Merge staging-next into staging · tjh.dev/nixpkgs@d05ee1c

+148 -89

lib/systems/architectures.nix

··· 339 }; 340 341 # a superior CPU has all the features of an inferior and is able to build and test code for it 342 - inferiors = { 343 - # x86_64 Generic 344 - default = [ ]; 345 - x86-64 = [ ]; 346 - x86-64-v2 = [ "x86-64" ]; 347 - x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 348 - x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 349 350 - # x86_64 Intel 351 - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 352 - nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 353 - westmere = [ "nehalem" ] ++ inferiors.nehalem; 354 - sandybridge = [ "westmere" ] ++ inferiors.westmere; 355 - ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; 356 357 - haswell = lib.unique ( 358 - [ 359 - "ivybridge" 360 - "x86-64-v3" 361 - ] 362 - ++ inferiors.ivybridge 363 - ++ inferiors.x86-64-v3 364 - ); 365 - broadwell = [ "haswell" ] ++ inferiors.haswell; 366 - skylake = [ "broadwell" ] ++ inferiors.broadwell; 367 368 - skylake-avx512 = lib.unique ( 369 - [ 370 - "skylake" 371 - "x86-64-v4" 372 - ] 373 - ++ inferiors.skylake 374 - ++ inferiors.x86-64-v4 375 - ); 376 - cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; 377 - icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; 378 - icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; 379 - cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; 380 - cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; 381 - tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; 382 - sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; 383 - emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; 384 385 - # CX16 does not exist on alderlake, while it does on nearly all other intel CPUs 386 - alderlake = [ ]; 387 - sierraforest = [ "alderlake" ] ++ inferiors.alderlake; 388 389 - # x86_64 AMD 390 - # TODO: fill this (need testing) 391 - btver1 = [ ]; 392 - btver2 = [ ]; 393 - bdver1 = [ ]; 394 - bdver2 = [ ]; 395 - bdver3 = [ ]; 396 - bdver4 = [ ]; 397 - # Regarding `skylake` as inferior of `znver1`, there are reports of 398 - # successful usage by Gentoo users and Phoronix benchmarking of different 399 - # `-march` targets. 400 - # 401 - # The GCC documentation on extensions used and wikichip documentation 402 - # regarding supperted extensions on znver1 and skylake was used to create 403 - # this partial order. 404 - # 405 - # Note: 406 - # 407 - # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` 408 - # which no current AMD Zen michroarch support. 409 - # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no 410 - # current Intel microarch support. 411 - # 412 - # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 413 - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 414 - # https://en.wikichip.org/wiki/amd/microarchitectures/zen 415 - # https://en.wikichip.org/wiki/intel/microarchitectures/skylake 416 - znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 417 - znver2 = [ "znver1" ] ++ inferiors.znver1; 418 - znver3 = [ "znver2" ] ++ inferiors.znver2; 419 - znver4 = lib.unique ( 420 - [ 421 - "znver3" 422 - "x86-64-v4" 423 - ] 424 - ++ inferiors.znver3 425 - ++ inferiors.x86-64-v4 426 - ); 427 - znver5 = [ "znver4" ] ++ inferiors.znver4; 428 429 - # other 430 - armv5te = [ ]; 431 - armv6 = [ ]; 432 - armv7-a = [ ]; 433 - armv8-a = [ ]; 434 - mips32 = [ ]; 435 - loongson2f = [ ]; 436 - }; 437 438 predicates = 439 let

··· 339 }; 340 341 # a superior CPU has all the features of an inferior and is able to build and test code for it 342 + inferiors = 343 + let 344 + withInferiors = archs: lib.unique (archs ++ lib.flatten (lib.attrVals archs inferiors)); 345 + in 346 + { 347 + # x86_64 Generic 348 + default = [ ]; 349 + x86-64 = [ ]; 350 + x86-64-v2 = [ "x86-64" ]; 351 + x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 352 + x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 353 354 + # x86_64 Intel 355 + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 356 + nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 357 + westmere = [ "nehalem" ] ++ inferiors.nehalem; 358 + sandybridge = [ "westmere" ] ++ inferiors.westmere; 359 + ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; 360 + 361 + haswell = lib.unique ( 362 + [ 363 + "ivybridge" 364 + "x86-64-v3" 365 + ] 366 + ++ inferiors.ivybridge 367 + ++ inferiors.x86-64-v3 368 + ); 369 + broadwell = [ "haswell" ] ++ inferiors.haswell; 370 + skylake = [ "broadwell" ] ++ inferiors.broadwell; 371 + 372 + skylake-avx512 = lib.unique ( 373 + [ 374 + "skylake" 375 + "x86-64-v4" 376 + ] 377 + ++ inferiors.skylake 378 + ++ inferiors.x86-64-v4 379 + ); 380 + cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; 381 + icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; 382 + icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; 383 + cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; 384 + cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; 385 + tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; 386 + sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; 387 + emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; 388 + 389 + alderlake = [ "skylake" ] ++ inferiors.skylake; 390 + sierraforest = [ "alderlake" ] ++ inferiors.alderlake; 391 392 + # x86_64 AMD 393 + # TODO: fill in specific CPU architecture inferiors 394 + btver1 = [ "x86-64" ]; 395 + btver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 396 + bdver1 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 397 + bdver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 398 + bdver3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; 399 + bdver4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; 400 + # Regarding `skylake` as inferior of `znver1`, there are reports of 401 + # successful usage by Gentoo users and Phoronix benchmarking of different 402 + # `-march` targets. 403 + # 404 + # The GCC documentation on extensions used and wikichip documentation 405 + # regarding supperted extensions on znver1 and skylake was used to create 406 + # this partial order. 407 + # 408 + # Note: 409 + # 410 + # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` 411 + # which no current AMD Zen michroarch support. 412 + # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no 413 + # current Intel microarch support. 414 + # 415 + # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 416 + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html 417 + # https://en.wikichip.org/wiki/amd/microarchitectures/zen 418 + # https://en.wikichip.org/wiki/intel/microarchitectures/skylake 419 + znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 420 + znver2 = [ "znver1" ] ++ inferiors.znver1; 421 + znver3 = [ "znver2" ] ++ inferiors.znver2; 422 + znver4 = lib.unique ( 423 + [ 424 + "znver3" 425 + "x86-64-v4" 426 + ] 427 + ++ inferiors.znver3 428 + ++ inferiors.x86-64-v4 429 + ); 430 + znver5 = [ "znver4" ] ++ inferiors.znver4; 431 432 + # ARM64 (AArch64) 433 + armv8-a = [ ]; 434 + "armv8.1-a" = [ "armv8-a" ]; 435 + "armv8.2-a" = [ "armv8.1-a" ] ++ inferiors."armv8.1-a"; 436 + "armv8.3-a" = [ "armv8.2-a" ] ++ inferiors."armv8.2-a"; 437 + "armv8.4-a" = [ "armv8.3-a" ] ++ inferiors."armv8.3-a"; 438 + "armv8.5-a" = [ "armv8.4-a" ] ++ inferiors."armv8.4-a"; 439 + "armv8.6-a" = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; 440 + "armv8.7-a" = [ "armv8.6-a" ] ++ inferiors."armv8.6-a"; 441 + "armv8.8-a" = [ "armv8.7-a" ] ++ inferiors."armv8.7-a"; 442 + "armv8.9-a" = [ "armv8.8-a" ] ++ inferiors."armv8.8-a"; 443 + armv9-a = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; 444 + "armv9.1-a" = [ 445 + "armv9-a" 446 + "armv8.6-a" 447 + ] ++ inferiors."armv8.6-a"; 448 + "armv9.2-a" = lib.unique ( 449 + [ 450 + "armv9.1-a" 451 + "armv8.7-a" 452 + ] 453 + ++ inferiors."armv9.1-a" 454 + ++ inferiors."armv8.7-a" 455 + ); 456 + "armv9.3-a" = lib.unique ( 457 + [ 458 + "armv9.2-a" 459 + "armv8.8-a" 460 + ] 461 + ++ inferiors."armv9.2-a" 462 + ++ inferiors."armv8.8-a" 463 + ); 464 + "armv9.4-a" = [ "armv9.3-a" ] ++ inferiors."armv9.3-a"; 465 466 + # ARM 467 + cortex-a53 = [ "armv8-a" ]; 468 + cortex-a72 = [ "armv8-a" ]; 469 + cortex-a55 = [ 470 + "armv8.2-a" 471 + "cortex-a53" 472 + "cortex-a72" 473 + ] ++ inferiors."armv8.2-a"; 474 + cortex-a76 = [ 475 + "armv8.2-a" 476 + "cortex-a53" 477 + "cortex-a72" 478 + ] ++ inferiors."armv8.2-a"; 479 480 + # Ampere 481 + ampere1 = withInferiors [ 482 + "armv8.6-a" 483 + "cortex-a55" 484 + "cortex-a76" 485 + ]; 486 + ampere1a = [ "ampere1" ] ++ inferiors.ampere1; 487 + ampere1b = [ "ampere1a" ] ++ inferiors.ampere1a; 488 489 + # other 490 + armv5te = [ ]; 491 + armv6 = [ ]; 492 + armv7-a = [ ]; 493 + mips32 = [ ]; 494 + loongson2f = [ ]; 495 + }; 496 497 predicates = 498 let

+2

nixos/doc/manual/release-notes/rl-2505.section.md

··· 140 141 - [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable). 142 143 - [strfry](https://github.com/hoytech/strfry), a relay for the nostr protocol. Available as [services.strfry](options.html#opt-services.strfry.enable). 144 145 - [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable).

··· 140 141 - [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable). 142 143 + - [haven](https://github.com/bitvora/haven), is a high availability vault for events on nostr. Available as [services.haven](options.html#opt-services.haven.enable). 144 + 145 - [strfry](https://github.com/hoytech/strfry), a relay for the nostr protocol. Available as [services.strfry](options.html#opt-services.strfry.enable). 146 147 - [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable).

+1

nixos/modules/module-list.nix

··· 1537 ./services/web-apps/guacamole-client.nix 1538 ./services/web-apps/guacamole-server.nix 1539 ./services/web-apps/hatsu.nix 1540 ./services/web-apps/healthchecks.nix 1541 ./services/web-apps/hedgedoc.nix 1542 ./services/web-apps/hledger-web.nix

··· 1537 ./services/web-apps/guacamole-client.nix 1538 ./services/web-apps/guacamole-server.nix 1539 ./services/web-apps/hatsu.nix 1540 + ./services/web-apps/haven.nix 1541 ./services/web-apps/healthchecks.nix 1542 ./services/web-apps/hedgedoc.nix 1543 ./services/web-apps/hledger-web.nix

+17 -28

nixos/modules/services/security/paretosecurity.nix

··· 14 15 config = lib.mkIf config.services.paretosecurity.enable { 16 environment.systemPackages = [ config.services.paretosecurity.package ]; 17 18 - systemd.sockets."paretosecurity" = { 19 - wantedBy = [ "sockets.target" ]; 20 - socketConfig = { 21 - ListenStream = "/var/run/paretosecurity.sock"; 22 - SocketMode = "0666"; 23 }; 24 - }; 25 - 26 - systemd.services."paretosecurity" = { 27 - serviceConfig = { 28 - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity helper"; 29 - User = "root"; 30 - Group = "root"; 31 - StandardInput = "socket"; 32 - Type = "oneshot"; 33 - RemainAfterExit = "no"; 34 - StartLimitInterval = "1s"; 35 - StartLimitBurst = 100; 36 - ProtectSystem = "full"; 37 - ProtectHome = true; 38 - StandardOutput = "journal"; 39 - StandardError = "journal"; 40 }; 41 - }; 42 - 43 - systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { 44 - wantedBy = [ "graphical-session.target" ]; 45 - serviceConfig = { 46 - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; 47 }; 48 }; 49 - 50 }; 51 }

··· 14 15 config = lib.mkIf config.services.paretosecurity.enable { 16 environment.systemPackages = [ config.services.paretosecurity.package ]; 17 + systemd.packages = [ config.services.paretosecurity.package ]; 18 19 + # In traditional Linux distributions, systemd would read the [Install] section from 20 + # unit files and automatically create the appropriate symlinks to enable services. 21 + # However, in NixOS, due to its immutable nature and the way the Nix store works, 22 + # the [Install] sections are not processed during system activation. Instead, we 23 + # must explicitly tell NixOS which units to enable by specifying their target 24 + # dependencies here. This creates the necessary symlinks in the proper locations. 25 + systemd.sockets.paretosecurity.wantedBy = [ "sockets.target" ]; 26 + 27 + # Enable the tray icon and timer services if the trayIcon option is enabled 28 + systemd.user = lib.mkIf config.services.paretosecurity.trayIcon { 29 + services.paretosecurity-trayicon = { 30 + wantedBy = [ "graphical-session.target" ]; 31 }; 32 + services.paretosecurity-user = { 33 + wantedBy = [ "graphical-session.target" ]; 34 }; 35 + timers.paretosecurity-user = { 36 + wantedBy = [ "timers.target" ]; 37 }; 38 }; 39 }; 40 }

+137

nixos/modules/services/web-apps/haven.nix

···

··· 1 + { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: 7 + let 8 + # Load default values from package. See https://github.com/bitvora/haven/blob/master/.env.example 9 + defaultSettings = builtins.fromTOML (builtins.readFile "${cfg.package}/share/haven/.env.example"); 10 + 11 + import_relays_file = "${pkgs.writeText "import_relays.json" (builtins.toJSON cfg.importRelays)}"; 12 + blastr_relays_file = "${pkgs.writeText "blastr_relays.json" (builtins.toJSON cfg.blastrRelays)}"; 13 + 14 + mergedSettings = cfg.settings // { 15 + IMPORT_SEED_RELAYS_FILE = import_relays_file; 16 + BLASTR_RELAYS_FILE = blastr_relays_file; 17 + }; 18 + 19 + cfg = config.services.haven; 20 + in 21 + { 22 + options.services.haven = { 23 + enable = lib.mkEnableOption "haven"; 24 + 25 + package = lib.mkPackageOption pkgs "haven" { }; 26 + 27 + blastrRelays = lib.mkOption { 28 + type = lib.types.listOf lib.types.str; 29 + default = [ ]; 30 + description = "List of relay configurations for blastr"; 31 + example = lib.literalExpression '' 32 + [ 33 + "relay.example.com" 34 + ] 35 + ''; 36 + }; 37 + 38 + importRelays = lib.mkOption { 39 + type = lib.types.listOf lib.types.str; 40 + default = [ ]; 41 + description = "List of relay configurations for importing historical events"; 42 + example = lib.literalExpression '' 43 + [ 44 + "relay.example.com" 45 + ] 46 + ''; 47 + }; 48 + 49 + settings = lib.mkOption { 50 + default = defaultSettings; 51 + defaultText = "See https://github.com/bitvora/haven/blob/master/.env.example"; 52 + apply = lib.recursiveUpdate defaultSettings; 53 + description = "See https://github.com/bitvora/haven for documentation."; 54 + example = lib.literalExpression '' 55 + { 56 + RELAY_URL = "relay.example.com"; 57 + OWNER_NPUB = "npub1..."; 58 + } 59 + ''; 60 + }; 61 + 62 + environmentFile = lib.mkOption { 63 + type = lib.types.nullOr lib.types.path; 64 + default = null; 65 + description = '' 66 + Path to a file containing sensitive environment variables. See https://github.com/bitvora/haven for documentation. 67 + The file should contain environment-variable assignments like: 68 + S3_SECRET_KEY=mysecretkey 69 + S3_ACCESS_KEY_ID=myaccesskey 70 + ''; 71 + example = "/var/lib/haven/secrets.env"; 72 + }; 73 + }; 74 + 75 + config = lib.mkIf cfg.enable { 76 + users.users.haven = { 77 + description = "Haven daemon user"; 78 + group = "haven"; 79 + isSystemUser = true; 80 + }; 81 + 82 + users.groups.haven = { }; 83 + 84 + systemd.services.haven = { 85 + description = "haven"; 86 + wants = [ "network.target" ]; 87 + wantedBy = [ "multi-user.target" ]; 88 + environment = lib.attrsets.mapAttrs ( 89 + name: value: if builtins.isBool value then if value then "true" else "false" else toString value 90 + ) mergedSettings; 91 + 92 + serviceConfig = { 93 + ExecStart = "${cfg.package}/bin/haven"; 94 + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 95 + User = "haven"; 96 + Group = "haven"; 97 + Restart = "on-failure"; 98 + 99 + RuntimeDirectory = "haven"; 100 + StateDirectory = "haven"; 101 + WorkingDirectory = "/var/lib/haven"; 102 + 103 + # Create symlink to templates in the working directory 104 + ExecStartPre = "+${pkgs.coreutils}/bin/ln -sfT ${cfg.package}/share/haven/templates /var/lib/haven/templates"; 105 + 106 + PrivateTmp = true; 107 + PrivateUsers = true; 108 + PrivateDevices = true; 109 + ProtectSystem = "strict"; 110 + ProtectHome = true; 111 + NoNewPrivileges = true; 112 + MemoryDenyWriteExecute = true; 113 + ProtectKernelTunables = true; 114 + ProtectKernelModules = true; 115 + ProtectKernelLogs = true; 116 + ProtectClock = true; 117 + ProtectProc = "invisible"; 118 + ProcSubset = "pid"; 119 + ProtectControlGroups = true; 120 + LockPersonality = true; 121 + RestrictSUIDSGID = true; 122 + RemoveIPC = true; 123 + RestrictRealtime = true; 124 + ProtectHostname = true; 125 + CapabilityBoundingSet = ""; 126 + SystemCallFilter = [ 127 + "@system-service" 128 + ]; 129 + SystemCallArchitectures = "native"; 130 + }; 131 + }; 132 + }; 133 + 134 + meta.maintainers = with lib.maintainers; [ 135 + felixzieger 136 + ]; 137 + }

+28 -2

nixos/modules/system/boot/systemd/tmpfiles.nix

··· 18 inherit elemType placeholder; 19 }; 20 21 settingsOption = { 22 description = '' 23 Declare systemd-tmpfiles rules to create, delete, and clean up volatile ··· 126 127 # generates a single entry for a tmpfiles.d rule 128 settingsEntryToRule = path: entry: '' 129 - '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${entry.argument} 130 ''; 131 132 # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings.<name> ··· 199 "boot.initrd.systemd.storePaths will lead to errors in the future." 200 "Found these problematic files: ${lib.concatStringsSep ", " paths}" 201 ] 202 - ); 203 204 systemd.additionalUpstreamSystemUnits = [ 205 "systemd-tmpfiles-clean.service"

··· 18 inherit elemType placeholder; 19 }; 20 21 + escapeArgument = lib.strings.escapeC [ 22 + "\t" 23 + "\n" 24 + "\r" 25 + " " 26 + "\\" 27 + ]; 28 + 29 settingsOption = { 30 description = '' 31 Declare systemd-tmpfiles rules to create, delete, and clean up volatile ··· 134 135 # generates a single entry for a tmpfiles.d rule 136 settingsEntryToRule = path: entry: '' 137 + '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${escapeArgument entry.argument} 138 ''; 139 140 # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings.<name> ··· 207 "boot.initrd.systemd.storePaths will lead to errors in the future." 208 "Found these problematic files: ${lib.concatStringsSep ", " paths}" 209 ] 210 + ) 211 + ++ (lib.flatten ( 212 + lib.mapAttrsToList ( 213 + name: paths: 214 + lib.mapAttrsToList ( 215 + path: entries: 216 + lib.mapAttrsToList ( 217 + type': entry: 218 + lib.optional (lib.match ''.*\\([nrt]|x[0-9A-Fa-f]{2}).*'' entry.argument != null) ( 219 + lib.concatStringsSep " " [ 220 + "The argument option of ${name}.${type'}.${path} appears to" 221 + "contain escape sequences, which will be escaped again." 222 + "Unescape them if this is not intended: \"${entry.argument}\"" 223 + ] 224 + ) 225 + ) entries 226 + ) paths 227 + ) cfg.settings 228 + )); 229 230 systemd.additionalUpstreamSystemUnits = [ 231 "systemd-tmpfiles-clean.service"

+9 -2

nixos/tests/all-tests.nix

··· 270 buildbot = runTest ./buildbot.nix; 271 buildkite-agents = handleTest ./buildkite-agents.nix { }; 272 c2fmzq = handleTest ./c2fmzq.nix { }; 273 - caddy = handleTest ./caddy.nix { }; 274 cadvisor = handleTestOn [ "x86_64-linux" ] ./cadvisor.nix { }; 275 cage = handleTest ./cage.nix { }; 276 cagebreak = handleTest ./cagebreak.nix { }; ··· 407 enlightenment = handleTest ./enlightenment.nix { }; 408 env = handleTest ./env.nix { }; 409 envfs = handleTest ./envfs.nix { }; 410 - envoy = handleTest ./envoy.nix { }; 411 ergo = handleTest ./ergo.nix { }; 412 ergochat = handleTest ./ergochat.nix { }; 413 eris-server = handleTest ./eris-server.nix { };

··· 270 buildbot = runTest ./buildbot.nix; 271 buildkite-agents = handleTest ./buildkite-agents.nix { }; 272 c2fmzq = handleTest ./c2fmzq.nix { }; 273 + caddy = runTest ./caddy.nix; 274 cadvisor = handleTestOn [ "x86_64-linux" ] ./cadvisor.nix { }; 275 cage = handleTest ./cage.nix { }; 276 cagebreak = handleTest ./cagebreak.nix { }; ··· 407 enlightenment = handleTest ./enlightenment.nix { }; 408 env = handleTest ./env.nix { }; 409 envfs = handleTest ./envfs.nix { }; 410 + envoy = runTest { 411 + imports = [ ./envoy.nix ]; 412 + _module.args.envoyPackage = pkgs.envoy; 413 + }; 414 + envoy-bin = runTest { 415 + imports = [ ./envoy.nix ]; 416 + _module.args.envoyPackage = pkgs.envoy-bin; 417 + }; 418 ergo = handleTest ./ergo.nix { }; 419 ergochat = handleTest ./ergochat.nix { }; 420 eris-server = handleTest ./eris-server.nix { };

+132 -134

nixos/tests/caddy.nix

··· 1 - import ./make-test-python.nix ( 2 - { pkgs, ... }: 3 - { 4 - name = "caddy"; 5 - meta = with pkgs.lib.maintainers; { 6 - maintainers = [ 7 - Br1ght0ne 8 - stepbrobd 9 - ]; 10 - }; 11 12 - nodes = { 13 - webserver = 14 - { pkgs, ... }: 15 - { 16 - services.caddy.enable = true; 17 services.caddy.extraConfig = '' 18 - http://localhost { 19 - encode gzip 20 - 21 - file_server 22 - root * ${ 23 - pkgs.runCommand "testdir" { } '' 24 - mkdir "$out" 25 - echo hello world > "$out/example.html" 26 - '' 27 - } 28 } 29 ''; 30 - services.caddy.enableReload = true; 31 - 32 - specialisation.config-reload.configuration = { 33 - services.caddy.extraConfig = '' 34 - http://localhost:8080 { 35 - } 36 - ''; 37 }; 38 - specialisation.multiple-configs.configuration = { 39 - services.caddy.virtualHosts = { 40 - "http://localhost:8080" = { }; 41 - "http://localhost:8081" = { }; 42 - }; 43 }; 44 - specialisation.multiple-hostnames.configuration = { 45 - services.caddy.virtualHosts = { 46 - "http://localhost:8080 http://localhost:8081" = { }; 47 }; 48 }; 49 - specialisation.rfc42.configuration = { 50 - services.caddy.settings = { 51 - apps.http.servers.default = { 52 - listen = [ ":80" ]; 53 - routes = [ 54 - { 55 - handle = [ 56 - { 57 - body = "hello world"; 58 - handler = "static_response"; 59 - status_code = 200; 60 - } 61 - ]; 62 - } 63 - ]; 64 - }; 65 }; 66 - }; 67 - specialisation.explicit-config-file.configuration = { 68 - services.caddy.configFile = pkgs.writeText "Caddyfile" '' 69 - localhost:80 70 71 - respond "hello world" 72 ''; 73 }; 74 - specialisation.with-plugins.configuration = { 75 - services.caddy = { 76 - package = pkgs.caddy.withPlugins { 77 - plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; 78 - hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; 79 - }; 80 - configFile = pkgs.writeText "Caddyfile" '' 81 - { 82 - order replace after encode 83 - } 84 - 85 - localhost:80 { 86 - respond "hello world" 87 - replace world caddy 88 - } 89 - ''; 90 - }; 91 - }; 92 }; 93 - }; 94 95 - testScript = 96 - { nodes, ... }: 97 - let 98 - explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; 99 - justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; 100 - multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; 101 - multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; 102 - rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; 103 - withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; 104 - in 105 - '' 106 - url = "http://localhost/example.html" 107 - webserver.wait_for_unit("caddy") 108 - webserver.wait_for_open_port(80) 109 110 111 - with subtest("config is reloaded on nixos-rebuild switch"): 112 - webserver.succeed( 113 - "${justReloadSystem}/bin/switch-to-configuration test >&2" 114 - ) 115 - webserver.wait_for_open_port(8080) 116 - webserver.fail("journalctl -u caddy | grep -q -i stopped") 117 - webserver.succeed("journalctl -u caddy | grep -q -i reloaded") 118 119 - with subtest("multiple configs are correctly merged"): 120 - webserver.succeed( 121 - "${multipleConfigs}/bin/switch-to-configuration test >&2" 122 - ) 123 - webserver.wait_for_open_port(8080) 124 - webserver.wait_for_open_port(8081) 125 126 - with subtest("a virtual host with multiple hostnames works"): 127 - webserver.succeed( 128 - "${multipleHostnames}/bin/switch-to-configuration test >&2" 129 - ) 130 - webserver.wait_for_open_port(8080) 131 - webserver.wait_for_open_port(8081) 132 133 - with subtest("rfc42 settings config"): 134 - webserver.succeed( 135 - "${rfc42Config}/bin/switch-to-configuration test >&2" 136 - ) 137 - webserver.wait_for_open_port(80) 138 - webserver.succeed("curl http://localhost | grep hello") 139 140 - with subtest("explicit configFile"): 141 - webserver.succeed( 142 - "${explicitConfigFile}/bin/switch-to-configuration test >&2" 143 - ) 144 - webserver.wait_for_open_port(80) 145 - webserver.succeed("curl http://localhost | grep hello") 146 147 - with subtest("plugins are correctled installed and configurable"): 148 - webserver.succeed( 149 - "${withPluginsConfig}/bin/switch-to-configuration test >&2" 150 - ) 151 - webserver.wait_for_open_port(80) 152 - webserver.succeed("curl http://localhost | grep caddy") 153 - ''; 154 - } 155 - )

··· 1 + { pkgs, ... }: 2 + { 3 + name = "caddy"; 4 + meta = with pkgs.lib.maintainers; { 5 + maintainers = [ 6 + Br1ght0ne 7 + stepbrobd 8 + ]; 9 + }; 10 + 11 + nodes = { 12 + webserver = 13 + { pkgs, ... }: 14 + { 15 + services.caddy.enable = true; 16 + services.caddy.extraConfig = '' 17 + http://localhost { 18 + encode gzip 19 + 20 + file_server 21 + root * ${ 22 + pkgs.runCommand "testdir" { } '' 23 + mkdir "$out" 24 + echo hello world > "$out/example.html" 25 + '' 26 + } 27 + } 28 + ''; 29 + services.caddy.enableReload = true; 30 31 + specialisation.config-reload.configuration = { 32 services.caddy.extraConfig = '' 33 + http://localhost:8080 { 34 } 35 ''; 36 + }; 37 + specialisation.multiple-configs.configuration = { 38 + services.caddy.virtualHosts = { 39 + "http://localhost:8080" = { }; 40 + "http://localhost:8081" = { }; 41 }; 42 + }; 43 + specialisation.multiple-hostnames.configuration = { 44 + services.caddy.virtualHosts = { 45 + "http://localhost:8080 http://localhost:8081" = { }; 46 }; 47 + }; 48 + specialisation.rfc42.configuration = { 49 + services.caddy.settings = { 50 + apps.http.servers.default = { 51 + listen = [ ":80" ]; 52 + routes = [ 53 + { 54 + handle = [ 55 + { 56 + body = "hello world"; 57 + handler = "static_response"; 58 + status_code = 200; 59 + } 60 + ]; 61 + } 62 + ]; 63 }; 64 }; 65 + }; 66 + specialisation.explicit-config-file.configuration = { 67 + services.caddy.configFile = pkgs.writeText "Caddyfile" '' 68 + localhost:80 69 + 70 + respond "hello world" 71 + ''; 72 + }; 73 + specialisation.with-plugins.configuration = { 74 + services.caddy = { 75 + package = pkgs.caddy.withPlugins { 76 + plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; 77 + hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; 78 }; 79 + configFile = pkgs.writeText "Caddyfile" '' 80 + { 81 + order replace after encode 82 + } 83 84 + localhost:80 { 85 + respond "hello world" 86 + replace world caddy 87 + } 88 ''; 89 }; 90 }; 91 + }; 92 + }; 93 94 + testScript = 95 + { nodes, ... }: 96 + let 97 + explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; 98 + justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; 99 + multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; 100 + multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; 101 + rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; 102 + withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; 103 + in 104 + '' 105 + url = "http://localhost/example.html" 106 + webserver.wait_for_unit("caddy") 107 + webserver.wait_for_open_port(80) 108 109 110 + with subtest("config is reloaded on nixos-rebuild switch"): 111 + webserver.succeed( 112 + "${justReloadSystem}/bin/switch-to-configuration test >&2" 113 + ) 114 + webserver.wait_for_open_port(8080) 115 + webserver.fail("journalctl -u caddy | grep -q -i stopped") 116 + webserver.succeed("journalctl -u caddy | grep -q -i reloaded") 117 118 + with subtest("multiple configs are correctly merged"): 119 + webserver.succeed( 120 + "${multipleConfigs}/bin/switch-to-configuration test >&2" 121 + ) 122 + webserver.wait_for_open_port(8080) 123 + webserver.wait_for_open_port(8081) 124 125 + with subtest("a virtual host with multiple hostnames works"): 126 + webserver.succeed( 127 + "${multipleHostnames}/bin/switch-to-configuration test >&2" 128 + ) 129 + webserver.wait_for_open_port(8080) 130 + webserver.wait_for_open_port(8081) 131 132 + with subtest("rfc42 settings config"): 133 + webserver.succeed( 134 + "${rfc42Config}/bin/switch-to-configuration test >&2" 135 + ) 136 + webserver.wait_for_open_port(80) 137 + webserver.succeed("curl http://localhost | grep hello") 138 139 + with subtest("explicit configFile"): 140 + webserver.succeed( 141 + "${explicitConfigFile}/bin/switch-to-configuration test >&2" 142 + ) 143 + webserver.wait_for_open_port(80) 144 + webserver.succeed("curl http://localhost | grep hello") 145 146 + with subtest("plugins are correctled installed and configurable"): 147 + webserver.succeed( 148 + "${withPluginsConfig}/bin/switch-to-configuration test >&2" 149 + ) 150 + webserver.wait_for_open_port(80) 151 + webserver.succeed("curl http://localhost | grep caddy") 152 + ''; 153 + }

+53 -55

nixos/tests/envoy.nix

··· 1 - import ./make-test-python.nix ( 2 - { pkgs, lib, ... }: 3 - { 4 - name = "envoy"; 5 - meta = with pkgs.lib.maintainers; { 6 - maintainers = [ cameronnemo ]; 7 - }; 8 9 - nodes.machine = 10 - { pkgs, ... }: 11 - { 12 - services.envoy.enable = true; 13 - services.envoy.settings = { 14 - admin = { 15 - access_log_path = "/dev/null"; 16 - address = { 17 - socket_address = { 18 - protocol = "TCP"; 19 - address = "127.0.0.1"; 20 - port_value = 80; 21 - }; 22 - }; 23 - }; 24 - static_resources = { 25 - listeners = [ ]; 26 - clusters = [ ]; 27 }; 28 }; 29 - specialisation = { 30 - withoutConfigValidation.configuration = 31 - { ... }: 32 - { 33 - services.envoy = { 34 - requireValidConfig = false; 35 - settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; 36 - }; 37 - }; 38 - }; 39 }; 40 41 - testScript = 42 - { nodes, ... }: 43 - let 44 - specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 45 - in 46 - '' 47 - machine.start() 48 49 - with subtest("envoy.service starts and responds with ready"): 50 - machine.wait_for_unit("envoy.service") 51 - machine.wait_for_open_port(80) 52 - machine.wait_until_succeeds("curl -fsS localhost:80/ready") 53 54 - with subtest("envoy.service works with config path not available at eval time"): 55 - machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') 56 - machine.wait_for_unit("envoy.service") 57 - machine.wait_for_open_port(80) 58 - machine.wait_until_succeeds("curl -fsS localhost:80/ready") 59 - machine.succeed('test -f /var/log/envoy/access.log') 60 - ''; 61 - } 62 - )

··· 1 + { envoyPackage, lib, ... }: 2 + { 3 + name = envoyPackage.pname; 4 5 + meta = with lib.maintainers; { 6 + maintainers = [ cameronnemo ]; 7 + }; 8 + 9 + nodes.machine = { 10 + services.envoy.enable = true; 11 + services.envoy.package = envoyPackage; 12 + services.envoy.settings = { 13 + admin = { 14 + access_log_path = "/dev/null"; 15 + address = { 16 + socket_address = { 17 + protocol = "TCP"; 18 + address = "127.0.0.1"; 19 + port_value = 80; 20 }; 21 }; 22 }; 23 + static_resources = { 24 + listeners = [ ]; 25 + clusters = [ ]; 26 + }; 27 + }; 28 + specialisation = { 29 + withoutConfigValidation.configuration = 30 + { ... }: 31 + { 32 + services.envoy = { 33 + requireValidConfig = false; 34 + settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; 35 + }; 36 + }; 37 + }; 38 + }; 39 40 + testScript = 41 + { nodes, ... }: 42 + let 43 + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; 44 + in 45 + '' 46 + machine.start() 47 48 + with subtest("envoy.service starts and responds with ready"): 49 + machine.wait_for_unit("envoy.service") 50 + machine.wait_for_open_port(80) 51 + machine.wait_until_succeeds("curl -fsS localhost:80/ready") 52 53 + with subtest("envoy.service works with config path not available at eval time"): 54 + machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') 55 + machine.wait_for_unit("envoy.service") 56 + machine.wait_for_open_port(80) 57 + machine.wait_until_succeeds("curl -fsS localhost:80/ready") 58 + machine.succeed('test -f /var/log/envoy/access.log') 59 + ''; 60 + }

+68 -3

nixos/tests/paretosecurity.nix

··· 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 6 nodes.terminal = 7 - { config, pkgs, ... }: 8 { 9 imports = [ ./common/user-account.nix ]; 10 11 - services.paretosecurity.enable = true; 12 }; 13 14 nodes.xfce = ··· 38 enableOCR = true; 39 40 testScript = '' 41 terminal.succeed( 42 - "su -- alice -c 'paretosecurity check" 43 # Disable some checks that need intricate test setup so that this test 44 # remains simple and fast. Tests for all checks and edge cases available 45 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration ··· 48 + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption 49 + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date 50 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 51 + "'" 52 ) 53 54 xfce.wait_for_x() 55 xfce.succeed("xdotool mousemove 850 10") 56 xfce.wait_for_text("Pareto Security") 57 xfce.succeed("xdotool click 1")

··· 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 6 nodes.terminal = 7 + { 8 + config, 9 + pkgs, 10 + lib, 11 + ... 12 + }: 13 + let 14 + # Create a patched version of the package that points to the local dashboard 15 + # for easier testing 16 + patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: { 17 + postPatch = '' 18 + substituteInPlace team/report.go \ 19 + --replace-warn 'const reportURL = "https://dash.paretosecurity.com"' \ 20 + 'const reportURL = "http://dashboard"' 21 + ''; 22 + }); 23 + in 24 { 25 imports = [ ./common/user-account.nix ]; 26 27 + services.paretosecurity = { 28 + enable = true; 29 + package = patchedPareto; 30 + }; 31 + 32 + }; 33 + 34 + nodes.dashboard = 35 + { config, pkgs, ... }: 36 + { 37 + networking.firewall.allowedTCPPorts = [ 80 ]; 38 + 39 + services.nginx = { 40 + enable = true; 41 + virtualHosts."dashboard" = { 42 + locations."/api/v1/team/".extraConfig = '' 43 + add_header Content-Type application/json; 44 + return 200 '{"message": "Linked device."}'; 45 + ''; 46 + }; 47 + }; 48 }; 49 50 nodes.xfce = ··· 74 enableOCR = true; 75 76 testScript = '' 77 + # Test setup 78 + terminal.succeed("su - alice -c 'mkdir -p /home/alice/.config'") 79 + for m in [terminal, dashboard]: 80 + m.systemctl("start network-online.target") 81 + m.wait_for_unit("network-online.target") 82 + 83 + # Test 1: Test the systemd socket is installed & enabled 84 + terminal.succeed('systemctl is-enabled paretosecurity.socket') 85 + 86 + # Test 2: Test running checks 87 terminal.succeed( 88 + "su - alice -c 'paretosecurity check" 89 # Disable some checks that need intricate test setup so that this test 90 # remains simple and fast. Tests for all checks and edge cases available 91 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration ··· 94 + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption 95 + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date 96 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 97 + + " --skip 2e46c89a-5461-4865-a92e-3b799c12034a" # Firewall is enabled 98 + "'" 99 ) 100 101 + # Test 3: Test linking 102 + terminal.succeed("su - alice -c 'paretosecurity link" 103 + + " paretosecurity://enrollTeam/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." 104 + + "eyJ0b2tlbiI6ImR1bW15LXRva2VuIiwidGVhbUlEIjoiZHVtbXktdGVhbS1pZCIsImlhdCI6" 105 + + "MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.WgnL6_S0EBJHwF1wEVUG8GtIcoVvK5IjWbZpUeZr4Qw'") 106 + 107 + config = terminal.succeed("cat /home/alice/.config/pareto.toml") 108 + assert 'AuthToken = "dummy-token"' in config 109 + assert 'TeamID = "dummy-team-id"' in config 110 + 111 + # Test 4: Test the tray icon 112 xfce.wait_for_x() 113 + for unit in [ 114 + 'paretosecurity-trayicon', 115 + 'paretosecurity-user', 116 + 'paretosecurity-user.timer' 117 + ]: 118 + status, out = xfce.systemctl("is-enabled " + unit, "alice") 119 + assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" 120 xfce.succeed("xdotool mousemove 850 10") 121 xfce.wait_for_text("Pareto Security") 122 xfce.succeed("xdotool click 1")

+13

pkgs/applications/editors/vim/plugins/generated.nix

··· 6444 meta.hydraPlatforms = [ ]; 6445 }; 6446 6447 julia-vim = buildVimPlugin { 6448 pname = "julia-vim"; 6449 version = "2024-05-25";

··· 6444 meta.hydraPlatforms = [ ]; 6445 }; 6446 6447 + jule-nvim = buildVimPlugin { 6448 + pname = "jule.nvim"; 6449 + version = "2025-02-22"; 6450 + src = fetchFromGitHub { 6451 + owner = "julelang"; 6452 + repo = "jule.nvim"; 6453 + rev = "11c983f900dc84dca4ae6bcb54a937a1ceba4038"; 6454 + sha256 = "0gajpcg7g3885696aljq7zky8cd0bfsjr7n2fad3d2yf0i999fif"; 6455 + }; 6456 + meta.homepage = "https://github.com/julelang/jule.nvim/"; 6457 + meta.hydraPlatforms = [ ]; 6458 + }; 6459 + 6460 julia-vim = buildVimPlugin { 6461 pname = "julia-vim"; 6462 version = "2024-05-25";

+2

pkgs/applications/editors/vim/plugins/vim-plugin-names

··· 493 https://github.com/vito-c/jq.vim/,, 494 https://github.com/neoclide/jsonc.vim/,, 495 https://github.com/Myzel394/jsonfly.nvim/,HEAD, 496 https://github.com/JuliaEditorSupport/julia-vim/,, 497 https://github.com/GCBallesteros/jupytext.nvim/,HEAD, 498 https://github.com/rebelot/kanagawa.nvim/,,

··· 493 https://github.com/vito-c/jq.vim/,, 494 https://github.com/neoclide/jsonc.vim/,, 495 https://github.com/Myzel394/jsonfly.nvim/,HEAD, 496 + https://github.com/julelang/jule.nvim/,HEAD, 497 + https://github.com/julelang/jule.nvim/,HEAD, 498 https://github.com/JuliaEditorSupport/julia-vim/,, 499 https://github.com/GCBallesteros/jupytext.nvim/,HEAD, 500 https://github.com/rebelot/kanagawa.nvim/,,

+5 -5

pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix

··· 11 sources = { 12 "x86_64-linux" = { 13 arch = "linux-x64"; 14 - hash = "sha256-eeLALUmJoIJfLKbX7MWQFIexfid7eOPTK0UE1sgd5jA="; 15 }; 16 "x86_64-darwin" = { 17 arch = "darwin-x64"; 18 - hash = "sha256-DftuIxJpP3zcfsoCam4FoqO2PSS/xPTmdefjhWAJqc0="; 19 }; 20 "aarch64-linux" = { 21 arch = "linux-arm64"; 22 - hash = "sha256-TiZTp19fcDYPvJnx7F/i96JD8gcE+t1irZstnuagchQ="; 23 }; 24 "aarch64-darwin" = { 25 arch = "darwin-arm64"; 26 - hash = "sha256-oXKAxgZ1IH+qiw9E/96J7rmvSHgLPwLZItLpFRjh7c0="; 27 }; 28 }; 29 in 30 { 31 name = "visualjj"; 32 publisher = "visualjj"; 33 - version = "0.14.1"; 34 } 35 // sources.${stdenvNoCC.hostPlatform.system} 36 or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

··· 11 sources = { 12 "x86_64-linux" = { 13 arch = "linux-x64"; 14 + hash = "sha256-s3peDZApzSfemXRqRjf5fYQGHVf1DAP7XG4NuOqiGcY="; 15 }; 16 "x86_64-darwin" = { 17 arch = "darwin-x64"; 18 + hash = "sha256-WutwGOcXoREk6oUdFjhsKcrf64CG4GSn9JgGWiQe9l8="; 19 }; 20 "aarch64-linux" = { 21 arch = "linux-arm64"; 22 + hash = "sha256-377T8cfY4jHX+iJjdDScMP+wX6UZCYLasl16ngwfq6U="; 23 }; 24 "aarch64-darwin" = { 25 arch = "darwin-arm64"; 26 + hash = "sha256-fufJ9NV73skhwBFe2vCLjh5ykQagXfO0VAdHGPhfOQ4="; 27 }; 28 }; 29 in 30 { 31 name = "visualjj"; 32 publisher = "visualjj"; 33 + version = "0.14.2"; 34 } 35 // sources.${stdenvNoCC.hostPlatform.system} 36 or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}");

+5 -5

pkgs/applications/networking/browsers/librewolf/src.json

··· 1 { 2 - "packageVersion": "136.0.4-1", 3 "source": { 4 - "rev": "136.0.4-1", 5 - "hash": "sha256-ymW9vj4CariMaswrMQRKYEvTofFRjc50gF9EmTuhsRA=" 6 }, 7 "firefox": { 8 - "version": "136.0.4", 9 - "hash": "sha512-wiUqpi0BXO1lNMsqwHH2gImZe0ZpAIPMHv9LrTBq5shlQ3Ge0tNfb5c790Rn1qBKukYNMJwG3qQl52xyDjROKA==" 10 } 11 }

··· 1 { 2 + "packageVersion": "137.0-1", 3 "source": { 4 + "rev": "137.0-1", 5 + "hash": "sha256-xynkPKn4JDLVdDEYjmBvEKIHoW83Xackpx/+rnXci5g=" 6 }, 7 "firefox": { 8 + "version": "137.0", 9 + "hash": "sha512-gaLAzBT/wuSeSTeebCq1bPtuE7ZmZqZPOr/0SkO7Ln3BcnTTJdHCCvBi1Av/gGPXiNSy+TGnpkbbiwcgTKa0gQ==" 10 } 11 }

+16 -11

pkgs/applications/version-management/gitlint/default.nix pkgs/by-name/gi/gitlint/package.nix

··· 1 { 2 lib, 3 - buildPythonApplication, 4 fetchFromGitHub, 5 gitMinimal, 6 - python3, 7 }: 8 9 - python3.pkgs.buildPythonApplication rec { 10 pname = "gitlint"; 11 version = "0.19.1"; 12 - format = "pyproject"; 13 14 src = fetchFromGitHub { 15 owner = "jorisroovers"; ··· 22 # simplify the dependency handling 23 sourceRoot = "${src.name}/gitlint-core"; 24 25 - nativeBuildInputs = with python3.pkgs; [ 26 hatch-vcs 27 hatchling 28 ]; 29 30 - propagatedBuildInputs = with python3.pkgs; [ 31 arrow 32 click 33 sh 34 ]; 35 36 - nativeCheckInputs = with python3.pkgs; [ 37 gitMinimal 38 - pytestCheckHook 39 ]; 40 41 pythonImportsCheck = [ 42 "gitlint" 43 ]; 44 45 - meta = with lib; { 46 description = "Linting for your git commit messages"; 47 homepage = "https://jorisroovers.com/gitlint/"; 48 changelog = "https://github.com/jorisroovers/gitlint/releases/tag/v${version}"; 49 - license = licenses.mit; 50 - maintainers = with maintainers; [ 51 ethancedwards8 52 fab 53 matthiasbeyer

··· 1 { 2 lib, 3 + python3Packages, 4 fetchFromGitHub, 5 gitMinimal, 6 + versionCheckHook, 7 + nix-update-script, 8 }: 9 10 + python3Packages.buildPythonApplication rec { 11 pname = "gitlint"; 12 version = "0.19.1"; 13 + pyproject = true; 14 15 src = fetchFromGitHub { 16 owner = "jorisroovers"; ··· 23 # simplify the dependency handling 24 sourceRoot = "${src.name}/gitlint-core"; 25 26 + build-system = with python3Packages; [ 27 hatch-vcs 28 hatchling 29 ]; 30 31 + dependencies = with python3Packages; [ 32 arrow 33 click 34 sh 35 ]; 36 37 + nativeCheckInputs = [ 38 gitMinimal 39 + python3Packages.pytestCheckHook 40 + versionCheckHook 41 ]; 42 + versionCheckProgramArg = "--version"; 43 44 pythonImportsCheck = [ 45 "gitlint" 46 ]; 47 48 + passthru.updateScript = nix-update-script { }; 49 + 50 + meta = { 51 description = "Linting for your git commit messages"; 52 homepage = "https://jorisroovers.com/gitlint/"; 53 changelog = "https://github.com/jorisroovers/gitlint/releases/tag/v${version}"; 54 + license = lib.licenses.mit; 55 + maintainers = with lib.maintainers; [ 56 ethancedwards8 57 fab 58 matthiasbeyer

+15

pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch

···

··· 1 + --- setup.py 2025-04-01 11:24:54.530984662 +0000 2 + +++ setup.py 2025-04-01 13:54:46.961341548 +0000 3 + 4 + @@ -111,9 +111,11 @@ 5 + info('compressing man page to %s', gzfile) 6 + 7 + if not self.dry_run: 8 + - compressed = gzip.open(gzfile, 'w', 9) 9 + - compressed.write(manpage) 10 + - compressed.close() 11 + + with open(gzfile, 'wb') as file: 12 + + with gzip.GzipFile(fileobj=file, mode='wb', filename='', mtime=0, compresslevel=9) as compressed: 13 + + compressed.write(manpage) 14 + + compressed.close() 15 + + file.close()

+10 -3

pkgs/by-name/ar/arandr/package.nix

··· 1 { 2 lib, 3 fetchurl, 4 python3Packages, 5 gobject-introspection, 6 gsettings-desktop-schemas, ··· 16 pname = "arandr"; 17 version = "0.1.11"; 18 19 - src = fetchurl { 20 - url = "https://christian.amsuess.com/tools/arandr/files/${pname}-${version}.tar.gz"; 21 - hash = "sha256-5Mu+Npi7gSs5V3CHAXS+AJS7rrOREFqBH5X0LrGCrgI="; 22 }; 23 24 preBuild = '' 25 rm -rf data/po/*

··· 1 { 2 lib, 3 fetchurl, 4 + fetchFromGitLab, 5 python3Packages, 6 gobject-introspection, 7 gsettings-desktop-schemas, ··· 17 pname = "arandr"; 18 version = "0.1.11"; 19 20 + src = fetchFromGitLab { 21 + owner = "arandr"; 22 + repo = "arandr"; 23 + tag = version; 24 + hash = "sha256-nQtfOKAnWKsy2DmvtRGJa4+Y9uGgX41BeHpd9m4d9YA="; 25 }; 26 + 27 + # patch to set mtime=0 on setup.py 28 + patches = [ ./gzip-timestamp-fix.patch ]; 29 + patchFlags = [ "-p0" ]; 30 31 preBuild = '' 32 rm -rf data/po/*

+2 -2

pkgs/by-name/az/azure-cli/extensions-manual.nix

··· 83 84 containerapp = mkAzExtension rec { 85 pname = "containerapp"; 86 - version = "1.1.0b3"; 87 url = "https://azcliprod.blob.core.windows.net/cli-extensions/containerapp-${version}-py2.py3-none-any.whl"; 88 - hash = "sha256-BPChKCEU89/+KWIlt4ocU37gLwyDUfGBO3QCqkFQhjI="; 89 description = "Microsoft Azure Command-Line Tools Containerapp Extension"; 90 propagatedBuildInputs = with python3Packages; [ 91 docker

··· 83 84 containerapp = mkAzExtension rec { 85 pname = "containerapp"; 86 + version = "1.1.0b4"; 87 url = "https://azcliprod.blob.core.windows.net/cli-extensions/containerapp-${version}-py2.py3-none-any.whl"; 88 + hash = "sha256-d2pqanDERA54NGQwzO1S2D+WM1q5w1dmKjYbEdbknik="; 89 description = "Microsoft Azure Command-Line Tools Containerapp Extension"; 90 propagatedBuildInputs = with python3Packages; [ 91 docker

+3 -3

pkgs/by-name/ba/balena-cli/package.nix

··· 22 in 23 buildNpmPackage' rec { 24 pname = "balena-cli"; 25 - version = "21.1.0"; 26 27 src = fetchFromGitHub { 28 owner = "balena-io"; 29 repo = "balena-cli"; 30 rev = "v${version}"; 31 - hash = "sha256-STixd/xJikV9qt2aG3smyLPEwG7fLYrN3jfVTwBxJrI="; 32 }; 33 34 - npmDepsHash = "sha256-dyUWQoR0EweHdNc5NN+qW2OdbCIspTQ1C/QsesnlvRU="; 35 36 postPatch = '' 37 ln -s npm-shrinkwrap.json package-lock.json

··· 22 in 23 buildNpmPackage' rec { 24 pname = "balena-cli"; 25 + version = "21.1.3"; 26 27 src = fetchFromGitHub { 28 owner = "balena-io"; 29 repo = "balena-cli"; 30 rev = "v${version}"; 31 + hash = "sha256-44r0dbcX/KRmfucNy4p/OMrKFC2J8P9eQpwTOTOmwS4="; 32 }; 33 34 + npmDepsHash = "sha256-wEshPXXpFVOYzaqh6c5z47OccBEWMP5aarZP42PYgzk="; 35 36 postPatch = '' 37 ln -s npm-shrinkwrap.json package-lock.json

+4 -4

pkgs/by-name/cl/claude-code/package-lock.json

··· 5 "packages": { 6 "": { 7 "dependencies": { 8 - "@anthropic-ai/claude-code": "^0.2.57" 9 } 10 }, 11 "node_modules/@anthropic-ai/claude-code": { 12 - "version": "0.2.57", 13 - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.57.tgz", 14 - "integrity": "sha512-/NS22ojBphLj0zhEWV26WIcLS1JcMT809tmkiwHrb1D9fGJccbbfkLyMI7eg7TAmgnXUINWxlwmMIExdOsRXfQ==", 15 "hasInstallScript": true, 16 "license": "SEE LICENSE IN README.md", 17 "bin": {

··· 5 "packages": { 6 "": { 7 "dependencies": { 8 + "@anthropic-ai/claude-code": "^0.2.59" 9 } 10 }, 11 "node_modules/@anthropic-ai/claude-code": { 12 + "version": "0.2.59", 13 + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.59.tgz", 14 + "integrity": "sha512-hcUHEiPUmkgU00J4/1dlLgWvf5ZkWOjMpUrXhMq2o143LOElKuTGxPGt2RtmFHKk6DesFZcV/gabZYkcTqraBw==", 15 "hasInstallScript": true, 16 "license": "SEE LICENSE IN README.md", 17 "bin": {

+3 -3

pkgs/by-name/cl/claude-code/package.nix

··· 6 7 buildNpmPackage rec { 8 pname = "claude-code"; 9 - version = "0.2.57"; 10 11 src = fetchzip { 12 url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; 13 - hash = "sha256-GCsw/QNcziytx15zwSQMY9JkKHnJb2KN2nwvkc7scy8="; 14 }; 15 16 - npmDepsHash = "sha256-GcYiQLcqWCAHL7FkD7M0YQV9ksgn8fo2Sb68x5/dA8k="; 17 18 postPatch = '' 19 cp ${./package-lock.json} package-lock.json

··· 6 7 buildNpmPackage rec { 8 pname = "claude-code"; 9 + version = "0.2.59"; 10 11 src = fetchzip { 12 url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; 13 + hash = "sha256-XHHWmDw9qBM4fQ975wSk12hJnr4+1H4AhlNc+IBV3qs="; 14 }; 15 16 + npmDepsHash = "sha256-KorQlEB90EDE+NIxyUh1apqCDzgrCpwcaOy2mt2mz1s="; 17 18 postPatch = '' 19 cp ${./package-lock.json} package-lock.json

+8 -7

pkgs/by-name/cp/cpplint/package.nix

··· 7 8 python3Packages.buildPythonApplication rec { 9 pname = "cpplint"; 10 - version = "2.0.0"; 11 pyproject = true; 12 13 src = fetchFromGitHub { 14 owner = "cpplint"; 15 repo = "cpplint"; 16 tag = version; 17 - hash = "sha256-076363ZwcriPb+Fn9S5jay8oL+LlBTNh+IqQRCAndRo="; 18 }; 19 20 postPatch = '' 21 - substituteInPlace setup.cfg \ 22 - --replace-fail "pytest-cov" "" \ 23 - --replace-fail "--cov-fail-under=90 --cov=cpplint" "" 24 ''; 25 26 build-system = with python3Packages; [ ··· 29 30 nativeCheckInputs = with python3Packages; [ 31 parameterized 32 pytestCheckHook 33 - pytest-timeout 34 testfixtures 35 versionCheckHook 36 ]; 37 - versionCheckProgramArg = [ "--version" ]; 38 39 meta = { 40 homepage = "https://github.com/cpplint/cpplint";

··· 7 8 python3Packages.buildPythonApplication rec { 9 pname = "cpplint"; 10 + version = "2.0.1"; 11 pyproject = true; 12 13 src = fetchFromGitHub { 14 owner = "cpplint"; 15 repo = "cpplint"; 16 tag = version; 17 + hash = "sha256-IM1XznnpdL1Piei9kKR1nCwfs7TVgLcTgMI4r+cQXLg="; 18 }; 19 20 + # We use pytest-cov-stub instead 21 postPatch = '' 22 + substituteInPlace pyproject.toml \ 23 + --replace-fail '"pytest-cov",' "" 24 ''; 25 26 build-system = with python3Packages; [ ··· 29 30 nativeCheckInputs = with python3Packages; [ 31 parameterized 32 + pytest-cov-stub 33 + pytest-timeout 34 pytestCheckHook 35 testfixtures 36 versionCheckHook 37 ]; 38 + versionCheckProgramArg = "--version"; 39 40 meta = { 41 homepage = "https://github.com/cpplint/cpplint";

+2 -2

pkgs/by-name/de/der-ascii/package.nix

··· 6 7 buildGoModule rec { 8 pname = "der-ascii"; 9 - version = "0.5.0"; 10 11 src = fetchFromGitHub { 12 owner = "google"; 13 repo = pname; 14 rev = "v${version}"; 15 - sha256 = "sha256-yUHVPBUW1Csn3W5K9S2TWOq4aovzpaBK8BC0t8zkj3g="; 16 }; 17 vendorHash = null; 18

··· 6 7 buildGoModule rec { 8 pname = "der-ascii"; 9 + version = "0.6.0"; 10 11 src = fetchFromGitHub { 12 owner = "google"; 13 repo = pname; 14 rev = "v${version}"; 15 + sha256 = "sha256-xGzxq5AHvzLUOp9VUcI9JMwrCpVIrpDvenWUOEBP6pA="; 16 }; 17 vendorHash = null; 18

+5 -18

pkgs/by-name/el/element-call/package.nix

··· 5 fetchYarnDeps, 6 yarnConfigHook, 7 yarnBuildHook, 8 - yarnInstallHook, 9 nodejs, 10 }: 11 12 - let 13 - inherit (stdenv.hostPlatform) system; 14 - throwSystem = throw "Unsupported system: ${system}"; 15 - offlineCacheHash = 16 - { 17 - x86_64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 18 - aarch64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 19 - x86_64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 20 - aarch64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; 21 - } 22 - .${system} or throwSystem; 23 - in 24 stdenv.mkDerivation (finalAttrs: { 25 pname = "element-call"; 26 - version = "0.7.1"; 27 28 src = fetchFromGitHub { 29 owner = "element-hq"; 30 repo = "element-call"; 31 - rev = "v${finalAttrs.version}"; 32 - hash = "sha256-HmkFr2DroN1uNNH2pnRwE7vsJsEPLYU6yhroiuR/E6Q="; 33 }; 34 35 offlineCache = fetchYarnDeps { 36 yarnLock = "${finalAttrs.src}/yarn.lock"; 37 - hash = offlineCacheHash; 38 }; 39 40 nativeBuildInputs = [ ··· 53 ''; 54 55 meta = with lib; { 56 homepage = "https://github.com/element-hq/element-call"; 57 description = "Group calls powered by Matrix"; 58 license = licenses.asl20; 59 maintainers = with maintainers; [ kilimnik ]; 60 - mainProgram = "element-call"; 61 }; 62 })

··· 5 fetchYarnDeps, 6 yarnConfigHook, 7 yarnBuildHook, 8 nodejs, 9 }: 10 11 stdenv.mkDerivation (finalAttrs: { 12 pname = "element-call"; 13 + version = "0.9.0"; 14 15 src = fetchFromGitHub { 16 owner = "element-hq"; 17 repo = "element-call"; 18 + tag = "v${finalAttrs.version}"; 19 + hash = "sha256-BugR5aXDxIQ9WOhaqXEoo0FdZHnYSvoqDoRJLDd4PUk="; 20 }; 21 22 offlineCache = fetchYarnDeps { 23 yarnLock = "${finalAttrs.src}/yarn.lock"; 24 + hash = "sha256-7dUSt1k/5N6BaYrT272J6xxDGgloAsDw1dCFh327Itc="; 25 }; 26 27 nativeBuildInputs = [ ··· 40 ''; 41 42 meta = with lib; { 43 + changelog = "https://github.com/element-hq/element-call/releases/tag/${finalAttrs.src.tag}"; 44 homepage = "https://github.com/element-hq/element-call"; 45 description = "Group calls powered by Matrix"; 46 license = licenses.asl20; 47 maintainers = with maintainers; [ kilimnik ]; 48 }; 49 })

+6 -6

pkgs/by-name/en/ente-desktop/package.nix

··· 4 fetchFromGitHub, 5 fetchYarnDeps, 6 nodejs, 7 - electron_34, 8 yarnConfigHook, 9 copyDesktopItems, 10 vips, ··· 15 imagemagick, 16 }: 17 let 18 - electron = electron_34; 19 in 20 21 stdenv.mkDerivation (finalAttrs: { 22 pname = "ente-desktop"; 23 - version = "1.7.10"; 24 25 src = fetchFromGitHub { 26 owner = "ente-io"; ··· 31 "web" 32 ]; 33 tag = "photosd-v${finalAttrs.version}"; 34 - hash = "sha256-iH9fbeUOd/8oVVQbMCSlWyruQZKgSjexNrOuS7szJ9w="; 35 }; 36 37 sourceRoot = "${finalAttrs.src.name}/desktop"; ··· 39 offlineCache = fetchYarnDeps { 40 name = "ente-desktop-${finalAttrs.version}-offline-cache"; 41 inherit (finalAttrs) src sourceRoot; 42 - hash = "sha256-kiL2XQPPN9VkDa3rzO1rLwUZVTbwEz0zeqpgpWOSy7Y="; 43 }; 44 webOfflineCache = fetchYarnDeps { 45 name = "ente-desktop-${finalAttrs.version}-web-offline-cache"; 46 inherit (finalAttrs) src; 47 sourceRoot = "${finalAttrs.src.name}/web"; 48 - hash = "sha256-7epwOEWi5lZNo6Z7Rf+QZtGvVCZxk5bXU2aN+9KDYCc="; 49 }; 50 51 nativeBuildInputs = [

··· 4 fetchFromGitHub, 5 fetchYarnDeps, 6 nodejs, 7 + electron_35, 8 yarnConfigHook, 9 copyDesktopItems, 10 vips, ··· 15 imagemagick, 16 }: 17 let 18 + electron = electron_35; 19 in 20 21 stdenv.mkDerivation (finalAttrs: { 22 pname = "ente-desktop"; 23 + version = "1.7.11"; 24 25 src = fetchFromGitHub { 26 owner = "ente-io"; ··· 31 "web" 32 ]; 33 tag = "photosd-v${finalAttrs.version}"; 34 + hash = "sha256-yEfJEe+/PnRr9in7+9l54LQqCFkGqDRhqzcsNaEZmhI="; 35 }; 36 37 sourceRoot = "${finalAttrs.src.name}/desktop"; ··· 39 offlineCache = fetchYarnDeps { 40 name = "ente-desktop-${finalAttrs.version}-offline-cache"; 41 inherit (finalAttrs) src sourceRoot; 42 + hash = "sha256-Cq/4OOgGp6qg2ge5NK5jcYCvS/uF5l9nLLWIslpGRDc="; 43 }; 44 webOfflineCache = fetchYarnDeps { 45 name = "ente-desktop-${finalAttrs.version}-web-offline-cache"; 46 inherit (finalAttrs) src; 47 sourceRoot = "${finalAttrs.src.name}/web"; 48 + hash = "sha256-yoCOU4cxxHiWu1+/vGwM9VWRroymr6JTbRHomKRJhU4="; 49 }; 50 51 nativeBuildInputs = [

+3 -3

pkgs/by-name/en/ente-web/package.nix

··· 12 13 stdenv.mkDerivation (finalAttrs: { 14 pname = "ente-web"; 15 - version = "0.9.99"; 16 17 src = fetchFromGitHub { 18 owner = "ente-io"; ··· 20 sparseCheckout = [ "web" ]; 21 tag = "photos-v${finalAttrs.version}"; 22 fetchSubmodules = true; 23 - hash = "sha256-/dWnaVll/kaKHTJ5gH18BR6JG5E6pF7/j+SgvE66b7M="; 24 }; 25 sourceRoot = "${finalAttrs.src.name}/web"; 26 27 offlineCache = fetchYarnDeps { 28 yarnLock = "${finalAttrs.src}/web/yarn.lock"; 29 - hash = "sha256-Wu0/YHqkqzrmA5hpVk0CX/W1wJUh8uZSjABuc+DPxMA="; 30 }; 31 32 nativeBuildInputs = [

··· 12 13 stdenv.mkDerivation (finalAttrs: { 14 pname = "ente-web"; 15 + version = "1.0.0"; 16 17 src = fetchFromGitHub { 18 owner = "ente-io"; ··· 20 sparseCheckout = [ "web" ]; 21 tag = "photos-v${finalAttrs.version}"; 22 fetchSubmodules = true; 23 + hash = "sha256-hK5CO4FTjh2MNT8pztV/GO7ifOGv1hw32flXrmcUAfk="; 24 }; 25 sourceRoot = "${finalAttrs.src.name}/web"; 26 27 offlineCache = fetchYarnDeps { 28 yarnLock = "${finalAttrs.src}/web/yarn.lock"; 29 + hash = "sha256-n/+HETnwtnpFlfDLA0znCzro5YhNsISweR820QXJFUQ="; 30 }; 31 32 nativeBuildInputs = [

+77

pkgs/by-name/en/envoy-bin/package.nix

···

··· 1 + { 2 + lib, 3 + stdenv, 4 + autoPatchelfHook, 5 + fetchurl, 6 + makeWrapper, 7 + nixosTests, 8 + versionCheckHook, 9 + }: 10 + let 11 + version = "1.33.2"; 12 + inherit (stdenv.hostPlatform) system; 13 + throwSystem = throw "envoy-bin is not available for ${system}."; 14 + 15 + plat = 16 + { 17 + aarch64-linux = "aarch_64"; 18 + x86_64-linux = "x86_64"; 19 + } 20 + .${system} or throwSystem; 21 + 22 + hash = 23 + { 24 + aarch64-linux = "sha256-gew2iaghIu/wymgMSBdvTTUbb5iBp5zJ2QeKb7Swtqg="; 25 + x86_64-linux = "sha256-vS/4fF78lf14gNcQkV9XPBqrTZxV2NqIbc2R30P610E="; 26 + } 27 + .${system} or throwSystem; 28 + in 29 + stdenv.mkDerivation { 30 + pname = "envoy-bin"; 31 + inherit version; 32 + 33 + src = fetchurl { 34 + url = "https://github.com/envoyproxy/envoy/releases/download/v${version}/envoy-${version}-linux-${plat}"; 35 + inherit hash; 36 + }; 37 + 38 + nativeBuildInputs = [ autoPatchelfHook ]; 39 + buildInputs = [ makeWrapper ]; 40 + 41 + dontUnpack = true; 42 + dontBuild = true; 43 + 44 + installPhase = '' 45 + runHook preInstall 46 + mkdir -p $out/bin 47 + install -m755 $src $out/bin/envoy 48 + runHook postInstall 49 + ''; 50 + 51 + nativeInstallCheckInputs = [ versionCheckHook ]; 52 + doInstallCheck = true; 53 + versionCheckProgram = "${placeholder "out"}/bin/envoy"; 54 + versionCheckProgramArg = "--version"; 55 + 56 + passthru = { 57 + tests.envoy-bin = nixosTests.envoy-bin; 58 + 59 + updateScript = ./update.sh; 60 + }; 61 + 62 + meta = { 63 + homepage = "https://envoyproxy.io"; 64 + changelog = "https://github.com/envoyproxy/envoy/releases/tag/v${version}"; 65 + description = "Cloud-native edge and service proxy"; 66 + license = lib.licenses.asl20; 67 + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; 68 + maintainers = with lib.maintainers; [ 69 + adamcstephens 70 + ]; 71 + mainProgram = "envoy"; 72 + platforms = [ 73 + "x86_64-linux" 74 + "aarch64-linux" 75 + ]; 76 + }; 77 + }

+32

pkgs/by-name/en/envoy-bin/update.sh

···

··· 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p curl gnused gawk nix-prefetch common-updater-scripts jq 3 + 4 + set -euo pipefail 5 + 6 + ROOT="$(dirname "$(readlink -f "$0")")" 7 + NIX_DRV="$ROOT/package.nix" 8 + if [ ! -f "$NIX_DRV" ]; then 9 + echo "ERROR: cannot find package.nix in $ROOT" 10 + exit 1 11 + fi 12 + 13 + fetch_arch() { 14 + VER="$1" 15 + ARCH="$2" 16 + URL="https://github.com/envoyproxy/envoy/releases/download/v${VER}/envoy-${VER}-linux-${ARCH}" 17 + nix hash convert --to sri --hash-algo sha256 "$(nix-prefetch-url --type sha256 "$URL")" 18 + } 19 + 20 + replace_hash() { 21 + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" 22 + } 23 + 24 + VER=$(list-git-tags --url=https://github.com/envoyproxy/envoy | rg 'v[0-9\.]*$' | sed -e 's/^v//' | sort -V | tail -n 1) 25 + 26 + LINUX_X64_HASH=$(fetch_arch "$VER" "x86_64") 27 + LINUX_AARCH64_HASH=$(fetch_arch "$VER" "aarch_64") 28 + 29 + sed -i "s/version = \".*\"/version = \"$VER\"/" "$NIX_DRV" 30 + 31 + replace_hash "x86_64-linux" "$LINUX_X64_HASH" 32 + replace_hash "aarch64-linux" "$LINUX_AARCH64_HASH"

+2 -2

pkgs/by-name/fe/feedbackd/package.nix

··· 34 in 35 stdenv.mkDerivation (finalAttrs: { 36 pname = "feedbackd"; 37 - version = "0.8.0"; 38 39 outputs = [ 40 "out" ··· 47 owner = "Librem5"; 48 repo = "feedbackd"; 49 rev = "v${finalAttrs.version}"; 50 - hash = "sha256-Hn850+bRSNDe8ZgDRu52N7AR/yLNbV6zGROBYtetOZg="; 51 }; 52 53 depsBuildBuild = [

··· 34 in 35 stdenv.mkDerivation (finalAttrs: { 36 pname = "feedbackd"; 37 + version = "0.8.1"; 38 39 outputs = [ 40 "out" ··· 47 owner = "Librem5"; 48 repo = "feedbackd"; 49 rev = "v${finalAttrs.version}"; 50 + hash = "sha256-J2BNDF9TyW+srW0pGbGt4/Uw4KPVf/Ke+HJVBldmfCA="; 51 }; 52 53 depsBuildBuild = [

+3 -2

pkgs/by-name/fl/fluent-bit/package.nix

··· 28 29 stdenv.mkDerivation (finalAttrs: { 30 pname = "fluent-bit"; 31 - version = "3.2.9"; 32 33 src = fetchFromGitHub { 34 owner = "fluent"; 35 repo = "fluent-bit"; 36 tag = "v${finalAttrs.version}"; 37 - hash = "sha256-10L+w9SLfblE9Ok9lvZdU1i63NRtw/pT5ePk+zJwvHQ="; 38 }; 39 40 # The source build documentation covers some dependencies and CMake options.

··· 28 29 stdenv.mkDerivation (finalAttrs: { 30 pname = "fluent-bit"; 31 + # FIXME: We are deliberately on 3.2.6 as 3.2.7 and above are causing segfaults (https://github.com/fluent/fluent-bit/issues/10139) 32 + version = "3.2.6"; 33 34 src = fetchFromGitHub { 35 owner = "fluent"; 36 repo = "fluent-bit"; 37 tag = "v${finalAttrs.version}"; 38 + hash = "sha256-S0sb954n17z+zrVNkYd6yiV01aNbOLJLOV+34PRkSXQ="; 39 }; 40 41 # The source build documentation covers some dependencies and CMake options.

+2 -2

pkgs/by-name/ge/gerrit/package.nix

··· 7 8 stdenv.mkDerivation rec { 9 pname = "gerrit"; 10 - version = "3.11.1"; 11 12 src = fetchurl { 13 url = "https://gerrit-releases.storage.googleapis.com/gerrit-${version}.war"; 14 - hash = "sha256-7gJyvFOisukzd2Vmqci7CiJqegYQSYQZvnSvR+Y9HM4="; 15 }; 16 17 buildCommand = ''

··· 7 8 stdenv.mkDerivation rec { 9 pname = "gerrit"; 10 + version = "3.11.2"; 11 12 src = fetchurl { 13 url = "https://gerrit-releases.storage.googleapis.com/gerrit-${version}.war"; 14 + hash = "sha256-F3kWGIA7RvbPMAs9U9tAmraHpxbkW/TQ6R9XXVBaLXs="; 15 }; 16 17 buildCommand = ''

+34

pkgs/by-name/ha/haven/package.nix

···

··· 1 + { 2 + lib, 3 + buildGoModule, 4 + fetchFromGitHub, 5 + }: 6 + 7 + buildGoModule rec { 8 + pname = "haven"; 9 + version = "1.0.5"; 10 + 11 + src = fetchFromGitHub { 12 + owner = "bitvora"; 13 + repo = "haven"; 14 + tag = "v${version}"; 15 + hash = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; 16 + }; 17 + 18 + vendorHash = "sha256-5d6C2sNG8aCaC+z+hyLgOiEPWP/NmAcRRbRVC4KuCEw="; 19 + 20 + postInstall = '' 21 + mkdir -p $out/share/haven 22 + cp -r $src/templates $out/share/haven/ 23 + cp $src/.env.example $out/share/haven/.env.example 24 + ''; 25 + 26 + meta = { 27 + description = "High Availability Vault for Events on Nostr"; 28 + homepage = "https://github.com/bitvora/haven"; 29 + changelog = "https://github.com/bitvora/haven/releases/tag/v${version}"; 30 + license = lib.licenses.mit; 31 + maintainers = with lib.maintainers; [ felixzieger ]; 32 + mainProgram = "haven"; 33 + }; 34 + }

+3 -3

pkgs/by-name/kt/ktor-cli/package.nix

··· 6 7 buildGoModule rec { 8 pname = "ktor-cli"; 9 - version = "0.4.0"; 10 11 src = fetchFromGitHub { 12 owner = "ktorio"; 13 repo = "ktor-cli"; 14 tag = version; 15 - hash = "sha256-TGwkGm1Rsg82f6FJeTnhyvfS2MRMe5+DTdxTsOwwb1Q="; 16 }; 17 18 subPackages = "cmd/ktor"; 19 20 - vendorHash = "sha256-ITYNSq2hs0QcOZZShkwtjZVcSyGY1uCmhgoZ0l9nPP0="; 21 22 ldflags = [ 23 "-s"

··· 6 7 buildGoModule rec { 8 pname = "ktor-cli"; 9 + version = "0.5.0"; 10 11 src = fetchFromGitHub { 12 owner = "ktorio"; 13 repo = "ktor-cli"; 14 tag = version; 15 + hash = "sha256-DZEEaTz55vIBU8Byl51cEWgXu2Wjmctz/9XBAKX8VKY="; 16 }; 17 18 subPackages = "cmd/ktor"; 19 20 + vendorHash = "sha256-Cv/Jq4dWVzotfCCclrwufmC0I2pgPe/YHKWqcLzjt2E="; 21 22 ldflags = [ 23 "-s"

+4 -11

pkgs/by-name/la/ladybird/package.nix

··· 6 cacert, 7 unicode-emoji, 8 unicode-character-database, 9 cmake, 10 ninja, 11 pkg-config, ··· 30 }: 31 32 let 33 - unicode-idna = fetchurl { 34 - url = "https://www.unicode.org/Public/idna/${unicode-character-database.version}/IdnaMappingTable.txt"; 35 - hash = "sha256-QCy9KF8flS/NCDS2NUHVT2nT2PG4+Fmb9xoaFJNfgsQ="; 36 - }; 37 adobe-icc-profiles = fetchurl { 38 url = "https://download.adobe.com/pub/adobe/iccprofiles/win/AdobeICCProfilesCS4Win_end-user.zip"; 39 hash = "sha256-kgQ7fDyloloPaXXQzcV9tgpn3Lnr37FbFiZzEb61j5Q="; 40 name = "adobe-icc-profiles.zip"; 41 }; 42 - public_suffix_commit = "9094af5c6cb260e69137c043c01be18fee01a540"; 43 - public-suffix-list = fetchurl { 44 - url = "https://raw.githubusercontent.com/publicsuffix/list/${public_suffix_commit}/public_suffix_list.dat"; 45 - hash = "sha256-0szHUz1T0MXOQ9tcXoKY2F/bI3s7hsYCjURqywZsf1w="; 46 - }; 47 # Note: The cacert version is synthetic and must match the version in the package's CMake 48 cacert_version = "2023-12-12"; 49 in ··· 80 cp -r ${unicode-character-database}/share/unicode build/Caches/UCD 81 chmod +w build/Caches/UCD 82 cp ${unicode-emoji}/share/unicode/emoji/emoji-test.txt build/Caches/UCD 83 - cp ${unicode-idna} build/Caches/UCD/IdnaMappingTable.txt 84 echo -n ${unicode-character-database.version} > build/Caches/UCD/version.txt 85 chmod -w build/Caches/UCD 86 ··· 89 echo -n ${cacert_version} > build/Caches/CACERT/version.txt 90 91 mkdir build/Caches/PublicSuffix 92 - cp ${public-suffix-list} build/Caches/PublicSuffix/public_suffix_list.dat 93 94 mkdir build/Caches/AdobeICCProfiles 95 cp ${adobe-icc-profiles} build/Caches/AdobeICCProfiles/adobe-icc-profiles.zip

··· 6 cacert, 7 unicode-emoji, 8 unicode-character-database, 9 + unicode-idna, 10 + publicsuffix-list, 11 cmake, 12 ninja, 13 pkg-config, ··· 32 }: 33 34 let 35 adobe-icc-profiles = fetchurl { 36 url = "https://download.adobe.com/pub/adobe/iccprofiles/win/AdobeICCProfilesCS4Win_end-user.zip"; 37 hash = "sha256-kgQ7fDyloloPaXXQzcV9tgpn3Lnr37FbFiZzEb61j5Q="; 38 name = "adobe-icc-profiles.zip"; 39 }; 40 # Note: The cacert version is synthetic and must match the version in the package's CMake 41 cacert_version = "2023-12-12"; 42 in ··· 73 cp -r ${unicode-character-database}/share/unicode build/Caches/UCD 74 chmod +w build/Caches/UCD 75 cp ${unicode-emoji}/share/unicode/emoji/emoji-test.txt build/Caches/UCD 76 + cp ${unicode-idna}/share/unicode/idna/IdnaMappingTable.txt build/Caches/UCD 77 echo -n ${unicode-character-database.version} > build/Caches/UCD/version.txt 78 chmod -w build/Caches/UCD 79 ··· 82 echo -n ${cacert_version} > build/Caches/CACERT/version.txt 83 84 mkdir build/Caches/PublicSuffix 85 + cp ${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat build/Caches/PublicSuffix 86 87 mkdir build/Caches/AdobeICCProfiles 88 cp ${adobe-icc-profiles} build/Caches/AdobeICCProfiles/adobe-icc-profiles.zip

+7 -6

pkgs/by-name/lk/lk-jwt-service/package.nix

··· 4 fetchFromGitHub, 5 }: 6 7 - buildGoModule rec { 8 pname = "lk-jwt-service"; 9 - version = "0.2.1"; 10 11 src = fetchFromGitHub { 12 owner = "element-hq"; 13 repo = "lk-jwt-service"; 14 - tag = "v${version}"; 15 - hash = "sha256-R4YqmHp0i+RpJJkENJPZJDNCVg+O+70JMoCR8ZlesyM="; 16 }; 17 18 - vendorHash = "sha256-evzltyQZCBQ4/k641sQrmUvw6yIBWFEic/WUa/WX5xE="; 19 20 meta = with lib; { 21 description = "Minimal service to issue LiveKit JWTs for MatrixRTC"; 22 homepage = "https://github.com/element-hq/lk-jwt-service"; 23 license = licenses.agpl3Plus; 24 maintainers = with maintainers; [ kilimnik ]; 25 mainProgram = "lk-jwt-service"; 26 }; 27 - }

··· 4 fetchFromGitHub, 5 }: 6 7 + buildGoModule (finalAttrs: { 8 pname = "lk-jwt-service"; 9 + version = "0.2.2"; 10 11 src = fetchFromGitHub { 12 owner = "element-hq"; 13 repo = "lk-jwt-service"; 14 + tag = "v${finalAttrs.version}"; 15 + hash = "sha256-ONL2qKBXL2FtTv5Eao61qPKWP2h9t3KyoHlS5nAHMGA="; 16 }; 17 18 + vendorHash = "sha256-47eJO1Ai78RuhlEPn/J1cd+YSqvmfUD8cuPZIqsdxvI="; 19 20 meta = with lib; { 21 + changelog = "https://github.com/element-hq/lk-jwt-service/releases/tag/${finalAttrs.src.tag}"; 22 description = "Minimal service to issue LiveKit JWTs for MatrixRTC"; 23 homepage = "https://github.com/element-hq/lk-jwt-service"; 24 license = licenses.agpl3Plus; 25 maintainers = with maintainers; [ kilimnik ]; 26 mainProgram = "lk-jwt-service"; 27 }; 28 + })

+3 -35

pkgs/by-name/m4/m4ri/package.nix

··· 6 }: 7 8 stdenv.mkDerivation rec { 9 - version = "20240729"; 10 pname = "m4ri"; 11 12 src = fetchFromGitHub { 13 owner = "malb"; 14 repo = "m4ri"; 15 - # 20240729 has a broken m4ri.pc file, fixed in the next commit. 16 - # TODO: remove if on update 17 - rev = 18 - if version == "20240729" then "775189bfea96ffaeab460513413fcf4fbcd64392" else "release-${version}"; 19 - hash = "sha256-untwo0go8O8zNO0EyZ4n/n7mngSXLr3Z/FSkXA8ptnU="; 20 }; 21 - 22 - # based on the list in m4/m4_ax_ext.m4 23 - configureFlags = builtins.map (s: "ax_cv_have_${s}_cpu_ext=no") ( 24 - [ 25 - "sha" 26 - "xop" 27 - ] 28 - ++ lib.optional (!stdenv.hostPlatform.sse3Support) "sse3" 29 - ++ lib.optional (!stdenv.hostPlatform.ssse3Support) "ssse3" 30 - ++ lib.optional (!stdenv.hostPlatform.sse4_1Support) "sse41" 31 - ++ lib.optional (!stdenv.hostPlatform.sse4_2Support) "sse42" 32 - ++ lib.optional (!stdenv.hostPlatform.sse4_aSupport) "sse4a" 33 - ++ lib.optional (!stdenv.hostPlatform.aesSupport) "aes" 34 - ++ lib.optional (!stdenv.hostPlatform.avxSupport) "avx" 35 - ++ lib.optional (!stdenv.hostPlatform.fmaSupport) "fma3" 36 - ++ lib.optional (!stdenv.hostPlatform.fma4Support) "fma4" 37 - ++ lib.optional (!stdenv.hostPlatform.avx2Support) "avx2" 38 - ++ lib.optionals (!stdenv.hostPlatform.avx512Support) [ 39 - "avx512f" 40 - "avx512cd" 41 - "avx512pf" 42 - "avx512er" 43 - "avx512vl" 44 - "avx512bw" 45 - "avx512dq" 46 - "avx512ifma" 47 - "avx512vbmi" 48 - ] 49 - ); 50 51 doCheck = true; 52

··· 6 }: 7 8 stdenv.mkDerivation rec { 9 + version = "20250128"; 10 pname = "m4ri"; 11 12 src = fetchFromGitHub { 13 owner = "malb"; 14 repo = "m4ri"; 15 + rev = version; 16 + hash = "sha256-YoCTI4dLy95xuRJyNugIzGxE40B9pCWxRQtsyS/1Pds="; 17 }; 18 19 doCheck = true; 20

+7 -5

pkgs/by-name/m4/m4rie/package.nix

··· 1 { 2 lib, 3 stdenv, 4 - fetchFromBitbucket, 5 autoreconfHook, 6 m4ri, 7 }: 8 9 stdenv.mkDerivation rec { 10 - version = "20250103"; 11 pname = "m4rie"; 12 13 - src = fetchFromBitbucket { 14 owner = "malb"; 15 repo = "m4rie"; 16 - rev = "release-${version}"; 17 - hash = "sha256-CbzDLSqdtQ+CLKoKycznKzD3VCa+gfuh8TLvRC1fVz0="; 18 }; 19 20 doCheck = true; ··· 28 makeFlags = [ ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ "CFLAGS=-O0" ]; 29 nativeBuildInputs = [ 30 autoreconfHook 31 ]; 32 33 meta = with lib; {

··· 1 { 2 lib, 3 stdenv, 4 + fetchFromGitHub, 5 autoreconfHook, 6 + pkg-config, 7 m4ri, 8 }: 9 10 stdenv.mkDerivation rec { 11 + version = "20250128"; 12 pname = "m4rie"; 13 14 + src = fetchFromGitHub { 15 owner = "malb"; 16 repo = "m4rie"; 17 + rev = version; 18 + hash = "sha256-tw6ZX8hKfr9wQLF2nuO1dSkkTYZX6pzNWMlWfzLqQNE="; 19 }; 20 21 doCheck = true; ··· 29 makeFlags = [ ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ "CFLAGS=-O0" ]; 30 nativeBuildInputs = [ 31 autoreconfHook 32 + pkg-config 33 ]; 34 35 meta = with lib; {

+3 -3

pkgs/by-name/mi/miniflux/package.nix

··· 9 10 buildGoModule rec { 11 pname = "miniflux"; 12 - version = "2.2.6"; 13 14 src = fetchFromGitHub { 15 owner = "miniflux"; 16 repo = "v2"; 17 tag = version; 18 - hash = "sha256-N0WAdfxToVF93ICGpDstQig3aGz2lAzJz1nf4tSvxAY="; 19 }; 20 21 - vendorHash = "sha256-AG3NNqwpaTctvgOEZ2SarsMK4SRgzWxf+j9N4wwKKB4="; 22 23 nativeBuildInputs = [ installShellFiles ]; 24

··· 9 10 buildGoModule rec { 11 pname = "miniflux"; 12 + version = "2.2.7"; 13 14 src = fetchFromGitHub { 15 owner = "miniflux"; 16 repo = "v2"; 17 tag = version; 18 + hash = "sha256-1W+sFXvM5qOYxpbRBkZIvombchv2oYkcFuq7/ETGjfs="; 19 }; 20 21 + vendorHash = "sha256-bulQrLtA61RMZVhTtupTJUUTWJGWXcmpGaNUAoXEfYE="; 22 23 nativeBuildInputs = [ installShellFiles ]; 24

+2 -2

pkgs/by-name/mu/museum/package.nix

··· 9 10 buildGoModule rec { 11 pname = "museum"; 12 - version = "0.9.99"; 13 14 src = fetchFromGitHub { 15 owner = "ente-io"; 16 repo = "ente"; 17 sparseCheckout = [ "server" ]; 18 rev = "photos-v${version}"; 19 - hash = "sha256-+EL81zSOjoBfew8LRl0awWXgc2r8KDBBCYBBtDU1s5g="; 20 }; 21 22 vendorHash = "sha256-px4pMqeH73Fe06va4+n6hklIUDMbPmAQNKKRIhwv6ec=";

··· 9 10 buildGoModule rec { 11 pname = "museum"; 12 + version = "1.0.0"; 13 14 src = fetchFromGitHub { 15 owner = "ente-io"; 16 repo = "ente"; 17 sparseCheckout = [ "server" ]; 18 rev = "photos-v${version}"; 19 + hash = "sha256-niEySdGebd9SRRha2dYLsAary3to/9tgV5KePg2LdyE="; 20 }; 21 22 vendorHash = "sha256-px4pMqeH73Fe06va4+n6hklIUDMbPmAQNKKRIhwv6ec=";

+23 -9

pkgs/by-name/pa/paretosecurity/package.nix

··· 9 10 buildGoModule rec { 11 pname = "paretosecurity"; 12 - version = "0.0.91"; 13 14 src = fetchFromGitHub { 15 owner = "ParetoSecurity"; 16 repo = "agent"; 17 rev = version; 18 - hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; 19 }; 20 21 - vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; 22 proxyVendor = true; 23 24 - subPackages = [ 25 - "cmd/paretosecurity" 26 - ]; 27 - 28 ldflags = [ 29 "-s" 30 "-X=github.com/ParetoSecurity/agent/shared.Version=${version}" ··· 32 "-X=github.com/ParetoSecurity/agent/shared.Date=1970-01-01T00:00:00Z" 33 ]; 34 35 passthru.tests = { 36 version = testers.testVersion { 37 version = "${version}"; ··· 50 settings such as if you have disk encryption and firewall enabled. 51 52 If you use the `services.paretosecurity` NixOS module, you also get a 53 - root helper, so that you can run the checker in userspace. Some checks 54 require root permissions, and the checker asks the helper to run those. 55 56 Additionally, if you enable `services.paretosecurity.trayIcon`, you get a 57 little Vilfredo Pareto living in your systray showing your the current 58 - status of checks. 59 60 Finally, you can run `paretosecurity link` to configure the agent 61 to send the status of checks to https://dash.paretosecurity.com to make

··· 9 10 buildGoModule rec { 11 pname = "paretosecurity"; 12 + version = "0.0.96"; 13 14 src = fetchFromGitHub { 15 owner = "ParetoSecurity"; 16 repo = "agent"; 17 rev = version; 18 + hash = "sha256-SyeIGSDvrnOvyOJ0zC8CulpaMa+iZeRaMTJUSydz2tw="; 19 }; 20 21 + vendorHash = "sha256-O/OF3Y6HiiikMxf657k9eIM7UfkicIImAUxVVf/TgR8="; 22 proxyVendor = true; 23 24 ldflags = [ 25 "-s" 26 "-X=github.com/ParetoSecurity/agent/shared.Version=${version}" ··· 28 "-X=github.com/ParetoSecurity/agent/shared.Date=1970-01-01T00:00:00Z" 29 ]; 30 31 + postInstall = '' 32 + # Install global systemd files 33 + install -Dm400 ${src}/apt/paretosecurity.socket $out/lib/systemd/system/paretosecurity.socket 34 + install -Dm400 ${src}/apt/paretosecurity.service $out/lib/systemd/system/paretosecurity.service 35 + substituteInPlace $out/lib/systemd/system/paretosecurity.service \ 36 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 37 + 38 + # Install user systemd files 39 + install -Dm444 ${src}/apt/paretosecurity-user.timer $out/lib/systemd/user/paretosecurity-user.timer 40 + install -Dm444 ${src}/apt/paretosecurity-user.service $out/lib/systemd/user/paretosecurity-user.service 41 + substituteInPlace $out/lib/systemd/user/paretosecurity-user.service \ 42 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 43 + install -Dm444 ${src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service 44 + substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \ 45 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 46 + ''; 47 + 48 passthru.tests = { 49 version = testers.testVersion { 50 version = "${version}"; ··· 63 settings such as if you have disk encryption and firewall enabled. 64 65 If you use the `services.paretosecurity` NixOS module, you also get a 66 + root helper that allows you to run the checker in userspace. Some checks 67 require root permissions, and the checker asks the helper to run those. 68 69 Additionally, if you enable `services.paretosecurity.trayIcon`, you get a 70 little Vilfredo Pareto living in your systray showing your the current 71 + status of checks. This will also enable a systemd timer to update the 72 + status of checks once per hour. 73 74 Finally, you can run `paretosecurity link` to configure the agent 75 to send the status of checks to https://dash.paretosecurity.com to make

+2 -2

pkgs/by-name/ro/routino/package.nix

··· 10 11 stdenv.mkDerivation rec { 12 pname = "routino"; 13 - version = "3.4.1"; 14 15 src = fetchurl { 16 url = "https://routino.org/download/routino-${version}.tgz"; 17 - hash = "sha256-C6qNKljRdV0ProbgSxfrZLgZH+Pl8kcpKmTb83GLhSs="; 18 }; 19 20 patchFlags = [ "-p0" ];

··· 10 11 stdenv.mkDerivation rec { 12 pname = "routino"; 13 + version = "3.4.2"; 14 15 src = fetchurl { 16 url = "https://routino.org/download/routino-${version}.tgz"; 17 + hash = "sha256-Dms1u/KuS6qFYcslKfsvIFPx0ApdyWtKK/XlgW+kToI="; 18 }; 19 20 patchFlags = [ "-p0" ];

+81 -86

pkgs/by-name/ru/ruffle/package.nix

··· 1 { 2 alsa-lib, 3 - fetchFromGitHub, 4 - makeWrapper, 5 openssl, 6 - pkg-config, 7 - python3, 8 - rustPlatform, 9 - stdenvNoCC, 10 - lib, 11 wayland, 12 - xorg, 13 vulkan-loader, 14 udev, 15 - jre_minimal, 16 - cairo, 17 - gtk3, 18 - wrapGAppsHook3, 19 - gsettings-desktop-schemas, 20 - glib, 21 libxkbcommon, 22 openh264, 23 - darwin, 24 }: 25 - let 26 pname = "ruffle"; 27 - version = "nightly-2025-01-25"; 28 - # TODO: Remove overridden derivation once ruffle accepts upstream openh264-2.5.0 29 - openh264-241 = 30 - if stdenvNoCC.hostPlatform.isLinux then 31 - openh264.overrideAttrs (_: rec { 32 - version = "2.4.1"; 33 - src = fetchFromGitHub { 34 - owner = "cisco"; 35 - repo = "openh264"; 36 - tag = "v${version}"; 37 - hash = "sha256-ai7lcGcQQqpsLGSwHkSs7YAoEfGCIbxdClO6JpGA+MI="; 38 - }; 39 - postPatch = null; 40 - }) 41 - else 42 - null; 43 - in 44 - rustPlatform.buildRustPackage { 45 - inherit pname version; 46 47 src = fetchFromGitHub { 48 owner = "ruffle-rs"; 49 - repo = pname; 50 - tag = version; 51 - hash = "sha256-JLh0tatP70rYo2QXLKu6M9jJ1gFpY76sYaUJqW9U4E0="; 52 }; 53 54 - patches = [ ./remove-deterministic-feature.patch ]; 55 - 56 useFetchCargoVendor = true; 57 - cargoHash = "sha256-PbNp/V+xmU6Lo24a6pd9XoT/LQmINztjOHKoikG9N4Y="; 58 59 nativeBuildInputs = 60 [ jre_minimal ] 61 ++ lib.optionals stdenvNoCC.hostPlatform.isLinux [ 62 - glib 63 - gsettings-desktop-schemas 64 - makeWrapper 65 pkg-config 66 - python3 67 wrapGAppsHook3 68 ] 69 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ rustPlatform.bindgenHook ]; ··· 71 buildInputs = 72 lib.optionals stdenvNoCC.hostPlatform.isLinux [ 73 alsa-lib 74 - cairo 75 gtk3 76 openssl 77 wayland 78 - xorg.libX11 79 - xorg.libXcursor 80 - xorg.libXi 81 - xorg.libxcb 82 - xorg.libXrender 83 vulkan-loader 84 udev 85 ] 86 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.AppKit ]; 87 88 - cargoBuildFlags = [ "--workspace" ]; 89 - 90 postInstall = 91 '' 92 - # Namespace binaries with "ruffle_" 93 - mv $out/bin/exporter $out/bin/ruffle_exporter 94 - mv $out/bin/mocket $out/bin/ruffle_mocket 95 - mv $out/bin/stub-report $out/bin/ruffle_stub-report 96 - mv $out/bin/build_playerglobal $out/bin/ruffle_build_playerglobal 97 - 98 - # This name is too specific 99 mv $out/bin/ruffle_desktop $out/bin/ruffle 100 '' 101 + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 102 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.desktop \ ··· 107 108 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.metainfo.xml \ 109 -t $out/share/metainfo/ 110 - 111 - rm $out/bin/ruffle_web_safari 112 ''; 113 114 preFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 115 - patchelf $out/bin/ruffle \ 116 - --add-needed libxkbcommon-x11.so \ 117 - --add-needed libwayland-client.so \ 118 - --add-needed libopenh264.so \ 119 - --add-rpath ${libxkbcommon}/lib:${wayland}/lib:${openh264-241}/lib 120 ''; 121 122 - dontWrapGApps = true; 123 - 124 - postFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 125 - vulkanWrapperArgs+=( 126 - --prefix LD_LIBRARY_PATH ':' ${vulkan-loader}/lib 127 - ) 128 - 129 - wrapProgram $out/bin/ruffle_exporter \ 130 - "''${vulkanWrapperArgs[@]}" 131 - 132 - wrapProgram $out/bin/ruffle \ 133 - "''${vulkanWrapperArgs[@]}" \ 134 - "''${gappsWrapperArgs[@]}" 135 - ''; 136 137 meta = { 138 description = "Cross platform Adobe Flash Player emulator"; ··· 142 and 3 programs with machine-native performance thanks to being 143 written in the Rust programming language. 144 145 - This package for ruffle also includes the `exporter` and 146 - `scanner` utilities which allow for generating screenshots as 147 - PNGs and parsing `.swf` files in bulk respectively. 148 ''; 149 homepage = "https://ruffle.rs/"; 150 downloadPage = "https://ruffle.rs/downloads"; 151 - changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${version}"; 152 license = [ 153 lib.licenses.mit 154 lib.licenses.asl20 ··· 160 mainProgram = "ruffle"; 161 platforms = lib.platforms.linux ++ lib.platforms.darwin; 162 }; 163 - }

··· 1 { 2 + lib, 3 + stdenvNoCC, 4 + rustPlatform, 5 + withRuffleTools ? false, 6 + fetchFromGitHub, 7 + jre_minimal, 8 + pkg-config, 9 + wrapGAppsHook3, 10 + darwin, 11 alsa-lib, 12 + gtk3, 13 openssl, 14 wayland, 15 vulkan-loader, 16 udev, 17 libxkbcommon, 18 openh264, 19 + writeShellApplication, 20 + curl, 21 + jq, 22 + nix-update, 23 }: 24 + rustPlatform.buildRustPackage (finalAttrs: { 25 pname = "ruffle"; 26 + version = "0-nightly-2025-03-28"; 27 28 src = fetchFromGitHub { 29 owner = "ruffle-rs"; 30 + repo = "ruffle"; 31 + tag = lib.strings.removePrefix "0-" finalAttrs.version; 32 + hash = "sha256-p2EEoHXseIXms4Xjyi3aNWCU0W9slXkeqrCrPvq1BjI="; 33 }; 34 35 useFetchCargoVendor = true; 36 + cargoHash = "sha256-RcCIt6xVZaQA7eSgKngHtsGafHFwv1bISK0XKWoNWtI="; 37 + cargoBuildFlags = lib.optional withRuffleTools "--workspace"; 38 + 39 + env = 40 + let 41 + tag = lib.strings.removePrefix "0-" finalAttrs.version; 42 + versionDate = lib.strings.removePrefix "0-nightly-" finalAttrs.version; 43 + in 44 + { 45 + VERGEN_IDEMPOTENT = "1"; 46 + VERGEN_GIT_SHA = tag; 47 + VERGEN_GIT_COMMIT_DATE = versionDate; 48 + VERGEN_GIT_COMMIT_TIMESTAMP = "${versionDate}T00:00:00Z"; 49 + }; 50 51 nativeBuildInputs = 52 [ jre_minimal ] 53 ++ lib.optionals stdenvNoCC.hostPlatform.isLinux [ 54 pkg-config 55 wrapGAppsHook3 56 ] 57 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ rustPlatform.bindgenHook ]; ··· 59 buildInputs = 60 lib.optionals stdenvNoCC.hostPlatform.isLinux [ 61 alsa-lib 62 gtk3 63 openssl 64 wayland 65 vulkan-loader 66 udev 67 ] 68 ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.AppKit ]; 69 70 postInstall = 71 '' 72 mv $out/bin/ruffle_desktop $out/bin/ruffle 73 + install -Dm644 LICENSE.md -t $out/share/doc/ruffle 74 + install -Dm644 README.md -t $out/share/doc/ruffle 75 '' 76 + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 77 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.desktop \ ··· 82 83 install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.metainfo.xml \ 84 -t $out/share/metainfo/ 85 ''; 86 87 + # Prevents ruffle from downloading openh264 at runtime for Linux 88 + openh264-241 = 89 + if stdenvNoCC.hostPlatform.isLinux then 90 + openh264.overrideAttrs (_: rec { 91 + version = "2.4.1"; 92 + src = fetchFromGitHub { 93 + owner = "cisco"; 94 + repo = "openh264"; 95 + tag = "v${version}"; 96 + hash = "sha256-ai7lcGcQQqpsLGSwHkSs7YAoEfGCIbxdClO6JpGA+MI="; 97 + }; 98 + postPatch = null; 99 + }) 100 + else 101 + null; 102 + 103 preFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' 104 + gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : ${ 105 + lib.makeLibraryPath [ 106 + libxkbcommon 107 + finalAttrs.openh264-241 108 + vulkan-loader 109 + wayland 110 + ] 111 + }) 112 ''; 113 114 + passthru = { 115 + updateScript = lib.getExe (writeShellApplication { 116 + name = "ruffle-update"; 117 + runtimeInputs = [ 118 + curl 119 + jq 120 + nix-update 121 + ]; 122 + text = '' 123 + version="$( \ 124 + curl https://api.github.com/repos/ruffle-rs/ruffle/releases?per_page=1 | \ 125 + jq -r ".[0].tag_name" \ 126 + )" 127 + exec nix-update --version "0-$version" ruffle 128 + ''; 129 + }); 130 + }; 131 132 meta = { 133 description = "Cross platform Adobe Flash Player emulator"; ··· 137 and 3 programs with machine-native performance thanks to being 138 written in the Rust programming language. 139 140 + Additionally, overriding the `withRuffleTools` input to 141 + `true` will build all the available packages in the ruffle 142 + project, including the `exporter` and `scanner` utilities. 143 ''; 144 homepage = "https://ruffle.rs/"; 145 downloadPage = "https://ruffle.rs/downloads"; 146 + changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${lib.strings.removePrefix "0-" finalAttrs.version}"; 147 license = [ 148 lib.licenses.mit 149 lib.licenses.asl20 ··· 155 mainProgram = "ruffle"; 156 platforms = lib.platforms.linux ++ lib.platforms.darwin; 157 }; 158 + })

-52

pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch

··· 1 - diff --git a/exporter/Cargo.toml b/exporter/Cargo.toml 2 - index 93066a30d..0f8b71ae4 100644 3 - --- a/exporter/Cargo.toml 4 - +++ b/exporter/Cargo.toml 5 - @@ -13,7 +13,7 @@ workspace = true 6 - [dependencies] 7 - clap = { workspace = true } 8 - futures = { workspace = true } 9 - -ruffle_core = { path = "../core", features = ["deterministic", "default_font"] } 10 - +ruffle_core = { path = "../core", features = ["default_font"] } 11 - ruffle_render_wgpu = { path = "../render/wgpu", features = ["clap"] } 12 - image = { workspace = true, features = ["png"] } 13 - walkdir = { workspace = true } 14 - diff --git a/scanner/Cargo.toml b/scanner/Cargo.toml 15 - index 59781ba79..40cf54c24 100644 16 - --- a/scanner/Cargo.toml 17 - +++ b/scanner/Cargo.toml 18 - @@ -12,7 +12,7 @@ workspace = true 19 - 20 - [dependencies] 21 - clap = { workspace = true } 22 - -ruffle_core = { path = "../core", features = ["deterministic"] } 23 - +ruffle_core = { path = "../core" } 24 - log = { workspace = true } 25 - walkdir = { workspace = true } 26 - serde = { workspace = true, features = ["derive"] } 27 - diff --git a/tests/Cargo.toml b/tests/Cargo.toml 28 - index 26bfc9a89..b7342b662 100644 29 - --- a/tests/Cargo.toml 30 - +++ b/tests/Cargo.toml 31 - @@ -27,7 +27,7 @@ ruffle_render_wgpu = { path = "../render/wgpu", optional = true } 32 - regex = "1.11.1" 33 - 34 - [dev-dependencies] 35 - -ruffle_core = { path = "../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } 36 - +ruffle_core = { path = "../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } 37 - ruffle_test_framework = { path = "framework" } 38 - libtest-mimic = "0.8.1" 39 - walkdir = { workspace = true } 40 - diff --git a/tests/framework/Cargo.toml b/tests/framework/Cargo.toml 41 - index ffc59e25b..639028578 100644 42 - --- a/tests/framework/Cargo.toml 43 - +++ b/tests/framework/Cargo.toml 44 - @@ -11,7 +11,7 @@ version.workspace = true 45 - workspace = true 46 - 47 - [dependencies] 48 - -ruffle_core = { path = "../../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } 49 - +ruffle_core = { path = "../../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } 50 - ruffle_render = { path = "../../render", features = ["serde"] } 51 - ruffle_input_format = { path = "../input-format" } 52 - ruffle_socket_format = { path = "../socket-format" }

···

+4 -4

pkgs/by-name/sa/sage/sage-src.nix

··· 12 # all get the same sources with the same patches applied. 13 14 stdenv.mkDerivation rec { 15 - version = "10.6.rc1"; 16 pname = "sage-src"; 17 18 src = fetchFromGitHub { 19 owner = "sagemath"; 20 repo = "sage"; 21 rev = version; 22 - hash = "sha256-fhCKe0mz3Rwz+HQJWkMj6/0gbvpVW1/ENCMNWkK5ngQ="; 23 }; 24 25 # contains essential files (e.g., setup.cfg) generated by the bootstrap script. ··· 27 configure-src = fetchurl { 28 # the hash below is the tagged commit's _parent_. it can also be found by looking for 29 # the "configure" asset at https://github.com/sagemath/sage/releases/tag/${version} 30 - url = "mirror://sageupstream/configure/configure-8dab37468c9feb4a5a1fcc22bbccc12321aaa475.tar.gz"; 31 - hash = "sha256-WqaUbmqZ7qwrgp8hRjOO7vhTejE0tCiQeMhBcJLsqvI="; 32 }; 33 34 # Patches needed because of particularities of nix or the way this is packaged.

··· 12 # all get the same sources with the same patches applied. 13 14 stdenv.mkDerivation rec { 15 + version = "10.6"; 16 pname = "sage-src"; 17 18 src = fetchFromGitHub { 19 owner = "sagemath"; 20 repo = "sage"; 21 rev = version; 22 + hash = "sha256-ZDYFq2lJXjnADFdX6y7sskaF0rkT5EIcdN8/bs00TlQ="; 23 }; 24 25 # contains essential files (e.g., setup.cfg) generated by the bootstrap script. ··· 27 configure-src = fetchurl { 28 # the hash below is the tagged commit's _parent_. it can also be found by looking for 29 # the "configure" asset at https://github.com/sagemath/sage/releases/tag/${version} 30 + url = "mirror://sageupstream/configure/configure-10741006a4794b7db82942db55b97033d5905431.tar.gz"; 31 + hash = "sha256-7LqY+vwBlyukDfcRtuR99vpC3hcBo8WRUuJjiFFq9xk="; 32 }; 33 34 # Patches needed because of particularities of nix or the way this is packaged.

+5 -5

pkgs/by-name/ta/tailwindcss_4/package.nix

··· 7 makeWrapper, 8 }: 9 let 10 - version = "4.1.0"; 11 inherit (stdenv.hostPlatform) system; 12 throwSystem = throw "tailwindcss has not been packaged for ${system} yet."; 13 ··· 22 23 hash = 24 { 25 - aarch64-darwin = "sha256-g9Gj/LN4tEJRrNjAjtfhX+5l35PoL0O/aydCP1vSuTs="; 26 - aarch64-linux = "sha256-85HVxqx9GPqfa6CgSBi42sW9LbmqKrKqjHyENjrb4HM="; 27 - x86_64-darwin = "sha256-i4jtB/5K3jp7ujcj2Yk2JntEDnC1hHWohgvWxuV29OA="; 28 - x86_64-linux = "sha256-hTek5N0YFtYAzMF/XrGolxxuDwvOanABe/8p5385RNk="; 29 } 30 .${system} or throwSystem; 31 in

··· 7 makeWrapper, 8 }: 9 let 10 + version = "4.1.1"; 11 inherit (stdenv.hostPlatform) system; 12 throwSystem = throw "tailwindcss has not been packaged for ${system} yet."; 13 ··· 22 23 hash = 24 { 25 + aarch64-darwin = "sha256-moydWSkhoHmxd+4zeWwgneUNHOlJ9yqPXlGHhCQmYXA="; 26 + aarch64-linux = "sha256-zTW+fGIkpwWRYMRJjZRJmO4YI5J6gOXOKUfq9KtGxKI="; 27 + x86_64-darwin = "sha256-JPnnUj30uQVvj+dnq7+fG4Trt7ArLVPsP4G1RVUeZAA="; 28 + x86_64-linux = "sha256-jIW4NmIW7dk3iTS0JY5V7PF9LfnWIVEDcYOUP0nWp1Y="; 29 } 30 .${system} or throwSystem; 31 in

+3 -3

pkgs/by-name/tt/ttfb/package.nix

··· 8 9 rustPlatform.buildRustPackage rec { 10 pname = "ttfb"; 11 - version = "1.14.0"; 12 13 src = fetchCrate { 14 inherit pname version; 15 - hash = "sha256-TElRWWPTwigyLikda7FdDh0tSC67XdPDg/Gu5aVQlAw="; 16 }; 17 18 buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ ··· 20 ]; 21 22 useFetchCargoVendor = true; 23 - cargoHash = "sha256-NXwSqTshaC5hnyruSQFgFQRqRTmINMnMZsaisuudqvY="; 24 25 # The bin feature activates all dependencies of the binary. Otherwise, 26 # only the library is build.

··· 8 9 rustPlatform.buildRustPackage rec { 10 pname = "ttfb"; 11 + version = "1.15.0"; 12 13 src = fetchCrate { 14 inherit pname version; 15 + hash = "sha256-OOVqCWeF5cHMweEGWYIiWWWsw1QlNDFgnia05Qxo7uo="; 16 }; 17 18 buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ ··· 20 ]; 21 22 useFetchCargoVendor = true; 23 + cargoHash = "sha256-4Nsg5/66enMgAfPrUQHuhOTTwG2OWyyvKMHIhPnlHko="; 24 25 # The bin feature activates all dependencies of the binary. Otherwise, 26 # only the library is build.

+34

pkgs/by-name/un/unicode-idna/package.nix

···

··· 1 + { 2 + lib, 3 + stdenvNoCC, 4 + fetchurl, 5 + }: 6 + 7 + stdenvNoCC.mkDerivation (finalAttrs: { 8 + pname = "unicode-idna"; 9 + version = "16.0.0"; 10 + 11 + src = fetchurl { 12 + url = "https://www.unicode.org/Public/idna/${finalAttrs.version}/IdnaMappingTable.txt"; 13 + hash = "sha256-bbLvTtNfOz3nTrwuAEBKlgf3bUmfV2uNQEPPFPHtF1w="; 14 + }; 15 + 16 + dontUnpack = true; 17 + 18 + installPhase = '' 19 + runHook preInstall 20 + 21 + mkdir -p $out/share/unicode/idna 22 + cp -r $src $out/share/unicode/idna/IdnaMappingTable.txt 23 + 24 + runHook postInstall 25 + ''; 26 + 27 + meta = { 28 + description = "unicode IDNA compatible processing data"; 29 + homepage = "http://www.unicode.org/reports/tr46/"; 30 + license = lib.licenses.unicode-dfs-2016; 31 + maintainers = with lib.maintainers; [ jopejoe1 ]; 32 + platforms = lib.platforms.all; 33 + }; 34 + })

+19 -14

pkgs/by-name/ve/vectorcode/package.nix

··· 3 python3Packages, 4 fetchFromGitHub, 5 versionCheckHook, 6 }: 7 8 python3Packages.buildPythonApplication rec { ··· 21 pdm-backend 22 ]; 23 24 - dependencies = with python3Packages; [ 25 - chromadb 26 - httpx 27 - numpy 28 - pathspec 29 - psutil 30 - pygments 31 - sentence-transformers 32 - shtab 33 - tabulate 34 - transformers 35 - tree-sitter 36 - tree-sitter-language-pack 37 - ]; 38 39 optional-dependencies = with python3Packages; { 40 intel = [

··· 3 python3Packages, 4 fetchFromGitHub, 5 versionCheckHook, 6 + 7 + lspSupport ? true, 8 }: 9 10 python3Packages.buildPythonApplication rec { ··· 23 pdm-backend 24 ]; 25 26 + dependencies = 27 + with python3Packages; 28 + [ 29 + chromadb 30 + httpx 31 + numpy 32 + pathspec 33 + psutil 34 + pygments 35 + sentence-transformers 36 + shtab 37 + tabulate 38 + transformers 39 + tree-sitter 40 + tree-sitter-language-pack 41 + ] 42 + ++ lib.optionals lspSupport optional-dependencies.lsp; 43 44 optional-dependencies = with python3Packages; { 45 intel = [

+7 -7

pkgs/by-name/vs/vsce/package.nix

··· 10 nix-update-script, 11 }: 12 13 - buildNpmPackage rec { 14 pname = "vsce"; 15 - version = "3.3.0"; 16 17 src = fetchFromGitHub { 18 owner = "microsoft"; 19 repo = "vscode-vsce"; 20 - rev = "v${version}"; 21 - hash = "sha256-z2OxVK/zbKr1AvWO74aoZHU/e3GPCF0QMINdNhbzNXc="; 22 }; 23 24 - npmDepsHash = "sha256-RIurea4cdH47q9axGtNTIZMeDOAqqdjovaE34A7M2uI="; 25 26 postPatch = '' 27 - substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${version}"' 28 ''; 29 30 nativeBuildInputs = [ ··· 56 license = lib.licenses.mit; 57 mainProgram = "vsce"; 58 }; 59 - }

··· 10 nix-update-script, 11 }: 12 13 + buildNpmPackage (finalAttrs: { 14 pname = "vsce"; 15 + version = "3.3.2"; 16 17 src = fetchFromGitHub { 18 owner = "microsoft"; 19 repo = "vscode-vsce"; 20 + rev = "v${finalAttrs.version}"; 21 + hash = "sha256-6Rls+t1NkU1bZuT8ZWpKYeGmAdMpNFuYGfdZhtszZQ8="; 22 }; 23 24 + npmDepsHash = "sha256-HZkzH5flOPiTUvFW/DOi5n034RAvMoU9lRvB6Omdb2M="; 25 26 postPatch = '' 27 + substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${finalAttrs.version}"' 28 ''; 29 30 nativeBuildInputs = [ ··· 56 license = lib.licenses.mit; 57 mainProgram = "vsce"; 58 }; 59 + })

+3

pkgs/by-name/xe/xercesc/package.nix

··· 3 lib, 4 fetchurl, 5 curl, 6 }: 7 8 stdenv.mkDerivation rec { ··· 16 17 buildInputs = [ 18 curl 19 ]; 20 21 configureFlags = [ 22 # Disable SSE2 extensions on platforms for which they are not enabled by default 23 "--disable-sse2" 24 "--enable-netaccessor-curl" 25 ]; 26 27 enableParallelBuilding = true;

··· 3 lib, 4 fetchurl, 5 curl, 6 + icu, 7 }: 8 9 stdenv.mkDerivation rec { ··· 17 18 buildInputs = [ 19 curl 20 + icu 21 ]; 22 23 configureFlags = [ 24 # Disable SSE2 extensions on platforms for which they are not enabled by default 25 "--disable-sse2" 26 "--enable-netaccessor-curl" 27 + "--enable-transcoder-icu" 28 ]; 29 30 enableParallelBuilding = true;

+1 -1

pkgs/development/compilers/llvm/common/default.nix

··· 465 } 466 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "16") { 467 mlir = callPackage ./mlir { }; 468 - libclc = callPackage ./libclc.nix { }; 469 } 470 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "19") { 471 bolt = callPackage ./bolt {

··· 465 } 466 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "16") { 467 mlir = callPackage ./mlir { }; 468 + libclc = callPackage ./libclc { }; 469 } 470 // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "19") { 471 bolt = callPackage ./bolt {

+6 -6

pkgs/development/compilers/llvm/common/libclc.nix pkgs/development/compilers/llvm/common/libclc/default.nix

··· 26 ln -s "${lib.getExe' buildLlvmTools.clang.cc "clang"}" "$out"/bin 27 ''; 28 in 29 - stdenv.mkDerivation rec { 30 pname = "libclc"; 31 inherit version; 32 33 - src = runCommand "${pname}-src-${version}" { inherit (monorepoSrc) passthru; } ( 34 '' 35 mkdir -p "$out" 36 '' ··· 38 cp -r ${monorepoSrc}/cmake "$out" 39 '' 40 + '' 41 - cp -r ${monorepoSrc}/${pname} "$out" 42 '' 43 ); 44 45 - sourceRoot = "${src.name}/${pname}"; 46 47 outputs = [ 48 "out" ··· 50 ]; 51 52 patches = 53 - [ ./libclc/libclc-gnu-install-dirs.patch ] 54 # LLVM 19 changes how host tools are looked up. 55 # Need to remove NO_DEFAULT_PATH and the PATHS arguments for find_program 56 # so CMake can actually find the tools in nativeBuildInputs. ··· 114 license = licenses.mit; 115 platforms = platforms.all; 116 }; 117 - }

··· 26 ln -s "${lib.getExe' buildLlvmTools.clang.cc "clang"}" "$out"/bin 27 ''; 28 in 29 + stdenv.mkDerivation (finalAttrs: { 30 pname = "libclc"; 31 inherit version; 32 33 + src = runCommand "libclc-src-${version}" { inherit (monorepoSrc) passthru; } ( 34 '' 35 mkdir -p "$out" 36 '' ··· 38 cp -r ${monorepoSrc}/cmake "$out" 39 '' 40 + '' 41 + cp -r ${monorepoSrc}/libclc "$out" 42 '' 43 ); 44 45 + sourceRoot = "${finalAttrs.src.name}/libclc"; 46 47 outputs = [ 48 "out" ··· 50 ]; 51 52 patches = 53 + [ ./libclc-gnu-install-dirs.patch ] 54 # LLVM 19 changes how host tools are looked up. 55 # Need to remove NO_DEFAULT_PATH and the PATHS arguments for find_program 56 # so CMake can actually find the tools in nativeBuildInputs. ··· 114 license = licenses.mit; 115 platforms = platforms.all; 116 }; 117 + })

+4 -4

pkgs/development/compilers/llvm/default.nix

··· 31 "17.0.6".officialRelease.sha256 = "sha256-8MEDLLhocshmxoEBRSKlJ/GzJ8nfuzQ8qn0X/vLA+ag="; 32 "18.1.8".officialRelease.sha256 = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; 33 "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; 34 - "20.1.1".officialRelease.sha256 = "sha256-hDFYi5wAUDQ8xfjvbGFi05KdawrN9lwrrSC8AcTpCEE="; 35 "21.0.0-git".gitRelease = { 36 - rev = "b32cf756994cbab83e50b9d84df03d5ee03f31f8"; 37 - rev-version = "21.0.0-unstable-2025-03-23"; 38 - sha256 = "sha256-6PuKOT8TozoOcN1muWt08jHGLMQTogtMOQIFa8TTQoY="; 39 }; 40 } // llvmVersions; 41

··· 31 "17.0.6".officialRelease.sha256 = "sha256-8MEDLLhocshmxoEBRSKlJ/GzJ8nfuzQ8qn0X/vLA+ag="; 32 "18.1.8".officialRelease.sha256 = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; 33 "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; 34 + "20.1.2".officialRelease.sha256 = "sha256-t30Jh8ckp5qD6XDxtvnSaYiAWbEi6L6hAWh6tN8JjtY="; 35 "21.0.0-git".gitRelease = { 36 + rev = "65734de9b93bef5b3211298b4fcc5dc79d18d31e"; 37 + rev-version = "21.0.0-unstable-2025-03-30"; 38 + sha256 = "sha256-v7/Goj8lc+8AUX/nJeqRcaudZAQoAwBZ9FtrDYX87ns="; 39 }; 40 } // llvmVersions; 41

+7 -9

pkgs/development/python-modules/certbot-dns-google/default.nix

··· 3 acme, 4 certbot, 5 google-api-python-client, 6 - oauth2client, 7 pytestCheckHook, 8 - pythonOlder, 9 }: 10 11 buildPythonPackage rec { 12 pname = "certbot-dns-google"; 13 - format = "setuptools"; 14 - 15 inherit (certbot) src version; 16 - disabled = pythonOlder "3.6"; 17 18 sourceRoot = "${src.name}/certbot-dns-google"; 19 20 - propagatedBuildInputs = [ 21 acme 22 certbot 23 google-api-python-client 24 - oauth2client 25 ]; 26 27 nativeCheckInputs = [ pytestCheckHook ]; 28 29 pytestFlagsArray = [ 30 "-p no:cacheprovider" 31 - # https://github.com/certbot/certbot/issues/9988 32 - "-Wignore::DeprecationWarning" 33 ]; 34 35 meta = certbot.meta // {

··· 3 acme, 4 certbot, 5 google-api-python-client, 6 + google-auth, 7 pytestCheckHook, 8 + setuptools, 9 }: 10 11 buildPythonPackage rec { 12 pname = "certbot-dns-google"; 13 inherit (certbot) src version; 14 + pyproject = true; 15 16 sourceRoot = "${src.name}/certbot-dns-google"; 17 18 + build-system = [ setuptools ]; 19 + 20 + dependencies = [ 21 acme 22 certbot 23 google-api-python-client 24 + google-auth 25 ]; 26 27 nativeCheckInputs = [ pytestCheckHook ]; 28 29 pytestFlagsArray = [ 30 "-p no:cacheprovider" 31 ]; 32 33 meta = certbot.meta // {

-2

pkgs/development/python-modules/google-api-python-client/default.nix

··· 7 google-api-core, 8 httplib2, 9 uritemplate, 10 - oauth2client, 11 setuptools, 12 pythonOlder, 13 }: ··· 33 google-api-core 34 httplib2 35 uritemplate 36 - oauth2client 37 ]; 38 39 # No tests included in archive

··· 7 google-api-core, 8 httplib2, 9 uritemplate, 10 setuptools, 11 pythonOlder, 12 }: ··· 32 google-api-core 33 httplib2 34 uritemplate 35 ]; 36 37 # No tests included in archive

+11 -19

pkgs/development/python-modules/google-auth/default.nix

··· 11 freezegun, 12 grpcio, 13 mock, 14 - oauth2client, 15 pyasn1-modules, 16 pyjwt, 17 pyopenssl, ··· 68 requests = [ requests ]; 69 }; 70 71 - nativeCheckInputs = 72 - [ 73 - aioresponses 74 - flask 75 - freezegun 76 - grpcio 77 - mock 78 - ] 79 - ++ lib.optionals (pythonOlder "3.13") [ 80 - oauth2client 81 - ] 82 - ++ [ 83 - pytest-asyncio 84 - pytest-localserver 85 - pytestCheckHook 86 - responses 87 - ] 88 - ++ lib.flatten (lib.attrValues optional-dependencies); 89 90 pythonImportsCheck = [ 91 "google.auth"

··· 11 freezegun, 12 grpcio, 13 mock, 14 pyasn1-modules, 15 pyjwt, 16 pyopenssl, ··· 67 requests = [ requests ]; 68 }; 69 70 + nativeCheckInputs = [ 71 + aioresponses 72 + flask 73 + freezegun 74 + grpcio 75 + mock 76 + pytest-asyncio 77 + pytest-localserver 78 + pytestCheckHook 79 + responses 80 + ] ++ lib.flatten (lib.attrValues optional-dependencies); 81 82 pythonImportsCheck = [ 83 "google.auth"

+2

pkgs/development/python-modules/pathy/default.nix

··· 48 pythonImportsCheck = [ "pathy" ]; 49 50 meta = with lib; { 51 description = "Path interface for local and cloud bucket storage"; 52 mainProgram = "pathy"; 53 homepage = "https://github.com/justindujardin/pathy";

··· 48 pythonImportsCheck = [ "pathy" ]; 49 50 meta = with lib; { 51 + # https://github.com/justindujardin/pathy/issues/113 52 + broken = pathlib-abc.version != "0.1.1"; 53 description = "Path interface for local and cloud bucket storage"; 54 mainProgram = "pathy"; 55 homepage = "https://github.com/justindujardin/pathy";

+2 -2

pkgs/development/python-modules/types-pytz/default.nix

··· 7 8 buildPythonPackage rec { 9 pname = "types-pytz"; 10 - version = "2025.1.0.20250318"; 11 pyproject = true; 12 13 src = fetchPypi { 14 pname = "types_pytz"; 15 inherit version; 16 - hash = "sha256-l+DjUYTG/hTjpQFFEgV/LFe7DGWC1jwc/MSAn4IYBEk="; 17 }; 18 19 build-system = [ setuptools ];

··· 7 8 buildPythonPackage rec { 9 pname = "types-pytz"; 10 + version = "2025.2.0.20250326"; 11 pyproject = true; 12 13 src = fetchPypi { 14 pname = "types_pytz"; 15 inherit version; 16 + hash = "sha256-3toC3iT1JwZvyNahnihKs/OucWpCtK22tA515AjAjTY="; 17 }; 18 19 build-system = [ setuptools ];

+1

pkgs/development/tools/parsing/tree-sitter/grammars/default.nix

··· 26 tree-sitter-elm = lib.importJSON ./tree-sitter-elm.json; 27 tree-sitter-embedded-template = lib.importJSON ./tree-sitter-embedded-template.json; 28 tree-sitter-erlang = lib.importJSON ./tree-sitter-erlang.json; 29 tree-sitter-fennel = lib.importJSON ./tree-sitter-fennel.json; 30 tree-sitter-fish = lib.importJSON ./tree-sitter-fish.json; 31 tree-sitter-fortran = lib.importJSON ./tree-sitter-fortran.json;

··· 26 tree-sitter-elm = lib.importJSON ./tree-sitter-elm.json; 27 tree-sitter-embedded-template = lib.importJSON ./tree-sitter-embedded-template.json; 28 tree-sitter-erlang = lib.importJSON ./tree-sitter-erlang.json; 29 + tree-sitter-factor = lib.importJSON ./tree-sitter-factor.json; 30 tree-sitter-fennel = lib.importJSON ./tree-sitter-fennel.json; 31 tree-sitter-fish = lib.importJSON ./tree-sitter-fish.json; 32 tree-sitter-fortran = lib.importJSON ./tree-sitter-fortran.json;

+12

pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json

···

··· 1 + { 2 + "url": "https://github.com/erochest/tree-sitter-factor", 3 + "rev": "554d8b705df61864eb41a0ecf3741e94eb9f0c54", 4 + "date": "2025-01-11T21:45:26-05:00", 5 + "path": "/nix/store/yvyrq221kqwjq19hw6lf8xzxj6z080d8-tree-sitter-factor", 6 + "sha256": "14yciinyczi7h8dny0cgk5ghlfwjlgz1zqndwrk260n1994k5bb7", 7 + "hash": "sha256-Z60ySUrBAiNm5s3iH/6jkjsKX5mPAW8bgid+5m2MzJM=", 8 + "fetchLFS": false, 9 + "fetchSubmodules": false, 10 + "deepClone": false, 11 + "leaveDotGit": false 12 + }

+4

pkgs/development/tools/parsing/tree-sitter/update.nix

··· 155 orga = "MunifTanjim"; 156 repo = "tree-sitter-lua"; 157 }; 158 "tree-sitter-fennel" = { 159 orga = "travonted"; 160 repo = "tree-sitter-fennel";

··· 155 orga = "MunifTanjim"; 156 repo = "tree-sitter-lua"; 157 }; 158 + "tree-sitter-factor" = { 159 + orga = "erochest"; 160 + repo = "tree-sitter-factor"; 161 + }; 162 "tree-sitter-fennel" = { 163 orga = "travonted"; 164 repo = "tree-sitter-fennel";

+2 -2

pkgs/os-specific/linux/kernel/zen-kernels.nix

··· 23 }; 24 # ./update-zen.py lqx 25 lqx = { 26 - version = "6.13.8"; # lqx 27 suffix = "lqx1"; # lqx 28 - sha256 = "0r61imcqlqndmjxgzjjb2p4g2kfxdndm32qzai2jcg21910c2j2m"; # lqx 29 isLqx = true; 30 }; 31 };

··· 23 }; 24 # ./update-zen.py lqx 25 lqx = { 26 + version = "6.14.0"; # lqx 27 suffix = "lqx1"; # lqx 28 + sha256 = "1py2zg8wr5azr88ixm04v3nvlfihk7iimzc7sdjgz2mb0ji5kxjc"; # lqx 29 isLqx = true; 30 }; 31 };

-2

pkgs/top-level/all-packages.nix

··· 1385 pythonPackages = python3Packages; 1386 }; 1387 1388 - gitlint = python3Packages.callPackage ../applications/version-management/gitlint { }; 1389 - 1390 gitmux = callPackage ../applications/version-management/gitmux { }; 1391 1392 gittyup = libsForQt5.callPackage ../applications/version-management/gittyup { };

··· 1385 pythonPackages = python3Packages; 1386 }; 1387 1388 gitmux = callPackage ../applications/version-management/gitmux { }; 1389 1390 gittyup = libsForQt5.callPackage ../applications/version-management/gittyup { };