Merge master into staging-next · pyrox.dev/nixpkgs@ca03e91

+12

maintainers/maintainer-list.nix

··· 1273 githubId = 1217745; 1274 name = "Aldwin Vlasblom"; 1275 }; 1276 avery = { 1277 email = "averyl+nixos@protonmail.com"; 1278 github = "AveryLychee"; ··· 11461 github = "samuelrivas"; 11462 githubId = 107703; 11463 name = "Samuel Rivas"; 11464 }; 11465 samyak = { 11466 name = "Samyak Sarnayak";

··· 1273 githubId = 1217745; 1274 name = "Aldwin Vlasblom"; 1275 }; 1276 + aveltras = { 1277 + email = "romain.viallard@outlook.fr"; 1278 + github = "aveltras"; 1279 + githubId = 790607; 1280 + name = "Romain Viallard"; 1281 + }; 1282 avery = { 1283 email = "averyl+nixos@protonmail.com"; 1284 github = "AveryLychee"; ··· 11467 github = "samuelrivas"; 11468 githubId = 107703; 11469 name = "Samuel Rivas"; 11470 + }; 11471 + samw = { 11472 + email = "sam@wlcx.cc"; 11473 + github = "wlcx"; 11474 + githubId = 3065381; 11475 + name = "Sam Willcocks"; 11476 }; 11477 samyak = { 11478 name = "Samyak Sarnayak";

+7

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

··· 126 </listitem> 127 <listitem> 128 <para> 129 <link xlink:href="https://dragonflydb.io/">dragonflydb</link>, 130 a modern replacement for Redis and Memcached. Available as 131 <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.

··· 126 </listitem> 127 <listitem> 128 <para> 129 + <link xlink:href="https://github.com/mozilla-services/syncstorage-rs">syncstorage-rs</link>, 130 + a self-hostable sync server for Firefox. Available as 131 + <link xlink:href="options.html#opt-services.firefox-syncserver.enable">services.firefox-syncserver</link>. 132 + </para> 133 + </listitem> 134 + <listitem> 135 + <para> 136 <link xlink:href="https://dragonflydb.io/">dragonflydb</link>, 137 a modern replacement for Redis and Memcached. Available as 138 <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.

+1

nixos/doc/manual/release-notes/rl-2211.section.md

··· 55 ## New Services {#sec-release-22.11-new-services} 56 57 - [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable). 58 59 - [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable). 60

··· 55 ## New Services {#sec-release-22.11-new-services} 56 57 - [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable). 58 + - [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs), a self-hostable sync server for Firefox. Available as [services.firefox-syncserver](options.html#opt-services.firefox-syncserver.enable). 59 60 - [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable). 61

+1

nixos/modules/module-list.nix

··· 783 ./services/networking/expressvpn.nix 784 ./services/networking/fakeroute.nix 785 ./services/networking/ferm.nix 786 ./services/networking/fireqos.nix 787 ./services/networking/firewall.nix 788 ./services/networking/flannel.nix

··· 783 ./services/networking/expressvpn.nix 784 ./services/networking/fakeroute.nix 785 ./services/networking/ferm.nix 786 + ./services/networking/firefox-syncserver.nix 787 ./services/networking/fireqos.nix 788 ./services/networking/firewall.nix 789 ./services/networking/flannel.nix

+55

nixos/modules/services/networking/firefox-syncserver.md

···

··· 1 + # Firefox Sync server {#module-services-firefox-syncserver} 2 + 3 + A storage server for Firefox Sync that you can easily host yourself. 4 + 5 + ## Quickstart {#module-services-firefox-syncserver-quickstart} 6 + 7 + The absolute minimal configuration for the sync server looks like this: 8 + 9 + ```nix 10 + services.mysql.package = pkgs.mariadb; 11 + 12 + services.firefox-syncserver = { 13 + enable = true; 14 + secrets = builtins.toFile "sync-secrets" '' 15 + SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store 16 + ''; 17 + singleNode = { 18 + enable = true; 19 + hostname = "localhost"; 20 + url = "http://localhost:5000"; 21 + }; 22 + }; 23 + ``` 24 + 25 + This will start a sync server that is only accessible locally. Once the services is 26 + running you can navigate to `about:config` in your Firefox profile and set 27 + `identity.sync.tokenserver.uri` to `http://localhost:5000/1.0/sync/1.5`. Your browser 28 + will now use your local sync server for data storage. 29 + 30 + ::: {.warning} 31 + This configuration should never be used in production. It is not encrypted and 32 + stores its secrets in a world-readable location. 33 + ::: 34 + 35 + ## More detailed setup {#module-services-firefox-syncserver-configuration} 36 + 37 + The `firefox-syncserver` service provides a number of options to make setting up 38 + small deployment easier. These are grouped under the `singleNode` element of the 39 + option tree and allow simple configuration of the most important parameters. 40 + 41 + Single node setup is split into two kinds of options: those that affect the sync 42 + server itself, and those that affect its surroundings. Options that affect the 43 + sync server are `capacity`, which configures how many accounts may be active on 44 + this instance, and `url`, which holds the URL under which the sync server can be 45 + accessed. The `url` can be configured automatically when using nginx. 46 + 47 + Options that affect the surroundings of the sync server are `enableNginx`, 48 + `enableTLS` and `hostnam`. If `enableNginx` is set the sync server module will 49 + automatically add an nginx virtual host to the system using `hostname` as the 50 + domain and set `url` accordingly. If `enableTLS` is set the module will also 51 + enable ACME certificates on the new virtual host and force all connections to 52 + be made via TLS. 53 + 54 + For actual deployment it is also recommended to store the `secrets` file in a 55 + secure location.

+328

nixos/modules/services/networking/firefox-syncserver.nix

···

··· 1 + { config, pkgs, lib, options, ... }: 2 + 3 + let 4 + cfg = config.services.firefox-syncserver; 5 + opt = options.services.firefox-syncserver; 6 + defaultDatabase = "firefox_syncserver"; 7 + defaultUser = "firefox-syncserver"; 8 + 9 + dbIsLocal = cfg.database.host == "localhost"; 10 + dbURL = "mysql://${cfg.database.user}@${cfg.database.host}/${cfg.database.name}"; 11 + 12 + format = pkgs.formats.toml {}; 13 + settings = { 14 + database_url = dbURL; 15 + human_logs = true; 16 + tokenserver = { 17 + node_type = "mysql"; 18 + database_url = dbURL; 19 + fxa_email_domain = "api.accounts.firefox.com"; 20 + fxa_oauth_server_url = "https://oauth.accounts.firefox.com/v1"; 21 + run_migrations = true; 22 + } // lib.optionalAttrs cfg.singleNode.enable { 23 + # Single-node mode is likely to be used on small instances with little 24 + # capacity. The default value (0.1) can only ever release capacity when 25 + # accounts are removed if the total capacity is 10 or larger to begin 26 + # with. 27 + # https://github.com/mozilla-services/syncstorage-rs/issues/1313#issuecomment-1145293375 28 + node_capacity_release_rate = 1; 29 + }; 30 + }; 31 + configFile = format.generate "syncstorage.toml" (lib.recursiveUpdate settings cfg.settings); 32 + in 33 + 34 + { 35 + options = { 36 + services.firefox-syncserver = { 37 + enable = lib.mkEnableOption '' 38 + the Firefox Sync storage service. 39 + 40 + Out of the box this will not be very useful unless you also configure at least 41 + one service and one nodes by inserting them into the mysql database manually, e.g. 42 + by running 43 + 44 + <programlisting> 45 + INSERT INTO `services` (`id`, `service`, `pattern`) VALUES ('1', 'sync-1.5', '{node}/1.5/{uid}'); 46 + INSERT INTO `nodes` (`id`, `service`, `node`, `available`, `current_load`, 47 + `capacity`, `downed`, `backoff`) 48 + VALUES ('1', '1', 'https://mydomain.tld', '1', '0', '10', '0', '0'); 49 + </programlisting> 50 + 51 + <option>${opt.singleNode.enable}</option> does this automatically when enabled 52 + ''; 53 + 54 + package = lib.mkOption { 55 + type = lib.types.package; 56 + default = pkgs.syncstorage-rs; 57 + defaultText = lib.literalExpression "pkgs.syncstorage-rs"; 58 + description = '' 59 + Package to use. 60 + ''; 61 + }; 62 + 63 + database.name = lib.mkOption { 64 + # the mysql module does not allow `-quoting without resorting to shell 65 + # escaping, so we restrict db names for forward compaitiblity should this 66 + # behavior ever change. 67 + type = lib.types.strMatching "[a-z_][a-z0-9_]*"; 68 + default = defaultDatabase; 69 + description = '' 70 + Database to use for storage. Will be created automatically if it does not exist 71 + and <literal>config.${opt.database.createLocally}</literal> is set. 72 + ''; 73 + }; 74 + 75 + database.user = lib.mkOption { 76 + type = lib.types.str; 77 + default = defaultUser; 78 + description = '' 79 + Username for database connections. 80 + ''; 81 + }; 82 + 83 + database.host = lib.mkOption { 84 + type = lib.types.str; 85 + default = "localhost"; 86 + description = '' 87 + Database host name. <literal>localhost</literal> is treated specially and inserts 88 + systemd dependencies, other hostnames or IP addresses of the local machine do not. 89 + ''; 90 + }; 91 + 92 + database.createLocally = lib.mkOption { 93 + type = lib.types.bool; 94 + default = true; 95 + description = '' 96 + Whether to create database and user on the local machine if they do not exist. 97 + This includes enabling unix domain socket authentication for the configured user. 98 + ''; 99 + }; 100 + 101 + logLevel = lib.mkOption { 102 + type = lib.types.str; 103 + default = "error"; 104 + description = '' 105 + Log level to run with. This can be a simple log level like <literal>error</literal> 106 + or <literal>trace</literal>, or a more complicated logging expression. 107 + ''; 108 + }; 109 + 110 + secrets = lib.mkOption { 111 + type = lib.types.path; 112 + description = '' 113 + A file containing the various secrets. Should be in the format expected by systemd's 114 + <literal>EnvironmentFile</literal> directory. Two secrets are currently available: 115 + <literal>SYNC_MASTER_SECRET</literal> and 116 + <literal>SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET</literal>. 117 + ''; 118 + }; 119 + 120 + singleNode = { 121 + enable = lib.mkEnableOption "auto-configuration for a simple single-node setup"; 122 + 123 + enableTLS = lib.mkEnableOption "automatic TLS setup"; 124 + 125 + enableNginx = lib.mkEnableOption "nginx virtualhost definitions"; 126 + 127 + hostname = lib.mkOption { 128 + type = lib.types.str; 129 + description = '' 130 + Host name to use for this service. 131 + ''; 132 + }; 133 + 134 + capacity = lib.mkOption { 135 + type = lib.types.ints.unsigned; 136 + default = 10; 137 + description = '' 138 + How many sync accounts are allowed on this server. Setting this value 139 + equal to or less than the number of currently active accounts will 140 + effectively deny service to accounts not yet registered here. 141 + ''; 142 + }; 143 + 144 + url = lib.mkOption { 145 + type = lib.types.str; 146 + default = "${if cfg.singleNode.enableTLS then "https" else "http"}://${cfg.singleNode.hostname}"; 147 + defaultText = lib.literalExpression '' 148 + ''${if cfg.singleNode.enableTLS then "https" else "http"}://''${config.${opt.singleNode.hostname}} 149 + ''; 150 + description = '' 151 + URL of the host. If you are not using the automatic webserver proxy setup you will have 152 + to change this setting or your sync server may not be functional. 153 + ''; 154 + }; 155 + }; 156 + 157 + settings = lib.mkOption { 158 + type = lib.types.submodule { 159 + freeformType = format.type; 160 + 161 + options = { 162 + port = lib.mkOption { 163 + type = lib.types.port; 164 + default = 5000; 165 + description = '' 166 + Port to bind to. 167 + ''; 168 + }; 169 + 170 + tokenserver.enabled = lib.mkOption { 171 + type = lib.types.bool; 172 + default = true; 173 + description = '' 174 + Whether to enable the token service as well. 175 + ''; 176 + }; 177 + }; 178 + }; 179 + default = { }; 180 + description = '' 181 + Settings for the sync server. These take priority over values computed 182 + from NixOS options. 183 + 184 + See the doc comments on the <literal>Settings</literal> structs in 185 + <link xlink:href="https://github.com/mozilla-services/syncstorage-rs/blob/master/syncstorage/src/settings.rs" /> 186 + and 187 + <link xlink:href="https://github.com/mozilla-services/syncstorage-rs/blob/master/syncstorage/src/tokenserver/settings.rs" /> 188 + for available options. 189 + ''; 190 + }; 191 + }; 192 + }; 193 + 194 + config = lib.mkIf cfg.enable { 195 + services.mysql = lib.mkIf cfg.database.createLocally { 196 + enable = true; 197 + ensureDatabases = [ cfg.database.name ]; 198 + ensureUsers = [{ 199 + name = cfg.database.user; 200 + ensurePermissions = { 201 + "${cfg.database.name}.*" = "all privileges"; 202 + }; 203 + }]; 204 + }; 205 + 206 + systemd.services.firefox-syncserver = { 207 + wantedBy = [ "multi-user.target" ]; 208 + requires = lib.mkIf dbIsLocal [ "mysql.service" ]; 209 + after = lib.mkIf dbIsLocal [ "mysql.service" ]; 210 + environment.RUST_LOG = cfg.logLevel; 211 + serviceConfig = { 212 + User = defaultUser; 213 + Group = defaultUser; 214 + ExecStart = "${cfg.package}/bin/syncstorage --config ${configFile}"; 215 + Stderr = "journal"; 216 + EnvironmentFile = lib.mkIf (cfg.secrets != null) "${cfg.secrets}"; 217 + 218 + # hardening 219 + RemoveIPC = true; 220 + CapabilityBoundingSet = [ "" ]; 221 + DynamicUser = true; 222 + NoNewPrivileges = true; 223 + PrivateDevices = true; 224 + ProtectClock = true; 225 + ProtectKernelLogs = true; 226 + ProtectControlGroups = true; 227 + ProtectKernelModules = true; 228 + SystemCallArchitectures = "native"; 229 + # syncstorage-rs uses python-cffi internally, and python-cffi does not 230 + # work with MemoryDenyWriteExecute=true 231 + MemoryDenyWriteExecute = false; 232 + RestrictNamespaces = true; 233 + RestrictSUIDSGID = true; 234 + ProtectHostname = true; 235 + LockPersonality = true; 236 + ProtectKernelTunables = true; 237 + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; 238 + RestrictRealtime = true; 239 + ProtectSystem = "strict"; 240 + ProtectProc = "invisible"; 241 + ProcSubset = "pid"; 242 + ProtectHome = true; 243 + PrivateUsers = true; 244 + PrivateTmp = true; 245 + SystemCallFilter = [ "@system-service" "~ @privileged @resources" ]; 246 + UMask = "0077"; 247 + }; 248 + }; 249 + 250 + systemd.services.firefox-syncserver-setup = lib.mkIf cfg.singleNode.enable { 251 + wantedBy = [ "firefox-syncserver.service" ]; 252 + requires = [ "firefox-syncserver.service" ] ++ lib.optional dbIsLocal "mysql.service"; 253 + after = [ "firefox-syncserver.service" ] ++ lib.optional dbIsLocal "mysql.service"; 254 + path = [ config.services.mysql.package ]; 255 + script = '' 256 + set -euo pipefail 257 + shopt -s inherit_errexit 258 + 259 + schema_configured() { 260 + mysql ${cfg.database.name} -Ne 'SHOW TABLES' | grep -q services 261 + } 262 + 263 + services_configured() { 264 + [ 1 != $(mysql ${cfg.database.name} -Ne 'SELECT COUNT(*) < 1 FROM `services`') ] 265 + } 266 + 267 + create_services() { 268 + mysql ${cfg.database.name} <<"EOF" 269 + BEGIN; 270 + 271 + INSERT INTO `services` (`id`, `service`, `pattern`) 272 + VALUES (1, 'sync-1.5', '{node}/1.5/{uid}'); 273 + INSERT INTO `nodes` (`id`, `service`, `node`, `available`, `current_load`, 274 + `capacity`, `downed`, `backoff`) 275 + VALUES (1, 1, '${cfg.singleNode.url}', ${toString cfg.singleNode.capacity}, 276 + 0, ${toString cfg.singleNode.capacity}, 0, 0); 277 + 278 + COMMIT; 279 + EOF 280 + } 281 + 282 + update_nodes() { 283 + mysql ${cfg.database.name} <<"EOF" 284 + UPDATE `nodes` 285 + SET `capacity` = ${toString cfg.singleNode.capacity} 286 + WHERE `id` = 1; 287 + EOF 288 + } 289 + 290 + for (( try = 0; try < 60; try++ )); do 291 + if ! schema_configured; then 292 + sleep 2 293 + elif services_configured; then 294 + update_nodes 295 + exit 0 296 + else 297 + create_services 298 + exit 0 299 + fi 300 + done 301 + 302 + echo "Single-node setup failed" 303 + exit 1 304 + ''; 305 + }; 306 + 307 + services.nginx.virtualHosts = lib.mkIf cfg.singleNode.enableNginx { 308 + ${cfg.singleNode.hostname} = { 309 + enableACME = cfg.singleNode.enableTLS; 310 + forceSSL = cfg.singleNode.enableTLS; 311 + locations."/" = { 312 + proxyPass = "http://localhost:${toString cfg.settings.port}"; 313 + # source mentions that this header should be set 314 + extraConfig = '' 315 + add_header X-Content-Type-Options nosniff; 316 + ''; 317 + }; 318 + }; 319 + }; 320 + }; 321 + 322 + meta = { 323 + maintainers = with lib.maintainers; [ pennae ]; 324 + # Don't edit the docbook xml directly, edit the md and generate it: 325 + # `pandoc firefox-syncserver.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > firefox-syncserver.xml` 326 + doc = ./firefox-syncserver.xml; 327 + }; 328 + }

+77

nixos/modules/services/networking/firefox-syncserver.xml

···

··· 1 + <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-firefox-syncserver"> 2 + <title>Firefox Sync server</title> 3 + <para> 4 + A storage server for Firefox Sync that you can easily host yourself. 5 + </para> 6 + <section xml:id="module-services-firefox-syncserver-quickstart"> 7 + <title>Quickstart</title> 8 + <para> 9 + The absolute minimal configuration for the sync server looks like 10 + this: 11 + </para> 12 + <programlisting language="nix"> 13 + services.mysql.package = pkgs.mariadb; 14 + 15 + services.firefox-syncserver = { 16 + enable = true; 17 + secrets = builtins.toFile "sync-secrets" '' 18 + SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store 19 + ''; 20 + singleNode = { 21 + enable = true; 22 + hostname = "localhost"; 23 + url = "http://localhost:5000"; 24 + }; 25 + }; 26 + </programlisting> 27 + <para> 28 + This will start a sync server that is only accessible locally. 29 + Once the services is running you can navigate to 30 + <literal>about:config</literal> in your Firefox profile and set 31 + <literal>identity.sync.tokenserver.uri</literal> to 32 + <literal>http://localhost:5000/1.0/sync/1.5</literal>. Your 33 + browser will now use your local sync server for data storage. 34 + </para> 35 + <warning> 36 + <para> 37 + This configuration should never be used in production. It is not 38 + encrypted and stores its secrets in a world-readable location. 39 + </para> 40 + </warning> 41 + </section> 42 + <section xml:id="module-services-firefox-syncserver-configuration"> 43 + <title>More detailed setup</title> 44 + <para> 45 + The <literal>firefox-syncserver</literal> service provides a 46 + number of options to make setting up small deployment easier. 47 + These are grouped under the <literal>singleNode</literal> element 48 + of the option tree and allow simple configuration of the most 49 + important parameters. 50 + </para> 51 + <para> 52 + Single node setup is split into two kinds of options: those that 53 + affect the sync server itself, and those that affect its 54 + surroundings. Options that affect the sync server are 55 + <literal>capacity</literal>, which configures how many accounts 56 + may be active on this instance, and <literal>url</literal>, which 57 + holds the URL under which the sync server can be accessed. The 58 + <literal>url</literal> can be configured automatically when using 59 + nginx. 60 + </para> 61 + <para> 62 + Options that affect the surroundings of the sync server are 63 + <literal>enableNginx</literal>, <literal>enableTLS</literal> and 64 + <literal>hostnam</literal>. If <literal>enableNginx</literal> is 65 + set the sync server module will automatically add an nginx virtual 66 + host to the system using <literal>hostname</literal> as the domain 67 + and set <literal>url</literal> accordingly. If 68 + <literal>enableTLS</literal> is set the module will also enable 69 + ACME certificates on the new virtual host and force all 70 + connections to be made via TLS. 71 + </para> 72 + <para> 73 + For actual deployment it is also recommended to store the 74 + <literal>secrets</literal> file in a secure location. 75 + </para> 76 + </section> 77 + </chapter>

+13 -6

nixos/modules/services/networking/yggdrasil.nix

··· 4 keysPath = "/var/lib/yggdrasil/keys.json"; 5 6 cfg = config.services.yggdrasil; 7 - configProvided = cfg.config != { }; 8 configFileProvided = cfg.configFile != null; 9 10 in { 11 options = with types; { 12 services.yggdrasil = { 13 enable = mkEnableOption "the yggdrasil system service"; 14 15 - config = mkOption { 16 - type = attrs; 17 default = {}; 18 example = { 19 Peers = [ ··· 138 wantedBy = [ "multi-user.target" ]; 139 140 preStart = 141 - (if configProvided || configFileProvided || cfg.persistentKeys then 142 "echo " 143 144 - + (lib.optionalString configProvided 145 - "'${builtins.toJSON cfg.config}'") 146 + (lib.optionalString configFileProvided "$(cat ${cfg.configFile})") 147 + (lib.optionalString cfg.persistentKeys "$(cat ${keysPath})") 148 + " | ${pkgs.jq}/bin/jq -s add | ${binYggdrasil} -normaliseconf -useconf"

··· 4 keysPath = "/var/lib/yggdrasil/keys.json"; 5 6 cfg = config.services.yggdrasil; 7 + settingsProvided = cfg.settings != { }; 8 configFileProvided = cfg.configFile != null; 9 10 + format = pkgs.formats.json { }; 11 in { 12 + imports = [ 13 + (mkRenamedOptionModule 14 + [ "services" "yggdrasil" "config" ] 15 + [ "services" "yggdrasil" "settings" ]) 16 + ]; 17 + 18 options = with types; { 19 services.yggdrasil = { 20 enable = mkEnableOption "the yggdrasil system service"; 21 22 + settings = mkOption { 23 + type = format.type; 24 default = {}; 25 example = { 26 Peers = [ ··· 145 wantedBy = [ "multi-user.target" ]; 146 147 preStart = 148 + (if settingsProvided || configFileProvided || cfg.persistentKeys then 149 "echo " 150 151 + + (lib.optionalString settingsProvided 152 + "'${builtins.toJSON cfg.settings}'") 153 + (lib.optionalString configFileProvided "$(cat ${cfg.configFile})") 154 + (lib.optionalString cfg.persistentKeys "$(cat ${keysPath})") 155 + " | ${pkgs.jq}/bin/jq -s add | ${binYggdrasil} -normaliseconf -useconf"

+2 -2

nixos/tests/yggdrasil.nix

··· 42 43 services.yggdrasil = { 44 enable = true; 45 - config = { 46 Listen = ["tcp://0.0.0.0:12345"]; 47 MulticastInterfaces = [ ]; 48 }; ··· 112 services.yggdrasil = { 113 enable = true; 114 denyDhcpcdInterfaces = [ "ygg0" ]; 115 - config = { 116 IfTAPMode = true; 117 IfName = "ygg0"; 118 MulticastInterfaces = [ "eth1" ];

··· 42 43 services.yggdrasil = { 44 enable = true; 45 + settings = { 46 Listen = ["tcp://0.0.0.0:12345"]; 47 MulticastInterfaces = [ ]; 48 }; ··· 112 services.yggdrasil = { 113 enable = true; 114 denyDhcpcdInterfaces = [ "ygg0" ]; 115 + settings = { 116 IfTAPMode = true; 117 IfName = "ygg0"; 118 MulticastInterfaces = [ "eth1" ];

+2 -2

pkgs/applications/blockchains/bisq-desktop/default.nix

··· 34 in 35 stdenv.mkDerivation rec { 36 pname = "bisq-desktop"; 37 - version = "1.9.1"; 38 39 src = fetchurl { 40 url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb"; 41 - sha256 = "0gzfcp255z542adk1g6gsmfpp5zpivv6n1f5kzqgwgm5qmr24049"; 42 }; 43 44 nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg zip xz ];

··· 34 in 35 stdenv.mkDerivation rec { 36 pname = "bisq-desktop"; 37 + version = "1.9.4"; 38 39 src = fetchurl { 40 url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb"; 41 + sha256 = "sha256-8CgbJ5gfzIEh5ppwvQxYz1IES7Dd4MZCac0uVLh/YaY="; 42 }; 43 44 nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg zip xz ];

+3 -3

pkgs/applications/misc/lscolors/default.nix

··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "lscolors"; 5 - version = "0.11.1"; 6 7 src = fetchCrate { 8 inherit version pname; 9 - sha256 = "sha256-RU5DhrfB4XlrI4fHUw0/88Ib6H6xvDlRwUNPPwgVKE0="; 10 }; 11 12 - cargoSha256 = "sha256-COWvR7B9tXGuPaD311bFzuoqkISDlIOD6GDQdFa6wT4="; 13 14 # setid is not allowed in the sandbox 15 checkFlags = [ "--skip=tests::style_for_setid" ];

··· 2 3 rustPlatform.buildRustPackage rec { 4 pname = "lscolors"; 5 + version = "0.12.0"; 6 7 src = fetchCrate { 8 inherit version pname; 9 + sha256 = "sha256-1tLI+M2hpXWsiO/x27ncs8zn8dBDx18AgsSbN/YE2Ic="; 10 }; 11 12 + cargoSha256 = "sha256-4bFzFztaD9jV3GXpZwCowAhvszedM5ion5/h3D26EY8="; 13 14 # setid is not allowed in the sandbox 15 checkFlags = [ "--skip=tests::style_for_setid" ];

+46

pkgs/applications/networking/instant-messengers/cinny-desktop/default.nix

···

··· 1 + { stdenv 2 + , lib 3 + , dpkg 4 + , fetchurl 5 + , autoPatchelfHook 6 + , glib-networking 7 + , openssl 8 + , webkitgtk 9 + , wrapGAppsHook 10 + }: 11 + 12 + stdenv.mkDerivation rec { 13 + name = "cinny-desktop"; 14 + version = "2.1.1"; 15 + 16 + src = fetchurl { 17 + url = "https://github.com/cinnyapp/cinny-desktop/releases/download/v${version}/Cinny_desktop-x86_64.deb"; 18 + sha256 = "sha256-4jd+N3a+u+c+XLwgr8BvvdkVLzo+xTBKFdjiQeu7NJU="; 19 + }; 20 + 21 + nativeBuildInputs = [ 22 + autoPatchelfHook 23 + dpkg 24 + ]; 25 + 26 + buildInputs = [ 27 + glib-networking 28 + openssl 29 + webkitgtk 30 + wrapGAppsHook 31 + ]; 32 + 33 + unpackCmd = "dpkg-deb -x $curSrc source"; 34 + 35 + installPhase = "mv usr $out"; 36 + 37 + meta = with lib; { 38 + description = "Yet another matrix client for desktop"; 39 + homepage = "https://github.com/cinnyapp/cinny-desktop"; 40 + maintainers = [ maintainers.aveltras ]; 41 + license = licenses.mit; 42 + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; 43 + platforms = platforms.linux; 44 + mainProgram = "cinny"; 45 + }; 46 + }

+3 -3

pkgs/applications/networking/sync/rclone/default.nix

··· 5 6 buildGoModule rec { 7 pname = "rclone"; 8 - version = "1.59.0"; 9 10 src = fetchFromGitHub { 11 owner = pname; 12 repo = pname; 13 rev = "v${version}"; 14 - sha256 = "sha256-SHUAEjdcqzNiIxSsmYb71JiOhWPoi8Z2nJAReRw2M5k="; 15 }; 16 17 - vendorSha256 = "sha256-ajOUvZ/0D8QL4MY6xO+hZziyUtIB0WQERU6Ov06K9I8="; 18 19 subPackages = [ "." ]; 20

··· 5 6 buildGoModule rec { 7 pname = "rclone"; 8 + version = "1.59.1"; 9 10 src = fetchFromGitHub { 11 owner = pname; 12 repo = pname; 13 rev = "v${version}"; 14 + sha256 = "sha256-eblCMe9ywJztjsWmngUkB/IE2ePI9Yin2jkxBW0tTbQ="; 15 }; 16 17 + vendorSha256 = "sha256-MZ5RtB4UGHPlMxyQ0VbX5iPpZw98oUuEhuMBDZcYiw8="; 18 19 subPackages = [ "." ]; 20

+19 -5

pkgs/data/icons/kora-icon-theme/default.nix

··· 1 - { lib, stdenvNoCC, fetchFromGitHub , gtk3, adwaita-icon-theme, breeze-icons, hicolor-icon-theme }: 2 3 stdenvNoCC.mkDerivation rec { 4 pname = "kora-icon-theme"; 5 - version = "1.5.2"; 6 7 src = fetchFromGitHub { 8 owner = "bikass"; 9 repo = "kora"; 10 rev = "v${version}"; 11 - sha256 = "sha256-OwuePPn4seHbzv81pnTEP1Q0Tp1ywZIEmw+dx3bDoXw="; 12 }; 13 14 nativeBuildInputs = [ ··· 27 runHook preInstall 28 29 mkdir -p $out/share/icons 30 - mv kora* $out/share/icons/ 31 32 for theme in $out/share/icons/*; do 33 gtk-update-icon-cache -f $theme ··· 36 runHook postInstall 37 ''; 38 39 meta = with lib; { 40 description = "An SVG icon theme in four variants"; 41 homepage = "https://github.com/bikass/kora"; 42 license = with licenses; [ gpl3Only ]; 43 platforms = platforms.linux; 44 - maintainers = with maintainers; [ ]; 45 }; 46 }

··· 1 + { lib 2 + , stdenvNoCC 3 + , fetchFromGitHub 4 + , gtk3 5 + , adwaita-icon-theme 6 + , breeze-icons 7 + , hicolor-icon-theme 8 + , gitUpdater 9 + }: 10 11 stdenvNoCC.mkDerivation rec { 12 pname = "kora-icon-theme"; 13 + version = "1.5.3"; 14 15 src = fetchFromGitHub { 16 owner = "bikass"; 17 repo = "kora"; 18 rev = "v${version}"; 19 + sha256 = "sha256-j4W9w/icGjfkbbb0xYF3NfSFsp5RkNCc805E089JaFQ="; 20 }; 21 22 nativeBuildInputs = [ ··· 35 runHook preInstall 36 37 mkdir -p $out/share/icons 38 + cp -a kora* $out/share/icons/ 39 + rm $out/share/icons/kora*/create-new-icon-theme.cache.sh 40 41 for theme in $out/share/icons/*; do 42 gtk-update-icon-cache -f $theme ··· 45 runHook postInstall 46 ''; 47 48 + passthru.updateScript = gitUpdater { 49 + inherit pname version; 50 + rev-prefix = "v"; 51 + }; 52 + 53 meta = with lib; { 54 description = "An SVG icon theme in four variants"; 55 homepage = "https://github.com/bikass/kora"; 56 license = with licenses; [ gpl3Only ]; 57 platforms = platforms.linux; 58 + maintainers = with maintainers; [ romildo ]; 59 }; 60 }

+14 -22

pkgs/data/themes/catppuccin-gtk/default.nix

··· 6 , gtk-engine-murrine 7 , sassc 8 , which 9 - , tweaks ? [ ] # can be "nord" "black" "rimless". cannot mix "nord" and "black" 10 - , size ? "standard" # can be "standard" "compact" 11 }: 12 let 13 validSizes = [ "standard" "compact" ]; 14 - validTweaks = [ "nord" "black" "rimless" ]; 15 16 unknownTweaks = lib.subtractLists validTweaks tweaks; 17 - illegalMix = !(lib.elem "nord" tweaks) && !(lib.elem "black" tweaks); 18 19 assertIllegal = lib.assertMsg illegalMix '' 20 - Tweaks "nord" and "black" cannot be mixed. Tweaks: ${toString tweaks} 21 ''; 22 23 assertSize = lib.assertMsg (lib.elem size validSizes) '' 24 - You entered wrong size: ${size} 25 Valid sizes are: ${toString validSizes} 26 ''; 27 ··· 37 38 stdenvNoCC.mkDerivation rec { 39 pname = "catppuccin-gtk"; 40 - version = "unstable-2022-02-24"; 41 42 src = fetchFromGitHub { 43 repo = "gtk"; 44 owner = "catppuccin"; 45 - rev = "359c584f607c021fcc657ce77b81c181ebaff6de"; 46 - sha256 = "sha256-AVhFw1XTnkU0hoM+UyjT7ZevLkePybBATJUMLqRytpk="; 47 }; 48 49 nativeBuildInputs = [ gtk3 sassc which ]; ··· 52 53 propagatedUserEnvPkgs = [ gtk-engine-murrine ]; 54 55 - patches = [ 56 - # Allows installing with `-t all`. Works around missing grey assets. 57 - # https://github.com/catppuccin/gtk/issues/17 58 - ./grey-fix.patch 59 - ]; 60 - 61 postPatch = '' 62 - patchShebangs --build scripts/* 63 - substituteInPlace Makefile \ 64 - --replace '$(shell git rev-parse --show-toplevel)' "$PWD" 65 - substituteInPlace 'scripts/install.sh' \ 66 - --replace '$(git rev-parse --show-toplevel)' "$PWD" 67 ''; 68 69 installPhase = '' 70 runHook preInstall 71 72 mkdir -p $out/share/themes 73 - bash scripts/install.sh -d $out/share/themes -t all \ 74 ${lib.optionalString (size != "") "-s ${size}"} \ 75 ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks} 76 ··· 78 ''; 79 80 meta = with lib; { 81 - description = "Soothing pastel theme for GTK3"; 82 homepage = "https://github.com/catppuccin/gtk"; 83 license = licenses.gpl3Plus; 84 platforms = platforms.linux;

··· 6 , gtk-engine-murrine 7 , sassc 8 , which 9 + , tweaks ? [ ] 10 + , size ? "standard" 11 }: 12 let 13 validSizes = [ "standard" "compact" ]; 14 + validTweaks = [ "nord" "dracula" "black" "rimless" "normal" ]; 15 16 unknownTweaks = lib.subtractLists validTweaks tweaks; 17 + illegalMix = !(lib.elem "nord" tweaks) && !(lib.elem "dracula" tweaks); 18 19 assertIllegal = lib.assertMsg illegalMix '' 20 + Tweaks "nord" and "dracula" cannot be mixed. Tweaks: ${toString tweaks} 21 ''; 22 23 assertSize = lib.assertMsg (lib.elem size validSizes) '' 24 + You entered a wrong size: ${size} 25 Valid sizes are: ${toString validSizes} 26 ''; 27 ··· 37 38 stdenvNoCC.mkDerivation rec { 39 pname = "catppuccin-gtk"; 40 + version = "unstable-2022-08-01"; 41 42 src = fetchFromGitHub { 43 repo = "gtk"; 44 owner = "catppuccin"; 45 + rev = "87a79fd2bf07accc694455df30a32a82b1b31f4f"; 46 + sha256 = "sha256-dKHTQva0BYkO6VPNfY/pzRn/V1ghX+tYqbnM9hTAMeE="; 47 }; 48 49 nativeBuildInputs = [ gtk3 sassc which ]; ··· 52 53 propagatedUserEnvPkgs = [ gtk-engine-murrine ]; 54 55 postPatch = '' 56 + patchShebangs --build clean-old-theme.sh install.sh 57 ''; 58 59 installPhase = '' 60 runHook preInstall 61 + 62 + export HOME=$(mktemp -d) 63 64 mkdir -p $out/share/themes 65 + bash install.sh -d $out/share/themes -t all \ 66 ${lib.optionalString (size != "") "-s ${size}"} \ 67 ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks} 68 ··· 70 ''; 71 72 meta = with lib; { 73 + description = "Soothing pastel theme for GTK"; 74 homepage = "https://github.com/catppuccin/gtk"; 75 license = licenses.gpl3Plus; 76 platforms = platforms.linux;

-12

pkgs/data/themes/catppuccin-gtk/grey-fix.patch

··· 1 - diff --git a/scripts/install.sh b/scripts/install.sh 2 - index d2a2b86..bd05c93 100755 3 - --- a/scripts/install.sh 4 - +++ b/scripts/install.sh 5 - @@ -20,7 +20,7 @@ fi 6 - SASSC_OPT="-M -t expanded" 7 - 8 - THEME_NAME=Catppuccin 9 - -THEME_VARIANTS=('' '-purple' '-pink' '-red' '-orange' '-yellow' '-green' '-teal' '-grey') 10 - +THEME_VARIANTS=('' '-purple' '-pink' '-red' '-orange' '-yellow' '-green' '-teal') 11 - COLOR_VARIANTS=('' '-light' '-dark') 12 - SIZE_VARIANTS=('' '-compact')

···

-2

pkgs/development/compilers/hare/hare/setup-hook.sh

··· 1 - export HARECACHE="$NIX_BUILD_TOP/.harecache" 2 - 3 addHarepath () { 4 for haredir in third-party stdlib; do 5 if [[ -d "$1/src/hare/$haredir" ]]; then

··· 1 addHarepath () { 2 for haredir in third-party stdlib; do 3 if [[ -d "$1/src/hare/$haredir" ]]; then

+12 -4

pkgs/development/libraries/librealsense/default.nix

··· 8 , ninja 9 , pkg-config 10 , gcc 11 , cudaSupport ? config.cudaSupport or false, cudaPackages ? {} 12 , enablePython ? false, pythonPackages ? null 13 }: 14 15 assert cudaSupport -> (cudaPackages?cudatoolkit && cudaPackages.cudatoolkit != null); ··· 32 libusb1 33 gcc.cc.lib 34 ] ++ lib.optional cudaSupport cudaPackages.cudatoolkit 35 - ++ lib.optionals enablePython (with pythonPackages; [python pybind11 ]); 36 37 patches = [ 38 # fix build on aarch64-darwin ··· 53 54 cmakeFlags = [ 55 "-DBUILD_EXAMPLES=ON" 56 - "-DBUILD_GRAPHICAL_EXAMPLES=OFF" 57 - "-DBUILD_GLSL_EXTENSIONS=OFF" 58 ] ++ lib.optionals enablePython [ 59 "-DBUILD_PYTHON_BINDINGS:bool=true" 60 "-DXXNIX_PYTHON_SITEPACKAGES=${placeholder "out"}/${pythonPackages.python.sitePackages}" ··· 72 description = "A cross-platform library for Intel® RealSense™ depth cameras (D400 series and the SR300)"; 73 homepage = "https://github.com/IntelRealSense/librealsense"; 74 license = licenses.asl20; 75 - maintainers = with maintainers; [ brian-dawn ]; 76 platforms = platforms.unix; 77 }; 78 }

··· 8 , ninja 9 , pkg-config 10 , gcc 11 + , mesa 12 + , gtk3 13 + , glfw 14 + , libGLU 15 + , curl 16 , cudaSupport ? config.cudaSupport or false, cudaPackages ? {} 17 , enablePython ? false, pythonPackages ? null 18 + , enableGUI ? false, 19 }: 20 21 assert cudaSupport -> (cudaPackages?cudatoolkit && cudaPackages.cudatoolkit != null); ··· 38 libusb1 39 gcc.cc.lib 40 ] ++ lib.optional cudaSupport cudaPackages.cudatoolkit 41 + ++ lib.optionals enablePython (with pythonPackages; [ python pybind11 ]) 42 + ++ lib.optionals enableGUI [ mesa gtk3 glfw libGLU curl ]; 43 44 patches = [ 45 # fix build on aarch64-darwin ··· 60 61 cmakeFlags = [ 62 "-DBUILD_EXAMPLES=ON" 63 + "-DBUILD_GRAPHICAL_EXAMPLES=${lib.boolToString enableGUI}" 64 + "-DBUILD_GLSL_EXTENSIONS=${lib.boolToString enableGUI}" 65 + "-DCHECK_FOR_UPDATES=OFF" # activated by BUILD_GRAPHICAL_EXAMPLES, will make it download and compile libcurl 66 ] ++ lib.optionals enablePython [ 67 "-DBUILD_PYTHON_BINDINGS:bool=true" 68 "-DXXNIX_PYTHON_SITEPACKAGES=${placeholder "out"}/${pythonPackages.python.sitePackages}" ··· 80 description = "A cross-platform library for Intel® RealSense™ depth cameras (D400 series and the SR300)"; 81 homepage = "https://github.com/IntelRealSense/librealsense"; 82 license = licenses.asl20; 83 + maintainers = with maintainers; [ brian-dawn pbsds ]; 84 platforms = platforms.unix; 85 }; 86 }

+3 -3

pkgs/development/node-packages/node-packages.nix

··· 118873 pnpm = nodeEnv.buildNodePackage { 118874 name = "pnpm"; 118875 packageName = "pnpm"; 118876 - version = "7.8.0"; 118877 src = fetchurl { 118878 - url = "https://registry.npmjs.org/pnpm/-/pnpm-7.8.0.tgz"; 118879 - sha512 = "jzb9/gto4nwuVA2itTRk0PJhuaZcA1NBRB298UzXhqKZQMjtHCS+KLzh7RWk5n3g+KnMg5FHr6Mwg1L62dBz1A=="; 118880 }; 118881 buildInputs = globalBuildInputs; 118882 meta = {

··· 118873 pnpm = nodeEnv.buildNodePackage { 118874 name = "pnpm"; 118875 packageName = "pnpm"; 118876 + version = "7.9.1"; 118877 src = fetchurl { 118878 + url = "https://registry.npmjs.org/pnpm/-/pnpm-7.9.1.tgz"; 118879 + sha512 = "5vyV+FwZj5y31UDDsiq9xcVzF+mvS+IPdgAgkZ9rVxYPNKCCVwVn5LsHh9jcfuApiKYVgpyisAMcuSDbe1/C0Q=="; 118880 }; 118881 buildInputs = globalBuildInputs; 118882 meta = {

+2 -2

pkgs/development/python-modules/asyncssh/default.nix

··· 20 21 buildPythonPackage rec { 22 pname = "asyncssh"; 23 - version = "2.11.0"; 24 format = "setuptools"; 25 26 disabled = pythonOlder "3.6"; 27 28 src = fetchPypi { 29 inherit pname version; 30 - sha256 = "sha256-WcNs53up3ajdV62HV3bnEF3bH6hRvAObs66t6sT2e1Y="; 31 }; 32 33 propagatedBuildInputs = [

··· 20 21 buildPythonPackage rec { 22 pname = "asyncssh"; 23 + version = "2.12.0"; 24 format = "setuptools"; 25 26 disabled = pythonOlder "3.6"; 27 28 src = fetchPypi { 29 inherit pname version; 30 + sha256 = "sha256-J0EBMixLlBgjru2OGrbnvlGRaGxtstK9Na/rowUF54A="; 31 }; 32 33 propagatedBuildInputs = [

+9 -3

pkgs/development/python-modules/colormath/default.nix

··· 8 9 buildPythonPackage rec { 10 pname = "colormath"; 11 - version = "3.0.0"; 12 13 src = fetchFromGitHub { 14 owner = "gtaylor"; 15 - rev = "3.0.0"; 16 repo = "python-colormath"; 17 - sha256 = "1nqf5wy8ikx2g684khzvjc4iagkslmbsxxwilbv4jpaznr9lahdl"; 18 }; 19 20 propagatedBuildInputs = [ networkx numpy ]; 21 22 checkInputs = [ nose ]; 23 checkPhase = "nosetests"; 24 25 meta = with lib; { 26 description = "Color math and conversion library";

··· 8 9 buildPythonPackage rec { 10 pname = "colormath"; 11 + # Switch to unstable which fixes an deprecation issue with newer numpy 12 + # versions, should be included in versions > 3.0 13 + # https://github.com/gtaylor/python-colormath/issues/104 14 + version = "unstable-2021-04-17"; 15 16 src = fetchFromGitHub { 17 owner = "gtaylor"; 18 repo = "python-colormath"; 19 + rev = "4a076831fd5136f685aa7143db81eba27b2cd19a"; 20 + sha256 = "sha256-eACVPIQFgiGiVmQ/PjUxP/UH/hBOsCywz5PlgpA4dk4="; 21 }; 22 23 propagatedBuildInputs = [ networkx numpy ]; 24 25 checkInputs = [ nose ]; 26 + 27 checkPhase = "nosetests"; 28 + 29 + pythonImportsCheck = [ "colormath" ]; 30 31 meta = with lib; { 32 description = "Color math and conversion library";

+2 -2

pkgs/development/python-modules/datashader/default.nix

··· 25 26 buildPythonPackage rec { 27 pname = "datashader"; 28 - version = "0.14.1"; 29 format = "setuptools"; 30 31 disabled = pythonOlder "3.7"; 32 33 src = fetchPypi { 34 inherit pname version; 35 - hash = "sha256-VGF6351lVCBat68EY9IY9lHk1hDMcjBcrVdPSliFq4Y="; 36 }; 37 38 propagatedBuildInputs = [

··· 25 26 buildPythonPackage rec { 27 pname = "datashader"; 28 + version = "0.14.2"; 29 format = "setuptools"; 30 31 disabled = pythonOlder "3.7"; 32 33 src = fetchPypi { 34 inherit pname version; 35 + hash = "sha256-q8aOpuJD6aX9m9jPm9PY5vZGBJL6Jpf+pPHbcQVOJLg="; 36 }; 37 38 propagatedBuildInputs = [

+2 -7

pkgs/development/python-modules/db-dtypes/default.nix

··· 11 12 buildPythonPackage rec { 13 pname = "db-dtypes"; 14 - version = "1.0.2"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.7"; ··· 20 owner = "googleapis"; 21 repo = "python-db-dtypes-pandas"; 22 rev = "refs/tags/v${version}"; 23 - hash = "sha256-LLKhYLzGUQRx4ciWv1TilYvTOO0sj6rdkPlJLPZ8VXA="; 24 }; 25 - 26 - postPatch = '' 27 - substituteInPlace setup.py \ 28 - --replace 'pyarrow>=3.0.0, <9.0dev' 'pyarrow>=3.0.0, <10.0dev' 29 - ''; 30 31 propagatedBuildInputs = [ 32 numpy

··· 11 12 buildPythonPackage rec { 13 pname = "db-dtypes"; 14 + version = "1.0.3"; 15 format = "setuptools"; 16 17 disabled = pythonOlder "3.7"; ··· 20 owner = "googleapis"; 21 repo = "python-db-dtypes-pandas"; 22 rev = "refs/tags/v${version}"; 23 + hash = "sha256-KkwXmJ9KwmslBPhBApm+bcY7Tu/J2ZK4sszBaMMDcpY="; 24 }; 25 26 propagatedBuildInputs = [ 27 numpy

+2 -2

pkgs/development/python-modules/elastic-apm/default.nix

··· 28 29 buildPythonPackage rec { 30 pname = "elastic-apm"; 31 - version = "6.10.2"; 32 format = "setuptools"; 33 34 disabled = pythonOlder "3.8"; ··· 37 owner = "elastic"; 38 repo = "apm-agent-python"; 39 rev = "v${version}"; 40 - hash = "sha256-Ru/yGND7xkpO3QH/cTMu4rxWUXSMsFx5u/V/rHY8k1E="; 41 }; 42 43 propagatedBuildInputs = [

··· 28 29 buildPythonPackage rec { 30 pname = "elastic-apm"; 31 + version = "6.11.0"; 32 format = "setuptools"; 33 34 disabled = pythonOlder "3.8"; ··· 37 owner = "elastic"; 38 repo = "apm-agent-python"; 39 rev = "v${version}"; 40 + hash = "sha256-ZmvOyEkXp0PEDHWcuGT91mhXwV2E6SPlrWBY/sNiRmc="; 41 }; 42 43 propagatedBuildInputs = [

+10 -2

pkgs/development/python-modules/mistune/common.nix

··· 1 - { lib, buildPythonPackage, fetchPypi, nose, version, sha256, format ? "setuptools" }: 2 3 buildPythonPackage rec { 4 inherit version format; ··· 15 description = "The fastest markdown parser in pure Python"; 16 homepage = "https://github.com/lepture/mistune"; 17 license = licenses.bsd3; 18 - }; 19 }

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , nose 5 + , version 6 + , sha256 7 + , format ? "setuptools" 8 + , extraMeta ? {} 9 + }: 10 11 buildPythonPackage rec { 12 inherit version format; ··· 23 description = "The fastest markdown parser in pure Python"; 24 homepage = "https://github.com/lepture/mistune"; 25 license = licenses.bsd3; 26 + } // extraMeta; 27 }

+3

pkgs/development/python-modules/mistune/default.nix

··· 2 mistune_0_8 = self.callPackage ./common.nix { 3 version = "0.8.4"; 4 sha256 = "59a3429db53c50b5c6bcc8a07f8848cb00d7dc8bdb431a4ab41920d201d4756e"; 5 }; 6 mistune_2_0 = self.callPackage ./common.nix { 7 version = "2.0.4";

··· 2 mistune_0_8 = self.callPackage ./common.nix { 3 version = "0.8.4"; 4 sha256 = "59a3429db53c50b5c6bcc8a07f8848cb00d7dc8bdb431a4ab41920d201d4756e"; 5 + extraMeta = { 6 + knownVulnerabilities = [ "CVE-2022-34749" ]; 7 + }; 8 }; 9 mistune_2_0 = self.callPackage ./common.nix { 10 version = "2.0.4";

+2 -2

pkgs/development/python-modules/openai/default.nix

··· 21 22 buildPythonPackage rec { 23 pname = "openai"; 24 - version = "0.22.0"; 25 26 disabled = pythonOlder "3.7.1"; 27 ··· 30 owner = "openai"; 31 repo = "openai-python"; 32 rev = "v${version}"; 33 - sha256 = "sha256-4FKFcUiY17hEiOGFP1fPBtcvcM19hFrHXX3ZLxgdJHI="; 34 }; 35 36 propagatedBuildInputs = [

··· 21 22 buildPythonPackage rec { 23 pname = "openai"; 24 + version = "0.22.1"; 25 26 disabled = pythonOlder "3.7.1"; 27 ··· 30 owner = "openai"; 31 repo = "openai-python"; 32 rev = "v${version}"; 33 + sha256 = "sha256-QUnsm0ui1BFlLqAlH1bp7uDbhiRigePrAPAkSRjftM4="; 34 }; 35 36 propagatedBuildInputs = [

+44

pkgs/development/python-modules/sphinx-fortran/default.nix

···

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchFromGitHub 4 + , pytestCheckHook 5 + , future 6 + , numpy 7 + , sphinx 8 + , six 9 + }: 10 + 11 + buildPythonPackage rec { 12 + pname = "sphinx-fortran"; 13 + version = "unstable-2022-03-02"; 14 + 15 + src = fetchFromGitHub { 16 + owner = "VACUMM"; 17 + repo = pname; 18 + rev = "394ae990b43ed43fcff8beb048632f5e99794264"; 19 + sha256 = "sha256-IVKu5u9gqs7/9EZrf4ZYd12K6J31u+/B8kk4+8yfohM="; 20 + }; 21 + 22 + propagatedBuildInputs = [ 23 + future 24 + numpy 25 + sphinx 26 + six 27 + ]; 28 + 29 + pythonImportsCheck = [ "sphinxfortran" ]; 30 + 31 + # Tests are failing because reference files are not updated 32 + doCheck = false; 33 + 34 + checkInputs = [ 35 + pytestCheckHook 36 + ]; 37 + 38 + meta = with lib; { 39 + description = "Fortran domain and autodoc extensions to Sphinx"; 40 + homepage = "http://sphinx-fortran.readthedocs.org/"; 41 + license = licenses.cecill21; 42 + maintainers = with maintainers; [ loicreynier ]; 43 + }; 44 + }

+2 -1

pkgs/development/tools/continuous-integration/jenkins/default.nix

··· 70 homepage = "https://jenkins-ci.org"; 71 sourceProvenance = with sourceTypes; [ binaryBytecode ]; 72 license = licenses.mit; 73 - maintainers = with maintainers; [ coconnor earldouglas nequissimus ]; 74 mainProgram = "jenkins-cli"; 75 platforms = platforms.all; 76 };

··· 70 homepage = "https://jenkins-ci.org"; 71 sourceProvenance = with sourceTypes; [ binaryBytecode ]; 72 license = licenses.mit; 73 + maintainers = with maintainers; [ coconnor earldouglas nequissimus ajs124 ]; 74 + changelog = "https://www.jenkins.io/changelog-stable/#v${version}"; 75 mainProgram = "jenkins-cli"; 76 platforms = platforms.all; 77 };

+3 -3

pkgs/development/tools/gopls/default.nix

··· 2 3 buildGoModule rec { 4 pname = "gopls"; 5 - version = "0.9.1"; 6 7 src = fetchFromGitHub { 8 owner = "golang"; 9 repo = "tools"; 10 rev = "gopls/v${version}"; 11 - sha256 = "sha256-+9NOQRu7cwEkRMB+HFEVrF7Z8y5UCxdUL005vZFPUHk="; 12 }; 13 14 modRoot = "gopls"; 15 - vendorSha256 = "sha256-V5HQAKRFtHfJJzdQ8eutCpVmnOWe0yYKKnlGxphulAc="; 16 17 doCheck = false; 18

··· 2 3 buildGoModule rec { 4 pname = "gopls"; 5 + version = "0.9.3"; 6 7 src = fetchFromGitHub { 8 owner = "golang"; 9 repo = "tools"; 10 rev = "gopls/v${version}"; 11 + sha256 = "sha256-WpSF3HnSjCqUkD1PVvtYXoWSyjYnasr85AK8wMULPBI="; 12 }; 13 14 modRoot = "gopls"; 15 + vendorSha256 = "sha256-8NhZD7ImvsBGw0xi9NR7AB9SdHkwjsA+jV7UTjVF4wM="; 16 17 doCheck = false; 18

+37

pkgs/os-specific/darwin/pngpaste/default.nix

···

··· 1 + { lib, stdenv, fetchFromGitHub, AppKit, Cocoa }: 2 + 3 + let 4 + pname = "pngpaste"; 5 + version = "0.2.3"; 6 + in stdenv.mkDerivation { 7 + inherit pname version; 8 + src = fetchFromGitHub { 9 + owner = "jcsalterego"; 10 + repo = pname; 11 + rev = version; 12 + sha256 = "uvajxSelk1Wfd5is5kmT2fzDShlufBgC0PDCeabEOSE="; 13 + }; 14 + 15 + buildInputs = [ AppKit Cocoa ]; 16 + 17 + installPhase = '' 18 + mkdir -p $out/bin 19 + cp pngpaste $out/bin 20 + ''; 21 + 22 + meta = with lib; { 23 + description = "Paste image files from clipboard to file on MacOS"; 24 + longDescription = '' 25 + Paste PNG into files on MacOS, much like pbpaste does for text. 26 + Supported input formats are PNG, PDF, GIF, TIF, JPEG. 27 + Supported output formats are PNG, GIF, JPEG, TIFF. Output 28 + formats are determined by the provided filename extension, 29 + falling back to PNG. 30 + ''; 31 + homepage = "https://github.com/jcsalterego/pngpaste"; 32 + changelog = "https://github.com/jcsalterego/pngpaste/raw/${version}/CHANGELOG.md"; 33 + platforms = platforms.darwin; 34 + license = licenses.bsd2; 35 + maintainers = with maintainers; [ samw ]; 36 + }; 37 + }

+6 -12

pkgs/os-specific/solo5/default.nix

··· 2 , pkg-config, qemu, syslinux, util-linux }: 3 4 let 5 - version = "0.6.9"; 6 # list of all theoretically available targets 7 targets = [ 8 "genode" ··· 21 22 src = fetchurl { 23 url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz"; 24 - sha256 = "03lvk9mab3yxrmi73wrvvhykqcydjrsda0wj6aasnjm5lx9jycpr"; 25 }; 26 27 hardeningEnable = [ "pie" ]; 28 29 configurePhase = '' 30 runHook preConfigure 31 - sh configure.sh 32 runHook postConfigure 33 ''; 34 ··· 38 runHook preInstall 39 export DESTDIR=$out 40 export PREFIX=$out 41 - make install-tools 42 - 43 - # get CONFIG_* vars from Makeconf which also parse in sh 44 - grep '^CONFIG_' Makeconf > nix_tmp_targetconf 45 - source nix_tmp_targetconf 46 - # install opam / pkg-config files for all enabled targets 47 - ${lib.concatMapStrings (bind: '' 48 - [ -n "$CONFIG_${lib.toUpper bind}" ] && make install-opam-${bind} 49 - '') targets} 50 51 substituteInPlace $out/bin/solo5-virtio-mkimage \ 52 --replace "/usr/lib/syslinux" "${syslinux}/share/syslinux" \

··· 2 , pkg-config, qemu, syslinux, util-linux }: 3 4 let 5 + version = "0.7.3"; 6 # list of all theoretically available targets 7 targets = [ 8 "genode" ··· 21 22 src = fetchurl { 23 url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz"; 24 + sha256 = "sha256-8LftT22XzmmWxgYez+BAHDX4HOyl5DrwrpuO2+bqqcY="; 25 }; 26 27 + patches = [ ./test_sleep.patch ]; 28 + 29 hardeningEnable = [ "pie" ]; 30 31 configurePhase = '' 32 runHook preConfigure 33 + sh configure.sh --prefix=/ 34 runHook postConfigure 35 ''; 36 ··· 40 runHook preInstall 41 export DESTDIR=$out 42 export PREFIX=$out 43 + make install 44 45 substituteInPlace $out/bin/solo5-virtio-mkimage \ 46 --replace "/usr/lib/syslinux" "${syslinux}/share/syslinux" \

+22

pkgs/os-specific/solo5/test_sleep.patch

···

··· 1 + diff --git a/tests/test_time/test_time.c b/tests/test_time/test_time.c 2 + index 931500b..cde64ad 100644 3 + --- a/tests/test_time/test_time.c 4 + +++ b/tests/test_time/test_time.c 5 + @@ -110,7 +110,8 @@ int solo5_app_main(const struct solo5_start_info *si __attribute__((unused))) 6 + /* 7 + * Verify that we did not sleep less than requested (see above). 8 + */ 9 + - if (delta < NSEC_PER_SEC) { 10 + + const solo5_time_t slack = 100000000ULL; 11 + + if (delta < NSEC_PER_SEC - slack) { 12 + printf("[%d] ERROR: slept too little (expected at least %llu ns)\n", 13 + iters, (unsigned long long)NSEC_PER_SEC); 14 + failed = true; 15 + @@ -120,7 +121,6 @@ int solo5_app_main(const struct solo5_start_info *si __attribute__((unused))) 16 + * Verify that we did not sleep more than requested, within reason 17 + * (scheduling delays, general inaccuracy of the current timing code). 18 + */ 19 + - const solo5_time_t slack = 100000000ULL; 20 + if (delta > (NSEC_PER_SEC + slack)) { 21 + printf("[%d] ERROR: slept too much (expected at most %llu ns)\n", 22 + iters, (unsigned long long)slack);

+63

pkgs/servers/syncstorage-rs/default.nix

···

··· 1 + { fetchFromGitHub 2 + , rustPlatform 3 + , pkg-config 4 + , python3 5 + , openssl 6 + , cmake 7 + , libmysqlclient 8 + , makeBinaryWrapper 9 + , lib 10 + }: 11 + 12 + let 13 + pyFxADeps = python3.withPackages (p: [ 14 + p.setuptools # imports pkg_resources 15 + # remainder taken from requirements.txt 16 + p.pyfxa 17 + p.tokenlib 18 + p.cryptography 19 + ]); 20 + in 21 + 22 + rustPlatform.buildRustPackage rec { 23 + pname = "syncstorage-rs"; 24 + version = "0.12.0"; 25 + 26 + src = fetchFromGitHub { 27 + owner = "mozilla-services"; 28 + repo = pname; 29 + rev = version; 30 + hash = "sha256-VfIpjpBS7LXe32fxIFp7xmbm40VwxUdHIEm5PnMpd4s="; 31 + }; 32 + 33 + nativeBuildInputs = [ 34 + cmake 35 + makeBinaryWrapper 36 + pkg-config 37 + python3 38 + ]; 39 + 40 + buildInputs = [ 41 + libmysqlclient 42 + openssl 43 + ]; 44 + 45 + preFixup = '' 46 + wrapProgram $out/bin/syncstorage \ 47 + --prefix PATH : ${lib.makeBinPath [ pyFxADeps ]} 48 + ''; 49 + 50 + cargoSha256 = "sha256-JXxArKA/2SIYJvjNA1yZHR9xDKt3N2U7HVMP/6M3BxE="; 51 + 52 + buildFeatures = [ "grpcio/openssl" ]; 53 + 54 + # almost all tests need a DB to test against 55 + doCheck = false; 56 + 57 + meta = { 58 + description = "Mozilla Sync Storage built with Rust"; 59 + homepage = "https://github.com/mozilla-services/syncstorage-rs"; 60 + license = lib.licenses.mpl20; 61 + maintainers = with lib.maintainers; [ pennae ]; 62 + }; 63 + }

+2 -1

pkgs/servers/web-apps/snipe-it/default.nix

··· 1 - { pkgs, stdenv, lib, fetchFromGitHub, dataDir ? "/var/lib/snipe-it" }: 2 3 let 4 package = (import ./composition.nix { ··· 13 ln -s ${dataDir}/public/uploads $out/public/uploads 14 ln -s ${dataDir}/bootstrap/cache $out/bootstrap/cache 15 chmod +x $out/artisan 16 ''; 17 }); 18

··· 1 + { pkgs, stdenv, lib, fetchFromGitHub, dataDir ? "/var/lib/snipe-it", mariadb }: 2 3 let 4 package = (import ./composition.nix { ··· 13 ln -s ${dataDir}/public/uploads $out/public/uploads 14 ln -s ${dataDir}/bootstrap/cache $out/bootstrap/cache 15 chmod +x $out/artisan 16 + substituteInPlace config/database.php --replace "env('DB_DUMP_PATH', '/usr/local/bin')" "env('DB_DUMP_PATH', '${mariadb}/bin')" 17 ''; 18 }); 19

+2 -2

pkgs/tools/misc/smenu/default.nix

··· 1 { lib, stdenv, fetchFromGitHub, ncurses }: 2 3 stdenv.mkDerivation rec { 4 - version = "0.9.19"; 5 pname = "smenu"; 6 7 src = fetchFromGitHub { 8 owner = "p-gen"; 9 repo = "smenu"; 10 rev = "v${version}"; 11 - sha256 = "sha256-0ZA8Op1IMZMJ7g1waK2uOYOCDfqPfiqnnjopGtBW1w8="; 12 }; 13 14 buildInputs = [ ncurses ];

··· 1 { lib, stdenv, fetchFromGitHub, ncurses }: 2 3 stdenv.mkDerivation rec { 4 + version = "1.0.0"; 5 pname = "smenu"; 6 7 src = fetchFromGitHub { 8 owner = "p-gen"; 9 repo = "smenu"; 10 rev = "v${version}"; 11 + sha256 = "sha256-jmQ5QLsy0T2ytq1xYJkLBlEw5NxVTsAN+wckyV+68zg="; 12 }; 13 14 buildInputs = [ ncurses ];

+2 -2

pkgs/tools/security/webanalyze/default.nix

··· 5 6 buildGoModule rec { 7 pname = "webanalyze"; 8 - version = "0.3.6"; 9 10 src = fetchFromGitHub { 11 owner = "rverton"; 12 repo = pname; 13 rev = "v${version}"; 14 - hash = "sha256-r5HIXh0mKCZmzOOAKThNUPtJLsTYvnVE8FYA6vV5xjg="; 15 }; 16 17 vendorSha256 = "sha256-kXtWYGsZUUhBNvkTOah3Z+ta118k6PXfpBx6MLr/pq0=";

··· 5 6 buildGoModule rec { 7 pname = "webanalyze"; 8 + version = "0.3.7"; 9 10 src = fetchFromGitHub { 11 owner = "rverton"; 12 repo = pname; 13 rev = "v${version}"; 14 + hash = "sha256-W7NgV50r/MNSF6+e0IR9C1dcg/k0w67GcTs0NTbhKBc="; 15 }; 16 17 vendorSha256 = "sha256-kXtWYGsZUUhBNvkTOah3Z+ta118k6PXfpBx6MLr/pq0=";

+3 -3

pkgs/tools/system/systeroid/default.nix

··· 7 8 rustPlatform.buildRustPackage rec { 9 pname = "systeroid"; 10 - version = "0.1.1"; 11 12 src = fetchFromGitHub { 13 owner = "orhun"; 14 repo = pname; 15 rev = "v${version}"; 16 - sha256 = "0xf81wyp5qg67r0vyqg0209pcabx70vvxx4nrg2y7qa0mhvf6p94"; 17 }; 18 19 postPatch = '' ··· 21 --replace '"/usr/share/doc/kernel-doc-*/Documentation/*",' '"${linux-doc}/share/doc/linux-doc/*",' 22 ''; 23 24 - cargoSha256 = "sha256-D/sSeMR1Zg3OH1fdSVKdxdIcoP4OLp3T8mwQ28O8rfk="; 25 26 buildInputs = [ 27 xorg.libxcb

··· 7 8 rustPlatform.buildRustPackage rec { 9 pname = "systeroid"; 10 + version = "0.2.0"; 11 12 src = fetchFromGitHub { 13 owner = "orhun"; 14 repo = pname; 15 rev = "v${version}"; 16 + sha256 = "sha256-o72tjYc+1dBLAIG75Fyt2UubjeK6j/nufjiz3wn2SdI="; 17 }; 18 19 postPatch = '' ··· 21 --replace '"/usr/share/doc/kernel-doc-*/Documentation/*",' '"${linux-doc}/share/doc/linux-doc/*",' 22 ''; 23 24 + cargoSha256 = "sha256-8DGAiPAq+L1aWleeWEl95+hcgT+PHsxdg118U8IDyOA="; 25 26 buildInputs = [ 27 xorg.libxcb

+12

pkgs/top-level/all-packages.nix

··· 3186 3187 cinny = callPackage ../applications/networking/instant-messengers/cinny { stdenv = stdenvNoCC; }; 3188 3189 ckbcomp = callPackage ../tools/X11/ckbcomp { }; 3190 3191 clac = callPackage ../tools/misc/clac {}; ··· 9821 9822 pngtoico = callPackage ../tools/graphics/pngtoico { 9823 libpng = libpng12; 9824 }; 9825 9826 pngtools = callPackage ../tools/graphics/pngtools { }; ··· 22793 22794 sympa = callPackage ../servers/mail/sympa { }; 22795 22796 system-sendmail = lowPrio (callPackage ../servers/mail/system-sendmail { }); 22797 22798 # PulseAudio daemons ··· 24028 24029 librealsenseWithoutCuda = callPackage ../development/libraries/librealsense { 24030 cudaSupport = false; 24031 }; 24032 24033 libsass = callPackage ../development/libraries/libsass { };

··· 3186 3187 cinny = callPackage ../applications/networking/instant-messengers/cinny { stdenv = stdenvNoCC; }; 3188 3189 + cinny-desktop = callPackage ../applications/networking/instant-messengers/cinny-desktop { }; 3190 + 3191 ckbcomp = callPackage ../tools/X11/ckbcomp { }; 3192 3193 clac = callPackage ../tools/misc/clac {}; ··· 9823 9824 pngtoico = callPackage ../tools/graphics/pngtoico { 9825 libpng = libpng12; 9826 + }; 9827 + 9828 + pngpaste = callPackage ../os-specific/darwin/pngpaste { 9829 + inherit (darwin.apple_sdk.frameworks) AppKit Cocoa; 9830 }; 9831 9832 pngtools = callPackage ../tools/graphics/pngtools { }; ··· 22799 22800 sympa = callPackage ../servers/mail/sympa { }; 22801 22802 + syncstorage-rs = callPackage ../servers/syncstorage-rs { }; 22803 + 22804 system-sendmail = lowPrio (callPackage ../servers/mail/system-sendmail { }); 22805 22806 # PulseAudio daemons ··· 24036 24037 librealsenseWithoutCuda = callPackage ../development/libraries/librealsense { 24038 cudaSupport = false; 24039 + }; 24040 + 24041 + librealsense-gui = callPackage ../development/libraries/librealsense { 24042 + enableGUI = true; 24043 }; 24044 24045 libsass = callPackage ../development/libraries/libsass { };

+2

pkgs/top-level/python-packages.nix

··· 10129 10130 sphinx-external-toc = callPackage ../development/python-modules/sphinx-external-toc { }; 10131 10132 sphinx-jupyterbook-latex = callPackage ../development/python-modules/sphinx-jupyterbook-latex { }; 10133 10134 sphinx-multitoc-numbering = callPackage ../development/python-modules/sphinx-multitoc-numbering { };

··· 10129 10130 sphinx-external-toc = callPackage ../development/python-modules/sphinx-external-toc { }; 10131 10132 + sphinx-fortran = callPackage ../development/python-modules/sphinx-fortran { }; 10133 + 10134 sphinx-jupyterbook-latex = callPackage ../development/python-modules/sphinx-jupyterbook-latex { }; 10135 10136 sphinx-multitoc-numbering = callPackage ../development/python-modules/sphinx-multitoc-numbering { };