Merge branch 'staging-next' into staging

This commit is contained in:
Weijia Wang 2024-01-27 04:17:36 +01:00
commit 4354538139
378 changed files with 5842 additions and 3563 deletions

View File

@ -71,6 +71,11 @@ If you **omit a link text** for a link pointing to a section, the text will be s
This syntax is taken from [MyST](https://myst-parser.readthedocs.io/en/latest/using/syntax.html#targets-and-cross-referencing).
#### HTML
Inlining HTML is not allowed. Parts of the documentation gets rendered to various non-HTML formats, such as man pages in the case of NixOS manual.
#### Roles
If you want to link to a man page, you can use `` {manpage}`nix.conf(5)` ``. The references will turn into links when a mapping exists in [`doc/manpage-urls.json`](./manpage-urls.json).
@ -157,6 +162,9 @@ watermelon
In an effort to keep the Nixpkgs manual in a consistent style, please follow the conventions below, unless they prevent you from properly documenting something.
In that case, please open an issue about the particular documentation convention and tag it with a "needs: documentation" label.
When needed, each convention explain why it exists, so you can make a decision whether to follow it or not based on your particular case.
Note that these conventions are about the **structure** of the manual (and its source files), not about the content that goes in it.
You, as the writer of documentation, are still in charge of its content.
- Put each sentence in its own line.
This makes reviews and suggestions much easier, since GitHub's review system is based on lines.
@ -188,26 +196,153 @@ In that case, please open an issue about the particular documentation convention
}
```
- Use [definition lists](#definition-lists) to document function arguments, and the attributes of such arguments. For example:
- When showing inputs/outputs of any [REPL](https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop), such as a shell or the Nix REPL, use a format as you'd see in the REPL, while trying to visually separate inputs from outputs.
This means that for a shell, you should use a format like the following:
```shell
$ nix-build -A hello '<nixpkgs>' \
--option require-sigs false \
--option trusted-substituters file:///tmp/hello-cache \
--option substituters file:///tmp/hello-cache
/nix/store/zhl06z4lrfrkw5rp0hnjjfrgsclzvxpm-hello-2.12.1
```
Note how the input is preceded by `$` on the first line and indented on subsequent lines, and how the output is provided as you'd see on the shell.
For the Nix REPL, you should use a format like the following:
```shell
nix-repl> builtins.attrNames { a = 1; b = 2; }
[ "a" "b" ]
```
Note how the input is preceded by `nix-repl>` and the output is provided as you'd see on the Nix REPL.
- When documenting functions or anything that has inputs/outputs and example usage, use nested headings to clearly separate inputs, outputs, and examples.
Keep examples as the last nested heading, and link to the examples wherever applicable in the documentation.
The purpose of this convention is to provide a familiar structure for navigating the manual, so any reader can expect to find content related to inputs in an "inputs" heading, examples in an "examples" heading, and so on.
An example:
```
## buildImage
Some explanation about the function here.
Describe a particular scenario, and point to [](#ex-dockerTools-buildImage), which is an example demonstrating it.
### Inputs
Documentation for the inputs of `buildImage`.
Perhaps even point to [](#ex-dockerTools-buildImage) again when talking about something specifically linked to it.
### Passthru outputs
Documentation for any passthru outputs of `buildImage`.
### Examples
Note that this is the last nested heading in the `buildImage` section.
:::{.example #ex-dockerTools-buildImage}
# Using `buildImage`
Example of how to use `buildImage` goes here.
:::
```
- Use [definition lists](#definition-lists) to document function arguments, and the attributes of such arguments as well as their [types](https://nixos.org/manual/nix/stable/language/values).
For example:
```markdown
# pkgs.coolFunction
Description of what `coolFunction` does.
## Inputs
`coolFunction` expects a single argument which should be an attribute set, with the following possible attributes:
`name`
`name` (String)
: The name of the resulting image.
`tag` _optional_
`tag` (String; _optional_)
: Tag of the generated image.
_Default value:_ the output path's hash.
_Default:_ the output path's hash.
```
#### Examples
To define a referenceable figure use the following fencing:
```markdown
:::{.example #an-attribute-set-example}
# An attribute set example
You can add text before
```nix
{ a = 1; b = 2;}
```
and after code fencing
:::
```
Defining examples through the `example` fencing class adds them to a "List of Examples" section after the Table of Contents.
Though this is not shown in the rendered documentation on nixos.org.
#### Figures
To define a referencable figure use the following fencing:
```markdown
::: {.figure #nixos-logo}
# NixOS Logo
![NixOS logo](./nixos_logo.png)
:::
```
Defining figures through the `figure` fencing class adds them to a `List of Figures` after the `Table of Contents`.
Though this is not shown in the rendered documentation on nixos.org.
#### Footnotes
To add a foonote explanation, use the following syntax:
```markdown
Sometimes it's better to add context [^context] in a footnote.
[^context]: This explanation will be rendered at the end of the chapter.
```
#### Inline comments
Inline comments are supported with following syntax:
```markdown
<!-- This is an inline comment -->
```
The comments will not be rendered in the rendered HTML.
#### Link reference definitions
Links can reference a label, for example, to make the link target reusable:
```markdown
::: {.note}
Reference links can also be used to [shorten URLs][url-id] and keep the markdown readable.
:::
[url-id]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/doc/README.md
```
This syntax is taken from [CommonMark](https://spec.commonmark.org/0.30/#link-reference-definitions).
#### Typographic replacements
Typographic replacements are enabled. Check the [list of possible replacement patterns check](https://github.com/executablebooks/markdown-it-py/blob/3613e8016ecafe21709471ee0032a90a4157c2d1/markdown_it/rules_core/replacements.py#L1-L15).
## Getting help
If you need documentation-specific help or reviews, ping [@NixOS/documentation-reviewers](https://github.com/orgs/nixos/teams/documentation-reviewers) on your pull request.

View File

@ -676,6 +676,7 @@ If our package sets `includeStorePaths` to `false`, we'll end up with only the f
dockerTools.streamLayeredImage {
name = "hello";
contents = [ hello ];
includeStorePaths = false;
}
```
@ -714,56 +715,168 @@ dockerTools.streamLayeredImage {
```
:::
## pullImage {#ssec-pkgs-dockerTools-fetchFromRegistry}
[]{#ssec-pkgs-dockerTools-fetchFromRegistry}
## pullImage {#ssec-pkgs-dockerTools-pullImage}
This function is analogous to the `docker pull` command, in that it can be used to pull a Docker image from a Docker registry. By default [Docker Hub](https://hub.docker.com/) is used to pull images.
This function is similar to the `docker pull` command, which means it can be used to pull a Docker image from a registry that implements the [Docker Registry HTTP API V2](https://distribution.github.io/distribution/spec/api/).
By default, the `docker.io` registry is used.
Its parameters are described in the example below:
The image will be downloaded as an uncompressed Docker-compatible repository tarball, which is suitable for use with other `dockerTools` functions such as [`buildImage`](#ssec-pkgs-dockerTools-buildImage), [`buildLayeredImage`](#ssec-pkgs-dockerTools-buildLayeredImage), and [`streamLayeredImage`](#ssec-pkgs-dockerTools-streamLayeredImage).
This function requires two different types of hashes/digests to be specified:
- One of them is used to identify a unique image within the registry (see the documentation for the `imageDigest` attribute).
- The other is used by Nix to ensure the contents of the output haven't changed (see the documentation for the `sha256` attribute).
Both hashes are required because they must uniquely identify some content in two completely different systems (the Docker registry and the Nix store), but their values will not be the same.
See [](#ex-dockerTools-pullImage-nixprefetchdocker) for a tool that can help gather these values.
### Inputs {#ssec-pkgs-dockerTools-pullImage-inputs}
`pullImage` expects a single argument with the following attributes:
`imageName` (String)
: Specifies the name of the image to be downloaded, as well as the registry endpoint.
By default, the `docker.io` registry is used.
To specify a different registry, prepend the endpoint to `imageName`, separated by a slash (`/`).
See [](#ex-dockerTools-pullImage-differentregistry) for how to do that.
`imageDigest` (String)
: Specifies the digest of the image to be downloaded.
:::{.tip}
**Why can't I specify a tag to pull from, and have to use a digest instead?**
Tags are often updated to point to different image contents.
The most common example is the `latest` tag, which is usually updated whenever a newer image version is available.
An image tag isn't enough to guarantee the contents of an image won't change, but a digest guarantees this.
Providing a digest helps ensure that you will still be able to build the same Nix code and get the same output even if newer versions of an image are released.
:::
`sha256` (String)
: The hash of the image after it is downloaded.
Internally, this is passed to the [`outputHash`](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-outputHash) attribute of the resulting derivation.
This is needed to provide a guarantee to Nix that the contents of the image haven't changed, because Nix doesn't support the value in `imageDigest`.
`finalImageName` (String; _optional_)
: Specifies the name that will be used for the image after it has been downloaded.
This only applies after the image is downloaded, and is not used to identify the image to be downloaded in the registry.
Use `imageName` for that instead.
_Default value:_ the same value specified in `imageName`.
`finalImageTag` (String; _optional_)
: Specifies the tag that will be used for the image after it has been downloaded.
This only applies after the image is downloaded, and is not used to identify the image to be downloaded in the registry.
_Default value:_ `"latest"`.
`os` (String; _optional_)
: Specifies the operating system of the image to pull.
If specified, its value should follow the [OCI Image Configuration Specification](https://github.com/opencontainers/image-spec/blob/main/config.md#properties), which should still be compatible with Docker.
According to the linked specification, all possible values for `$GOOS` in [the Go docs](https://go.dev/doc/install/source#environment) should be valid, but will commonly be one of `darwin` or `linux`.
_Default value:_ `"linux"`.
`arch` (String; _optional_)
: Specifies the architecture of the image to pull.
If specified, its value should follow the [OCI Image Configuration Specification](https://github.com/opencontainers/image-spec/blob/main/config.md#properties), which should still be compatible with Docker.
According to the linked specification, all possible values for `$GOARCH` in [the Go docs](https://go.dev/doc/install/source#environment) should be valid, but will commonly be one of `386`, `amd64`, `arm`, or `arm64`.
_Default value:_ the same value from `pkgs.go.GOARCH`.
`tlsVerify` (Boolean; _optional_)
: Used to enable or disable HTTPS and TLS certificate verification when communicating with the chosen Docker registry.
Setting this to `false` will make `pullImage` connect to the registry through HTTP.
_Default value:_ `true`.
`name` (String; _optional_)
: The name used for the output in the Nix store path.
_Default value:_ a value derived from `finalImageName` and `finalImageTag`, with some symbols replaced.
It is recommended to treat the default as an opaque value.
### Examples {#ssec-pkgs-dockerTools-pullImage-examples}
::: {.example #ex-dockerTools-pullImage-niximage}
# Pulling the nixos/nix Docker image from the default registry
This example pulls the [`nixos/nix` image](https://hub.docker.com/r/nixos/nix) and saves it in the Nix store.
```nix
pullImage {
{ dockerTools }:
dockerTools.pullImage {
imageName = "nixos/nix";
imageDigest =
"sha256:473a2b527958665554806aea24d0131bacec46d23af09fef4598eeab331850fa";
imageDigest = "sha256:b8ea88f763f33dfda2317b55eeda3b1a4006692ee29e60ee54ccf6d07348c598";
finalImageName = "nix";
finalImageTag = "2.11.1";
sha256 = "sha256-qvhj+Hlmviz+KEBVmsyPIzTB3QlVAFzwAY1zDPIBGxc=";
os = "linux";
arch = "x86_64";
finalImageTag = "2.19.3";
sha256 = "zRwlQs1FiKrvHPaf8vWOR/Tlp1C5eLn1d9pE4BZg3oA=";
}
```
:::
::: {.example #ex-dockerTools-pullImage-differentregistry}
# Pulling the nixos/nix Docker image from a specific registry
This example pulls the [`coreos/etcd` image](https://quay.io/repository/coreos/etcd) from the `quay.io` registry.
```nix
{ dockerTools }:
dockerTools.pullImage {
imageName = "quay.io/coreos/etcd";
imageDigest = "sha256:24a23053f29266fb2731ebea27f915bb0fb2ae1ea87d42d890fe4e44f2e27c5d";
finalImageName = "etcd";
finalImageTag = "v3.5.11";
sha256 = "Myw+85f2/EVRyMB3axECdmQ5eh9p1q77FWYKy8YpRWU=";
}
```
:::
::: {.example #ex-dockerTools-pullImage-nixprefetchdocker}
# Finding the digest and hash values to use for `dockerTools.pullImage`
Since [`dockerTools.pullImage`](#ssec-pkgs-dockerTools-pullImage) requires two different hashes, one can run the `nix-prefetch-docker` tool to find out the values for the hashes.
The tool outputs some text for an attribute set which you can pass directly to `pullImage`.
```shell
$ nix run nixpkgs#nix-prefetch-docker -- --image-name nixos/nix --image-tag 2.19.3 --arch amd64 --os linux
(some output removed for clarity)
Writing manifest to image destination
-> ImageName: nixos/nix
-> ImageDigest: sha256:498fa2d7f2b5cb3891a4edf20f3a8f8496e70865099ba72540494cd3e2942634
-> FinalImageName: nixos/nix
-> FinalImageTag: latest
-> ImagePath: /nix/store/4mxy9mn6978zkvlc670g5703nijsqc95-docker-image-nixos-nix-latest.tar
-> ImageHash: 1q6cf2pdrasa34zz0jw7pbs6lvv52rq2aibgxccbwcagwkg2qj1q
{
imageName = "nixos/nix";
imageDigest = "sha256:498fa2d7f2b5cb3891a4edf20f3a8f8496e70865099ba72540494cd3e2942634";
sha256 = "1q6cf2pdrasa34zz0jw7pbs6lvv52rq2aibgxccbwcagwkg2qj1q";
finalImageName = "nixos/nix";
finalImageTag = "latest";
}
```
- `imageName` specifies the name of the image to be downloaded, which can also include the registry namespace (e.g. `nixos`). This argument is required.
It is important to supply the `--arch` and `--os` arguments to `nix-prefetch-docker` to filter to a single image, in case there are multiple architectures and/or operating systems supported by the image name and tags specified.
By default, `nix-prefetch-docker` will set `os` to `linux` and `arch` to `amd64`.
- `imageDigest` specifies the digest of the image to be downloaded. This argument is required.
- `finalImageName`, if specified, this is the name of the image to be created. Note it is never used to fetch the image since we prefer to rely on the immutable digest ID. By default it's equal to `imageName`.
- `finalImageTag`, if specified, this is the tag of the image to be created. Note it is never used to fetch the image since we prefer to rely on the immutable digest ID. By default it's `latest`.
- `sha256` is the checksum of the whole fetched image. This argument is required.
- `os`, if specified, is the operating system of the fetched image. By default it's `linux`.
- `arch`, if specified, is the cpu architecture of the fetched image. By default it's `x86_64`.
`nix-prefetch-docker` command can be used to get required image parameters:
```ShellSession
$ nix run nixpkgs#nix-prefetch-docker -- --image-name mysql --image-tag 5
```
Since a given `imageName` may transparently refer to a manifest list of images which support multiple architectures and/or operating systems, you can supply the `--os` and `--arch` arguments to specify exactly which image you want. By default it will match the OS and architecture of the host the command is run on.
```ShellSession
$ nix-prefetch-docker --image-name mysql --image-tag 5 --arch x86_64 --os linux
```
Desired image name and tag can be set using `--final-image-name` and `--final-image-tag` arguments:
```ShellSession
$ nix-prefetch-docker --image-name mysql --image-tag 5 --final-image-name eu.gcr.io/my-project/mysql --final-image-tag prod
Run `nix-prefetch-docker --help` for a list of all supported arguments:
```shell
$ nix run nixpkgs#nix-prefetch-docker -- --help
(output removed for clarity)
```
:::
## exportImage {#ssec-pkgs-dockerTools-exportImage}
@ -845,6 +958,18 @@ buildImage {
Creating base files like `/etc/passwd` or `/etc/login.defs` is necessary for shadow-utils to manipulate users and groups.
When using `buildLayeredImage`, you can put this in `fakeRootCommands` if you `enableFakechroot`:
```nix
buildLayeredImage {
name = "shadow-layered";
fakeRootCommands = ''
${pkgs.dockerTools.shadowSetup}
'';
enableFakechroot = true;
}
```
## fakeNss {#ssec-pkgs-dockerTools-fakeNss}
If your primary goal is providing a basic skeleton for user lookups to work,

View File

@ -144,7 +144,7 @@ in buildDotnetModule rec {
projectReferences = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
dotnet-sdk = dotnetCorePackages.sdk_6.0;
dotnet-sdk = dotnetCorePackages.sdk_6_0;
dotnet-runtime = dotnetCorePackages.runtime_6_0;
executables = [ "foo" ]; # This wraps "$out/lib/$pname/foo" to `$out/bin/foo`.

View File

@ -70,39 +70,42 @@ compilers like this:
```console
$ nix-env -f '<nixpkgs>' -qaP -A haskell.compiler
haskell.compiler.ghc810 ghc-8.10.7
haskell.compiler.ghc88 ghc-8.8.4
haskell.compiler.ghc90 ghc-9.0.2
haskell.compiler.ghc924 ghc-9.2.4
haskell.compiler.ghc925 ghc-9.2.5
haskell.compiler.ghc926 ghc-9.2.6
haskell.compiler.ghc92 ghc-9.2.7
haskell.compiler.ghc942 ghc-9.4.2
haskell.compiler.ghc943 ghc-9.4.3
haskell.compiler.ghc94 ghc-9.4.4
haskell.compiler.ghcHEAD ghc-9.7.20221224
haskell.compiler.ghc8102Binary ghc-binary-8.10.2
haskell.compiler.ghc8102BinaryMinimal ghc-binary-8.10.2
haskell.compiler.ghc8107BinaryMinimal ghc-binary-8.10.7
haskell.compiler.ghc927 ghc-9.2.7
haskell.compiler.ghc92 ghc-9.2.8
haskell.compiler.ghc945 ghc-9.4.5
haskell.compiler.ghc946 ghc-9.4.6
haskell.compiler.ghc947 ghc-9.4.7
haskell.compiler.ghc94 ghc-9.4.8
haskell.compiler.ghc963 ghc-9.6.3
haskell.compiler.ghc96 ghc-9.6.4
haskell.compiler.ghc98 ghc-9.8.1
haskell.compiler.ghcHEAD ghc-9.9.20231121
haskell.compiler.ghc8107Binary ghc-binary-8.10.7
haskell.compiler.ghc865Binary ghc-binary-8.6.5
haskell.compiler.ghc924Binary ghc-binary-9.2.4
haskell.compiler.ghc924BinaryMinimal ghc-binary-9.2.4
haskell.compiler.integer-simple.ghc810 ghc-integer-simple-8.10.7
haskell.compiler.integer-simple.ghc8107 ghc-integer-simple-8.10.7
haskell.compiler.integer-simple.ghc88 ghc-integer-simple-8.8.4
haskell.compiler.integer-simple.ghc884 ghc-integer-simple-8.8.4
haskell.compiler.integer-simple.ghc810 ghc-integer-simple-8.10.7
haskell.compiler.native-bignum.ghc90 ghc-native-bignum-9.0.2
haskell.compiler.native-bignum.ghc902 ghc-native-bignum-9.0.2
haskell.compiler.native-bignum.ghc924 ghc-native-bignum-9.2.4
haskell.compiler.native-bignum.ghc925 ghc-native-bignum-9.2.5
haskell.compiler.native-bignum.ghc926 ghc-native-bignum-9.2.6
haskell.compiler.native-bignum.ghc92 ghc-native-bignum-9.2.7
haskell.compiler.native-bignum.ghc927 ghc-native-bignum-9.2.7
haskell.compiler.native-bignum.ghc942 ghc-native-bignum-9.4.2
haskell.compiler.native-bignum.ghc943 ghc-native-bignum-9.4.3
haskell.compiler.native-bignum.ghc94 ghc-native-bignum-9.4.4
haskell.compiler.native-bignum.ghc944 ghc-native-bignum-9.4.4
haskell.compiler.native-bignum.ghcHEAD ghc-native-bignum-9.7.20221224
haskell.compiler.native-bignum.ghc92 ghc-native-bignum-9.2.8
haskell.compiler.native-bignum.ghc928 ghc-native-bignum-9.2.8
haskell.compiler.native-bignum.ghc945 ghc-native-bignum-9.4.5
haskell.compiler.native-bignum.ghc946 ghc-native-bignum-9.4.6
haskell.compiler.native-bignum.ghc947 ghc-native-bignum-9.4.7
haskell.compiler.native-bignum.ghc94 ghc-native-bignum-9.4.8
haskell.compiler.native-bignum.ghc948 ghc-native-bignum-9.4.8
haskell.compiler.native-bignum.ghc963 ghc-native-bignum-9.6.3
haskell.compiler.native-bignum.ghc96 ghc-native-bignum-9.6.4
haskell.compiler.native-bignum.ghc964 ghc-native-bignum-9.6.4
haskell.compiler.native-bignum.ghc98 ghc-native-bignum-9.8.1
haskell.compiler.native-bignum.ghc981 ghc-native-bignum-9.8.1
haskell.compiler.native-bignum.ghcHEAD ghc-native-bignum-9.9.20231121
haskell.compiler.ghcjs ghcjs-8.10.7
```

View File

@ -2,7 +2,7 @@
In addition to exposing the Idris2 compiler itself, Nixpkgs exposes an `idris2Packages.buildIdris` helper to make it a bit more ergonomic to build Idris2 executables or libraries.
The `buildIdris` function takes a package set that defines at a minimum the `src` and `projectName` of the package to be built and any `idrisLibraries` required to build it. The `src` is the same source you're familiar with but the `projectName` must be the name of the `ipkg` file for the project (omitting the `.ipkg` extension). The `idrisLibraries` is a list of other library derivations created with `buildIdris`. You can optionally specify other derivation properties as needed but sensible defaults for `configurePhase`, `buildPhase`, and `installPhase` are provided.
The `buildIdris` function takes an attribute set that defines at a minimum the `src` and `ipkgName` of the package to be built and any `idrisLibraries` required to build it. The `src` is the same source you're familiar with and the `ipkgName` must be the name of the `ipkg` file for the project (omitting the `.ipkg` extension). The `idrisLibraries` is a list of other library derivations created with `buildIdris`. You can optionally specify other derivation properties as needed but sensible defaults for `configurePhase`, `buildPhase`, and `installPhase` are provided.
Importantly, `buildIdris` does not create a single derivation but rather an attribute set with two properties: `executable` and `library`. The `executable` property is a derivation and the `library` property is a function that will return a derivation for the library with or without source code included. Source code need not be included unless you are aiming to use IDE or LSP features that are able to jump to definitions within an editor.
@ -10,7 +10,7 @@ A simple example of a fully packaged library would be the [`LSP-lib`](https://gi
```nix
{ fetchFromGitHub, idris2Packages }:
let lspLibPkg = idris2Packages.buildIdris {
projectName = "lsp-lib";
ipkgName = "lsp-lib";
src = fetchFromGitHub {
owner = "idris-community";
repo = "LSP-lib";
@ -31,7 +31,7 @@ A slightly more involved example of a fully packaged executable would be the [`i
# Assuming the previous example lives in `lsp-lib.nix`:
let lspLib = callPackage ./lsp-lib.nix { };
lspPkg = idris2Packages.buildIdris {
projectName = "idris2-lsp";
ipkgName = "idris2-lsp";
src = fetchFromGitHub {
owner = "idris-community";
repo = "idris2-lsp";

View File

@ -1408,6 +1408,20 @@
fingerprint = "7083 E268 4BFD 845F 2B84 9E74 B695 8918 ED23 32CE";
}];
};
applejag = {
email = "applejag.luminance905@passmail.com";
github = "applejag";
githubId = 2477952;
name = "Kalle Fagerberg";
keys = [
{
fingerprint = "F68E 6DB3 79FB 1FF0 7C72 6479 9874 DEDD 3592 5ED0";
}
{
fingerprint = "8DDB 3994 0A34 4FE5 4F3B 3E77 F161 001D EE78 1051";
}
];
};
applePrincess = {
email = "appleprincess@appleprincess.io";
github = "applePrincess";
@ -7432,6 +7446,12 @@
githubId = 1401179;
name = "Guanpeng Xu";
};
herbetom = {
email = "nixos@tomherbers.de";
github = "herbetom";
githubId = 15121114;
name = "Tom Herbers";
};
hexa = {
email = "hexa@darmstadt.ccc.de";
matrix = "@hexa:lossy.network";
@ -10472,6 +10492,14 @@
githubId = 31388299;
name = "Leonardo Eugênio";
};
leo248 = {
github ="leo248";
githubId = 95365184;
keys = [{
fingerprint = "81E3 418D C1A2 9687 2C4D 96DC BB1A 818F F295 26D2";
}];
name = "leo248";
};
leo60228 = {
email = "leo@60228.dev";
matrix = "@leo60228:matrix.org";
@ -11346,6 +11374,12 @@
githubId = 346094;
name = "Michael Alyn Miller";
};
mandos = {
email = "marek.maksimczyk@mandos.net.pl";
github = "mandos";
githubId = 115060;
name = "Marek Maksimczyk";
};
mangoiv = {
email = "contact@mangoiv.com";
github = "mangoiv";
@ -11942,6 +11976,12 @@
githubId = 4641445;
name = "Carlo Nucera";
};
medv = {
email = "mikhail.advent@gmail.com";
github = "medv";
githubId = 1631737;
name = "Mikhail Medvedev";
};
megheaiulian = {
email = "iulian.meghea@gmail.com";
github = "megheaiulian";
@ -15351,7 +15391,7 @@
name = "Jonathan Wright";
};
quantenzitrone = {
email = "quantenzitrone@protonmail.com";
email = "nix@dev.quantenzitrone.eu";
github = "quantenzitrone";
githubId = 74491719;
matrix = "@quantenzitrone:matrix.org";
@ -15784,6 +15824,11 @@
githubId = 811827;
name = "Gabriel Lievano";
};
rgri = {
name = "shortcut";
github = "rgri";
githubId = 45253749;
};
rgrinberg = {
name = "Rudi Grinberg";
email = "me@rgrinberg.com";

View File

@ -1,6 +1,6 @@
# Contributing to this manual {#chap-contributing}
The [DocBook] and CommonMark sources of the NixOS manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
The sources of the NixOS manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
This manual uses the [Nixpkgs manual syntax](https://nixos.org/manual/nixpkgs/unstable/#sec-contributing-markup).
You can quickly check your edits with the following:

View File

@ -7,7 +7,7 @@ worthy contribution to the project.
## Building the Manual {#sec-writing-docs-building-the-manual}
The DocBook sources of the [](#book-nixos-manual) are in the
The sources of the [](#book-nixos-manual) are in the
[`nixos/doc/manual`](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual)
subdirectory of the Nixpkgs repository.
@ -29,65 +29,3 @@ nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated. The HTML will be accessible through the `result`
symlink at `./result/share/doc/nixos/index.html`.
## Editing DocBook XML {#sec-writing-docs-editing-docbook-xml}
For general information on how to write in DocBook, see [DocBook 5: The
Definitive Guide](https://tdg.docbook.org/tdg/5.1/).
Emacs nXML Mode is very helpful for editing DocBook XML because it
validates the document as you write, and precisely locates errors. To
use it, see [](#sec-emacs-docbook-xml).
[Pandoc](https://pandoc.org/) can generate DocBook XML from a multitude of
formats, which makes a good starting point. Here is an example of Pandoc
invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML:
```ShellSession
pandoc -f markdown_github -t docbook5 docs.md -o my-section.md
```
Pandoc can also quickly convert a single `section.xml` to HTML, which is
helpful when drafting.
Sometimes writing valid DocBook is too difficult. In this case,
submit your documentation updates in a [GitHub
Issue](https://github.com/NixOS/nixpkgs/issues/new) and someone will
handle the conversion to XML for you.
## Creating a Topic {#sec-writing-docs-creating-a-topic}
You can use an existing topic as a basis for the new topic or create a
topic from scratch.
Keep the following guidelines in mind when you create and add a topic:
- The NixOS [`book`](https://tdg.docbook.org/tdg/5.0/book.html)
element is in `nixos/doc/manual/manual.xml`. It includes several
[`parts`](https://tdg.docbook.org/tdg/5.0/book.html) which are in
subdirectories.
- Store the topic file in the same directory as the `part` to which it
belongs. If your topic is about configuring a NixOS module, then the
XML file can be stored alongside the module definition `nix` file.
- If you include multiple words in the file name, separate the words
with a dash. For example: `ipv6-config.xml`.
- Make sure that the `xml:id` value is unique. You can use abbreviations
if the ID is too long. For example: `nixos-config`.
- Determine whether your topic is a chapter or a section. If you are
unsure, open an existing topic file and check whether the main
element is chapter or section.
## Adding a Topic to the Book {#sec-writing-docs-adding-a-topic}
Open the parent CommonMark file and add a line to the list of
chapters with the file name of the topic that you created. If you
created a `section`, you add the file to the `chapter` file. If you created
a `chapter`, you add the file to the `part` file.
If the topic is about configuring a NixOS module, it can be
automatically included in the manual by using the `meta.doc` attribute.
See [](#sec-meta-attributes) for an explanation.

View File

@ -54,6 +54,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [ollama](https://ollama.ai), server for running large language models locally.
- [hebbot](https://github.com/haecker-felix/hebbot), a Matrix bot to generate "This Week in X" like blog posts. Available as [services.hebbot](#opt-services.hebbot.enable).
- [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares.
@ -87,6 +89,13 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details.
- `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`.
This was done so that secrets aren't stored in the world-readable nix store.
To migrate, you will have create a file with the same exact string, and change
your module options to point to that file. For example, `services.aria2.rpcSecret =
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
where the file `secret_file` contains the string `mysecret`.
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
- `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`.
@ -142,12 +151,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively.
Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts.
- `multi-user.target` no longer depends on `network-online.target`.
This will potentially break services that assumed this was the case in the past.
This was changed for consistency with other distributions as well as improved boot times.
We have added a warning for services that are
`after = [ "network-online.target" ]` but do not depend on it (e.g. using `wants`).
- A warning has been added for services that are
`after = [ "network-online.target" ]` but do not depend on it (e.g. using
`wants`), because the dependency that `multi-user.target` has on
`network-online.target` is planned for removal.
- `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used.
Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory.
@ -200,6 +207,19 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- The `-data` path is no longer required to run the package, and will be set to point to a folder in `$TMP` if missing.
- `nomad` has been updated - note that HashiCorp recommends updating one minor version at a time. Please check [their upgrade guide](https://developer.hashicorp.com/nomad/docs/upgrade) for information on safely updating clusters and potential breaking changes.
- `nomad` is now Nomad 1.7.x.
- `nomad_1_4` has been removed, as it is now unsupported upstream.
- The `livebook` package is now built as a `mix release` instead of an `escript`.
This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments.
This has the further implication that the `livebook` service configuration has changed:
- The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter.
Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead.
## Other Notable Changes {#sec-release-24.05-notable-changes}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -243,11 +263,16 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- A new hardening flag, `zerocallusedregs` was made available, corresponding to the gcc/clang option `-fzero-call-used-regs=used-gpr`.
- New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.).
The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime.
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a
child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.
- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels).
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
`globalRedirect` can now have redirect codes other than 301 through
`redirectCode`.

View File

@ -768,6 +768,32 @@ class Machine:
self.booted = False
self.connected = False
def wait_for_qmp_event(
self, event_filter: Callable[[dict[str, Any]], bool], timeout: int = 60 * 10
) -> dict[str, Any]:
"""
Wait for a QMP event which you can filter with the `event_filter` function.
The function takes as an input a dictionary of the event and if it returns True, we return that event,
if it does not, we wait for the next event and retry.
It will skip all events received in the meantime, if you want to keep them,
you have to do the bookkeeping yourself and store them somewhere.
By default, it will wait up to 10 minutes, `timeout` is in seconds.
"""
if self.qmp_client is None:
raise RuntimeError("QMP API is not ready yet, is the VM ready?")
start = time.time()
while True:
evt = self.qmp_client.wait_for_event(timeout=timeout)
if event_filter(evt):
return evt
elapsed = time.time() - start
if elapsed >= timeout:
raise TimeoutError
def get_tty_text(self, tty: str) -> str:
status, output = self.execute(
f"fold -w$(stty -F /dev/tty{tty} size | "

View File

@ -214,6 +214,7 @@
./programs/minipro.nix
./programs/miriway.nix
./programs/mosh.nix
./programs/mouse-actions.nix
./programs/msmtp.nix
./programs/mtr.nix
./programs/nano.nix
@ -634,6 +635,7 @@
./services/matrix/appservice-irc.nix
./services/matrix/conduit.nix
./services/matrix/dendrite.nix
./services/matrix/hebbot.nix
./services/matrix/maubot.nix
./services/matrix/mautrix-facebook.nix
./services/matrix/mautrix-telegram.nix

View File

@ -39,6 +39,9 @@ with lib;
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
# Don't require sudo/root to `reboot` or `poweroff`.
security.polkit.enable = true;
# Allow passwordless sudo from nixos user
security.sudo = {
enable = mkDefault true;

View File

@ -90,6 +90,8 @@ in
];
};
};
users.groups.gamemode = { };
};
meta = {

View File

@ -9,6 +9,7 @@ in
{
options = {
programs.light = {
enable = mkOption {
default = false;
type = types.bool;
@ -17,11 +18,60 @@ in
and udev rules granting access to members of the "video" group.
'';
};
brightnessKeys = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable brightness control with keyboard keys.
This is mainly useful for minimalistic (desktop) environments. You
may want to leave this disabled if you run a feature-rich desktop
environment such as KDE, GNOME or Xfce as those handle the
brightness keys themselves. However, enabling brightness control
with this setting makes the control independent of X, so the keys
work in non-graphical ttys, so you might want to consider using this
instead of the default offered by the desktop environment.
Enabling this will turn on {option}`services.actkbd`.
'';
};
step = mkOption {
type = types.int;
default = 10;
description = ''
The percentage value by which to increase/decrease brightness.
'';
};
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.light ];
services.udev.packages = [ pkgs.light ];
services.actkbd = mkIf cfg.brightnessKeys.enable {
enable = true;
bindings = let
light = "${pkgs.light}/bin/light";
step = toString cfg.brightnessKeys.step;
in [
{
keys = [ 224 ];
events = [ "key" ];
# Use minimum brightness 0.1 so the display won't go totally black.
command = "${light} -N 0.1 && ${light} -U ${step}";
}
{
keys = [ 225 ];
events = [ "key" ];
command = "${light} -A ${step}";
}
];
};
};
}

View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.mouse-actions;
in
{
options.programs.mouse-actions = {
enable = lib.mkEnableOption ''
mouse-actions udev rules. This is a prerequisite for using mouse-actions without being root.
'';
};
config = lib.mkIf cfg.enable {
services.udev.packages = [ pkgs.mouse-actions ];
};
}

View File

@ -78,11 +78,15 @@ in
else settingsFormat.generate "regreet.toml" cfg.settings;
};
systemd.tmpfiles.rules = let
group = config.users.users.${config.services.greetd.settings.default_session.user}.group;
in [
"d /var/log/regreet 0755 greeter ${group} - -"
"d /var/cache/regreet 0755 greeter ${group} - -"
];
systemd.tmpfiles.settings."10-regreet" = let
defaultConfig = {
user = "greeter";
group = config.users.users.${config.services.greetd.settings.default_session.user}.group;
mode = "0755";
};
in {
"/var/log/regreet".d = defaultConfig;
"/var/cache/regreet".d = defaultConfig;
};
};
}

View File

@ -70,9 +70,10 @@ in {
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - mopidy mopidy - -"
];
systemd.tmpfiles.settings."10-mopidy".${cfg.dataDir}.d = {
user = "mopidy";
group = "mopidy";
};
systemd.services.mopidy = {
wantedBy = [ "multi-user.target" ];

View File

@ -15,11 +15,12 @@ which runs the server.
{
services.livebook = {
enableUserService = true;
port = 20123;
environment = {
LIVEBOOK_PORT = 20123;
LIVEBOOK_PASSWORD = "mypassword";
};
# See note below about security
environmentFile = pkgs.writeText "livebook.env" ''
LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
'';
environmentFile = "/var/lib/livebook.env";
};
}
```
@ -30,14 +31,19 @@ The Livebook server has the ability to run any command as the user it
is running under, so securing access to it with a password is highly
recommended.
Putting the password in the Nix configuration like above is an easy
way to get started but it is not recommended in the real world because
the `livebook.env` file will be added to the world-readable Nix store.
A better approach would be to put the password in some secure
user-readable location and set `environmentFile = /home/user/secure/livebook.env`.
Putting the password in the Nix configuration like above is an easy way to get
started but it is not recommended in the real world because the resulting
environment variables can be read by unprivileged users. A better approach
would be to put the password in some secure user-readable location and set
`environmentFile = /home/user/secure/livebook.env`.
:::
The [Livebook
documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
lists all the applicable environment variables. It is recommended to at least
set `LIVEBOOK_PASSWORD` or `LIVEBOOK_TOKEN_ENABLED=false`.
### Extra dependencies {#module-services-livebook-extra-dependencies}
By default, the Livebook service is run with minimum dependencies, but

View File

@ -14,58 +14,64 @@ in
package = mkPackageOption pkgs "livebook" { };
environmentFile = mkOption {
type = types.path;
description = lib.mdDoc ''
Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.
This must contain at least `LIVEBOOK_PASSWORD` or
`LIVEBOOK_TOKEN_ENABLED=false`. See `livebook server --help`
for other options.'';
};
erlang_node_short_name = mkOption {
type = with types; nullOr str;
default = null;
example = "livebook";
description = "A short name for the distributed node.";
};
erlang_node_name = mkOption {
type = with types; nullOr str;
default = null;
example = "livebook@127.0.0.1";
description = "The name for the app distributed node.";
};
port = mkOption {
type = types.port;
default = 8080;
description = "The port to start the web application on.";
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
The address to start the web application on. Must be a valid IPv4 or
IPv6 address.
'';
};
options = mkOption {
type = with types; attrsOf str;
environment = mkOption {
type = with types; attrsOf (nullOr (oneOf [ bool int str ]));
default = { };
description = lib.mdDoc ''
Additional options to pass as command-line arguments to the server.
Environment variables to set.
Livebook is configured through the use of environment variables. The
available configuration options can be found in the [Livebook
documentation](https://hexdocs.pm/livebook/readme.html#environment-variables).
Note that all environment variables set through this configuration
parameter will be readable by anyone with access to the host
machine. Therefore, sensitive information like {env}`LIVEBOOK_PASSWORD`
or {env}`LIVEBOOK_COOKIE` should never be set using this configuration
option, but should instead use
[](#opt-services.livebook.environmentFile). See the documentation for
that option for more information.
Any environment variables specified in the
[](#opt-services.livebook.environmentFile) will supersede environment
variables specified in this option.
'';
example = literalExpression ''
{
cookie = "a value shared by all nodes in this cluster";
LIVEBOOK_PORT = 8080;
}
'';
};
environmentFile = mkOption {
type = with types; nullOr types.path;
default = null;
description = lib.mdDoc ''
Additional dnvironment file as defined in {manpage}`systemd.exec(5)`.
Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the
password needed to access the livebook site) or {env}`LIVEBOOK_COOKIE`
(which is used to specify the
[cookie](https://www.erlang.org/doc/reference_manual/distributed.html#security)
used to connect to the running Elixir system) may be passed to the
service without making them readable to everyone with access to
systemctl by using this configuration parameter.
Note that this file needs to be available on the host on which
`livebook` is running.
For security purposes, this file should contain at least
{env}`LIVEBOOK_PASSWORD` or {env}`LIVEBOOK_TOKEN_ENABLED=false`.
See the [Livebook
documentation](https://hexdocs.pm/livebook/readme.html#environment-variables)
and the [](#opt-services.livebook.environment) configuration parameter
for further options.
'';
example = "/var/lib/livebook.env";
};
extraPackages = mkOption {
type = with types; listOf package;
default = [ ];
@ -81,17 +87,12 @@ in
serviceConfig = {
Restart = "always";
EnvironmentFile = cfg.environmentFile;
ExecStart =
let
args = lib.cli.toGNUCommandLineShell { } ({
inherit (cfg) port;
ip = cfg.address;
name = cfg.erlang_node_name;
sname = cfg.erlang_node_short_name;
} // cfg.options);
in
"${cfg.package}/bin/livebook server ${args}";
ExecStart = "${cfg.package}/bin/livebook start";
KillMode = "mixed";
};
environment = mapAttrs (name: value:
if isBool value then boolToString value else toString value)
cfg.environment;
path = [ pkgs.bash ] ++ cfg.extraPackages;
wantedBy = [ "default.target" ];
};

View File

@ -63,6 +63,12 @@ in
'';
type = types.listOf types.str;
};
usePing = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc "Use ping to check online status of devices instead of mDNS";
};
};
config = mkIf cfg.enable {
@ -74,8 +80,10 @@ in
wantedBy = ["multi-user.target"];
path = [cfg.package];
# platformio fails to determine the home directory when using DynamicUser
environment.PLATFORMIO_CORE_DIR = "${stateDir}/.platformio";
environment = {
# platformio fails to determine the home directory when using DynamicUser
PLATFORMIO_CORE_DIR = "${stateDir}/.platformio";
} // lib.optionalAttrs cfg.usePing { ESPHOME_DASHBOARD_USE_PING = "true"; };
serviceConfig = {
ExecStart = "${cfg.package}/bin/esphome dashboard ${esphomeParams} ${stateDir}";

View File

@ -4,7 +4,9 @@ let
inherit (lib) any attrValues concatMapStringsSep concatStrings
concatStringsSep flatten imap1 isList literalExpression mapAttrsToList
mkEnableOption mkIf mkOption mkRemovedOptionModule optional optionalAttrs
optionalString singleton types;
optionalString singleton types mkRenamedOptionModule nameValuePair
mapAttrs' listToAttrs filter;
inherit (lib.strings) match;
cfg = config.services.dovecot2;
dovecotPkg = pkgs.dovecot;
@ -12,6 +14,58 @@ let
baseDir = "/run/dovecot2";
stateDir = "/var/lib/dovecot";
sieveScriptSettings = mapAttrs' (to: from: nameValuePair "sieve_${to}" "${stateDir}/sieve/${from}") cfg.sieve.scripts;
imapSieveMailboxSettings = listToAttrs (flatten (imap1 (idx: el:
singleton {
name = "imapsieve_mailbox${toString idx}_name";
value = el.name;
} ++ optional (el.from != null) {
name = "imapsieve_mailbox${toString idx}_from";
value = el.from;
} ++ optional (el.causes != []) {
name = "imapsieve_mailbox${toString idx}_causes";
value = concatStringsSep "," el.causes;
} ++ optional (el.before != null) {
name = "imapsieve_mailbox${toString idx}_before";
value = "file:${stateDir}/imapsieve/before/${baseNameOf el.before}";
} ++ optional (el.after != null) {
name = "imapsieve_mailbox${toString idx}_after";
value = "file:${stateDir}/imapsieve/after/${baseNameOf el.after}";
}
) cfg.imapsieve.mailbox));
mkExtraConfigCollisionWarning = term: ''
You referred to ${term} in `services.dovecot2.extraConfig`.
Due to gradual transition to structured configuration for plugin configuration, it is possible
this will cause your plugin configuration to be ignored.
Consider setting `services.dovecot2.pluginSettings.${term}` instead.
'';
# Those settings are automatically set based on other parts
# of this module.
automaticallySetPluginSettings = [
"sieve_plugins"
"sieve_extensions"
"sieve_global_extensions"
"sieve_pipe_bin_dir"
]
++ (builtins.attrNames sieveScriptSettings)
++ (builtins.attrNames imapSieveMailboxSettings);
# The idea is to match everything that looks like `$term =`
# but not `# $term something something`
# or `# $term = some value` because those are comments.
configContainsSetting = lines: term: (match "^[^#]*\b${term}\b.*=" lines) != null;
warnAboutExtraConfigCollisions = map mkExtraConfigCollisionWarning (filter (configContainsSetting cfg.extraConfig) automaticallySetPluginSettings);
sievePipeBinScriptDirectory = pkgs.linkFarm "sieve-pipe-bins" (map (el: {
name = builtins.unsafeDiscardStringContext (baseNameOf el);
path = el;
}) cfg.sieve.pipeBins);
dovecotConf = concatStrings [
''
base_dir = ${baseDir}
@ -77,14 +131,6 @@ let
''
)
(
optionalString (cfg.sieveScripts != {}) ''
plugin {
${concatStringsSep "\n" (mapAttrsToList (to: from: "sieve_${to} = ${stateDir}/sieve/${to}") cfg.sieveScripts)}
}
''
)
(
optionalString (cfg.mailboxes != {}) ''
namespace inbox {
@ -116,33 +162,12 @@ let
''
)
# General plugin settings:
# - sieve is mostly generated here, refer to `pluginSettings` to follow
# the control flow.
''
plugin {
sieve_plugins = ${concatStringsSep " " cfg.sieve.plugins}
sieve_extensions = ${concatStringsSep " " (map (el: "+${el}") cfg.sieve.extensions)}
sieve_global_extensions = ${concatStringsSep " " (map (el: "+${el}") cfg.sieve.globalExtensions)}
''
(optionalString (cfg.imapsieve.mailbox != []) ''
${
concatStringsSep "\n" (flatten (imap1 (
idx: el:
singleton "imapsieve_mailbox${toString idx}_name = ${el.name}"
++ optional (el.from != null) "imapsieve_mailbox${toString idx}_from = ${el.from}"
++ optional (el.causes != null) "imapsieve_mailbox${toString idx}_causes = ${el.causes}"
++ optional (el.before != null) "imapsieve_mailbox${toString idx}_before = file:${stateDir}/imapsieve/before/${baseNameOf el.before}"
++ optional (el.after != null) "imapsieve_mailbox${toString idx}_after = file:${stateDir}/imapsieve/after/${baseNameOf el.after}"
)
cfg.imapsieve.mailbox))
}
'')
(optionalString (cfg.sieve.pipeBins != []) ''
sieve_pipe_bin_dir = ${pkgs.linkFarm "sieve-pipe-bins" (map (el: {
name = builtins.unsafeDiscardStringContext (baseNameOf el);
path = el;
})
cfg.sieve.pipeBins)}
'')
''
${concatStringsSep "\n" (mapAttrsToList (key: value: " ${key} = ${value}") cfg.pluginSettings)}
}
''
@ -199,6 +224,7 @@ in
{
imports = [
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
(mkRenamedOptionModule [ "services" "dovecot2" "sieveScripts" ] [ "services" "dovecot2" "sieve" "scripts" ])
];
options.services.dovecot2 = {
@ -337,12 +363,6 @@ in
enableDHE = mkEnableOption (lib.mdDoc "ssl_dh and generation of primes for the key exchange") // { default = true; };
sieveScripts = mkOption {
type = types.attrsOf types.path;
default = {};
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
};
showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)");
mailboxes = mkOption {
@ -376,6 +396,26 @@ in
description = lib.mdDoc "Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.";
};
pluginSettings = mkOption {
# types.str does not coerce from packages, like `sievePipeBinScriptDirectory`.
type = types.attrsOf (types.oneOf [ types.str types.package ]);
default = {};
example = literalExpression ''
{
sieve = "file:~/sieve;active=~/.dovecot.sieve";
}
'';
description = ''
Plugin settings for dovecot in general, e.g. `sieve`, `sieve_default`, etc.
Some of the other knobs of this module will influence by default the plugin settings, but you
can still override any plugin settings.
If you override a plugin setting, its value is cleared and you have to copy over the defaults.
'';
};
imapsieve.mailbox = mkOption {
default = [];
description = "Configure Sieve filtering rules on IMAP actions";
@ -405,14 +445,14 @@ in
};
causes = mkOption {
default = null;
default = [ ];
description = ''
Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox.<name>.name when one of the listed IMAPSIEVE causes apply.
This has no effect on the user script, which is always executed no matter the cause.
'';
example = "COPY";
type = types.nullOr (types.enum [ "APPEND" "COPY" "FLAG" ]);
example = [ "COPY" "APPEND" ];
type = types.listOf (types.enum [ "APPEND" "COPY" "FLAG" ]);
};
before = mkOption {
@ -462,6 +502,12 @@ in
type = types.listOf types.str;
};
scripts = mkOption {
type = types.attrsOf types.path;
default = {};
description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.";
};
pipeBins = mkOption {
default = [];
example = literalExpression ''
@ -476,7 +522,6 @@ in
};
};
config = mkIf cfg.enable {
security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
@ -501,6 +546,13 @@ in
++ optional (cfg.sieve.pipeBins != []) "sieve_extprograms";
sieve.globalExtensions = optional (cfg.sieve.pipeBins != []) "vnd.dovecot.pipe";
pluginSettings = lib.mapAttrs (n: lib.mkDefault) ({
sieve_plugins = concatStringsSep " " cfg.sieve.plugins;
sieve_extensions = concatStringsSep " " (map (el: "+${el}") cfg.sieve.extensions);
sieve_global_extensions = concatStringsSep " " (map (el: "+${el}") cfg.sieve.globalExtensions);
sieve_pipe_bin_dir = sievePipeBinScriptDirectory;
} // sieveScriptSettings // imapSieveMailboxSettings);
};
users.users = {
@ -556,7 +608,7 @@ in
# the source file and Dovecot won't try to compile it.
preStart = ''
rm -rf ${stateDir}/sieve ${stateDir}/imapsieve
'' + optionalString (cfg.sieveScripts != {}) ''
'' + optionalString (cfg.sieve.scripts != {}) ''
mkdir -p ${stateDir}/sieve
${concatStringsSep "\n" (
mapAttrsToList (
@ -569,7 +621,7 @@ in
fi
${pkgs.dovecot_pigeonhole}/bin/sievec '${stateDir}/sieve/${to}'
''
) cfg.sieveScripts
) cfg.sieve.scripts
)}
chown -R '${cfg.mailUser}:${cfg.mailGroup}' '${stateDir}/sieve'
''
@ -600,9 +652,7 @@ in
environment.systemPackages = [ dovecotPkg ];
warnings = mkIf (any isList options.services.dovecot2.mailboxes.definitions) [
"Declaring `services.dovecot2.mailboxes' as a list is deprecated and will break eval in 21.05! See the release notes for more info for migration."
];
warnings = warnAboutExtraConfigCollisions;
assertions = [
{
@ -615,8 +665,8 @@ in
message = "dovecot is configured with showPAMFailure while enablePAM is disabled";
}
{
assertion = cfg.sieveScripts != {} -> (cfg.mailUser != null && cfg.mailGroup != null);
message = "dovecot requires mailUser and mailGroup to be set when sieveScripts is set";
assertion = cfg.sieve.scripts != {} -> (cfg.mailUser != null && cfg.mailGroup != null);
message = "dovecot requires mailUser and mailGroup to be set when `sieve.scripts` is set";
}
];

View File

@ -143,11 +143,13 @@ in
environment.systemPackages = [ pkgs.mlmmj ];
systemd.tmpfiles.rules = [
''d "${stateDir}" -''
''d "${spoolDir}/${cfg.listDomain}" -''
''Z "${spoolDir}" - "${cfg.user}" "${cfg.group}" -''
];
systemd.tmpfiles.settings."10-mlmmj" = {
${stateDir}.d = { };
"${spoolDir}/${cfg.listDomain}".d = { };
${spoolDir}.Z = {
inherit (cfg) user group;
};
};
systemd.services.mlmmj-maintd = {
description = "mlmmj maintenance daemon";

View File

@ -99,7 +99,11 @@ in
${cfg.extraConfig}
'';
systemd.tmpfiles.rules = [ "d /var/cache/postfixadmin/templates_c 700 ${user} ${user}" ];
systemd.tmpfiles.settings."10-postfixadmin"."/var/cache/postfixadmin/templates_c".d = {
inherit user;
group = user;
mode = "700";
};
services.nginx = {
enable = true;

View File

@ -95,9 +95,11 @@ in {
services.rss2email.config.to = cfg.to;
systemd.tmpfiles.rules = [
"d /var/rss2email 0700 rss2email rss2email - -"
];
systemd.tmpfiles.settings."10-rss2email"."/var/rss2email".d = {
user = "rss2email";
group = "rss2email";
mode = "0700";
};
systemd.services.rss2email = let
conf = pkgs.writeText "rss2email.cfg" (lib.generators.toINI {} ({

View File

@ -93,7 +93,11 @@ in {
environment.etc."zeyple.conf".source = ini.generate "zeyple.conf" cfg.settings;
systemd.tmpfiles.rules = [ "f '${cfg.settings.zeyple.log_file}' 0600 ${cfg.user} ${cfg.group} - -" ];
systemd.tmpfiles.settings."10-zeyple".${cfg.settings.zeyple.log_file}.f = {
inherit (cfg) user group;
mode = "0600";
};
services.logrotate = mkIf cfg.rotateLogs {
enable = true;
settings.zeyple = {

View File

@ -0,0 +1,78 @@
{ lib
, config
, pkgs
, ...
}:
let
inherit (lib) mkEnableOption mkOption mkIf types;
format = pkgs.formats.toml { };
cfg = config.services.hebbot;
settingsFile = format.generate "config.toml" cfg.settings;
mkTemplateOption = templateName: mkOption {
type = types.path;
description = lib.mdDoc ''
A path to the Markdown file for the ${templateName}.
'';
};
in
{
meta.maintainers = [ lib.maintainers.raitobezarius ];
options.services.hebbot = {
enable = mkEnableOption "hebbot";
botPasswordFile = mkOption {
type = types.path;
description = lib.mdDoc ''
A path to the password file for your bot.
Consider using a path that does not end up in your Nix store
as it would be world readable.
'';
};
templates = {
project = mkTemplateOption "project template";
report = mkTemplateOption "report template";
section = mkTemplateOption "section template";
};
settings = mkOption {
type = format.type;
default = { };
description = lib.mdDoc ''
Configuration for Hebbot, see, for examples:
- <https://github.com/matrix-org/twim-config/blob/master/config.toml>
- <https://gitlab.gnome.org/Teams/Websites/thisweek.gnome.org/-/blob/main/hebbot/config.toml>
'';
};
};
config = mkIf cfg.enable {
systemd.services.hebbot = {
description = "hebbot - a TWIM-style Matrix bot written in Rust";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
ln -sf ${cfg.templates.project} ./project_template.md
ln -sf ${cfg.templates.report} ./report_template.md
ln -sf ${cfg.templates.section} ./section_template.md
ln -sf ${settingsFile} ./config.toml
'';
script = ''
export BOT_PASSWORD="$(cat $CREDENTIALS_DIRECTORY/bot-password-file)"
${lib.getExe pkgs.hebbot}
'';
serviceConfig = {
DynamicUser = true;
Restart = "on-failure";
LoadCredential = "bot-password-file:${cfg.botPasswordFile}";
RestartSec = "10s";
StateDirectory = "hebbot";
WorkingDirectory = "hebbot";
};
};
};
}

View File

@ -152,9 +152,10 @@ in {
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 etcd - - -"
];
systemd.tmpfiles.settings."10-etcd".${cfg.dataDir}.d = {
user = "etcd";
mode = "0700";
};
systemd.services.etcd = {
description = "etcd key-value store";

View File

@ -45,9 +45,10 @@ in
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-lidarr".${cfg.dataDir}.d = {
inherit (cfg) user group;
mode = "0700";
};
systemd.services.lidarr = {
description = "Lidarr";

View File

@ -40,9 +40,10 @@ in
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-radarr".${cfg.dataDir}.d = {
inherit (cfg) user group;
mode = "0700";
};
systemd.services.radarr = {
description = "Radarr";

View File

@ -45,9 +45,10 @@ in
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-readarr".${cfg.dataDir}.d = {
inherit (cfg) user group;
mode = "0700";
};
systemd.services.readarr = {
description = "Readarr";

View File

@ -79,9 +79,10 @@ in
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.logDir}' - alerta alerta - -"
];
systemd.tmpfiles.settings."10-alerta".${cfg.logDir}.d = {
user = "alerta";
group = "alerta";
};
systemd.services.alerta = {
description = "Alerta Monitoring System";

View File

@ -160,9 +160,9 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.kapacitor ];
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-kapacitor".${cfg.dataDir}.d = {
inherit (cfg) user group;
};
systemd.services.kapacitor = {
description = "Kapacitor Real-Time Stream Processing Engine";

View File

@ -374,7 +374,11 @@ in
};
# munin_stats plugin breaks as of 2.0.33 when this doesn't exist
systemd.tmpfiles.rules = [ "d /run/munin 0755 munin munin -" ];
systemd.tmpfiles.settings."10-munin"."/run/munin".d = {
mode = "0755";
user = "munin";
group = "munin";
};
}) (mkIf cronCfg.enable {
@ -399,11 +403,17 @@ in
};
};
systemd.tmpfiles.rules = [
"d /run/munin 0755 munin munin -"
"d /var/log/munin 0755 munin munin -"
"d /var/www/munin 0755 munin munin -"
"d /var/lib/munin 0755 munin munin -"
];
systemd.tmpfiles.settings."20-munin" = let
defaultConfig = {
mode = "0755";
user = "munin";
group = "munin";
};
in {
"/run/munin".d = defaultConfig;
"/var/log/munin".d = defaultConfig;
"/var/www/munin".d = defaultConfig;
"/var/lib/munin".d = defaultConfig;
};
})];
}

View File

@ -90,8 +90,10 @@ in
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d ${dirname (cfg.flags.pidfile)} 0755 root root -"
];
systemd.tmpfiles.settings."10-osquery".${dirname (cfg.flags.pidfile)}.d = {
user = "root";
group = "root";
mode = "0755";
};
};
}

View File

@ -21,7 +21,7 @@ in
type = with types; nullOr path;
default = null;
example = "/etc/prometheus-pve-exporter/pve.env";
description = lib.mdDoc ''
description = ''
Path to the service's environment file. This path can either be a computed path in /nix/store or a path in the local filesystem.
The environment file should NOT be stored in /nix/store as it contains passwords and/or keys in plain text.
@ -34,7 +34,7 @@ in
type = with types; nullOr path;
default = null;
example = "/etc/prometheus-pve-exporter/pve.yml";
description = lib.mdDoc ''
description = ''
Path to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem.
The config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text.
@ -45,46 +45,66 @@ in
'';
};
server = {
keyFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/var/lib/prometheus-pve-exporter/privkey.key";
description = ''
Path to a SSL private key file for the server
'';
};
certFile = mkOption {
type = with types; nullOr path;
default = null;
example = "/var/lib/prometheus-pve-exporter/full-chain.pem";
description = ''
Path to a SSL certificate file for the server
'';
};
};
collectors = {
status = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect Node/VM/CT status
'';
};
version = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect PVE version info
'';
};
node = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect PVE node info
'';
};
cluster = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect PVE cluster info
'';
};
resources = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect PVE resources info
'';
};
config = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
description = ''
Collect PVE onboot status
'';
};
@ -102,8 +122,10 @@ in
--${optionalString (!cfg.collectors.cluster) "no-"}collector.cluster \
--${optionalString (!cfg.collectors.resources) "no-"}collector.resources \
--${optionalString (!cfg.collectors.config) "no-"}collector.config \
%d/configFile \
${toString cfg.port} ${cfg.listenAddress}
${optionalString (cfg.server.keyFile != null) "--server.keyfile ${cfg.server.keyFile}"} \
${optionalString (cfg.server.certFile != null) "--server.certfile ${cfg.server.certFile}"} \
--config.file %d/configFile \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port}
'';
} // optionalAttrs (cfg.environmentFile != null) {
EnvironmentFile = cfg.environmentFile;

View File

@ -59,9 +59,10 @@ in {
group = "riemanndash";
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - riemanndash riemanndash - -"
];
systemd.tmpfiles.settings."10-riemanndash".${cfg.dataDir}.d = {
user = "riemanndash";
group = "riemanndash";
};
systemd.services.riemann-dash = {
wantedBy = [ "multi-user.target" ];

View File

@ -56,8 +56,10 @@ in
};
};
systemd.tmpfiles.rules = [
"d ${cfg.cacheDir} 0700 root root - -"
];
systemd.tmpfiles.settings."10-cachefilesd".${cfg.cacheDir}.d = {
user = "root";
group = "root";
mode = "0700";
};
};
}

View File

@ -398,12 +398,18 @@ in
in
mkMerge targets;
systemd.tmpfiles.rules = [
"d /etc/ceph - ceph ceph - -"
"d /run/ceph 0770 ceph ceph -"
"d /var/lib/ceph - ceph ceph - -"]
++ optionals cfg.mgr.enable [ "d /var/lib/ceph/mgr - ceph ceph - -"]
++ optionals cfg.mon.enable [ "d /var/lib/ceph/mon - ceph ceph - -"]
++ optionals cfg.osd.enable [ "d /var/lib/ceph/osd - ceph ceph - -"];
systemd.tmpfiles.settings."10-ceph" = let
defaultConfig = {
user = "ceph";
group = "ceph";
};
in {
"/etc/ceph".d = defaultConfig;
"/run/ceph".d = defaultConfig // { mode = "0770"; };
"/var/lib/ceph".d = defaultConfig;
"/var/lib/ceph/mgr".d = mkIf (cfg.mgr.enable) defaultConfig;
"/var/lib/ceph/mon".d = mkIf (cfg.mon.enable) defaultConfig;
"/var/lib/ceph/osd".d = mkIf (cfg.osd.enable) defaultConfig;
};
};
}

View File

@ -92,7 +92,12 @@ in {
(mkIf cfg.enableRedirector {
security.wrappers."keybase-redirector".source = "${pkgs.kbfs}/bin/redirector";
systemd.tmpfiles.rules = [ "d /keybase 0755 root root 0" ];
systemd.tmpfiles.settings."10-kbfs"."/keybase".d = {
user = "root";
group = "root";
mode = "0755";
age = "0";
};
# Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/keybase-redirector.service
systemd.user.services.keybase-redirector = {

View File

@ -312,12 +312,13 @@ in
ipfs.gid = config.ids.gids.ipfs;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
] ++ optionals cfg.autoMount [
"d '${cfg.settings.Mounts.IPFS}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.settings.Mounts.IPNS}' - ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-kubo" = let
defaultConfig = { inherit (cfg) user group; };
in {
${cfg.dataDir}.d = defaultConfig;
${cfg.settings.Mounts.IPFS}.d = mkIf (cfg.autoMount) defaultConfig;
${cfg.settings.Mounts.IPNS}.d = mkIf (cfg.autoMount) defaultConfig;
};
# The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself
systemd.packages = if cfg.autoMount

View File

@ -18,11 +18,14 @@ let
dir=${cfg.downloadDir}
listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)}
rpc-listen-port=${toString cfg.rpcListenPort}
rpc-secret=${cfg.rpcSecret}
'';
in
{
imports = [
(mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead")
];
options = {
services.aria2 = {
enable = mkOption {
@ -65,11 +68,11 @@ in
default = 6800;
description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
};
rpcSecret = mkOption {
type = types.str;
default = "aria2rpc";
rpcSecretFile = mkOption {
type = types.path;
example = "/run/secrets/aria2-rpc-token.txt";
description = lib.mdDoc ''
Set RPC secret authorization token.
A file containing the RPC secret authorization token.
Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
'';
};
@ -117,6 +120,7 @@ in
touch "${sessionFile}"
fi
cp -f "${settingsFile}" "${settingsDir}/aria2.conf"
echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${settingsDir}/aria2.conf"
'';
serviceConfig = {
@ -125,6 +129,7 @@ in
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "aria2";
Group = "aria2";
LoadCredential="rpcSecretFile:${cfg.rpcSecretFile}";
};
};
};

View File

@ -81,9 +81,9 @@ in
gid = config.ids.gids.ircd;
};
systemd.tmpfiles.rules = [
"d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.settings."10-charybdis".${cfg.statedir}.d = {
inherit (cfg) user group;
};
environment.etc."charybdis/ircd.conf".source = configFile;

View File

@ -4,10 +4,79 @@ with lib;
let
cfg = config.services.dnsdist;
toLua = lib.generators.toLua {};
mkBind = cfg: toLua "${cfg.listenAddress}:${toString cfg.listenPort}";
configFile = pkgs.writeText "dnsdist.conf" ''
setLocal('${cfg.listenAddress}:${toString cfg.listenPort}')
setLocal(${mkBind cfg})
${lib.optionalString cfg.dnscrypt.enable dnscryptSetup}
${cfg.extraConfig}
'';
dnscryptSetup = ''
last_rotation = 0
cert_serial = 0
provider_key = ${toLua cfg.dnscrypt.providerKey}
cert_lifetime = ${toLua cfg.dnscrypt.certLifetime} * 60
function file_exists(name)
local f = io.open(name, "r")
return f ~= nil and io.close(f)
end
function dnscrypt_setup()
-- generate provider keys on first run
if provider_key == nil then
provider_key = "/var/lib/dnsdist/private.key"
if not file_exists(provider_key) then
generateDNSCryptProviderKeys("/var/lib/dnsdist/public.key",
"/var/lib/dnsdist/private.key")
print("DNSCrypt: generated provider keypair")
end
end
-- generate resolver certificate
local now = os.time()
generateDNSCryptCertificate(
provider_key, "/run/dnsdist/resolver.cert", "/run/dnsdist/resolver.key",
cert_serial, now - 60, now + cert_lifetime)
addDNSCryptBind(
${mkBind cfg.dnscrypt}, ${toLua cfg.dnscrypt.providerName},
"/run/dnsdist/resolver.cert", "/run/dnsdist/resolver.key")
end
function maintenance()
-- certificate rotation
local now = os.time()
local dnscrypt = getDNSCryptBind(0)
if ((now - last_rotation) > 0.9 * cert_lifetime) then
-- generate and start using a new certificate
dnscrypt:generateAndLoadInMemoryCertificate(
provider_key, cert_serial + 1,
now - 60, now + cert_lifetime)
-- stop advertising the last certificate
dnscrypt:markInactive(cert_serial)
-- remove the second to last certificate
if (cert_serial > 1) then
dnscrypt:removeInactiveCertificate(cert_serial - 1)
end
print("DNSCrypt: rotated certificate")
-- increment serial number
cert_serial = cert_serial + 1
last_rotation = now
end
end
dnscrypt_setup()
'';
in {
options = {
services.dnsdist = {
@ -15,15 +84,69 @@ in {
listenAddress = mkOption {
type = types.str;
description = lib.mdDoc "Listen IP Address";
description = lib.mdDoc "Listen IP address";
default = "0.0.0.0";
};
listenPort = mkOption {
type = types.int;
type = types.port;
description = lib.mdDoc "Listen port";
default = 53;
};
dnscrypt = {
enable = mkEnableOption (lib.mdDoc "a DNSCrypt endpoint to dnsdist");
listenAddress = mkOption {
type = types.str;
description = lib.mdDoc "Listen IP address of the endpoint";
default = "0.0.0.0";
};
listenPort = mkOption {
type = types.port;
description = lib.mdDoc "Listen port of the endpoint";
default = 443;
};
providerName = mkOption {
type = types.str;
default = "2.dnscrypt-cert.${config.networking.hostName}";
defaultText = literalExpression "2.dnscrypt-cert.\${config.networking.hostName}";
example = "2.dnscrypt-cert.myresolver";
description = lib.mdDoc ''
The name that will be given to this DNSCrypt resolver.
::: {.note}
The provider name must start with `2.dnscrypt-cert.`.
:::
'';
};
providerKey = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
The filepath to the provider secret key.
If not given a new provider key pair will be generated in
/var/lib/dnsdist on the first run.
::: {.note}
The file must be readable by the dnsdist user/group.
:::
'';
};
certLifetime = mkOption {
type = types.ints.positive;
default = 15;
description = lib.mdDoc ''
The lifetime (in minutes) of the resolver certificate.
This will be automatically rotated before expiration.
'';
};
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -35,6 +158,14 @@ in {
};
config = mkIf cfg.enable {
users.users.dnsdist = {
description = "dnsdist daemons user";
isSystemUser = true;
group = "dnsdist";
};
users.groups.dnsdist = {};
systemd.packages = [ pkgs.dnsdist ];
systemd.services.dnsdist = {
@ -42,8 +173,10 @@ in {
startLimitIntervalSec = 0;
serviceConfig = {
DynamicUser = true;
User = "dnsdist";
Group = "dnsdist";
RuntimeDirectory = "dnsdist";
StateDirectory = "dnsdist";
# upstream overrides for better nixos compatibility
ExecStartPre = [ "" "${pkgs.dnsdist}/bin/dnsdist --check-config --config ${configFile}" ];
ExecStart = [ "" "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}" ];

View File

@ -444,10 +444,14 @@ in {
tls_letsencrypt_cache_dir = "${dataDir}/.cache";
};
# Setup the headscale configuration in a known path in /etc to
# allow both the Server and the Client use it to find the socket
# for communication.
environment.etc."headscale/config.yaml".source = configFile;
environment = {
# Setup the headscale configuration in a known path in /etc to
# allow both the Server and the Client use it to find the socket
# for communication.
etc."headscale/config.yaml".source = configFile;
systemPackages = [ cfg.package ];
};
users.groups.headscale = mkIf (cfg.group == "headscale") {};

View File

@ -395,11 +395,11 @@ in
};
};
systemd.tmpfiles.rules = [
"d /var/log/jitsi/jibri 755 jibri jibri"
];
systemd.tmpfiles.settings."10-jibri"."/var/log/jitsi/jibri".d = {
user = "jibri";
group = "jibri";
mode = "755";
};
# Configure Chromium to not show the "Chrome is being controlled by automatic test software" message.
environment.etc."chromium/policies/managed/managed_policies.json".text = builtins.toJSON { CommandLineFlagSecurityWarningsEnabled = false; };

View File

@ -0,0 +1,56 @@
# Netbird {#module-services-netbird}
## Quickstart {#module-services-netbird-quickstart}
The absolute minimal configuration for the netbird daemon looks like this:
```nix
services.netbird.enable = true;
```
This will set up a netbird service listening on the port `51820` associated to the
`wt0` interface.
It is strictly equivalent to setting:
```nix
services.netbird.tunnels.wt0.stateDir = "netbird";
```
The `enable` option is mainly kept for backward compatibility, as defining netbird
tunnels through the `tunnels` option is more expressive.
## Multiple connections setup {#module-services-netbird-multiple-connections}
Using the `services.netbird.tunnels` option, it is also possible to define more than
one netbird service running at the same time.
The following configuration will start a netbird daemon using the interface `wt1` and
the port 51830. Its configuration file will then be located at `/var/lib/netbird-wt1/config.json`.
```nix
services.netbird.tunnels = {
wt1 = {
port = 51830;
};
};
```
To interact with it, you will need to specify the correct daemon address:
```bash
netbird --daemon-addr unix:///var/run/netbird-wt1/sock ...
```
The address will by default be `unix:///var/run/netbird-<name>`.
It is also possible to overwrite default options passed to the service, for
example:
```nix
services.netbird.tunnels.wt1.environment = {
NB_DAEMON_ADDR = "unix:///var/run/toto.sock"
};
```
This will set the socket to interact with the netbird service to `/var/run/toto.sock`.

View File

@ -1,60 +1,171 @@
{ config, lib, pkgs, ... }:
with lib;
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.netbird;
inherit (lib)
attrNames
getExe
literalExpression
maintainers
mapAttrs'
mkDefault
mkEnableOption
mkIf
mkMerge
mkOption
mkPackageOption
nameValuePair
optional
versionOlder
;
inherit (lib.types)
attrsOf
port
str
submodule
;
kernel = config.boot.kernelPackages;
interfaceName = "wt0";
in {
meta.maintainers = with maintainers; [ misuzu ];
cfg = config.services.netbird;
in
{
meta.maintainers = with maintainers; [
misuzu
thubrecht
];
meta.doc = ./netbird.md;
options.services.netbird = {
enable = mkEnableOption (lib.mdDoc "Netbird daemon");
package = mkPackageOption pkgs "netbird" { };
};
config = mkIf cfg.enable {
boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
tunnels = mkOption {
type = attrsOf (
submodule (
{ name, config, ... }:
{
options = {
port = mkOption {
type = port;
default = 51820;
description = ''
Port for the ${name} netbird interface.
'';
};
environment.systemPackages = [ cfg.package ];
environment = mkOption {
type = attrsOf str;
defaultText = literalExpression ''
{
NB_CONFIG = "/var/lib/''${stateDir}/config.json";
NB_LOG_FILE = "console";
NB_WIREGUARD_PORT = builtins.toString port;
NB_INTERFACE_NAME = name;
NB_DAMEON_ADDR = "/var/run/''${stateDir}"
}
'';
description = ''
Environment for the netbird service, used to pass configuration options.
'';
};
networking.dhcpcd.denyInterfaces = [ interfaceName ];
stateDir = mkOption {
type = str;
default = "netbird-${name}";
description = ''
Directory storing the netbird configuration.
'';
};
};
systemd.network.networks."50-netbird" = mkIf config.networking.useNetworkd {
matchConfig = {
Name = interfaceName;
};
linkConfig = {
Unmanaged = true;
ActivationPolicy = "manual";
};
};
systemd.services.netbird = {
description = "A WireGuard-based mesh network that connects your devices into a single private network";
documentation = [ "https://netbird.io/docs/" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
openresolv
];
serviceConfig = {
Environment = [
"NB_CONFIG=/var/lib/netbird/config.json"
"NB_LOG_FILE=console"
];
ExecStart = "${cfg.package}/bin/netbird service run";
Restart = "always";
RuntimeDirectory = "netbird";
StateDirectory = "netbird";
WorkingDirectory = "/var/lib/netbird";
};
unitConfig = {
StartLimitInterval = 5;
StartLimitBurst = 10;
};
stopIfChanged = false;
config.environment = builtins.mapAttrs (_: mkDefault) {
NB_CONFIG = "/var/lib/${config.stateDir}/config.json";
NB_LOG_FILE = "console";
NB_WIREGUARD_PORT = builtins.toString config.port;
NB_INTERFACE_NAME = name;
NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock";
};
}
)
);
default = { };
description = ''
Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
'';
};
};
config = mkMerge [
(mkIf cfg.enable {
# For backwards compatibility
services.netbird.tunnels.wt0.stateDir = "netbird";
})
(mkIf (cfg.tunnels != { }) {
boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
environment.systemPackages = [ cfg.package ];
networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels;
systemd.network.networks = mkIf config.networking.useNetworkd (
mapAttrs'
(
name: _:
nameValuePair "50-netbird-${name}" {
matchConfig = {
Name = name;
};
linkConfig = {
Unmanaged = true;
ActivationPolicy = "manual";
};
}
)
cfg.tunnels
);
systemd.services =
mapAttrs'
(
name:
{ environment, stateDir, ... }:
nameValuePair "netbird-${name}" {
description = "A WireGuard-based mesh network that connects your devices into a single private network";
documentation = [ "https://netbird.io/docs/" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ openresolv ];
inherit environment;
serviceConfig = {
ExecStart = "${getExe cfg.package} service run";
Restart = "always";
RuntimeDirectory = stateDir;
StateDirectory = stateDir;
StateDirectoryMode = "0700";
WorkingDirectory = "/var/lib/${stateDir}";
};
unitConfig = {
StartLimitInterval = 5;
StartLimitBurst = 10;
};
stopIfChanged = false;
}
)
cfg.tunnels;
})
];
}

View File

@ -74,11 +74,10 @@ in {
systemd.services.tailscaled = {
wantedBy = [ "multi-user.target" ];
path = [
config.networking.resolvconf.package # for configuring DNS in some configs
pkgs.procps # for collecting running services (opt-in feature)
pkgs.getent # for `getent` to look up user shells
pkgs.kmod # required to pass tailscale's v6nat check
];
] ++ lib.optional config.networking.resolvconf.enable config.networking.resolvconf.package;
serviceConfig.Environment = [
"PORT=${toString cfg.port}"
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName}"''

View File

@ -191,17 +191,25 @@ in {
# Provide a default set of `extraPackages`.
services.deluge.extraPackages = with pkgs; [ unzip gnutar xz bzip2 ];
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group}"
"d '${cfg.dataDir}/.config' 0770 ${cfg.user} ${cfg.group}"
"d '${cfg.dataDir}/.config/deluge' 0770 ${cfg.user} ${cfg.group}"
]
++ optional (cfg.config ? download_location)
"d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? torrentfiles_location)
"d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? move_completed_path)
"d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";
systemd.tmpfiles.settings."10-deluged" = let
defaultConfig = {
inherit (cfg) user group;
mode = "0770";
};
in {
"${cfg.dataDir}".d = defaultConfig;
"${cfg.dataDir}/.config".d = defaultConfig;
"${cfg.dataDir}/.config/deluge".d = defaultConfig;
}
// optionalAttrs (cfg.config ? download_location) {
${cfg.config.download_location}.d = defaultConfig;
}
// optionalAttrs (cfg.config ? torrentfiles_location) {
${cfg.config.torrentfiles_location}.d = defaultConfig;
}
// optionalAttrs (cfg.config ? move_completed_path) {
${cfg.config.move_completed_path}.d = defaultConfig;
};
systemd.services.deluged = {
after = [ "network.target" ];

View File

@ -309,17 +309,25 @@ in
(lib.mkIf cfg.usePreconfiguredStreaming streamingConfig)
];
systemd.tmpfiles.rules = [
"d '/var/lib/epgstation/key' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/streamfiles' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/drop' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/recorded' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/thumbnail' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/db/subscribers' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/db/migrations/mysql' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/db/migrations/postgres' - ${username} ${groupname} - -"
"d '/var/lib/epgstation/db/migrations/sqlite' - ${username} ${groupname} - -"
];
systemd.tmpfiles.settings."10-epgstation" =
lib.listToAttrs
(map (dir: lib.nameValuePair dir {
d = {
user = username;
group = groupname;
};
})
[
"/var/lib/epgstation/key"
"/var/lib/epgstation/streamfiles"
"/var/lib/epgstation/drop"
"/var/lib/epgstation/recorded"
"/var/lib/epgstation/thumbnail"
"/var/lib/epgstation/db/subscribers"
"/var/lib/epgstation/db/migrations/mysql"
"/var/lib/epgstation/db/migrations/postgres"
"/var/lib/epgstation/db/migrations/sqlite"
]);
systemd.services.epgstation = {
inherit description;

View File

@ -165,9 +165,10 @@ in
port = mkIf (cfg.port != null) cfg.port;
};
systemd.tmpfiles.rules = [
"d '/etc/mirakurun' - ${username} ${groupname} - -"
];
systemd.tmpfiles.settings."10-mirakurun"."/etc/mirakurun".d = {
user = username;
group = groupname;
};
systemd.services.mirakurun = {
description = mirakurun.meta.description;

View File

@ -412,20 +412,25 @@ in {
'';
};
systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0710 ${user} ${group} - -"
"d ${cfg.dataDir}/public 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/public/uploads 0750 ${user} ${group} - -"
"d ${cfg.dataDir}/storage 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/app 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/fonts 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/cache 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/sessions 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/framework/views 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/logs 0700 ${user} ${group} - -"
"d ${cfg.dataDir}/storage/uploads 0700 ${user} ${group} - -"
];
systemd.tmpfiles.settings."10-bookstack" = let
defaultConfig = {
inherit user group;
mode = "0700";
};
in {
"${cfg.dataDir}".d = defaultConfig // { mode = "0710"; };
"${cfg.dataDir}/public".d = defaultConfig // { mode = "0750"; };
"${cfg.dataDir}/public/uploads".d = defaultConfig // { mode = "0750"; };
"${cfg.dataDir}/storage".d = defaultConfig;
"${cfg.dataDir}/storage/app".d = defaultConfig;
"${cfg.dataDir}/storage/fonts".d = defaultConfig;
"${cfg.dataDir}/storage/framework".d = defaultConfig;
"${cfg.dataDir}/storage/framework/cache".d = defaultConfig;
"${cfg.dataDir}/storage/framework/sessions".d = defaultConfig;
"${cfg.dataDir}/storage/framework/views".d = defaultConfig;
"${cfg.dataDir}/storage/logs".d = defaultConfig;
"${cfg.dataDir}/storage/uploads".d = defaultConfig;
};
users = {
users = mkIf (user == "bookstack") {

View File

@ -228,9 +228,10 @@ in
};
users.groups."${cfg.user}" = { };
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
];
systemd.tmpfiles.settings."10-freshrss".${cfg.dataDir}.d = {
inherit (cfg) user;
group = config.users.users.${cfg.user}.group;
};
systemd.services.freshrss-config =
let

View File

@ -277,9 +277,7 @@ in
# The systemd service will fail to execute the preStart hook
# if the WorkingDirectory does not exist
systemd.tmpfiles.rules = [
''d "${cfg.statePath}" -''
];
systemd.tmpfiles.settings."10-mattermost".${cfg.statePath}.d = { };
systemd.services.mattermost = {
description = "Mattermost chat service";

View File

@ -255,9 +255,10 @@ in
} ];
};
systemd.tmpfiles.rules = [
"d '${stateDir}' 0750 ${user} ${group} - -"
];
systemd.tmpfiles.settings."10-moodle".${stateDir}.d = {
inherit user group;
mode = "0750";
};
systemd.services.moodle-init = {
wantedBy = [ "multi-user.target" ];

View File

@ -163,10 +163,15 @@ in {
Please do not disable HTTPS mode in production. In this mode, access to the nifi is opened without authentication.
'';
systemd.tmpfiles.rules = [
"d '/var/lib/nifi/conf' 0750 ${cfg.user} ${cfg.group}"
"L+ '/var/lib/nifi/lib' - - - - ${cfg.package}/lib"
];
systemd.tmpfiles.settings."10-nifi" = {
"/var/lib/nifi/conf".d = {
inherit (cfg) user group;
mode = "0750";
};
"/var/lib/nifi/lib"."L+" = {
argument = "${cfg.package}/lib";
};
};
systemd.services.nifi = {

View File

@ -334,8 +334,10 @@ in {
optionalAttrs (cfg.group == "writefreely") { writefreely = { }; };
};
systemd.tmpfiles.rules =
[ "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" ];
systemd.tmpfiles.settings."10-writefreely".${cfg.stateDir}.d = {
inherit (cfg) user group;
mode = "0750";
};
systemd.services.writefreely = {
after = [ "network.target" ]

View File

@ -14,20 +14,20 @@ JWE files have to be created through the clevis command line. 3 types of policie
Secrets are pinned against the presence of a TPM2 device, for example:
```
echo hi | clevis encrypt tpm2 '{}' > hi.jwe
echo -n hi | clevis encrypt tpm2 '{}' > hi.jwe
```
2) Tang policies
Secrets are pinned against the presence of a Tang server, for example:
```
echo hi | clevis encrypt tang '{"url": "http://tang.local"}' > hi.jwe
echo -n hi | clevis encrypt tang '{"url": "http://tang.local"}' > hi.jwe
```
3) Shamir Secret Sharing
Using Shamir's Secret Sharing ([sss](https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing)), secrets are pinned using a combination of the two preceding policies. For example:
```
echo hi | clevis encrypt sss \
echo -n hi | clevis encrypt sss \
'{"t": 2, "pins": {"tpm2": {"pcr_ids": "0"}, "tang": {"url": "http://tang.local"}}}' \
> hi.jwe
```

View File

@ -428,7 +428,13 @@ in
config = {
warnings = concatLists (
warnings = let
mkOneNetOnlineWarn = typeStr: name: def: lib.optional
(lib.elem "network-online.target" def.after && !(lib.elem "network-online.target" (def.wants ++ def.requires ++ def.bindsTo)))
"${name}.${typeStr} is ordered after 'network-online.target' but doesn't depend on it";
mkNetOnlineWarns = typeStr: defs: lib.concatLists (lib.mapAttrsToList (mkOneNetOnlineWarn typeStr) defs);
mkMountNetOnlineWarns = typeStr: defs: lib.concatLists (map (m: mkOneNetOnlineWarn typeStr m.what m) defs);
in concatLists (
mapAttrsToList
(name: service:
let
@ -449,39 +455,30 @@ in
]
)
cfg.services
);
)
++ (mkNetOnlineWarns "target" cfg.targets)
++ (mkNetOnlineWarns "service" cfg.services)
++ (mkNetOnlineWarns "socket" cfg.sockets)
++ (mkNetOnlineWarns "timer" cfg.timers)
++ (mkNetOnlineWarns "path" cfg.paths)
++ (mkMountNetOnlineWarns "mount" cfg.mounts)
++ (mkMountNetOnlineWarns "automount" cfg.automounts)
++ (mkNetOnlineWarns "slice" cfg.slices);
assertions = let
mkOneAssert = typeStr: name: def: {
assertion = lib.elem "network-online.target" def.after -> lib.elem "network-online.target" (def.wants ++ def.requires ++ def.bindsTo);
message = "${name}.${typeStr} is ordered after 'network-online.target' but doesn't depend on it";
};
mkAsserts = typeStr: lib.mapAttrsToList (mkOneAssert typeStr);
mkMountAsserts = typeStr: map (m: mkOneAssert typeStr m.what m);
in mkMerge [
(concatLists (
mapAttrsToList
(name: service:
map (message: {
assertion = false;
inherit message;
}) (concatLists [
(optional ((builtins.elem "network-interfaces.target" service.after) || (builtins.elem "network-interfaces.target" service.wants))
"Service '${name}.service' is using the deprecated target network-interfaces.target, which no longer exists. Using network.target is recommended instead."
)
])
)
cfg.services
))
(mkAsserts "target" cfg.targets)
(mkAsserts "service" cfg.services)
(mkAsserts "socket" cfg.sockets)
(mkAsserts "timer" cfg.timers)
(mkAsserts "path" cfg.paths)
(mkMountAsserts "mount" cfg.mounts)
(mkMountAsserts "automount" cfg.automounts)
(mkAsserts "slice" cfg.slices)
];
assertions = concatLists (
mapAttrsToList
(name: service:
map (message: {
assertion = false;
inherit message;
}) (concatLists [
(optional ((builtins.elem "network-interfaces.target" service.after) || (builtins.elem "network-interfaces.target" service.wants))
"Service '${name}.service' is using the deprecated target network-interfaces.target, which no longer exists. Using network.target is recommended instead."
)
])
)
cfg.services
);
system.build.units = cfg.units;
@ -658,6 +655,7 @@ in
systemd.services.systemd-udev-settle.restartIfChanged = false; # Causes long delays in nixos-rebuild
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true;
systemd.targets.network-online.wantedBy = [ "multi-user.target" ];
systemd.services.systemd-importd.environment = proxy_env;
systemd.services.systemd-pstore.wantedBy = [ "sysinit.target" ]; # see #81138

View File

@ -242,7 +242,7 @@ in {
discourse = handleTest ./discourse.nix {};
dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {};
dnscrypt-wrapper = runTestOn ["x86_64-linux"] ./dnscrypt-wrapper;
dnsdist = handleTest ./dnsdist.nix {};
dnsdist = import ./dnsdist.nix { inherit pkgs runTest; };
doas = handleTest ./doas.nix {};
docker = handleTestOn ["aarch64-linux" "x86_64-linux"] ./docker.nix {};
docker-rootless = handleTestOn ["aarch64-linux" "x86_64-linux"] ./docker-rootless.nix {};

View File

@ -64,7 +64,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
# This is not supported at the moment.
# https://trello.com/b/HHs01Pab/cinnamon-wayland
machine.execute("${su "cinnamon-screensaver-command -l >&2 &"}")
machine.wait_until_succeeds("journalctl -b --grep 'Cinnamon Screensaver is unavailable on Wayland'")
machine.wait_until_succeeds("journalctl -b --grep 'cinnamon-screensaver is disabled in wayland sessions'")
with subtest("Open GNOME Terminal"):
machine.succeed("${su "dbus-launch gnome-terminal"}")

View File

@ -1,48 +1,113 @@
import ./make-test-python.nix (
{ pkgs, ... }: {
name = "dnsdist";
meta = with pkgs.lib; {
maintainers = with maintainers; [ jojosch ];
};
{ pkgs, runTest }:
nodes.machine = { pkgs, lib, ... }: {
services.bind = {
enable = true;
extraOptions = "empty-zones-enable no;";
zones = lib.singleton {
name = ".";
master = true;
file = pkgs.writeText "root.zone" ''
$TTL 3600
. IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
. IN NS ns.example.org.
let
ns.example.org. IN A 192.168.0.1
ns.example.org. IN AAAA abcd::1
inherit (pkgs) lib;
1.0.168.192.in-addr.arpa IN PTR ns.example.org.
'';
};
};
services.dnsdist = {
enable = true;
listenPort = 5353;
extraConfig = ''
newServer({address="127.0.0.1:53", name="local-bind"})
baseConfig = {
networking.nameservers = [ "::1" ];
services.bind = {
enable = true;
extraOptions = "empty-zones-enable no;";
zones = lib.singleton {
name = ".";
master = true;
file = pkgs.writeText "root.zone" ''
$TTL 3600
. IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
. IN NS ns.example.org.
ns.example.org. IN A 192.168.0.1
ns.example.org. IN AAAA abcd::1
1.0.168.192.in-addr.arpa IN PTR ns.example.org.
'';
};
environment.systemPackages = with pkgs; [ dig ];
};
services.dnsdist = {
enable = true;
listenPort = 5353;
extraConfig = ''
newServer({address="127.0.0.1:53", name="local-bind"})
'';
};
};
in
{
base = runTest {
name = "dnsdist-base";
meta.maintainers = with lib.maintainers; [ jojosch ];
nodes.machine = baseConfig;
testScript = ''
machine.wait_for_unit("bind.service")
machine.wait_for_open_port(53)
machine.succeed("dig @127.0.0.1 +short -x 192.168.0.1 | grep -qF ns.example.org")
machine.succeed("host -p 53 192.168.0.1 | grep -qF ns.example.org")
machine.wait_for_unit("dnsdist.service")
machine.wait_for_open_port(5353)
machine.succeed("dig @127.0.0.1 -p 5353 +short -x 192.168.0.1 | grep -qF ns.example.org")
machine.succeed("host -p 5353 192.168.0.1 | grep -qF ns.example.org")
'';
}
)
};
dnscrypt = runTest {
name = "dnsdist-dnscrypt";
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
nodes.server = lib.mkMerge [
baseConfig
{
networking.firewall.allowedTCPPorts = [ 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
services.dnsdist.dnscrypt.enable = true;
services.dnsdist.dnscrypt.providerKey = "${./dnscrypt-wrapper/secret.key}";
}
];
nodes.client = {
services.dnscrypt-proxy2.enable = true;
services.dnscrypt-proxy2.upstreamDefaults = false;
services.dnscrypt-proxy2.settings =
{ server_names = [ "server" ];
listen_addresses = [ "[::1]:53" ];
cache = false;
# Computed using https://dnscrypt.info/stamps/
static.server.stamp =
"sdns://AQAAAAAAAAAADzE5Mi4xNjguMS4yOjQ0MyAUQdg6_RIIpK6pHkINhrv7nxwIG5c7b_m5NJVT3A1AXRYyLmRuc2NyeXB0LWNlcnQuc2VydmVy";
};
networking.nameservers = [ "::1" ];
};
testScript = ''
with subtest("The DNSCrypt server is accepting connections"):
server.wait_for_unit("bind.service")
server.wait_for_unit("dnsdist.service")
server.wait_for_open_port(443)
almost_expiration = server.succeed("date --date '14min'").strip()
with subtest("The DNSCrypt client can connect to the server"):
client.wait_until_succeeds("journalctl -u dnscrypt-proxy2 --grep '\[server\] OK'")
with subtest("DNS queries over UDP are working"):
client.wait_for_open_port(53)
client.succeed("host -U 192.168.0.1 | grep -qF ns.example.org")
with subtest("DNS queries over TCP are working"):
client.wait_for_open_port(53)
client.succeed("host -T 192.168.0.1 | grep -qF ns.example.org")
with subtest("The server rotates the ephemeral keys"):
server.succeed(f"date -s '{almost_expiration}'")
client.succeed(f"date -s '{almost_expiration}'")
server.wait_until_succeeds("journalctl -u dnsdist --grep 'rotated certificate'")
with subtest("The client can still connect to the server"):
client.wait_until_succeeds("host -T 192.168.0.1")
client.wait_until_succeeds("host -U 192.168.0.1")
'';
};
}

View File

@ -9,13 +9,15 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
services.livebook = {
enableUserService = true;
port = 20123;
environment = {
LIVEBOOK_PORT = 20123;
LIVEBOOK_COOKIE = "chocolate chip";
LIVEBOOK_TOKEN_ENABLED = true;
};
environmentFile = pkgs.writeText "livebook.env" ''
LIVEBOOK_PASSWORD = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
'';
options = {
cookie = "chocolate chip";
};
};
};
};

View File

@ -1,6 +1,28 @@
{ lib, stdenv, fetchFromGitHub
, llvm_10, qt5, qrencode, libmicrohttpd, libjack2, alsa-lib, faust, curl
, bc, coreutils, which, libsndfile, flac, libogg, libvorbis, libopus, pkg-config, libxcb, cmake, gnutls, libtasn1, p11-kit
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, cmake
, pkg-config
, which
, alsa-lib
, curl
, faust
, flac
, gnutls
, libjack2
, libmicrohttpd
, libmpg123
, libogg
, libopus
, libsndfile
, libtasn1
, libvorbis
, libxcb
, llvm
, p11-kit
, qrencode
, qt5
}:
stdenv.mkDerivation rec {
@ -10,22 +32,55 @@ stdenv.mkDerivation rec {
owner = "grame-cncm";
repo = "faustlive";
rev = version;
sha256 = "sha256-RqtdDkP63l/30sL5PDocvpar5TI4LdKfeeliSNeOHog=";
hash = "sha256-RqtdDkP63l/30sL5PDocvpar5TI4LdKfeeliSNeOHog=";
fetchSubmodules = true;
};
nativeBuildInputs = [ pkg-config qt5.wrapQtAppsHook cmake ];
buildInputs = [
llvm_10 qt5.qtbase qrencode libmicrohttpd libjack2 alsa-lib faust curl
bc coreutils which libsndfile flac libogg libvorbis libopus libxcb gnutls libtasn1 p11-kit
patches = [
# move mutex initialization outside assert call
# https://github.com/grame-cncm/faustlive/pull/59
(fetchpatch {
name = "initalize-mutexes.patch";
url = "https://github.com/grame-cncm/faustlive/commit/fdd46b12202def9731b9ed2f6363287af16be892.patch";
hash = "sha256-yH95Y4Jbqgs8siE9rtutmu5C2sNZwQMJzCgDYqNBDj4=";
})
];
makeFlags = [ "PREFIX=$(out)" ];
strictDeps = true;
postInstall = ''
wrapProgram $out/bin/FaustLive --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ libmicrohttpd libsndfile faust llvm_10 ]}"
'';
nativeBuildInputs = [
cmake
faust
llvm
pkg-config
qt5.wrapQtAppsHook
which
];
buildInputs = [
alsa-lib
curl
faust
flac
gnutls
libjack2
libmicrohttpd
libmpg123
libogg
libopus
libsndfile
libtasn1
libvorbis
libxcb
llvm
p11-kit
qrencode
qt5.qtbase
];
cmakeFlags = [
"-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON"
];
postPatch = "cd Build";

View File

@ -8,7 +8,7 @@
, lib
, libmicrohttpd
, libusb-compat-0_1
, llvmPackages_10
, llvmPackages
, qtcharts
, qtdeclarative
, qtquickcontrols2
@ -39,7 +39,7 @@ mkDerivation rec {
gcc12.cc.lib
libmicrohttpd
libusb-compat-0_1
llvmPackages_10.openmp
llvmPackages.openmp
qtcharts
qtdeclarative
qtquickcontrols2

View File

@ -48,13 +48,13 @@ let
} else portaudio;
in stdenv'.mkDerivation (finalAttrs: {
pname = "musescore";
version = "4.2.0";
version = "4.2.1";
src = fetchFromGitHub {
owner = "musescore";
repo = "MuseScore";
rev = "v${finalAttrs.version}";
sha256 = "sha256-vNA1VPCHLt5kuhIix8kgeq1VlbuIX1lOY3nJaufvuyc=";
sha256 = "sha256-YCeO/ijxA+tZxNviqmlIBkAdjPTrKoOoo1QyMIOqhWU=";
};
cmakeFlags = [

View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, boost, cairo, libGL, lv2, pkg-config }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, boost, cairo, libGL, lv2, pkg-config }:
stdenv.mkDerivation rec {
pname = "string-machine";
@ -12,6 +12,16 @@ stdenv.mkDerivation rec {
fetchSubmodules = true;
};
patches = [
# gcc-13 compatibility fix:
# https://github.com/jpcima/string-machine/pull/36
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/jpcima/string-machine/commit/e1f9c70da46e43beb2654b509bc824be5601a0a5.patch";
hash = "sha256-eS28wBuFjbx2tEb9gtVRZXfK0w2o1RCFTouNf8Adq+k=";
})
];
postPatch = ''
patchShebangs ./dpf/utils/generate-ttl.sh
'';

View File

@ -1,53 +0,0 @@
{ lib, stdenv, fetchurl, unzip, alsa-lib, libX11, libXi, SDL2 }:
let
libPath = lib.makeLibraryPath [ stdenv.cc.cc alsa-lib libX11 libXi SDL2 ];
arch =
if stdenv.isAarch64
then "arm64"
else if stdenv.isAarch32
then "arm_armhf_raspberry_pi"
else if stdenv.is64bit
then "x86_64"
else "x86";
in
stdenv.mkDerivation rec {
pname = "SunVox";
version = "2.1.1c";
src = fetchurl {
urls = [
"https://www.warmplace.ru/soft/sunvox/sunvox-${version}.zip"
# Upstream removes downloads of older versions, please save bumped versions to archive.org
"https://web.archive.org/web/20231204012052/https://www.warmplace.ru/soft/sunvox/sunvox-2.1.1c.zip"
];
sha256 = "sha256-LfBQ/f2X75bcqLp39c2tdaSlDm+E73GUvB68XFqiicw=";
};
nativeBuildInputs = [ unzip ];
unpackPhase = "unzip $src";
dontBuild = true;
installPhase = ''
mkdir -p $out/share $out/bin
mv sunvox $out/share/
bin="$out/share/sunvox/sunvox/linux_${arch}/sunvox"
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${libPath}" \
"$bin"
ln -s "$bin" $out/bin/sunvox
'';
meta = with lib; {
description = "Small, fast and powerful modular synthesizer with pattern-based sequencer";
license = licenses.unfreeRedistributable;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
homepage = "http://www.warmplace.ru/soft/sunvox/";
maintainers = with maintainers; [ puffnfresh ];
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

View File

@ -2,11 +2,11 @@
let
pname = "ledger-live-desktop";
version = "2.73.1";
version = "2.75.0";
src = fetchurl {
url = "https://download.live.ledger.com/${pname}-${version}-linux-x86_64.AppImage";
hash = "sha256-aHA65NLX3tlg8nLnQOOG1TuvcJP57HbQWruiBMvDJ10=";
hash = "sha256-sVaQbfpgHgd1OZgR+R0PUmNENfDOcNRfvO2AVKFyDqM=";
};
appimageContents = appimageTools.extractType2 {
@ -34,5 +34,6 @@ appimageTools.wrapType2 rec {
maintainers = with maintainers; [ andresilva thedavidmeister nyanloutre RaghavSood th0rgal ];
platforms = [ "x86_64-linux" ];
mainProgram = "ledger-live-desktop";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
}

View File

@ -10,16 +10,16 @@ let
inherit tiling_wm;
};
stableVersion = {
version = "2023.1.1.27"; # "Android Studio Hedgehog | 2023.1.1 Patch 1"
sha256Hash = "sha256-XF+XyHGk7dPTBHKcx929qdFHu6hRJWFO382mh4SuWDs=";
version = "2023.1.1.28"; # "Android Studio Hedgehog | 2023.1.1 Patch 2"
sha256Hash = "sha256-E50Nu0kJNTto+/VcCbbTGjRRIESp1PAs4PGprMyhKPk=";
};
betaVersion = {
version = "2023.2.1.20"; # "Android Studio Iguana | 2023.2.1 Beta 2"
sha256Hash = "sha256-cFEPgFAKkFx0d7PC4fTElTQVrBZMQs0RL3wR+hqTh2I=";
};
latestVersion = {
version = "2023.3.1.4"; # "Android Studio Jellyfish | 2023.3.1 Canary 4"
sha256Hash = "sha256-txHkRZ87KnZvzbpBA19mZzQ0HKHWAJsSnNlQCUDsWmA=";
version = "2023.3.1.5"; # "Android Studio Jellyfish | 2023.3.1 Canary 5"
sha256Hash = "sha256-cxlACtSpDBoM5KHAWCEvqPbuKnvH7aDzOo3P+Folgqk=";
};
in {
# Attributes are named by their corresponding release channels

View File

@ -5,11 +5,11 @@
let
pname = "codux";
version = "15.18.1";
version = "15.18.2";
src = fetchurl {
url = "https://github.com/wixplosives/codux-versions/releases/download/${version}/Codux-${version}.x86_64.AppImage";
sha256 = "sha256-/U3byPCaeDIFoZX3TY+FbIZQWALOoDEwEtNg6RH86GM=";
sha256 = "sha256-cOe6Yt4L3dFEFznqY3kHeHm9vhzoZBKM8MsrSyNK/aU=";
};
appimageContents = appimageTools.extractType2 { inherit pname version src; };

View File

@ -102,7 +102,7 @@ let
--replace 'Name=Neovim' 'Name=Neovim wrapper'
''
+ lib.optionalString finalAttrs.withPython3 ''
makeWrapper ${python3Env.interpreter} $out/bin/nvim-python3 --unset PYTHONPATH
makeWrapper ${python3Env.interpreter} $out/bin/nvim-python3 --unset PYTHONPATH --unset PYTHONSAFEPATH
''
+ lib.optionalString (finalAttrs.rubyEnv != null) ''
ln -s ${finalAttrs.rubyEnv}/bin/neovim-ruby-host $out/bin/nvim-ruby

File diff suppressed because it is too large Load Diff

View File

@ -95,12 +95,12 @@
};
bash = buildGrammar {
language = "bash";
version = "0.0.0+rev=7331995";
version = "0.0.0+rev=f7239f6";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-bash";
rev = "7331995b19b8f8aba2d5e26deb51d2195c18bc94";
hash = "sha256-VP7rJfE/k8KV1XN1w5f0YKjCnDMYU1go/up0zj1mabM=";
rev = "f7239f638d3dc16762563a9027faeee518ce1bd9";
hash = "sha256-+Mpks0FyQLl26TX63J6WhaAl/QDUR1k9wSUY5SFwL+w=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-bash";
};
@ -172,12 +172,12 @@
};
c = buildGrammar {
language = "c";
version = "0.0.0+rev=212a80f";
version = "0.0.0+rev=34f4c7e";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-c";
rev = "212a80f86452bb1316324fa0db730cf52f29e05a";
hash = "sha256-Etl4s29YSOxiqPo4Z49N6zIYqNpIsdk/Qd0jR8jdvW4=";
rev = "34f4c7e751f4d661be3e23682fe2631d6615141d";
hash = "sha256-VqTe0teQalt35HG8b2RDPOEJyqgViqUf43MQKdhEcUM=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-c";
};
@ -304,12 +304,12 @@
};
cpp = buildGrammar {
language = "cpp";
version = "0.0.0+rev=a714740";
version = "0.0.0+rev=3deebb6";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-cpp";
rev = "a71474021410973b29bfe99440d57bcd750246b1";
hash = "sha256-UrQ48CoUMSHmlHzOMu22c9N4hxJtHL2ZYRabYjf5byA=";
rev = "3deebb663506a06e179e0dd739d2b23e158f4157";
hash = "sha256-IN4svBz8TiDi6ADLEFgKfuY68GxIX5nG3nvtPRFt4Eo=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-cpp";
};
@ -326,12 +326,12 @@
};
csv = buildGrammar {
language = "csv";
version = "0.0.0+rev=6c19574";
version = "0.0.0+rev=cda48a5";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-csv";
rev = "6c1957405bd6f7751b050f61367f1094fab91444";
hash = "sha256-ISG+FgauEfuH5+uCxQWA1h9/HTaWR3eJcn+k2c51dYs=";
rev = "cda48a5e890b30619da5bc3ff55be1b1d3d08c8d";
hash = "sha256-K4tOYdI68fXnWbvSat50FL/jDSb8f6gtZOhE6qKPLyg=";
};
location = "csv";
meta.homepage = "https://github.com/amaanq/tree-sitter-csv";
@ -383,12 +383,12 @@
};
devicetree = buildGrammar {
language = "devicetree";
version = "0.0.0+rev=53b4137";
version = "0.0.0+rev=6b53bfd";
src = fetchFromGitHub {
owner = "joelspadin";
repo = "tree-sitter-devicetree";
rev = "53b4137bd37e726116ea918139767f982a1584d8";
hash = "sha256-eHH6PiOR1xlIYFY2OcnvVVQanfAuJMkbsvDy9Wjm80U=";
rev = "6b53bfdb20a54727bfe344aa40907351a298f75c";
hash = "sha256-KaLaRfFFVNFrQmKv6G33r4H00hNkHvyTo4Aj9sBkW4s=";
};
meta.homepage = "https://github.com/joelspadin/tree-sitter-devicetree";
};
@ -414,6 +414,17 @@
};
meta.homepage = "https://github.com/the-mikedavis/tree-sitter-diff";
};
disassembly = buildGrammar {
language = "disassembly";
version = "0.0.0+rev=0229c02";
src = fetchFromGitHub {
owner = "ColinKennedy";
repo = "tree-sitter-disassembly";
rev = "0229c0211dba909c5d45129ac784a3f4d49c243a";
hash = "sha256-IM3HzOhJmbb334PZ8q+r2EMi5Bv/rLoy+llPN0aghr8=";
};
meta.homepage = "https://github.com/ColinKennedy/tree-sitter-disassembly";
};
dockerfile = buildGrammar {
language = "dockerfile";
version = "0.0.0+rev=33e22c3";
@ -495,12 +506,12 @@
};
elixir = buildGrammar {
language = "elixir";
version = "0.0.0+rev=11426c5";
version = "0.0.0+rev=511ea5e";
src = fetchFromGitHub {
owner = "elixir-lang";
repo = "tree-sitter-elixir";
rev = "11426c5fd20eef360d5ecaf10729191f6bc5d715";
hash = "sha256-/tfxskct2GByqFmmWJ4IZNREpNGvDqz2kbIyLRveGrs=";
rev = "511ea5e0088779e4bdd76e12963ab9a5fe99983a";
hash = "sha256-gF+bhfaN45KmGGhLa4i2K8LiBLxY8n5fw2m6kYzx5xo=";
};
meta.homepage = "https://github.com/elixir-lang/tree-sitter-elixir";
};
@ -737,12 +748,12 @@
};
gleam = buildGrammar {
language = "gleam";
version = "0.0.0+rev=62c5388";
version = "0.0.0+rev=58b7cac";
src = fetchFromGitHub {
owner = "gleam-lang";
repo = "tree-sitter-gleam";
rev = "62c5388a7badb4e29315690358267a76a734bf83";
hash = "sha256-Mxjifj5eIyw6rKPMAuhEt6bXTeHX2fDeJ1VaiZ70vgE=";
rev = "58b7cac8fc14c92b0677c542610d8738c373fa81";
hash = "sha256-VtuGsa8jKndxlyJKy9UHfZXvAgr63Q0iwceXKfEUAYE=";
};
meta.homepage = "https://github.com/gleam-lang/tree-sitter-gleam";
};
@ -990,12 +1001,12 @@
};
html = buildGrammar {
language = "html";
version = "0.0.0+rev=d742025";
version = "0.0.0+rev=949b780";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-html";
rev = "d742025fa2d8e6100f134a6ea990443aa1f074b3";
hash = "sha256-ZpUruxwi9S+gUy/k0DkhDGWLc65XppUhD0NeVVItYg4=";
rev = "949b78051835564bca937565241e5e337d838502";
hash = "sha256-njOFN1I+Ezg6N6v/FMPk0FKnlPnvfHijqISxex6fO40=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-html";
};
@ -1166,12 +1177,12 @@
};
kconfig = buildGrammar {
language = "kconfig";
version = "0.0.0+rev=aaba009";
version = "0.0.0+rev=2ba709d";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-kconfig";
rev = "aaba009ba9d7881f0f81742da588ae70b572316d";
hash = "sha256-yjw1fr4utQHIrP/CA4df2adhpm+xrkvobZ5ZF5tjjEI=";
rev = "2ba709d40caa6c1f68b26e55ff7a53e343154cfd";
hash = "sha256-36x4t+HPuj+QEmOetlE3JowaAXP6eUhvkx9pZduBWgA=";
};
meta.homepage = "https://github.com/amaanq/tree-sitter-kconfig";
};
@ -1298,12 +1309,12 @@
};
luadoc = buildGrammar {
language = "luadoc";
version = "0.0.0+rev=990926b";
version = "0.0.0+rev=d82b430";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-luadoc";
rev = "990926b13488a4bc0fc0804fc0f8400b5b0a1fb4";
hash = "sha256-LU8zF6gM8tlwfbdUy/tlg5ubhyFKUrwF/vU8NPXlOGQ=";
rev = "d82b43018a6b22d70b264ed8713be1c4daf9b0e0";
hash = "sha256-x1VyDzIAozcCBO6pukhwUjZ5JiZVq2+5CMWE2XXf6Fw=";
};
meta.homepage = "https://github.com/amaanq/tree-sitter-luadoc";
};
@ -1320,12 +1331,12 @@
};
luau = buildGrammar {
language = "luau";
version = "0.0.0+rev=6953cd4";
version = "0.0.0+rev=e5f7a02";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-luau";
rev = "6953cd4fa5967c9aa3c769b4e4c7e69c904b9fa9";
hash = "sha256-QGJgbwDSgkiiE7yt6HHkGH2t3ZNoY1+0VieX7Ccn/Z4=";
rev = "e5f7a020967407f73959592decdb147bb5fc30bb";
hash = "sha256-5Tnqt4PA3xX2Gk0CvlzVpWXI3OcqzsIJov4Kn0EWN+w=";
};
meta.homepage = "https://github.com/amaanq/tree-sitter-luau";
};
@ -1377,12 +1388,12 @@
};
matlab = buildGrammar {
language = "matlab";
version = "0.0.0+rev=6071891";
version = "0.0.0+rev=79d8b25";
src = fetchFromGitHub {
owner = "acristoffers";
repo = "tree-sitter-matlab";
rev = "6071891a8c39600203eba20513666cf93b4d650a";
hash = "sha256-H6eCCZtE1MbSpHyvdcVbG3piBijM499imiNDIhCoTJA=";
rev = "79d8b25f57b48f83ae1333aff6723b83c9532e37";
hash = "sha256-DCAMxQqWHM54yzNzF1FjaU0+vETbLhfSZXNq+62DzhE=";
};
meta.homepage = "https://github.com/acristoffers/tree-sitter-matlab";
};
@ -1634,35 +1645,47 @@
};
perl = buildGrammar {
language = "perl";
version = "0.0.0+rev=9c0cea7";
version = "0.0.0+rev=a30394f";
src = fetchFromGitHub {
owner = "tree-sitter-perl";
repo = "tree-sitter-perl";
rev = "9c0cea7720f65a5e832c4d924356d7793f519e36";
hash = "sha256-HRhUyt2PHP+NiYqoY8iTrO/9F5iZLv4pNYHA7ZjCZmE=";
rev = "a30394f61b607f48c841c6e085d5219f23872816";
hash = "sha256-3aWBh5jKXUYXxOv+RKyEpwJVOoP7QuaRQZHw0yOy6tQ=";
};
meta.homepage = "https://github.com/tree-sitter-perl/tree-sitter-perl";
};
php = buildGrammar {
language = "php";
version = "0.0.0+rev=b569a5f";
version = "0.0.0+rev=dc8bd41";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-php";
rev = "b569a5f2c0d592e67430520d1a0e1f765d83ceb0";
hash = "sha256-ScPFOsPVy5We1MePbf0fpyMlnqVad1dszj7uyCdi3Og=";
rev = "dc8bd4150401f6c08591414f2a5480b7f2a874c8";
hash = "sha256-gQGj6qKjyAie6RgHZl1nVUiELDyR+/iIzFMQQ/obus8=";
};
location = "php";
meta.homepage = "https://github.com/tree-sitter/tree-sitter-php";
};
php_only = buildGrammar {
language = "php_only";
version = "0.0.0+rev=dc8bd41";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-php";
rev = "dc8bd4150401f6c08591414f2a5480b7f2a874c8";
hash = "sha256-gQGj6qKjyAie6RgHZl1nVUiELDyR+/iIzFMQQ/obus8=";
};
location = "php_only";
meta.homepage = "https://github.com/tree-sitter/tree-sitter-php";
};
phpdoc = buildGrammar {
language = "phpdoc";
version = "0.0.0+rev=915a527";
version = "0.0.0+rev=67db260";
src = fetchFromGitHub {
owner = "claytonrcarter";
repo = "tree-sitter-phpdoc";
rev = "915a527d5aafa81b31acf67fab31b0ac6b6319c0";
hash = "sha256-DYNJ/i+VBuTOxuphJn4nklTLfV7GuNP1RCCuf5qAYR4=";
rev = "67db260cf4e99a02283ae26b808d59b86d42dc0f";
hash = "sha256-IMj5xL1SB1JYI0hweIq+kSXkoeWBqAzAu/35FO2xi+U=";
};
meta.homepage = "https://github.com/claytonrcarter/tree-sitter-phpdoc";
};
@ -1789,12 +1812,12 @@
};
psv = buildGrammar {
language = "psv";
version = "0.0.0+rev=6c19574";
version = "0.0.0+rev=cda48a5";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-csv";
rev = "6c1957405bd6f7751b050f61367f1094fab91444";
hash = "sha256-ISG+FgauEfuH5+uCxQWA1h9/HTaWR3eJcn+k2c51dYs=";
rev = "cda48a5e890b30619da5bc3ff55be1b1d3d08c8d";
hash = "sha256-K4tOYdI68fXnWbvSat50FL/jDSb8f6gtZOhE6qKPLyg=";
};
location = "psv";
meta.homepage = "https://github.com/amaanq/tree-sitter-csv";
@ -2043,12 +2066,12 @@
};
rust = buildGrammar {
language = "rust";
version = "0.0.0+rev=79456e6";
version = "0.0.0+rev=e0e8b6d";
src = fetchFromGitHub {
owner = "tree-sitter";
repo = "tree-sitter-rust";
rev = "79456e6080f50fc1ca7c21845794308fa5d35a51";
hash = "sha256-57CuGp7gP+AVYIR3HbMXnmmSAbtlpWrOHRYpMbmWfds=";
rev = "e0e8b6de6e4aa354749c794f5f36a906dcccda74";
hash = "sha256-egTxBuliboYbl+5N6Jdt960EMLByVmLqSmQLps3rEok=";
};
meta.homepage = "https://github.com/tree-sitter/tree-sitter-rust";
};
@ -2299,12 +2322,12 @@
};
swift = buildGrammar {
language = "swift";
version = "0.0.0+rev=f1a48a3";
version = "0.0.0+rev=1c58633";
src = fetchFromGitHub {
owner = "alex-pinkus";
repo = "tree-sitter-swift";
rev = "f1a48a33a7ceaf8817f7a340ea4ef1b549ffa176";
hash = "sha256-koMsIPFCvmJ/zIPOcv/ZSyXQSBjbFhGBq8r3IXCPWdQ=";
rev = "1c586339fb00014b23d6933f2cc32b588a226f3b";
hash = "sha256-bFJfPIc8H133yASZe9chgtJEBuNQ7oWm6/6Yu6jWwhI=";
};
generate = true;
meta.homepage = "https://github.com/alex-pinkus/tree-sitter-swift";
@ -2367,12 +2390,12 @@
};
templ = buildGrammar {
language = "templ";
version = "0.0.0+rev=c3baaab";
version = "0.0.0+rev=a3ef3d8";
src = fetchFromGitHub {
owner = "vrischmann";
repo = "tree-sitter-templ";
rev = "c3baaab33f1f1032eedd3613cd932284975bd21f";
hash = "sha256-7YMHGcDR4Wd2FolFnh2fZ3M65L5E5BLAoJyMuRsh7Uo=";
rev = "a3ef3d8e73515b196d30adf9ee5115f057f7a2c6";
hash = "sha256-henVqdcvCURqjiueaipB2YVLhh3gbVqFiLMfvGS3t6M=";
};
meta.homepage = "https://github.com/vrischmann/tree-sitter-templ";
};
@ -2456,12 +2479,12 @@
};
tsv = buildGrammar {
language = "tsv";
version = "0.0.0+rev=6c19574";
version = "0.0.0+rev=cda48a5";
src = fetchFromGitHub {
owner = "amaanq";
repo = "tree-sitter-csv";
rev = "6c1957405bd6f7751b050f61367f1094fab91444";
hash = "sha256-ISG+FgauEfuH5+uCxQWA1h9/HTaWR3eJcn+k2c51dYs=";
rev = "cda48a5e890b30619da5bc3ff55be1b1d3d08c8d";
hash = "sha256-K4tOYdI68fXnWbvSat50FL/jDSb8f6gtZOhE6qKPLyg=";
};
location = "tsv";
meta.homepage = "https://github.com/amaanq/tree-sitter-csv";
@ -2681,12 +2704,12 @@
};
wing = buildGrammar {
language = "wing";
version = "0.0.0+rev=ee58533";
version = "0.0.0+rev=9c3a40d";
src = fetchFromGitHub {
owner = "winglang";
repo = "wing";
rev = "ee58533169c654b8d7fd47fde01241e528674d8a";
hash = "sha256-HhOWVBM4SNHgN48wgWARBo6Rd3T9Y1DC91gVm1EzvUo=";
rev = "9c3a40d7e51c2963b19d1f7614f9b551cad66bb6";
hash = "sha256-4L6vx4MHTuTx/5DKKWSVRygCRHI/y9YYbMs/ejAjZXw=";
};
location = "libs/tree-sitter-wing";
generate = true;
@ -2748,6 +2771,17 @@
};
meta.homepage = "https://github.com/Philipp-M/tree-sitter-yuck";
};
zathurarc = buildGrammar {
language = "zathurarc";
version = "0.0.0+rev=b47016d";
src = fetchFromGitHub {
owner = "Freed-Wu";
repo = "tree-sitter-zathurarc";
rev = "b47016df5688ef91ad4532138b6210c7944d6483";
hash = "sha256-Na0Z8mRdXYwAnw3wyc978aoQjF/m49IYsnQx3AG8kOc=";
};
meta.homepage = "https://github.com/Freed-Wu/tree-sitter-zathurarc";
};
zig = buildGrammar {
language = "zig";
version = "0.0.0+rev=0d08703";

View File

@ -670,6 +670,10 @@
dependencies = with self; [ plenary-nvim ];
};
haskell-scope-highlighting-nvim = super.haskell-scope-highlighting-nvim.overrideAttrs {
dependencies = with self; [ nvim-treesitter ];
};
hex-nvim = super.hex-nvim.overrideAttrs {
postPatch = ''
substituteInPlace lua/hex.lua --replace xxd ${xxd}/bin/xxd

View File

@ -347,6 +347,7 @@ https://github.com/m4xshen/hardtime.nvim/,HEAD,
https://git.sr.ht/~sircmpwn/hare.vim,HEAD,
https://github.com/ThePrimeagen/harpoon/,master,
https://github.com/ThePrimeagen/harpoon/,harpoon2,harpoon2
https://github.com/kiyoon/haskell-scope-highlighting.nvim/,HEAD,
https://github.com/MrcJkb/haskell-tools.nvim/,HEAD,
https://github.com/neovimhaskell/haskell-vim/,,
https://github.com/wenzel-hoffman/haskell-with-unicode.vim/,HEAD,

View File

@ -122,6 +122,21 @@ let
};
};
albymor.increment-selection = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "increment-selection";
publisher = "albymor";
version = "0.2.0";
sha256 = "sha256-iP4c0xLPiTsgD8Q8Kq9jP54HpdnBveKRY31Ro97ROJ8=";
};
meta = {
description = "Increment, decrement or reverse selection with multiple cursors";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=albymor.increment-selection";
homepage = "https://github.com/albymor/Increment-Selection";
license = lib.licenses.mit;
};
};
alefragnani.bookmarks = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "bookmarks";
@ -472,6 +487,21 @@ let
};
};
bazelbuild.vscode-bazel = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-bazel";
publisher = "bazelbuild";
version = "0.7.0";
sha256 = "05wvih09184bsp4rv2m55z0sasra2qrvch5m3bkbrjq7rcqgibgx";
};
meta = {
description = "Bazel support for Visual Studio Code";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=BazelBuild.vscode-bazel";
homepage = "https://github.com/bazelbuild/vscode-bazel";
license = lib.licenses.asl20;
};
};
bbenoist.nix = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "Nix";
@ -1881,6 +1911,21 @@ let
};
};
iliazeus.vscode-ansi = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-ansi";
publisher = "iliazeus";
version = "1.1.6";
sha256 = "sha256-ZPV8zd/GkXOGf6s8fz9ZPmC3i1jO0wFAqV0E67lW0do=";
};
meta = {
description = "ANSI color styling for text documents";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=iliazeus.vscode-ansi";
homepage = "https://github.com/iliazeus/vscode-ansi";
license = lib.licenses.mit;
};
};
influxdata.flux = buildVscodeMarketplaceExtension {
mktplcRef = {
publisher = "influxdata";
@ -1963,6 +2008,21 @@ let
};
};
jamesyang999.vscode-emacs-minimum = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-emacs-minimum";
publisher = "jamesyang999";
version = "1.1.1";
sha256 = "sha256-qxnAhT2UGTQmPw9XmdBdx0F0NNLAaU1/ES9jiqiRrGI=";
};
meta = {
description = "Minimal emacs key bindings for VSCode";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=jamesyang999.vscode-emacs-minimum";
homepage = "https://github.com/futurist/vscode-emacs-minimum";
license = lib.licenses.unfree;
};
};
janet-lang.vscode-janet = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-janet";
@ -2941,6 +3001,21 @@ let
};
};
quicktype.quicktype = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "quicktype";
publisher = "quicktype";
version = "12.0.46";
sha256 = "sha256-NTZ0BujnA+COg5txOLXSZSp8TPD1kZNfZPjnvZUL9lc=";
};
meta = {
description = "Infer types from sample JSON data";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=quicktype.quicktype";
homepage = "https://github.com/glideapps/quicktype";
license = lib.licenses.asl20;
};
};
rebornix.ruby = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "ruby";
@ -3538,6 +3613,21 @@ let
};
};
tim-koehler.helm-intellisense = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "helm-intellisense";
publisher = "Tim-Koehler";
version = "0.14.3";
sha256 = "sha256-TcXn8n6mKEFpnP8dyv+nXBjsyfUfJNgdL9iSZwA5eo0=";
};
meta = {
description = "Extension to help writing Helm-Templates by providing intellisense";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense";
homepage = "https://github.com/tim-koehler/Helm-Intellisense";
license = lib.licenses.mit;
};
};
timonwong.shellcheck = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "shellcheck";
@ -3612,6 +3702,21 @@ let
};
};
twpayne.vscode-testscript = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-testscript";
publisher = "twpayne";
version = "0.0.4";
sha256 = "sha256-KOmcJlmmdUkC+q0AQ/Q/CQAeRgQPr6nVO0uccUxHmsY=";
};
meta = {
description = "Syntax highlighting support for testscript";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=twpayne.vscode-testscript";
homepage = "https://github.com/twpayne/vscode-testscript";
license = lib.licenses.mit;
};
};
twxs.cmake = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "cmake";

View File

@ -63,7 +63,7 @@ stdenv.mkDerivation ({
install -Dt ${coreDir} ${coreFilename}
makeWrapper ${retroarch}/bin/retroarch $out/bin/${mainProgram} \
--add-flags "-L ${coreDir}/${coreFilename} $@"
--add-flags "-L ${coreDir}/${coreFilename}"
runHook postInstall
'';

View File

@ -3,6 +3,7 @@
bison, flex, fontforge, makeWrapper, pkg-config,
nixosTests,
supportFlags,
wineRelease,
patches,
moltenvk,
buildScript ? null, configureFlags ? [], mainProgram ? "wine"
@ -46,7 +47,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (buildScript != null) {
}) // rec {
inherit version src;
pname = prevName + lib.optionalString supportFlags.waylandSupport "-wayland";
pname = prevName + lib.optionalString (wineRelease == "wayland") "-wayland";
# Fixes "Compiler cannot create executables" building wineWow with mingwSupport
strictDeps = true;

View File

@ -36,7 +36,7 @@
sdlSupport ? false,
usbSupport ? false,
mingwSupport ? wineRelease != "stable",
waylandSupport ? wineRelease == "wayland",
waylandSupport ? stdenv.isLinux,
x11Support ? stdenv.isLinux,
embedInstallers ? false, # The Mono and Gecko MSI installers
moltenvk ? darwin.moltenvk # Allow users to override MoltenVK easily

View File

@ -8,7 +8,7 @@ let
in with src; {
wine32 = pkgsi686Linux.callPackage ./base.nix {
pname = "wine";
inherit src version supportFlags patches moltenvk;
inherit src version supportFlags patches moltenvk wineRelease;
pkgArches = [ pkgsi686Linux ];
geckos = [ gecko32 ];
mingwGccs = with pkgsCross; [ mingw32.buildPackages.gcc ];
@ -17,7 +17,7 @@ in with src; {
};
wine64 = callPackage ./base.nix {
pname = "wine64";
inherit src version supportFlags patches moltenvk;
inherit src version supportFlags patches moltenvk wineRelease;
pkgArches = [ pkgs ];
mingwGccs = with pkgsCross; [ mingwW64.buildPackages.gcc ];
geckos = [ gecko64 ];
@ -28,7 +28,7 @@ in with src; {
};
wineWow = callPackage ./base.nix {
pname = "wine-wow";
inherit src version supportFlags patches moltenvk;
inherit src version supportFlags patches moltenvk wineRelease;
stdenv = stdenv_32bit;
pkgArches = [ pkgs pkgsi686Linux ];
geckos = [ gecko32 gecko64 ];
@ -44,7 +44,8 @@ in with src; {
};
wineWow64 = callPackage ./base.nix {
pname = "wine-wow64";
inherit src version supportFlags patches moltenvk;
inherit src version patches moltenvk wineRelease;
supportFlags = supportFlags // { mingwSupport = true; }; # Required because we request "--enable-archs=x86_64"
pkgArches = [ pkgs ];
mingwGccs = with pkgsCross; [ mingw32.buildPackages.gcc mingwW64.buildPackages.gcc ];
geckos = [ gecko64 ];

View File

@ -24,27 +24,27 @@ let fetchurl = args@{url, hash, ...}:
in rec {
stable = fetchurl rec {
version = "8.0.2";
url = "https://dl.winehq.org/wine/source/8.0/wine-${version}.tar.xz";
hash = "sha256-bsj7byxy1XbLEfUrL41Zr2RASAIVRlHRIrmEZtkdyEc=";
version = "9.0";
url = "https://dl.winehq.org/wine/source/9.0/wine-${version}.tar.xz";
hash = "sha256-fP0JClOV9bdtlbtd76yKMSyN5MBwwRY7i1jaODMMpu4=";
## see http://wiki.winehq.org/Gecko
gecko32 = fetchurl rec {
version = "2.47.3";
version = "2.47.4";
url = "https://dl.winehq.org/wine/wine-gecko/${version}/wine-gecko-${version}-x86.msi";
hash = "sha256-5bmwbTzjVWRqjS5y4ETjfh4MjRhGTrGYWtzRh6f0jgE=";
hash = "sha256-Js7MR3BrCRkI9/gUvdsHTGG+uAYzGOnvxaf3iYV3k9Y=";
};
gecko64 = fetchurl rec {
version = "2.47.3";
version = "2.47.4";
url = "https://dl.winehq.org/wine/wine-gecko/${version}/wine-gecko-${version}-x86_64.msi";
hash = "sha256-pT7pVDkrbR/j1oVF9uTiqXr7yNyLA6i0QzSVRc4TlnU=";
hash = "sha256-5ZC32YijLWqkzx2Ko6o9M3Zv3Uz0yJwtzCCV7LKNBm8=";
};
## see http://wiki.winehq.org/Mono
mono = fetchurl rec {
version = "7.4.0";
version = "8.1.0";
url = "https://dl.winehq.org/wine/wine-mono/${version}/wine-mono-${version}-x86.msi";
hash = "sha256-ZBP/Mo679+x2icZI/rNUbYEC3thlB50fvwMxsUs6sOw=";
hash = "sha256-DtPsUzrvebLzEhVZMc97EIAAmsDFtMK8/rZ4rJSOCBA=";
};
patches = [
@ -69,9 +69,9 @@ in rec {
unstable = fetchurl rec {
# NOTE: Don't forget to change the hash for staging as well.
version = "9.0-rc1";
version = "9.0";
url = "https://dl.winehq.org/wine/source/9.0/wine-${version}.tar.xz";
hash = "sha256-GDd3V74ffxeGzopWqET2ZXKIH/z3RcC0yjTwmmDi8zA=";
hash = "sha256-fP0JClOV9bdtlbtd76yKMSyN5MBwwRY7i1jaODMMpu4=";
inherit (stable) patches;
## see http://wiki.winehq.org/Gecko
@ -117,7 +117,7 @@ in rec {
staging = fetchFromGitHub rec {
# https://github.com/wine-staging/wine-staging/releases
inherit (unstable) version;
hash = "sha256-jjy4r9VEJsU7FJ7RmE8+cgHTAkZVGruNUD5hzmGSB8c=";
hash = "sha256-lE/95OZigifreaRRCPkvA+Z0FqsBmm018jD6leSysXU=";
owner = "wine-staging";
repo = "wine-staging";
rev = "v${version}";
@ -157,8 +157,8 @@ in rec {
winetricks = fetchFromGitHub rec {
# https://github.com/Winetricks/winetricks/releases
version = "20230212";
hash = "sha256-pd37QTcqY5ZaVBssGecuqziOIq1p0JH0ZDB+oLmp9JU=";
version = "20240105";
hash = "sha256-YTEgb19aoM54KK8/IjrspoChzVnWAEItDlTxpfpS52w=";
owner = "Winetricks";
repo = "winetricks";
rev = version;

View File

@ -1,26 +1,48 @@
{ lib, stdenv, fetchFromGitHub, cmake, vtk_9, libX11, libGL, Cocoa, OpenGL }:
{ lib
, stdenv
, fetchFromGitHub
, cmake
, help2man
, gzip
, vtk_9
, autoPatchelfHook
, libX11
, libGL
, Cocoa
, OpenGL
}:
stdenv.mkDerivation rec {
pname = "f3d";
version = "2.2.1";
version = "2.3.0";
outputs = [ "out" "man" ];
src = fetchFromGitHub {
owner = "f3d-app";
repo = "f3d";
rev = "refs/tags/v${version}";
hash = "sha256-3Pg8uvrUGPKPmsn24q5HPMg9dgvukAXBgSVTW0NiCME=";
hash = "sha256-pr2xuCy5yoUuj2cjkTh3Xwpg3g7zBspjErEi5luRD6Y=";
};
nativeBuildInputs = [ cmake ];
nativeBuildInputs = [
cmake
help2man
gzip
# https://github.com/f3d-app/f3d/pull/1217
autoPatchelfHook
];
buildInputs = [ vtk_9 ] ++ lib.optionals stdenv.isDarwin [ Cocoa OpenGL ];
# conflict between VTK and Nixpkgs;
# see https://github.com/NixOS/nixpkgs/issues/89167
cmakeFlags = [
# conflict between VTK and Nixpkgs;
# see https://github.com/NixOS/nixpkgs/issues/89167
"-DCMAKE_INSTALL_LIBDIR=lib"
"-DCMAKE_INSTALL_INCLUDEDIR=include"
"-DCMAKE_INSTALL_BINDIR=bin"
"-DF3D_LINUX_GENERATE_MAN=ON"
];
meta = with lib; {
@ -28,11 +50,7 @@ stdenv.mkDerivation rec {
homepage = "https://f3d-app.github.io/f3d";
changelog = "https://github.com/f3d-app/f3d/releases/tag/v${version}";
license = licenses.bsd3;
maintainers = with maintainers; [ bcdarwin ];
maintainers = with maintainers; [ bcdarwin pbsds ];
platforms = with platforms; unix;
# As of 2024-01-20, this fails with:
# error while loading shared libraries: libvtkInteractionWidgets.so.1: cannot open shared object file: No such file or directory
# Tracking issue: https://github.com/NixOS/nixpkgs/issues/262328
broken = true;
};
}

View File

@ -1,14 +1,9 @@
{ lib
, fetchurl
, gnustep
, llvmPackages_9
}:
let
# Earlier llvm than 9 segfaults
gnustep' = gnustep.override { llvmPackages = llvmPackages_9; };
in gnustep'.gsmakeDerivation rec {
gnustep.gsmakeDerivation rec {
pname = "pikopixel";
version = "1.0-b10";
@ -20,9 +15,9 @@ in gnustep'.gsmakeDerivation rec {
sourceRoot = "PikoPixel.Sources.${version}/PikoPixel";
buildInputs = [
gnustep'.base
gnustep'.gui
gnustep'.back
gnustep.base
gnustep.gui
gnustep.back
];
# Fix the Exec and Icon paths in the .desktop file, and save the file in the

View File

@ -79,6 +79,7 @@ stdenv.mkDerivation rec {
"-Wno-deprecated-declarations"
"-Wno-unused-result"
];
env.CXXFLAGS = "-include cstdint"; # needed at least with gcc13 on aarch64-linux
postInstall = lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications/RawTherapee.app $out/bin

View File

@ -2,14 +2,14 @@
rustPlatform.buildRustPackage rec {
pname = "lscolors";
version = "0.16.0";
version = "0.17.0";
src = fetchCrate {
inherit version pname;
hash = "sha256-gLtQIqdU6syTo+Z+P59kIpwEtiGCr/DOom9+jA8Uq98=";
hash = "sha256-efkSiwxL7sZIwFXJZunddAb4lTOfhj8oOEOUW3kyRXI=";
};
cargoHash = "sha256-OA9iYGwKElvRaKoyelH9w5ZphoLKrbk8VXwZ2NyLLQY=";
cargoHash = "sha256-1Cyg4WT4xYqc3s5AOXR9GfcS3qKOgscYujGXR9fzuCA=";
buildFeatures = [ "nu-ansi-term" ];

View File

@ -30,8 +30,8 @@ let
inherit patches;
};
beta = {
version = "2.5.59.3";
sha256 = "sha256-chHKEEMN0Dllebk7zQDg7mf2BU441RlSyXvXgiCmgA4=";
version = "2.5.59.6";
sha256 = "sha256-4ivhkcvVw5NlPsDz3J840aWc0qnp/XzCnTTCICwi3/c=";
inherit patches;
};
};

View File

@ -2,13 +2,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "tippecanoe";
version = "2.41.0";
version = "2.41.2";
src = fetchFromGitHub {
owner = "felt";
repo = "tippecanoe";
rev = finalAttrs.version;
hash = "sha256-tuoSRZ2vSMWwvKFac7x67q+maYoDx7CfpfGfA8NLAnA=";
hash = "sha256-d5+0/+4NaW7BBYsRZ3WK8BJYVpUZUmwtvzjfBhS9lcc=";
};
buildInputs = [ sqlite zlib ];

View File

@ -21,13 +21,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "variety";
version = "0.8.11";
version = "0.8.12";
src = fetchFromGitHub {
owner = "varietywalls";
repo = "variety";
rev = "refs/tags/${version}";
hash = "sha256-JdfFzlfj1J5gx11MfOqIdzvBiheWBaGLxg5jCvvsrp8=";
hash = "sha256-FjnhV7vzRPVDCgUNK8CHo3arKXuwe+3xH/5AxCVgeIY=";
};
nativeBuildInputs = [

View File

@ -6,7 +6,7 @@
, makeWrapper
}:
let
version = "2.9.0";
version = "2.10.0";
in
rustPlatform.buildRustPackage {
pname = "wallust";
@ -17,10 +17,10 @@ rustPlatform.buildRustPackage {
owner = "explosion-mental";
repo = "wallust";
rev = version;
hash = "sha256-AuZRt02bFr7GzI7qe4giGgjlXK/WX+gmF4+QwD0ChXk=";
hash = "sha256-0kPmr7/2uVncpCGVOeIkYlm2M0n9+ypVl7bQ9HnqLb4=";
};
cargoHash = "sha256-O9w18ae83mgF3zjk0WUMeu16Ap7CF2ubuPnOqeCt4Nw=";
cargoHash = "sha256-p1NKEppBYLdCsTY7FHPzaGladLv5HqIVNJxSoFJOx50=";
nativeBuildInputs = [ makeWrapper ];

View File

@ -1,5 +1,4 @@
{ lib
, writeText
, flutter
, python3
, fetchFromGitHub
@ -14,13 +13,13 @@
flutter.buildFlutterApplication rec {
pname = "yubioath-flutter";
version = "6.2.0";
version = "6.3.1";
src = fetchFromGitHub {
owner = "Yubico";
repo = "yubioath-flutter";
rev = version;
hash = "sha256-NgzijuvyWNl9sFQzq1Jzk1povF8c/rKuVyVKeve+Vic=";
hash = "sha256-XgRIX2Iv5niJw2NSBPwM0K4uF5sPj9c+Xj4oHtAQSbU=";
};
passthru.helper = python3.pkgs.callPackage ./helper.nix { inherit src version meta; };
@ -29,9 +28,6 @@ flutter.buildFlutterApplication rec {
postPatch = ''
rm -f pubspec.lock
ln -s "${writeText "${pname}-overrides.yaml" (builtins.toJSON {
dependency_overrides.intl = "^0.18.1";
})}" pubspec_overrides.yaml
substituteInPlace linux/CMakeLists.txt \
--replace "../build/linux/helper" "${passthru.helper}/libexec/helper"
@ -60,16 +56,17 @@ flutter.buildFlutterApplication rec {
# Symlink binary.
ln -sf "$out/app/authenticator" "$out/bin/yubioath-flutter"
# Needed for QR scanning to work.
wrapProgram "$out/bin/yubioath-flutter" \
--prefix PATH : ${lib.makeBinPath [ gnome.gnome-screenshot ]}
# Set the correct path to the binary in desktop file.
substituteInPlace "$out/share/applications/com.yubico.authenticator.desktop" \
--replace "@EXEC_PATH/authenticator" "$out/bin/yubioath-flutter" \
--replace "@EXEC_PATH/linux_support/com.yubico.yubioath.png" "$out/share/icons/com.yubico.yubioath.png"
'';
# Needed for QR scanning to work
extraWrapProgramArgs = ''
--prefix PATH : ${lib.makeBinPath [ gnome.gnome-screenshot ]}
'';
nativeBuildInputs = [
makeWrapper
removeReferencesTo

View File

@ -1,12 +1,10 @@
{ buildPythonApplication
, python3
, poetry-core
, yubikey-manager
, fido2
, mss
, zxing-cpp
, pillow
, cryptography
, poetry-core
, pythonRelaxDepsHook
, src
, version
@ -17,11 +15,13 @@ buildPythonApplication {
pname = "yubioath-flutter-helper";
inherit src version meta;
pyproject = true;
sourceRoot = "${src.name}/helper";
format = "pyproject";
nativeBuildInputs = [
python3.pkgs.pythonRelaxDepsHook
poetry-core
pythonRelaxDepsHook
];
pythonRelaxDeps = true;
@ -39,12 +39,9 @@ buildPythonApplication {
'';
propagatedBuildInputs = [
poetry-core
yubikey-manager
fido2
mss
zxing-cpp
pillow
cryptography
];
}

View File

@ -11,7 +11,7 @@
"version": "64.0.0"
},
"analyzer": {
"dependency": "transitive",
"dependency": "direct dev",
"description": {
"name": "analyzer",
"sha256": "69f54f967773f6c26c7dcb13e93d7ccee8b17a641689da39e878d5cf13b06893",
@ -20,18 +20,28 @@
"source": "hosted",
"version": "6.2.0"
},
"analyzer_plugin": {
"dependency": "direct dev",
"description": {
"name": "analyzer_plugin",
"sha256": "9661b30b13a685efaee9f02e5d01ed9f2b423bd889d28a304d02d704aee69161",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.11.3"
},
"archive": {
"dependency": "direct main",
"description": {
"name": "archive",
"sha256": "0c8368c9b3f0abbc193b9d6133649a614204b528982bebc7026372d61677ce3a",
"sha256": "22600aa1e926be775fa5fe7e6894e7fb3df9efda8891c73f70fb3262399a432d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.3.7"
"version": "3.4.10"
},
"args": {
"dependency": "transitive",
"dependency": "direct main",
"description": {
"name": "args",
"sha256": "eef6c46b622e0494a36c5a12d10d77fb4e855501a91c1b9ef9339326e58f0596",
@ -50,6 +60,16 @@
"source": "hosted",
"version": "2.11.0"
},
"base32": {
"dependency": "direct main",
"description": {
"name": "base32",
"sha256": "ddad4ebfedf93d4500818ed8e61443b734ffe7cf8a45c668c9b34ef6adde02e2",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.3"
},
"boolean_selector": {
"dependency": "transitive",
"description": {
@ -84,41 +104,41 @@
"dependency": "transitive",
"description": {
"name": "build_daemon",
"sha256": "5f02d73eb2ba16483e693f80bee4f088563a820e47d1027d4cdfe62b5bb43e65",
"sha256": "0343061a33da9c5810b2d6cee51945127d8f4c060b7fbdd9d54917f0a3feaaa1",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.0.0"
"version": "4.0.1"
},
"build_resolvers": {
"dependency": "transitive",
"description": {
"name": "build_resolvers",
"sha256": "6c4dd11d05d056e76320b828a1db0fc01ccd376922526f8e9d6c796a5adbac20",
"sha256": "339086358431fa15d7eca8b6a36e5d783728cf025e559b834f4609a1fcfb7b0a",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.1"
"version": "2.4.2"
},
"build_runner": {
"dependency": "direct dev",
"description": {
"name": "build_runner",
"sha256": "10c6bcdbf9d049a0b666702cf1cee4ddfdc38f02a19d35ae392863b47519848b",
"sha256": "581bacf68f89ec8792f5e5a0b2c4decd1c948e97ce659dc783688c8a88fbec21",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.6"
"version": "2.4.8"
},
"build_runner_core": {
"dependency": "transitive",
"description": {
"name": "build_runner_core",
"sha256": "6d6ee4276b1c5f34f21fdf39425202712d2be82019983d52f351c94aafbc2c41",
"sha256": "c9e32d21dd6626b5c163d48b037ce906bbe428bc23ab77bcd77bb21e593b6185",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "7.2.10"
"version": "7.2.11"
},
"built_collection": {
"dependency": "transitive",
@ -134,11 +154,11 @@
"dependency": "transitive",
"description": {
"name": "built_value",
"sha256": "ff627b645b28fb8bdb69e645f910c2458fd6b65f6585c3a53e0626024897dedf",
"sha256": "c9aabae0718ec394e5bc3c7272e6bb0dc0b32201a08fe185ec1d8401d3e39309",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "8.6.2"
"version": "8.8.1"
},
"characters": {
"dependency": "transitive",
@ -160,6 +180,26 @@
"source": "hosted",
"version": "2.0.3"
},
"ci": {
"dependency": "transitive",
"description": {
"name": "ci",
"sha256": "145d095ce05cddac4d797a158bc4cf3b6016d1fe63d8c3d2fbd7212590adca13",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.1.0"
},
"cli_util": {
"dependency": "transitive",
"description": {
"name": "cli_util",
"sha256": "c05b7406fdabc7a49a3929d4af76bcaccbbffcbcdcf185b082e1ae07da323d19",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.4.1"
},
"clock": {
"dependency": "transitive",
"description": {
@ -174,24 +214,24 @@
"dependency": "transitive",
"description": {
"name": "code_builder",
"sha256": "4ad01d6e56db961d29661561effde45e519939fdaeb46c351275b182eac70189",
"sha256": "f692079e25e7869c14132d39f223f8eec9830eb76131925143b2129c4bb01b37",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.5.0"
"version": "4.10.0"
},
"collection": {
"dependency": "direct main",
"description": {
"name": "collection",
"sha256": "f092b211a4319e98e5ff58223576de6c2803db36221657b46c82574721240687",
"sha256": "ee67cb0715911d28db6bf4af1026078bd6f0128b07a5f66fb2ed94ec6783c09a",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.17.2"
"version": "1.18.0"
},
"convert": {
"dependency": "transitive",
"dependency": "direct main",
"description": {
"name": "convert",
"sha256": "0f08b14755d163f6e2134cb58222dd25ea2a2ee8a195e53983d57c075324d592",
@ -204,11 +244,11 @@
"dependency": "transitive",
"description": {
"name": "cross_file",
"sha256": "0b0036e8cccbfbe0555fd83c1d31a6f30b77a96b598b35a5d36dd41f718695e9",
"sha256": "fedaadfa3a6996f75211d835aaeb8fede285dae94262485698afd832371b9a5e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.3.3+4"
"version": "0.3.3+8"
},
"crypto": {
"dependency": "direct main",
@ -220,25 +260,55 @@
"source": "hosted",
"version": "3.0.3"
},
"custom_lint": {
"dependency": "direct dev",
"description": {
"name": "custom_lint",
"sha256": "dfb893ff17c83cf08676c6b64df11d3e53d80590978d7c1fb242afff3ba6dedb",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.5.8"
},
"custom_lint_builder": {
"dependency": "direct dev",
"description": {
"name": "custom_lint_builder",
"sha256": "8df6634b38a36a6c6cb74a9c0eb02e9ba0b0ab89b29e38e6daa86e8ed2c6288d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.5.8"
},
"custom_lint_core": {
"dependency": "transitive",
"description": {
"name": "custom_lint_core",
"sha256": "2b235be098d157e244f18ea905a15a18c16a205e30553888fac6544bbf52f03f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.5.8"
},
"dart_style": {
"dependency": "transitive",
"description": {
"name": "dart_style",
"sha256": "1efa911ca7086affd35f463ca2fc1799584fb6aa89883cf0af8e3664d6a02d55",
"sha256": "40ae61a5d43feea6d24bd22c0537a6629db858963b99b4bc1c3db80676f32368",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.3.4"
},
"desktop_drop": {
"dependency": "direct main",
"description": {
"name": "desktop_drop",
"sha256": "ebba9c9cb0b54385998a977d741cc06fd8324878c08d5a36e9da61cd56b04cc6",
"sha256": "d55a010fe46c8e8fcff4ea4b451a9ff84a162217bdb3b2a0aa1479776205e15d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.4.3"
"version": "0.4.4"
},
"fake_async": {
"dependency": "transitive",
@ -274,11 +344,11 @@
"dependency": "direct main",
"description": {
"name": "file_picker",
"sha256": "bdfa035a974a0c080576c4c8ed01cdf9d1b406a04c7daa05443ef0383a97bedc",
"sha256": "4e42aacde3b993c5947467ab640882c56947d9d27342a5b6f2895b23956954a6",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "5.3.4"
"version": "6.1.1"
},
"fixnum": {
"dependency": "transitive",
@ -306,11 +376,11 @@
"dependency": "direct dev",
"description": {
"name": "flutter_lints",
"sha256": "2118df84ef0c3ca93f96123a616ae8540879991b8b57af2f81b76a7ada49b2a4",
"sha256": "e2a421b7e59244faef694ba7b30562e489c2b489866e505074eb005cd7060db7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.0.2"
"version": "3.0.1"
},
"flutter_localizations": {
"dependency": "direct main",
@ -322,21 +392,21 @@
"dependency": "transitive",
"description": {
"name": "flutter_plugin_android_lifecycle",
"sha256": "950e77c2bbe1692bc0874fc7fb491b96a4dc340457f4ea1641443d0a6c1ea360",
"sha256": "b068ffc46f82a55844acfa4fdbb61fad72fa2aef0905548419d97f0f95c456da",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.0.15"
"version": "2.0.17"
},
"flutter_riverpod": {
"dependency": "direct main",
"description": {
"name": "flutter_riverpod",
"sha256": "b3c3a8a9714b7f88dd2a41e1efbc47f76d620b06ab427c62ae7bc82298cd7dbb",
"sha256": "da9591d1f8d5881628ccd5c25c40e74fc3eef50ba45e40c3905a06e1712412d5",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.4.9"
},
"flutter_test": {
"dependency": "direct dev",
@ -354,11 +424,11 @@
"dependency": "direct dev",
"description": {
"name": "freezed",
"sha256": "83462cfc33dc9680533a7f3a4a6ab60aa94f287db5f4ee6511248c22833c497f",
"sha256": "6c5031daae12c7072b3a87eff98983076434b4889ef2a44384d0cae3f82372ba",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.2"
"version": "2.4.6"
},
"freezed_annotation": {
"dependency": "direct main",
@ -406,6 +476,16 @@
"source": "hosted",
"version": "2.3.1"
},
"hotreloader": {
"dependency": "transitive",
"description": {
"name": "hotreloader",
"sha256": "94ee21a60ea2836500799f3af035dc3212b1562027f1e0031c14e087f0231449",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.1.0"
},
"http_multi_server": {
"dependency": "transitive",
"description": {
@ -443,7 +523,7 @@
"version": "0.18.1"
},
"io": {
"dependency": "transitive",
"dependency": "direct main",
"description": {
"name": "io",
"sha256": "2ec25704aba361659e10e3e5f5d672068d332fc8ac516421d483a11e5cbd061e",
@ -456,11 +536,11 @@
"dependency": "transitive",
"description": {
"name": "js",
"sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3",
"sha256": "4186c61b32f99e60f011f7160e32c89a758ae9b1d0c6d28e2c02ef0382300e2b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.7"
"version": "0.7.0"
},
"json_annotation": {
"dependency": "direct main",
@ -482,15 +562,24 @@
"source": "hosted",
"version": "6.7.1"
},
"lint": {
"dependency": "direct dev",
"description": {
"path": "lint",
"relative": true
},
"source": "path",
"version": "1.0.0"
},
"lints": {
"dependency": "transitive",
"description": {
"name": "lints",
"sha256": "0a217c6c989d21039f1498c3ed9f3ed71b354e69873f13a8dfc3c9fe76f1b452",
"sha256": "cbf8d4b858bb0134ef3ef87841abdf8d63bfc255c266b7bf6b39daa1085c4290",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.1"
"version": "3.0.0"
},
"local_notifier": {
"dependency": "direct main",
@ -546,11 +635,11 @@
"dependency": "transitive",
"description": {
"name": "meta",
"sha256": "3c74dbf8763d36539f114c799d8a2d87343b5067e9d796ca22b5eb8437090ee3",
"sha256": "a6e590c838b18133bb482a2745ad77c5bb7715fb0451209e1a7567d416678b8e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.9.1"
"version": "1.10.0"
},
"mime": {
"dependency": "transitive",
@ -596,101 +685,101 @@
"dependency": "direct main",
"description": {
"name": "path_provider",
"sha256": "909b84830485dbcd0308edf6f7368bc8fd76afa26a270420f34cabea2a6467a0",
"sha256": "b27217933eeeba8ff24845c34003b003b2b22151de3c908d0e679e8fe1aa078b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.0"
"version": "2.1.2"
},
"path_provider_android": {
"dependency": "transitive",
"description": {
"name": "path_provider_android",
"sha256": "5d44fc3314d969b84816b569070d7ace0f1dea04bd94a83f74c4829615d22ad8",
"sha256": "477184d672607c0a3bf68fbbf601805f92ef79c82b64b4d6eb318cbca4c48668",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.0"
"version": "2.2.2"
},
"path_provider_foundation": {
"dependency": "transitive",
"description": {
"name": "path_provider_foundation",
"sha256": "1b744d3d774e5a879bb76d6cd1ecee2ba2c6960c03b1020cd35212f6aa267ac5",
"sha256": "5a7999be66e000916500be4f15a3633ebceb8302719b47b9cc49ce924125350f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.0"
"version": "2.3.2"
},
"path_provider_linux": {
"dependency": "transitive",
"description": {
"name": "path_provider_linux",
"sha256": "ba2b77f0c52a33db09fc8caf85b12df691bf28d983e84cf87ff6d693cfa007b3",
"sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
"version": "2.2.1"
},
"path_provider_platform_interface": {
"dependency": "transitive",
"description": {
"name": "path_provider_platform_interface",
"sha256": "bced5679c7df11190e1ddc35f3222c858f328fff85c3942e46e7f5589bf9eb84",
"sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.0"
"version": "2.1.2"
},
"path_provider_windows": {
"dependency": "transitive",
"description": {
"name": "path_provider_windows",
"sha256": "ee0e0d164516b90ae1f970bdf29f726f1aa730d7cfc449ecc74c495378b705da",
"sha256": "8bc9f22eee8690981c22aa7fc602f5c85b497a6fb2ceb35ee5a5e5ed85ad8170",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
"version": "2.2.1"
},
"petitparser": {
"dependency": "transitive",
"description": {
"name": "petitparser",
"sha256": "cb3798bef7fc021ac45b308f4b51208a152792445cce0448c9a4ba5879dd8750",
"sha256": "c15605cd28af66339f8eb6fbe0e541bfe2d1b72d5825efc6598f3e0a31b9ad27",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "5.4.0"
"version": "6.0.2"
},
"platform": {
"dependency": "transitive",
"description": {
"name": "platform",
"sha256": "4a451831508d7d6ca779f7ac6e212b4023dd5a7d08a27a63da33756410e32b76",
"sha256": "ae68c7bfcd7383af3629daafb32fb4e8681c7154428da4febcff06200585f102",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.1.0"
"version": "3.1.2"
},
"plugin_platform_interface": {
"dependency": "transitive",
"description": {
"name": "plugin_platform_interface",
"sha256": "43798d895c929056255600343db8f049921cbec94d31ec87f1dc5c16c01935dd",
"sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.5"
"version": "2.1.8"
},
"pointycastle": {
"dependency": "transitive",
"description": {
"name": "pointycastle",
"sha256": "7c1e5f0d23c9016c5bbd8b1473d0d3fb3fc851b876046039509e18e0c7485f2c",
"sha256": "43ac87de6e10afabc85c445745a7b799e04de84cebaa4fd7bf55a5e1e9604d29",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.7.3"
"version": "3.7.4"
},
"pool": {
"dependency": "transitive",
@ -745,11 +834,21 @@
"dependency": "transitive",
"description": {
"name": "riverpod",
"sha256": "b0fbf7927333c5c318f7e2c22c8b4fd2542ba294de0373e80ecdb34e0dcd8dc4",
"sha256": "942999ee48b899f8a46a860f1e13cee36f2f77609eb54c5b7a669bb20d550b11",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.4.9"
},
"rxdart": {
"dependency": "transitive",
"description": {
"name": "rxdart",
"sha256": "0c7c0cedd93788d996e33041ffecda924cc54389199cde4e6a34b440f50044cb",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.27.7"
},
"screen_retriever": {
"dependency": "direct main",
@ -765,71 +864,71 @@
"dependency": "direct main",
"description": {
"name": "shared_preferences",
"sha256": "0344316c947ffeb3a529eac929e1978fcd37c26be4e8468628bac399365a3ca1",
"sha256": "81429e4481e1ccfb51ede496e916348668fd0921627779233bd24cc3ff6abd02",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
"version": "2.2.2"
},
"shared_preferences_android": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_android",
"sha256": "fe8401ec5b6dcd739a0fe9588802069e608c3fdbfd3c3c93e546cf2f90438076",
"sha256": "8568a389334b6e83415b6aae55378e158fbc2314e074983362d20c562780fb06",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
"version": "2.2.1"
},
"shared_preferences_foundation": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_foundation",
"sha256": "d29753996d8eb8f7619a1f13df6ce65e34bc107bef6330739ed76f18b22310ef",
"sha256": "7708d83064f38060c7b39db12aefe449cb8cdc031d6062280087bc4cdb988f5c",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.3"
"version": "2.3.5"
},
"shared_preferences_linux": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_linux",
"sha256": "71d6806d1449b0a9d4e85e0c7a917771e672a3d5dc61149cc9fac871115018e1",
"sha256": "9f2cbcf46d4270ea8be39fa156d86379077c8a5228d9dfdb1164ae0bb93f1faa",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.0"
"version": "2.3.2"
},
"shared_preferences_platform_interface": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_platform_interface",
"sha256": "23b052f17a25b90ff2b61aad4cc962154da76fb62848a9ce088efe30d7c50ab1",
"sha256": "22e2ecac9419b4246d7c22bfbbda589e3acf5c0351137d87dd2939d984d37c3b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.0"
"version": "2.3.2"
},
"shared_preferences_web": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_web",
"sha256": "7347b194fb0bbeb4058e6a4e87ee70350b6b2b90f8ac5f8bd5b3a01548f6d33a",
"sha256": "7b15ffb9387ea3e237bb7a66b8a23d2147663d391cafc5c8f37b2e7b4bde5d21",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
"version": "2.2.2"
},
"shared_preferences_windows": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_windows",
"sha256": "f95e6a43162bce43c9c3405f3eb6f39e5b5d11f65fab19196cf8225e2777624d",
"sha256": "841ad54f3c8381c480d0c9b508b89a34036f512482c407e6df7a9c4aa2ef8f59",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.0"
"version": "2.3.2"
},
"shelf": {
"dependency": "transitive",
@ -871,11 +970,11 @@
"dependency": "transitive",
"description": {
"name": "source_gen",
"sha256": "fc0da689e5302edb6177fdd964efcb7f58912f43c28c2047a808f5bfff643d16",
"sha256": "14658ba5f669685cd3d63701d01b31ea748310f7ab854e471962670abcf57832",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.4.0"
"version": "1.5.0"
},
"source_helper": {
"dependency": "transitive",
@ -901,31 +1000,31 @@
"dependency": "transitive",
"description": {
"name": "stack_trace",
"sha256": "c3c7d8edb15bee7f0f74debd4b9c5f3c2ea86766fe4178eb2a18eb30a0bdaed5",
"sha256": "73713990125a6d93122541237550ee3352a2d84baad52d375a4cad2eb9b7ce0b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.11.0"
"version": "1.11.1"
},
"state_notifier": {
"dependency": "transitive",
"description": {
"name": "state_notifier",
"sha256": "8fe42610f179b843b12371e40db58c9444f8757f8b69d181c97e50787caed289",
"sha256": "b8677376aa54f2d7c58280d5a007f9e8774f1968d1fb1c096adcb4792fba29bb",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.7.2+1"
"version": "1.0.0"
},
"stream_channel": {
"dependency": "transitive",
"description": {
"name": "stream_channel",
"sha256": "83615bee9045c1d322bbbd1ba209b7a749c2cbcdcb3fdd1df8eb488b3279c1c8",
"sha256": "ba2aa5d8cc609d96bbb2899c28934f9e1af5cddbd60a827822ea467161eb54e7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.1"
"version": "2.1.2"
},
"stream_transform": {
"dependency": "transitive",
@ -971,11 +1070,20 @@
"dependency": "transitive",
"description": {
"name": "test_api",
"sha256": "75760ffd7786fffdfb9597c35c5b27eaeec82be8edfb6d71d32651128ed7aab8",
"sha256": "5c2f730018264d276c20e4f1503fd1308dfbbae39ec8ee63c5236311ac06954b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.0"
"version": "0.6.1"
},
"test_res": {
"dependency": "direct dev",
"description": {
"path": "integration_test/test_res",
"relative": true
},
"source": "path",
"version": "0.0.0"
},
"timing": {
"dependency": "transitive",
@ -991,11 +1099,11 @@
"dependency": "direct main",
"description": {
"name": "tray_manager",
"sha256": "b1975a05e0c6999e983cf9a58a6a098318c896040ccebac5398a3cc9e43b9c69",
"sha256": "4ab709d70a4374af172f8c39e018db33a4271265549c6fc9d269a65e5f4b0225",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.2.0"
"version": "0.2.1"
},
"typed_data": {
"dependency": "transitive",
@ -1011,81 +1119,81 @@
"dependency": "direct main",
"description": {
"name": "url_launcher",
"sha256": "781bd58a1eb16069412365c98597726cd8810ae27435f04b3b4d3a470bacd61e",
"sha256": "d25bb0ca00432a5e1ee40e69c36c85863addf7cc45e433769d61bed3fe81fd96",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.1.12"
"version": "6.2.3"
},
"url_launcher_android": {
"dependency": "transitive",
"description": {
"name": "url_launcher_android",
"sha256": "3dd2388cc0c42912eee04434531a26a82512b9cb1827e0214430c9bcbddfe025",
"sha256": "507dc655b1d9cb5ebc756032eb785f114e415f91557b73bf60b7e201dfedeb2f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.0.38"
"version": "6.2.2"
},
"url_launcher_ios": {
"dependency": "transitive",
"description": {
"name": "url_launcher_ios",
"sha256": "9af7ea73259886b92199f9e42c116072f05ff9bea2dcb339ab935dfc957392c2",
"sha256": "75bb6fe3f60070407704282a2d295630cab232991eb52542b18347a8a941df03",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.1.4"
"version": "6.2.4"
},
"url_launcher_linux": {
"dependency": "transitive",
"description": {
"name": "url_launcher_linux",
"sha256": "207f4ddda99b95b4d4868320a352d374b0b7e05eefad95a4a26f57da413443f5",
"sha256": "ab360eb661f8879369acac07b6bb3ff09d9471155357da8443fd5d3cf7363811",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.5"
"version": "3.1.1"
},
"url_launcher_macos": {
"dependency": "transitive",
"description": {
"name": "url_launcher_macos",
"sha256": "1c4fdc0bfea61a70792ce97157e5cc17260f61abbe4f39354513f39ec6fd73b1",
"sha256": "b7244901ea3cf489c5335bdacda07264a6e960b1c1b1a9f91e4bc371d9e68234",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.6"
"version": "3.1.0"
},
"url_launcher_platform_interface": {
"dependency": "transitive",
"description": {
"name": "url_launcher_platform_interface",
"sha256": "bfdfa402f1f3298637d71ca8ecfe840b4696698213d5346e9d12d4ab647ee2ea",
"sha256": "a932c3a8082e118f80a475ce692fde89dc20fddb24c57360b96bc56f7035de1f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.3"
"version": "2.3.1"
},
"url_launcher_web": {
"dependency": "transitive",
"description": {
"name": "url_launcher_web",
"sha256": "cc26720eefe98c1b71d85f9dc7ef0cada5132617046369d9dc296b3ecaa5cbb4",
"sha256": "fff0932192afeedf63cdd50ecbb1bc825d31aed259f02bb8dba0f3b729a5e88b",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.0.18"
"version": "2.2.3"
},
"url_launcher_windows": {
"dependency": "transitive",
"description": {
"name": "url_launcher_windows",
"sha256": "7967065dd2b5fccc18c653b97958fdf839c5478c28e767c61ee879f4e7882422",
"sha256": "ecf9725510600aa2bb6d7ddabe16357691b6d2805f66216a97d1b881e21beff7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.7"
"version": "3.1.1"
},
"uuid": {
"dependency": "transitive",
@ -1101,31 +1209,31 @@
"dependency": "direct main",
"description": {
"name": "vector_graphics",
"sha256": "670f6e07aca990b4a2bcdc08a784193c4ccdd1932620244c3a86bb72a0eac67f",
"sha256": "18f6690295af52d081f6808f2f7c69f0eed6d7e23a71539d75f4aeb8f0062172",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.1.7"
"version": "1.1.9+2"
},
"vector_graphics_codec": {
"dependency": "transitive",
"description": {
"name": "vector_graphics_codec",
"sha256": "7451721781d967db9933b63f5733b1c4533022c0ba373a01bdd79d1a5457f69f",
"sha256": "531d20465c10dfac7f5cd90b60bbe4dd9921f1ec4ca54c83ebb176dbacb7bb2d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.1.7"
"version": "1.1.9+2"
},
"vector_graphics_compiler": {
"dependency": "direct main",
"description": {
"name": "vector_graphics_compiler",
"sha256": "80a13c613c8bde758b1464a1755a7b3a8f2b6cec61fbf0f5a53c94c30f03ba2e",
"sha256": "03012b0a33775c5530576b70240308080e1d5050f0faf000118c20e6463bc0ad",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.1.7"
"version": "1.1.9+2"
},
"vector_math": {
"dependency": "transitive",
@ -1141,11 +1249,11 @@
"dependency": "transitive",
"description": {
"name": "vm_service",
"sha256": "c620a6f783fa22436da68e42db7ebbf18b8c44b9a46ab911f666ff09ffd9153f",
"sha256": "c538be99af830f478718b51630ec1b6bee5e74e52c8a802d328d9e71d35d2583",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "11.7.1"
"version": "11.10.0"
},
"watcher": {
"dependency": "transitive",
@ -1161,11 +1269,11 @@
"dependency": "transitive",
"description": {
"name": "web",
"sha256": "dc8ccd225a2005c1be616fe02951e2e342092edf968cf0844220383757ef8f10",
"sha256": "afe077240a270dcfd2aafe77602b4113645af95d0ad31128cc02bce5ac5d5152",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.1.4-beta"
"version": "0.3.0"
},
"web_socket_channel": {
"dependency": "transitive",
@ -1191,41 +1299,41 @@
"dependency": "transitive",
"description": {
"name": "win32",
"sha256": "9e82a402b7f3d518fb9c02d0e9ae45952df31b9bf34d77baf19da2de03fc2aaa",
"sha256": "464f5674532865248444b4c3daca12bd9bf2d7c47f759ce2617986e7229494a8",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "5.0.7"
"version": "5.2.0"
},
"window_manager": {
"dependency": "direct main",
"description": {
"name": "window_manager",
"sha256": "6ee795be9124f90660ea9d05e581a466de19e1c89ee74fc4bf528f60c8600edd",
"sha256": "dcc865277f26a7dad263a47d0e405d77e21f12cb71f30333a52710a408690bd7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.3.6"
"version": "0.3.7"
},
"xdg_directories": {
"dependency": "transitive",
"description": {
"name": "xdg_directories",
"sha256": "f0c26453a2d47aa4c2570c6a033246a3fc62da2fe23c7ffdd0a7495086dc0247",
"sha256": "faea9dee56b520b55a566385b84f2e8de55e7496104adada9962e0bd11bcff1d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.0.2"
"version": "1.0.4"
},
"xml": {
"dependency": "transitive",
"description": {
"name": "xml",
"sha256": "5bc72e1e45e941d825fd7468b9b4cc3b9327942649aeb6fc5cdbf135f0a86e84",
"sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.3.0"
"version": "6.5.0"
},
"yaml": {
"dependency": "transitive",
@ -1239,7 +1347,7 @@
}
},
"sdks": {
"dart": ">=3.1.0-185.0.dev <4.0.0",
"flutter": ">=3.10.0"
"dart": ">=3.2.0 <4.0.0",
"flutter": ">=3.16.0"
}
}

View File

@ -92,11 +92,11 @@ in
stdenv.mkDerivation rec {
pname = "brave";
version = "1.61.120";
version = "1.62.153";
src = fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
hash = "sha256-pi33Zkp1CMaoQI9xgcsTo/VNxemHhjzLeQctq/qm5po=";
hash = "sha256-7ifBFWKsegXe0zBdVQO2BiKoBd2zhYX8RYiYcs8v0bg=";
};
dontConfigure = true;

View File

@ -1,15 +1,15 @@
{
"packageVersion": "121.0.1-1",
"packageVersion": "122.0-1",
"source": {
"rev": "121.0.1-1",
"sha256": "15zcrl47w6ib00wai63kks5ykcpfh5wfa0ixxj62v06v50bnd78x"
"rev": "122.0-1",
"sha256": "18b2pfh61cxkl7ww0fi5wjv580ca7i5sshviqym8w0w38lhp7rsv"
},
"settings": {
"rev": "41623492f2b6970972014f6ce196015d3d7f1b59",
"sha256": "0ayyyw44q0gh668bzlv6cfl7baa0818bnz83g53l5j2f10xd52by"
},
"firefox": {
"version": "121.0.1",
"sha512": "7810850a922cb4a274ced6556e14256d3ff518a96f10a0f86d1f8e40daa0a8b1a5cfcc9cbf1391029d920944e94a9149951ee107a0e718a294954bb50b6ced2e"
"version": "122.0",
"sha512": "619b735c16970207f3f8fb31dd2350a5e665a802c30501c89aee4817b8b0f7f466da93c66ab238e94967587e538e6858934b18164ff312dbdbfbc3b2bf8bd824"
}
}

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "atmos";
version = "1.54.0";
version = "1.55.0";
src = fetchFromGitHub {
owner = "cloudposse";
repo = pname;
rev = "v${version}";
sha256 = "sha256-WGOuFqkrX3/5RINdsegTSxJ28W4iEMPuLVrCjtmCkTw=";
sha256 = "sha256-JRvPRlq4H9PcELozlvIE065LSNIxrh/Ej+2GXO8s2x4=";
};
vendorHash = "sha256-kR13BVbjgQoEjb2xwH8LkxLeMp30h6mbWum9RbzzSGE=";
vendorHash = "sha256-YBcVsuBL5n5ycaY1a0uxlDKX7YyrtF16gi17wCK1Jio=";
ldflags = [ "-s" "-w" "-X github.com/cloudposse/atmos/cmd.Version=v${version}" ];

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "fn";
version = "0.6.28";
version = "0.6.29";
src = fetchFromGitHub {
owner = "fnproject";
repo = "cli";
rev = version;
hash = "sha256-/ifr/sSaChZKRe9wCcjURhqZl2/JhIMewZSlJiit/7w=";
hash = "sha256-hN9Kok2+ZNYZsG+3ffzr1jGfIMg99JzgzC0x585KDF4=";
};
vendorHash = null;

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "k9s";
version = "0.31.5";
version = "0.31.7";
src = fetchFromGitHub {
owner = "derailed";
repo = "k9s";
rev = "v${version}";
hash = "sha256-ZNYIGs8oBy4U7y4GiOCcIhnAGRx92V+cQzTE+40QE+A=";
hash = "sha256-DRxS2zhDLAC1pfsHiOEU9Xi7DhKcPwzdI3yw5JbbT18=";
};
ldflags = [
@ -23,7 +23,7 @@ buildGoModule rec {
proxyVendor = true;
vendorHash = "sha256-RXKotLyH97EgfDxQzFSSgATGu96SnfwZyR3WprhwsMM=";
vendorHash = "sha256-7eeGME3KOebYYEJEFrrA+5F8rdtYT18WnRoouGyEMD8=";
# TODO investigate why some config tests are failing
doCheck = !(stdenv.isDarwin && stdenv.isAarch64);

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kn";
version = "1.12.0";
version = "1.13.0";
src = fetchFromGitHub {
owner = "knative";
repo = "client";
rev = "knative-v${version}";
sha256 = "sha256-Xp5PpHIcjh02qesnyrz53yydIAClx0OrBE75Sz5pifg=";
sha256 = "sha256-irMipYDYMyA0l9d7tI1wS7XsxGWjBzTvxmhpKM1gLW8=";
};
vendorHash = null;

View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubecolor";
version = "0.2.0";
version = "0.2.2";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-WDnuEC2uXo7wybOh0wRiKZt70JMrWteWINuZ+C7lbo8=";
sha256 = "sha256-zXglsfPsJi9DVxlRPniSBsdF1xEMYqqGr46ThpQj3gQ=";
};
vendorHash = "sha256-uf7nBnS1wmbz4xcVA5qF82QMPsLdSucje1NNaPyheCw=";
@ -20,6 +20,6 @@ buildGoModule rec {
homepage = "https://github.com/kubecolor/kubecolor";
changelog = "https://github.com/kubecolor/kubecolor/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ ivankovnatsky SuperSandro2000 ];
maintainers = with maintainers; [ ivankovnatsky SuperSandro2000 applejag ];
};
}

Some files were not shown because too many files have changed in this diff Show More