test: 41 - nameValuePair "wireguard-${name}-linux-${v'}" (test { 44 + lib.nameValuePair "wireguard-${name}-linux-${v'}" (test { 42 45 kernelPackages = 43 - if v' == "latest" then pkgs.linuxPackages_latest else pkgs.linuxKernel.packages."linux_${v'}"; 46 + pkgs: if v' == "latest" then pkgs.linuxPackages_latest else pkgs.linuxKernel.packages."linux_${v'}"; 44 47 }) 45 48 ) 46 49 )

+69 -67

nixos/tests/wireguard/dynamic-refresh.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - useNetworkd ? false, 7 - ... 8 - }: 9 - let 10 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 11 - in 12 - { 13 - name = "wireguard-dynamic-refresh"; 14 - meta = with lib.maintainers; { 15 - maintainers = [ majiir ]; 16 - }; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + useNetworkd ? false, 5 + ... 6 + }: 7 + let 8 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 9 + in 10 + { 11 + name = "wireguard-dynamic-refresh"; 12 + meta.maintainers = with lib.maintainers; [ majiir ]; 17 13 18 - nodes = { 19 - server = { 14 + nodes = { 15 + server = 16 + { lib, pkgs, ... }: 17 + { 20 18 virtualisation.vlans = [ 21 19 1 22 20 2 23 21 ]; 24 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 22 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 25 23 networking.firewall.allowedUDPPorts = [ 23542 ]; 26 24 networking.useDHCP = false; 27 25 networking.wireguard.useNetworkd = useNetworkd; ··· 40 38 }; 41 39 }; 42 40 43 - client = 44 - { nodes, ... }: 45 - { 46 - virtualisation.vlans = [ 47 - 1 48 - 2 49 - ]; 50 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 51 - networking.useDHCP = false; 52 - networking.wireguard.useNetworkd = useNetworkd; 53 - networking.wireguard.interfaces.wg0 = { 54 - ips = [ "10.23.42.2/32" ]; 41 + client = 42 + { 43 + nodes, 44 + lib, 45 + pkgs, 46 + ... 47 + }: 48 + { 49 + virtualisation.vlans = [ 50 + 1 51 + 2 52 + ]; 53 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 54 + networking.useDHCP = false; 55 + networking.wireguard.useNetworkd = useNetworkd; 56 + networking.wireguard.interfaces.wg0 = { 57 + ips = [ "10.23.42.2/32" ]; 55 58 56 - # !!! Don't do this with real keys. The /nix store is world-readable! 57 - privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer1.privateKey); 59 + # !!! Don't do this with real keys. The /nix store is world-readable! 60 + privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer1.privateKey); 58 61 59 - dynamicEndpointRefreshSeconds = 2; 62 + dynamicEndpointRefreshSeconds = 2; 60 63 61 - peers = lib.singleton { 62 - allowedIPs = [ 63 - "0.0.0.0/0" 64 - "::/0" 65 - ]; 66 - endpoint = "server:23542"; 64 + peers = lib.singleton { 65 + allowedIPs = [ 66 + "0.0.0.0/0" 67 + "::/0" 68 + ]; 69 + endpoint = "server:23542"; 67 70 68 - inherit (wg-snakeoil-keys.peer0) publicKey; 69 - }; 71 + inherit (wg-snakeoil-keys.peer0) publicKey; 70 72 }; 73 + }; 71 74 72 - specialisation.update-hosts.configuration = { 73 - networking.extraHosts = 74 - let 75 - testCfg = nodes.server.virtualisation.test; 76 - in 77 - lib.mkForce "192.168.2.${toString testCfg.nodeNumber} ${testCfg.nodeName}"; 78 - }; 75 + specialisation.update-hosts.configuration = { 76 + networking.extraHosts = 77 + let 78 + testCfg = nodes.server.virtualisation.test; 79 + in 80 + lib.mkForce "192.168.2.${toString testCfg.nodeNumber} ${testCfg.nodeName}"; 79 81 }; 80 - }; 82 + }; 83 + }; 81 84 82 - testScript = 83 - { nodes, ... }: 84 - '' 85 - start_all() 85 + testScript = 86 + { nodes, ... }: 87 + '' 88 + start_all() 86 89 87 - server.systemctl("start network-online.target") 88 - server.wait_for_unit("network-online.target") 90 + server.systemctl("start network-online.target") 91 + server.wait_for_unit("network-online.target") 89 92 90 - client.systemctl("start network-online.target") 91 - client.wait_for_unit("network-online.target") 93 + client.systemctl("start network-online.target") 94 + client.wait_for_unit("network-online.target") 92 95 93 - client.succeed("ping -n -w 1 -c 1 10.23.42.1") 96 + client.succeed("ping -n -w 1 -c 1 10.23.42.1") 94 97 95 - client.succeed("ip link set down eth1") 98 + client.succeed("ip link set down eth1") 96 99 97 - client.fail("ping -n -w 1 -c 1 10.23.42.1") 100 + client.fail("ping -n -w 1 -c 1 10.23.42.1") 98 101 99 - with client.nested("update hosts file"): 100 - client.succeed("${nodes.client.system.build.toplevel}/specialisation/update-hosts/bin/switch-to-configuration test") 102 + with client.nested("update hosts file"): 103 + client.succeed("${nodes.client.system.build.toplevel}/specialisation/update-hosts/bin/switch-to-configuration test") 101 104 102 - client.succeed("sleep 5 && ping -n -w 1 -c 1 10.23.42.1") 103 - ''; 104 - } 105 - ) 105 + client.succeed("sleep 5 && ping -n -w 1 -c 1 10.23.42.1") 106 + ''; 107 + }

+47 -48

nixos/tests/wireguard/generated.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - ... 7 - }: 8 - { 9 - name = "wireguard-generated"; 10 - meta = with pkgs.lib.maintainers; { 11 - maintainers = [ 12 - ma27 13 - grahamc 14 - ]; 15 - }; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + ... 5 + }: 6 + { 7 + name = "wireguard-generated"; 8 + meta.maintainers = with lib.maintainers; [ 9 + ma27 10 + grahamc 11 + ]; 16 12 17 - nodes = { 18 - peer1 = { 19 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 13 + nodes = { 14 + peer1 = 15 + { lib, pkgs, ... }: 16 + { 17 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 20 18 networking.firewall.allowedUDPPorts = [ 12345 ]; 21 19 networking.wireguard.interfaces.wg0 = { 22 20 ips = [ "10.10.10.1/24" ]; ··· 27 25 }; 28 26 }; 29 27 30 - peer2 = { 31 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 28 + peer2 = 29 + { lib, pkgs, ... }: 30 + { 31 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 32 32 networking.firewall.allowedUDPPorts = [ 12345 ]; 33 33 networking.wireguard.interfaces.wg0 = { 34 34 ips = [ "10.10.10.2/24" ]; ··· 37 37 generatePrivateKeyFile = true; 38 38 }; 39 39 }; 40 - }; 40 + }; 41 41 42 - testScript = '' 43 - start_all() 42 + testScript = '' 43 + start_all() 44 44 45 - peer1.wait_for_unit("wireguard-wg0.service") 46 - peer2.wait_for_unit("wireguard-wg0.service") 45 + peer1.wait_for_unit("wireguard-wg0.service") 46 + peer2.wait_for_unit("wireguard-wg0.service") 47 47 48 - retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private") 49 - if retcode != 0: 50 - raise Exception("Could not read public key from peer1") 48 + retcode, peer1pubkey = peer1.execute("wg pubkey < /etc/wireguard/private") 49 + if retcode != 0: 50 + raise Exception("Could not read public key from peer1") 51 51 52 - retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private") 53 - if retcode != 0: 54 - raise Exception("Could not read public key from peer2") 52 + retcode, peer2pubkey = peer2.execute("wg pubkey < /etc/wireguard/private") 53 + if retcode != 0: 54 + raise Exception("Could not read public key from peer2") 55 55 56 - peer1.succeed( 57 - "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format( 58 - peer2pubkey.strip() 59 - ) 60 - ) 61 - peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main") 56 + peer1.succeed( 57 + "wg set wg0 peer {} allowed-ips 10.10.10.2/32 endpoint 192.168.1.2:12345 persistent-keepalive 1".format( 58 + peer2pubkey.strip() 59 + ) 60 + ) 61 + peer1.succeed("ip route replace 10.10.10.2/32 dev wg0 table main") 62 62 63 - peer2.succeed( 64 - "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format( 65 - peer1pubkey.strip() 66 - ) 67 - ) 68 - peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main") 63 + peer2.succeed( 64 + "wg set wg0 peer {} allowed-ips 10.10.10.1/32 endpoint 192.168.1.1:12345 persistent-keepalive 1".format( 65 + peer1pubkey.strip() 66 + ) 67 + ) 68 + peer2.succeed("ip route replace 10.10.10.1/32 dev wg0 table main") 69 69 70 - peer1.succeed("ping -c1 10.10.10.2") 71 - peer2.succeed("ping -c1 10.10.10.1") 72 - ''; 73 - } 74 - ) 70 + peer1.succeed("ping -c1 10.10.10.2") 71 + peer2.succeed("ping -c1 10.10.10.1") 72 + ''; 73 + }

+27 -26

nixos/tests/wireguard/make-peer.nix

··· 1 - { lib, ... }: 2 1 { 3 2 ip4, 4 3 ip6, 5 4 extraConfig, 6 5 }: 7 - lib.mkMerge [ 8 - { 9 - boot.kernel.sysctl = { 10 - "net.ipv6.conf.all.forwarding" = "1"; 11 - "net.ipv6.conf.default.forwarding" = "1"; 12 - "net.ipv4.ip_forward" = "1"; 13 - }; 6 + { 7 + imports = [ 8 + { 9 + boot.kernel.sysctl = { 10 + "net.ipv6.conf.all.forwarding" = "1"; 11 + "net.ipv6.conf.default.forwarding" = "1"; 12 + "net.ipv4.ip_forward" = "1"; 13 + }; 14 14 15 - networking.useDHCP = false; 16 - networking.interfaces.eth1 = { 17 - ipv4.addresses = [ 18 - { 19 - address = ip4; 20 - prefixLength = 24; 21 - } 22 - ]; 23 - ipv6.addresses = [ 24 - { 25 - address = ip6; 26 - prefixLength = 64; 27 - } 28 - ]; 29 - }; 30 - } 31 - extraConfig 32 - ] 15 + networking.useDHCP = false; 16 + networking.interfaces.eth1 = { 17 + ipv4.addresses = [ 18 + { 19 + address = ip4; 20 + prefixLength = 24; 21 + } 22 + ]; 23 + ipv6.addresses = [ 24 + { 25 + address = ip6; 26 + prefixLength = 64; 27 + } 28 + ]; 29 + }; 30 + } 31 + extraConfig 32 + ]; 33 + }

+44 -43

nixos/tests/wireguard/namespaces.nix

··· 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + ... 5 + }: 1 6 let 2 7 listenPort = 12345; 3 8 socketNamespace = "foo"; ··· 10 15 generatePrivateKeyFile = true; 11 16 }; 12 17 }; 13 - 14 18 in 15 - 16 - import ../make-test-python.nix ( 17 - { 18 - pkgs, 19 - lib, 20 - kernelPackages ? null, 21 - ... 22 - }: 23 - { 24 - name = "wireguard-with-namespaces"; 25 - meta = with pkgs.lib.maintainers; { 26 - maintainers = [ asymmetric ]; 27 - }; 19 + { 20 + name = "wireguard-with-namespaces"; 21 + meta.maintainers = with lib.maintainers; [ asymmetric ]; 28 22 29 - nodes = { 30 - # interface should be created in the socketNamespace 31 - # and not moved from there 32 - peer0 = pkgs.lib.attrsets.recursiveUpdate node { 33 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 23 + nodes = { 24 + # interface should be created in the socketNamespace 25 + # and not moved from there 26 + peer0 = 27 + { lib, pkgs, ... }: 28 + lib.attrsets.recursiveUpdate node { 29 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 34 30 networking.wireguard.interfaces.wg0 = { 35 31 preSetup = '' 36 32 ip netns add ${socketNamespace} ··· 38 34 inherit socketNamespace; 39 35 }; 40 36 }; 41 - # interface should be created in the init namespace 42 - # and moved to the interfaceNamespace 43 - peer1 = pkgs.lib.attrsets.recursiveUpdate node { 44 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 37 + # interface should be created in the init namespace 38 + # and moved to the interfaceNamespace 39 + peer1 = 40 + { lib, pkgs, ... }: 41 + lib.attrsets.recursiveUpdate node { 42 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 45 43 networking.wireguard.interfaces.wg0 = { 46 44 preSetup = '' 47 45 ip netns add ${interfaceNamespace} ··· 50 48 inherit interfaceNamespace; 51 49 }; 52 50 }; 53 - # interface should be created in the socketNamespace 54 - # and moved to the interfaceNamespace 55 - peer2 = pkgs.lib.attrsets.recursiveUpdate node { 56 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 51 + # interface should be created in the socketNamespace 52 + # and moved to the interfaceNamespace 53 + peer2 = 54 + { lib, pkgs, ... }: 55 + lib.attrsets.recursiveUpdate node { 56 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 57 57 networking.wireguard.interfaces.wg0 = { 58 58 preSetup = '' 59 59 ip netns add ${socketNamespace} ··· 62 62 inherit socketNamespace interfaceNamespace; 63 63 }; 64 64 }; 65 - # interface should be created in the socketNamespace 66 - # and moved to the init namespace 67 - peer3 = pkgs.lib.attrsets.recursiveUpdate node { 68 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 65 + # interface should be created in the socketNamespace 66 + # and moved to the init namespace 67 + peer3 = 68 + { lib, pkgs, ... }: 69 + lib.attrsets.recursiveUpdate node { 70 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 69 71 networking.wireguard.interfaces.wg0 = { 70 72 preSetup = '' 71 73 ip netns add ${socketNamespace} ··· 74 76 interfaceNamespace = "init"; 75 77 }; 76 78 }; 77 - }; 79 + }; 78 80 79 - testScript = '' 80 - start_all() 81 + testScript = '' 82 + start_all() 81 83 82 - for machine in peer0, peer1, peer2, peer3: 83 - machine.wait_for_unit("wireguard-wg0.service") 84 + for machine in peer0, peer1, peer2, peer3: 85 + machine.wait_for_unit("wireguard-wg0.service") 84 86 85 - peer0.succeed("ip -n ${socketNamespace} link show wg0") 86 - peer1.succeed("ip -n ${interfaceNamespace} link show wg0") 87 - peer2.succeed("ip -n ${interfaceNamespace} link show wg0") 88 - peer3.succeed("ip link show wg0") 89 - ''; 90 - } 91 - ) 87 + peer0.succeed("ip -n ${socketNamespace} link show wg0") 88 + peer1.succeed("ip -n ${interfaceNamespace} link show wg0") 89 + peer2.succeed("ip -n ${interfaceNamespace} link show wg0") 90 + peer3.succeed("ip link show wg0") 91 + ''; 92 + }

+42 -43

nixos/tests/wireguard/networkd.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - ... 7 - }: 8 - let 9 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 10 - peer = (import ./make-peer.nix) { inherit lib; }; 11 - in 12 - { 13 - name = "wireguard-networkd"; 14 - meta = with pkgs.lib.maintainers; { 15 - maintainers = [ majiir ]; 16 - }; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + ... 5 + }: 6 + let 7 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 8 + peer = import ./make-peer.nix; 9 + in 10 + { 11 + name = "wireguard-networkd"; 12 + meta.maintainers = with lib.maintainers; [ majiir ]; 17 13 18 - nodes = { 19 - peer0 = peer { 20 - ip4 = "192.168.0.1"; 21 - ip6 = "fd00::1"; 22 - extraConfig = { 23 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 14 + nodes = { 15 + peer0 = peer { 16 + ip4 = "192.168.0.1"; 17 + ip6 = "fd00::1"; 18 + extraConfig = 19 + { lib, pkgs, ... }: 20 + { 21 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 24 22 networking.firewall.allowedUDPPorts = [ 23542 ]; 25 23 networking.wireguard.useNetworkd = true; 26 24 networking.wireguard.interfaces.wg0 = { ··· 46 44 }; 47 45 }; 48 46 }; 49 - }; 47 + }; 50 48 51 - peer1 = peer { 52 - ip4 = "192.168.0.2"; 53 - ip6 = "fd00::2"; 54 - extraConfig = { 55 - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; 49 + peer1 = peer { 50 + ip4 = "192.168.0.2"; 51 + ip6 = "fd00::2"; 52 + extraConfig = 53 + { lib, pkgs, ... }: 54 + { 55 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 56 56 networking.wireguard.useNetworkd = true; 57 57 networking.wireguard.interfaces.wg0 = { 58 58 ips = [ ··· 79 79 }; 80 80 }; 81 81 }; 82 - }; 83 82 }; 83 + }; 84 84 85 - testScript = '' 86 - start_all() 85 + testScript = '' 86 + start_all() 87 87 88 - peer0.systemctl("start network-online.target") 89 - peer0.wait_for_unit("network-online.target") 88 + peer0.systemctl("start network-online.target") 89 + peer0.wait_for_unit("network-online.target") 90 90 91 - peer1.systemctl("start network-online.target") 92 - peer1.wait_for_unit("network-online.target") 91 + peer1.systemctl("start network-online.target") 92 + peer1.wait_for_unit("network-online.target") 93 93 94 - peer1.succeed("ping -c5 fc00::1") 95 - peer1.succeed("ping -c5 10.23.42.1") 94 + peer1.succeed("ping -c5 fc00::1") 95 + peer1.succeed("ping -c5 10.23.42.1") 96 96 97 - with subtest("Has PSK set"): 98 - peer0.succeed("wg | grep 'preshared key'") 99 - peer1.succeed("wg | grep 'preshared key'") 100 - ''; 101 - } 102 - ) 97 + with subtest("Has PSK set"): 98 + peer0.succeed("wg | grep 'preshared key'") 99 + peer1.succeed("wg | grep 'preshared key'") 100 + ''; 101 + }

+82 -85

nixos/tests/wireguard/wg-quick.nix

··· 1 - import ../make-test-python.nix ( 2 - { 3 - pkgs, 4 - lib, 5 - kernelPackages ? null, 6 - nftables ? false, 7 - ... 8 - }: 9 - let 10 - wg-snakeoil-keys = import ./snakeoil-keys.nix; 11 - peer = import ./make-peer.nix { inherit lib; }; 12 - commonConfig = { 13 - boot.kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages; 1 + { 2 + lib, 3 + kernelPackages ? null, 4 + nftables ? false, 5 + ... 6 + }: 7 + let 8 + wg-snakeoil-keys = import ./snakeoil-keys.nix; 9 + peer = import ./make-peer.nix; 10 + commonConfig = 11 + { pkgs, ... }: 12 + { 13 + boot.kernelPackages = lib.mkIf (kernelPackages != null) (kernelPackages pkgs); 14 14 networking.nftables.enable = nftables; 15 15 # Make sure iptables doesn't work with nftables enabled 16 16 boot.blacklistedKernelModules = lib.mkIf nftables [ "nft_compat" ]; 17 17 }; 18 - in 19 - { 20 - name = "wg-quick"; 18 + in 19 + { 20 + name = "wg-quick"; 21 21 22 - nodes = { 23 - peer0 = peer { 24 - ip4 = "192.168.0.1"; 25 - ip6 = "fd00::1"; 26 - extraConfig = lib.mkMerge [ 27 - commonConfig 28 - { 29 - networking.firewall.allowedUDPPorts = [ 23542 ]; 30 - networking.wg-quick.interfaces.wg0 = { 31 - address = [ 32 - "10.23.42.1/32" 33 - "fc00::1/128" 34 - ]; 35 - listenPort = 23542; 22 + nodes = { 23 + peer0 = peer { 24 + ip4 = "192.168.0.1"; 25 + ip6 = "fd00::1"; 26 + extraConfig = { 27 + imports = [ commonConfig ]; 36 28 37 - inherit (wg-snakeoil-keys.peer0) privateKey; 29 + networking.firewall.allowedUDPPorts = [ 23542 ]; 30 + networking.wg-quick.interfaces.wg0 = { 31 + address = [ 32 + "10.23.42.1/32" 33 + "fc00::1/128" 34 + ]; 35 + listenPort = 23542; 38 36 39 - peers = lib.singleton { 40 - allowedIPs = [ 41 - "10.23.42.2/32" 42 - "fc00::2/128" 43 - ]; 37 + inherit (wg-snakeoil-keys.peer0) privateKey; 38 + 39 + peers = lib.singleton { 40 + allowedIPs = [ 41 + "10.23.42.2/32" 42 + "fc00::2/128" 43 + ]; 44 44 45 - inherit (wg-snakeoil-keys.peer1) publicKey; 46 - }; 45 + inherit (wg-snakeoil-keys.peer1) publicKey; 46 + }; 47 47 48 - dns = [ 49 - "10.23.42.2" 50 - "fc00::2" 51 - "wg0" 52 - ]; 53 - }; 54 - } 55 - ]; 48 + dns = [ 49 + "10.23.42.2" 50 + "fc00::2" 51 + "wg0" 52 + ]; 53 + }; 56 54 }; 55 + }; 57 56 58 - peer1 = peer { 59 - ip4 = "192.168.0.2"; 60 - ip6 = "fd00::2"; 61 - extraConfig = lib.mkMerge [ 62 - commonConfig 63 - { 64 - networking.useNetworkd = true; 65 - networking.wg-quick.interfaces.wg0 = { 66 - address = [ 67 - "10.23.42.2/32" 68 - "fc00::2/128" 69 - ]; 70 - inherit (wg-snakeoil-keys.peer1) privateKey; 57 + peer1 = peer { 58 + ip4 = "192.168.0.2"; 59 + ip6 = "fd00::2"; 60 + extraConfig = { 61 + imports = [ commonConfig ]; 71 62 72 - peers = lib.singleton { 73 - allowedIPs = [ 74 - "0.0.0.0/0" 75 - "::/0" 76 - ]; 77 - endpoint = "192.168.0.1:23542"; 78 - persistentKeepalive = 25; 63 + networking.useNetworkd = true; 64 + networking.wg-quick.interfaces.wg0 = { 65 + address = [ 66 + "10.23.42.2/32" 67 + "fc00::2/128" 68 + ]; 69 + inherit (wg-snakeoil-keys.peer1) privateKey; 70 + 71 + peers = lib.singleton { 72 + allowedIPs = [ 73 + "0.0.0.0/0" 74 + "::/0" 75 + ]; 76 + endpoint = "192.168.0.1:23542"; 77 + persistentKeepalive = 25; 79 78 80 - inherit (wg-snakeoil-keys.peer0) publicKey; 81 - }; 79 + inherit (wg-snakeoil-keys.peer0) publicKey; 80 + }; 82 81 83 - dns = [ 84 - "10.23.42.1" 85 - "fc00::1" 86 - "wg0" 87 - ]; 88 - }; 89 - } 90 - ]; 82 + dns = [ 83 + "10.23.42.1" 84 + "fc00::1" 85 + "wg0" 86 + ]; 87 + }; 91 88 }; 92 89 }; 90 + }; 93 91 94 - testScript = '' 95 - start_all() 92 + testScript = '' 93 + start_all() 96 94 97 - peer0.wait_for_unit("wg-quick-wg0.service") 98 - peer1.wait_for_unit("wg-quick-wg0.service") 95 + peer0.wait_for_unit("wg-quick-wg0.service") 96 + peer1.wait_for_unit("wg-quick-wg0.service") 99 97 100 - peer1.succeed("ping -c5 fc00::1") 101 - peer1.succeed("ping -c5 10.23.42.1") 102 - ''; 103 - } 104 - ) 98 + peer1.succeed("ping -c5 fc00::1") 99 + peer1.succeed("ping -c5 10.23.42.1") 100 + ''; 101 + }

pkgs/applications/networking/cluster/krane/Gemfile pkgs/by-name/kr/krane/Gemfile

pkgs/applications/networking/cluster/krane/Gemfile.lock pkgs/by-name/kr/krane/Gemfile.lock

+3 -3

pkgs/applications/networking/cluster/krane/default.nix pkgs/by-name/kr/krane/package.nix

··· 11 11 12 12 passthru.updateScript = bundlerUpdateScript "krane"; 13 13 14 - meta = with lib; { 14 + meta = { 15 15 description = "Command-line tool that helps you ship changes to a Kubernetes namespace and understand the result"; 16 16 homepage = "https://github.com/Shopify/krane"; 17 17 changelog = "https://github.com/Shopify/krane/blob/main/CHANGELOG.md"; 18 - license = licenses.mit; 19 - maintainers = with maintainers; [ kira-bruneau ]; 18 + license = lib.licenses.mit; 19 + maintainers = with lib.maintainers; [ kira-bruneau ]; 20 20 }; 21 21 }

pkgs/applications/networking/cluster/krane/gemset.nix pkgs/by-name/kr/krane/gemset.nix

+2 -6

pkgs/by-name/_0/_0verkill/package.nix

··· 2 2 lib, 3 3 gccStdenv, 4 4 fetchFromGitHub, 5 - autoreconfHook269, 5 + autoreconfHook, 6 6 xorgproto, 7 7 libX11, 8 8 libXpm, ··· 19 19 sha256 = "WO7PN192HhcDl6iHIbVbH7MVMi1Tl2KyQbDa9DWRO6M="; 20 20 }; 21 21 22 - nativeBuildInputs = [ autoreconfHook269 ]; 22 + nativeBuildInputs = [ autoreconfHook ]; 23 23 buildInputs = [ 24 24 libX11 25 25 xorgproto ··· 27 27 ]; 28 28 29 29 configureFlags = [ "--with-x" ]; 30 - 31 - preAutoreconf = '' 32 - autoupdate 33 - ''; 34 30 35 31 # The code needs an update for gcc-10: 36 32 # https://github.com/hackndev/0verkill/issues/7

+3 -3

pkgs/by-name/ba/bark-server/package.nix

··· 8 8 9 9 buildGoModule (finalAttrs: { 10 10 pname = "bark-server"; 11 - version = "2.2.1"; 11 + version = "2.2.5"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "Finb"; 15 15 repo = "bark-server"; 16 16 tag = "v${finalAttrs.version}"; 17 - hash = "sha256-wwb3k68tjdmN+dy5CKJoUIScLXzNucq6wXy1HgXNa/0="; 17 + hash = "sha256-Fe0PXwwVCrvoMTYMoTUkQaT6kVDdGPadFLkTDRhlh5U="; 18 18 # populate values that require us to use git. By doing this in postFetch we 19 19 # can delete .git afterwards and maintain better reproducibility of the src. 20 20 leaveDotGit = true; ··· 27 27 ''; 28 28 }; 29 29 30 - vendorHash = "sha256-FTzSlliphTukCNf+cGGKWK798SARdEkE2HpfWS8ZlNc="; 30 + vendorHash = "sha256-lpRxwCF+3+32FSn5XQ551l2ONtyuA9ewDQgwHgYUnT0="; 31 31 32 32 ldflags = [ 33 33 "-s"

+2 -2

pkgs/by-name/ba/basedpyright/package.nix

··· 16 16 17 17 buildNpmPackage rec { 18 18 pname = "basedpyright"; 19 - version = "1.30.1"; 19 + version = "1.31.0"; 20 20 21 21 src = fetchFromGitHub { 22 22 owner = "detachhead"; 23 23 repo = "basedpyright"; 24 24 tag = "v${version}"; 25 - hash = "sha256-YPjeiRg7vIpb9k32og6byWMk+EfhDS9MwfJveAndbQQ="; 25 + hash = "sha256-vgOo44ZvuySxQP9qJC7kXUVkOT1RhJ+/giqNBTCzpAg="; 26 26 }; 27 27 28 28 npmDepsHash = "sha256-aJte4ApeXJQ9EYn87Uo+Xx7s+wi80I1JsZHeqklHGs4=";

+3 -2

pkgs/by-name/ch/chawan/package.nix

··· 16 16 17 17 stdenv.mkDerivation (finalAttrs: { 18 18 pname = "chawan"; 19 - version = "0.2.0"; 19 + version = "0.2.1"; 20 20 21 21 src = fetchFromSourcehut { 22 22 owner = "~bptato"; 23 23 repo = "chawan"; 24 24 rev = "v${finalAttrs.version}"; 25 - hash = "sha256-DiA7SEXPJTScdoFeGzH45wZP6gZRU8t/fvJLOufuNmU="; 25 + hash = "sha256-n0hyAT6XuNJTpjLlYiiDER1xrz8nwT+Q2kSkg28Y8zE="; 26 26 }; 27 27 28 28 patches = [ ./mancha-augment-path.diff ]; ··· 78 78 meta = { 79 79 description = "Lightweight and featureful terminal web browser"; 80 80 homepage = "https://sr.ht/~bptato/chawan/"; 81 + changelog = "https://git.sr.ht/~bptato/chawan/refs/v${finalAttrs.version}"; 81 82 license = lib.licenses.publicDomain; 82 83 platforms = lib.platforms.unix; 83 84 maintainers = with lib.maintainers; [ ];

+3 -3

pkgs/by-name/cl/cloud-hypervisor/package.nix

··· 10 10 11 11 rustPlatform.buildRustPackage rec { 12 12 pname = "cloud-hypervisor"; 13 - version = "46.0"; 13 + version = "47.0"; 14 14 15 15 src = fetchFromGitHub { 16 16 owner = "cloud-hypervisor"; 17 17 repo = "cloud-hypervisor"; 18 18 rev = "v${version}"; 19 - hash = "sha256-3jFZgcTyjbAB4Ka8ZHeqorlVTkAvXJ2No32038xK0Pc="; 19 + hash = "sha256-NzvK6gKu7pWwTqLaeDKyYedIjzRa85k9PGUGfeA2Y4c="; 20 20 }; 21 21 22 22 useFetchCargoVendor = true; 23 - cargoHash = "sha256-Zllj6HGRgI1tT8EODGOpSgmw3F89ie9Y1hChTrvwskg="; 23 + cargoHash = "sha256-s3lBlYbE9xoLov8JWeX89A7J00tCISoCDHHBoEcILus="; 24 24 25 25 separateDebugInfo = true; 26 26

+2 -2

pkgs/by-name/ea/easyeffects/package.nix

··· 48 48 49 49 stdenv.mkDerivation rec { 50 50 pname = "easyeffects"; 51 - version = "7.2.4"; 51 + version = "7.2.5"; 52 52 53 53 src = fetchFromGitHub { 54 54 owner = "wwmm"; 55 55 repo = "easyeffects"; 56 56 tag = "v${version}"; 57 - hash = "sha256-C+zorQ7AFx72eOHUtjCHB2/1i1gnAoSMfEB+dWJIXHM="; 57 + hash = "sha256-w3Mb13LOSF8vgcdJrqbesLqyyilI5AoA19jFquE5lEw="; 58 58 }; 59 59 60 60 nativeBuildInputs = [

+3 -3

pkgs/by-name/el/element-desktop/element-desktop-pin.nix

··· 1 1 { 2 - "version" = "1.11.105"; 2 + "version" = "1.11.106"; 3 3 "hashes" = { 4 - "desktopSrcHash" = "sha256-9btwbHHl1tiUBTMBltNdy8K/PHJOf3HKPWEPyAYz6+s="; 5 - "desktopYarnHash" = "sha256-VumuYbbJlJCtmENeR/qHGl9jhF1xgIUib5CW7kGdToo="; 4 + "desktopSrcHash" = "sha256-uQUd84MtwMTGhhw83pQk9jI79pNKBVTWJLz8dyT/SE4="; 5 + "desktopYarnHash" = "sha256-WZYRPU3ZswAtUAZDJnlELLU1JImO3uFaYHQl+kJOeqk="; 6 6 }; 7 7 }

+3 -3

pkgs/by-name/el/element-web-unwrapped/element-web-pin.nix

··· 1 1 { 2 - "version" = "1.11.105"; 2 + "version" = "1.11.106"; 3 3 "hashes" = { 4 - "webSrcHash" = "sha256-IGpSpv1dfOnT6AQGzRYWE/eGW262i7mYGC4DmUnMwlk="; 5 - "webYarnHash" = "sha256-cigiAKAJaOSCVaPThGhGi0HZYMZY8i3nnBT5PS7QVNg="; 4 + "webSrcHash" = "sha256-1l7A+cpXAsTmNbRZgFevPh7Tr/uMHDJkOCNHoc5lGX8="; 5 + "webYarnHash" = "sha256-N+aVIKLqTc9lwATYtoIHl7KGiREtWJdMa8bxEv60LQo="; 6 6 }; 7 7 }

+3 -3

pkgs/by-name/et/etesync-dav/package.nix

··· 8 8 }: 9 9 python3Packages.buildPythonApplication rec { 10 10 pname = "etesync-dav"; 11 - version = "0.34.0"; 12 - format = "pyproject"; 11 + version = "0.35.0"; 12 + pyproject = true; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "etesync"; 16 16 repo = "etesync-dav"; 17 17 tag = "v${version}"; 18 - hash = "sha256-+rNqyksOmDUh0OuvgEDWv6tuZQkn1gizz35Ptr6izos="; 18 + hash = "sha256-CD02nuA9GD/oe7mjExUHIftkPxM1pZQKyDalXSoOhXY="; 19 19 }; 20 20 21 21 build-system = with python3Packages; [ setuptools ];

+3 -3

pkgs/by-name/ga/gash/package.nix

··· 8 8 9 9 stdenv.mkDerivation (finalAttrs: { 10 10 pname = "gash"; 11 - version = "0.3.0"; 11 + version = "0.3.1"; 12 12 13 13 src = fetchurl { 14 - url = "mirror://savannah/gash/gash-${finalAttrs.version}.tar.gz"; 15 - hash = "sha256-VGrsaRBo1nfFjd/BVpXbn4CGFuGfpzMi1Ppno8iXwqk="; 14 + url = "mirror://gnu/guix/mirror/gash-${finalAttrs.version}.tar.gz"; 15 + hash = "sha256-RwPWo+Kg3ztZCC1Ku7vJXlr2Fp/OZGCTjC7O6eaPPBk="; 16 16 }; 17 17 18 18 strictDeps = true;

+3 -3

pkgs/by-name/lo/loco/package.nix

··· 6 6 }: 7 7 rustPlatform.buildRustPackage rec { 8 8 pname = "loco"; 9 - version = "0.15.0"; 9 + version = "0.16.1"; 10 10 11 11 src = fetchCrate { 12 12 inherit pname version; 13 - hash = "sha256-sTPFDdiYmw+ODAcuBh4XXpSXVZbbYxfjr+WiTGit18E="; 13 + hash = "sha256-5mg2caScI1sxKtadw8IP/yxDOdPN+RRqHXdsWr2R0FY="; 14 14 }; 15 15 16 16 useFetchCargoVendor = true; 17 - cargoHash = "sha256-EsNFdk7bLRzyfncDRxqS0CQGdtPFdRRSlpTTxbQ8csI="; 17 + cargoHash = "sha256-SFNaTo6fV7xhmkqK8SuFOjXeDDYN4+KTbF9DfpEX+dI="; 18 18 19 19 #Skip trycmd integration tests 20 20 checkFlags = [ "--skip=cli_tests" ];

+7 -3

pkgs/by-name/lz/lzbench/package.nix

··· 6 6 7 7 stdenv.mkDerivation rec { 8 8 pname = "lzbench"; 9 - version = "2.0.1"; 9 + version = "2.1"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "inikep"; 13 13 repo = "lzbench"; 14 14 rev = "v${version}"; 15 - sha256 = "sha256-946AcnD9z60Oihm2pseS8D5j6pGdYeCxmhTLNcW9Mmc="; 15 + sha256 = "sha256-JyK5Hah3X4zwmli44HEO62BYfNg7BBd0+DLlljeHmRc="; 16 16 }; 17 17 18 18 enableParallelBuilding = true; ··· 25 25 meta = with lib; { 26 26 inherit (src.meta) homepage; 27 27 description = "In-memory benchmark of open-source LZ77/LZSS/LZMA compressors"; 28 - license = licenses.free; 28 + license = with licenses; [ 29 + gpl2Only 30 + gpl3Only 31 + ]; 29 32 platforms = platforms.all; 33 + maintainers = with lib.maintainers; [ videl ]; 30 34 mainProgram = "lzbench"; 31 35 }; 32 36 }

+9 -9

pkgs/by-name/mi/mirrord/manifest.json

··· 1 1 { 2 - "version": "3.149.0", 2 + "version": "3.152.1", 3 3 "assets": { 4 4 "x86_64-linux": { 5 - "url": "https://github.com/metalbear-co/mirrord/releases/download/3.149.0/mirrord_linux_x86_64", 6 - "hash": "sha256-sRg0p9A8azjSSQLTltgfi62GaA0VI2bLKuL2P2hB2E8=" 5 + "url": "https://github.com/metalbear-co/mirrord/releases/download/3.152.1/mirrord_linux_x86_64", 6 + "hash": "sha256-iHGwnqJQ2uEyi3Mvtkce3YU38nuHjPL0x5cSbDZ4RXk=" 7 7 }, 8 8 "aarch64-linux": { 9 - "url": "https://github.com/metalbear-co/mirrord/releases/download/3.149.0/mirrord_linux_aarch64", 10 - "hash": "sha256-gbDNJh1rycJ/WzBA/wy6eLscjNQ7ktCV+CrlorCF95A=" 9 + "url": "https://github.com/metalbear-co/mirrord/releases/download/3.152.1/mirrord_linux_aarch64", 10 + "hash": "sha256-6Ef5MRVUF7bNMNCFbSpUvZK6JoTdgWi/QhiqVuQIW5E=" 11 11 }, 12 12 "aarch64-darwin": { 13 - "url": "https://github.com/metalbear-co/mirrord/releases/download/3.149.0/mirrord_mac_universal", 14 - "hash": "sha256-vUPuTc69yn71tLzSH6DdzWKc/yoHergglF7iL+R7PLE=" 13 + "url": "https://github.com/metalbear-co/mirrord/releases/download/3.152.1/mirrord_mac_universal", 14 + "hash": "sha256-GzUpt+3GkWdMTXK1O5Daki1ASoHtf6DbufyTy5HRcm4=" 15 15 }, 16 16 "x86_64-darwin": { 17 - "url": "https://github.com/metalbear-co/mirrord/releases/download/3.149.0/mirrord_mac_universal", 18 - "hash": "sha256-vUPuTc69yn71tLzSH6DdzWKc/yoHergglF7iL+R7PLE=" 17 + "url": "https://github.com/metalbear-co/mirrord/releases/download/3.152.1/mirrord_mac_universal", 18 + "hash": "sha256-GzUpt+3GkWdMTXK1O5Daki1ASoHtf6DbufyTy5HRcm4=" 19 19 } 20 20 } 21 21 }

+2 -2

pkgs/by-name/mk/mkbrr/package.nix

··· 7 7 8 8 buildGoModule (finalAttrs: { 9 9 pname = "mkbrr"; 10 - version = "1.13.0"; 10 + version = "1.13.1"; 11 11 12 12 src = fetchFromGitHub { 13 13 owner = "autobrr"; 14 14 repo = "mkbrr"; 15 15 tag = "v${finalAttrs.version}"; 16 - hash = "sha256-E5UiV7JoMzmnj8/LzVDqOuPNSockgmExmc0B9+KjGII="; 16 + hash = "sha256-fX58/PRTVhUATWX5HOTtf6d6lmSRuE3xSrg/Qtzv/rs="; 17 17 }; 18 18 19 19 vendorHash = "sha256-G8WM5x99UZfAZUkE5W37Ogx/OKk8JypPzGBrIuBOFNo=";

+8

pkgs/by-name/nu/nudoku/package.nix

··· 2 2 lib, 3 3 stdenv, 4 4 fetchFromGitHub, 5 + fetchpatch2, 5 6 autoreconfHook, 6 7 pkg-config, 7 8 gettext, ··· 18 19 rev = version; 19 20 hash = "sha256-aOtP23kNd15DdV6on7o80QnEf0CiUBubHfFE8M1mhg0="; 20 21 }; 22 + 23 + patches = [ 24 + (fetchpatch2 { 25 + url = "https://github.com/jubalh/nudoku/commit/c5fd9156d2d1f2c95a5d87b07adeaee90a7f911d.patch?full_index=1"; 26 + hash = "sha256-nvLKAUCDY3fQWjybVX8DaMBdk5CaegRRb/ENTI9kJ9k="; 27 + }) 28 + ]; 21 29 22 30 nativeBuildInputs = [ 23 31 autoreconfHook

+3 -3

pkgs/by-name/s7/s7/package.nix

··· 19 19 20 20 stdenv.mkDerivation (finalAttrs: { 21 21 pname = "s7"; 22 - version = "11.5-unstable-2025-07-14"; 22 + version = "11.5-unstable-2025-07-22"; 23 23 24 24 src = fetchFromGitLab { 25 25 domain = "cm-gitlab.stanford.edu"; 26 26 owner = "bil"; 27 27 repo = "s7"; 28 - rev = "df56e55d023d0ed9c5be5a4fb6cd7a7f4cbc22fe"; 29 - hash = "sha256-iFOT7tTCTxOmLKj11NFTJ87ybE7XvLpRVQZgBTEjMbQ="; 28 + rev = "03939f855e15f84f9113a92271cdfa0a09b28a67"; 29 + hash = "sha256-n6Uattns9TxXRi1lz/adexa13nlYXSp0usTT9uZ47JY="; 30 30 }; 31 31 32 32 buildInputs = [

+3 -3

pkgs/by-name/st/starlark/package.nix

··· 6 6 }: 7 7 buildGoModule { 8 8 pname = "starlark"; 9 - version = "0-unstable-2025-07-01"; 9 + version = "0-unstable-2025-07-17"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "google"; 13 13 repo = "starlark-go"; 14 - rev = "d457b4515e0ec7aa889d395a3d5b60732e814e73"; 15 - hash = "sha256-UUZPYYjAB6Hz+jUEmnyHM+MBDbHLt8XBSm1LKFzvxrM="; 14 + rev = "336a4b3a6d1d23d37a9ac38a44af558c94c2f37a"; 15 + hash = "sha256-FXZCwGS/OaVwYa6q14OSLYvntYItfwRvn0M/P8rbnNg="; 16 16 }; 17 17 18 18 vendorHash = "sha256-8drlCBy+KROyqXzm/c+HBe/bMVOyvwRoLHxOApJhMfo=";

+3 -3

pkgs/by-name/ta/talosctl/package.nix

··· 8 8 9 9 buildGoModule rec { 10 10 pname = "talosctl"; 11 - version = "1.10.4"; 11 + version = "1.10.5"; 12 12 13 13 src = fetchFromGitHub { 14 14 owner = "siderolabs"; 15 15 repo = "talos"; 16 16 tag = "v${version}"; 17 - hash = "sha256-TWaORaR+3PTc+KqWuZiR5HpsuY7ox5BjQ72F8uYRzWQ="; 17 + hash = "sha256-s+vRJ0qFhsgLiRpQfUnf/p6bcjQq40ISTB042iE7eBQ="; 18 18 }; 19 19 20 - vendorHash = "sha256-SDSWWhj3MTuNASZOujKz2M3glO1dhg0cS2pdfeZXyPk="; 20 + vendorHash = "sha256-lYfyW3BEqlzf2wesZwNqQPdjSKRRldEbOeyRri4GwvQ="; 21 21 22 22 ldflags = [ 23 23 "-s"

+3 -3

pkgs/by-name/to/tokyonight-gtk-theme/package.nix

··· 71 71 stdenvNoCC.mkDerivation 72 72 { 73 73 inherit pname; 74 - version = "0-unstable-2025-04-24"; 74 + version = "0-unstable-2025-07-21"; 75 75 76 76 src = fetchFromGitHub { 77 77 owner = "Fausto-Korpsvart"; 78 78 repo = "Tokyonight-GTK-Theme"; 79 - rev = "006154c78dde52b5851347a7e91f924af62f1b8f"; 80 - hash = "sha256-h5k9p++zjzxGFkTK/6o/ISl/Litgf6fzy8Jf6Ikt5V8="; 79 + rev = "803334a2d85ff60597e1ddd6a593462acc570298"; 80 + hash = "sha256-aJWyMz1FZnGOH5YXiGa9NBlNY5JRw7J7SWqt5XGKznU="; 81 81 }; 82 82 83 83 propagatedUserEnvPkgs = [ gtk-engine-murrine ];

+3 -3

pkgs/by-name/uv/uv/package.nix

··· 18 18 19 19 rustPlatform.buildRustPackage (finalAttrs: { 20 20 pname = "uv"; 21 - version = "0.8.0"; 21 + version = "0.8.2"; 22 22 23 23 src = fetchFromGitHub { 24 24 owner = "astral-sh"; 25 25 repo = "uv"; 26 26 tag = finalAttrs.version; 27 - hash = "sha256-iVwiXen/VNxXQxlF7cg9qGz61cEoszNgWB3XHdl750I="; 27 + hash = "sha256-qMXXkf2hLyzd+4H85kGHiQIdAbvhMA2z+1z05ZF0hts="; 28 28 }; 29 29 30 - cargoHash = "sha256-Bw8/AAGcdE3qL0TENj4hMrOG89MLUQauMfpTmlgXdk8="; 30 + cargoHash = "sha256-G5mLFKy/khHlP32/VFudtJJC1CWpBNyx4yPx1Gc8pcY="; 31 31 32 32 buildInputs = [ 33 33 rust-jemalloc-sys

+3 -3

pkgs/by-name/yq/yq-go/package.nix

··· 10 10 11 11 buildGoModule (finalAttrs: { 12 12 pname = "yq-go"; 13 - version = "4.46.1"; 13 + version = "4.47.1"; 14 14 15 15 src = fetchFromGitHub { 16 16 owner = "mikefarah"; 17 17 repo = "yq"; 18 18 tag = "v${finalAttrs.version}"; 19 - hash = "sha256-lMmcqAe1A/ET/2Dju6Gj0+I/g4z23EmtuRio0NYTHws="; 19 + hash = "sha256-r9vHXDviQADv7yIwwzCHKjvHSNzZnJATwiWAaFW4vXs="; 20 20 }; 21 21 22 - vendorHash = "sha256-wfn8u8I4dyAD4PbeiQGSai1gQ2ZDFBi2mysZVKa0mkA="; 22 + vendorHash = "sha256-mG9rKla2ZSEbOvSlV6jl7MBoo0dDI//CMcR2hLET4K4="; 23 23 24 24 nativeBuildInputs = [ installShellFiles ]; 25 25

+36

pkgs/development/ocaml-modules/camlgpc/default.nix

··· 1 + { 2 + buildDunePackage, 3 + fetchFromGitHub, 4 + fetchpatch, 5 + lib, 6 + }: 7 + 8 + let 9 + pname = "camlgpc"; 10 + version = "1.2"; 11 + in 12 + buildDunePackage { 13 + inherit pname version; 14 + src = fetchFromGitHub { 15 + owner = "johnwhitington"; 16 + repo = pname; 17 + rev = "v${version}"; 18 + hash = "sha256-+Dx8BuRlxb8xh41jHskrNcKGV/HgedauLt1vo1tADHw="; 19 + }; 20 + patches = [ 21 + (fetchpatch { 22 + name = "camlgpc-pr-5-switch-to-dune"; 23 + url = "https://github.com/johnwhitington/camlgpc/pull/5.diff"; 24 + hash = "sha256-znm+mX60RwYNCYXwm9HYCO8BRbzUM0Bm6dI1f1FzncA="; 25 + }) 26 + ]; 27 + propagatedBuildInputs = [ ]; 28 + doCheck = true; 29 + checkInputs = [ ]; 30 + meta = { 31 + description = "OCaml interface to Alan Murta's General Polygon Clipper"; 32 + homepage = "https://github.com/johnwhitington/camlgpc"; 33 + license = lib.licenses.mit; 34 + maintainers = [ lib.maintainers.vog ]; 35 + }; 36 + }

+6 -1

pkgs/development/ocaml-modules/ocaml-lsp/jsonrpc.nix

··· 10 10 ocaml, 11 11 version ? 12 12 if lib.versionAtLeast ocaml.version "5.3" then 13 - "1.22.0" 13 + "1.23.0" 14 14 else if lib.versionAtLeast ocaml.version "5.2" then 15 15 "1.21.0" 16 16 else if lib.versionAtLeast ocaml.version "4.14" then ··· 26 26 let 27 27 params = 28 28 { 29 + "1.23.0" = { 30 + name = "lsp"; 31 + minimalOCamlVersion = "5.3"; 32 + sha256 = "sha256-fyvQI7VKgOrOFihtKIkcE2B2iUYFLJOZGKipzZU0Dn0="; 33 + }; 29 34 "1.22.0" = { 30 35 name = "lsp"; 31 36 minimalOCamlVersion = "5.2";

+1 -1

pkgs/development/ocaml-modules/ocaml-lsp/lsp.nix

··· 24 24 ocaml, 25 25 version ? 26 26 if lib.versionAtLeast ocaml.version "5.3" then 27 - "1.22.0" 27 + "1.23.0" 28 28 else if lib.versionAtLeast ocaml.version "5.2" then 29 29 "1.21.0" 30 30 else if lib.versionAtLeast ocaml.version "4.14" then

+10 -7

pkgs/development/python-modules/cvxpy/default.nix

··· 25 25 26 26 buildPythonPackage rec { 27 27 pname = "cvxpy"; 28 - version = "1.6.6"; 28 + version = "1.7.1"; 29 29 pyproject = true; 30 30 31 31 src = fetchFromGitHub { 32 32 owner = "cvxpy"; 33 33 repo = "cvxpy"; 34 34 tag = "v${version}"; 35 - hash = "sha256-dn29rAm0f0cgUFtnHSykBE2p/U/EPorozjuuLWuH/Tw="; 35 + hash = "sha256-gJL9j2hA+PvNhN1twv31dxb5Gz+q8uoIzwhXB12aIr4="; 36 36 }; 37 37 38 - # we need to patch out numpy version caps from upstream 39 - postPatch = '' 40 - substituteInPlace pyproject.toml \ 41 - --replace-fail "numpy >= 2.0.0" "numpy" 42 - ''; 38 + postPatch = 39 + # too tight tolerance in tests (AssertionError) 40 + '' 41 + substituteInPlace cvxpy/tests/test_constant_atoms.py \ 42 + --replace-fail \ 43 + "CLARABEL: 1e-7," \ 44 + "CLARABEL: 1e-6," 45 + ''; 43 46 44 47 build-system = [ 45 48 numpy

+5 -5

pkgs/development/python-modules/frida-python/default.nix

··· 5 5 buildPythonPackage, 6 6 }: 7 7 let 8 - version = "16.7.11"; 8 + version = "17.2.11"; 9 9 format = "wheel"; 10 10 inherit (stdenvNoCC.hostPlatform) system; 11 11 ··· 13 13 pypiMeta = 14 14 { 15 15 x86_64-linux = { 16 - hash = "sha256-aAPVZPz1mn73JuQPGJ/PAOUAtaufeHehSKHzaBmVFF8="; 16 + hash = "sha256-PSCT5Y3JaOo9uJgCzXQVmcDvNxUEEN5dvjRxiEMcJEQ="; 17 17 platform = "manylinux1_x86_64"; 18 18 }; 19 19 aarch64-linux = { 20 - hash = "sha256-mQgfMJ6esH41MXnGZQUwF4j8gDgzfyBDUQo5Kw8TGa4="; 20 + hash = "sha256-UH+f6Pj1BS2hcwz3WoSsBGRXOIM/y8D0ymk8s7BU2nw="; 21 21 platform = "manylinux2014_aarch64"; 22 22 }; 23 23 x86_64-darwin = { 24 - hash = "sha256-TuWvQ4oDkK5Fn/bp0G3eAhvDLlv0tzIQ8dKtysX36w0="; 24 + hash = "sha256-zZms5eIguKTl5SYWtDNQwROPM2+5t8JVp/itIl9FkXs="; 25 25 platform = "macosx_10_13_x86_64"; 26 26 }; 27 27 aarch64-darwin = { 28 - hash = "sha256-QWfWbGnKeuKiGoD0srnnMsbWPYFcYsbO/Oy68uJIRjI="; 28 + hash = "sha256-vzyHYlstwm1GT1jKc0g5Yr6JVte9WGn+hALYpkefKBY="; 29 29 platform = "macosx_11_0_arm64"; 30 30 }; 31 31 }

+13

pkgs/development/python-modules/langchain-experimental/001-avoid-check-fullpath.patch

··· 1 + diff --git a/tests/unit_tests/test_bash.py b/tests/unit_tests/test_bash.py 2 + index ba7b0d0..cade19e 100644 3 + --- a/tests/unit_tests/test_bash.py 4 + +++ b/tests/unit_tests/test_bash.py 5 + @@ -58,7 +58,7 @@ def test_incorrect_command_return_err_output() -> None: 6 + session = BashProcess(return_err_output=True) 7 + output = session.run(["invalid_command"]) 8 + assert re.match( 9 + - r"^/bin/sh:.*invalid_command.*(?:not found|Permission denied).*$", output 10 + + r".*/bin/sh:.*invalid_command.*(?:not found|Permission denied).*$", output 11 + ) 12 + 13 +

+76

pkgs/development/python-modules/langchain-experimental/default.nix

··· 1 + { 2 + lib, 3 + buildPythonPackage, 4 + fetchFromGitHub, 5 + 6 + # build-system 7 + poetry-core, 8 + 9 + # dependencies 10 + langchain-core, 11 + langchain-community, 12 + 13 + # testing 14 + langchain-tests, 15 + pytestCheckHook, 16 + 17 + # passthru 18 + gitUpdater, 19 + }: 20 + 21 + buildPythonPackage rec { 22 + pname = "langchain-experimental"; 23 + version = "0.3.4"; 24 + pyproject = true; 25 + 26 + src = fetchFromGitHub { 27 + owner = "langchain-ai"; 28 + repo = "langchain-experimental"; 29 + tag = "libs/experimental/v${version}"; 30 + hash = "sha256-KgGfJfxHOfpwVVo/OcbOjiO5pbxoDE1MiyKqUwsqfIg="; 31 + }; 32 + 33 + sourceRoot = "${src.name}/libs/experimental"; 34 + 35 + patches = [ 36 + # Remove it when https://github.com/langchain-ai/langchain-experimental/pull/58 is merged and released 37 + ./001-avoid-check-fullpath.patch 38 + ]; 39 + 40 + build-system = [ 41 + poetry-core 42 + ]; 43 + 44 + pythonRelaxDeps = [ 45 + # Each component release requests the exact latest core. 46 + # That prevents us from updating individual components. 47 + "langchain-core" 48 + "langchain-community" 49 + ]; 50 + 51 + dependencies = [ 52 + langchain-core 53 + langchain-community 54 + ]; 55 + 56 + nativeCheckInputs = [ 57 + langchain-tests 58 + pytestCheckHook 59 + ]; 60 + 61 + pytestFlagsArray = [ "tests/unit_tests" ]; 62 + 63 + pythonImportsCheck = [ "langchain_experimental" ]; 64 + 65 + passthru.updateScript = gitUpdater { 66 + rev-prefix = "libs/experimental/v"; 67 + }; 68 + 69 + meta = { 70 + changelog = "https://github.com/langchain-ai/langchain-experimental/releases/tag/${src.tag}"; 71 + description = "Package add experimental features on LangChain"; 72 + homepage = "https://github.com/langchain-ai/langchain-experimental/tree/main/libs/experimental"; 73 + license = lib.licenses.mit; 74 + maintainers = with lib.maintainers; [ mrdev023 ]; 75 + }; 76 + }

+2 -2

pkgs/development/python-modules/pymc/default.nix

··· 22 22 23 23 buildPythonPackage rec { 24 24 pname = "pymc"; 25 - version = "5.24.1"; 25 + version = "5.25.0"; 26 26 pyproject = true; 27 27 28 28 src = fetchFromGitHub { 29 29 owner = "pymc-devs"; 30 30 repo = "pymc"; 31 31 tag = "v${version}"; 32 - hash = "sha256-lBsVr3A7y9CP+41Tk5TraWhu59HJb2+r0I7WlXiP/sY="; 32 + hash = "sha256-/BSnDi34hhn7lFuLO/arMn018BU09PaQqmaLbYG3en4="; 33 33 }; 34 34 35 35 build-system = [

-50

pkgs/development/tools/misc/autoconf/2.13.nix

··· 1 - { 2 - lib, 3 - stdenv, 4 - fetchurl, 5 - m4, 6 - perl, 7 - }: 8 - 9 - stdenv.mkDerivation rec { 10 - pname = "autoconf"; 11 - version = "2.13"; 12 - 13 - src = fetchurl { 14 - url = "mirror://gnu/autoconf/autoconf-${version}.tar.gz"; 15 - sha256 = "07krzl4czczdsgzrrw9fiqx35xcf32naf751khg821g5pqv12qgh"; 16 - }; 17 - 18 - nativeBuildInputs = [ 19 - m4 20 - perl 21 - ]; 22 - strictDeps = true; 23 - 24 - doCheck = true; 25 - 26 - # Don't fixup "#! /bin/sh" in Autoconf, otherwise it will use the 27 - # "fixed" path in generated files! 28 - dontPatchShebangs = true; 29 - 30 - postInstall = ''ln -s autoconf "$out"/bin/autoconf-2.13''; 31 - 32 - meta = { 33 - homepage = "https://www.gnu.org/software/autoconf/"; 34 - description = "Part of the GNU Build System"; 35 - branch = "2.13"; 36 - 37 - longDescription = '' 38 - GNU Autoconf is an extensible package of M4 macros that produce 39 - shell scripts to automatically configure software source code 40 - packages. These scripts can adapt the packages to many kinds of 41 - UNIX-like systems without manual user intervention. Autoconf 42 - creates a configuration script for a package from a template 43 - file that lists the operating system features that the package 44 - can use, in the form of M4 macro calls. 45 - ''; 46 - 47 - license = lib.licenses.gpl2Plus; 48 - platforms = lib.platforms.unix; 49 - }; 50 - }

-63

pkgs/development/tools/misc/autoconf/2.64.nix

··· 1 - { 2 - lib, 3 - stdenv, 4 - fetchurl, 5 - m4, 6 - perl, 7 - }: 8 - 9 - stdenv.mkDerivation rec { 10 - pname = "autoconf"; 11 - version = "2.64"; 12 - 13 - src = fetchurl { 14 - url = "mirror://gnu/autoconf/autoconf-${version}.tar.xz"; 15 - sha256 = "0j3jdjpf5ly39dlp0bg70h72nzqr059k0x8iqxvaxf106chpgn9j"; 16 - }; 17 - 18 - strictDeps = true; 19 - nativeBuildInputs = [ 20 - m4 21 - perl 22 - ]; 23 - buildInputs = [ m4 ]; 24 - 25 - # Work around a known issue in Cygwin. See 26 - # http://thread.gmane.org/gmane.comp.sysutils.autoconf.bugs/6822 for 27 - # details. 28 - # There are many test failures on `i386-pc-solaris2.11'. 29 - #doCheck = ((!stdenv.hostPlatform.isCygwin) && (!stdenv.hostPlatform.isSunOS)); 30 - doCheck = false; 31 - 32 - # Don't fixup "#! /bin/sh" in Autoconf, otherwise it will use the 33 - # "fixed" path in generated files! 34 - dontPatchShebangs = true; 35 - 36 - enableParallelBuilding = true; 37 - 38 - # Make the Autotest test suite run in parallel. 39 - preCheck = '' 40 - export TESTSUITEFLAGS="-j$NIX_BUILD_CORES" 41 - ''; 42 - 43 - doInstallCheck = false; # fails 44 - 45 - meta = { 46 - homepage = "https://www.gnu.org/software/autoconf/"; 47 - description = "Part of the GNU Build System"; 48 - 49 - longDescription = '' 50 - GNU Autoconf is an extensible package of M4 macros that produce 51 - shell scripts to automatically configure software source code 52 - packages. These scripts can adapt the packages to many kinds of 53 - UNIX-like systems without manual user intervention. Autoconf 54 - creates a configuration script for a package from a template 55 - file that lists the operating system features that the package 56 - can use, in the form of M4 macro calls. 57 - ''; 58 - 59 - license = lib.licenses.gpl2Plus; 60 - 61 - platforms = lib.platforms.all; 62 - }; 63 - }

-61

pkgs/development/tools/misc/automake/automake-1.11.x.nix

··· 1 - { 2 - lib, 3 - stdenv, 4 - fetchurl, 5 - perl, 6 - autoconf, 7 - }: 8 - 9 - stdenv.mkDerivation rec { 10 - pname = "automake"; 11 - version = "1.11.6"; 12 - 13 - # TODO: Remove the `aclocal' wrapper when $ACLOCAL_PATH support is 14 - # available upstream; see 15 - # <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=9026>. 16 - builder = ./builder.sh; 17 - 18 - setupHook = ./setup-hook.sh; 19 - 20 - src = fetchurl { 21 - url = "mirror://gnu/automake/automake-${version}.tar.xz"; 22 - sha256 = "1ffbc6cc41f0ea6c864fbe9485b981679dc5e350f6c4bc6c3512f5a4226936b5"; 23 - }; 24 - 25 - patches = [ 26 - ./fix-test-autoconf-2.69.patch 27 - ./fix-perl-5.26.patch 28 - ]; 29 - 30 - strictDeps = true; 31 - nativeBuildInputs = [ 32 - perl 33 - autoconf 34 - ]; 35 - buildInputs = [ autoconf ]; 36 - 37 - doCheck = false; # takes _a lot_ of time, fails 11 of 782 tests 38 - 39 - # Don't fixup "#! /bin/sh" in Libtool, otherwise it will use the 40 - # "fixed" path in generated files! 41 - dontPatchShebangs = true; 42 - 43 - # Run the test suite in parallel. 44 - enableParallelBuilding = true; 45 - 46 - meta = { 47 - branch = "1.11"; 48 - homepage = "https://www.gnu.org/software/automake/"; 49 - description = "GNU standard-compliant makefile generator"; 50 - 51 - longDescription = '' 52 - GNU Automake is a tool for automatically generating 53 - `Makefile.in' files compliant with the GNU Coding 54 - Standards. Automake requires the use of Autoconf. 55 - ''; 56 - 57 - license = lib.licenses.gpl2Plus; 58 - 59 - platforms = lib.platforms.all; 60 - }; 61 - }

-45

pkgs/development/tools/misc/automake/builder.sh

··· 1 - # Wrap the given `aclocal' program, appending extra `-I' flags 2 - # corresponding to the directories listed in $ACLOCAL_PATH. (Note 3 - # that `wrapProgram' can't be used for that purpose since it can only 4 - # prepend flags, not append them.) 5 - wrapAclocal() { 6 - local program="$1" 7 - local wrapped="$(dirname $program)/.$(basename $program)-wrapped" 8 - 9 - mv "$program" "$wrapped" 10 - cat > "$program"<<EOF 11 - #! $SHELL -e 12 - 13 - unset extraFlagsArray 14 - declare -a extraFlagsArray 15 - 16 - oldIFS=\$IFS 17 - IFS=: 18 - for dir in \$ACLOCAL_PATH; do 19 - if test -n "\$dir" -a -d "\$dir"; then 20 - extraFlagsArray=("\${extraFlagsArray[@]}" "-I" "\$dir") 21 - fi 22 - done 23 - IFS=\$oldIFS 24 - 25 - exec "$wrapped" "\$@" "\${extraFlagsArray[@]}" 26 - EOF 27 - chmod +x "$program" 28 - } 29 - 30 - postInstall() { 31 - # Create a wrapper around `aclocal' that converts every element in 32 - # `ACLOCAL_PATH' into a `-I dir' option. This way `aclocal' 33 - # becomes modular; M4 macros do not need to be stored in a single 34 - # global directory, while callers of `aclocal' do not need to pass 35 - # `-I' options explicitly. 36 - 37 - for prog in $out/bin/aclocal*; do 38 - wrapAclocal "$prog" 39 - done 40 - 41 - ln -s aclocal-1.11 $out/share/aclocal 42 - ln -s automake-1.11 $out/share/automake 43 - } 44 - 45 - genericBuild

-10

pkgs/development/tools/misc/automake/fix-perl-5.26.patch

··· 1 - --- automake-1.11.2/automake.in 2 - +++ automake-1.11.2/automake.in 3 - @@ -4156,7 +4156,7 @@ sub substitute_ac_subst_variables_worker($) 4 - sub substitute_ac_subst_variables ($) 5 - { 6 - my ($text) = @_; 7 - - $text =~ s/\${([^ \t=:+{}]+)}/&substitute_ac_subst_variables_worker ($1)/ge; 8 - + $text =~ s/\$\{([^ \t=:+{}]+)}/&substitute_ac_subst_variables_worker ($1)/ge; 9 - return $text; 10 - }

-13

pkgs/development/tools/misc/automake/fix-test-autoconf-2.69.patch

··· 1 - With Autoconf 2.69 (instead of 2.68), config.{guess,sub} are needed. 2 - 3 - --- automake-1.11.2/tests/compile_f90_c_cxx.test 2011-12-20 21:56:29.000000000 +0100 4 - +++ automake-1.11.2/tests/compile_f90_c_cxx.test 2012-07-07 13:35:58.000000000 +0200 5 - @@ -41,7 +41,7 @@ END 6 - : > baz.cc 7 - 8 - $ACLOCAL 9 - -$AUTOMAKE 10 - +$AUTOMAKE --add-missing 11 - 12 - # Look for the macros at the beginning of rules. Be careful, as there 13 - # are literal tabs at the beginning of the search strings.

+6 -4

pkgs/development/tools/ocaml/merlin/4.x.nix

··· 20 20 "4.12.1" = "4.7-412"; 21 21 "4.13.0" = "4.7-413"; 22 22 "4.13.1" = "4.7-413"; 23 - "4.14.0" = "4.18-414"; 24 - "4.14.1" = "4.18-414"; 25 - "4.14.2" = "4.18-414"; 23 + "4.14.0" = "4.19-414"; 24 + "4.14.1" = "4.19-414"; 25 + "4.14.2" = "4.19-414"; 26 26 "5.0.0" = "4.14-500"; 27 27 "5.1.0" = "4.17.1-501"; 28 28 "5.1.1" = "4.17.1-501"; 29 29 "5.2.0" = "5.3-502"; 30 30 "5.2.1" = "5.3-502"; 31 - "5.3.0" = "5.4.1-503"; 31 + "5.3.0" = "5.5-503"; 32 32 } 33 33 ."${ocaml.version}", 34 34 }: ··· 42 42 "4.16-414" = "sha256-xekZdfPfVoSeGzBvNWwxcJorE519V2NLjSHkcyZvzy0="; # Used by ocaml-lsp 43 43 "4.16-501" = "sha256-2lvzCbBAZFwpKuRXLMagpwDb0rz8mWrBPI5cODbCHiY="; # Used by ocaml-lsp 44 44 "4.18-414" = "sha256-9tb3omYUHjWMGoaWEsgTXIWRhdVH6julya17tn/jDME="; 45 + "4.19-414" = "sha256-YKYw9ZIDqc5wR6XwTQ8jmUWWDaxvOBApIuMottJlc4Q="; 45 46 "4.17.1-501" = "sha256-N2cHqocfCeljlFbT++S4miHJrXXHdOlMu75n+EKwpQA="; 46 47 "5.3-502" = "sha256-LOpG8SOX+m4x7wwNT14Rwc/ZFu5JQgaUAFyV67OqJLw="; 47 48 "5.4.1-503" = "sha256-SbO0x3jBISX8dAXnN5CwsxLV15dJ3XPUg4tlYqJTMCI="; 49 + "5.5-503" = "sha256-Z9o7NPL+oHZ4JnMJ9h2kosbwgpjeDcWWVbjTD9gmmvE="; 48 50 }; 49 51 50 52 in

+7 -2

pkgs/tools/package-management/nix-eval-jobs/default.nix

··· 17 17 18 18 src = fetchFromGitHub { 19 19 owner = "nix-community"; 20 - repo = pname; 21 - rev = "v${version}"; 20 + repo = "nix-eval-jobs"; 21 + tag = "v${version}"; 22 22 hash = "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0="; 23 23 }; 24 24 ··· 33 33 meson 34 34 ninja 35 35 pkg-config 36 + ]; 37 + 38 + outputs = [ 39 + "out" 40 + "dev" 36 41 ]; 37 42 38 43 # Since this package is intimately tied to a specific Nix release, we

+4

pkgs/top-level/aliases.nix

··· 315 315 ats = throw "'ats' has been removed as it is unmaintained for 10 years and broken"; # Added 2025-05-17 316 316 audaciousQt5 = throw "'audaciousQt5' has been removed, since audacious is built with Qt 6 now"; # Added 2024-07-06 317 317 auditBlasHook = throw "'auditBlasHook' has been removed since it never worked"; # Added 2024-04-02 318 + autoconf213 = throw "'autoconf213' has been removed in favor of 'autoconf'"; # Added 2025-07-21 319 + autoconf264 = throw "'autoconf264' has been removed in favor of 'autoconf'"; # Added 2025-07-21 320 + automake111x = throw "'automake111x' has been removed in favor of 'automake'"; # Added 2025-07-21 318 321 autoReconfHook = throw "You meant 'autoreconfHook', with a lowercase 'r'."; # preserve 322 + autoreconfHook264 = throw "'autoreconfHook264' has been removed in favor of 'autoreconfHook'"; # Added 2025-07-21 319 323 aumix = throw "'aumix' has been removed due to lack of maintenance upstream. Consider using 'pamixer' for CLI or 'pavucontrol' for GUI"; # Added 2024-09-14 320 324 authy = throw "'authy' has been removed since it reached end of life"; # Added 2024-04-19 321 325 autoadb = throw "'autoadb' has been removed due to lack of maintenance upstream"; # Added 2025-01-25

-11

pkgs/top-level/all-packages.nix

··· 230 230 } ../build-support/setup-hooks/autoreconf.sh 231 231 ) { }; 232 232 233 - autoreconfHook264 = autoreconfHook.override { 234 - autoconf = autoconf264; 235 - automake = automake111x; 236 - }; 237 - 238 233 autoreconfHook269 = autoreconfHook.override { 239 234 autoconf = autoconf269; 240 235 }; ··· 6914 6909 electron-chromedriver = electron-chromedriver_37; 6915 6910 6916 6911 autoconf = callPackage ../development/tools/misc/autoconf { }; 6917 - autoconf213 = callPackage ../development/tools/misc/autoconf/2.13.nix { }; 6918 - autoconf264 = callPackage ../development/tools/misc/autoconf/2.64.nix { }; 6919 6912 autoconf269 = callPackage ../development/tools/misc/autoconf/2.69.nix { }; 6920 6913 autoconf271 = callPackage ../development/tools/misc/autoconf/2.71.nix { }; 6921 6914 6922 6915 automake = automake116x; 6923 - 6924 - automake111x = callPackage ../development/tools/misc/automake/automake-1.11.x.nix { }; 6925 6916 6926 6917 automake116x = callPackage ../development/tools/misc/automake/automake-1.16.x.nix { }; 6927 6918 ··· 12871 12862 kotatogram-desktop = 12872 12863 callPackage ../applications/networking/instant-messengers/telegram/kotatogram-desktop 12873 12864 { }; 12874 - 12875 - krane = callPackage ../applications/networking/cluster/krane { }; 12876 12865 12877 12866 ktimetracker = libsForQt5.callPackage ../applications/office/ktimetracker { }; 12878 12867

+2

pkgs/top-level/ocaml-packages.nix

··· 165 165 166 166 callipyge = callPackage ../development/ocaml-modules/callipyge { }; 167 167 168 + camlgpc = callPackage ../development/ocaml-modules/camlgpc { }; 169 + 168 170 camlidl = callPackage ../development/tools/ocaml/camlidl { }; 169 171 170 172 camlimages = callPackage ../development/ocaml-modules/camlimages { };

+2

pkgs/top-level/python-packages.nix

··· 7823 7823 7824 7824 langchain-deepseek = callPackage ../development/python-modules/langchain-deepseek { }; 7825 7825 7826 + langchain-experimental = callPackage ../development/python-modules/langchain-experimental { }; 7827 + 7826 7828 langchain-fireworks = callPackage ../development/python-modules/langchain-fireworks { }; 7827 7829 7828 7830 langchain-google-genai = callPackage ../development/python-modules/langchain-google-genai { };

+24 -4

pkgs/top-level/stage.nix

··· 240 240 # All packages built for i686 Linux. 241 241 # Used by wine, firefox with debugging version of Flash, ... 242 242 pkgsi686Linux = 243 - if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86 then 243 + let 244 + isSupported = stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86; 245 + in 246 + if !config.allowAliases || isSupported then 244 247 nixpkgsFun { 245 248 overlays = [ 246 - (self': super': { 247 - pkgsi686Linux = super'; 248 - }) 249 + ( 250 + self': super': 251 + { 252 + pkgsi686Linux = super'; 253 + } 254 + // lib.optionalAttrs (!isSupported) { 255 + # Overrides pkgsi686Linux.stdenv.mkDerivation to produce only broken derivations, 256 + # when used on a non x86_64-linux platform in CI. 257 + # TODO: Remove this, once pkgsi686Linux can become a variant. 258 + stdenv = super'.stdenv // { 259 + mkDerivation = 260 + args: 261 + (super'.stdenv.mkDerivation args).overrideAttrs (prevAttrs: { 262 + meta = prevAttrs.meta or { } // { 263 + broken = true; 264 + }; 265 + }); 266 + }; 267 + } 268 + ) 249 269 ] ++ overlays; 250 270 ${if stdenv.hostPlatform == stdenv.buildPlatform then "localSystem" else "crossSystem"} = { 251 271 config = lib.systems.parse.tripleFromSystem (