+1 -1

.github/workflows/basic-eval.yml

··· 19 # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback 20 steps: 21 - uses: actions/checkout@v3 22 - - uses: cachix/install-nix-action@v20 23 - uses: cachix/cachix-action@v12 24 with: 25 # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.

··· 19 # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback 20 steps: 21 - uses: actions/checkout@v3 22 + - uses: cachix/install-nix-action@v21 23 - uses: cachix/cachix-action@v12 24 with: 25 # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.

+1 -1

.github/workflows/check-maintainers-sorted.yaml

··· 16 with: 17 # pull_request_target checks out the base branch by default 18 ref: refs/pull/${{ github.event.pull_request.number }}/merge 19 - - uses: cachix/install-nix-action@v20 20 with: 21 # explicitly enable sandbox 22 extra_nix_config: sandbox = true

··· 16 with: 17 # pull_request_target checks out the base branch by default 18 ref: refs/pull/${{ github.event.pull_request.number }}/merge 19 + - uses: cachix/install-nix-action@v21 20 with: 21 # explicitly enable sandbox 22 extra_nix_config: sandbox = true

+1 -1

.github/workflows/editorconfig.yml

··· 28 with: 29 # pull_request_target checks out the base branch by default 30 ref: refs/pull/${{ github.event.pull_request.number }}/merge 31 - - uses: cachix/install-nix-action@v20 32 with: 33 # nixpkgs commit is pinned so that it doesn't break 34 # editorconfig-checker 2.4.0

··· 28 with: 29 # pull_request_target checks out the base branch by default 30 ref: refs/pull/${{ github.event.pull_request.number }}/merge 31 + - uses: cachix/install-nix-action@v21 32 with: 33 # nixpkgs commit is pinned so that it doesn't break 34 # editorconfig-checker 2.4.0

+1 -1

.github/workflows/manual-nixos.yml

··· 18 with: 19 # pull_request_target checks out the base branch by default 20 ref: refs/pull/${{ github.event.pull_request.number }}/merge 21 - - uses: cachix/install-nix-action@v20 22 with: 23 # explicitly enable sandbox 24 extra_nix_config: sandbox = true

··· 18 with: 19 # pull_request_target checks out the base branch by default 20 ref: refs/pull/${{ github.event.pull_request.number }}/merge 21 + - uses: cachix/install-nix-action@v21 22 with: 23 # explicitly enable sandbox 24 extra_nix_config: sandbox = true

+1 -1

.github/workflows/manual-nixpkgs.yml

··· 19 with: 20 # pull_request_target checks out the base branch by default 21 ref: refs/pull/${{ github.event.pull_request.number }}/merge 22 - - uses: cachix/install-nix-action@v20 23 with: 24 # explicitly enable sandbox 25 extra_nix_config: sandbox = true

··· 19 with: 20 # pull_request_target checks out the base branch by default 21 ref: refs/pull/${{ github.event.pull_request.number }}/merge 22 + - uses: cachix/install-nix-action@v21 23 with: 24 # explicitly enable sandbox 25 extra_nix_config: sandbox = true

+1 -1

.github/workflows/manual-rendering.yml

··· 18 runs-on: ubuntu-latest 19 steps: 20 - uses: actions/checkout@v3 21 - - uses: cachix/install-nix-action@v20 22 with: 23 # explicitly enable sandbox 24 extra_nix_config: sandbox = true

··· 18 runs-on: ubuntu-latest 19 steps: 20 - uses: actions/checkout@v3 21 + - uses: cachix/install-nix-action@v21 22 with: 23 # explicitly enable sandbox 24 extra_nix_config: sandbox = true

+1 -1

.github/workflows/update-terraform-providers.yml

··· 17 runs-on: ubuntu-latest 18 steps: 19 - uses: actions/checkout@v3 20 - - uses: cachix/install-nix-action@v20 21 with: 22 nix_path: nixpkgs=channel:nixpkgs-unstable 23 - name: setup

··· 17 runs-on: ubuntu-latest 18 steps: 19 - uses: actions/checkout@v3 20 + - uses: cachix/install-nix-action@v21 21 with: 22 nix_path: nixpkgs=channel:nixpkgs-unstable 23 - name: setup

+1 -1

doc/stdenv/meta.chapter.md

··· 182 183 ### `timeout` {#var-meta-timeout} 184 185 - A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, it can fail due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`. 186 187 `meta` attributes are not stored in the instantiated derivation. 188 Therefore, this setting may be lost when the package is used as a dependency.

··· 182 183 ### `timeout` {#var-meta-timeout} 184 185 + A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, Hydra will fail it due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`. 186 187 `meta` attributes are not stored in the instantiated derivation. 188 Therefore, this setting may be lost when the package is used as a dependency.

+194 -204

nixos/doc/manual/release-notes/rl-2305.section.md

··· 1 - # Release 23.05 (“Stoat”, 2023.05/??) {#sec-release-23.05} 2 3 - Support is planned until the end of December 2023, handing over to 23.11. 4 5 - ## Highlights {#sec-release-23.05-highlights} 6 7 - In addition to numerous new and upgraded packages, this release has the following highlights: 8 9 - <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> 10 11 - - Core version changes: 12 13 - - default linux: 5.15 -\> 6.1, all supported kernels available 14 15 - - systemd has been updated to v253.1, see [the pull request](https://github.com/NixOS/nixpkgs/pull/216826) for more info. 16 - It's recommended to use `nixos-rebuild boot` and `reboot`, rather than `nixos-rebuild switch` - since in some rare cases 17 - the switch of a live system might fail. 18 19 - - glibc: 2.35 -\> 2.37 0 20 21 - - Cinnamon has been updated to 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what is changed. 22 23 - - GNOME has been upgraded to version 44. Please see the [release notes](https://release.gnome.org/44/) for details. 24 25 - KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed. 26 27 - - Python implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` system-wide. 0 0 0 0 0 0 0 0 28 29 - - `nixos-rebuild` now supports an extra `--specialisation` option that can be used to change specialisation for `switch` and `test` commands. 30 31 - - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://github.com/search?q=repo%3ANixOS%2Fnixpkgs%20libxcrypt&type=code). 0 0 32 33 - - `boot.bootspec.enable` (internal option) is now enabled by default because [RFC-0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot usecases in NixOS such as SecureBoot. 34 35 ## New Services {#sec-release-23.05-new-services} 36 37 - <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> 38 - 39 - [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable). 40 41 - - [Pixelfed](https://pixelfed.org/), an Instagram-like ActivityPub server. Available as [services.pixelfed](options.html#opt-services.pixelfed.enable). 42 43 - - [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable). 44 45 - - [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable). 0 0 0 0 0 0 46 47 - - [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a pdf-generating cups backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable). 48 49 - - [clash-verge](https://github.com/zzzgydi/clash-verge), A Clash GUI based on tauri. Available as [programs.clash-verge](#opt-programs.clash-verge.enable). 50 51 - [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable). 52 0 0 0 0 53 - [Deepin Desktop Environment](https://github.com/linuxdeepin/dde), an elegant, easy to use and reliable desktop environment. Available as [services.xserver.desktopManager.deepin](options.html#opt-services.xserver.desktopManager.deepin). 54 55 - - [system-repart](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html), grow and add partitions to a partition table. Available as [systemd.repart](options.html#opt-systemd.repart) and [boot.initrd.systemd.repart](options.html#opt-boot.initrd.systemd.repart) 56 57 - [frigate](https://frigate.video), an open source NVR built around real-time AI object detection. Available as [services.frigate](#opt-services.frigate.enable). 58 59 - [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion). 60 - 61 - - [readarr](https://github.com/Readarr/Readarr), Book Manager and Automation (Sonarr for Ebooks). Available as [services.readarr](options.html#opt-services.readarr.enable). 62 63 - [gemstash](https://github.com/rubygems/gemstash), a RubyGems.org cache and private gem server. Available as [services.gemstash](#opt-services.gemstash.enable). 64 ··· 68 69 - [go2rtc](https://github.com/AlexxIT/go2rtc), a camera streaming appliation with support for RTSP, WebRTC, HomeKit, FFMPEG, RTMP and other protocols. Available as [services.go2rtc](options.html#opt-services.go2rtc.enable). 70 71 - - [harmonia](https://github.com/nix-community/harmonia/), Nix binary cache implemented in rust using libnix-store. Available as [services.harmonia](options.html#opt-services.harmonia.enable). 72 73 - - [hyprland](https://github.com/hyprwm/hyprland), a dynamic tiling Wayland compositor that doesn't sacrifice on its looks. Available as [programs.hyprland](#opt-programs.hyprland.enable). 74 75 - - [minipro](https://gitlab.com/DavidGriffith/minipro/), an open source program for controlling the MiniPRO TL866xx series of chip programmers. Available as [programs.minipro](options.html#opt-programs.minipro.enable). 76 77 - - [stevenblack-blocklist](https://github.com/StevenBlack/hosts), A unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable). 78 79 - - [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). 80 81 - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). 82 83 - - [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable). 0 0 84 85 - [kavita](https://kavitareader.com), a self-hosted digital library. Available as [services.kavita](options.html#opt-services.kavita.enable). 86 87 - - [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable). 88 89 - - [authelia](https://www.authelia.com/), is an open-source authentication and authorization server. Available under [services.authelia](options.html#opt-services.authelia.enable). 90 91 - - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable). 92 93 - - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). 94 95 - - [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). 96 97 - - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). 98 99 - - [SFTPGo](https://github.com/drakkan/sftpgo), a fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. Available as [services.sftpgo](options.html#opt-services.sftpgo.enable). 100 101 - - [esphome](https://esphome.io), a dashboard to configure ESP8266/ESP32 devices for use with Home Automation systems. Available as [services.esphome](#opt-services.esphome.enable). 102 103 - - [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable). 104 105 - - [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable). 106 107 - - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). 108 109 - - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable) 110 111 - - [keyd](https://github.com/rvaiya/keyd), a key remapping daemon for linux. Available as [services.keyd](#opt-services.keyd.enable). 112 113 - - [consul-template](https://github.com/hashicorp/consul-template/), a template rendering, notifier, and supervisor for HashiCorp Consul and Vault data. Available as [services.consul-template](#opt-services.consul-template.instances). 114 115 - - [vault-agent](https://developer.hashicorp.com/vault/docs/agent), a template rendering and API auth proxy for HashiCorp Vault, similar to `consul-template`. Available as [services.vault-agent](#opt-services.vault-agent.instances). 116 117 - - [trippy](https://github.com/fujiapple852/trippy), a network diagnostic tool. Available as [programs.trippy](#opt-programs.trippy.enable). 118 - 119 - - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). 120 121 - [rshim](https://github.com/Mellanox/rshim-user-space), the user-space rshim driver for the BlueField SoC. Available as [services.rshim](options.html#opt-services.rshim.enable). 122 123 - - [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). 124 - 125 - - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). 126 127 - - [PufferPanel](https://pufferpanel.com), game server management panel designed to be easy to use. Available as [services.pufferpanel](#opt-services.pufferpanel.enable). 128 129 - - [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable). 130 131 - [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable). 132 133 - - [sniffnet](https://github.com/GyulyVGC/sniffnet), an application to monitor your network traffic. Available as [programs.sniffnet](#opt-programs.sniffnet.enable). 134 135 - - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). 136 137 - - [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). 138 139 - - [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable). 140 141 - - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). 142 143 - - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. 144 145 - - [sharing](https://github.com/parvardegr/sharing), a command-line tool to share directories and files from the CLI to iOS and Android devices without the need of an extra client app. Available as [programs.sharing](#opt-programs.sharing.enable). 146 147 - - [nimdow](https://github.com/avahe-kellenberger/nimdow), a window manager written in Nim, inspired by dwm. 148 149 - - [trurl](https://github.com/curl/trurl), a command line tool for URL parsing and manipulation. 150 151 - [wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh), a simple utility to help connect wireguard nodes together in a full mesh topology. Available as [services.wgautomesh](options.html#opt-services.wgautomesh.enable). 152 153 - - [woodpecker-agents](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable). 154 - 155 - - [woodpecker-server](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable). 156 157 - - [lldap](https://github.com/lldap/lldap), a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. Available as [services.lldap](#opt-services.lldap.enable). 158 - 159 - - [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable). 160 - 161 - - [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable). 162 - 163 - - [hardware.ipu6](#opt-hardware.ipu6.enable) adds support for ipu6 based webcams on intel tiger lake and alder lake. 164 - 165 - - [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable). 166 - 167 - - [openvscode-server](https://github.com/gitpod-io/openvscode-server), run VS Code on a remote machine with access through a modern web browser from any device, anywhere. Available as [services.openvscode-server](#opt-services.openvscode-server.enable). 168 169 ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} 170 171 - <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> 172 173 - - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. 174 175 - - `services.asusd` configuration now uses strings instead of structured configuration, as upstream switched to the [RON](https://github.com/ron-rs/ron) configuration format. Support for structured configuration may return when [RON](https://github.com/ron-rs/ron) generation is implemented in nixpkgs. 176 177 - - `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages). 178 179 - - `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`. 180 181 - - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep). 182 183 - - The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` 0 0 0 0 0 0 184 185 - Many `services.syncthing` options have been moved to `services.syncthing.settings`, as part of [RFC 42](https://github.com/NixOS/rfcs/pull/42)'s implementation, see [#226088](https://github.com/NixOS/nixpkgs/pull/226088). 186 187 - - The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). 188 - 189 - - The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). 190 - 191 - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. 192 193 - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. 194 195 - - `graylog` has been updated to version 5, which can not be upgraded directly from the previously packaged version 3.3. If you had installed the previously packaged version 3.3, please follow the [upgrade path](https://go2docs.graylog.org/5-0/upgrading_graylog/upgrade_path.htm) from 3.3 to 4.0 to 4.3 to 5.0. 0 0 0 196 197 - `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs. 198 ··· 202 203 - `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative. 204 205 - - The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably /var/lib/ipfs/config) and compare after the update. 206 207 - The Kubo HTTP API will no longer listen on localhost and will instead only listen on a Unix domain socket by default. Read the [services.kubo.settings.Addresses.API](#opt-services.kubo.settings.Addresses.API) option description for more information. 208 209 - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. 210 This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` 211 212 - - The mailman service now defaults to using a randomly generated REST API password instead of a hardcoded one. 213 214 - - `minio` removed support for its legacy filesystem backend in [RELEASE.2022-10-29T06-21-33Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z). This means if your storage was created with the old format, minio will no longer start. Unfortunately minio doesn't provide a an automatic migration, they only provide [instructions how to manually convert the node](https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html). To facilitate this migration we keep around the last version that still supports the old filesystem backend as `minio_legacy_fs`. Use it via `services.minio.package = minio_legacy_fs;` to export your data before switching to the new version. See the corresponding [issue](https://github.com/NixOS/nixpkgs/issues/199318) for more details. 215 216 - `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). 217 ··· 235 }; 236 ``` 237 238 - - The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. 239 240 - - The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. 241 - 242 - - The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. 243 244 - - The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using `fcitx5-rime.override { rimeDataPkgs = [ pkgs.rime-data, package2, ... ]; }` 0 0 0 0 0 0 0 245 246 - - The udev hwdb.bin file is now built with systemd-hwdb rather than the [deprecated "udevadm hwdb"](https://github.com/systemd/systemd/pull/25714). This may impact mappings where the same key is defined in multiple matching entries. The updated behavior will select the latest definition in case of conflict. In general, this should be a positive change, as the hwdb source files are designed with this ordering in mind. As an example, the mapping of the HP Dev One keyboard scan code for "mute mic" is corrected by this update. This change may impact users who have worked-around previously incorrect mappings. 247 248 - Kime has been updated from 2.5.6 to 3.0.2 and the `i18n.inputMethod.kime.config` option has been removed. Users should use `daemonModules`, `iconColor`, and `extraConfig` options under `i18n.inputMethod.kime` instead. 249 ··· 251 252 - `i3status-rust` has been updated from 0.22.0 to 0.30.5, and this brings many changes to its configuration format. Additional information can be found [here](https://github.com/greshake/i3status-rust/blob/v0.30.0/NEWS.md). 253 254 - - The `wordpress` derivation no longer contains any builtin plugins or themes. If you need them you have to add them back to prevent your site from breaking. You can find them in `wordpressPackages.{plugins,themes}`. 255 256 - `llvmPackages_rocm.llvm` will not contain `clang` or `compiler-rt`. `llvmPackages_rocm.clang` will not contain `llvm`. `llvmPackages_rocm.clangNoCompilerRt` has been removed in favor of using `llvmPackages_rocm.clang-unwrapped`. 257 258 - - `services.xserver.desktopManager.plasma5.excludePackages` has been moved to `environment.plasma5.excludePackages`, for consistency with other Desktop Environments 259 260 - - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 261 262 - - `teleport` has been upgraded from major version 10 to major version 12. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and release notes for versions [11](https://goteleport.com/docs/changelog/#1100) and [12](https://goteleport.com/docs/changelog/#1201). Note that Teleport does not officially support upgrades across more than one major version at a time. If you're running Teleport server components, it is recommended to first upgrade to an intermediate 11.x version by setting `services.teleport.package = pkgs.teleport_11`. Afterwards, this option can be removed to upgrade to the default version (12). 263 264 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 265 ··· 267 268 - `albert` has been updated from 0.17.6 to 0.20.13, and 0.18.0 changed the config format and many plugins ([changelog for 0.18.0](https://github.com/albertlauncher/albert/blob/v0.18.0/CHANGELOG.md)) 269 270 - - Calling `makeSetupHook` without passing a `name` argument is deprecated. 271 - 272 - - Top-level buildPlatform,hostPlatform,targetPlatform have been deprecated, use stdenv.X instead. 273 - 274 - - `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name. 275 - 276 - `dokuwiki` has been updated from 2023-07-31a (Igor) to 2023-04-04 (Jack Jackrum), which has [completely removed](https://www.dokuwiki.org/changes#release_2023-04-04_jack_jackrum) the options to embed HTML and PHP for security reasons. The [htmlok plugin](https://www.dokuwiki.org/plugin:htmlok) can be used to regain this functionality. 277 278 - The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead. ··· 283 284 - The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name. 285 286 - - [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication. 287 - - If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set). 288 - - If you want to use password authentication **and** create the database locally, you will have to use [`services.mysql`](#opt-services.mysql.enable) to set it up. 289 - 290 - `protonmail-bridge` package has been updated to major version 3. 291 292 - Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`. ··· 294 - The `i18n.inputMethod.fcitx` option has been replaced with `i18n.inputMethod.fcitx5` because fcitx 4 `pkgs.fcitx` has been removed. 295 296 - In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`. 297 - 298 - - The `--target-host` and `--build-host` options of `nixos-rebuild` no longer treat the `localhost` value specially – to build on/deploy to local machine, omit the relevant flag. 299 300 - The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon. 301 302 - - Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others. 303 - 304 - The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows: 305 - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default. 306 - If `system.stateVersion` is >=22.11, `pkgs.nextcloud25` will be installed by default. ··· 314 [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) 315 for more details and available replacements. 316 317 - - The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer a alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). 318 319 - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use. 320 ··· 357 358 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> 359 360 - - `vim_configurable` has been renamed to `vim-full` to avoid confusion: `vim-full`'s build-time features are configurable, but both `vim` and `vim-full` are _customizable_ (in the sense of user configuration, like vimrc). 361 - 362 - - Pantheon now defaults to Mutter 43 and GNOME settings daemon 43, all Pantheon packages are now tracking elementary OS 7 updates. 363 - 364 - - The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules) 365 - 366 - - The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package) 367 - 368 - A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows: 369 - `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding` 370 - `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication` ··· 377 - `services.openssh.ciphers` to `services.openssh.settings.Ciphers` 378 - `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts` 379 380 - - `netbox` was updated to 3.5. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's breaking changes [for 3.4.0](https://github.com/netbox-community/netbox/releases/tag/v3.4.0) and [for 3.5.0](https://github.com/netbox-community/netbox/releases/tag/v3.5.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically. 381 382 - - `services.netbox` now support RFC42-style options, through `services.netbox.settings`. 383 384 - - `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables. 385 386 - - DocBook option documentation, which has been deprecated since 22.11, will now cause a warning when documentation is built. Out-of-tree modules should migrate to using CommonMark documentation as outlined in [](#sec-option-declarations) to silence this warning. 387 388 - DocBook option documentation support will be removed in the next release and CommonMark will become the default. DocBook option documentation that has not been migrated until then will no longer render properly or cause errors. 0 0 0 0 389 390 - - NixOS now defaults to using nsncd (a non-caching reimplementation in Rust) as NSS lookup dispatcher, instead of the buggy and deprecated glibc-provided nscd. If you need to switch back, set `services.nscd.enableNsncd = false`, but please open an issue in nixpkgs so your issue can be fixed. 391 392 - `services.borgmatic` now allows for multiple configurations, placed in `/etc/borgmatic.d/`, you can define them with `services.borgmatic.configurations`. 393 ··· 405 `services.dnsmasq.settings` attribute set. The option 406 `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches 407 end of life. 408 - 409 - - `kube3d` has now been renamed to `k3d` since the 3d editor that originally took that name has been dropped from nixpkgs. `kube3d` will continue to work as an alias for now. 410 411 - The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed. 412 The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans. ··· 430 If undesired, the old behavior can be restored by overriding the builders with 431 `{ installDocumentation = false; }`. 432 433 - - The new option `networking.nftables.checkRuleset` controls whether the ruleset is checked for syntax or not during build. It is `true` by default. The check might fail because it is in a sandbox environment. To circumvent this, the ruleset file can be edited using the `networking.nftables.preCheckRuleset` option. 434 435 - - `mastodon` now supports connection to a remote `PostgreSQL` database. 436 437 - - `nextcloud` has an option to enable SSE-C in S3. 0 0 438 439 - - NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to setup the plain encryption device over the 440 - underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so: 441 442 - ```nix 443 - { 444 - swapDevices = [ 445 - { 446 - device = "/dev/disk/by-partlabel/swapspace"; 447 448 - randomEncryption = { 449 - enable = true; 450 - cipher = "aes-xts-plain64"; 451 - keySize = 512; 452 - sectorSize = 4096; 453 - }; 454 - } 455 - ]; 456 - } 0 457 ``` 458 459 - New option `security.pam.zfs` to enable unlocking and mounting of encrypted ZFS home dataset at login. 460 461 - - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`. 462 - Before upgrading, read the release notes for PeerTube: 463 - - [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0) 464 - 465 - And backup your data. 466 467 - `services.chronyd` is now started with additional systemd sandbox/hardening options for better security. 468 469 - - PostgreSQL has opt-in support for [JIT compilation](https://www.postgresql.org/docs/current/jit-reason.html). It can be enabled like this: 470 ```nix 471 - { 472 - services.postgresql = { 473 - enable = true; 474 - enableJIT = true; 475 - }; 476 - } 477 ``` 478 479 - - `services.netdata` offers a `deadlineBeforeStopSec` option which enable users who have netdata instance that takes time to initialize to not have systemd kill them for no reason. 480 481 - - `services.dhcpcd` service now don't solicit or accept IPv6 Router Advertisements on interfaces that use static IPv6 addresses. 482 - If network uses both IPv6 Unique local addresses (ULA) and global IPv6 address auto-configuration with SLAAC, must add the parameter `networking.dhcpcd.IPv6rs = true;`. 483 484 - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: 485 486 - - Most settings has been migrated under [services.headscale.settings](#opt-services.headscale.settings) which is an attribute-set that 487 will be converted into headscale's YAML config format. This means that the configuration from 488 [headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) 489 can be directly written as attribute-set in Nix within this option. 490 491 - `services.kubo` now unmounts `ipfsMountDir` and `ipnsMountDir` even if it is killed unexpectedly when `autoMount` is enabled. 492 493 - - `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual. 494 - 495 - - `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion. 496 497 - Grafana Tempo has been updated to version 2.0. See the [upstream upgrade guide](https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations) for migration instructions. 498 499 - - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). 500 501 - The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically. 502 503 - The `root` package is now built with the `"-Dgnuinstall=ON"` CMake flag, making the output conform the `bin` `lib` `share` layout. In this layout, `tutorials` is under `share/doc/ROOT/`; `cmake`, `font`, `icons`, `js` and `macro` under `share/root`; `Makefile.comp` and `Makefile.config` under `etc/root`. 504 505 - - Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option. 0 0 0 0 506 507 - - A new option `proxyCachePath` has been added to `services.nginx`. Learn more about proxy_cache_path: <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path>. 508 - 509 - - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md). 510 - 511 - - Updated recommended settings in `services.nginx.recommendedGzipSettings`: 512 - Enables gzip compression for only certain proxied requests. 513 - Allow checking and loading of precompressed files. 514 - Updated gzip mime-types. 515 - Increased the minimum length of a response that will be gzipped. 516 517 - - [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and force [services.garage.package](options.html#opt-services.garage.package) or upgrade accordingly [system.stateVersion](options.html#opt-system.stateVersion). 518 519 - Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays. 520 - 521 - - `hip` has been separated into `hip`, `hip-common` and `hipcc`. 522 - 523 - - `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections. 524 525 - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. 526 527 - - The `firewall` and `nat` module now has a nftables based implementation. Enable `networking.nftables` to use it. 528 529 - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)). 530 - 531 - - Nixpkgs now uses [IEEE-standard floating point arithmetic](https://github.com/NixOS/nixpkgs/pull/170215) on `powerpc64le-linux`. 532 533 - `services.xserver.desktopManager.plasma5.phononBackend` now defaults to vlc according to [upstrean recommendation](https://community.kde.org/Distributions/Packaging_Recommendations#Non-Plasma_packages) 534 ··· 539 there are now two packages of Singularity/Apptainer: 540 * `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming. 541 * `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc.. 542 - 543 - `programs.singularity` got a new `package` option to specify which package to use. 544 545 `singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use. 546 547 - The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`. 548 549 - - The `unifi-poller` package and corresponding NixOS module have been renamed to `unpoller` to match upstream. 550 - 551 - - The `rtsp-simple-server` package and corresponding NixOS module have been renamed to `mediamtx` to match upstream. 552 - 553 - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting. 554 555 - - `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`. 556 557 - [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package. 558 ··· 562 563 - The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed. 564 565 - - The option `services.gpsd.device` has been replaced with 566 - `services.gpsd.devices`, which supports multiple devices. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 567 568 - - `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store. 569 570 - - `gitea` module options have been changed to be RFC042 conforming (i.e. some options were moved to be located under `services.gitea.settings`) 571 572 - - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase 573 574 - - there is a new `boot/stratisroot.nix` module that enables booting from a volume managed by the Stratis storage management daemon. Use `fileSystems.<name>.stratis.poolUuid` to configure the pool containing the fs. 0 0 0 0 575 576 - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release. 577 578 - - The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility). 579 580 - - `make-disk-image` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`. 581 582 - - The option `services.jitsi-videobridge.apis` has been renamed to `colibriRestApi` and turned into a boolean. Setting it to `true` will enable the private rest API, useful for monitoring using `services.prometheus.exporters.jitsi.enable`. Learn more about the API: "[The COLIBRI control interface (/colibri/)](https://github.com/jitsi/jitsi-videobridge/blob/v2.3/doc/rest.md)". 0 0 0 0 583 584 ## Detailed migration information {#sec-release-23.05-migration} 585

··· 1 + # Release 23.05 (“Stoat”, 2023.05/31) {#sec-release-23.05} 2 3 + The NixOS release team is happy to announce a new version of NixOS. The release is called NixOS 23.05 ("Stoat"). 4 5 + NixOS is a Linux distribution, whose set of packages can also be used on other Linux systems and macOS. 6 7 + Support is planned until the end of December 2023, handing over to NixOS 23.11. 8 9 + To upgrade to the latest release, follow the [upgrade chapter](https://nixos.org/manual/nixos/stable/index.html#sec-upgrading). 10 11 + ## Highlights {#sec-release-23.05-highlights} 12 13 + In addition to numerous new and updated packages, this release has the following highlights: 14 15 + - The default Linux kernel has been updated from 5.15 to 6.1, all kernels version supported on <kernel.org> are also available. 0 0 16 17 + - systemd has been updated from v252 to v253, see [release notes](https://github.com/systemd/systemd/blob/main/NEWS#L21-L677) for more info. 18 + - Updating with `nixos-rebuild boot` and `reboot` is recommended, since in some rare cases the `switch` into the new generation on a live system might fail due to missing mount units. 19 20 + - The glibc has been updated from 2.35 to 2.37 21 22 + - GNOME has been updated to version 44. Please see the [release notes](https://release.gnome.org/44/) for details. 23 24 - KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed. 25 26 + - Cinnamon has been updated to 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what is changed. 27 + 28 + - `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/NixOS/nixpkgs%24+libxcrypt&patternType=standard&sm=1&groupBy=path). 29 + 30 + - NixOS now defaults to using [nsncd](https://github.com/twosigma/nsncd), a non-caching reimplementation of nscd in Rust, as its NSS lookup dispatcher. This replaces the buggy and deprecated nscd implementation provided through glibc. When you find problems, you can switch back by setting 31 + ```nix 32 + services.nscd.enableNsncd = false; 33 + ``` 34 + but please open an issue in nixpkgs, so your problem can be addressed. 35 36 + - Python implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` for system-wide or user home installations. 37 38 + - There have been two changes to `nixos-rebuild`: 39 + - Support for an extra `--specialisation` option was added that can be used to change specialisation for `switch` and `test` commands. 40 + - The `--target-host` and `--build-host` options no longer treat the `localhost` value specially – to build on/deploy to a local machine, omit the relevant flag. 41 42 + - `boot.bootspec.enable` (internal option) is now enabled by default because [RFC 0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot use cases in NixOS, such as Secure Boot. 43 44 ## New Services {#sec-release-23.05-new-services} 45 0 0 46 - [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable). 47 48 + - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). 49 50 + - [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). 51 52 + - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). 53 + 54 + - [authelia](https://www.authelia.com/), an open-source authentication and authorization server. Available as [services.authelia](options.html#opt-services.authelia.enable). 55 + 56 + - [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable). 57 + 58 + - [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable). 59 60 + - [Budgie Desktop](https://github.com/BuddiesOfBudgie/budgie-desktop), a familiar, modern desktop environment. Available as [services.xserver.desktopManager.budgie](options.html#opt-services.xserver.desktopManager.budgie). 61 62 + - [clash-verge](https://github.com/zzzgydi/clash-verge), a Clash GUI based on tauri. Available as [programs.clash-verge](#opt-programs.clash-verge.enable). 63 64 - [Cloudlog](https://www.magicbug.co.uk/cloudlog/), a web-based Amateur Radio logging application. Available as [services.cloudlog](#opt-services.cloudlog.enable). 65 66 + - [consul-template](https://github.com/hashicorp/consul-template/), a template renderer, notifier, and supervisor for HashiCorp Consul and Vault data. Available as [services.consul-template](#opt-services.consul-template.instances). 67 + 68 + - [cups-pdf-to-pdf](https://github.com/alexivkin/CUPS-PDF-to-PDF), a PDF-generating CUPS backend based on [cups-pdf](https://www.cups-pdf.de/). Available as [services.printing.cups-pdf](#opt-services.printing.cups-pdf.enable). 69 + 70 - [Deepin Desktop Environment](https://github.com/linuxdeepin/dde), an elegant, easy to use and reliable desktop environment. Available as [services.xserver.desktopManager.deepin](options.html#opt-services.xserver.desktopManager.deepin). 71 72 + - [esphome](https://esphome.io), a dashboard to configure ESP8266/ESP32 devices for use with Home Automation systems. Available as [services.esphome](#opt-services.esphome.enable). 73 74 - [frigate](https://frigate.video), an open source NVR built around real-time AI object detection. Available as [services.frigate](#opt-services.frigate.enable). 75 76 - [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion). 0 0 77 78 - [gemstash](https://github.com/rubygems/gemstash), a RubyGems.org cache and private gem server. Available as [services.gemstash](#opt-services.gemstash.enable). 79 ··· 83 84 - [go2rtc](https://github.com/AlexxIT/go2rtc), a camera streaming appliation with support for RTSP, WebRTC, HomeKit, FFMPEG, RTMP and other protocols. Available as [services.go2rtc](options.html#opt-services.go2rtc.enable). 85 86 + - [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in Golang with many filters. Available as [services.goeland](#opt-services.goeland.enable). 87 88 + - [gonic](https://github.com/sentriz/gonic), a Subsonic music streaming server. Available as [services.gonic](#opt-services.gonic.enable). 89 90 + - [hardware.ipu6](#opt-hardware.ipu6.enable), drivers for IPU6 based webcams on Intel Tiger Lake and Alder Lake. 91 92 + - [harmonia](https://github.com/nix-community/harmonia/), a Nix binary cache implemented in Rust using [libnixstore](https://docs.rs/libnixstore/latest/libnixstore/). Available as [services.harmonia](options.html#opt-services.harmonia.enable). 93 94 + - [hyprland](https://github.com/hyprwm/hyprland), a dynamic tiling Wayland compositor that doesn't sacrifice on its looks. Available as [programs.hyprland](#opt-programs.hyprland.enable). 95 96 - [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable). 97 98 + - [ivpn](https://www.ivpn.net/), a secure, private VPN with fast WireGuard connections. Available as [services.ivpn](#opt-services.ivpn.enable). 99 + 100 + - [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable). 101 102 - [kavita](https://kavitareader.com), a self-hosted digital library. Available as [services.kavita](options.html#opt-services.kavita.enable). 103 104 + - [keyd](https://github.com/rvaiya/keyd), a key remapping daemon for Linux. Available as [services.keyd](#opt-services.keyd.enable). 105 106 + - [lldap](https://github.com/lldap/lldap), a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. Available as [services.lldap](#opt-services.lldap.enable). 107 108 + - [minipro](https://gitlab.com/DavidGriffith/minipro/), an open source program for controlling the MiniPRO TL866xx series of chip programmers. Available as [programs.minipro](options.html#opt-programs.minipro.enable). 109 110 + - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and receives MMSes. Available as [services.mmsd](#opt-services.mmsd.enable). 111 112 + - [monica](https://www.monicahq.com), an open source personal CRM. Available as [services.monica](options.html#opt-services.monica.enable). 113 114 + - [networkd-dispatcher](https://gitlab.com/craftyguy/networkd-dispatcher), a dispatcher service for systemd-networkd connection status changes. Available as [services.networkd-dispatcher](#opt-services.networkd-dispatcher.enable). 115 116 + - [nimdow](https://github.com/avahe-kellenberger/nimdow), a window manager written in Nim, inspired by dwm. Available as [services.xserver.windowManager.nimdow.enable](options.html#opt-services.xserver.windowManager.nimdow.enable). 117 118 + - [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable). 119 120 + - [openvscode-server](https://github.com/gitpod-io/openvscode-server), run VS Code on a remote machine with access through a modern web browser from any device, anywhere. Available as [services.openvscode-server](#opt-services.openvscode-server.enable). 121 122 + - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). 123 124 + - [photoprism](https://photoprism.app/), a AI-powered photos app for the decentralized web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). 125 126 + - [Pixelfed](https://pixelfed.org/), an Instagram-like ActivityPub server. Available as [services.pixelfed](options.html#opt-services.pixelfed.enable). 127 128 + - [PufferPanel](https://pufferpanel.com), a game server management panel designed to be easy to use. Available as [services.pufferpanel](#opt-services.pufferpanel.enable). 129 130 + - [QDMR](https://dm3mat.darc.de/qdmr/), a GUI application and command line tool for programming DMR radios [programs.qdmr](#opt-programs.qdmr.enable). 131 132 + - [readarr](https://github.com/Readarr/Readarr), book manager and automation (Sonarr for ebooks). Available as [services.readarr](options.html#opt-services.readarr.enable). 133 134 + - [ReGreet](https://github.com/rharish101/ReGreet), a clean and customizable greeter for greetd. Available as [programs.regreet](#opt-programs.regreet.enable). 0 0 135 136 - [rshim](https://github.com/Mellanox/rshim-user-space), the user-space rshim driver for the BlueField SoC. Available as [services.rshim](options.html#opt-services.rshim.enable). 137 138 + - [SFTPGo](https://github.com/drakkan/sftpgo), a fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. Available as [services.sftpgo](options.html#opt-services.sftpgo.enable). 0 0 139 140 + - [sharing](https://github.com/parvardegr/sharing), a command-line tool to share directories and files from the CLI to iOS and Android devices without the need of an extra client app. Available as [programs.sharing](#opt-programs.sharing.enable). 141 142 + - [sniffnet](https://github.com/GyulyVGC/sniffnet), an application to monitor your network traffic. Available as [programs.sniffnet](#opt-programs.sniffnet.enable). 143 144 - [stargazer](https://sr.ht/~zethra/stargazer/), a fast and easy to use Gemini server. Available as [services.stargazer](#opt-services.stargazer.enable). 145 146 + - [stevenblack-blocklist](https://github.com/StevenBlack/hosts), a unified hosts file with base extensions for blocking unwanted websites. Available as [networking.stevenblack](options.html#opt-networking.stevenblack.enable). 147 148 + - [systemd-repart](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html), grow and add partitions to a partition table. Available as [systemd.repart](options.html#opt-systemd.repart) and [boot.initrd.systemd.repart](options.html#opt-boot.initrd.systemd.repart) 149 150 + - [trippy](https://github.com/fujiapple852/trippy), a network diagnostic tool. Available as [programs.trippy](#opt-programs.trippy.enable). 151 152 + - [tts](https://github.com/coqui-ai/TTS), a battle-tested deep learning toolkit for Text-to-Speech. Multiple servers may be configured below [services.tts.servers](#opt-services.tts.servers). 153 154 + - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). 155 156 + - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). 157 158 + - [v4l2-relayd](https://git.launchpad.net/v4l2-relayd), a streaming relay for v4l2loopback using gstreamer. Available as [services.v4l2-relayd](#opt-services.v4l2-relayd.instances._name_.enable). 159 160 + - [vault-agent](https://developer.hashicorp.com/vault/docs/agent), a template renderer and API auth proxy for HashiCorp Vault, similar to `consul-template`. Available as [services.vault-agent](#opt-services.vault-agent.instances). 161 162 + - [webhook](https://github.com/adnanh/webhook), a lightweight webhook server. Available as [services.webhook](#opt-services.webhook.enable). 163 164 - [wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh), a simple utility to help connect wireguard nodes together in a full mesh topology. Available as [services.wgautomesh](options.html#opt-services.wgautomesh.enable). 165 166 + - [woodpecker](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable) and [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable). 0 0 167 168 + - [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). 0 0 0 0 0 0 0 0 0 0 169 170 ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} 171 172 + - `services.asusd` configuration now uses strings instead of structured configuration, as upstream switched to the [RON](https://github.com/ron-rs/ron) configuration format. Support for structured configuration may return when [RON](https://github.com/ron-rs/ron) generation is implemented in nixpkgs. 173 174 + - `borgbackup` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.borgbackup.jobs.<name>.inhibitsSleep`](#opt-services.borgbackup.jobs._name_.inhibitsSleep). 175 176 + - The `openssh` client now comes with the `~C` escape sequence disabled by default. It can be re-enabled by setting `EnableEscapeCommandline yes` 177 178 + - The `programs.ssh` client module does not read `/etc/ssh/ssh_known_hosts2` anymore, since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). 179 180 + - The `services.openssh` server module does not read `~/.ssh/authorized_keys2` anymore, since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2). 181 182 + - MAC-then-encrypt algorithms were removed from the default selection of `services.openssh.settings.Macs`. If you still require these [MACs](https://en.wikipedia.org/wiki/Message_authentication_code), for example when you are relying on libssh2 (e.g. VLC) or the SSH library shipped on the iPhone, you can re-add them like this: 183 184 + ```nix 185 + services.openssh.settings.Macs = [ 186 + "hmac-sha2-512" 187 + "hmac-sha2-256" 188 + "umac-128@openssh.com" 189 + }; 190 + ``` 191 192 - Many `services.syncthing` options have been moved to `services.syncthing.settings`, as part of [RFC 42](https://github.com/NixOS/rfcs/pull/42)'s implementation, see [#226088](https://github.com/NixOS/nixpkgs/pull/226088). 193 0 0 0 0 194 - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. 195 196 - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. 197 198 + - `graylog` has been updated to version 5, which can not be updated directly from the previously packaged version 3.3. If you had installed the previously packaged version 3.3, please follow the [upgrade path](https://go2docs.graylog.org/5-0/upgrading_graylog/upgrade_path.htm) from 3.3 to 4.0 to 4.3 to 5.0. 199 + 200 + - `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs. 201 + 202 203 - `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs. 204 ··· 208 209 - `keepassx` and `keepassx2` have been removed, due to upstream [stopping development](https://www.keepassx.org/index.html%3Fp=636.html). Consider [KeePassXC](https://keepassxc.org) as a maintained alternative. 210 211 + - The [services.kubo.settings](#opt-services.kubo.settings) option is now no longer stateful. If you changed any of the options in [services.kubo.settings](#opt-services.kubo.settings) in the past and then removed them from your NixOS configuration again, those changes are still in your Kubo configuration file but will now be reset to the default. If you're unsure, you may want to make a backup of your configuration file (probably `/var/lib/ipfs/config`) and compare after the update. 212 213 - The Kubo HTTP API will no longer listen on localhost and will instead only listen on a Unix domain socket by default. Read the [services.kubo.settings.Addresses.API](#opt-services.kubo.settings.Addresses.API) option description for more information. 214 215 - The EC2 image module no longer fetches instance metadata in stage-1. This results in a significantly smaller initramfs, since network drivers no longer need to be included, and faster boots, since metadata fetching can happen in parallel with startup of other services. 216 This breaks services which rely on metadata being present by the time stage-2 is entered. Anything which reads EC2 metadata from `/etc/ec2-metadata` should now have an `after` dependency on `fetch-ec2-metadata.service` 217 218 + - The mailman service now defaults to using a randomly generated REST API password instead of a hard-coded one. 219 220 + - `minio` removed support for its legacy filesystem backend in [RELEASE.2022-10-29T06-21-33Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z). This means if your storage was created with the old format, minio will no longer start. Unfortunately, minio doesn't provide an automatic migration, they only provide [instructions how to manually convert the node](https://min.io/docs/minio/windows/operations/install-deploy-manage/migrate-fs-gateway.html). To facilitate this migration, we keep around the last version that still supports the old filesystem backend as `minio_legacy_fs`. Use it via `services.minio.package = minio_legacy_fs;` to export your data before switching to the new version. See the corresponding [issue](https://github.com/NixOS/nixpkgs/issues/199318) for more details. 221 222 - `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/). 223 ··· 241 }; 242 ``` 243 244 + - The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. 245 246 + - The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using 0 0 247 248 + ```nix 249 + fcitx5-rime.override { 250 + rimeDataPkgs = [ 251 + pkgs.rime-data 252 + # ... 253 + ]; 254 + } 255 + ``` 256 257 + - The `udev` hwdb.bin file is now built with systemd-hwdb rather than the [deprecated "udevadm hwdb"](https://github.com/systemd/systemd/pull/25714). This may impact mappings where the same key is defined in multiple matching entries. The updated behavior will select the latest definition in case of conflict. In general, this should be a positive change, as the hwdb source files are designed with this ordering in mind. As an example, the mapping of the HP Dev One keyboard scan code for "mute mic" is corrected by this update. This change may impact users who have worked-around previously incorrect mappings. 258 259 - Kime has been updated from 2.5.6 to 3.0.2 and the `i18n.inputMethod.kime.config` option has been removed. Users should use `daemonModules`, `iconColor`, and `extraConfig` options under `i18n.inputMethod.kime` instead. 260 ··· 262 263 - `i3status-rust` has been updated from 0.22.0 to 0.30.5, and this brings many changes to its configuration format. Additional information can be found [here](https://github.com/greshake/i3status-rust/blob/v0.30.0/NEWS.md). 264 265 + - The `wordpress` derivation no longer contains any built-in plugins or themes. If you need them, you have to add them back to prevent your site from breaking. You can find them in `wordpressPackages.{plugins,themes}`. 266 267 - `llvmPackages_rocm.llvm` will not contain `clang` or `compiler-rt`. `llvmPackages_rocm.clang` will not contain `llvm`. `llvmPackages_rocm.clangNoCompilerRt` has been removed in favor of using `llvmPackages_rocm.clang-unwrapped`. 268 269 + - `services.xserver.desktopManager.plasma5.excludePackages` has been moved to `environment.plasma5.excludePackages`, for consistency with other Desktop Environments. 270 271 + - `teleport` has been updated from major version 10 to major version 12. Please see upstream [upgrade instructions](https://goteleport.com/docs/setup/operations/upgrading/) and release notes for versions [11](https://goteleport.com/docs/changelog/#1100) and [12](https://goteleport.com/docs/changelog/#1201). Note that Teleport does not officially support upgrades across more than one major version at a time. If you're running Teleport server components, it is recommended to first upgrade to an intermediate 11.x version by setting `services.teleport.package = pkgs.teleport_11`. Afterwards, this option can be removed to upgrade to the default version (12). 272 273 + - The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2. 274 275 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 276 ··· 278 279 - `albert` has been updated from 0.17.6 to 0.20.13, and 0.18.0 changed the config format and many plugins ([changelog for 0.18.0](https://github.com/albertlauncher/albert/blob/v0.18.0/CHANGELOG.md)) 280 0 0 0 0 0 0 281 - `dokuwiki` has been updated from 2023-07-31a (Igor) to 2023-04-04 (Jack Jackrum), which has [completely removed](https://www.dokuwiki.org/changes#release_2023-04-04_jack_jackrum) the options to embed HTML and PHP for security reasons. The [htmlok plugin](https://www.dokuwiki.org/plugin:htmlok) can be used to regain this functionality. 282 283 - The old unsupported version 6.x of the ELK-stack and Elastic beats have been removed. Use OpenSearch instead. ··· 288 289 - The [services.wordpress.sites.&lt;name&gt;.plugins](#opt-services.wordpress.sites._name_.plugins) and [services.wordpress.sites.&lt;name&gt;.themes](#opt-services.wordpress.sites._name_.themes) options have been converted from sets to attribute sets to allow for consumers to specify explicit install paths via attribute name. 290 0 0 0 0 291 - `protonmail-bridge` package has been updated to major version 3. 292 293 - Nebula now runs as a system user and group created for each nebula network, using the `CAP_NET_ADMIN` ambient capability on launch rather than starting as root. Ensure that any files each Nebula instance needs to access are owned by the correct user and group, by default `nebula-${networkName}`. ··· 295 - The `i18n.inputMethod.fcitx` option has been replaced with `i18n.inputMethod.fcitx5` because fcitx 4 `pkgs.fcitx` has been removed. 296 297 - In `mastodon` it is now necessary to specify location of file with `PostgreSQL` database password. In `services.mastodon.database.passwordFile` parameter default value `/var/lib/mastodon/secrets/db-password` has been changed to `null`. 0 0 298 299 - The `nix.readOnlyStore` option has been renamed to `boot.readOnlyNixStore` to clarify that it configures the NixOS boot process, not the Nix daemon. 300 0 0 301 - The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows: 302 - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default. 303 - If `system.stateVersion` is >=22.11, `pkgs.nextcloud25` will be installed by default. ··· 311 [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) 312 for more details and available replacements. 313 314 + - The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer an alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). 315 316 - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use. 317 ··· 354 355 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> 356 0 0 0 0 0 0 0 0 357 - A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows: 358 - `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding` 359 - `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication` ··· 366 - `services.openssh.ciphers` to `services.openssh.settings.Ciphers` 367 - `services.openssh.gatewayPorts` to `services.openssh.settings.GatewayPorts` 368 0 369 370 + - `vim_configurable` has been renamed to `vim-full` to avoid confusion: `vim-full`'s build-time features are configurable, but both `vim` and `vim-full` are _customizable_ (in the sense of user configuration, like vimrc). 371 372 + - Pantheon now defaults to Mutter 43 and GNOME settings daemon 43, all Pantheon packages are now tracking elementary OS 7 updates. 373 374 + - The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules) 375 376 + - The module `usbmuxd` now has the ability to change the package used by the daemon. In case you're experiencing issues with `usbmuxd` you can try an alternative program like `usbmuxd2`. Available as [services.usbmuxd.package](#opt-services.usbmuxd.package) 377 + 378 + - `netbox` was updated to 3.5. NixOS' `services.netbox.package` still defaults to 3.3 if `stateVersion` is earlier than 23.05. Please review upstream's breaking changes [for 3.4.0](https://github.com/netbox-community/netbox/releases/tag/v3.4.0) and [for 3.5.0](https://github.com/netbox-community/netbox/releases/tag/v3.5.0), and upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically. 379 + 380 + - `services.netbox` now support RFC42-style options, through `services.netbox.settings`. 381 382 + - `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables. 383 384 - `services.borgmatic` now allows for multiple configurations, placed in `/etc/borgmatic.d/`, you can define them with `services.borgmatic.configurations`. 385 ··· 397 `services.dnsmasq.settings` attribute set. The option 398 `services.dnsmasq.extraConfig` will be deprecated when NixOS 22.11 reaches 399 end of life. 0 0 400 401 - The `dokuwiki` service is now configured via `services.dokuwiki.sites.<name>.settings` attribute set; `extraConfig` has been removed. 402 The `{aclUse,superUser,disableActions}` attributes have been renamed accordingly. `pluginsConfig` now only accepts an attribute set of booleans. ··· 420 If undesired, the old behavior can be restored by overriding the builders with 421 `{ installDocumentation = false; }`. 422 423 + - The nftables module now validates its ruleset at build time. The new `networking.nftables.checkRuleset` option allows disabling this check, which may fail when rules have very specific requirements, that the sandbox environment, by default, will not cover. The `networking.nftables.preCheckRuleset` option can be used to prepare the environment before the checks are run. 424 425 + - The `services.mastodon` module now supports connection to a remote `PostgreSQL` database. 426 427 + - [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication. 428 + - If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set). 429 + - If you want to use password authentication **and** create the database locally, you will have to use [`services.mysql`](#opt-services.mysql.enable) to set it up. 430 431 + - [`services.nextcloud.config.objectstore.s3.sseCKeyFile`](#opt-services.nextcloud.config.objectstore.s3.sseCKeyFile) is a new option to enable server-side encryption with customer provided keys (SSE-C) for your S3 in Nextcloud. 0 432 433 + - NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to set up the plain encryption device over the underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so: 0 0 0 0 434 435 + ```nix 436 + swapDevices = [ { 437 + device = "/dev/disk/by-partlabel/swapspace"; 438 + randomEncryption = { 439 + enable = true; 440 + cipher = "aes-xts-plain64"; 441 + keySize = 512; 442 + sectorSize = 4096; 443 + }; 444 + } ]; 445 ``` 446 447 - New option `security.pam.zfs` to enable unlocking and mounting of encrypted ZFS home dataset at login. 448 449 + - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`. Before upgrading, check the release notes for [PeerTube v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0).And backup your data. 0 0 0 0 450 451 - `services.chronyd` is now started with additional systemd sandbox/hardening options for better security. 452 453 + - PostgreSQL has added opt-in support for [JIT compilation](https://www.postgresql.org/docs/current/jit-reason.html). It can be enabled like this: 454 ```nix 455 + services.postgresql.enableJIT = true; 0 0 0 0 0 456 ``` 457 458 + - `services.netdata` offers a [`services.netdata.deadlineBeforeStopSec`](#opt-services.netdata.deadlineBeforeStopSec) option which will control the deadline (in seconds) after which systemd will consider your netdata instance as dead if it didn't start in the elapsed time. It is helpful when your netdata instance takes longer to start because of a large amount of state or upgrades. 459 460 + - `services.dhcpcd` service stopped soliciting or accepting IPv6 Router Advertisements on interfaces that use static IPv6 addresses. 461 + If your network provides both IPv6 unique local addresses (ULA) and globally unique addresses (GUA) through autoconfiguration with SLAAC, you must add the parameter `networking.dhcpcd.IPv6rs = true;`. 462 463 - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: 464 465 + - Most settings have been migrated below [services.headscale.settings](#opt-services.headscale.settings) which is a freeform attribute-set that 466 will be converted into headscale's YAML config format. This means that the configuration from 467 [headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) 468 can be directly written as attribute-set in Nix within this option. 469 470 - `services.kubo` now unmounts `ipfsMountDir` and `ipnsMountDir` even if it is killed unexpectedly when `autoMount` is enabled. 471 472 + - `services.grafana` listens only on localhost by default again. This was changed to the upstream default of `0.0.0.0` by accident in the freeform setting conversion. 0 0 473 474 - Grafana Tempo has been updated to version 2.0. See the [upstream upgrade guide](https://grafana.com/docs/tempo/latest/release-notes/v2-0/#upgrade-considerations) for migration instructions. 475 476 + - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple Silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=23.05&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). 477 478 - The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically. 479 480 - The `root` package is now built with the `"-Dgnuinstall=ON"` CMake flag, making the output conform the `bin` `lib` `share` layout. In this layout, `tutorials` is under `share/doc/ROOT/`; `cmake`, `font`, `icons`, `js` and `macro` under `share/root`; `Makefile.comp` and `Makefile.config` under `etc/root`. 481 482 + - There are various new options in the `services.nginx` module: 483 + - Enabling global redirect in `services.nginx.virtualHosts` now allows one to add exceptions with the `locations` option. 484 + - The `proxyCachePath` option has been added to `services.nginx`. It allows configuring the [`proxy_cache_path`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path), that configures the storage path and various other settings for the cache. 485 + - A new option `recommendedBrotliSettings` has been added to `services.nginx`. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/blob/master/README.md). 486 + - `services.nginx.recommendedProxySettings` now removes the `Connection` header preventing clients from closing backend connections. 487 488 + - The nginx module also received an update to `services.nginx.recommendedGzipSettings`: 0 0 0 0 489 - Enables gzip compression for only certain proxied requests. 490 - Allow checking and loading of precompressed files. 491 - Updated gzip mime-types. 492 - Increased the minimum length of a response that will be gzipped. 493 494 + - [Garage](https://garagehq.deuxfleurs.fr/) version is based on [system.stateVersion](options.html#opt-system.stateVersion), existing installations will keep using version 0.7. New installations will use version 0.8. In order to upgrade a Garage cluster, please follow [upstream instructions](https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/) and configure [services.garage.package](options.html#opt-services.garage.package). 495 496 - Nebula now supports the `services.nebula.networks.<name>.isRelay` and `services.nebula.networks.<name>.relays` configuration options for setting up or allowing traffic relaying. See the [announcement](https://www.defined.net/blog/announcing-relay-support-in-nebula/) for more details about relays. 0 0 0 0 497 498 - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. 499 500 + - The `firewall` and `nat` modules can now optionally rely on an nftables based implementation. Enable `networking.nftables` to use it. 501 502 - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)). 0 0 503 504 - `services.xserver.desktopManager.plasma5.phononBackend` now defaults to vlc according to [upstrean recommendation](https://community.kde.org/Distributions/Packaging_Recommendations#Non-Plasma_packages) 505 ··· 510 there are now two packages of Singularity/Apptainer: 511 * `apptainer`: From `github.com/apptainer/apptainer`, which is the new repo after renaming. 512 * `singularity`: From `github.com/sylabs/singularity`, which is the fork by Sylabs Inc.. 0 0 513 514 `singularity-tools.buildImage` got a new input argument `singularity` to specify which package to use. 515 516 - The new option `programs.singularity.enableFakeroot`, if set to `true`, provides `--fakeroot` support for `apptainer` and `singularity`. 517 0 0 0 0 518 - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting. 519 520 + - `openjdk` from versioggn 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`. 521 522 - [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package. 523 ··· 527 528 - The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed. 529 530 + - The option `services.gpsd.device` has been replaced with `services.gpsd.devices`, which supports multiple devices. 531 + 532 + - `k3s` can now be configured with an `EnvironmentFile` for its systemd service, allowing secrets to be provided without ending up in the Nix Store. 533 + 534 + - The `gitea` module options have been moved into a freeform attribute set below `services.gitea.settings`. 535 + 536 + - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEMs who need to install an encrypted disk with a future settable passphrase 537 + 538 + - The `bind` module now allows the per-zone `allow-query` setting to be configured (previously it was hard-coded to `any`; it still defaults to `any` to retain compatibility). 539 + 540 + - The option `services.jitsi-videobridge.apis` has been renamed to `colibriRestApi` and turned into a boolean. Setting it to `true` will enable the private rest API, useful for monitoring using `services.prometheus.exporters.jitsi.enable`. Learn more about the API: "[The COLIBRI control interface (/colibri/)](https://github.com/jitsi/jitsi-videobridge/blob/v2.3/doc/rest.md)". 541 + 542 + - Booting from a volume managed by the Stratis storage management daemon is now supported. Use `fileSystems.<name>.stratis.poolUuid` to configure the pool containing the fs. 543 + 544 + ## Nixpkgs internals {#sec-release-23.05-nixpkgs-internals} 545 + 546 + - `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`. 547 + 548 + - `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs. 549 550 + - Top-level `buildPlatform`, `hostPlatform`, `targetPlatform` have been deprecated, use `stdenv.X` instead. 551 552 + - `carnix` and `cratesIO` has been removed due to being unmaintained, use alternatives such as [naersk](https://github.com/nix-community/naersk) and [crate2nix](https://github.com/kolloch/crate2nix) instead. 553 554 + - `checkInputs` have been renamed to `nativeCheckInputs`, because they behave the same as `nativeBuildInputs` when `doCheck` is set. `checkInputs` now denote a new type of dependencies, added to `buildInputs` when `doCheck` is set. As a rule of thumb, `nativeCheckInputs` are tools on `$PATH` used during the tests, and `checkInputs` are libraries which are linked to executables built as part of the tests. Similarly, `installCheckInputs` are renamed to `nativeInstallCheckInputs`, corresponding to `nativeBuildInputs`, and `installCheckInputs` are a new type of dependencies added to `buildInputs` when `doInstallCheck` is set. (Note that this change will not cause breakage to derivations with `strictDeps` unset, which are most packages except python, rust, ocaml and go packages). 555 556 + - DocBook option documentation, which has been deprecated since 22.11, will now cause a warning when documentation is built. Out-of-tree modules should migrate to using CommonMark documentation as outlined in [](#sec-option-declarations) to silence this warning. 557 + 558 + DocBook option documentation support will be removed in the next release and CommonMark will become the default. DocBook option documentation that has not been migrated until then will no longer render properly or cause errors. 559 + 560 + - `lib.systems.examples.ghcjs` and consequently `pkgsCross.ghcjs` now use the target triplet `javascript-unknown-ghcjs` instead of `js-unknown-ghcjs`. This has been done to match an [upstream decision](https://gitlab.haskell.org/ghc/ghc/-/commit/6636b670233522f01d002c9b97827d00289dbf5c) to follow Cabal's platform naming more closely. Nixpkgs will also reject `js` as an architecture name. 561 562 - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release. 563 564 + - Calling `makeSetupHook` without passing a `name` argument is deprecated. 565 566 + - `nixos/lib/make-disk-image.nix` handles `contents` arguments that are directories better, fixing a bug where it used to put them in a subdirectory of the intended `target`. 567 568 + - `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual. 569 + 570 + - Nixpkgs now uses [IEEE-standard floating point arithmetic](https://github.com/NixOS/nixpkgs/pull/170215) on `powerpc64le-linux`. 571 + 572 + - Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constituents: `xorg.libX11`, `freetype` and others. 573 574 ## Detailed migration information {#sec-release-23.05-migration} 575

+4 -3

nixos/modules/services/mail/maddy.nix

··· 335 }; 336 337 secrets = lib.mkOption { 338 - type = lib.types.path; 339 description = lib.mdDoc '' 340 - A file containing the various secrets. Should be in the format 341 expected by systemd's `EnvironmentFile` directory. Secrets can be 342 referenced in the format `{env:VAR}`. 343 ''; 0 344 }; 345 346 }; ··· 379 User = cfg.user; 380 Group = cfg.group; 381 StateDirectory = [ "maddy" ]; 382 - EnvironmentFile = lib.mkIf (cfg.secrets != null) "${cfg.secrets}"; 383 }; 384 restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ]; 385 wantedBy = [ "multi-user.target" ];

··· 335 }; 336 337 secrets = lib.mkOption { 338 + type = with types; listOf path; 339 description = lib.mdDoc '' 340 + A list of files containing the various secrets. Should be in the format 341 expected by systemd's `EnvironmentFile` directory. Secrets can be 342 referenced in the format `{env:VAR}`. 343 ''; 344 + default = [ ]; 345 }; 346 347 }; ··· 380 User = cfg.user; 381 Group = cfg.group; 382 StateDirectory = [ "maddy" ]; 383 + EnvironmentFile = cfg.secrets; 384 }; 385 restartTriggers = [ config.environment.etc."maddy/maddy.conf".source ]; 386 wantedBy = [ "multi-user.target" ];

+2 -2

pkgs/applications/audio/flacon/default.nix

··· 4 5 stdenv.mkDerivation rec { 6 pname = "flacon"; 7 - version = "11.0.0"; 8 9 src = fetchFromGitHub { 10 owner = "flacon"; 11 repo = "flacon"; 12 rev = "v${version}"; 13 - sha256 = "sha256-xc+pp1phFtcGDCsLzzjWjZBfRJ5ss/F1Nm8/s9sWPfs="; 14 }; 15 16 nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];

··· 4 5 stdenv.mkDerivation rec { 6 pname = "flacon"; 7 + version = "11.1.0"; 8 9 src = fetchFromGitHub { 10 owner = "flacon"; 11 repo = "flacon"; 12 rev = "v${version}"; 13 + sha256 = "sha256-nAJKTRkx8d53v1tPnu5ARrRoESKh4jUOCcD54bhE8TU="; 14 }; 15 16 nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];

+11 -6

pkgs/applications/audio/picard/default.nix

··· 1 { lib 2 , python3Packages 3 , fetchFromGitHub 4 - , fetchpatch 5 , gettext 6 , chromaprint 7 , qt5 ··· 28 sha256 = "sha256-ukqlAXGaqX89U77cM9Ux0RYquT31Ho8ri1Ue7S3+MwQ="; 29 }; 30 31 - nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ] 32 - ++ lib.optionals (pyqt5.multimediaEnabled) [ 33 - qt5.qtmultimedia.bin 0 34 gst_all_1.gst-libav 35 gst_all_1.gst-plugins-base 36 gst_all_1.gst-plugins-good 37 gst_all_1.gst-vaapi 38 gst_all_1.gstreamer 39 - ] 40 - ; 0 0 0 0 0 41 42 propagatedBuildInputs = with pythonPackages; [ 43 chromaprint

··· 1 { lib 2 , python3Packages 3 , fetchFromGitHub 0 4 , gettext 5 , chromaprint 6 , qt5 ··· 27 sha256 = "sha256-ukqlAXGaqX89U77cM9Ux0RYquT31Ho8ri1Ue7S3+MwQ="; 28 }; 29 30 + nativeBuildInputs = [ 31 + gettext 32 + qt5.wrapQtAppsHook 33 + ] ++ lib.optionals (pyqt5.multimediaEnabled) [ 34 gst_all_1.gst-libav 35 gst_all_1.gst-plugins-base 36 gst_all_1.gst-plugins-good 37 gst_all_1.gst-vaapi 38 gst_all_1.gstreamer 39 + ]; 40 + buildInputs = [ 41 + qt5.qtbase 42 + qt5.qtwayland 43 + ] ++ lib.optionals (pyqt5.multimediaEnabled) [ 44 + qt5.qtmultimedia.bin 45 + ]; 46 47 propagatedBuildInputs = with pythonPackages; [ 48 chromaprint

+5 -3

pkgs/applications/blockchains/lightning-loop/default.nix

··· 5 6 buildGoModule rec { 7 pname = "lightning-loop"; 8 - version = "0.23.0-beta"; 9 10 src = fetchFromGitHub { 11 owner = "lightninglabs"; 12 repo = "loop"; 13 rev = "v${version}"; 14 - sha256 = "sha256-nYDu451BS5gV4pbV9Pp+S7oKsLGzgVu1a9Df7651e4c="; 15 }; 16 17 - vendorSha256 = "sha256-6bRg6is1g/eRCr82tHMXTWVFv2S0d2h/J3w1gpentjo="; 18 19 subPackages = [ "cmd/loop" "cmd/loopd" ]; 0 0 20 21 meta = with lib; { 22 description = "Lightning Loop Client";

··· 5 6 buildGoModule rec { 7 pname = "lightning-loop"; 8 + version = "0.24.1-beta"; 9 10 src = fetchFromGitHub { 11 owner = "lightninglabs"; 12 repo = "loop"; 13 rev = "v${version}"; 14 + hash = "sha256-gPWiKSwXS1eSuHss+hkiqqxqonGYSGmSh3/jL+NlqEg="; 15 }; 16 17 + vendorHash = "sha256-6bRg6is1g/eRCr82tHMXTWVFv2S0d2h/J3w1gpentjo="; 18 19 subPackages = [ "cmd/loop" "cmd/loopd" ]; 20 + 21 + ldflags = [ "-s" "-w" ]; 22 23 meta = with lib; { 24 description = "Lightning Loop Client";

+2 -2

pkgs/applications/networking/cloudflared/default.nix

··· 7 8 buildGoModule rec { 9 pname = "cloudflared"; 10 - version = "2023.5.0"; 11 12 src = fetchFromGitHub { 13 owner = "cloudflare"; 14 repo = "cloudflared"; 15 rev = "refs/tags/${version}"; 16 - hash = "sha256-0zUKlacB6aTj0UQ8dIQSU8F6SvVOTAU/GdbUqbJ8okI="; 17 }; 18 19 vendorHash = null;

··· 7 8 buildGoModule rec { 9 pname = "cloudflared"; 10 + version = "2023.5.1"; 11 12 src = fetchFromGitHub { 13 owner = "cloudflare"; 14 repo = "cloudflared"; 15 rev = "refs/tags/${version}"; 16 + hash = "sha256-Pt/iyBMAHMNxN92UAXPNoVXh8kOGdD5+JGZlXEioByY="; 17 }; 18 19 vendorHash = null;

+7 -7

pkgs/applications/networking/cluster/terraform-providers/providers.json

··· 584 "vendorHash": null 585 }, 586 "infoblox": { 587 - "hash": "sha256-C7j9WvhLePQvZlGvYC51GQRIa5JwgARNDG1nGZwY6FU=", 588 "homepage": "https://registry.terraform.io/providers/infobloxopen/infoblox", 589 "owner": "infobloxopen", 590 "repo": "terraform-provider-infoblox", 591 - "rev": "v2.3.0", 592 "spdx": "MPL-2.0", 593 "vendorHash": null 594 }, ··· 882 "vendorHash": null 883 }, 884 "pagerduty": { 885 - "hash": "sha256-Vp4kNvG+37MR/0Es0sFxkWfl0dNc8ZIbm0VpSX416Pk=", 886 "homepage": "https://registry.terraform.io/providers/PagerDuty/pagerduty", 887 "owner": "PagerDuty", 888 "repo": "terraform-provider-pagerduty", 889 - "rev": "v2.14.5", 890 "spdx": "MPL-2.0", 891 "vendorHash": null 892 }, ··· 963 "vendorHash": null 964 }, 965 "scaleway": { 966 - "hash": "sha256-ZZu8rePMIuQArXI3P/S9rGxw7LU8g3qbJYFpSJ32KJQ=", 967 "homepage": "https://registry.terraform.io/providers/scaleway/scaleway", 968 "owner": "scaleway", 969 "repo": "terraform-provider-scaleway", 970 - "rev": "v2.19.0", 971 "spdx": "MPL-2.0", 972 - "vendorHash": "sha256-TTQXAX8M9w0RUDVevt4OpPB32R2GFjsvCn1j+SJgZZs=" 973 }, 974 "secret": { 975 "hash": "sha256-MmAnA/4SAPqLY/gYcJSTnEttQTsDd2kEdkQjQj6Bb+A=",

··· 584 "vendorHash": null 585 }, 586 "infoblox": { 587 + "hash": "sha256-mfRhS+GP7ygAY6SsD2p4jj+C7iZ8SbxHOLGeZVm7a8M=", 588 "homepage": "https://registry.terraform.io/providers/infobloxopen/infoblox", 589 "owner": "infobloxopen", 590 "repo": "terraform-provider-infoblox", 591 + "rev": "v2.4.0", 592 "spdx": "MPL-2.0", 593 "vendorHash": null 594 }, ··· 882 "vendorHash": null 883 }, 884 "pagerduty": { 885 + "hash": "sha256-78DCzzGya9BKzzY4DXG/H+JidqPHObKmxlDCgG08cb8=", 886 "homepage": "https://registry.terraform.io/providers/PagerDuty/pagerduty", 887 "owner": "PagerDuty", 888 "repo": "terraform-provider-pagerduty", 889 + "rev": "v2.14.6", 890 "spdx": "MPL-2.0", 891 "vendorHash": null 892 }, ··· 963 "vendorHash": null 964 }, 965 "scaleway": { 966 + "hash": "sha256-+WNvmkQvqupSYQDlY/57nyaV6kH2wvQLsb+uAJuGaaw=", 967 "homepage": "https://registry.terraform.io/providers/scaleway/scaleway", 968 "owner": "scaleway", 969 "repo": "terraform-provider-scaleway", 970 + "rev": "v2.20.0", 971 "spdx": "MPL-2.0", 972 + "vendorHash": "sha256-dSnq0iU1ANuOyTNZQfy7FRjEIL2HG2ZJFNTe6iaBe5U=" 973 }, 974 "secret": { 975 "hash": "sha256-MmAnA/4SAPqLY/gYcJSTnEttQTsDd2kEdkQjQj6Bb+A=",

+2 -2

pkgs/applications/networking/instant-messengers/signalbackup-tools/default.nix

··· 2 3 (if stdenv.isDarwin then darwin.apple_sdk_11_0.llvmPackages_14.stdenv else stdenv).mkDerivation rec { 4 pname = "signalbackup-tools"; 5 - version = "20230523"; 6 7 src = fetchFromGitHub { 8 owner = "bepaald"; 9 repo = pname; 10 rev = version; 11 - hash = "sha256-u0UztFdEevFVNRtRvyaeDX4vMyrGuzTMd3/nzRUqjV0="; 12 }; 13 14 postPatch = ''

··· 2 3 (if stdenv.isDarwin then darwin.apple_sdk_11_0.llvmPackages_14.stdenv else stdenv).mkDerivation rec { 4 pname = "signalbackup-tools"; 5 + version = "20230528-1"; 6 7 src = fetchFromGitHub { 8 owner = "bepaald"; 9 repo = pname; 10 rev = version; 11 + hash = "sha256-kb7Cu/dQ3hpT3dZxE5f/rIAyYVYroLPEAnRc6ci7Yk8="; 12 }; 13 14 postPatch = ''

+2 -2

pkgs/applications/radio/flrig/default.nix

··· 8 }: 9 10 stdenv.mkDerivation rec { 11 - version = "1.4.8"; 12 pname = "flrig"; 13 14 src = fetchurl { 15 url = "mirror://sourceforge/fldigi/${pname}-${version}.tar.gz"; 16 - sha256 = "sha256-7aqjNbcAE1ATb5Zl+ziVb7O86nqlFwdpsYm9RoX51rg="; 17 }; 18 19 buildInputs = [

··· 8 }: 9 10 stdenv.mkDerivation rec { 11 + version = "2.0.0"; 12 pname = "flrig"; 13 14 src = fetchurl { 15 url = "mirror://sourceforge/fldigi/${pname}-${version}.tar.gz"; 16 + sha256 = "sha256-DTqheZhCSrupokhVqGrOwBcXwQRgoMv16fMjEFRqbCA="; 17 }; 18 19 buildInputs = [

+47 -45

pkgs/build-support/go/module.nix

··· 2 3 { name ? "${args'.pname}-${args'.version}" 4 , src 5 - , nativeBuildInputs ? [] 6 - , passthru ? {} 7 - , patches ? [] 8 9 - # Go tags, passed to go via -tag 10 - , tags ? [] 11 12 - # A function to override the go-modules derivation 13 - , overrideModAttrs ? (_oldAttrs : {}) 14 15 - # path to go.mod and go.sum directory 16 , modRoot ? "./" 17 18 - # vendorHash is the SRI hash of the vendored dependencies 19 - # 20 - # if vendorHash is null, then we won't fetch any dependencies and 21 - # rely on the vendor folder within the source. 22 , vendorHash ? args'.vendorSha256 or (throw "buildGoModule: vendorHash is missing") 23 - # Whether to delete the vendor folder supplied with the source. 24 , deleteVendor ? false 25 - # Whether to fetch (go mod download) and proxy the vendor directory. 26 - # This is useful if your code depends on c code and go mod tidy does not 27 - # include the needed sources to build or if any dependency has case-insensitive 28 - # conflicts which will produce platform dependant `vendorHash` checksums. 29 , proxyVendor ? false 30 31 - # We want parallel builds by default 32 , enableParallelBuilding ? true 33 34 - # Do not enable this without good reason 35 - # IE: programs coupled with the compiler 36 , allowGoReference ? false 37 38 , CGO_ENABLED ? go.CGO_ENABLED 39 40 - , meta ? {} 41 42 - # Not needed with buildGoModule 43 , goPackagePath ? "" 44 45 - # needed for buildFlags{,Array} warning 46 , buildFlags ? "" 47 , buildFlagsArray ? "" 48 49 - , ... }@args': 0 50 51 assert goPackagePath != "" -> throw "`goPackagePath` is not needed with `buildGoModule`"; 52 assert (args' ? vendorHash && args' ? vendorSha256) -> throw "both `vendorHash` and `vendorSha256` set. only one can be set."; ··· 55 args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ]; 56 57 go-modules = if (vendorHash == null) then "" else 58 - (stdenv.mkDerivation { 59 - 60 name = "${name}-go-modules"; 61 62 - nativeBuildInputs = (args.nativeBuildInputs or []) ++ [ go git cacert ]; 63 64 inherit (args) src; 65 inherit (go) GOOS GOARCH; ··· 69 # out in the wild. In anycase, it's documented in: 70 # doc/languages-frameworks/go.section.md 71 prePatch = args.prePatch or ""; 72 - patches = args.patches or []; 73 - patchFlags = args.patchFlags or []; 74 postPatch = args.postPatch or ""; 75 preBuild = args.preBuild or ""; 76 postBuild = args.modPostBuild or ""; ··· 79 GO111MODULE = "on"; 80 81 impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ 82 - "GIT_PROXY_COMMAND" "SOCKS_SERVER" "GOPROXY" 0 0 83 ]; 84 85 configurePhase = args.modConfigurePhase or '' ··· 105 exit 10 106 fi 107 108 - ${if proxyVendor then '' 109 - mkdir -p "''${GOPATH}/pkg/mod/cache/download" 110 - go mod download 111 - '' else '' 112 - if (( "''${NIX_DEBUG:-0}" >= 1 )); then 113 - goModVendorFlags+=(-v) 114 - fi 115 - go mod vendor "''${goModVendorFlags[@]}" 116 - ''} 117 118 mkdir -p vendor 119 ··· 123 installPhase = args.modInstallPhase or '' 124 runHook preInstall 125 126 - ${if proxyVendor then '' 127 - rm -rf "''${GOPATH}/pkg/mod/cache/download/sumdb" 128 - cp -r --reflink=auto "''${GOPATH}/pkg/mod/cache/download" $out 129 - '' else '' 130 - cp -r --reflink=auto vendor $out 131 - ''} 132 133 if ! [ "$(ls -A $out)" ]; then 134 echo "vendor folder is empty, please set 'vendorHash = null;' in your expression"

··· 2 3 { name ? "${args'.pname}-${args'.version}" 4 , src 5 + , nativeBuildInputs ? [ ] 6 + , passthru ? { } 7 + , patches ? [ ] 8 9 + # Go tags, passed to go via -tag 10 + , tags ? [ ] 11 12 + # A function to override the go-modules derivation 13 + , overrideModAttrs ? (_oldAttrs: { }) 14 15 + # path to go.mod and go.sum directory 16 , modRoot ? "./" 17 18 + # vendorHash is the SRI hash of the vendored dependencies 19 + # 20 + # if vendorHash is null, then we won't fetch any dependencies and 21 + # rely on the vendor folder within the source. 22 , vendorHash ? args'.vendorSha256 or (throw "buildGoModule: vendorHash is missing") 23 + # Whether to delete the vendor folder supplied with the source. 24 , deleteVendor ? false 25 + # Whether to fetch (go mod download) and proxy the vendor directory. 26 + # This is useful if your code depends on c code and go mod tidy does not 27 + # include the needed sources to build or if any dependency has case-insensitive 28 + # conflicts which will produce platform dependant `vendorHash` checksums. 29 , proxyVendor ? false 30 31 + # We want parallel builds by default 32 , enableParallelBuilding ? true 33 34 + # Do not enable this without good reason 35 + # IE: programs coupled with the compiler 36 , allowGoReference ? false 37 38 , CGO_ENABLED ? go.CGO_ENABLED 39 40 + , meta ? { } 41 42 + # Not needed with buildGoModule 43 , goPackagePath ? "" 44 45 + # needed for buildFlags{,Array} warning 46 , buildFlags ? "" 47 , buildFlagsArray ? "" 48 49 + , ... 50 + }@args': 51 52 assert goPackagePath != "" -> throw "`goPackagePath` is not needed with `buildGoModule`"; 53 assert (args' ? vendorHash && args' ? vendorSha256) -> throw "both `vendorHash` and `vendorSha256` set. only one can be set."; ··· 56 args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ]; 57 58 go-modules = if (vendorHash == null) then "" else 59 + (stdenv.mkDerivation { 0 60 name = "${name}-go-modules"; 61 62 + nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ go git cacert ]; 63 64 inherit (args) src; 65 inherit (go) GOOS GOARCH; ··· 69 # out in the wild. In anycase, it's documented in: 70 # doc/languages-frameworks/go.section.md 71 prePatch = args.prePatch or ""; 72 + patches = args.patches or [ ]; 73 + patchFlags = args.patchFlags or [ ]; 74 postPatch = args.postPatch or ""; 75 preBuild = args.preBuild or ""; 76 postBuild = args.modPostBuild or ""; ··· 79 GO111MODULE = "on"; 80 81 impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ 82 + "GIT_PROXY_COMMAND" 83 + "SOCKS_SERVER" 84 + "GOPROXY" 85 ]; 86 87 configurePhase = args.modConfigurePhase or '' ··· 107 exit 10 108 fi 109 110 + ${if proxyVendor then '' 111 + mkdir -p "''${GOPATH}/pkg/mod/cache/download" 112 + go mod download 113 + '' else '' 114 + if (( "''${NIX_DEBUG:-0}" >= 1 )); then 115 + goModVendorFlags+=(-v) 116 + fi 117 + go mod vendor "''${goModVendorFlags[@]}" 118 + ''} 119 120 mkdir -p vendor 121 ··· 125 installPhase = args.modInstallPhase or '' 126 runHook preInstall 127 128 + ${if proxyVendor then '' 129 + rm -rf "''${GOPATH}/pkg/mod/cache/download/sumdb" 130 + cp -r --reflink=auto "''${GOPATH}/pkg/mod/cache/download" $out 131 + '' else '' 132 + cp -r --reflink=auto vendor $out 133 + ''} 134 135 if ! [ "$(ls -A $out)" ]; then 136 echo "vendor folder is empty, please set 'vendorHash = null;' in your expression"

+2 -2

pkgs/development/guile-modules/guile-opengl/default.nix

··· 7 8 stdenv.mkDerivation rec { 9 pname = "guile-opengl"; 10 - version = "0.1.0"; 11 12 src = fetchurl { 13 url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz"; 14 - hash = "sha256-NdK5UwUszX5B0kKbynG8oD2PCKIGpZ1x91ktBDvpDo8="; 15 }; 16 17 nativeBuildInputs = [

··· 7 8 stdenv.mkDerivation rec { 9 pname = "guile-opengl"; 10 + version = "0.2.0"; 11 12 src = fetchurl { 13 url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz"; 14 + hash = "sha256-uPCH7CiCPQmfuELDupQQS7BPqecIFmSHpHGYnhwXbGU="; 15 }; 16 17 nativeBuildInputs = [

+2 -2

pkgs/development/libraries/httplib/default.nix

··· 7 8 stdenv.mkDerivation rec { 9 pname = "httplib"; 10 - version = "0.12.3"; 11 12 src = fetchFromGitHub { 13 owner = "yhirose"; 14 repo = "cpp-httplib"; 15 rev = "v${version}"; 16 - hash = "sha256-QHsa+Lmw9XTnwfyyY8b5I5PC8DFEIzwPvIdCwJWQz+I="; 17 }; 18 19 nativeBuildInputs = [ cmake ];

··· 7 8 stdenv.mkDerivation rec { 9 pname = "httplib"; 10 + version = "0.12.4"; 11 12 src = fetchFromGitHub { 13 owner = "yhirose"; 14 repo = "cpp-httplib"; 15 rev = "v${version}"; 16 + hash = "sha256-tofgBLjVOuHgQW1iwOJER3VTj4L/uG0cBbaoXaKBWE0="; 17 }; 18 19 nativeBuildInputs = [ cmake ];

+3

pkgs/development/libraries/lmdb/default.nix

··· 46 Cflags: -I$dev/include 47 Libs: -L$out/lib -llmdb 48 EOF 0 0 0 49 ''; 50 51 meta = with lib; {

··· 46 Cflags: -I$dev/include 47 Libs: -L$out/lib -llmdb 48 EOF 49 + 50 + # Expected by Rust libraries. 51 + ln -s lmdb.pc "$dev/lib/pkgconfig/liblmdb.pc" 52 ''; 53 54 meta = with lib; {

+2 -2

pkgs/development/libraries/pdal/default.nix

··· 22 23 stdenv.mkDerivation rec { 24 pname = "pdal"; 25 - version = "2.4.3"; 26 27 src = fetchFromGitHub { 28 owner = "PDAL"; 29 repo = "PDAL"; 30 rev = version; 31 - sha256 = "sha256-9TQlhuGSTnHsTlJos9Hwnyl1CxI0tXLZdqsaGdp6WIE="; 32 }; 33 34 nativeBuildInputs = [

··· 22 23 stdenv.mkDerivation rec { 24 pname = "pdal"; 25 + version = "2.5.4"; 26 27 src = fetchFromGitHub { 28 owner = "PDAL"; 29 repo = "PDAL"; 30 rev = version; 31 + sha256 = "sha256-WP74YMKYJ0VqsPkOzSfuFhSKM/aY5ynVVmDTP6/DmgA="; 32 }; 33 34 nativeBuildInputs = [

+2 -2

pkgs/development/libraries/science/chemistry/plumed/default.nix

··· 8 9 stdenv.mkDerivation rec { 10 pname = "plumed"; 11 - version = "2.8.2"; 12 13 src = fetchFromGitHub { 14 owner = "plumed"; 15 repo = "plumed2"; 16 rev = "v${version}"; 17 - hash = "sha256-ugYhJq8KFjT8rkAOX/yZ9IlEklXCwRxKH49REd2QN9E="; 18 }; 19 20 postPatch = ''

··· 8 9 stdenv.mkDerivation rec { 10 pname = "plumed"; 11 + version = "2.9.0"; 12 13 src = fetchFromGitHub { 14 owner = "plumed"; 15 repo = "plumed2"; 16 rev = "v${version}"; 17 + hash = "sha256-yL+59f908IhbxGIylI1ydi1BPZwAapjK/vP4/h5gcHk="; 18 }; 19 20 postPatch = ''

+20 -6

pkgs/development/python-modules/azure-containerregistry/default.nix

··· 1 - { lib, buildPythonPackage, fetchPypi, pythonOlder 0 0 0 2 , azure-core 3 , msrest 4 , msrestazure 0 5 }: 6 7 buildPythonPackage rec { 8 pname = "azure-containerregistry"; 9 - version = "1.0.0"; 10 - disabled = pythonOlder "3.6"; 0 0 11 12 src = fetchPypi { 13 inherit pname version; 14 - hash = "sha256-DIZCHZM5aeKtmJrgwAk5J26ltaxNxKUn3rR+FbmuyZc="; 15 extension = "zip"; 16 }; 17 18 - propagatedBuildInputs = [ azure-core msrest msrestazure ]; 0 0 0 0 0 19 20 # tests require azure-devtools which are not published (since 2020) 21 # https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/containerregistry/azure-containerregistry/dev_requirements.txt 22 doCheck = false; 23 24 - pythonImportsCheck = [ "azure.core" "azure.containerregistry" ]; 0 0 0 25 26 meta = with lib; { 27 description = "Microsoft Azure Container Registry client library for Python";

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , pythonOlder 5 , azure-core 6 , msrest 7 , msrestazure 8 + , isodate 9 }: 10 11 buildPythonPackage rec { 12 pname = "azure-containerregistry"; 13 + version = "1.1.0"; 14 + format = "setuptools"; 15 + 16 + disabled = pythonOlder "3.7"; 17 18 src = fetchPypi { 19 inherit pname version; 20 + hash = "sha256-6IU+fzMIL8HJv4rCrWlcJSuYre6cdBa7BjS9KrIbIRU="; 21 extension = "zip"; 22 }; 23 24 + propagatedBuildInputs = [ 25 + azure-core 26 + msrest 27 + msrestazure 28 + isodate 29 + ]; 30 31 # tests require azure-devtools which are not published (since 2020) 32 # https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/containerregistry/azure-containerregistry/dev_requirements.txt 33 doCheck = false; 34 35 + pythonImportsCheck = [ 36 + "azure.core" 37 + "azure.containerregistry" 38 + ]; 39 40 meta = with lib; { 41 description = "Microsoft Azure Container Registry client library for Python";

+3 -3

pkgs/development/python-modules/django-rest-registration/default.nix

··· 10 11 buildPythonPackage rec { 12 pname = "django-rest-registration"; 13 - version = "0.7.3"; 14 format = "setuptools"; 15 16 disabled = pythonOlder "3.7"; ··· 18 src = fetchFromGitHub { 19 owner = "apragacz"; 20 repo = pname; 21 - rev = "refs/tags/${version}"; 22 - hash = "sha256-JoIeVjl5s60ilq9kU28Jo+GaYRKU61hoqy1GzYmMdZQ="; 23 }; 24 25 propagatedBuildInputs = [

··· 10 11 buildPythonPackage rec { 12 pname = "django-rest-registration"; 13 + version = "0.8.2"; 14 format = "setuptools"; 15 16 disabled = pythonOlder "3.7"; ··· 18 src = fetchFromGitHub { 19 owner = "apragacz"; 20 repo = pname; 21 + rev = "refs/tags/v${version}"; 22 + hash = "sha256-kGZ88Z5nV3HChImmPurHoewobsjotZQ4q9RngBYGe5g="; 23 }; 24 25 propagatedBuildInputs = [

+12

pkgs/development/python-modules/glean-sdk/default.nix

··· 6 , fetchPypi 7 , glean-parser 8 , iso8601 0 0 9 , pytest-localserver 10 , pytestCheckHook 0 11 , pythonOlder 12 , rustc 13 , rustPlatform ··· 34 35 nativeBuildInputs = [ 36 cargo 0 37 rustc 38 rustPlatform.cargoSetupHook 39 setuptools-rust 40 ]; 41 0 0 0 0 42 propagatedBuildInputs = [ 43 cffi 44 glean-parser ··· 56 "test_client_activity_api" 57 "test_flipping_upload_enabled_respects_order_of_events" 58 ]; 0 0 0 0 59 60 pythonImportsCheck = [ 61 "glean"

··· 6 , fetchPypi 7 , glean-parser 8 , iso8601 9 + , lmdb 10 + , pkg-config 11 , pytest-localserver 12 , pytestCheckHook 13 + , python 14 , pythonOlder 15 , rustc 16 , rustPlatform ··· 37 38 nativeBuildInputs = [ 39 cargo 40 + pkg-config 41 rustc 42 rustPlatform.cargoSetupHook 43 setuptools-rust 44 ]; 45 46 + buildInputs = [ 47 + lmdb 48 + ]; 49 + 50 propagatedBuildInputs = [ 51 cffi 52 glean-parser ··· 64 "test_client_activity_api" 65 "test_flipping_upload_enabled_respects_order_of_events" 66 ]; 67 + 68 + postInstallCheck = lib.optionalString (stdenv.hostPlatform.parsed.kernel.execFormat == lib.systems.parse.execFormats.elf) '' 69 + readelf -a $out/${python.sitePackages}/glean/libglean_ffi.so | grep -F 'Shared library: [liblmdb.so' 70 + ''; 71 72 pythonImportsCheck = [ 73 "glean"

+2 -2

pkgs/development/tools/clj-kondo/default.nix

··· 2 3 buildGraalvmNativeImage rec { 4 pname = "clj-kondo"; 5 - version = "2023.05.18"; 6 7 src = fetchurl { 8 url = "https://github.com/clj-kondo/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar"; 9 - sha256 = "sha256-ZWGP8P/RJ5vBm6ijAcAlqDwlICrGFa+uieLG49JMkFI="; 10 }; 11 12 extraNativeImageBuildArgs = [

··· 2 3 buildGraalvmNativeImage rec { 4 pname = "clj-kondo"; 5 + version = "2023.05.26"; 6 7 src = fetchurl { 8 url = "https://github.com/clj-kondo/${pname}/releases/download/v${version}/${pname}-${version}-standalone.jar"; 9 + sha256 = "sha256-YnieYpRTBTnV3/jjcy1m469qH4m8uTeAVt3SG55r2/0="; 10 }; 11 12 extraNativeImageBuildArgs = [

+3 -3

pkgs/development/tools/continuous-integration/buildkite-agent/default.nix

··· 3 nixosTests }: 4 buildGoModule rec { 5 pname = "buildkite-agent"; 6 - version = "3.46.1"; 7 8 src = fetchFromGitHub { 9 owner = "buildkite"; 10 repo = "agent"; 11 rev = "v${version}"; 12 - sha256 = "sha256-IhTzN0L5wKXmo2GkuSy6mQyqyUjh97Dugd6SQ0c2ng8="; 13 }; 14 15 - vendorHash = "sha256-54v3P4uqU7A77yizjWAIzlvpjUaG8HHmH3j9p8d+LQc="; 16 17 postPatch = '' 18 substituteInPlace bootstrap/shell/shell.go --replace /bin/bash ${bash}/bin/bash

··· 3 nixosTests }: 4 buildGoModule rec { 5 pname = "buildkite-agent"; 6 + version = "3.47.0"; 7 8 src = fetchFromGitHub { 9 owner = "buildkite"; 10 repo = "agent"; 11 rev = "v${version}"; 12 + sha256 = "sha256-Hj1KaRgH4LOacLwHKoJfIKJ5ueNEgqWVEZrIvMl+bf4="; 13 }; 14 15 + vendorHash = "sha256-2yVykKfjNAlo4jUpcsUnpVaQoBLZF7xbzYQxOZqNiTQ="; 16 17 postPatch = '' 18 substituteInPlace bootstrap/shell/shell.go --replace /bin/bash ${bash}/bin/bash

+3 -3

pkgs/development/tools/continuous-integration/dagger/default.nix

··· 2 3 buildGoModule rec { 4 pname = "dagger"; 5 - version = "0.5.3"; 6 7 src = fetchFromGitHub { 8 owner = "dagger"; 9 repo = "dagger"; 10 rev = "v${version}"; 11 - hash = "sha256-yMegSRO9wkpw2o429mLoDmUmysXmR93MULHjtc/V/cQ="; 12 }; 13 14 - vendorHash = "sha256-LuCbo7T0lXoQUBfSeCGw3SLydA2iM7dv7pYCterapHU="; 15 proxyVendor = true; 16 17 subPackages = [

··· 2 3 buildGoModule rec { 4 pname = "dagger"; 5 + version = "0.6.0"; 6 7 src = fetchFromGitHub { 8 owner = "dagger"; 9 repo = "dagger"; 10 rev = "v${version}"; 11 + hash = "sha256-NFQ1VPgY3WDwMsOi0wZ/b7sV/Ckv/WCeegSyLCnOPJM="; 12 }; 13 14 + vendorHash = "sha256-KniHuJWkwZEzFcdtZUaYEoqcvmotbO+yuEB5L3Q3FGI="; 15 proxyVendor = true; 16 17 subPackages = [

+2 -2

pkgs/development/tools/database/clickhouse-backup/default.nix

··· 7 8 buildGoModule rec { 9 pname = "clickhouse-backup"; 10 - version = "2.2.6"; 11 12 src = fetchFromGitHub { 13 owner = "AlexAkulov"; 14 repo = pname; 15 rev = "v${version}"; 16 - sha256 = "sha256-oFGaNxK8cVrs+rkmJR9wSYB4+i3B8BGYhsuHbUTK3es="; 17 }; 18 19 vendorHash = "sha256-UY/8fWPoO3d0g1/CN215Q4z744S2cCT7fB4ctpridAI=";

··· 7 8 buildGoModule rec { 9 pname = "clickhouse-backup"; 10 + version = "2.2.7"; 11 12 src = fetchFromGitHub { 13 owner = "AlexAkulov"; 14 repo = pname; 15 rev = "v${version}"; 16 + sha256 = "sha256-r84mbjkS3qdTNeM4t1S4YRJdKa6qNUzZVI0NOBM2MPI="; 17 }; 18 19 vendorHash = "sha256-UY/8fWPoO3d0g1/CN215Q4z744S2cCT7fB4ctpridAI=";

+2 -2

pkgs/development/tools/parsing/re-flex/default.nix

··· 9 10 stdenv.mkDerivation rec { 11 pname = "re-flex"; 12 - version = "3.3.2"; 13 14 src = fetchFromGitHub { 15 owner = "Genivia"; 16 repo = "RE-flex"; 17 rev = "v${version}"; 18 - sha256 = "sha256-nThI0o9m2AM8LTew3TX/lz80kxGoq87geaYw/VokIVk="; 19 }; 20 21 nativeBuildInputs = [ boost autoconf automake ];

··· 9 10 stdenv.mkDerivation rec { 11 pname = "re-flex"; 12 + version = "3.3.3"; 13 14 src = fetchFromGitHub { 15 owner = "Genivia"; 16 repo = "RE-flex"; 17 rev = "v${version}"; 18 + sha256 = "sha256-pfCszi75TAo9ibpuWlfIDm5OO7Eo6joNPIer4JoDJRw="; 19 }; 20 21 nativeBuildInputs = [ boost autoconf automake ];

+3 -3

pkgs/development/tools/pqrs/default.nix

··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "pqrs"; 5 - version = "0.2.2"; 6 7 src = fetchFromGitHub { 8 owner = "manojkarthick"; 9 repo = "pqrs"; 10 rev = "v${version}"; 11 - sha256 = "sha256-fqxPQUcd8DG+UYJRWLDJ9RpRkCWutEXjc6J+w1qv8PQ="; 12 }; 13 14 - cargoSha256 = "sha256-/nfVu8eiQ8JAAUplSyA4eCQqZPCSrcxFzdc2gV95a2w="; 15 16 meta = with lib; { 17 description = "CLI tool to inspect Parquet files";

··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "pqrs"; 5 + version = "0.3.1"; 6 7 src = fetchFromGitHub { 8 owner = "manojkarthick"; 9 repo = "pqrs"; 10 rev = "v${version}"; 11 + sha256 = "sha256-t6Y6gpMEpccCoyhG66FZEKHVNCbHblaqYZY1iJUZVUA="; 12 }; 13 14 + cargoHash = "sha256-fnoYVWpBn5Dil2o+u2MKQqd8dEKFE2i29Qz7cJae+gE="; 15 16 meta = with lib; { 17 description = "CLI tool to inspect Parquet files";

+3 -3

pkgs/development/tools/rust/rust-analyzer/default.nix

··· 13 14 rustPlatform.buildRustPackage rec { 15 pname = "rust-analyzer-unwrapped"; 16 - version = "2023-05-22"; 17 - cargoSha256 = "sha256-44UNNHOegP2Q1THPnEa37etedwstQbnB2Gr3dF39ZXU="; 18 19 src = fetchFromGitHub { 20 owner = "rust-lang"; 21 repo = "rust-analyzer"; 22 rev = version; 23 - sha256 = "sha256-xDUpgRcACQQREemfVQnft6AImqF2+dbxmHupw6gzSho="; 24 }; 25 26 cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];

··· 13 14 rustPlatform.buildRustPackage rec { 15 pname = "rust-analyzer-unwrapped"; 16 + version = "2023-05-29"; 17 + cargoSha256 = "sha256-Qsr+cpggftYR9JL1y3ZgmuNSNsyBeQVVr+pt3R9/gm8="; 18 19 src = fetchFromGitHub { 20 owner = "rust-lang"; 21 repo = "rust-analyzer"; 22 rev = version; 23 + sha256 = "sha256-8fOFw6B9lDUt4slKAGHj6Bipi5or7nNQvOB9vvN2R9U="; 24 }; 25 26 cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];

+3 -3

pkgs/development/tools/supabase-cli/default.nix

··· 9 10 buildGoModule rec { 11 pname = "supabase-cli"; 12 - version = "1.64.2"; 13 14 src = fetchFromGitHub { 15 owner = "supabase"; 16 repo = "cli"; 17 rev = "v${version}"; 18 - sha256 = "sha256-xqH4twh65nOcB+IqqYjGRdbCYC7MZjAVKeIJARGTG3U="; 19 }; 20 21 - vendorSha256 = "sha256-sQ4lJKQaSUWlet3dEnD8bKLYtkEtdnLuGHVfqCTdFyg="; 22 23 ldflags = [ 24 "-s"

··· 9 10 buildGoModule rec { 11 pname = "supabase-cli"; 12 + version = "1.64.8"; 13 14 src = fetchFromGitHub { 15 owner = "supabase"; 16 repo = "cli"; 17 rev = "v${version}"; 18 + sha256 = "sha256-ueOOEiJ6NWwBaSarXWiAZLnNZg/1RM9Tej602selbC8="; 19 }; 20 21 + vendorSha256 = "sha256-dNK8ZqV6Cr88BsGWQEU8uAzi+eOQh0IhKpKmjUbrViA="; 22 23 ldflags = [ 24 "-s"

+3 -3

pkgs/games/ddnet/default.nix

··· 34 35 stdenv.mkDerivation rec { 36 pname = "ddnet"; 37 - version = "17.0"; 38 39 src = fetchFromGitHub { 40 owner = "ddnet"; 41 repo = pname; 42 rev = version; 43 - hash = "sha256-boFXzARVG2At92j9gSavteAQ8qTjgJ91hIefVr/e6og="; 44 }; 45 46 cargoDeps = rustPlatform.fetchCargoTarball { 47 name = "${pname}-${version}"; 48 inherit src; 49 - hash = "sha256-3itblnHlY1L8g/EGCi1BIWGD6INOpnvLCwJ7zL7KV4w="; 50 }; 51 52 nativeBuildInputs = [

··· 34 35 stdenv.mkDerivation rec { 36 pname = "ddnet"; 37 + version = "17.0.2"; 38 39 src = fetchFromGitHub { 40 owner = "ddnet"; 41 repo = pname; 42 rev = version; 43 + hash = "sha256-+k+QiRSFvaGhifN/SKf6bKtooRbnArV2M9o64X5GckE="; 44 }; 45 46 cargoDeps = rustPlatform.fetchCargoTarball { 47 name = "${pname}-${version}"; 48 inherit src; 49 + hash = "sha256-kbVHeavCIrLq9ImA2Z7H2O0NXNPjA+3qiba5LoADyG0="; 50 }; 51 52 nativeBuildInputs = [

+2 -2

pkgs/games/theforceengine/default.nix

··· 13 14 stdenv.mkDerivation rec { 15 pname = "theforceengine"; 16 - version = "1.09.100"; 17 18 src = fetchFromGitHub { 19 owner = "luciusDXL"; 20 repo = "TheForceEngine"; 21 rev = "v${version}"; 22 - sha256 = "sha256-nw9yp/StaSi5thafVT1V5YA2ZCYGWNoHUvQTpK90Foc="; 23 }; 24 25 nativeBuildInputs = [

··· 13 14 stdenv.mkDerivation rec { 15 pname = "theforceengine"; 16 + version = "1.09.200"; 17 18 src = fetchFromGitHub { 19 owner = "luciusDXL"; 20 repo = "TheForceEngine"; 21 rev = "v${version}"; 22 + sha256 = "sha256-r3fNhiPl6fjrIbdLoNIyTETw3lpPZCQYlTA2QJgiDgw="; 23 }; 24 25 nativeBuildInputs = [

+5

pkgs/misc/jackaudio/default.nix

··· 66 wrapProgram $out/bin/jack_control --set PYTHONPATH $PYTHONPATH 67 ''); 68 0 0 0 0 0 69 passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; 70 71 meta = with lib; {

··· 66 wrapProgram $out/bin/jack_control --set PYTHONPATH $PYTHONPATH 67 ''); 68 69 + postFixup = '' 70 + substituteInPlace "$dev/lib/pkgconfig/jack.pc" \ 71 + --replace "$out/include" "$dev/include" 72 + ''; 73 + 74 passthru.tests.pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; 75 76 meta = with lib; {

+2 -2

pkgs/os-specific/linux/kernel/xanmod-kernels.nix

··· 3 let 4 # These names are how they are designated in https://xanmod.org. 5 ltsVariant = { 6 - version = "6.1.29"; 7 - hash = "sha256-/AaI/cOORkegxjKcrZ941U2oazf3FzLlUv5Y2CXrpb0="; 8 variant = "lts"; 9 }; 10

··· 3 let 4 # These names are how they are designated in https://xanmod.org. 5 ltsVariant = { 6 + version = "6.1.30"; 7 + hash = "sha256-F5N0PkjVBSpidP08SdBtOx5n+97RUqN32bwyQ6y+CYY="; 8 variant = "lts"; 9 }; 10

+3 -3

pkgs/servers/http/router/default.nix

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "router"; 12 - version = "1.18.1"; 13 14 src = fetchFromGitHub { 15 owner = "apollographql"; 16 repo = pname; 17 rev = "v${version}"; 18 - sha256 = "sha256-g5QDKYdXwZuVZZLpT0qA/Mp0kR9cZaGKa0VqLX6gyec="; 19 }; 20 21 - cargoHash = "sha256-n7FV2Gu0ZoJo2TPPBwzcM0ztEZzwPckqQHdjuUv03to="; 22 23 nativeBuildInputs = [ 24 pkg-config

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "router"; 12 + version = "1.19.0"; 13 14 src = fetchFromGitHub { 15 owner = "apollographql"; 16 repo = pname; 17 rev = "v${version}"; 18 + sha256 = "sha256-IuS7NmlTNmHHnnSZ+YIbV6BnxJW2xprOQ5mkz5FuJEQ="; 19 }; 20 21 + cargoHash = "sha256-yeb+4lgRDssjkEx6bYfGIbn4DJGpZZ/JDmuwFjQ+U+8="; 22 23 nativeBuildInputs = [ 24 pkg-config

+3 -3

pkgs/servers/http/webhook/default.nix

··· 6 7 buildGoModule rec { 8 pname = "webhook"; 9 - version = "2.8.0"; 10 11 src = fetchFromGitHub { 12 owner = "adnanh"; 13 repo = "webhook"; 14 rev = version; 15 - sha256 = "0n03xkgwpzans0cymmzb0iiks8mi2c76xxdak780dk0jbv6qgp5i"; 16 }; 17 18 - vendorSha256 = null; 19 20 subPackages = [ "." ]; 21

··· 6 7 buildGoModule rec { 8 pname = "webhook"; 9 + version = "2.8.1"; 10 11 src = fetchFromGitHub { 12 owner = "adnanh"; 13 repo = "webhook"; 14 rev = version; 15 + sha256 = "sha256-8OpVpm9nEroUlr41VgnyM6sxd/FlSvoQK5COOWvo4Y4="; 16 }; 17 18 + vendorHash = null; 19 20 subPackages = [ "." ]; 21

+3 -3

pkgs/servers/invidious/versions.json

··· 4 "sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A=" 5 }, 6 "invidious": { 7 - "rev": "10fee9da618db8ffe6a3952d547d4e85d144877e", 8 - "sha256": "sha256-ZMPOsdyTtmxv/GJvLU9aPpXmLSsLqpKXaG5/u1166rw=", 9 - "version": "unstable-2023-05-08" 10 }, 11 "lsquic": { 12 "sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",

··· 4 "sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A=" 5 }, 6 "invidious": { 7 + "rev": "381a0e326d413daba1418bfca820bbfe2b7829a3", 8 + "sha256": "sha256-WKEp7PotbdY0Vkdc8cHYsa4XmAO1dsz72ibEgxs2r7o=", 9 + "version": "unstable-2023-05-25" 10 }, 11 "lsquic": { 12 "sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",

+3 -3

pkgs/servers/krill/default.nix

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "krill"; 12 - version = "0.12.3"; 13 14 src = fetchFromGitHub { 15 owner = "NLnetLabs"; 16 repo = pname; 17 rev = "v${version}"; 18 - hash = "sha256-N12Uc2Dh0JFCEOzFvU5YzPeupcaOetW6ehRuAYOYJn0="; 19 }; 20 21 - cargoHash = "sha256-pcoGFXano34Sc+iVqJfrUo+wWASpAA1gslCHfVcEoJ4="; 22 23 buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin Security; 24 nativeBuildInputs = [ pkg-config ];

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "krill"; 12 + version = "0.13.0"; 13 14 src = fetchFromGitHub { 15 owner = "NLnetLabs"; 16 repo = pname; 17 rev = "v${version}"; 18 + hash = "sha256-Vyz2PpsCcmr3EJRe9IOY3rpwEzHfG1IelXsy2qzjSJA="; 19 }; 20 21 + cargoHash = "sha256-X4PvoN2KszMYmQjErZQPUCr8WAIt8S+S1QeMlYyv8NU="; 22 23 buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin Security; 24 nativeBuildInputs = [ pkg-config ];

+3 -3

pkgs/servers/maddy/default.nix

··· 2 3 buildGoModule rec { 4 pname = "maddy"; 5 - version = "0.6.3"; 6 7 src = fetchFromGitHub { 8 owner = "foxcpp"; 9 repo = "maddy"; 10 rev = "v${version}"; 11 - sha256 = "sha256-vf+jkXerdwvQhtyiOObBRxh8sYMEcgXC5vNzm5wquBs="; 12 }; 13 14 - vendorSha256 = "sha256-10cLNl9jWYX8XIKQkCxJ+/ymZC1YJRHUJWZQhq7zeV4="; 15 16 tags = [ "libpam" ]; 17

··· 2 3 buildGoModule rec { 4 pname = "maddy"; 5 + version = "0.7.0"; 6 7 src = fetchFromGitHub { 8 owner = "foxcpp"; 9 repo = "maddy"; 10 rev = "v${version}"; 11 + sha256 = "sha256-EMw07yTFP0aBSuGDWivB8amuxWLFHhYV6J9faTEW5z4="; 12 }; 13 14 + vendorSha256 = "sha256-LyfkETZPkhJKN8CEivNp7Se4IBpzyAtmCM1xil4n2po="; 15 16 tags = [ "libpam" ]; 17

+2 -2

pkgs/servers/memcached/default.nix

··· 1 {lib, stdenv, fetchurl, cyrus_sasl, libevent, nixosTests }: 2 3 stdenv.mkDerivation rec { 4 - version = "1.6.19"; 5 pname = "memcached"; 6 7 src = fetchurl { 8 url = "https://memcached.org/files/${pname}-${version}.tar.gz"; 9 - sha256 = "sha256-L9SLBHFGOYsHOliOl5F9m8kIzlGXhYDY4L7aoSO0xw0="; 10 }; 11 12 configureFlags = [

··· 1 {lib, stdenv, fetchurl, cyrus_sasl, libevent, nixosTests }: 2 3 stdenv.mkDerivation rec { 4 + version = "1.6.20"; 5 pname = "memcached"; 6 7 src = fetchurl { 8 url = "https://memcached.org/files/${pname}-${version}.tar.gz"; 9 + sha256 = "sha256-j2BPjjoXVjfcHwad5vonORFoUMn4Hjdk8vrJo7J74wc="; 10 }; 11 12 configureFlags = [

+3 -3

pkgs/servers/monitoring/prometheus/node-exporter.nix

··· 5 6 buildGoModule rec { 7 pname = "node_exporter"; 8 - version = "1.5.0"; 9 rev = "v${version}"; 10 11 src = fetchFromGitHub { 12 inherit rev; 13 owner = "prometheus"; 14 repo = "node_exporter"; 15 - sha256 = "sha256-jzgf7XVqtqHf5Uqkcr/0epC0R0fw7l7acr+F8jZ6M68="; 16 }; 17 18 - vendorSha256 = "sha256-k4Wolrp/mebwA6ZLftCNVFOdHoXHcJZI9JWrhBxX5Pk="; 19 20 # FIXME: tests fail due to read-only nix store 21 doCheck = false;

··· 5 6 buildGoModule rec { 7 pname = "node_exporter"; 8 + version = "1.6.0"; 9 rev = "v${version}"; 10 11 src = fetchFromGitHub { 12 inherit rev; 13 owner = "prometheus"; 14 repo = "node_exporter"; 15 + sha256 = "sha256-Aw1tdaiyr3wv3Ti3CFn2T80WRjEZaACwotKKJGY9I6Y="; 16 }; 17 18 + vendorHash = "sha256-hn2cMKhLl5qsm4sZErs6PXTs8yajowxw9a9vtHe5cAk="; 19 20 # FIXME: tests fail due to read-only nix store 21 doCheck = false;

+3 -3

pkgs/servers/monitoring/prometheus/prom2json.nix

··· 2 3 buildGoModule rec { 4 pname = "prom2json"; 5 - version = "1.3.2"; 6 7 src = fetchFromGitHub { 8 rev = "v${version}"; 9 owner = "prometheus"; 10 repo = "prom2json"; 11 - sha256 = "sha256-5RPpgUEFLecu0qRg7KSNLwdUEiXeebrGdP/udCtq4z0="; 12 }; 13 14 - vendorSha256 = "sha256-fPGkqrnl21as1xiT279qPzkz01tDNOSMcsm/DSNHDU0="; 15 16 meta = with lib; { 17 description = "Tool to scrape a Prometheus client and dump the result as JSON";

··· 2 3 buildGoModule rec { 4 pname = "prom2json"; 5 + version = "1.3.3"; 6 7 src = fetchFromGitHub { 8 rev = "v${version}"; 9 owner = "prometheus"; 10 repo = "prom2json"; 11 + sha256 = "sha256-VwJv2Y+YrlhLRx0lRPtHTzjvSz7GPfADCZibkQU6S1Y="; 12 }; 13 14 + vendorHash = "sha256-m9f3tCX21CMdcXcUcLFOxgs9oDR2Uaj5u22eJPDmpeE="; 15 16 meta = with lib; { 17 description = "Tool to scrape a Prometheus client and dump the result as JSON";

+3 -3

pkgs/servers/monitoring/prometheus/pushgateway.nix

··· 2 3 buildGoModule rec { 4 pname = "pushgateway"; 5 - version = "1.5.1"; 6 7 src = fetchFromGitHub { 8 owner = "prometheus"; 9 repo = "pushgateway"; 10 rev = "v${version}"; 11 - sha256 = "sha256-UnkSv0ZGNFqEQX+QeCySN5XeGbM2hCJGgWxry5I+3tg="; 12 }; 13 14 - vendorSha256 = "sha256-wEKk7Jrf14oJzP6MSRJidOUUgAbPFoBOmqPrXJg86FI="; 15 16 ldflags = [ 17 "-s"

··· 2 3 buildGoModule rec { 4 pname = "pushgateway"; 5 + version = "1.6.0"; 6 7 src = fetchFromGitHub { 8 owner = "prometheus"; 9 repo = "pushgateway"; 10 rev = "v${version}"; 11 + sha256 = "sha256-sJ4TTyo+A3CEUcTJv3LlUU60pc/a/PgB0Mk6R5wpTgM="; 12 }; 13 14 + vendorHash = "sha256-oDvFp7FYam/hsiEesfTuNgXciH4JAUKkMiECn4FPqmE="; 15 16 ldflags = [ 17 "-s"

+2 -9

pkgs/servers/pleroma/default.nix

··· 8 9 beamPackages.mixRelease rec { 10 pname = "pleroma"; 11 - version = "2.5.1"; 12 13 src = fetchFromGitLab { 14 domain = "git.pleroma.social"; 15 owner = "pleroma"; 16 repo = "pleroma"; 17 rev = "v${version}"; 18 - sha256 = "sha256-3iG2s7jVEnhq1kLLgtaHnFmLYBO2Xr5M5jjZfSNA9z4="; 19 }; 20 21 mixNixDeps = import ./mix.nix { ··· 159 mkdir config 160 cp ${cfgFile} config/config.exs 161 ''; 162 - }; 163 - 164 - crypt = let 165 - version = prev.crypt.version; 166 - in prev.crypt.override { 167 - buildInputs = [ libxcrypt-legacy ]; 168 - postInstall = "mv $out/lib/erlang/lib/crypt-${version}/priv/{hex-source-crypt-${version},crypt}.so"; 169 }; 170 }); 171 };

··· 8 9 beamPackages.mixRelease rec { 10 pname = "pleroma"; 11 + version = "2.5.2"; 12 13 src = fetchFromGitLab { 14 domain = "git.pleroma.social"; 15 owner = "pleroma"; 16 repo = "pleroma"; 17 rev = "v${version}"; 18 + sha256 = "sha256-5qxop/hJj1hIsEcK6vJnI2RnAcLf3tO43B0e0FcNZcA="; 19 }; 20 21 mixNixDeps = import ./mix.nix { ··· 159 mkdir config 160 cp ${cfgFile} config/config.exs 161 ''; 0 0 0 0 0 0 0 162 }; 163 }); 164 };

-13

pkgs/servers/pleroma/mix.nix

··· 281 beamDeps = [ ecto ]; 282 }; 283 284 - crypt = buildRebar3 rec { 285 - name = "crypt"; 286 - version = "1.0.1"; 287 - 288 - src = fetchHex { 289 - pkg = "${name}"; 290 - version = "${version}"; 291 - sha256 = "10ir7nsa0dkn5jr0w9x2m38jc73aym7llz2pnkwxk9f747izz3cn"; 292 - }; 293 - 294 - beamDeps = []; 295 - }; 296 - 297 custom_base = buildMix rec { 298 name = "custom_base"; 299 version = "0.2.1";

··· 281 beamDeps = [ ecto ]; 282 }; 283 0 0 0 0 0 0 0 0 0 0 0 0 0 284 custom_base = buildMix rec { 285 name = "custom_base"; 286 version = "0.2.1";

+18 -20

pkgs/shells/powershell/default.nix

··· 1 - { stdenv, lib, autoPatchelfHook, fetchzip, libunwind, libuuid, icu, curl 2 - , darwin, makeWrapper, less, openssl_1_1, pam, lttng-ust }: 3 4 let archString = if stdenv.isAarch64 then "arm64" 5 else if stdenv.isx86_64 then "x64" ··· 7 platformString = if stdenv.isDarwin then "osx" 8 else if stdenv.isLinux then "linux" 9 else throw "unsupported platform"; 10 - platformSha = if (stdenv.isDarwin && stdenv.isx86_64) then "sha256-JKB7Oy+3KWtVo1Aqmc7vZiO88FrF9+8N/tdGlvIQolM=" 11 - else if (stdenv.isDarwin && stdenv.isAarch64) then "sha256-9UwB1tT2VaW+favw/KWPziFMSRWcw7AqeeZvbaGOBqc=" 12 - else if (stdenv.isLinux && stdenv.isx86_64) then "sha256-kAcT9av4PFZfYqpS0XwKC0IiquUcVtN30Mq649PUnSM=" 13 - else if (stdenv.isLinux && stdenv.isAarch64) then "sha256-3Lm9WYVcfkEVfji/h52VqFy1Jo1AiSQ22JhEGiCPzzM=" 14 - else throw "unsupported platform"; 0 15 platformLdLibraryPath = if stdenv.isDarwin then "DYLD_FALLBACK_LIBRARY_PATH" 16 else if stdenv.isLinux then "LD_LIBRARY_PATH" 17 else throw "unsupported platform"; 18 - libraries = [ libunwind libuuid icu curl openssl_1_1 ] ++ 19 (if stdenv.isLinux then [ pam lttng-ust ] else [ darwin.Libsystem ]); 20 in 21 stdenv.mkDerivation rec { 22 pname = "powershell"; 23 - version = "7.3.2"; 24 25 - src = fetchzip { 26 url = "https://github.com/PowerShell/PowerShell/releases/download/v${version}/powershell-${version}-${platformString}-${archString}.tar.gz"; 27 - sha256 = platformSha; 28 - stripRoot = false; 29 }; 0 0 30 31 strictDeps = true; 32 buildInputs = [ less ] ++ libraries; ··· 41 mkdir -p $pslibs 42 43 cp -r * $pslibs 44 - 45 - rm -f $pslibs/libcrypto${ext}.1.0.0 46 - rm -f $pslibs/libssl${ext}.1.0.0 47 48 # At least the 7.1.4-osx package does not have the executable bit set. 49 chmod a+x $pslibs/pwsh 50 51 - ls $pslibs 52 - '' + lib.optionalString (!stdenv.isDarwin && !stdenv.isAarch64) '' 53 - patchelf --replace-needed libcrypto${ext}.1.0.0 libcrypto${ext}.1.1 $pslibs/libmi.so 54 - patchelf --replace-needed libssl${ext}.1.0.0 libssl${ext}.1.1 $pslibs/libmi.so 55 - '' + lib.optionalString (!stdenv.isDarwin) '' 56 patchelf --replace-needed liblttng-ust${ext}.0 liblttng-ust${ext}.1 $pslibs/libcoreclrtraceptprovider.so 57 '' + '' 58

··· 1 + { stdenv, lib, autoPatchelfHook, fetchurl, libunwind, libuuid, icu, curl 2 + , darwin, makeWrapper, less, openssl, pam, lttng-ust }: 3 4 let archString = if stdenv.isAarch64 then "arm64" 5 else if stdenv.isx86_64 then "x64" ··· 7 platformString = if stdenv.isDarwin then "osx" 8 else if stdenv.isLinux then "linux" 9 else throw "unsupported platform"; 10 + platformHash = { 11 + x86_64-darwin = "sha256-FX3OyVzwU+Ms2tgjpZ4dPdjeJx2H5541dQZAjhI3n1U="; 12 + aarch64-darwin = "sha256-Dg7FRF5inRnzP6tjDhIgHTJ1J2EQXnegqimZPK574WQ="; 13 + x86_64-linux = "sha256-6F1VROE6kk+LLEpdwtQ6vkbkZjP4no0TjTnAqurLmXY="; 14 + aarch64-linux = "sha256-NO4E2TOUIYyUFJmi3zKJzOyP0/rTPTZgJZcebVNkSfk="; 15 + }.${stdenv.hostPlatform.system} or (throw "unsupported platform"); 16 platformLdLibraryPath = if stdenv.isDarwin then "DYLD_FALLBACK_LIBRARY_PATH" 17 else if stdenv.isLinux then "LD_LIBRARY_PATH" 18 else throw "unsupported platform"; 19 + libraries = [ libunwind libuuid icu curl openssl ] ++ 20 (if stdenv.isLinux then [ pam lttng-ust ] else [ darwin.Libsystem ]); 21 in 22 stdenv.mkDerivation rec { 23 pname = "powershell"; 24 + version = "7.3.4"; 25 26 + src = fetchurl { 27 url = "https://github.com/PowerShell/PowerShell/releases/download/v${version}/powershell-${version}-${platformString}-${archString}.tar.gz"; 28 + hash = platformHash; 0 29 }; 30 + 31 + sourceRoot = "."; 32 33 strictDeps = true; 34 buildInputs = [ less ] ++ libraries; ··· 43 mkdir -p $pslibs 44 45 cp -r * $pslibs 0 0 0 46 47 # At least the 7.1.4-osx package does not have the executable bit set. 48 chmod a+x $pslibs/pwsh 49 50 + '' + lib.optionalString (stdenv.isLinux && stdenv.isx86_64) '' 51 + patchelf --replace-needed libcrypto${ext}.1.0.0 libcrypto${ext} $pslibs/libmi.so 52 + patchelf --replace-needed libssl${ext}.1.0.0 libssl${ext} $pslibs/libmi.so 53 + '' + lib.optionalString stdenv.isLinux '' 0 54 patchelf --replace-needed liblttng-ust${ext}.0 liblttng-ust${ext}.1 $pslibs/libcoreclrtraceptprovider.so 55 '' + '' 56

+3 -9

pkgs/shells/powershell/getHashes.sh

··· 1 #!/usr/bin/env nix-shell 2 - #!nix-shell -i bash -p bash wget coreutils gnutar nix 3 version=$1 4 5 if [[ -z $version ]] ··· 11 allOutput="" 12 13 dlDest=$(mktemp) 14 - exDest=$(mktemp -d) 15 16 - trap 'rm $dlDest; rm -r $exDest' EXIT 17 18 for plat in osx linux; do 19 for arch in x64 arm64; do ··· 21 URL="https://github.com/PowerShell/PowerShell/releases/download/v$version/powershell-$version-$plat-$arch.tar.gz" 22 wget $URL -O $dlDest >&2 23 24 - tar -xzf $dlDest -C $exDest >&2 25 - 26 - hash=$(nix hash path $exDest) 27 28 allOutput+=" 29 variant: $plat $arch 30 hash: $hash 31 " 32 - 33 - rm -r $exDest 34 - mkdir $exDest 35 36 done 37 done

··· 1 #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p bash wget coreutils nix 3 version=$1 4 5 if [[ -z $version ]] ··· 11 allOutput="" 12 13 dlDest=$(mktemp) 0 14 15 + trap 'rm $dlDest' EXIT 16 17 for plat in osx linux; do 18 for arch in x64 arm64; do ··· 20 URL="https://github.com/PowerShell/PowerShell/releases/download/v$version/powershell-$version-$plat-$arch.tar.gz" 21 wget $URL -O $dlDest >&2 22 23 + hash=$(nix hash file $dlDest) 0 0 24 25 allOutput+=" 26 variant: $plat $arch 27 hash: $hash 28 " 0 0 0 29 30 done 31 done

+5 -5

pkgs/shells/zsh/zinit/default.nix

··· 2 3 stdenvNoCC.mkDerivation rec { 4 pname = "zinit"; 5 - version = "3.7"; 6 src = fetchFromGitHub { 7 owner = "zdharma-continuum"; 8 repo = pname; 9 rev = "v${version}"; 10 - hash = "sha256-B+cTGz+U8MR22l6xXdRAAjDr+ulCk+CJ9GllFMK0axE="; 11 }; 12 # adapted from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=zsh-zplugin-git 13 dontBuild = true; ··· 20 21 # Zplugin's source files 22 install -dm0755 "$outdir" 23 - # Installing also backward compatibility layer 24 - install -m0644 z{plugin,init}{,-side,-install,-autoload}.zsh "$outdir" 25 - install -m0755 git-process-output.zsh "$outdir" 26 27 # Zplugin autocompletion 28 installShellCompletion --zsh _zinit

··· 2 3 stdenvNoCC.mkDerivation rec { 4 pname = "zinit"; 5 + version = "3.11.0"; 6 src = fetchFromGitHub { 7 owner = "zdharma-continuum"; 8 repo = pname; 9 rev = "v${version}"; 10 + hash = "sha256-Gps7s26qqEjQPDhhSJr9u5SuRNRJnmayKfw45Ygjcd8="; 11 }; 12 # adapted from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=zsh-zplugin-git 13 dontBuild = true; ··· 20 21 # Zplugin's source files 22 install -dm0755 "$outdir" 23 + # Installing backward compatibility layer 24 + install -m0644 zinit{,-side,-install,-autoload}.zsh "$outdir" 25 + install -m0755 share/git-process-output.zsh "$outdir" 26 27 # Zplugin autocompletion 28 installShellCompletion --zsh _zinit

+2 -2

pkgs/tools/admin/amazon-ecr-credential-helper/default.nix

··· 2 3 buildGoModule rec { 4 pname = "amazon-ecr-credential-helper"; 5 - version = "0.7.0"; 6 7 src = fetchFromGitHub { 8 owner = "awslabs"; 9 repo = "amazon-ecr-credential-helper"; 10 rev = "v${version}"; 11 - sha256 = "sha256-jkS3JAHgIci/5HrcM6a5LjGitl4SLHQNmUIMLWrkUUc="; 12 }; 13 14 vendorHash = null;

··· 2 3 buildGoModule rec { 4 pname = "amazon-ecr-credential-helper"; 5 + version = "0.7.1"; 6 7 src = fetchFromGitHub { 8 owner = "awslabs"; 9 repo = "amazon-ecr-credential-helper"; 10 rev = "v${version}"; 11 + sha256 = "sha256-Q+YAfCsq4/PoSzYMFhLDAsAfxlU7XR/vouHo42/D2eM="; 12 }; 13 14 vendorHash = null;

+2 -2

pkgs/tools/admin/credhub-cli/default.nix

··· 2 3 buildGoModule rec { 4 pname = "credhub-cli"; 5 - version = "2.9.15"; 6 7 src = fetchFromGitHub { 8 owner = "cloudfoundry-incubator"; 9 repo = "credhub-cli"; 10 rev = version; 11 - sha256 = "sha256-0cs2ChbhUHvjHOGVv/wazo8g5f5JWuDKHJkKLC6Qp4g="; 12 }; 13 14 # these tests require network access that we're not going to give them

··· 2 3 buildGoModule rec { 4 pname = "credhub-cli"; 5 + version = "2.9.16"; 6 7 src = fetchFromGitHub { 8 owner = "cloudfoundry-incubator"; 9 repo = "credhub-cli"; 10 rev = version; 11 + sha256 = "sha256-NfGS5kUfmv1djYMqB1HrNFgM2cBfW4EZHrkxhwmBWKQ="; 12 }; 13 14 # these tests require network access that we're not going to give them

+3 -3

pkgs/tools/admin/eksctl/default.nix

··· 2 3 buildGoModule rec { 4 pname = "eksctl"; 5 - version = "0.142.0"; 6 7 src = fetchFromGitHub { 8 owner = "weaveworks"; 9 repo = pname; 10 rev = version; 11 - hash = "sha256-C+VcAtMkltkJ+IRIhZg1VXWiAtj8N0sOoEutvkXC+No="; 12 }; 13 14 - vendorHash = "sha256-4u9TwtFDqr0wZ7/2pdSSofAO6qyN3mYHOk2UdU74fGI="; 15 16 doCheck = false; 17

··· 2 3 buildGoModule rec { 4 pname = "eksctl"; 5 + version = "0.143.0"; 6 7 src = fetchFromGitHub { 8 owner = "weaveworks"; 9 repo = pname; 10 rev = version; 11 + hash = "sha256-FVZQooV1sygxubPZ/9CvWIEcDhDGIbreDPUBrtyIy60="; 12 }; 13 14 + vendorHash = "sha256-WJ7pTooO4/o0IR4Rio+EoN7oxmobG7GqT7aEUqusKI0="; 15 16 doCheck = false; 17

+50

pkgs/tools/audio/catnip/default.nix

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + , pkg-config 5 + , portaudio 6 + , testers 7 + , catnip 8 + }: 9 + 10 + buildGoModule rec { 11 + pname = "catnip"; 12 + version = "1.8.0"; 13 + 14 + src = fetchFromGitHub { 15 + owner = "noriah"; 16 + repo = "catnip"; 17 + rev = "v${version}"; 18 + hash = "sha256-eVEoQrI8NycEV/dPUNFqkzgjOYaGmH1+lLRRkOybXDU="; 19 + }; 20 + 21 + vendorHash = "sha256-Hj453+5fhbUL6YMeupT5D6ydaEMe+ZQNgEYHtCUtTx4="; 22 + 23 + nativeBuildInputs = [ 24 + pkg-config 25 + ]; 26 + 27 + buildInputs = [ 28 + portaudio 29 + ]; 30 + 31 + ldflags = [ 32 + "-s" 33 + "-w" 34 + "-X=main.version=${version}" 35 + ]; 36 + 37 + passthru.tests = { 38 + version = testers.testVersion { 39 + package = catnip; 40 + }; 41 + }; 42 + 43 + meta = with lib; { 44 + description = "Terminal audio visualizer for linux/unix/macOS/windows"; 45 + homepage = "https://github.com/noriah/catnip"; 46 + changelog = "https://github.com/noriah/catnip/releases/tag/${src.rev}"; 47 + license = licenses.mit; 48 + maintainers = with maintainers; [ figsoda ]; 49 + }; 50 + }

+2 -2

pkgs/tools/compression/lhasa/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "lhasa"; 5 - version = "0.3.1"; 6 7 src = fetchurl { 8 url = "https://soulsphere.org/projects/lhasa/lhasa-${version}.tar.gz"; 9 - sha256 = "092zi9av18ma20c6h9448k0bapvx2plnp292741dvfd9hmgqxc1z"; 10 }; 11 12 meta = with lib; {

··· 2 3 stdenv.mkDerivation rec { 4 pname = "lhasa"; 5 + version = "0.4.0"; 6 7 src = fetchurl { 8 url = "https://soulsphere.org/projects/lhasa/lhasa-${version}.tar.gz"; 9 + sha256 = "sha256-p/yIPDBMUIVi+5P6MHpMNCsMiG/MJl8ouS3Aw5IgxbM="; 10 }; 11 12 meta = with lib; {

+2 -2

pkgs/tools/misc/limitcpu/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "limitcpu"; 5 - version = "2.9"; 6 7 src = fetchurl { 8 url = "mirror://sourceforge/limitcpu/cpulimit-${version}.tar.gz"; 9 - sha256 = "sha256-W7fbTscqArOy0SfViQaGTgE1iw81pvGQuAlwN4ovjPY="; 10 }; 11 12 buildFlags = with stdenv; [ (

··· 2 3 stdenv.mkDerivation rec { 4 pname = "limitcpu"; 5 + version = "3.0"; 6 7 src = fetchurl { 8 url = "mirror://sourceforge/limitcpu/cpulimit-${version}.tar.gz"; 9 + sha256 = "sha256-rS9BXrK72j6DqKLZGO9ekPUuvMb+5h6Uv5F7PoTrtJw="; 10 }; 11 12 buildFlags = with stdenv; [ (

+2 -2

pkgs/tools/misc/mongodb-compass/default.nix

··· 33 }: 34 35 let 36 - version = "1.36.4"; 37 38 rpath = lib.makeLibraryPath [ 39 alsa-lib ··· 82 if stdenv.hostPlatform.system == "x86_64-linux" then 83 fetchurl { 84 url = "https://downloads.mongodb.com/compass/mongodb-compass_${version}_amd64.deb"; 85 - sha256 = "sha256-GAg5zj2ETXdXVfVwNvf4VjRVEHePNWf28xMDsTyjiEs="; 86 } 87 else 88 throw "MongoDB compass is not supported on ${stdenv.hostPlatform.system}";

··· 33 }: 34 35 let 36 + version = "1.37.0"; 37 38 rpath = lib.makeLibraryPath [ 39 alsa-lib ··· 82 if stdenv.hostPlatform.system == "x86_64-linux" then 83 fetchurl { 84 url = "https://downloads.mongodb.com/compass/mongodb-compass_${version}_amd64.deb"; 85 + sha256 = "sha256-SeglhwIKsxhmhA3rNcg6paSBwlB4a4Aiq9L2DFR9/d4="; 86 } 87 else 88 throw "MongoDB compass is not supported on ${stdenv.hostPlatform.system}";

+2 -2

pkgs/tools/misc/vtm/default.nix

··· 6 7 stdenv.mkDerivation rec { 8 pname = "vtm"; 9 - version = "0.9.9k"; 10 11 src = fetchFromGitHub { 12 owner = "netxs-group"; 13 repo = "vtm"; 14 rev = "v${version}"; 15 - sha256 = "sha256-vmgjonMjhVEfsujWUuX+50NPAzgIfJADp8qjnDmfV1E="; 16 }; 17 18 nativeBuildInputs = [ cmake ];

··· 6 7 stdenv.mkDerivation rec { 8 pname = "vtm"; 9 + version = "0.9.9l"; 10 11 src = fetchFromGitHub { 12 owner = "netxs-group"; 13 repo = "vtm"; 14 rev = "v${version}"; 15 + sha256 = "sha256-thahwqgXMgEY02dLnmXsdOy0/WUYJJewB9ax7GP6LK0="; 16 }; 17 18 nativeBuildInputs = [ cmake ];

+3 -3

pkgs/tools/networking/frp/default.nix

··· 2 3 buildGoModule rec { 4 pname = "frp"; 5 - version = "0.48.0"; 6 7 src = fetchFromGitHub { 8 owner = "fatedier"; 9 repo = pname; 10 rev = "v${version}"; 11 - sha256 = "sha256-e9Qof+HxSJHzAUbLb+w5oWPTOslTPxnC8BVAmtMQGlE="; 12 }; 13 14 - vendorHash = "sha256-DhzirX+AGe8dE62M0hiE5SlWK8HqhNN0MMk9i2Ntrs8="; 15 16 doCheck = false; 17

··· 2 3 buildGoModule rec { 4 pname = "frp"; 5 + version = "0.49.0"; 6 7 src = fetchFromGitHub { 8 owner = "fatedier"; 9 repo = pname; 10 rev = "v${version}"; 11 + sha256 = "sha256-6bBLgMh9Hf+UWYcF6oypK62VmeZwXsP7wz5PizeiRcc="; 12 }; 13 14 + vendorHash = "sha256-zQMm3qOBDJuL4w/BDGKH3DbfAFn0pwuvjltYnuxxvzk="; 15 16 doCheck = false; 17

+3 -3

pkgs/tools/networking/goflow2/default.nix

··· 5 6 buildGoModule rec { 7 pname = "goflow2"; 8 - version = "1.3.3"; 9 10 src = fetchFromGitHub { 11 owner = "netsampler"; 12 repo = pname; 13 rev = "v${version}"; 14 - hash = "sha256-YZuF3O1/Ycn2gFK9i1D/W8F16B6NEift5PYbv8yqUHk="; 15 }; 16 17 ldflags = [ ··· 20 "-X=main.version=${version}" 21 ]; 22 23 - vendorHash = "sha256-c40N6SAym9dpCuGb5I7t9sJBde2r552obot3drYCjB4="; 24 25 meta = with lib; { 26 description = "High performance sFlow/IPFIX/NetFlow Collector";

··· 5 6 buildGoModule rec { 7 pname = "goflow2"; 8 + version = "1.3.4"; 9 10 src = fetchFromGitHub { 11 owner = "netsampler"; 12 repo = pname; 13 rev = "v${version}"; 14 + hash = "sha256-0E3iSO+ObaPhIUerF4y5UygJMSMJNTJwI6RqHunqrZ0="; 15 }; 16 17 ldflags = [ ··· 20 "-X=main.version=${version}" 21 ]; 22 23 + vendorHash = "sha256-tNrCsCKBoUsrCOlbI1FUoksWoI4jUiYLF+A8Fjfe9Qk="; 24 25 meta = with lib; { 26 description = "High performance sFlow/IPFIX/NetFlow Collector";

+31

pkgs/tools/networking/keama/default.nix

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + { stdenv, lib, fetchurl }: 2 + 3 + stdenv.mkDerivation rec { 4 + pname = "keama"; 5 + version = "4.4.3-P1"; 6 + 7 + src = fetchurl { 8 + url = "https://ftp.isc.org/isc/dhcp/${version}/dhcp-${version}.tar.gz"; 9 + sha256 = "sha256-CsQWu1WZfKhjIXT9EHN/1hzbjbonUhYKM1d1vCHcc8c="; 10 + }; 11 + 12 + enableParallelBuilding = true; 13 + 14 + # The Kea Migration Assistant lives as a subdirectory of the 15 + # original ISC DHCP server source code. 16 + makeFlags = [ "-C" "keama" ]; 17 + 18 + meta = with lib; { 19 + description = "Kea Migration Assistent"; 20 + 21 + longDescription = '' 22 + Kea migration assistant is an experimental tool that reads a ISC DHCP server 23 + configuration and produces a JSON configuration in Kea format. 24 + ''; 25 + 26 + homepage = "https://gitlab.isc.org/isc-projects/dhcp/-/wikis/kea-migration-assistant"; 27 + license = licenses.mpl20; 28 + platforms = platforms.unix; 29 + maintainers = with maintainers; [ blitz ]; 30 + }; 31 + }

+3 -3

pkgs/tools/networking/minio-client/default.nix

··· 2 3 buildGoModule rec { 4 pname = "minio-client"; 5 - version = "2023-05-18T16-59-00Z"; 6 7 src = fetchFromGitHub { 8 owner = "minio"; 9 repo = "mc"; 10 rev = "RELEASE.${version}"; 11 - sha256 = "sha256-43aL7UXKwOKHeLvjO/zK4CLf/uLESR23bO0Ro4WGAHQ="; 12 }; 13 14 - vendorHash = "sha256-hfe/Y0eVPDpBNhaQknghQFkCIWuGg64CbrfKnVVB97I="; 15 16 subPackages = [ "." ]; 17

··· 2 3 buildGoModule rec { 4 pname = "minio-client"; 5 + version = "2023-05-26T23-31-54Z"; 6 7 src = fetchFromGitHub { 8 owner = "minio"; 9 repo = "mc"; 10 rev = "RELEASE.${version}"; 11 + sha256 = "sha256-+SqFqrDzjI53tfdGOTm4KMcCLVnfxJLoxtzUSmc4RMw="; 12 }; 13 14 + vendorHash = "sha256-kjFAUBgMsydP4K32Yiu6BSA8heFhWEBf21iZs+1llCA="; 15 16 subPackages = [ "." ]; 17

+3 -3

pkgs/tools/networking/netbird/default.nix

··· 30 in 31 buildGoModule rec { 32 pname = "netbird"; 33 - version = "0.20.3"; 34 35 src = fetchFromGitHub { 36 owner = "netbirdio"; 37 repo = pname; 38 rev = "v${version}"; 39 - sha256 = "sha256-aKgqkmNM+NQ2BujOG7tVyYees0Gxwf8LzrFft4FCLZk="; 40 }; 41 42 - vendorHash = "sha256-mO0I0+nT1eL4DbUpgS8wCKjXH80ca6q6RLoagz9W5uI="; 43 44 nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config; 45

··· 30 in 31 buildGoModule rec { 32 pname = "netbird"; 33 + version = "0.20.5"; 34 35 src = fetchFromGitHub { 36 owner = "netbirdio"; 37 repo = pname; 38 rev = "v${version}"; 39 + sha256 = "sha256-Di3Y5Pa4A6Iw0rXp0VdAPUuzFO3SnpV6Ip6N1gyFuoU="; 40 }; 41 42 + vendorHash = "sha256-wgiDwf1aV8hM33ADgqAbmeLu9lDKdvw0d88IrVg0fmo="; 43 44 nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config; 45

+2 -2

pkgs/tools/networking/pacparser/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "pacparser"; 5 - version = "1.4.1"; 6 7 src = fetchFromGitHub { 8 owner = "manugarg"; 9 repo = pname; 10 rev = "v${version}"; 11 - sha256 = "sha256-tEbkMRHCdiKXpz9Ksg2LEzfOVhF8xbUHWMeExPMlGVM="; 12 }; 13 14 makeFlags = [ "NO_INTERNET=1" ];

··· 2 3 stdenv.mkDerivation rec { 4 pname = "pacparser"; 5 + version = "1.4.2"; 6 7 src = fetchFromGitHub { 8 owner = "manugarg"; 9 repo = pname; 10 rev = "v${version}"; 11 + sha256 = "sha256-p83aAcZ3fGOrokq4HDgF5/VxMl3Q11voSjdaBUUO4S0="; 12 }; 13 14 makeFlags = [ "NO_INTERNET=1" ];

+3 -3

pkgs/tools/networking/rathole/default.nix

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "rathole"; 12 - version = "0.4.7"; 13 14 src = fetchFromGitHub { 15 owner = "rapiz1"; 16 repo = pname; 17 rev = "refs/tags/v${version}"; 18 - hash = "sha256-YauQg+P4Y8oO8Kn6FB3NxBI7PHoo/bjS38bM1lFeCH0="; 19 }; 20 21 - cargoHash = "sha256-OcPmHqjW79SKMET6J5HIwmR5vESh+PJcQjSMsqmnIb8="; 22 23 nativeBuildInputs = [ 24 pkg-config

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "rathole"; 12 + version = "0.4.8"; 13 14 src = fetchFromGitHub { 15 owner = "rapiz1"; 16 repo = pname; 17 rev = "refs/tags/v${version}"; 18 + hash = "sha256-yqZPs0rp3LD7n4+JGa55gZ4xMcumy+oazrxCqpDzIfQ="; 19 }; 20 21 + cargoHash = "sha256-BZ6AgH/wnxrDLkyncR0pbayae9v5P7X7UnlJ48JR8sM="; 22 23 nativeBuildInputs = [ 24 pkg-config

+3 -3

pkgs/tools/security/asnmap/default.nix

··· 5 6 buildGoModule rec { 7 pname = "asnmap"; 8 - version = "1.0.3"; 9 10 src = fetchFromGitHub { 11 owner = "projectdiscovery"; 12 repo = pname; 13 rev = "refs/tags/v${version}"; 14 - hash = "sha256-nkDa54+4bAMtQ/s/vn7x9hAt7p+ErKMOZ70MoH45CoM="; 15 }; 16 17 - vendorHash = "sha256-owpu0oANYipso33HOwwSqL8G0VDT53B9HeLQA/GvmxU="; 18 19 # Tests require network access 20 doCheck = false;

··· 5 6 buildGoModule rec { 7 pname = "asnmap"; 8 + version = "1.0.4"; 9 10 src = fetchFromGitHub { 11 owner = "projectdiscovery"; 12 repo = pname; 13 rev = "refs/tags/v${version}"; 14 + hash = "sha256-J5Dn5eDzwj+ApwQ3ibTsMbwCobRAb1Cli+hbf74I9VQ="; 15 }; 16 17 + vendorHash = "sha256-0vU7YWZKiqi3WsjSTNvtUiskIczADgfRRC7rwCx8ho4="; 18 19 # Tests require network access 20 doCheck = false;

+2 -2

pkgs/tools/security/clamav/default.nix

··· 6 7 stdenv.mkDerivation rec { 8 pname = "clamav"; 9 - version = "1.0.1"; 10 11 src = fetchurl { 12 url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; 13 - hash = "sha256-CHLcG4L/TNfo5DI/r17kGh9mroCGXQVCkIW5RjVdhu4="; 14 }; 15 16 patches = [

··· 6 7 stdenv.mkDerivation rec { 8 pname = "clamav"; 9 + version = "1.1.0"; 10 11 src = fetchurl { 12 url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; 13 + hash = "sha256-owAg2ZzUZ/peoO+9b08YLv6/Yqn8YvxKOnssw/Vea3Q="; 14 }; 15 16 patches = [

+3 -3

pkgs/tools/security/gpg-tui/default.nix

··· 17 18 rustPlatform.buildRustPackage rec { 19 pname = "gpg-tui"; 20 - version = "0.9.5"; 21 22 src = fetchFromGitHub { 23 owner = "orhun"; 24 repo = "gpg-tui"; 25 rev = "v${version}"; 26 - hash = "sha256-WBOjdcqBHvXYAFEsv0249W7HrABDsZe9pfc3jM9LUSA="; 27 }; 28 29 - cargoHash = "sha256-0xNCQQG9S2sqxfc3MIZnftCSrVsrk4DO/cIM0iW33oI="; 30 31 nativeBuildInputs = [ 32 gpgme # for gpgme-config

··· 17 18 rustPlatform.buildRustPackage rec { 19 pname = "gpg-tui"; 20 + version = "0.9.6"; 21 22 src = fetchFromGitHub { 23 owner = "orhun"; 24 repo = "gpg-tui"; 25 rev = "v${version}"; 26 + hash = "sha256-vzdQqiAguwXZ3QNlctnfsuFxNYwBLICVqonFKXdMvSQ="; 27 }; 28 29 + cargoHash = "sha256-clxpTayrWSu0esu8L4/Kf8oKk8zAK3XJwT8IJqHoZpw="; 30 31 nativeBuildInputs = [ 32 gpgme # for gpgme-config

+2 -2

pkgs/tools/system/gopsuinfo/default.nix

··· 5 6 buildGoModule rec { 7 pname = "gopsuinfo"; 8 - version = "0.1.3"; 9 10 src = fetchFromGitHub { 11 owner = "nwg-piotr"; 12 repo = "gopsuinfo"; 13 rev = "v${version}"; 14 - sha256 = "sha256-e+obIFbhjxsdnyJe3+sUpe9pK9eNTspxNH+Cvf4RBMQ="; 15 }; 16 17 vendorHash = "sha256-S2ZHfrbEjPDweazwWbMbEMcMl/i+8Nru0G0e7RjOJMk=";

··· 5 6 buildGoModule rec { 7 pname = "gopsuinfo"; 8 + version = "0.1.4"; 9 10 src = fetchFromGitHub { 11 owner = "nwg-piotr"; 12 repo = "gopsuinfo"; 13 rev = "v${version}"; 14 + sha256 = "sha256-kivxuy0fdSfF5zAKiflTkYsb6jdeQ75Or7WmbadxsrY="; 15 }; 16 17 vendorHash = "sha256-S2ZHfrbEjPDweazwWbMbEMcMl/i+8Nru0G0e7RjOJMk=";

+5

pkgs/tools/text/gnugrep/default.nix

··· 16 hash = "sha256-HbKu3eidDepCsW2VKPiUyNFdrk4ZC1muzHj1qVEnbqs="; 17 }; 18 0 0 0 0 0 19 nativeCheckInputs = [ perl glibcLocales ]; 20 outputs = [ "out" "info" ]; # the man pages are rather small 21

··· 16 hash = "sha256-HbKu3eidDepCsW2VKPiUyNFdrk4ZC1muzHj1qVEnbqs="; 17 }; 18 19 + # Some gnulib tests fail on Musl: https://github.com/NixOS/nixpkgs/pull/228714 20 + postPatch = if stdenv.hostPlatform.isMusl then '' 21 + sed -i 's:gnulib-tests::g' Makefile.in 22 + '' else null; 23 + 24 nativeCheckInputs = [ perl glibcLocales ]; 25 outputs = [ "out" "info" ]; # the man pages are rather small 26

+2 -2

pkgs/tools/wayland/shotman/default.nix

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "shotman"; 12 - version = "0.4.1"; 13 14 src = fetchFromSourcehut { 15 owner = "~whynothugo"; 16 repo = pname; 17 rev = "v${version}"; 18 - hash = "sha256-u8vnRNxi7wLn0M2VZu9YTZuSAM/0afHRP01vve9tD9c="; 19 }; 20 21 cargoLock = {

··· 9 10 rustPlatform.buildRustPackage rec { 11 pname = "shotman"; 12 + version = "0.4.3"; 13 14 src = fetchFromSourcehut { 15 owner = "~whynothugo"; 16 repo = pname; 17 rev = "v${version}"; 18 + hash = "sha256-c2fgP6XB/fqKfsjqRRQpOFzHZyF/a9tLAKIGdKFAcSQ="; 19 }; 20 21 cargoLock = {

+7 -1

pkgs/top-level/all-packages.nix

··· 3408 3409 flavours = callPackage ../applications/misc/flavours { }; 3410 3411 - flirc = libsForQt5.callPackage ../applications/video/flirc { }; 0 0 3412 3413 flood = nodePackages.flood; 3414 ··· 9621 kcollectd = libsForQt5.callPackage ../tools/misc/kcollectd { }; 9622 9623 kea = callPackage ../tools/networking/kea { }; 0 0 9624 9625 iredis = callPackage ../tools/admin/iredis { }; 9626 ··· 18038 byacc = callPackage ../development/tools/parsing/byacc { }; 18039 18040 cadre = callPackage ../development/tools/cadre { }; 0 0 18041 18042 cbrowser = callPackage ../development/tools/misc/cbrowser { }; 18043

··· 3408 3409 flavours = callPackage ../applications/misc/flavours { }; 3410 3411 + flirc = libsForQt5.callPackage ../applications/video/flirc { 3412 + readline = readline63; 3413 + }; 3414 3415 flood = nodePackages.flood; 3416 ··· 9623 kcollectd = libsForQt5.callPackage ../tools/misc/kcollectd { }; 9624 9625 kea = callPackage ../tools/networking/kea { }; 9626 + 9627 + keama = callPackage ../tools/networking/keama { }; 9628 9629 iredis = callPackage ../tools/admin/iredis { }; 9630 ··· 18042 byacc = callPackage ../development/tools/parsing/byacc { }; 18043 18044 cadre = callPackage ../development/tools/cadre { }; 18045 + 18046 + catnip = callPackage ../tools/audio/catnip { }; 18047 18048 cbrowser = callPackage ../development/tools/misc/cbrowser { }; 18049

+3 -1

pkgs/top-level/python-packages.nix

··· 4090 4091 glean-parser = callPackage ../development/python-modules/glean-parser { }; 4092 4093 - glean-sdk = callPackage ../development/python-modules/glean-sdk { }; 0 0 4094 4095 glfw = callPackage ../development/python-modules/glfw { }; 4096

··· 4090 4091 glean-parser = callPackage ../development/python-modules/glean-parser { }; 4092 4093 + glean-sdk = callPackage ../development/python-modules/glean-sdk { 4094 + inherit (pkgs) lmdb; 4095 + }; 4096 4097 glfw = callPackage ../development/python-modules/glfw { }; 4098