+107 -1

nixos/modules/services/misc/gitlab.nix

··· 140 140 port = 3807; 141 141 }; 142 142 }; 143 143 + registry = lib.optionalAttrs cfg.registry.enable { 144 144 + enabled = true; 145 145 + host = cfg.registry.externalAddress; 146 146 + port = cfg.registry.externalPort; 147 147 + key = cfg.registry.keyFile; 148 148 + api_url = "http://${config.services.dockerRegistry.listenAddress}:${toString config.services.dockerRegistry.port}/"; 149 149 + issuer = "gitlab-issuer"; 150 150 + }; 143 151 extra = {}; 144 152 uploads.storage_path = cfg.statePath; 145 153 }; ··· 156 164 prometheus_multiproc_dir = "/run/gitlab"; 157 165 RAILS_ENV = "production"; 158 166 MALLOC_ARENA_MAX = "2"; 159 159 - }; 167 167 + } // cfg.extraEnv; 160 168 161 169 gitlab-rake = pkgs.stdenv.mkDerivation { 162 170 name = "gitlab-rake"; ··· 274 282 exist already. Its parent directories must be owned by 275 283 either <literal>root</literal> or the user set in 276 284 <option>services.gitlab.user</option>. 285 285 + ''; 286 286 + }; 287 287 + 288 288 + extraEnv = mkOption { 289 289 + type = types.attrsOf types.str; 290 290 + default = {}; 291 291 + description = '' 292 292 + Additional environment variables for the GitLab environment. 277 293 ''; 278 294 }; 279 295 ··· 508 524 ''; 509 525 }; 510 526 527 527 + registry = { 528 528 + enable = mkOption { 529 529 + type = types.bool; 530 530 + default = false; 531 531 + description = "Enable GitLab container registry."; 532 532 + }; 533 533 + host = mkOption { 534 534 + type = types.str; 535 535 + default = config.services.gitlab.host; 536 536 + description = "GitLab container registry host name."; 537 537 + }; 538 538 + port = mkOption { 539 539 + type = types.int; 540 540 + default = 4567; 541 541 + description = "GitLab container registry port."; 542 542 + }; 543 543 + certFile = mkOption { 544 544 + type = types.path; 545 545 + default = null; 546 546 + description = "Path to GitLab container registry certificate."; 547 547 + }; 548 548 + keyFile = mkOption { 549 549 + type = types.path; 550 550 + default = null; 551 551 + description = "Path to GitLab container registry certificate-key."; 552 552 + }; 553 553 + defaultForProjects = mkOption { 554 554 + type = types.bool; 555 555 + default = cfg.registry.enable; 556 556 + description = "If GitLab container registry should be enabled by default for projects."; 557 557 + }; 558 558 + issuer = mkOption { 559 559 + type = types.str; 560 560 + default = "gitlab-issuer"; 561 561 + description = "GitLab container registry issuer."; 562 562 + }; 563 563 + serviceName = mkOption { 564 564 + type = types.str; 565 565 + default = "container_registry"; 566 566 + description = "GitLab container registry service name."; 567 567 + }; 568 568 + externalAddress = mkOption { 569 569 + type = types.str; 570 570 + default = ""; 571 571 + description = "External address used to access registry from the internet"; 572 572 + }; 573 573 + externalPort = mkOption { 574 574 + type = types.int; 575 575 + description = "External port used to access registry from the internet"; 576 576 + }; 577 577 + }; 578 578 + 511 579 smtp = { 512 580 enable = mkOption { 513 581 type = types.bool; ··· 902 970 User = pgsql.superUser; 903 971 Type = "oneshot"; 904 972 RemainAfterExit = true; 973 973 + }; 974 974 + }; 975 975 + 976 976 + systemd.services.gitlab-registry-cert = optionalAttrs cfg.registry.enable { 977 977 + path = with pkgs; [ openssl ]; 978 978 + 979 979 + script = '' 980 980 + mkdir -p $(dirname ${cfg.registry.keyFile}) 981 981 + mkdir -p $(dirname ${cfg.registry.certFile}) 982 982 + openssl req -nodes -newkey rsa:4096 -keyout ${cfg.registry.keyFile} -out /tmp/registry-auth.csr -subj "/CN=${cfg.registry.issuer}" 983 983 + openssl x509 -in /tmp/registry-auth.csr -out ${cfg.registry.certFile} -req -signkey ${cfg.registry.keyFile} -days 3650 984 984 + chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.keyFile}) 985 985 + chown ${cfg.user}:${cfg.group} $(dirname ${cfg.registry.certFile}) 986 986 + chown ${cfg.user}:${cfg.group} ${cfg.registry.keyFile} 987 987 + chown ${cfg.user}:${cfg.group} ${cfg.registry.certFile} 988 988 + ''; 989 989 + 990 990 + serviceConfig = { 991 991 + ConditionPathExists = "!${cfg.registry.certFile}"; 992 992 + }; 993 993 + }; 994 994 + 995 995 + # Ensure Docker Registry launches after the certificate generation job 996 996 + systemd.services.docker-registry = optionalAttrs cfg.registry.enable { 997 997 + wants = [ "gitlab-registry-cert.service" ]; 998 998 + }; 999 999 + 1000 1000 + # Enable Docker Registry, if GitLab-Container Registry is enabled 1001 1001 + services.dockerRegistry = optionalAttrs cfg.registry.enable { 1002 1002 + enable = true; 1003 1003 + enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly 1004 1004 + extraConfig = { 1005 1005 + auth.token = { 1006 1006 + realm = "http${if cfg.https == true then "s" else ""}://${cfg.host}/jwt/auth"; 1007 1007 + service = cfg.registry.serviceName; 1008 1008 + issuer = cfg.registry.issuer; 1009 1009 + rootcertbundle = cfg.registry.certFile; 1010 1010 + }; 905 1011 }; 906 1012 }; 907 1013

+3 -3

pkgs/applications/misc/electron-cash/default.nix

··· 1 1 - { lib, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook 1 1 + { lib, stdenv, fetchFromGitHub, python3Packages, qtbase, fetchpatch, wrapQtAppsHook 2 2 , secp256k1 }: 3 3 4 4 python3Packages.buildPythonApplication rec { ··· 61 61 pytest electroncash/tests 62 62 ''; 63 63 64 64 - postInstall = '' 64 64 + postInstall = lib.optionalString stdenv.isLinux '' 65 65 substituteInPlace $out/share/applications/electron-cash.desktop \ 66 66 --replace "Exec=electron-cash" "Exec=$out/bin/electron-cash" 67 67 ''; ··· 92 92 of the blockchain. 93 93 ''; 94 94 homepage = "https://www.electroncash.org/"; 95 95 - platforms = platforms.linux; 95 95 + platforms = platforms.unix; 96 96 maintainers = with maintainers; [ lassulus nyanloutre oxalica ]; 97 97 license = licenses.mit; 98 98 };

+4 -2

pkgs/applications/misc/makeself/default.nix

··· 12 12 sha256 = "07cq7q71bv3fwddkp2863ylry2ivds00f8sjy8npjpdbkailxm21"; 13 13 }; 14 14 15 15 - patches = [ ./tests-use-better-shell.patch ]; 16 15 postPatch = "patchShebangs test"; 17 16 18 18 - doCheck = true; 17 17 + # Issue #110149: our default /bin/sh apparently has 32-bit math only 18 18 + # (attribute busybox-sandbox-shell), and that causes problems 19 19 + # when running these tests inside build, based on free disk space. 20 20 + doCheck = false; 19 21 checkTarget = "test"; 20 22 checkInputs = [ which zstd pbzip2 ]; 21 23

-10

pkgs/applications/misc/makeself/tests-use-better-shell.patch

··· 1 1 - Use full bash's sh in tests instead of /bin/sh, as that would be 2 2 - too minimalist in the build sandbox. See issue: 3 3 - https://github.com/NixOS/nixpkgs/issues/110149#issuecomment-874258128 4 4 - diff --git a/test/extracttest b/test/extracttest 5 5 - --- a/test/extracttest 6 6 - +++ b/test/extracttest 7 7 - @@ -9,2 +9,3 @@ setupTests() { 8 8 - $SUT $* archive makeself-test.run "Test $*" echo Testing 9 9 - + sed "1s|/bin|$(dirname "$SHELL")|" -i ./makeself-test.run 10 10 - }

+2

pkgs/applications/networking/irc/weechat/scripts/default.nix

··· 24 24 weechat-go = callPackage ./weechat-go { }; 25 25 26 26 buffer_autoset = callPackage ./buffer_autoset { }; 27 27 + 28 28 + highmon = callPackage ./highmon { }; 27 29 }

+31

pkgs/applications/networking/irc/weechat/scripts/highmon/default.nix

··· 1 1 + { lib, stdenv, fetchurl, weechat }: 2 2 + 3 3 + stdenv.mkDerivation { 4 4 + pname = "highmon"; 5 5 + version = "2.7"; 6 6 + 7 7 + src = fetchurl { 8 8 + url = "https://raw.githubusercontent.com/KenjiE20/highmon/182e67d070c75efc81999e68c2ac7fdfe44d2872/highmon.pl"; 9 9 + sha256 = "1vvgzscb12l3cp2nq954fx6j3awvpjsb0nqylal51ps9cq9a3wir"; 10 10 + }; 11 11 + 12 12 + dontUnpack = true; 13 13 + 14 14 + passthru.scripts = [ "highmon.pl" ]; 15 15 + 16 16 + installPhase = '' 17 17 + runHook preInstall 18 18 + 19 19 + install -D $src $out/share/highmon.pl 20 20 + 21 21 + runHook postInstall 22 22 + ''; 23 23 + 24 24 + meta = with lib; { 25 25 + inherit (weechat.meta) platforms; 26 26 + homepage = "https://github.com/KenjiE20/highmon/"; 27 27 + description = "highmon.pl is a weechat script that adds 'Highlight Monitor'."; 28 28 + license = licenses.gpl3Plus; 29 29 + maintainers = with maintainers; [ govanify ]; 30 30 + }; 31 31 + }

+2 -2

pkgs/development/python-modules/pytest-rerunfailures/default.nix

··· 2 2 3 3 buildPythonPackage rec { 4 4 pname = "pytest-rerunfailures"; 5 5 - version = "9.1.1"; 5 5 + version = "10.1"; 6 6 7 7 disabled = pythonOlder "3.5"; 8 8 9 9 src = fetchPypi { 10 10 inherit pname version; 11 11 - sha256 = "1cb11a17fc121b3918414eb5eaf314ee325f2e693ac7cb3f6abf7560790827f2"; 11 11 + sha256 = "7617c06de13ee6dd2df9add7e275bfb2bcebbaaf3e450f5937cd0200df824273"; 12 12 }; 13 13 14 14 buildInputs = [ pytest ];

+1

pkgs/os-specific/linux/busybox/sandbox-shell.nix

··· 8 8 CONFIG_FEATURE_FANCY_ECHO y 9 9 CONFIG_FEATURE_SH_MATH y 10 10 CONFIG_FEATURE_SH_MATH_64 y 11 11 + CONFIG_FEATURE_TEST_64 y 11 12 12 13 CONFIG_ASH y 13 14 CONFIG_ASH_OPTIMIZE_FOR_SIZE y

+2 -2

pkgs/tools/misc/trash-cli/default.nix

··· 2 2 3 3 python3Packages.buildPythonApplication rec { 4 4 pname = "trash-cli"; 5 5 - version = "0.21.6.10.1"; 5 5 + version = "0.21.6.30"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "andreafrancia"; 9 9 repo = "trash-cli"; 10 10 rev = version; 11 11 - sha256 = "0mhpzf3vmd876aldl5gazmk4si0zvrh0v1rwsz2hbrn0571zmzy9"; 11 11 + sha256 = "09vwg4jpx7pl7rd5ybq5ldgwky8zzf59msmzvmim9vipnmjgkxv7"; 12 12 }; 13 13 14 14 propagatedBuildInputs = [ python3Packages.psutil ];

+47

pkgs/tools/networking/bore/default.nix

··· 1 1 + { lib, stdenv, rustPlatform, fetchFromBitbucket, llvmPackages, Libsystem, SystemConfiguration, installShellFiles }: 2 2 + 3 3 + rustPlatform.buildRustPackage rec { 4 4 + pname = "bore"; 5 5 + version = "0.3.3"; 6 6 + 7 7 + src = fetchFromBitbucket { 8 8 + owner = "delan"; 9 9 + repo = "nonymous"; 10 10 + rev = version; 11 11 + sha256 = "0gws1f625izrb3armh6bay1k8l9p9csl37jx03yss1r720k4vn2x"; 12 12 + }; 13 13 + 14 14 + cargoSha256 = "1n09gcp1y885lz6g2f73zw3fd0fmv7nwlvaqba2yl0kylzk7naa6"; 15 15 + cargoBuildFlags = "-p ${pname}"; 16 16 + 17 17 + # FIXME can’t test --all-targets and --doc in a single invocation 18 18 + cargoTestFlags = "--features std --all-targets --workspace"; 19 19 + 20 20 + nativeBuildInputs = [ installShellFiles ] 21 21 + ++ lib.optional stdenv.isDarwin llvmPackages.libclang; 22 22 + 23 23 + buildInputs = lib.optionals stdenv.isDarwin [ 24 24 + Libsystem 25 25 + SystemConfiguration 26 26 + ]; 27 27 + 28 28 + LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib"; 29 29 + 30 30 + postInstall = '' 31 31 + installManPage $src/bore/doc/bore.1 32 32 + ''; 33 33 + 34 34 + doInstallCheck = true; 35 35 + installCheckPhase = '' 36 36 + printf '\0\0\0\0\0\0\0\0\0\0\0\0' \ 37 37 + | $out/bin/bore --decode \ 38 38 + | grep -q ';; NoError #0 Query 0 0 0 0 flags' 39 39 + ''; 40 40 + 41 41 + meta = with lib; { 42 42 + description = "DNS query tool"; 43 43 + homepage = "https://crates.io/crates/bore"; 44 44 + license = licenses.isc; 45 45 + maintainers = [ maintainers.delan ]; 46 46 + }; 47 47 + }

+5

pkgs/top-level/all-packages.nix

··· 3831 3831 3832 3832 agebox = callPackage ../tools/security/agebox { }; 3833 3833 3834 3834 + bore = callPackage ../tools/networking/bore { 3835 3835 + inherit (darwin) Libsystem; 3836 3836 + inherit (darwin.apple_sdk.frameworks) SystemConfiguration; 3837 3837 + }; 3838 3838 + 3834 3839 brotli = callPackage ../tools/compression/brotli { }; 3835 3840 3836 3841 biosdevname = callPackage ../tools/networking/biosdevname { };