Merge master into staging-next

This commit is contained in:
github-actions[bot] 2021-09-22 18:01:01 +00:00 committed by GitHub
commit 09a7436fcc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 381 additions and 124 deletions

View File

@ -84,7 +84,7 @@ in {
type = types.package;
default = pkgs.krb5Full;
defaultText = "pkgs.krb5Full";
example = literalExample "pkgs.heimdalFull";
example = literalExample "pkgs.heimdal";
description = ''
The Kerberos implementation that will be present in
<literal>environment.systemPackages</literal> after enabling this

View File

@ -141,8 +141,15 @@ in
// mkService cfg.atopgpu.enable "atopgpu" [ atop ];
timers = mkTimer cfg.atopRotateTimer.enable "atop-rotate" [ atop ];
};
security.wrappers =
lib.mkIf cfg.setuidWrapper.enable { atop = { source = "${atop}/bin/atop"; }; };
security.wrappers = lib.mkIf cfg.setuidWrapper.enable {
atop =
{ setuid = true;
owner = "root";
group = "root";
source = "${atop}/bin/atop";
};
};
}
);
}

View File

@ -30,7 +30,7 @@ in
###### implementation
config = mkIf cfg.enable {
environment.variables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ];
environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ];
environment.variables.GTK3_MODULES = [ "${pkgs.plotinus}/lib/libplotinus.so" ];
};
}

View File

@ -5,28 +5,33 @@ with lib;
let
cfg = config.services.kubernetes;
defaultContainerdConfigFile = pkgs.writeText "containerd.toml" ''
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = 0
defaultContainerdSettings = {
version = 2;
root = "/var/lib/containerd";
state = "/run/containerd";
oom_score = 0;
[grpc]
address = "/run/containerd/containerd.sock"
grpc = {
address = "/run/containerd/containerd.sock";
};
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "pause:latest"
plugins."io.containerd.grpc.v1.cri" = {
sandbox_image = "pause:latest";
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
max_conf_num = 0
cni = {
bin_dir = "/opt/cni/bin";
max_conf_num = 0;
};
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
containerd.runtimes.runc = {
runtime_type = "io.containerd.runc.v2";
};
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes."io.containerd.runc.v2".options]
SystemdCgroup = true
'';
containerd.runtimes."io.containerd.runc.v2".options = {
SystemdCgroup = true;
};
};
};
mkKubeConfig = name: conf: pkgs.writeText "${name}-kubeconfig" (builtins.toJSON {
apiVersion = "v1";
@ -248,7 +253,7 @@ in {
(mkIf cfg.kubelet.enable {
virtualisation.containerd = {
enable = mkDefault true;
configFile = mkDefault defaultContainerdConfigFile;
settings = mkDefault defaultContainerdSettings;
};
})

View File

@ -217,6 +217,7 @@ in {
home = "${dataDir}";
createHome = true;
isSystemUser = true;
group = "dnscrypt-wrapper";
};
users.groups.dnscrypt-wrapper = { };

View File

@ -164,7 +164,7 @@ in {
path = [ pkgs.iptables ];
preStart = optionalString (cfg.storageBackend == "etcd") ''
echo "setting network configuration"
until ${pkgs.etcdctl}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}'
until ${pkgs.etcd}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}'
do
echo "setting network configuration, retry"
sleep 1

View File

@ -8,7 +8,7 @@ let
in
{
meta.maintainers = with maintainers; [ filalex77 ];
meta.maintainers = with maintainers; [ Br1ght0ne ];
###### interface

View File

@ -27,7 +27,7 @@ in
{
# No documentation about correct triggers, so guessing at them.
config = mkIf (cfg.enable && kerberos == pkgs.heimdalFull) {
config = mkIf (cfg.enable && kerberos == pkgs.heimdal) {
systemd.services.kadmind = {
description = "Kerberos Administration Daemon";
wantedBy = [ "multi-user.target" ];

View File

@ -223,7 +223,6 @@ in
krb5 = discoverTests (import ./krb5 {});
ksm = handleTest ./ksm.nix {};
kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {};
latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; };
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
leaps = handleTest ./leaps.nix {};
libreddit = handleTest ./libreddit.nix {};

View File

@ -105,8 +105,6 @@ let assertions = rec {
};
in
{
name = "atop";
justThePackage = makeTest {
name = "atop-justThePackage";
machine = {

View File

@ -9,7 +9,7 @@ let
makeTest {
name = "cntr-${backend}";
meta = { maintainers = with lib.maintainers; [ srk mic92 ]; };
meta = { maintainers = with lib.maintainers; [ sorki mic92 ]; };
nodes = {
${backend} = { pkgs, ... }: {

View File

@ -24,6 +24,11 @@ let
ln -s vda1 /dev/xvda1
'';
# In a NixOS test the serial console is occupied by the "backdoor"
# (see testing/test-instrumentation.nix) and is incompatible with
# the configuration in virtualisation/amazon-image.nix.
systemd.services."serial-getty@ttyS0".enable = mkForce false;
# Needed by nixos-rebuild due to the lack of network
# access. Determined by trial and error.
system.extraDependencies = with pkgs; ( [

View File

@ -11,8 +11,8 @@ import ./make-test-python.nix ({ pkgs, ...} :
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.desktopManager.enlightenment.enable = true;
services.xserver.displayManager.lightdm = {
enable = true;
services.xserver.displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "alice";

View File

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "hardened";
meta = with pkgs.lib.maintainers; {
maintainers = [ joachifm ];
@ -10,8 +10,6 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
boot.kernelPackages =
lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened;
environment.memoryAllocator.provider = "graphene-hardened";
nix.useSandbox = false;
virtualisation.emptyDiskImages = [ 4096 ];

View File

@ -9,7 +9,7 @@ import ../make-test-python.nix ({pkgs, ...}: {
};
krb5 = {
enable = true;
kerberos = pkgs.heimdalFull;
kerberos = pkgs.heimdal;
libdefaults = {
default_realm = "FOO.BAR";
};

View File

@ -10,7 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
'';
in {
name = "meilisearch";
meta.maintainers = with lib.maintainers; [ filalex77 ];
meta.maintainers = with lib.maintainers; [ Br1ght0ne ];
machine = { ... }: {
environment.systemPackages = with pkgs; [ curl jq ];

View File

@ -28,7 +28,10 @@ in {
machine = { pkgs, ... }: {
services.minio = {
enable = true;
inherit accessKey secretKey;
rootCredentialsFile = pkgs.writeText "minio-credentials" ''
MINIO_ROOT_USER=${accessKey}
MINIO_ROOT_PASSWORD=${secretKey}
'';
};
environment.systemPackages = [ pkgs.minio-client ];

View File

@ -14,7 +14,7 @@ in
{
environment.systemPackages = [
pkgs.curl
(pkgs.mpv-with-scripts.override {
(pkgs.wrapMpv pkgs.mpv-unwrapped {
scripts = [ pkgs.mpvScripts.simple-mpv-webui ];
})
];

View File

@ -4,6 +4,16 @@ let
mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; };
mysqlenv-mariabackup = pkgs.buildEnv { name = "mysql-path-env-mariabackup"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ gzip iproute2 netcat procps pv socat ]; };
# Common user configuration
users = { ... }:
{
users.users.testuser = {
isSystemUser = true;
group = "testusers";
};
users.groups.testusers = { };
};
in {
name = "mariadb-galera-mariabackup";
meta = with pkgs.lib.maintainers; {
@ -17,6 +27,7 @@ in {
galera_01 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -31,7 +42,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-mariabackup ];
};
@ -75,6 +85,7 @@ in {
galera_02 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -89,7 +100,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-mariabackup ];
};
@ -122,6 +132,7 @@ in {
galera_03 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -136,7 +147,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-mariabackup ];
};

View File

@ -4,6 +4,16 @@ let
mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; };
mysqlenv-rsync = pkgs.buildEnv { name = "mysql-path-env-rsync"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ lsof procps rsync stunnel ]; };
# Common user configuration
users = { ... }:
{
users.users.testuser = {
isSystemUser = true;
group = "testusers";
};
users.groups.testusers = { };
};
in {
name = "mariadb-galera-rsync";
meta = with pkgs.lib.maintainers; {
@ -17,6 +27,7 @@ in {
galera_04 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -31,7 +42,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-rsync ];
};
@ -70,6 +80,7 @@ in {
galera_05 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -84,7 +95,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-rsync ];
};
@ -116,6 +126,7 @@ in {
galera_06 =
{ pkgs, ... }:
{
imports = [ users ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
@ -130,7 +141,6 @@ in {
firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ];
firewall.allowedUDPPorts = [ 4567 ];
};
users.users.testuser = { isSystemUser = true; };
systemd.services.mysql = with pkgs; {
path = [ mysqlenv-common mysqlenv-rsync ];
};

View File

@ -1,4 +1,26 @@
import ./../make-test-python.nix ({ pkgs, ...} : {
import ./../make-test-python.nix ({ pkgs, ...}:
let
# Setup common users
users = { ... }:
{
users.groups.testusers = { };
users.users.testuser = {
isSystemUser = true;
group = "testusers";
};
users.users.testuser2 = {
isSystemUser = true;
group = "testusers";
};
};
in
{
name = "mysql";
meta = with pkgs.lib.maintainers; {
maintainers = [ eelco shlevy ];
@ -9,8 +31,8 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
{ pkgs, ... }:
{
users.users.testuser = { isSystemUser = true; };
users.users.testuser2 = { isSystemUser = true; };
imports = [ users ];
services.mysql.enable = true;
services.mysql.initialDatabases = [
{ name = "testdb3"; schema = ./testdb.sql; }
@ -40,12 +62,12 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
{ pkgs, ... }:
{
imports = [ users ];
# prevent oom:
# Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled
virtualisation.memorySize = 1024;
users.users.testuser = { isSystemUser = true; };
users.users.testuser2 = { isSystemUser = true; };
services.mysql.enable = true;
services.mysql.initialDatabases = [
{ name = "testdb3"; schema = ./testdb.sql; }
@ -75,8 +97,8 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
{ pkgs, ... }:
{
users.users.testuser = { isSystemUser = true; };
users.users.testuser2 = { isSystemUser = true; };
imports = [ users ];
services.mysql.enable = true;
services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" ''
ALTER USER root@localhost IDENTIFIED WITH unix_socket;

View File

@ -1,6 +1,6 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "postfixadmin";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ globin ];
};

View File

@ -555,7 +555,11 @@ let
WorkingDirectory = "/var/spool/mail";
};
};
users.users.mailexporter.isSystemUser = true;
users.users.mailexporter = {
isSystemUser = true;
group = "mailexporter";
};
users.groups.mailexporter = {};
};
exporterTest = ''
wait_for_unit("postfix.service")

View File

@ -42,6 +42,8 @@ import ./make-test-python.nix ({pkgs, ...}: {
# DO NOT COPY THIS TO PRODUCTION AS IS. Think about it at least twice.
# Everyone on the "isp" machine will be able to add routes to the kernel.
security.wrappers.add-dhcpd-lease = {
owner = "root";
group = "root";
source = pkgs.writeShellScript "add-dhcpd-lease" ''
exec ${pkgs.iproute2}/bin/ip -6 route replace "$1" via "$2"
'';

View File

@ -6,7 +6,7 @@
with import ../lib/testing-python.nix { inherit system pkgs; };
makeTest {
name = "tigervnc";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ lheckemann ];
};

View File

@ -14,7 +14,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
port = 18332;
};
};
services.bitcoind = {
services.bitcoind."testnet" = {
enable = true;
testnet = true;
rpc.users = {

View File

@ -2,24 +2,30 @@
, rustPlatform
, fetchFromGitHub
, llvmPackages
, rocksdb
}:
rustPlatform.buildRustPackage rec {
pname = "electrs";
version = "0.8.11";
version = "0.8.12";
src = fetchFromGitHub {
owner = "romanz";
repo = pname;
rev = "v${version}";
sha256 = "024sdyvrx7s4inldamq4c8lv0iijjyd18j1mm9x6xf2clmvicaa6";
sha256 = "0kd5zki9f1pnwscnvd921dw0lc45nfkwk23l33nzdjn005lmsw7v";
};
cargoSha256 = "1l8dwjwj21crxampzj5c0k98xnisgy3d9c3dkgf5vaybrcp04k85";
# needed for librocksdb-sys
nativeBuildInputs = [ llvmPackages.clang ];
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
cargoSha256 = "0yl50ryxidbs9wkabz919mgbmsgsqjp1bjw792l1lkgncq8z9r5b";
# link rocksdb dynamically
ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
ROCKSDB_LIB_DIR = "${rocksdb}/lib";
cargoBuildFlags = "--no-default-features";
meta = with lib; {
description = "An efficient re-implementation of Electrum Server in Rust";

View File

@ -2,12 +2,12 @@
let
pname = "ledger-live-desktop";
version = "2.32.2";
version = "2.33.1";
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage";
sha256 = "14agkl6xf0f9s5qldla6p6kzl8zlx61q5m8qy63lq215hrzh9d50";
sha256 = "1k1h37fbpsib9h8867m2dsfacdjs78gdm61gvrin5gpw1zj10syz";
};
appimageContents = appimageTools.extractType2 {

View File

@ -14,13 +14,13 @@ let
]);
in stdenv.mkDerivation rec {
pname = "wike";
version = "1.5.6";
version = "1.5.7";
src = fetchFromGitHub {
owner = "hugolabe";
repo = "Wike";
rev = version;
sha256 = "1qnxzxqjj0sn522k15plskwa7nlhhbcipfc3w17fbq3k2zhpr1yy";
sha256 = "sha256-SB+ApuSovqQCaZYPhH+duf+c07JDSSCRz8hTVhEa4gY=";
};
nativeBuildInputs = [

View File

@ -2,13 +2,13 @@
mkYarnPackage rec {
pname = "vieb";
version = "6.0.0";
version = "6.1.0";
src = fetchFromGitHub {
owner = "Jelmerro";
repo = pname;
rev = version;
sha256 = "sha256-3mX6z/CRUQdyQxYK50yqCZIrhPgitsyus4oLkbPqNvM=";
sha256 = "sha256-MJJeHnwfXouBygRT/wFWFMRHxQVf/3k2c7vp/tkD5co=";
};
packageJSON = ./package.json;

View File

@ -45,10 +45,16 @@ with lib;
let
k3sVersion = "1.21.4+k3s1"; # k3s git tag
k3sCommit = "3e250fdbab72d88f7e6aae57446023a0567ffc97"; # k3s git commit at the above version
k3sRepoSha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9";
traefikChartVersion = "9.18.2"; # taken from ./scripts/download at TRAEFIK_VERSION
traefikChartSha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI=";
k3sRootVersion = "0.9.1"; # taken from ./scripts/download at ROOT_VERSION
k3sRootSha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ=";
k3sCNIVersion = "0.8.6-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS
k3sCNISha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4=";
baseMeta = {
description = "A lightweight Kubernetes distribution";
@ -61,7 +67,7 @@ let
# bundled into the k3s binary
traefikChart = fetchurl {
url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz";
sha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI=";
sha256 = traefikChartSha256;
};
# so, k3s is a complicated thing to package
# This derivation attempts to avoid including any random binaries from the
@ -75,7 +81,7 @@ let
k3sRoot = fetchzip {
# Note: marked as apache 2.0 license
url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar";
sha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ=";
sha256 = k3sRootSha256;
stripRoot = false;
};
k3sPlugins = buildGoPackage rec {
@ -89,7 +95,7 @@ let
owner = "rancher";
repo = "plugins";
rev = "v${version}";
sha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4=";
sha256 = k3sCNISha256;
};
meta = baseMeta // {
@ -101,7 +107,7 @@ let
k3sRepo = fetchgit {
url = "https://github.com/k3s-io/k3s";
rev = "v${k3sVersion}";
sha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9";
sha256 = k3sRepoSha256;
};
# Stage 1 of the k3s build:
# Let's talk about how k3s is structured.
@ -280,5 +286,7 @@ stdenv.mkDerivation rec {
$out/bin/k3s --version | grep v${k3sVersion} > /dev/null
'';
passthru.updateScript = ./update.sh;
meta = baseMeta;
}

View File

@ -0,0 +1,62 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnugrep gnused jq
set -eu -o pipefail
WORKDIR=$(mktemp -d)
trap "rm -rf ${WORKDIR}" EXIT
cd $(dirname "${BASH_SOURCE[0]}")
LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json
curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \
https://api.github.com/repos/k3s-io/k3s/releases/latest > ${LATEST_TAG_RAWFILE}
LATEST_TAG_NAME=$(jq -r '.tag_name' ${LATEST_TAG_RAWFILE})
K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//')
LATEST_TAG_TARBALL_URL=$(jq -r '.tarball_url' ${LATEST_TAG_RAWFILE})
K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \
https://api.github.com/repos/k3s-io/k3s/tags \
| jq -r "map(select(.name == \"${LATEST_TAG_NAME}\")) | .[0] | .commit.sha")
K3S_REPO_SHA256=$(nix-prefetch-url --quiet --unpack ${LATEST_TAG_TARBALL_URL})
FILE_SCRIPTS_DOWNLOAD=${WORKDIR}/scripts-download
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/download > $FILE_SCRIPTS_DOWNLOAD
FILE_SCRIPTS_VERSION=${WORKDIR}/scripts-version.sh
curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/version.sh > $FILE_SCRIPTS_VERSION
TRAEFIK_CHART_VERSION=$(grep TRAEFIK_VERSION= $FILE_SCRIPTS_DOWNLOAD \
| cut -d'=' -f2 | cut -d' ' -f1)
TRAEFIK_CHART_SHA256=$(nix-prefetch-url --quiet "https://helm.traefik.io/traefik/traefik-${TRAEFIK_CHART_VERSION}.tgz")
K3S_ROOT_VERSION=$(grep ROOT_VERSION= $FILE_SCRIPTS_DOWNLOAD \
| cut -d'=' -f2 | cut -d' ' -f1 | sed 's/^v//')
K3S_ROOT_SHA256=$(nix-prefetch-url --quiet --unpack \
"https://github.com/k3s-io/k3s-root/releases/download/v${K3S_ROOT_VERSION}/k3s-root-amd64.tar")
CNIPLUGINS_VERSION=$(grep VERSION_CNIPLUGINS= $FILE_SCRIPTS_VERSION \
| cut -d'=' -f2 | cut -d' ' -f1 | sed -e 's/"//g' -e 's/^v//')
CNIPLUGINS_SHA256=$(nix-prefetch-url --quiet --unpack \
"https://github.com/rancher/plugins/archive/refs/tags/v${CNIPLUGINS_VERSION}.tar.gz")
setKV () {
sed -i "s/$1 = \".*\"/$1 = \"$2\"/" ./default.nix
}
setKV k3sVersion ${K3S_VERSION}
setKV k3sCommit ${K3S_COMMIT}
setKV k3sRepoSha256 ${K3S_REPO_SHA256}
setKV traefikChartVersion ${TRAEFIK_CHART_VERSION}
setKV traefikChartSha256 ${TRAEFIK_CHART_SHA256}
setKV k3sRootVersion ${K3S_ROOT_VERSION}
setKV k3sRootSha256 ${K3S_ROOT_SHA256}
setKV k3sCNIVersion ${CNIPLUGINS_VERSION}
setKV k3sCNISha256 ${CNIPLUGINS_SHA256}

View File

@ -5,11 +5,11 @@ let
in
stdenv.mkDerivation rec {
pname = "super-productivity";
version = "7.2.1";
version = "7.5.1";
src = fetchurl {
url = "https://github.com/johannesjo/super-productivity/releases/download/v${version}/superProductivity-${version}.AppImage";
sha256 = "93eeb56fe923c48a9384cde0633e98a9d9dc5c0869fce63b9724ff74bb400049";
sha256 = "sha256-ezJN/t0iNk0haMLPioEQSNXU4ugVeJe44GNVGd+cOF4=";
name = "${pname}-${version}.AppImage";
};

View File

@ -1,6 +1,6 @@
{ lib, buildPythonApplication, fetchPypi
, installShellFiles, pbr
, flake8, mock, pycodestyle, pylint, tox
, flake8, mock, pycodestyle, pylint, stestr, tox
, nix-update-script
, testVersion, git-machete
}:
@ -16,10 +16,7 @@ buildPythonApplication rec {
nativeBuildInputs = [ installShellFiles pbr ];
# TODO: Add missing check inputs (2019-11-22):
# - stestr
doCheck = false;
checkInputs = [ flake8 mock pycodestyle pylint tox ];
checkInputs = [ flake8 mock pycodestyle pylint stestr tox ];
postInstall = ''
installShellCompletion --bash --name git-machete completion/git-machete.completion.bash
@ -43,6 +40,6 @@ buildPythonApplication rec {
description = "Git repository organizer and rebase/merge workflow automation tool";
license = licenses.mit;
platforms = platforms.all;
maintainers = [ maintainers.blitz ];
maintainers = with maintainers; [ blitz ];
};
}

View File

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "symengine";
version = "0.7.0";
version = "0.8.1";
src = fetchFromGitHub {
owner = "symengine";
repo = "symengine";
rev = "v${version}";
sha256 = "sha256-aoitTT9fwTIs3ovfqQjKGgrU+kT5mj+vDHt5lg49JHU=";
sha256 = "sha256-HTDOSgdWo9MWmKeXOkOHAJjgvihUAkSXoYTeMz9XXLI=";
};
nativeBuildInputs = [ cmake ];

View File

@ -68,6 +68,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Enhancements for standard library's cmd module";
homepage = "https://github.com/python-cmd2/cmd2";
license = with licenses; [ mit ];
maintainers = with maintainers; [ teto ];
};
}

View File

@ -0,0 +1,42 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchFromGitHub
, python
}:
buildPythonPackage rec {
pname = "maxcube-api";
version = "0.4.3";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "hackercowboy";
repo = "python-${pname}";
rev = "V${version}";
sha256 = "10k61gfpnqljf3p3qxr97xq7j67a9cr4ivd9v72hdni0znrbx6ym";
};
postPatch = ''
substituteInPlace setup.py --replace "license=license" "license='MIT'"
'';
pythonImportsCheck = [
"maxcube"
"maxcube.cube"
];
checkPhase = ''
runHook preCheck
${python.interpreter} -m unittest discover
runHook postCheck
'';
meta = with lib; {
description = "eQ-3/ELV MAX! Cube Python API";
homepage = "https://github.com/hackercowboy/python-maxcube-api";
license = licenses.mit;
maintainers = with maintainers; [ hexa ];
};
}

View File

@ -0,0 +1,56 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, fetchpatch
, paho-mqtt
, poetry-core
, psutil
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "notus-scanner";
version = "unstable-2021-09-05";
format = "pyproject";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "greenbone";
repo = pname;
rev = "049f9a5e6439e4e5113e3b8f30b25ead12d42a56";
sha256 = "1fjxyn8wg2kf6xy3pbh7d7yn20dk529p03xpqyz7s40n9nsxhnza";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
paho-mqtt
psutil
];
checkInputs = [
pytestCheckHook
];
patches = [
# Switch to poetry-core, https://github.com/greenbone/notus-scanner/pull/31
(fetchpatch {
name = "switch-to-poetry-core.patch";
url = "https://github.com/greenbone/notus-scanner/commit/b52eea317faca30d411096044f9e5ea20b58da65.patch";
sha256 = "0q11aslhva47kkpsnpayra7spa849j894vqv34pjqhcnlyipqw6d";
})
];
pythonImportsCheck = [ "notus.scanner" ];
meta = with lib; {
description = "Helper to create results from local security checks";
homepage = "https://github.com/greenbone/notus-scanner";
license = with licenses; [ agpl3Plus ];
maintainers = with maintainers; [ fab ];
};
}

View File

@ -2,6 +2,9 @@
, buildPythonPackage
, cryptography
, fetchFromGitHub
, gssapi
, krb5
, ruamel-yaml
, pytest-mock
, pytestCheckHook
, pythonOlder
@ -10,18 +13,22 @@
buildPythonPackage rec {
pname = "pyspnego";
version = "0.1.6";
disabled = pythonOlder "3.6";
version = "0.2.0";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "jborean93";
repo = pname;
rev = "v${version}";
sha256 = "0pfh2x0539f0k2qi2pbjm64b2fqp64c63xxpinvg1yfaw915kgpb";
sha256 = "sha256-puv9aq53NbjSuN561XFou404N9pIxvvMjZMgnNx3SjM=";
};
propagatedBuildInputs = [
cryptography
gssapi
krb5
ruamel-yaml
];
checkInputs = [
@ -30,6 +37,11 @@ buildPythonPackage rec {
pytestCheckHook
];
disabledTests = [
# struct.error: unpack requires a buffer of 1 bytes
"test_credssp_invalid_client_authentication"
];
LC_ALL = "en_US.UTF-8";
pythonImportsCheck = [ "spnego" ];

View File

@ -11,18 +11,19 @@
buildPythonPackage rec {
pname = "symengine";
version = "0.7.2";
version = "0.8.1";
src = fetchFromGitHub {
owner = "symengine";
repo = "symengine.py";
rev = "v${version}";
sha256 = "1xaclpvk7m6mbp70zrsvi3blz4v89pbsf7b6rpmx5903m6kxqr4m";
sha256 = "0yyi3w03fk19i32jmns1baq3rpmf7xfykzkivc7dmnxmjmxvq2gr";
};
postConfigure = ''
substituteInPlace setup.py \
--replace "\"cmake\"" "\"${cmake}/bin/cmake\""
--replace "\"cmake\"" "\"${cmake}/bin/cmake\"" \
--replace "'cython>=0.29.24'" "'cython'"
substituteInPlace cmake/FindCython.cmake \
--replace "SET(CYTHON_BIN cython" "SET(CYTHON_BIN ${cython}/bin/cython"

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "protoc-gen-twirp_php";
version = "0.7.1";
version = "0.7.5";
# fetchFromGitHub currently not possible, because go.mod and go.sum are export-ignored
src = fetchgit {
url = "https://github.com/twirphp/twirp.git";
rev = "v${version}";
sha256 = "sha256-94GN/Gq3RXXg83eUsmIcdF4VuK4syCgD0Zkc5eDiVYE=";
sha256 = "sha256-pHGGZaMBggBUu2CZCxWrZ592K5V93vPI2sZnFkqku2k=";
};
vendorSha256 = "sha256-gz4JELCffuh7dyFdBex8/SFZ1/PDXuC/93m3WNHwRss=";
vendorSha256 = "sha256-p7t+2QgPkcTmsK+jKcPCPDCchNup9F326yKc6JbJHOE=";
subPackages = [ "protoc-gen-twirp_php" ];

View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "cargo-watch";
version = "8.0.0";
version = "8.1.0";
src = fetchFromGitHub {
owner = "passcod";
repo = pname;
rev = "v${version}";
sha256 = "sha256-3IgzMUCkcKUkhTb/ZNRONdvB6Ci0OBB1dcjtc65U8xE=";
sha256 = "sha256-Vvr/O0Xk9hmUVUFoOk/MzTlEvR0Spx5n/9lsE2HfkF8=";
};
cargoSha256 = "sha256-Xp/pxPKs41TXO/EUY5x8Bha7NUioMabbb73///fFr6U=";
cargoSha256 = "sha256-kX9CE95Z2nLb6VM19bu+UkOZ/hsjHUo/JMu0Y0xont0=";
buildInputs = lib.optionals stdenv.isDarwin [ CoreServices Foundation libiconv ];

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.14.246";
version = "4.14.247";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "0fpgig84shpas1jc0h4s3aw9brkcq1as84gjbk4bfhc48bpi4mlw";
sha256 = "1kdhlsqpmw68xnfiyx98id8wis6kkxca2d4n7w2ncax0kyzrwyz7";
};
} // (args.argsOverride or {}))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.19.206";
version = "4.19.207";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1h44lvzxd0cngj71bk8qba9dz7jlqj68ir6xjwfafglb81ppgsxp";
sha256 = "1fb658n89xf9asnaqi0bnh64ir2f78bdqyjvfb983qad9wqsadym";
};
} // (args.argsOverride or {}))

View File

@ -1,12 +1,12 @@
{ buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
buildLinux (args // rec {
version = "4.4.283";
version = "4.4.284";
extraMeta.branch = "4.4";
extraMeta.broken = stdenv.isAarch64;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1d9v4h4cbc4i371lhhwpxbmg88gna6xyi2ahfvv0clz60802y982";
sha256 = "00xkd2p181cfkys4nri93xy7snmn8g2481x3qz0js7g9p3kz5bqf";
};
} // (args.argsOverride or {}))

View File

@ -1,12 +1,12 @@
{ buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
buildLinux (args // rec {
version = "4.9.282";
version = "4.9.283";
extraMeta.branch = "4.9";
extraMeta.broken = stdenv.isAarch64;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "059fin4si93ya13xy831w84q496ksxidpd3kyw38918sfy4p6wk7";
sha256 = "0pdh1lyhdp5c5n39wpr622kgchgf30iqk853a2rv9m3s3fry50lm";
};
} // (args.argsOverride or {}))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.10.67";
version = "5.10.68";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "10lap66d84s1cfakbgfsbabgxm42060c4wcvpzxbi4r5g2m40mwc";
sha256 = "08cl4bg9k331apj5fjl3jx6s6l543dnbjc1cfvin951m7l787ahv";
};
} // (args.argsOverride or {}))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.14.6";
version = "5.14.7";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1v6cicakpg0fdp74r2a4h46sj7rzpjdf4cscbr8y67kpd098r12l";
sha256 = "1avypasvic298823xzpzzkjbmfv9s8bjnmq92ri62qbakx23j9dg";
};
} // (args.argsOverride or { }))

View File

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.4.147";
version = "5.4.148";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "07242nlxf4s73ffdir3dsi37cjmm6bw9w7kac0j7x1s1j8sh9h7n";
sha256 = "1cwibh0y112hip5yd0n692rv44jh4sk2g6mj5n44g754k4i366a6";
};
} // (args.argsOverride or {}))

View File

@ -493,7 +493,7 @@
"marytts" = ps: with ps; [ ]; # missing inputs: speak2mary
"mastodon" = ps: with ps; [ mastodon-py ];
"matrix" = ps: with ps; [ matrix-client ];
"maxcube" = ps: with ps; [ ]; # missing inputs: maxcube-api
"maxcube" = ps: with ps; [ maxcube-api ];
"mazda" = ps: with ps; [ pymazda ];
"mcp23017" = ps: with ps; [ ]; # missing inputs: RPi.GPIO adafruit-circuitpython-mcp230xx
"media_extractor" = ps: with ps; [ aiohttp-cors youtube-dl-light ];

View File

@ -486,6 +486,7 @@ in with py.pkgs; buildPythonApplication rec {
"mailbox"
"manual"
"manual_mqtt"
"maxcube"
"mazda"
"media_player"
"media_source"

View File

@ -1,6 +1,7 @@
{ lib, stdenv, fetchurl, lua, pkg-config, nixosTests
, withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl, systemd
, tlsSupport ? true, openssl
# dependency ordering is broken at the moment when building with openssl
, tlsSupport ? !stdenv.hostPlatform.isStatic, openssl
}:
stdenv.mkDerivation rec {

View File

@ -2,18 +2,18 @@
buildGoModule rec {
pname = "dolt";
version = "0.27.4.2";
version = "0.28.4";
src = fetchFromGitHub {
owner = "liquidata-inc";
repo = "dolt";
rev = "v${version}";
sha256 = "sha256-nEIYt9yPDxPbJ/IHH8eQpVSNtC5pYiagCC5TliqX11M=";
sha256 = "sha256-J/4YEiSmoWhs+pnJN21CwNwpujZ1cldLmgwajBB+IRU=";
};
modRoot = "./go";
subPackages = [ "cmd/dolt" "cmd/git-dolt" "cmd/git-dolt-smudge" ];
vendorSha256 = "sha256-XbKaPbPIgUxqJB8kgd3fJIESO9XvNREExdp06Th2bu0=";
vendorSha256 = "sha256-l3jRQ4Z7xku1nMfYfc6nJ3qF6A1maY0tRfZpHCtsujI=";
doCheck = false;

View File

@ -2,15 +2,15 @@
rustPlatform.buildRustPackage rec {
pname = "svgbob";
version = "0.5.4";
version = "0.6.2";
src = fetchCrate {
inherit version;
crateName = "svgbob_cli";
sha256 = "0qq7hkg32bqyw3vz3ibip7yrjg5m2ch9kdnwqrzaqqy9wb8d7154";
sha256 = "sha256-9JASoUN/VzZS8ihepTQL2SXZitxKBMSJEv+13vzQd3w=";
};
cargoSha256 = "0p37qkgh1xpqmkr2p88njwhifpyqfh27qcwmmhwxdqcpzmmmkjhr";
cargoSha256 = "sha256-pkdiow+9gsQ9rrSHwukd17r5CfsaJgYj6KA4wYKbtA0=";
meta = with lib; {
description = "Convert your ascii diagram scribbles into happy little SVG";

View File

@ -2,13 +2,13 @@
rustPlatform.buildRustPackage rec {
pname = "du-dust";
version = "0.6.2";
version = "0.7.5";
src = fetchFromGitHub {
owner = "bootandy";
repo = "dust";
rev = "v${version}";
sha256 = "sha256-5GhoL3by4sXhFJrNZi/UlERBa+s2oqDVVJODY0kdfxI=";
sha256 = "sha256-0r0cDzW18uF7DHvzkUCHHHN+2M21xdi2ffPwDGMtyw8=";
# Remove unicode file names which leads to different checksums on HFS+
# vs. other filesystems because of unicode normalisation.
extraPostFetch = ''
@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
'';
};
cargoSha256 = "sha256-cgH3jrZPGUHiBDeJ9qj80dU+Vbz+wHMOsCaGAvJY6mg=";
cargoSha256 = "sha256-LAow4DVqON5vrYBU8v8wzg/HcHxm1GqS9DMre3y12Jo=";
doCheck = false;

View File

@ -9,13 +9,13 @@ let
in stdenv.mkDerivation rec {
pname = "svtplay-dl";
version = "4.3";
version = "4.5";
src = fetchFromGitHub {
owner = "spaam";
repo = "svtplay-dl";
rev = version;
sha256 = "04gmiqg6mq96fw4v1v6947i216fsf0vcnjp3ya8bbii5na91y1aa";
sha256 = "sha256-TiJWy5WU1VsseodfgfemAsUc5/hDwSlM03ITRYTvJbg=";
};
pythonPaths = [ cryptography pyyaml requests ];

View File

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "kubescape";
version = "1.0.77";
version = "1.0.85";
src = fetchFromGitHub {
owner = "armosec";
repo = pname;
rev = "v${version}";
sha256 = "sha256-g2Mco4NuPVjS4/6KNhtb8864e7RiuzlrdIbM6NLJK7I=";
sha256 = "19r7dgr0y1k9qa4llxbgaf69j88vs9h2gx29bwbh6dq17q58sfdl";
};
vendorSha256 = "sha256-FtglYTCLjQfDKxdnQZnpWm3QjJCiHGsPC/gW88DZu6I=";
vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n";
# One test is failing, disabling for now
doCheck = false;

View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "java-service-wrapper";
version = "3.5.45";
version = "3.5.46";
src = fetchurl {
url = "https://wrapper.tanukisoftware.com/download/${version}/wrapper_${version}_src.tar.gz";
sha256 = "sha256-rnlloa0DicWT1RlP2szDvBINvT5/RZ17GOarUzvX1AI=";
sha256 = "sha256-guHQyFSI0TidAuOr4zWaf3WRGeNW4+Or1sbWdhWuWtg=";
};
buildInputs = [ jdk ];

View File

@ -38,11 +38,11 @@ in
stdenv.mkDerivation rec {
pname = "sile";
version = "0.11.1";
version = "0.12.0";
src = fetchurl {
url = "https://github.com/sile-typesetter/sile/releases/download/v${version}/${pname}-${version}.tar.xz";
sha256 = "06bx94zx6skhizk2bbrid82sldwgxfycvjh6zx1zy1xz8gajgrm3";
sha256 = "1rkdzf4khyvsn5qg455mdhnlacxlqgi9vchy369a66qp5nrs50y9";
};
configureFlags = [

View File

@ -30491,6 +30491,8 @@ with pkgs;
nota = haskellPackages.callPackage ../applications/science/math/nota { };
notus-scanner = with python3Packages; toPythonApplication notus-scanner;
openblas = callPackage ../development/libraries/science/math/openblas { };
# A version of OpenBLAS using 32-bit integers on all platforms for compatibility with

View File

@ -4492,6 +4492,8 @@ in {
mautrix-appservice = self.mautrix; # alias 2019-12-28
maxcube-api = callPackage ../development/python-modules/maxcube-api { };
maxminddb = callPackage ../development/python-modules/maxminddb { };
maya = callPackage ../development/python-modules/maya { };
@ -5004,6 +5006,8 @@ in {
nototools = callPackage ../data/fonts/noto-fonts/tools.nix { };
notus-scanner = callPackage ../development/python-modules/notus-scanner { };
nplusone = callPackage ../development/python-modules/nplusone { };
npyscreen = callPackage ../development/python-modules/npyscreen { };