Merge master into staging-next · pyrox.dev/nixpkgs@cb47341

+1 -1

CONTRIBUTING.md

··· 538 538 When adding yourself as maintainer, in the same pull request, make a separate 539 539 commit with the message `maintainers: add <handle>`. 540 540 Add the commit before those making changes to the package or module. 541 - See [Nixpkgs Maintainers](../maintainers/README.md) for details. 541 + See [Nixpkgs Maintainers](./maintainers/README.md) for details. 542 542 543 543 ### Writing good commit messages 544 544

+4

nixos/doc/manual/release-notes/rl-2311.section.md

··· 70 70 71 71 - [Prometheus MySQL exporter](https://github.com/prometheus/mysqld_exporter), a MySQL server exporter for Prometheus. Available as [services.prometheus.exporters.mysqld](#opt-services.prometheus.exporters.mysqld.enable). 72 72 73 + - [LibreNMS](https://www.librenms.org), a auto-discovering PHP/MySQL/SNMP based network monitoring. Available as [services.librenms](#opt-services.librenms.enable). 74 + 73 75 - [sitespeed-io](https://sitespeed.io), a tool that can generate metrics (timings, diagnostics) for websites. Available as [services.sitespeed-io](#opt-services.sitespeed-io.enable). 74 76 75 77 - [stalwart-mail](https://stalw.art), an all-in-one email server (SMTP, IMAP, JMAP). Available as [services.stalwart-mail](#opt-services.stalwart-mail.enable). ··· 276 278 277 279 - Package `noto-fonts-emoji` was renamed to `noto-fonts-color-emoji`; 278 280 see [#221181](https://github.com/NixOS/nixpkgs/issues/221181). 281 + 282 + - Package `cloud-sql-proxy` was renamed to `google-cloud-sql-proxy` as it cannot be used with other cloud providers.; 279 283 280 284 - Package `pash` was removed due to being archived upstream. Use `powershell` as an alternative. 281 285

+2

nixos/modules/module-list.nix

··· 775 775 ./services/monitoring/kapacitor.nix 776 776 ./services/monitoring/karma.nix 777 777 ./services/monitoring/kthxbye.nix 778 + ./services/monitoring/librenms.nix 778 779 ./services/monitoring/loki.nix 779 780 ./services/monitoring/longview.nix 780 781 ./services/monitoring/mackerel-agent.nix ··· 1164 1165 ./services/security/sshguard.nix 1165 1166 ./services/security/sslmate-agent.nix 1166 1167 ./services/security/step-ca.nix 1168 + ./services/security/tang.nix 1167 1169 ./services/security/tor.nix 1168 1170 ./services/security/torify.nix 1169 1171 ./services/security/torsocks.nix

+624

nixos/modules/services/monitoring/librenms.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + let 4 + cfg = config.services.librenms; 5 + settingsFormat = pkgs.formats.json {}; 6 + configJson = settingsFormat.generate "librenms-config.json" cfg.settings; 7 + 8 + package = pkgs.librenms.override { 9 + logDir = cfg.logDir; 10 + dataDir = cfg.dataDir; 11 + }; 12 + 13 + phpOptions = '' 14 + log_errors = on 15 + post_max_size = 100M 16 + upload_max_filesize = 100M 17 + date.timezone = "${config.time.timeZone}" 18 + ''; 19 + phpIni = pkgs.runCommand "php.ini" { 20 + inherit (package) phpPackage; 21 + inherit phpOptions; 22 + preferLocalBuild = true; 23 + passAsFile = [ "phpOptions" ]; 24 + } '' 25 + cat $phpPackage/etc/php.ini $phpOptionsPath > $out 26 + ''; 27 + 28 + artisanWrapper = pkgs.writeShellScriptBin "librenms-artisan" '' 29 + cd ${package} 30 + sudo=exec 31 + if [[ "$USER" != ${cfg.user} ]]; then 32 + sudo='exec /run/wrappers/bin/sudo -u ${cfg.user}' 33 + fi 34 + $sudo ${package}/artisan $* 35 + ''; 36 + 37 + lnmsWrapper = pkgs.writeShellScriptBin "lnms" '' 38 + cd ${package} 39 + exec ${package}/lnms $* 40 + ''; 41 + 42 + configFile = pkgs.writeText "config.php" '' 43 + <?php 44 + $new_config = json_decode(file_get_contents("${cfg.dataDir}/config.json"), true); 45 + $config = ($config == null) ? $new_config : array_merge($config, $new_config); 46 + 47 + ${lib.optionalString (cfg.extraConfig != null) cfg.extraConfig} 48 + ''; 49 + 50 + in { 51 + options.services.librenms = with lib; { 52 + enable = mkEnableOption "LibreNMS network monitoring system"; 53 + 54 + user = mkOption { 55 + type = types.str; 56 + default = "librenms"; 57 + description = '' 58 + Name of the LibreNMS user. 59 + ''; 60 + }; 61 + 62 + group = mkOption { 63 + type = types.str; 64 + default = "librenms"; 65 + description = '' 66 + Name of the LibreNMS group. 67 + ''; 68 + }; 69 + 70 + hostname = mkOption { 71 + type = types.str; 72 + default = config.networking.fqdnOrHostName; 73 + defaultText = literalExpression "config.networking.fqdnOrHostName"; 74 + description = '' 75 + The hostname to serve LibreNMS on. 76 + ''; 77 + }; 78 + 79 + pollerThreads = mkOption { 80 + type = types.int; 81 + default = 16; 82 + description = '' 83 + Amount of threads of the cron-poller. 84 + ''; 85 + }; 86 + 87 + enableOneMinutePolling = mkOption { 88 + type = types.bool; 89 + default = false; 90 + description = '' 91 + Enables the [1-Minute Polling](https://docs.librenms.org/Support/1-Minute-Polling/). 92 + Changing this option will automatically convert your existing rrd files. 93 + ''; 94 + }; 95 + 96 + useDistributedPollers = mkOption { 97 + type = types.bool; 98 + default = false; 99 + description = '' 100 + Enables (distributed pollers)[https://docs.librenms.org/Extensions/Distributed-Poller/] 101 + for this LibreNMS instance. This will enable a local `rrdcached` and `memcached` server. 102 + 103 + To use this feature, make sure to configure your firewall that the distributed pollers 104 + can reach the local `mysql`, `rrdcached` and `memcached` ports. 105 + ''; 106 + }; 107 + 108 + distributedPoller = { 109 + enable = mkOption { 110 + type = types.bool; 111 + default = false; 112 + description = '' 113 + Configure this LibreNMS instance as a (distributed poller)[https://docs.librenms.org/Extensions/Distributed-Poller/]. 114 + This will disable all web features and just configure the poller features. 115 + Use the `mysql` database of your main LibreNMS instance in the database settings. 116 + ''; 117 + }; 118 + 119 + name = mkOption { 120 + type = types.nullOr types.str; 121 + default = null; 122 + description = '' 123 + Custom name of this poller. 124 + ''; 125 + }; 126 + 127 + group = mkOption { 128 + type = types.str; 129 + default = "0"; 130 + example = "1,2"; 131 + description = '' 132 + Group(s) of this poller. 133 + ''; 134 + }; 135 + 136 + distributedBilling = mkOption { 137 + type = types.bool; 138 + default = false; 139 + description = '' 140 + Enable distributed billing on this poller. 141 + ''; 142 + }; 143 + 144 + memcachedHost = mkOption { 145 + type = types.str; 146 + description = '' 147 + Hostname or IP of the `memcached` server. 148 + ''; 149 + }; 150 + 151 + memcachedPort = mkOption { 152 + type = types.port; 153 + default = 11211; 154 + description = '' 155 + Port of the `memcached` server. 156 + ''; 157 + }; 158 + 159 + rrdcachedHost = mkOption { 160 + type = types.str; 161 + description = '' 162 + Hostname or IP of the `rrdcached` server. 163 + ''; 164 + }; 165 + 166 + rrdcachedPort = mkOption { 167 + type = types.port; 168 + default = 42217; 169 + description = '' 170 + Port of the `memcached` server. 171 + ''; 172 + }; 173 + }; 174 + 175 + poolConfig = mkOption { 176 + type = with types; attrsOf (oneOf [ str int bool ]); 177 + default = { 178 + "pm" = "dynamic"; 179 + "pm.max_children" = 32; 180 + "pm.start_servers" = 2; 181 + "pm.min_spare_servers" = 2; 182 + "pm.max_spare_servers" = 4; 183 + "pm.max_requests" = 500; 184 + }; 185 + description = '' 186 + Options for the LibreNMS PHP pool. See the documentation on `php-fpm.conf` 187 + for details on configuration directives. 188 + ''; 189 + }; 190 + 191 + nginx = mkOption { 192 + type = types.submodule ( 193 + recursiveUpdate 194 + (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {} 195 + ); 196 + default = { }; 197 + example = literalExpression '' 198 + { 199 + serverAliases = [ 200 + "librenms.''${config.networking.domain}" 201 + ]; 202 + # To enable encryption and let let's encrypt take care of certificate 203 + forceSSL = true; 204 + enableACME = true; 205 + # To set the LibreNMS virtualHost as the default virtualHost; 206 + default = true; 207 + } 208 + ''; 209 + description = '' 210 + With this option, you can customize the nginx virtualHost settings. 211 + ''; 212 + }; 213 + 214 + dataDir = mkOption { 215 + type = types.path; 216 + default = "/var/lib/librenms"; 217 + description = '' 218 + Path of the LibreNMS state directory. 219 + ''; 220 + }; 221 + 222 + logDir = mkOption { 223 + type = types.path; 224 + default = "/var/log/librenms"; 225 + description = '' 226 + Path of the LibreNMS logging directory. 227 + ''; 228 + }; 229 + 230 + database = { 231 + createLocally = mkOption { 232 + type = types.bool; 233 + default = false; 234 + description = '' 235 + Whether to create a local database automatically. 236 + ''; 237 + }; 238 + 239 + host = mkOption { 240 + default = "localhost"; 241 + description = '' 242 + Hostname or IP of the MySQL/MariaDB server. 243 + ''; 244 + }; 245 + 246 + port = mkOption { 247 + type = types.port; 248 + default = 3306; 249 + description = '' 250 + Port of the MySQL/MariaDB server. 251 + ''; 252 + }; 253 + 254 + database = mkOption { 255 + type = types.str; 256 + default = "librenms"; 257 + description = '' 258 + Name of the database on the MySQL/MariaDB server. 259 + ''; 260 + }; 261 + 262 + username = mkOption { 263 + type = types.str; 264 + default = "librenms"; 265 + description = '' 266 + Name of the user on the MySQL/MariaDB server. 267 + ''; 268 + }; 269 + 270 + passwordFile = mkOption { 271 + type = types.path; 272 + example = "/run/secrets/mysql.pass"; 273 + description = '' 274 + A file containing the password for the user of the MySQL/MariaDB server. 275 + Must be readable for the LibreNMS user. 276 + ''; 277 + }; 278 + }; 279 + 280 + environmentFile = mkOption { 281 + type = types.nullOr types.str; 282 + default = null; 283 + description = '' 284 + File containing env-vars to be substituted into the final config. Useful for secrets. 285 + Does not apply to settings defined in `extraConfig`. 286 + ''; 287 + }; 288 + 289 + settings = mkOption { 290 + type = types.submodule { 291 + freeformType = settingsFormat.type; 292 + options = {}; 293 + }; 294 + description = '' 295 + Attrset of the LibreNMS configuration. 296 + See https://docs.librenms.org/Support/Configuration/ for reference. 297 + All possible options are listed [here](https://github.com/librenms/librenms/blob/master/misc/config_definitions.json). 298 + See https://docs.librenms.org/Extensions/Authentication/ for setting other authentication methods. 299 + ''; 300 + default = { }; 301 + example = { 302 + base_url = "/librenms/"; 303 + top_devices = true; 304 + top_ports = false; 305 + }; 306 + }; 307 + 308 + extraConfig = mkOption { 309 + type = types.nullOr types.str; 310 + default = null; 311 + description = '' 312 + Additional config for LibreNMS that will be appended to the `config.php`. See 313 + https://github.com/librenms/librenms/blob/master/misc/config_definitions.json 314 + for possible options. Useful if you want to use PHP-Functions in your config. 315 + ''; 316 + }; 317 + }; 318 + 319 + config = lib.mkIf cfg.enable { 320 + assertions = [ 321 + { 322 + assertion = config.time.timeZone != null; 323 + message = "You must set `time.timeZone` to use the LibreNMS module."; 324 + } 325 + { 326 + assertion = cfg.database.createLocally -> cfg.database.host == "localhost"; 327 + message = "The database host must be \"localhost\" if services.librenms.database.createLocally is set to true."; 328 + } 329 + { 330 + assertion = !(cfg.useDistributedPollers && cfg.distributedPoller.enable); 331 + message = "The LibreNMS instance can't be a distributed poller and a full instance at the same time."; 332 + } 333 + ]; 334 + 335 + users.users.${cfg.user} = { 336 + group = "${cfg.group}"; 337 + isSystemUser = true; 338 + }; 339 + 340 + users.groups.${cfg.group} = { }; 341 + 342 + services.librenms.settings = { 343 + # basic configs 344 + "user" = cfg.user; 345 + "own_hostname" = cfg.hostname; 346 + "base_url" = lib.mkDefault "/"; 347 + "auth_mechanism" = lib.mkDefault "mysql"; 348 + 349 + # disable auto update function (won't work with NixOS) 350 + "update" = false; 351 + 352 + # enable fast ping by default 353 + "ping_rrd_step" = 60; 354 + 355 + # one minute polling 356 + "rrd.step" = if cfg.enableOneMinutePolling then 60 else 300; 357 + "rrd.heartbeat" = if cfg.enableOneMinutePolling then 120 else 600; 358 + } // (lib.optionalAttrs cfg.distributedPoller.enable { 359 + "distributed_poller" = true; 360 + "distributed_poller_name" = lib.mkIf (cfg.distributedPoller.name != null) cfg.distributedPoller.name; 361 + "distributed_poller_group" = cfg.distributedPoller.group; 362 + "distributed_billing" = cfg.distributedPoller.distributedBilling; 363 + "distributed_poller_memcached_host" = cfg.distributedPoller.memcachedHost; 364 + "distributed_poller_memcached_port" = cfg.distributedPoller.memcachedPort; 365 + "rrdcached" = "${cfg.distributedPoller.rrdcachedHost}:${toString cfg.distributedPoller.rrdcachedPort}"; 366 + }) // (lib.optionalAttrs cfg.useDistributedPollers { 367 + "distributed_poller" = true; 368 + # still enable a local poller with distributed polling 369 + "distributed_poller_group" = lib.mkDefault "0"; 370 + "distributed_billing" = lib.mkDefault true; 371 + "distributed_poller_memcached_host" = "localhost"; 372 + "distributed_poller_memcached_port" = 11211; 373 + "rrdcached" = "localhost:42217"; 374 + }); 375 + 376 + services.memcached = lib.mkIf cfg.useDistributedPollers { 377 + enable = true; 378 + listen = "0.0.0.0"; 379 + }; 380 + 381 + systemd.services.rrdcached = lib.mkIf cfg.useDistributedPollers { 382 + description = "rrdcached"; 383 + after = [ "librenms-setup.service" ]; 384 + wantedBy = [ "multi-user.target" ]; 385 + serviceConfig = { 386 + Type = "forking"; 387 + User = cfg.user; 388 + Group = cfg.group; 389 + LimitNOFILE = 16384; 390 + RuntimeDirectory = "rrdcached"; 391 + PidFile = "/run/rrdcached/rrdcached.pid"; 392 + # rrdcached params from https://docs.librenms.org/Extensions/Distributed-Poller/#config-sample 393 + ExecStart = "${pkgs.rrdtool}/bin/rrdcached -l 0:42217 -R -j ${cfg.dataDir}/rrdcached-journal/ -F -b ${cfg.dataDir}/rrd -B -w 1800 -z 900 -p /run/rrdcached/rrdcached.pid"; 394 + }; 395 + }; 396 + 397 + services.mysql = lib.mkIf cfg.database.createLocally { 398 + enable = true; 399 + package = lib.mkDefault pkgs.mariadb; 400 + settings.mysqld = { 401 + innodb_file_per_table = 1; 402 + lower_case_table_names = 0; 403 + } // (lib.optionalAttrs cfg.useDistributedPollers { 404 + bind-address = "0.0.0.0"; 405 + }); 406 + ensureDatabases = [ cfg.database.database ]; 407 + ensureUsers = [ 408 + { 409 + name = cfg.database.username; 410 + ensurePermissions = { 411 + "${cfg.database.database}.*" = "ALL PRIVILEGES"; 412 + }; 413 + } 414 + ]; 415 + initialScript = lib.mkIf cfg.useDistributedPollers (pkgs.writeText "mysql-librenms-init" '' 416 + CREATE USER IF NOT EXISTS '${cfg.database.username}'@'%'; 417 + GRANT ALL PRIVILEGES ON ${cfg.database.database}.* TO '${cfg.database.username}'@'%'; 418 + ''); 419 + }; 420 + 421 + services.nginx = lib.mkIf (!cfg.distributedPoller.enable) { 422 + enable = true; 423 + virtualHosts."${cfg.hostname}" = lib.mkMerge [ 424 + cfg.nginx 425 + { 426 + root = lib.mkForce "${package}/html"; 427 + locations."/" = { 428 + index = "index.php"; 429 + tryFiles = "$uri $uri/ /index.php?$query_string"; 430 + }; 431 + locations."~ .php$".extraConfig = '' 432 + fastcgi_pass unix:${config.services.phpfpm.pools."librenms".socket}; 433 + fastcgi_split_path_info ^(.+\.php)(/.+)$; 434 + ''; 435 + } 436 + ]; 437 + }; 438 + 439 + services.phpfpm.pools.librenms = lib.mkIf (!cfg.distributedPoller.enable) { 440 + user = cfg.user; 441 + group = cfg.group; 442 + inherit (package) phpPackage; 443 + inherit phpOptions; 444 + settings = { 445 + "listen.mode" = "0660"; 446 + "listen.owner" = config.services.nginx.user; 447 + "listen.group" = config.services.nginx.group; 448 + } // cfg.poolConfig; 449 + }; 450 + 451 + systemd.services.librenms-scheduler = { 452 + description = "LibreNMS Scheduler"; 453 + path = [ pkgs.unixtools.whereis ]; 454 + serviceConfig = { 455 + Type = "oneshot"; 456 + WorkingDirectory = package; 457 + User = cfg.user; 458 + Group = cfg.group; 459 + ExecStart = "${artisanWrapper}/bin/librenms-artisan schedule:run"; 460 + }; 461 + }; 462 + 463 + systemd.timers.librenms-scheduler = { 464 + description = "LibreNMS Scheduler"; 465 + wantedBy = [ "timers.target" ]; 466 + timerConfig = { 467 + OnCalendar = "minutely"; 468 + AccuracySec = "1second"; 469 + }; 470 + }; 471 + 472 + systemd.services.librenms-setup = { 473 + description = "Preparation tasks for LibreNMS"; 474 + before = [ "phpfpm-librenms.service" ]; 475 + after = [ "systemd-tmpfiles-setup.service" ] 476 + ++ (lib.optional (cfg.database.host == "localhost") "mysql.service"); 477 + wantedBy = [ "multi-user.target" ]; 478 + restartTriggers = [ package configFile ]; 479 + path = [ pkgs.mariadb pkgs.unixtools.whereis pkgs.gnused ]; 480 + serviceConfig = { 481 + Type = "oneshot"; 482 + RemainAfterExit = true; 483 + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; 484 + User = cfg.user; 485 + Group = cfg.group; 486 + ExecStartPre = lib.mkIf cfg.database.createLocally [ "!${pkgs.writeShellScript "librenms-db-init" '' 487 + DB_PASSWORD=$(cat ${cfg.database.passwordFile} | tr -d '\n') 488 + echo "ALTER USER '${cfg.database.username}'@'localhost' IDENTIFIED BY '$DB_PASSWORD';" | ${pkgs.mariadb}/bin/mysql 489 + ${lib.optionalString cfg.useDistributedPollers '' 490 + echo "ALTER USER '${cfg.database.username}'@'%' IDENTIFIED BY '$DB_PASSWORD';" | ${pkgs.mariadb}/bin/mysql 491 + ''} 492 + ''}"]; 493 + }; 494 + script = '' 495 + set -euo pipefail 496 + 497 + # config setup 498 + ln -sf ${configFile} ${cfg.dataDir}/config.php 499 + ${pkgs.envsubst}/bin/envsubst -i ${configJson} -o ${cfg.dataDir}/config.json 500 + export PHPRC=${phpIni} 501 + 502 + if [[ ! -s ${cfg.dataDir}/.env ]]; then 503 + # init .env file 504 + echo "APP_KEY=" > ${cfg.dataDir}/.env 505 + ${artisanWrapper}/bin/librenms-artisan key:generate --ansi 506 + ${artisanWrapper}/bin/librenms-artisan webpush:vapid 507 + echo "" >> ${cfg.dataDir}/.env 508 + echo -n "NODE_ID=" >> ${cfg.dataDir}/.env 509 + ${package.phpPackage}/bin/php -r "echo uniqid();" >> ${cfg.dataDir}/.env 510 + echo "" >> ${cfg.dataDir}/.env 511 + else 512 + # .env file already exists --> only update database and cache config 513 + ${pkgs.gnused}/bin/sed -i /^DB_/d ${cfg.dataDir}/.env 514 + ${pkgs.gnused}/bin/sed -i /^CACHE_DRIVER/d ${cfg.dataDir}/.env 515 + fi 516 + ${lib.optionalString (cfg.useDistributedPollers || cfg.distributedPoller.enable) '' 517 + echo "CACHE_DRIVER=memcached" >> ${cfg.dataDir}/.env 518 + ''} 519 + echo "DB_HOST=${cfg.database.host}" >> ${cfg.dataDir}/.env 520 + echo "DB_PORT=${toString cfg.database.port}" >> ${cfg.dataDir}/.env 521 + echo "DB_DATABASE=${cfg.database.database}" >> ${cfg.dataDir}/.env 522 + echo "DB_USERNAME=${cfg.database.username}" >> ${cfg.dataDir}/.env 523 + echo -n "DB_PASSWORD=" >> ${cfg.dataDir}/.env 524 + cat ${cfg.database.passwordFile} >> ${cfg.dataDir}/.env 525 + 526 + # clear cache after update 527 + OLD_VERSION=$(cat ${cfg.dataDir}/version) 528 + if [[ $OLD_VERSION != "${package.version}" ]]; then 529 + rm -r ${cfg.dataDir}/cache/* 530 + echo "${package.version}" > ${cfg.dataDir}/version 531 + fi 532 + 533 + # convert rrd files when the oneMinutePolling option is changed 534 + OLD_ENABLED=$(cat ${cfg.dataDir}/one_minute_enabled) 535 + if [[ $OLD_ENABLED != "${lib.boolToString cfg.enableOneMinutePolling}" ]]; then 536 + ${package}/scripts/rrdstep.php -h all 537 + echo "${lib.boolToString cfg.enableOneMinutePolling}" > ${cfg.dataDir}/one_minute_enabled 538 + fi 539 + 540 + # migrate db 541 + ${artisanWrapper}/bin/librenms-artisan migrate --force --no-interaction 542 + ''; 543 + }; 544 + 545 + programs.mtr.enable = true; 546 + 547 + services.logrotate = { 548 + enable = true; 549 + settings."${cfg.logDir}/librenms.log" = { 550 + su = "${cfg.user} ${cfg.group}"; 551 + create = "0640 ${cfg.user} ${cfg.group}"; 552 + rotate = 6; 553 + frequency = "weekly"; 554 + compress = true; 555 + delaycompress = true; 556 + missingok = true; 557 + notifempty = true; 558 + }; 559 + }; 560 + 561 + services.cron = { 562 + enable = true; 563 + systemCronJobs = let 564 + env = "PHPRC=${phpIni}"; 565 + in [ 566 + # based on crontab provided by LibreNMS 567 + "33 */6 * * * ${cfg.user} ${env} ${package}/cronic ${package}/discovery-wrapper.py 1" 568 + "*/5 * * * * ${cfg.user} ${env} ${package}/discovery.php -h new >> /dev/null 2>&1" 569 + 570 + "${if cfg.enableOneMinutePolling then "*" else "*/5"} * * * * ${cfg.user} ${env} ${package}/cronic ${package}/poller-wrapper.py ${toString cfg.pollerThreads}" 571 + "* * * * * ${cfg.user} ${env} ${package}/alerts.php >> /dev/null 2>&1" 572 + 573 + "*/5 * * * * ${cfg.user} ${env} ${package}/poll-billing.php >> /dev/null 2>&1" 574 + "01 * * * * ${cfg.user} ${env} ${package}/billing-calculate.php >> /dev/null 2>&1" 575 + "*/5 * * * * ${cfg.user} ${env} ${package}/check-services.php >> /dev/null 2>&1" 576 + 577 + # extra: fast ping 578 + "* * * * * ${cfg.user} ${env} ${package}/ping.php >> /dev/null 2>&1" 579 + 580 + # daily.sh tasks are split to exclude update 581 + "19 0 * * * ${cfg.user} ${env} ${package}/daily.sh cleanup >> /dev/null 2>&1" 582 + "19 0 * * * ${cfg.user} ${env} ${package}/daily.sh notifications >> /dev/null 2>&1" 583 + "19 0 * * * ${cfg.user} ${env} ${package}/daily.sh peeringdb >> /dev/null 2>&1" 584 + "19 0 * * * ${cfg.user} ${env} ${package}/daily.sh mac_oui >> /dev/null 2>&1" 585 + ]; 586 + }; 587 + 588 + security.wrappers = { 589 + fping = { 590 + setuid = true; 591 + owner = "root"; 592 + group = "root"; 593 + source = "${pkgs.fping}/bin/fping"; 594 + }; 595 + }; 596 + 597 + environment.systemPackages = [ artisanWrapper lnmsWrapper ]; 598 + 599 + systemd.tmpfiles.rules = [ 600 + "d ${cfg.logDir} 0750 ${cfg.user} ${cfg.group} - -" 601 + "f ${cfg.logDir}/librenms.log 0640 ${cfg.user} ${cfg.group} - -" 602 + "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -" 603 + "f ${cfg.dataDir}/.env 0600 ${cfg.user} ${cfg.group} - -" 604 + "f ${cfg.dataDir}/version 0600 ${cfg.user} ${cfg.group} - -" 605 + "f ${cfg.dataDir}/one_minute_enabled 0600 ${cfg.user} ${cfg.group} - -" 606 + "f ${cfg.dataDir}/config.json 0600 ${cfg.user} ${cfg.group} - -" 607 + "d ${cfg.dataDir}/storage 0700 ${cfg.user} ${cfg.group} - -" 608 + "d ${cfg.dataDir}/storage/app 0700 ${cfg.user} ${cfg.group} - -" 609 + "d ${cfg.dataDir}/storage/debugbar 0700 ${cfg.user} ${cfg.group} - -" 610 + "d ${cfg.dataDir}/storage/framework 0700 ${cfg.user} ${cfg.group} - -" 611 + "d ${cfg.dataDir}/storage/framework/cache 0700 ${cfg.user} ${cfg.group} - -" 612 + "d ${cfg.dataDir}/storage/framework/sessions 0700 ${cfg.user} ${cfg.group} - -" 613 + "d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -" 614 + "d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -" 615 + "d ${cfg.dataDir}/rrd 0700 ${cfg.user} ${cfg.group} - -" 616 + "d ${cfg.dataDir}/cache 0700 ${cfg.user} ${cfg.group} - -" 617 + ] ++ lib.optionals cfg.useDistributedPollers [ 618 + "d ${cfg.dataDir}/rrdcached-journal 0700 ${cfg.user} ${cfg.group} - -" 619 + ]; 620 + 621 + }; 622 + 623 + meta.maintainers = lib.teams.wdz.members; 624 + }

+95

nixos/modules/services/security/tang.nix

··· 1 + { config, lib, pkgs, ... }: 2 + with lib; 3 + let 4 + cfg = config.services.tang; 5 + in 6 + { 7 + options.services.tang = { 8 + enable = mkEnableOption "tang"; 9 + 10 + package = mkOption { 11 + type = types.package; 12 + default = pkgs.tang; 13 + defaultText = literalExpression "pkgs.tang"; 14 + description = mdDoc "The tang package to use."; 15 + }; 16 + 17 + listenStream = mkOption { 18 + type = with types; listOf str; 19 + default = [ "7654" ]; 20 + example = [ "198.168.100.1:7654" "[2001:db8::1]:7654" "7654" ]; 21 + description = mdDoc '' 22 + Addresses and/or ports on which tang should listen. 23 + For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. 24 + ''; 25 + }; 26 + 27 + ipAddressAllow = mkOption { 28 + example = [ "192.168.1.0/24" ]; 29 + type = types.listOf types.str; 30 + description = '' 31 + Whitelist a list of address prefixes. 32 + Preferably, internal addresses should be used. 33 + ''; 34 + }; 35 + 36 + }; 37 + config = mkIf cfg.enable { 38 + environment.systemPackages = [ cfg.package ]; 39 + 40 + systemd.services."tangd@" = { 41 + description = "Tang server"; 42 + path = [ cfg.package ]; 43 + serviceConfig = { 44 + StandardInput = "socket"; 45 + StandardOutput = "socket"; 46 + StandardError = "journal"; 47 + DynamicUser = true; 48 + StateDirectory = "tang"; 49 + RuntimeDirectory = "tang"; 50 + StateDirectoryMode = "700"; 51 + UMask = "0077"; 52 + CapabilityBoundingSet = [ "" ]; 53 + ExecStart = "${cfg.package}/libexec/tangd %S/tang"; 54 + LockPersonality = true; 55 + MemoryDenyWriteExecute = true; 56 + NoNewPrivileges = true; 57 + DeviceAllow = [ "/dev/stdin" ]; 58 + RestrictAddressFamilies = [ "AF_UNIX" ]; 59 + DevicePolicy = "strict"; 60 + PrivateDevices = true; 61 + PrivateTmp = true; 62 + PrivateUsers = true; 63 + ProcSubset = "pid"; 64 + ProtectClock = true; 65 + ProtectControlGroups = true; 66 + ProtectHome = true; 67 + ProtectHostname = true; 68 + ProtectKernelLogs = true; 69 + ProtectKernelModules = true; 70 + ProtectKernelTunables = true; 71 + ProtectProc = "invisible"; 72 + ProtectSystem = "strict"; 73 + RestrictNamespaces = true; 74 + RestrictRealtime = true; 75 + RestrictSUIDSGID = true; 76 + SystemCallArchitectures = "native"; 77 + SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; 78 + IPAddressDeny = "any"; 79 + IPAddressAllow = cfg.ipAddressAllow; 80 + }; 81 + }; 82 + 83 + systemd.sockets.tangd = { 84 + description = "Tang server"; 85 + wantedBy = [ "sockets.target" ]; 86 + socketConfig = { 87 + ListenStream = cfg.listenStream; 88 + Accept = "yes"; 89 + IPAddressDeny = "any"; 90 + IPAddressAllow = cfg.ipAddressAllow; 91 + }; 92 + }; 93 + }; 94 + meta.maintainers = with lib.maintainers; [ jfroche julienmalka ]; 95 + }

+2

nixos/tests/all-tests.nix

··· 433 433 lemmy = handleTest ./lemmy.nix {}; 434 434 libinput = handleTest ./libinput.nix {}; 435 435 libreddit = handleTest ./libreddit.nix {}; 436 + librenms = handleTest ./librenms.nix {}; 436 437 libresprite = handleTest ./libresprite.nix {}; 437 438 libreswan = handleTest ./libreswan.nix {}; 438 439 librewolf = handleTest ./firefox.nix { firefoxPackage = pkgs.librewolf; }; ··· 807 808 systemd-userdbd = handleTest ./systemd-userdbd.nix {}; 808 809 systemd-homed = handleTest ./systemd-homed.nix {}; 809 810 tandoor-recipes = handleTest ./tandoor-recipes.nix {}; 811 + tang = handleTest ./tang.nix {}; 810 812 taskserver = handleTest ./taskserver.nix {}; 811 813 tayga = handleTest ./tayga.nix {}; 812 814 teeworlds = handleTest ./teeworlds.nix {};

+108

nixos/tests/librenms.nix

··· 1 + import ./make-test-python.nix ({ pkgs, lib, ... }: 2 + 3 + let 4 + api_token = "f87f42114e44b63ad1b9e3c3d33d6fbe"; # random md5 hash 5 + wrong_api_token = "e68ba041fcf1eab923a7a6de3af5f726"; # another random md5 hash 6 + in { 7 + name = "librenms"; 8 + meta.maintainers = lib.teams.wdz.members; 9 + 10 + nodes.librenms = { 11 + time.timeZone = "Europe/Berlin"; 12 + 13 + environment.systemPackages = with pkgs; [ 14 + curl 15 + jq 16 + ]; 17 + 18 + services.librenms = { 19 + enable = true; 20 + hostname = "librenms"; 21 + database = { 22 + createLocally = true; 23 + host = "localhost"; 24 + database = "librenms"; 25 + username = "librenms"; 26 + passwordFile = pkgs.writeText "librenms-db-pass" "librenmsdbpass"; 27 + }; 28 + nginx = { 29 + default = true; 30 + }; 31 + enableOneMinutePolling = true; 32 + settings = { 33 + enable_billing = true; 34 + }; 35 + }; 36 + 37 + # systemd oneshot to create a dummy admin user and a API token for testing 38 + systemd.services.lnms-api-init = { 39 + description = "LibreNMS API init"; 40 + after = [ "librenms-setup.service" ]; 41 + wantedBy = [ "multi-user.target" ]; 42 + serviceConfig = { 43 + Type = "oneshot"; 44 + RemainAfterExit = true; 45 + User = "root"; 46 + Group = "root"; 47 + }; 48 + script = '' 49 + API_USER_NAME=api 50 + API_TOKEN=${api_token} # random md5 hash 51 + 52 + # we don't need to know the password, it just has to exist 53 + API_USER_PASS=$(${pkgs.pwgen}/bin/pwgen -s 64 1) 54 + ${pkgs.librenms}/artisan user:add $API_USER_NAME -r admin -p $API_USER_PASS 55 + API_USER_ID=$(${pkgs.mariadb}/bin/mysql -D librenms -N -B -e "SELECT user_id FROM users WHERE username = '$API_USER_NAME';") 56 + 57 + ${pkgs.mariadb}/bin/mysql -D librenms -e "INSERT INTO api_tokens (user_id, token_hash, description) VALUES ($API_USER_ID, '$API_TOKEN', 'API User')" 58 + ''; 59 + }; 60 + }; 61 + 62 + nodes.snmphost = { 63 + networking.firewall.allowedUDPPorts = [ 161 ]; 64 + 65 + systemd.services.snmpd = { 66 + description = "snmpd"; 67 + after = [ "network-online.target" ]; 68 + wants = [ "network-online.target" ]; 69 + wantedBy = [ "multi-user.target" ]; 70 + serviceConfig = { 71 + Type = "forking"; 72 + User = "root"; 73 + Group = "root"; 74 + ExecStart = let 75 + snmpd-config = pkgs.writeText "snmpd-config" '' 76 + com2sec readonly default public 77 + 78 + group MyROGroup v2c readonly 79 + view all included .1 80 80 + access MyROGroup "" any noauth exact all none none 81 + 82 + syslocation Testcity, Testcountry 83 + syscontact Testi mc Test <test@example.com> 84 + ''; 85 + in "${pkgs.net-snmp}/bin/snmpd -c ${snmpd-config} -C"; 86 + }; 87 + }; 88 + }; 89 + 90 + testScript = '' 91 + start_all() 92 + 93 + snmphost.wait_until_succeeds("pgrep snmpd") 94 + 95 + librenms.wait_for_unit("lnms-api-init.service") 96 + librenms.wait_for_open_port(80) 97 + 98 + # Test that we can authenticate against the API 99 + librenms.succeed("curl --fail -H 'X-Auth-Token: ${api_token}' http://localhost/api/v0") 100 + librenms.fail("curl --fail -H 'X-Auth-Token: ${wrong_api_token}' http://localhost/api/v0") 101 + 102 + # add snmphost as a device 103 + librenms.succeed("curl --fail -X POST -d '{\"hostname\":\"snmphost\",\"version\":\"v2c\",\"community\":\"public\"}' -H 'X-Auth-Token: ${api_token}' http://localhost/api/v0/devices") 104 + 105 + # wait until snmphost gets polled 106 + librenms.wait_until_succeeds("test $(curl -H 'X-Auth-Token: ${api_token}' http://localhost/api/v0/devices/snmphost | jq -Mr .devices[0].last_polled) != 'null'") 107 + ''; 108 + })

+81

nixos/tests/tang.nix

··· 1 + import ./make-test-python.nix ({ pkgs, ... }: { 2 + name = "tang"; 3 + meta = with pkgs.lib.maintainers; { 4 + maintainers = [ jfroche ]; 5 + }; 6 + 7 + nodes.server = 8 + { config 9 + , pkgs 10 + , modulesPath 11 + , ... 12 + }: { 13 + imports = [ 14 + "${modulesPath}/../tests/common/auto-format-root-device.nix" 15 + ]; 16 + virtualisation = { 17 + emptyDiskImages = [ 512 ]; 18 + useBootLoader = true; 19 + useEFIBoot = true; 20 + # This requires to have access 21 + # to a host Nix store as 22 + # the new root device is /dev/vdb 23 + # an empty 512MiB drive, containing no Nix store. 24 + mountHostNixStore = true; 25 + }; 26 + 27 + boot.loader.systemd-boot.enable = true; 28 + 29 + networking.interfaces.eth1.ipv4.addresses = [ 30 + { address = "192.168.0.1"; prefixLength = 24; } 31 + ]; 32 + 33 + environment.systemPackages = with pkgs; [ clevis tang cryptsetup ]; 34 + services.tang = { 35 + enable = true; 36 + ipAddressAllow = [ "127.0.0.1/32" ]; 37 + }; 38 + }; 39 + testScript = '' 40 + start_all() 41 + machine.wait_for_unit("sockets.target") 42 + 43 + with subtest("Check keys are generated"): 44 + machine.wait_until_succeeds("curl -v http://127.0.0.1:7654/adv") 45 + key = machine.wait_until_succeeds("tang-show-keys 7654") 46 + 47 + with subtest("Check systemd access list"): 48 + machine.succeed("ping -c 3 192.168.0.1") 49 + machine.fail("curl -v --connect-timeout 3 http://192.168.0.1:7654/adv") 50 + 51 + with subtest("Check basic encrypt and decrypt message"): 52 + machine.wait_until_succeeds(f"""echo 'Hello World' | clevis encrypt tang '{{ "url": "http://127.0.0.1:7654", "thp":"{key}"}}' > /tmp/encrypted""") 53 + decrypted = machine.wait_until_succeeds("clevis decrypt < /tmp/encrypted") 54 + assert decrypted.strip() == "Hello World" 55 + machine.wait_until_succeeds("tang-show-keys 7654") 56 + 57 + with subtest("Check encrypt and decrypt disk"): 58 + machine.succeed("cryptsetup luksFormat --force-password --batch-mode /dev/vdb <<<'password'") 59 + machine.succeed(f"""clevis luks bind -s1 -y -f -d /dev/vdb tang '{{ "url": "http://127.0.0.1:7654", "thp":"{key}" }}' <<< 'password' """) 60 + clevis_luks = machine.succeed("clevis luks list -d /dev/vdb") 61 + assert clevis_luks.strip() == """1: tang '{"url":"http://127.0.0.1:7654"}'""" 62 + machine.succeed("clevis luks unlock -d /dev/vdb") 63 + machine.succeed("find /dev/mapper -name 'luks*' -exec cryptsetup close {} +") 64 + machine.succeed("clevis luks unlock -d /dev/vdb") 65 + machine.succeed("find /dev/mapper -name 'luks*' -exec cryptsetup close {} +") 66 + # without tang available, unlock should fail 67 + machine.succeed("systemctl stop tangd.socket") 68 + machine.fail("clevis luks unlock -d /dev/vdb") 69 + machine.succeed("systemctl start tangd.socket") 70 + 71 + with subtest("Rotate server keys"): 72 + machine.succeed("${pkgs.tang}/libexec/tangd-rotate-keys -d /var/lib/tang") 73 + machine.succeed("clevis luks unlock -d /dev/vdb") 74 + machine.succeed("find /dev/mapper -name 'luks*' -exec cryptsetup close {} +") 75 + 76 + with subtest("Test systemd service security"): 77 + output = machine.succeed("systemd-analyze security tangd@.service") 78 + machine.log(output) 79 + assert output[-9:-1] == "SAFE :-}" 80 + ''; 81 + })

+1 -1

pkgs/applications/audio/mbrola/default.nix

··· 7 7 meta = with lib; { 8 8 license = licenses.agpl3Plus; 9 9 maintainers = with maintainers; [ davidak ]; 10 - platforms = platforms.linux; 10 + platforms = platforms.all; 11 11 description = "Speech synthesizer based on the concatenation of diphones"; 12 12 homepage = "https://github.com/numediart/MBROLA"; 13 13 };

-110

pkgs/applications/misc/simplenote/default.nix

··· 1 - { autoPatchelfHook 2 - , dpkg 3 - , fetchurl 4 - , makeDesktopItem 5 - , makeWrapper 6 - , lib 7 - , stdenv 8 - , udev 9 - , alsa-lib 10 - , mesa 11 - , nss 12 - , nspr 13 - , systemd 14 - , wrapGAppsHook 15 - , xorg 16 - }: 17 - 18 - let 19 - inherit (stdenv.hostPlatform) system; 20 - 21 - throwSystem = throw "Unsupported system: ${system}"; 22 - 23 - pname = "simplenote"; 24 - 25 - version = "2.9.0"; 26 - 27 - sha256 = { 28 - x86_64-linux = "sha256-uwd9fYqZepJ/BBttprqkJhswqMepGsHDTd5Md9gjI68="; 29 - }.${system} or throwSystem; 30 - 31 - meta = with lib; { 32 - description = "The simplest way to keep notes"; 33 - homepage = "https://github.com/Automattic/simplenote-electron"; 34 - license = licenses.gpl2; 35 - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; 36 - maintainers = with maintainers; [ 37 - kiwi 38 - ]; 39 - platforms = [ 40 - "x86_64-linux" 41 - ]; 42 - }; 43 - 44 - linux = stdenv.mkDerivation rec { 45 - inherit pname version meta; 46 - 47 - src = fetchurl { 48 - url = "https://github.com/Automattic/simplenote-electron/releases/download/v${version}/Simplenote-linux-${version}-amd64.deb"; 49 - inherit sha256; 50 - }; 51 - 52 - desktopItem = makeDesktopItem { 53 - categories = [ "Development" ]; 54 - comment = "Simplenote for Linux"; 55 - desktopName = "Simplenote"; 56 - exec = "simplenote %U"; 57 - icon = "simplenote"; 58 - name = "simplenote"; 59 - startupNotify = true; 60 - }; 61 - 62 - dontBuild = true; 63 - dontConfigure = true; 64 - dontPatchELF = true; 65 - dontWrapGApps = true; 66 - 67 - # TODO: migrate off autoPatchelfHook and use nixpkgs' electron 68 - nativeBuildInputs = [ 69 - autoPatchelfHook 70 - dpkg 71 - makeWrapper 72 - wrapGAppsHook 73 - ]; 74 - 75 - buildInputs = [ 76 - alsa-lib 77 - mesa 78 - xorg.libXScrnSaver 79 - xorg.libXtst 80 - nss 81 - nspr 82 - stdenv.cc.cc 83 - systemd 84 - ]; 85 - 86 - unpackPhase = "dpkg-deb -x $src ."; 87 - 88 - installPhase = '' 89 - mkdir -p "$out/bin" 90 - cp -R "opt" "$out" 91 - cp -R "usr/share" "$out/share" 92 - chmod -R g-w "$out" 93 - 94 - mkdir -p "$out/share/applications" 95 - cp "${desktopItem}/share/applications/"* "$out/share/applications" 96 - ''; 97 - 98 - runtimeDependencies = [ 99 - (lib.getLib udev) 100 - ]; 101 - 102 - postFixup = '' 103 - makeWrapper $out/opt/Simplenote/simplenote $out/bin/simplenote \ 104 - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc ] }" \ 105 - "''${gappsWrapperArgs[@]}" 106 - ''; 107 - }; 108 - 109 - in 110 - linux

+23 -1

pkgs/applications/networking/browsers/chromium/common.nix

··· 1 1 { stdenv, lib, fetchurl, fetchpatch 2 + , fetchzip, zstd 2 3 , buildPackages 3 4 , pkgsBuildBuild 4 5 , pkgsBuildTarget ··· 152 153 inherit (upstream-info) version; 153 154 inherit packageName buildType buildPath; 154 155 155 - src = fetchurl { 156 + src = fetchzip { 157 + name = "chromium-${version}.tar.zstd"; 156 158 url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz"; 157 159 inherit (upstream-info) sha256; 160 + 161 + nativeBuildInputs = [ zstd ]; 162 + 163 + postFetch = '' 164 + echo removing unused code from tarball to stay under hydra limit 165 + rm -r $out/third_party/{rust-src,llvm} 166 + 167 + echo moving remains out of \$out 168 + mv $out source 169 + 170 + echo recompressing final contents into new tarball 171 + # try to make a deterministic tarball 172 + tar \ 173 + --use-compress-program "zstd -T$NIX_BUILD_CORES" \ 174 + --sort name \ 175 + --mtime 1970-01-01 \ 176 + --owner=root --group=root \ 177 + --numeric-owner --mode=go=rX,u+rw,a-s \ 178 + -cf $out source 179 + ''; 158 180 }; 159 181 160 182 nativeBuildInputs = [

+4 -4

pkgs/applications/networking/browsers/chromium/upstream-info.nix

··· 8 8 version = "2023-08-01"; 9 9 }; 10 10 }; 11 - sha256 = "1wf0j189cxpayy6ffmj5j6h5yg3amivryilimjc2ap0jkyj4xrbi"; 11 + sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j"; 12 12 sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr"; 13 13 version = "117.0.5938.22"; 14 14 }; ··· 21 21 version = "2023-08-10"; 22 22 }; 23 23 }; 24 - sha256 = "1z01b6w4sgndrlcd26jgimk3rhv3wzpn67nv1fd5ln7dwfwkyq20"; 24 + sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv"; 25 25 sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x"; 26 26 version = "118.0.5966.0"; 27 27 }; ··· 41 41 version = "2023-08-10"; 42 42 }; 43 43 }; 44 - sha256 = "0gcrnvm3ar7x0fv38kjvdzgb8lflx1sckcqy89yawgfy6jkh1vj9"; 44 + sha256 = "1g8rllmnmhmmpjzrmi3cww0nszxicq0kim2wd0l0ip2mzk2p8qlp"; 45 45 sha256bin64 = "1bq170l0g9yq17x6xlg6fjar6gv3hdi0zijwmx4s02pmw6727484"; 46 46 version = "118.0.5993.70"; 47 47 }; ··· 58 58 sha256 = "0k6684cy1ks6yba2bdz17g244f05qy9769cvis4h2jzhgbf5rysh"; 59 59 }; 60 60 }; 61 - sha256 = "0gcrnvm3ar7x0fv38kjvdzgb8lflx1sckcqy89yawgfy6jkh1vj9"; 61 + sha256 = "1g8rllmnmhmmpjzrmi3cww0nszxicq0kim2wd0l0ip2mzk2p8qlp"; 62 62 sha256bin64 = "1bq170l0g9yq17x6xlg6fjar6gv3hdi0zijwmx4s02pmw6727484"; 63 63 version = "118.0.5993.70"; 64 64 };

+11 -5

pkgs/build-support/fetchgit/nix-prefetch-git

··· 257 257 cd "$repo" 258 258 # Remove files that contain timestamps or otherwise have non-deterministic 259 259 # properties. 260 - rm -rf .git/logs/ .git/hooks/ .git/index .git/FETCH_HEAD .git/ORIG_HEAD \ 261 - .git/refs/remotes/origin/HEAD .git/config 262 - 260 + if [ -f .git ]; then 261 + local dotgit_content=$(<.git) 262 + local dotgit_dir="${dotgit_content#gitdir: }" 263 + else 264 + local dotgit_dir=".git" 265 + fi 266 + pushd "$dotgit_dir" 267 + rm -rf logs/ hooks/ index FETCH_HEAD ORIG_HEAD refs/remotes/origin/HEAD config 268 + popd 263 269 # Remove all remote branches. 264 270 git branch -r | while read -r branch; do 265 271 clean_git branch -rD "$branch" ··· 277 283 # Do a full repack. Must run single-threaded, or else we lose determinism. 278 284 clean_git config pack.threads 1 279 285 clean_git repack -A -d -f 280 - rm -f .git/config 286 + rm -f "$dotgit_dir/config" 281 287 282 288 # Garbage collect unreferenced objects. 283 289 # Note: --keep-largest-pack prevents non-deterministic ordering of packs ··· 323 329 find "$dir" -name .git -print0 | xargs -0 rm -rf 324 330 else 325 331 find "$dir" -name .git | while read -r gitdir; do 326 - make_deterministic_repo "$(readlink -f "$gitdir/..")" 332 + make_deterministic_repo "$(readlink -f "$(dirname "$gitdir")")" 327 333 done 328 334 fi 329 335 }

+6 -6

pkgs/by-name/wa/waycheck/package.nix

··· 10 10 , wrapGAppsHook 11 11 }: 12 12 13 - stdenv.mkDerivation rec { 13 + stdenv.mkDerivation (finalAttrs: { 14 14 pname = "waycheck"; 15 - version = "0.1.3"; 15 + version = "1.0.0"; 16 16 17 17 src = fetchFromGitLab { 18 18 domain = "gitlab.freedesktop.org"; 19 19 owner = "serebit"; 20 20 repo = "waycheck"; 21 - rev = "v${version}"; 22 - hash = "sha256-DbXc1Q/ZIqlIMocFld3fOmUp44rU3fEzazHKSDdqMNs="; 21 + rev = "v${finalAttrs.version}"; 22 + hash = "sha256-oGpiFwbPBQHF0wRHliltU8B+QmClcoFfbjpAYzOFPqs="; 23 23 }; 24 24 25 25 nativeBuildInputs = [ ··· 51 51 description = "Simple GUI that displays the protocols implemented by a Wayland compositor"; 52 52 homepage = "https://gitlab.freedesktop.org/serebit/waycheck"; 53 53 license = licenses.asl20; 54 - maintainers = with maintainers; [ julienmalka ]; 54 + maintainers = with maintainers; [ julienmalka federicoschonborn ]; 55 55 mainProgram = "waycheck"; 56 56 platforms = platforms.linux; 57 57 }; 58 - } 58 + })

+6 -6

pkgs/data/misc/xorg-rgb/default.nix

··· 1 1 { lib, stdenv, fetchurl, pkg-config, xorgproto }: 2 2 3 - stdenv.mkDerivation rec { 3 + stdenv.mkDerivation (finalAttrs: { 4 4 pname = "rgb"; 5 - version = "1.0.6"; 5 + version = "1.1.0"; 6 6 7 7 src = fetchurl { 8 - url = "https://xorg.freedesktop.org/archive/individual/app/rgb-${version}.tar.bz2"; 9 - sha256 = "1c76zcjs39ljil6f6jpx1x17c8fnvwazz7zvl3vbjfcrlmm7rjmv"; 8 + url = "https://xorg.freedesktop.org/archive/individual/app/rgb-${finalAttrs.version}.tar.xz"; 9 + hash = "sha256-/APX9W5bKmF2aBZ/iSeUjM5U+TCX58zZ8FYHf0ee03s="; 10 10 }; 11 11 12 12 nativeBuildInputs = [ pkg-config ]; ··· 15 15 meta = with lib; { 16 16 description = "X11 colorname to RGB mapping database"; 17 17 license = licenses.mit; 18 - maintainers = [ maintainers.raskin ]; 18 + maintainers = with maintainers; [ raskin ]; 19 19 platforms = platforms.linux; 20 20 homepage = "https://xorg.freedesktop.org/"; 21 21 }; 22 - } 22 + })

+30 -3

pkgs/development/libraries/speech-tools/default.nix

··· 1 - { lib, stdenv, fetchurl, alsa-lib, ncurses }: 1 + { lib 2 + , stdenv 3 + , fetchurl 4 + , fetchpatch 5 + , ncurses 6 + , alsa-lib 7 + , CoreServices 8 + , AudioUnit 9 + , Cocoa 10 + }: 2 11 3 12 stdenv.mkDerivation rec { 4 13 pname = "speech_tools"; ··· 9 18 sha256 = "1k2xh13miyv48gh06rgsq2vj25xwj7z6vwq9ilsn8i7ig3nrgzg4"; 10 19 }; 11 20 12 - buildInputs = [ alsa-lib ncurses ]; 21 + patches = [ 22 + # Fix build on Apple Silicon. Remove in the next release. 23 + (fetchpatch { 24 + url = "https://github.com/festvox/speech_tools/commit/06141f69d21bf507a9becb5405265dc362edb0df.patch"; 25 + hash = "sha256-tRestCBuRhak+2ccsB6mvDxGm/TIYX4eZ3oppCOEP9s="; 26 + }) 27 + ]; 28 + 29 + buildInputs = [ 30 + ncurses 31 + ] ++ lib.optionals stdenv.isLinux [ 32 + alsa-lib 33 + ] ++ lib.optionals stdenv.isDarwin [ 34 + CoreServices 35 + AudioUnit 36 + Cocoa 37 + ]; 38 + 39 + makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "CXX=${stdenv.cc.targetPrefix}c++" ]; 13 40 14 41 # Workaround build failure on -fno-common toolchains: 15 42 # ld: libestools.a(editline.o):(.bss+0x28): multiple definition of ··· 42 69 meta = with lib; { 43 70 description = "Text-to-speech engine"; 44 71 maintainers = with maintainers; [ raskin ]; 45 - platforms = platforms.linux; 72 + platforms = platforms.unix; 46 73 license = licenses.free; 47 74 }; 48 75

+2 -2

pkgs/development/python-modules/apprise/default.nix

··· 19 19 20 20 buildPythonPackage rec { 21 21 pname = "apprise"; 22 - version = "1.5.0"; 22 + version = "1.6.0"; 23 23 format = "setuptools"; 24 24 25 25 disabled = pythonOlder "3.7"; 26 26 27 27 src = fetchPypi { 28 28 inherit pname version; 29 - hash = "sha256-PFgRQQd6EBeQ7eDKsW+ig60DKpsvl9xtNWX7LZGBP9c="; 29 + hash = "sha256-Pu+rHF15eLDmXFCR0c2+kgaGXcPLXRnKXPvdt26Kr/4="; 30 30 }; 31 31 32 32 nativeBuildInputs = [

+23

pkgs/development/python-modules/command_runner/default.nix

··· 1 + { lib, buildPythonPackage, fetchPypi, psutil }: 2 + 3 + buildPythonPackage rec { 4 + pname = "command_runner"; 5 + version = "1.5.0"; 6 + 7 + src = fetchPypi { 8 + inherit pname version; 9 + sha256 = "sha256-UIDzLLIm69W53jvS9M2LVclM+OqRYmLtvuXVAv54ltg="; 10 + }; 11 + 12 + propagatedBuildInputs = [ psutil ]; 13 + 14 + meta = with lib; { 15 + homepage = "https://github.com/netinvent/command_runner"; 16 + description = '' 17 + Platform agnostic command execution, timed background jobs with live 18 + stdout/stderr output capture, and UAC/sudo elevation 19 + ''; 20 + license = licenses.bsd3; 21 + maintainers = teams.wdz.members; 22 + }; 23 + }

pkgs/development/python-modules/et_xmlfile/default.nix pkgs/development/python-modules/et-xmlfile/default.nix

+37

pkgs/development/python-modules/guzzle-sphinx-theme/default.nix

··· 1 + { lib 2 + , buildPythonPackage 3 + , fetchPypi 4 + , setuptools 5 + , sphinx 6 + }: 7 + 8 + buildPythonPackage rec { 9 + pname = "guzzle-sphinx-theme"; 10 + version = "0.7.11"; 11 + pyproject = true; 12 + 13 + src = fetchPypi { 14 + pname = "guzzle_sphinx_theme"; 15 + inherit version; 16 + hash = "sha256-m4wWOcNDwCw/PbffZg3fb1M7VFTukqX3sC7apXP+0+Y="; 17 + }; 18 + 19 + nativeBuildInputs = [ 20 + setuptools 21 + ]; 22 + 23 + doCheck = false; # no tests 24 + 25 + propagatedBuildInputs = [ sphinx ]; 26 + 27 + pythonImportsCheck = [ 28 + "guzzle_sphinx_theme" 29 + ]; 30 + 31 + meta = with lib; { 32 + description = "Sphinx theme used by Guzzle: http://guzzlephp.org"; 33 + homepage = "https://github.com/guzzle/guzzle_sphinx_theme/"; 34 + license = licenses.mit; 35 + maintainers = with maintainers; [ flokli ]; 36 + }; 37 + }

-22

pkgs/development/python-modules/guzzle_sphinx_theme/default.nix

··· 1 - { lib, buildPythonPackage, sphinx, fetchPypi }: 2 - 3 - buildPythonPackage rec { 4 - pname = "guzzle_sphinx_theme"; 5 - version = "0.7.11"; 6 - src = fetchPypi { 7 - inherit pname version; 8 - sha256 = "1rnkzrrsbnifn3vsb4pfaia3nlvgvw6ndpxp7lzjrh23qcwid34v"; 9 - }; 10 - 11 - doCheck = false; # no tests 12 - 13 - propagatedBuildInputs = [ sphinx ]; 14 - 15 - meta = with lib; { 16 - description = "Sphinx theme used by Guzzle: http://guzzlephp.org"; 17 - homepage = "https://github.com/guzzle/guzzle_sphinx_theme/"; 18 - license = licenses.mit; 19 - maintainers = with maintainers; [ flokli ]; 20 - platforms = platforms.unix; 21 - }; 22 - }

+2 -2

pkgs/development/python-modules/openpyxl/default.nix

··· 1 1 { lib 2 2 , buildPythonPackage 3 - , et_xmlfile 3 + , et-xmlfile 4 4 , fetchFromGitLab 5 5 , jdcal 6 6 , lxml ··· 26 26 27 27 propagatedBuildInputs = [ 28 28 jdcal 29 - et_xmlfile 29 + et-xmlfile 30 30 lxml 31 31 ]; 32 32

+3 -2

pkgs/development/python-modules/pythonnet/default.nix

··· 12 12 13 13 let 14 14 pname = "pythonnet"; 15 - version = "3.0.2"; 15 + version = "3.0.3"; 16 16 src = fetchPypi { 17 17 pname = "pythonnet"; 18 18 inherit version; 19 - sha256 = "sha256-LN0cztxkp8m9cRvj0P0MSniTJHQTncVKppe+3edBx0Y="; 19 + hash = "sha256-jUsulxWKAjh1+GR0WKWPOIF/T+Oa9gq91rDYrfHXfnU="; 20 20 }; 21 21 22 22 # This buildDotnetModule is used only to get nuget sources, the actual ··· 70 70 meta = with lib; { 71 71 description = ".NET integration for Python"; 72 72 homepage = "https://pythonnet.github.io"; 73 + changelog = "https://github.com/pythonnet/pythonnet/releases/tag/v${version}"; 73 74 license = licenses.mit; 74 75 # <https://github.com/pythonnet/pythonnet/issues/898> 75 76 badPlatforms = [ "aarch64-linux" ];

-30

pkgs/development/tools/guile/guile-lint/default.nix

··· 1 - { lib, stdenv, fetchurl, guile }: 2 - 3 - stdenv.mkDerivation rec { 4 - pname = "guile-lint"; 5 - version = "14"; 6 - 7 - src = fetchurl { 8 - url = "https://download.tuxfamily.org/user42/${pname}-${version}.tar.bz2"; 9 - sha256 = "1gnhnmki05pkmzpbfc07vmb2iwza6vhy75y03bw2x2rk4fkggz2v"; 10 - }; 11 - 12 - buildInputs = [ guile ]; 13 - 14 - unpackPhase = ''tar xjvf "$src" && sourceRoot="$PWD/${pname}-${version}"''; 15 - 16 - prePatch = '' 17 - substituteInPlace guile-lint.in --replace \ 18 - "exec guile" "exec ${guile}/bin/guile" 19 - ''; 20 - 21 - doCheck = !stdenv.isDarwin; 22 - 23 - meta = with lib; { 24 - description = "Checks syntax and semantics in a Guile program or module"; 25 - homepage = "https://user42.tuxfamily.org/guile-lint/index.html"; 26 - license = licenses.gpl3Plus; 27 - maintainers = with maintainers; [ vyp ]; 28 - platforms = platforms.all; 29 - }; 30 - }

+79 -9

pkgs/servers/monitoring/kapacitor/default.nix

··· 1 - { lib, fetchFromGitHub, buildGoPackage }: 1 + { stdenv 2 + , lib 3 + , rustPlatform 4 + , fetchFromGitHub 5 + , fetchpatch 6 + , libiconv 7 + , buildGoModule 8 + , pkg-config 9 + }: 2 10 3 - buildGoPackage rec { 11 + let 12 + libflux_version = "0.171.0"; 13 + flux = rustPlatform.buildRustPackage rec { 14 + pname = "libflux"; 15 + version = "v${libflux_version}"; 16 + src = fetchFromGitHub { 17 + owner = "influxdata"; 18 + repo = "flux"; 19 + rev = "v${libflux_version}"; 20 + hash = "sha256-v9MUR+PcxAus91FiHYrMN9MbNOTWewh7MT6/t/QWQcM="; 21 + }; 22 + patches = [ 23 + # https://github.com/influxdata/flux/pull/5273 24 + # fix compile error with Rust 1.64 25 + (fetchpatch { 26 + url = "https://github.com/influxdata/flux/commit/20ca62138a0669f2760dd469ca41fc333e04b8f2.patch"; 27 + stripLen = 2; 28 + extraPrefix = ""; 29 + hash = "sha256-Fb4CuH9ZvrPha249dmLLI8MqSNQRKqKPxPbw2pjqwfY="; 30 + }) 31 + ]; 32 + sourceRoot = "${src.name}/libflux"; 33 + cargoSha256 = "sha256-oAMoGGdR0QEjSzZ0/J5J9s/ekSlryCcRBSo5N2r70Ko="; 34 + nativeBuildInputs = [ rustPlatform.bindgenHook ]; 35 + buildInputs = lib.optional stdenv.isDarwin libiconv; 36 + pkgcfg = '' 37 + Name: flux 38 + Version: ${libflux_version} 39 + Description: Library for the InfluxData Flux engine 40 + Cflags: -I/out/include 41 + Libs: -L/out/lib -lflux -lpthread 42 + ''; 43 + passAsFile = [ "pkgcfg" ]; 44 + postInstall = '' 45 + mkdir -p $out/include $out/pkgconfig 46 + cp -r $NIX_BUILD_TOP/source/libflux/include/influxdata $out/include 47 + substitute $pkgcfgPath $out/pkgconfig/flux.pc \ 48 + --replace /out $out 49 + '' + lib.optionalString stdenv.isDarwin '' 50 + install_name_tool -id $out/lib/libflux.dylib $out/lib/libflux.dylib 51 + ''; 52 + }; 53 + in 54 + buildGoModule rec { 4 55 pname = "kapacitor"; 5 - version = "1.5.7"; 6 - 7 - goPackagePath = "github.com/influxdata/kapacitor"; 56 + version = "1.7.0"; 8 57 9 58 src = fetchFromGitHub { 10 59 owner = "influxdata"; 11 60 repo = "kapacitor"; 12 61 rev = "v${version}"; 13 - sha256 = "0lzx25d4y5d8rsddgnypfskcxa5qlwc294sdzmn8dlq995yphpac"; 62 + hash = "sha256-vDluZZrct1x+OMVU8MNO56YBZq7JNlpW68alOrAGYSM="; 14 63 }; 15 64 65 + vendorHash = "sha256-OX4QAthg15lwMyhOPyLTS++CMvGI5Um+FSd025PhW3E="; 66 + 67 + nativeBuildInputs = [ pkg-config ]; 68 + 69 + PKG_CONFIG_PATH = "${flux}/pkgconfig"; 70 + 71 + # Check that libflux is at the right version 72 + preBuild = '' 73 + flux_ver=$(grep github.com/influxdata/flux go.mod | awk '{print $2}') 74 + if [ "$flux_ver" != "v${libflux_version}" ]; then 75 + echo "go.mod wants libflux $flux_ver, but nix derivation provides ${libflux_version}" 76 + exit 1 77 + fi 78 + ''; 79 + 80 + # Remove failing server tests 81 + preCheck = '' 82 + rm server/server_test.go 83 + ''; 84 + 16 85 meta = with lib; { 17 86 description = "Open source framework for processing, monitoring, and alerting on time series data"; 87 + homepage = "https://influxdata.com/time-series-platform/kapacitor/"; 88 + downloadPage = "https://github.com/influxdata/kapacitor/releases"; 18 89 license = licenses.mit; 19 - homepage = "https://influxdata.com/time-series-platform/kapacitor/"; 20 - maintainers = with maintainers; [ offline ]; 21 - platforms = with platforms; linux; 90 + changelog = "https://github.com/influxdata/kapacitor/blob/master/CHANGELOG.md"; 91 + maintainers = with maintainers; [ offline totoroot ]; 22 92 }; 23 93 }

+18

pkgs/servers/monitoring/librenms/broken-binary-paths.diff

··· 1 + diff --git a/LibreNMS/Config.php b/LibreNMS/Config.php 2 + index 5ed6b71..de7718a 100644 3 + --- a/LibreNMS/Config.php 4 + +++ b/LibreNMS/Config.php 5 + @@ -460,13 +460,6 @@ class Config 6 + self::persist('device_display_default', $display_value); 7 + } 8 + 9 + - // make sure we have full path to binaries in case PATH isn't set 10 + - foreach (['fping', 'fping6', 'snmpgetnext', 'rrdtool', 'traceroute'] as $bin) { 11 + - if (! is_executable(self::get($bin))) { 12 + - self::persist($bin, self::locateBinary($bin)); 13 + - } 14 + - } 15 + - 16 + if (! self::has('rrdtool_version')) { 17 + self::persist('rrdtool_version', Rrd::version()); 18 + }

+116

pkgs/servers/monitoring/librenms/default.nix

··· 1 + { lib 2 + , fetchFromGitHub 3 + , unixtools 4 + , php82 5 + , python3 6 + , makeWrapper 7 + , nixosTests 8 + # run-time dependencies 9 + , graphviz 10 + , ipmitool 11 + , libvirt 12 + , monitoring-plugins 13 + , mtr 14 + , net-snmp 15 + , nfdump 16 + , nmap 17 + , rrdtool 18 + , system-sendmail 19 + , whois 20 + , dataDir ? "/var/lib/librenms", logDir ? "/var/log/librenms" }: 21 + 22 + 23 + let 24 + phpPackage = php82.withExtensions ({ enabled, all }: enabled ++ [ all.memcached ]); 25 + in phpPackage.buildComposerProject rec { 26 + name = pname + "-" + version; 27 + pname = "librenms"; 28 + version = "23.9.1"; 29 + 30 + src = fetchFromGitHub { 31 + owner = "librenms"; 32 + repo = pname; 33 + rev = "${version}"; 34 + sha256 = "sha256-glcD9AhxkvMmGo/7/RhQFeOtvHJ4pSiEFxaAjeVrTaI="; 35 + }; 36 + 37 + vendorHash = "sha256-s6vdGfM7Ehy1bbkB44EQaHBBvTkpVw9yxhVsc/O8dHc="; 38 + 39 + php = phpPackage; 40 + 41 + buildInputs = [ 42 + unixtools.whereis 43 + (python3.withPackages (ps: with ps; [ 44 + pymysql 45 + python-dotenv 46 + redis 47 + setuptools 48 + psutil 49 + command_runner 50 + ])) 51 + ]; 52 + 53 + nativeBuildInputs = [ makeWrapper ]; 54 + 55 + installPhase = '' 56 + runHook preInstall 57 + 58 + mv $out/share/php/librenms/* $out 59 + rm -r $out/share 60 + 61 + # This broken logic leads to bad settings being persisted in the database 62 + patch -p1 -d $out -i ${./broken-binary-paths.diff} 63 + 64 + substituteInPlace \ 65 + $out/misc/config_definitions.json \ 66 + --replace '"default": "/bin/ping",' '"default": "/run/wrappers/bin/ping",' \ 67 + --replace '"default": "fping",' '"default": "/run/wrappers/bin/fping",' \ 68 + --replace '"default": "fping6",' '"default": "/run/wrappers/bin/fping6",' \ 69 + --replace '"default": "rrdtool",' '"default": "${rrdtool}/bin/rrdtool",' \ 70 + --replace '"default": "snmpgetnext",' '"default": "${net-snmp}/bin/snmpgetnext",' \ 71 + --replace '"default": "traceroute",' '"default": "/run/wrappers/bin/traceroute",' \ 72 + --replace '"default": "/usr/bin/dot",' '"default": "${graphviz}/bin/dot",' \ 73 + --replace '"default": "/usr/bin/ipmitool",' '"default": "${ipmitool}/bin/ipmitool",' \ 74 + --replace '"default": "/usr/bin/mtr",' '"default": "${mtr}/bin/mtr",' \ 75 + --replace '"default": "/usr/bin/nfdump",' '"default": "${nfdump}/bin/nfdump",' \ 76 + --replace '"default": "/usr/bin/nmap",' '"default": "${nmap}/bin/nmap",' \ 77 + --replace '"default": "/usr/bin/sfdp",' '"default": "${graphviz}/bin/sfdp",' \ 78 + --replace '"default": "/usr/bin/snmpbulkwalk",' '"default": "${net-snmp}/bin/snmpbulkwalk",' \ 79 + --replace '"default": "/usr/bin/snmpget",' '"default": "${net-snmp}/bin/snmpget",' \ 80 + --replace '"default": "/usr/bin/snmptranslate",' '"default": "${net-snmp}/bin/snmptranslate",' \ 81 + --replace '"default": "/usr/bin/snmpwalk",' '"default": "${net-snmp}/bin/snmpwalk",' \ 82 + --replace '"default": "/usr/bin/virsh",' '"default": "${libvirt}/bin/virsh",' \ 83 + --replace '"default": "/usr/bin/whois",' '"default": "${whois}/bin/whois",' \ 84 + --replace '"default": "/usr/lib/nagios/plugins",' '"default": "${monitoring-plugins}/libexec",' \ 85 + --replace '"default": "/usr/sbin/sendmail",' '"default": "${system-sendmail}/bin/sendmail",' 86 + 87 + substituteInPlace $out/LibreNMS/wrapper.py --replace '/usr/bin/env php' '${phpPackage}/bin/php' 88 + substituteInPlace $out/LibreNMS/__init__.py --replace '"/usr/bin/env", "php"' '"${phpPackage}/bin/php"' 89 + substituteInPlace $out/snmp-scan.py --replace '"/usr/bin/env", "php"' '"${phpPackage}/bin/php"' 90 + 91 + wrapProgram $out/daily.sh --prefix PATH : ${phpPackage}/bin 92 + 93 + rm -rf $out/logs $out/rrd $out/bootstrap/cache $out/storage $out/.env 94 + ln -s ${logDir} $out/logs 95 + ln -s ${dataDir}/config.php $out/config.php 96 + ln -s ${dataDir}/.env $out/.env 97 + ln -s ${dataDir}/rrd $out/rrd 98 + ln -s ${dataDir}/storage $out/storage 99 + ln -s ${dataDir}/cache $out/bootstrap/cache 100 + 101 + runHook postInstall 102 + ''; 103 + 104 + passthru = { 105 + phpPackage = phpPackage; 106 + tests.librenms = nixosTests.librenms; 107 + }; 108 + 109 + meta = with lib; { 110 + description = "A auto-discovering PHP/MySQL/SNMP based network monitoring"; 111 + homepage = "https://www.librenms.org/"; 112 + license = licenses.gpl3Only; 113 + maintainers = teams.wdz.members; 114 + platforms = platforms.linux; 115 + }; 116 + }

+9 -4

pkgs/servers/tang/default.nix

··· 13 13 , testers 14 14 , tang 15 15 , gitUpdater 16 + , nixosTests 16 17 }: 17 18 18 19 stdenv.mkDerivation rec { ··· 53 54 ''; 54 55 55 56 passthru = { 56 - tests.version = testers.testVersion { 57 - package = tang; 58 - command = "${tang}/libexec/tangd --version"; 59 - version = "tangd ${version}"; 57 + tests = { 58 + inherit (nixosTests) tang; 59 + version = testers.testVersion { 60 + package = tang; 61 + command = "${tang}/libexec/tangd --version"; 62 + version = "tangd ${version}"; 63 + }; 60 64 }; 61 65 updateScript = gitUpdater { }; 62 66 }; ··· 67 71 changelog = "https://github.com/latchset/tang/releases/tag/v${version}"; 68 72 maintainers = with lib.maintainers; [ fpletz ]; 69 73 license = lib.licenses.gpl3Plus; 74 + mainProgram = "tangd"; 70 75 }; 71 76 }

+1 -1

pkgs/tools/backup/borgbackup/default.nix

··· 37 37 38 38 # docs 39 39 sphinxHook 40 - guzzle_sphinx_theme 40 + guzzle-sphinx-theme 41 41 42 42 # shell completions 43 43 installShellFiles

-32

pkgs/tools/misc/cloud-sql-proxy/default.nix

··· 1 - { lib 2 - , buildGoModule 3 - , fetchFromGitHub 4 - }: 5 - 6 - buildGoModule rec { 7 - pname = "cloud-sql-proxy"; 8 - version = "2.7.0"; 9 - 10 - src = fetchFromGitHub { 11 - owner = "GoogleCloudPlatform"; 12 - repo = "cloud-sql-proxy"; 13 - rev = "v${version}"; 14 - hash = "sha256-4PB9Eaqb8teF+gmiHD2VAIFnxqiK2Nb0u+xSNAM8iMs="; 15 - }; 16 - 17 - subPackages = [ "." ]; 18 - 19 - vendorHash = "sha256-LaI7IdSyB7ETTjqIcIPDf3noEbvwlN3+KqrkSm8B6m8="; 20 - 21 - preCheck = '' 22 - buildFlagsArray+="-short" 23 - ''; 24 - 25 - meta = with lib; { 26 - description = "Utility for ensuring secure connections to Google Cloud SQL instances"; 27 - homepage = "https://github.com/GoogleCloudPlatform/cloud-sql-proxy"; 28 - license = licenses.asl20; 29 - maintainers = with maintainers; [ nicknovitski totoroot ]; 30 - mainProgram = "cloud-sql-proxy"; 31 - }; 32 - }

+37

pkgs/tools/misc/google-cloud-bigtable-tool/default.nix

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "google-cloud-bigtable-tool"; 8 + version = "0.12.0"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "googleapis"; 12 + repo = "cloud-bigtable-cbt-cli"; 13 + rev = "v.${version}"; 14 + hash = "sha256-N5nbWMj7kLIdRiwBUWFz4Rat88Wx01i3hceMxAvSjaA="; 15 + }; 16 + 17 + vendorHash = "sha256-kwvEfvHs6XF84bB3Ss1307OjId0nh/0Imih1fRFdY0M="; 18 + 19 + preCheck = '' 20 + buildFlagsArray+="-short" 21 + ''; 22 + 23 + meta = with lib; { 24 + description = "Google Cloud Bigtable Tool"; 25 + longDescription = '' 26 + `cbt` is the Google Cloud Bigtable Tool. A CLI utility to interact with Google Cloud Bigtable. 27 + The cbt CLI is a command-line interface for performing several different operations on Cloud Bigtable. 28 + It is written in Go using the Go client library for Cloud Bigtable. 29 + An overview of its usage can be found in the [Google Cloud docs](https://cloud.google.com/bigtable/docs/cbt-overview). 30 + For information about Bigtable in general, see the [overview of Bigtable](https://cloud.google.com/bigtable/docs/overview). 31 + ''; 32 + homepage = "https://github.com/googleapis/cloud-bigtable-cbt-cli"; 33 + license = licenses.asl20; 34 + maintainers = with maintainers; [ totoroot ]; 35 + mainProgram = "cbt"; 36 + }; 37 + }

+40

pkgs/tools/misc/google-cloud-sql-proxy/default.nix

··· 1 + { lib 2 + , buildGoModule 3 + , fetchFromGitHub 4 + }: 5 + 6 + buildGoModule rec { 7 + pname = "google-cloud-sql-proxy"; 8 + version = "2.7.0"; 9 + 10 + src = fetchFromGitHub { 11 + owner = "GoogleCloudPlatform"; 12 + repo = "cloud-sql-proxy"; 13 + rev = "v${version}"; 14 + hash = "sha256-4PB9Eaqb8teF+gmiHD2VAIFnxqiK2Nb0u+xSNAM8iMs="; 15 + }; 16 + 17 + subPackages = [ "." ]; 18 + 19 + vendorHash = "sha256-LaI7IdSyB7ETTjqIcIPDf3noEbvwlN3+KqrkSm8B6m8="; 20 + 21 + preCheck = '' 22 + buildFlagsArray+="-short" 23 + ''; 24 + 25 + meta = with lib; { 26 + description = "Utility for ensuring secure connections to Google Cloud SQL instances"; 27 + longDescription = '' 28 + The Cloud SQL Auth Proxy is a utility for ensuring secure connections to your Cloud SQL instances. 29 + It provides IAM authorization, allowing you to control who can connect to your instance through IAM permissions, 30 + and TLS 1.3 encryption, without having to manage certificates. 31 + See the [Connecting Overview](https://cloud.google.com/sql/docs/mysql/connect-overview) page for more information 32 + on connecting to a Cloud SQL instance, or the [About the Proxy](https://cloud.google.com/sql/docs/mysql/sql-proxy) 33 + page for details on how the Cloud SQL Proxy works. 34 + ''; 35 + homepage = "https://github.com/GoogleCloudPlatform/cloud-sql-proxy"; 36 + license = licenses.asl20; 37 + maintainers = with maintainers; [ nicknovitski totoroot ]; 38 + mainProgram = "cloud-sql-proxy"; 39 + }; 40 + }

+3 -3

pkgs/tools/networking/sockdump/default.nix

··· 2 2 3 3 python3.pkgs.buildPythonApplication rec { 4 4 pname = "sockdump"; 5 - version = "unstable-2022-10-12"; 5 + version = "unstable-2023-09-16"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "mechpen"; 9 9 repo = pname; 10 - rev = "005dcb056238c2e37ff378aef27c953208ffa08f"; 11 - hash = "sha256-X8PIUDxlcdPoD7+aLDWzlWV++P3mmu52BwY7irhypww="; 10 + rev = "713759e383366feae76863881e851a6411c73b68"; 11 + hash = "sha256-q6jdwFhl2G9o2C0BVU6Xz7xizO00yaSQ2KSR/z4fixY="; 12 12 }; 13 13 14 14 propagatedBuildInputs = [ bcc ];

+2

pkgs/top-level/aliases.nix

··· 332 332 gr-rds = throw "'gr-rds' has been renamed to/replaced by 'gnuradio3_7.pkgs.rds'"; # Converted to throw 2023-09-10 333 333 grub2_full = grub2; # Added 2022-11-18 334 334 grub = throw "grub1 was removed after not being maintained upstream for a decade. Please switch to another bootloader"; # Added 2023-04-11 335 + guile-lint = throw "'guile-lint' has been removed, please use 'guild lint' instead"; # Added 2023-10-16 335 336 336 337 ### H ### 337 338 ··· 797 798 shhgit = throw "shhgit is broken and is no longer maintained. See https://github.com/eth0izzle/shhgit#-shhgit-is-no-longer-maintained-" ; # Added 2023-08-08 798 799 shipyard = jumppad; # Added 2023-06-06 799 800 signumone-ks = throw "signumone-ks has been removed from nixpkgs because the developers stopped offering the binaries"; # Added 2023-08-17 801 + simplenote = throw "'simplenote' has been removed because it is no longer maintained and insecure"; # Added 2023-10-09 800 802 slack-dark = slack; # Added 2020-03-27 801 803 slmenu = throw "slmenu has been removed (upstream is gone)"; # Added 2023-04-06 802 804 slurm-llnl = slurm; # renamed July 2017

+9 -9

pkgs/top-level/all-packages.nix

··· 3618 3618 3619 3619 clairvoyance = callPackage ../tools/security/clairvoyance { }; 3620 3620 3621 - cloud-sql-proxy = callPackage ../tools/misc/cloud-sql-proxy { }; 3622 - 3623 3621 cloudfox = callPackage ../tools/security/cloudfox { }; 3624 3622 3625 3623 cloudhunter = callPackage ../tools/security/cloudhunter { }; ··· 5854 5852 libnss-mysql = callPackage ../os-specific/linux/libnss-mysql { }; 5855 5853 5856 5854 libnvme = callPackage ../os-specific/linux/libnvme { }; 5855 + 5856 + librenms = callPackage ../servers/monitoring/librenms { }; 5857 5857 5858 5858 libxnd = callPackage ../development/libraries/libxnd { }; 5859 5859 ··· 8754 8754 python = python3; 8755 8755 with-gce = true; 8756 8756 }; 8757 + 8758 + google-cloud-bigtable-tool = callPackage ../tools/misc/google-cloud-bigtable-tool { }; 8759 + 8760 + google-cloud-sql-proxy = callPackage ../tools/misc/google-cloud-sql-proxy { }; 8757 8761 8758 8762 google-fonts = callPackage ../data/fonts/google-fonts { }; 8759 8763 ··· 19363 19367 19364 19368 guile-hall = callPackage ../development/tools/guile/guile-hall { }; 19365 19369 19366 - guile-lint = callPackage ../development/tools/guile/guile-lint { 19367 - guile = guile_1_8; 19368 - }; 19369 - 19370 19370 gwrap = callPackage ../development/tools/guile/g-wrap { 19371 19371 guile = guile_2_2; 19372 19372 }; ··· 25111 25111 25112 25112 speechd = callPackage ../development/libraries/speechd { }; 25113 25113 25114 - speech-tools = callPackage ../development/libraries/speech-tools { }; 25114 + speech-tools = callPackage ../development/libraries/speech-tools { 25115 + inherit (darwin.apple_sdk.frameworks) CoreServices AudioUnit Cocoa; 25116 + }; 25115 25117 25116 25118 speex = callPackage ../development/libraries/speex { 25117 25119 fftw = fftwFloat; ··· 41668 41670 nitrokey-app2 = libsForQt5.callPackage ../tools/security/nitrokey-app2 { }; 41669 41671 41670 41672 fpm2 = callPackage ../tools/security/fpm2 { }; 41671 - 41672 - simplenote = callPackage ../applications/misc/simplenote { }; 41673 41673 41674 41674 hy = with python3Packages; toPythonApplication hy; 41675 41675

+2

pkgs/top-level/python-aliases.nix

··· 128 128 eebrightbox = throw "eebrightbox is unmaintained upstream and has therefore been removed"; # added 2022-02-03 129 129 EasyProcess = easyprocess; # added 2023-02-19 130 130 email_validator = email-validator; # added 2022-06-22 131 + et_xmlfile = et-xmlfile; # added 2023-10-16 131 132 ev3dev2 = python-ev3dev2; # added 2023-06-19 132 133 Fabric = fabric; # addedd 2023-02-19 133 134 face_recognition = face-recognition; # added 2022-10-15 ··· 173 174 graphite_beacon = throw "graphite_beacon was removed, because it is no longer maintained"; # added 2022-07-09 174 175 grappelli_safe = grappelli-safe; # added 2023-10-08 175 176 grpc_google_iam_v1 = grpc-google-iam-v1; # added 2021-08-21 177 + guzzle_sphinx_theme = guzzle-sphinx-theme; # added 2023-10-16 176 178 ha-av = throw "ha-av was removed, because it is no longer maintained"; # added 2022-04-06 177 179 HAP-python = hap-python; # added 2021-06-01 178 180 hangups = throw "hangups was removed because Google Hangouts has been shut down"; # added 2023-02-13

+4 -2

pkgs/top-level/python-packages.nix

··· 1850 1850 1851 1851 comicon = callPackage ../development/python-modules/comicon { }; 1852 1852 1853 + command_runner = callPackage ../development/python-modules/command_runner { }; 1854 + 1853 1855 connect-box = callPackage ../development/python-modules/connect_box { }; 1854 1856 1855 1857 connection-pool = callPackage ../development/python-modules/connection-pool { }; ··· 3620 3622 3621 3623 etuples = callPackage ../development/python-modules/etuples { }; 3622 3624 3623 - et_xmlfile = callPackage ../development/python-modules/et_xmlfile { }; 3625 + et-xmlfile = callPackage ../development/python-modules/et-xmlfile { }; 3624 3626 3625 3627 eufylife-ble-client = callPackage ../development/python-modules/eufylife-ble-client { }; 3626 3628 ··· 4816 4818 else 4817 4819 throw "gurobipy not yet supported on ${stdenv.hostPlatform.system}"; 4818 4820 4819 - guzzle_sphinx_theme = callPackage ../development/python-modules/guzzle_sphinx_theme { }; 4821 + guzzle-sphinx-theme = callPackage ../development/python-modules/guzzle-sphinx-theme { }; 4820 4822 4821 4823 gvm-tools = callPackage ../development/python-modules/gvm-tools { }; 4822 4824